puppet初始化安装和配置(puppet自动化系列1)
一、服务器规划
以下均直接yum安装最新版。
服务器操作系统为centos6.2
Puppetmaster1 10.168.32.116 puppstmaster1.jq.com
Puppetmaster2 10.168.32.117 puppetmaster2.jq.com
Puppet1 10.168.32.120 ag1.jq.com
Puppet2 10.168.32.121 ag2.jq.com
Puppetca1 10.168.32.118 puppetca1.jq.com
Puppetca2 10.168.32.119 puppetca2.jq.com
facter.x86_64 1:2.3.0-1.el6
puppet.noarch 0:3.7.3-1.el6
二、软件安装
2.1 安装epel包
所有服务器安装epel包
rpm -ivh http://mirror.bjtu.edu.cn/fedora-epel/6/x86_64/epel-release-6-8.noarch.rpm
rpm -ivh http://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm
2.2 Puppet master 安装配置
[root@puppetmaster1 ~]#yum install puppet-server puppet
[root@puppetmaster1 ~]#yum install facter
[root@puppetmaster1 ~]# cat /etc/puppet/puppet.conf
[main]
logdir = /var/log/puppet
rundir = /var/run/puppet
ssldir = $vardir/ssl
[agent]
classfile = $vardir/classes.txt
localconfig = $vardir/localconfig
server = puppetmaster1.jq.com
certname = puppetmaster1_cert.jq.com
[master]
certname = puppetmaster1.jq.com
创建site.pp文件,site.pp文件是puppet读取所有模块pp文件的开始
[root@puppetmaster1 ~]# touch /etc/puppet/manifests/site.pp
[root@puppetmaster1 ~]# /etc/init.d/puppetmaster restart
Stopping puppetmaster: [ OK ]
Starting puppetmaster: [ OK ]
[root@puppetmaster1 ~]# /etc/init.d/puppetmaster restart
[root@puppetmaster1 ~]# chkconfig puppetmaster on
启动守护进程将初始化Puppet的环境,创建一个本地的认证中心,同时创建 master相关的证书和密钥,并打开适当的网络socket等待客户端的连接。可以在 /etc/puppet/ssl目录查 看Puppet的SSL信 息和相 关证书 。
[root@puppetmaster1 ~]# tree /var/lib/puppet/ssl/
/var/lib/puppet/ssl/
├── ca
│ ├── ca_crl.pem
│ ├── ca_crt.pem
│ ├── ca_key.pem
│ ├── ca_pub.pem
│ ├── inventory.txt
│ ├── private
│ │ └── ca.pass
│ ├── requests
│ ├── serial
│ └── signed
│ ├── puppetmaster1_cert.jq.com.pem
│ └── puppetmaster1.jq.com.pem
├── certificate_requests
│ └── puppetmaster1_cert.jq.com.pem
├── certs
│ ├── ca.pem
│ ├── puppetmaster1_cert.jq.com.pem
│ └── puppetmaster1.jq.com.pem
├── crl.pem
├── private
├── private_keys
│ ├── puppetmaster1_cert.jq.com.pem
│ └── puppetmaster1.jq.com.pem
└── public_keys
├── puppetmaster1_cert.jq.com.pem
└── puppetmaster1.jq.com.pem
启动守护进程将初始化Puppet的环境,创建一个本地的认证中心,同时创建master相关的证书和密钥,并打开适当的网络socket*等待客户端的连接。可以在/etc/puppet/ssl目录查看Puppet的SSL信息和相关证书 。
[root@puppetmaster1 ~]# tree /var/lib/puppet/ssl/
/var/lib/puppet/ssl/
├── ca
│ ├── ca_crl.pem
│ ├── ca_crt.pem
│ ├── ca_key.pem
│ ├── ca_pub.pem
│ ├── inventory.txt
│ ├── private
│ │ └── ca.pass
│ ├── requests
│ ├── serial
│ └── signed
│ ├── puppetmaster1_cert.jq.com.pem
│ └── puppetmaster1.jq.com.pem
├── certificate_requests
│ └── puppetmaster1_cert.jq.com.pem
├── certs
│ ├── ca.pem
│ ├── puppetmaster1_cert.jq.com.pem
│ └── puppetmaster1.jq.com.pem
├── crl.pem
├── private
├── private_keys
│ ├── puppetmaster1_cert.jq.com.pem
│ └── puppetmaster1.jq.com.pem
└── public_keys
├── puppetmaster1_cert.jq.com.pem
└── puppetmaster1.jq.com.pem
9 directories, 18 files
第一次启动puppet,可以使用
puppet agent -t --verbose --no-daemonize 命令测试。
参数 --verbose使 master输出详细的日志,而--no-daemonize参数使 masteriS程运行 在前 台并将 输出重 定向到标准 输出 。你还可以 加上--debug参数 来产生 更加详 细的调 试输出 。
查看监听状态 puppetmaster服务开启后,默认监听TCP 8140端口
[root@puppetmaster1 ~]# netstat -nlatp | grep 8140
tcp 0 0 0.0.0.0:8140 0.0.0.0:* LISTEN 18524/ruby
[root@puppetmaster1 ~]# lsof -i:8140
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
puppetmas 1976 puppet 5u IPv4 14331 0t0 TCP *:8140 (LISTEN)
2.3 Puppet agent 安装配置
安装puppet和facter
[root@ag1 ssl]# yum install -y puppet facter
facter.x86_64 1:2.3.0-1.el6 puppet.noarch 0:3.7.3-1.el6
[root@ag1 puppet]# cat /etc/puppet/puppet.conf
### config by puppet ###
[main]
logdir = /var/log/puppet
rundir = /var/run/puppet
ssldir = $vardir/ssl
#pluginsync = false
[agent]
classfile = $vardir/classes.txt
localconfig = $vardir/localconfig
server = puppetmaster1.jq.com
certname = ag1_cert.jq.com
runinterval = 1000
申请证书
[root@ag1 puppet]# puppet agent -t
Info: Creating a new SSL key for ag1_cert.jq.com
Info: Caching certificate for ca
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for ag1_cert.jq.com
Info: Certificate Request fingerprint (SHA256): AD:51:37:B7:5D:4E:7C:9F:7D:5E:7B:C6:DE:6A:00:F4:AA:CE:A9:51:C0:89:73:90:1E:71:DC:0E:9C:63:A3:2F
Info: Caching certificate for ca
Exiting; no certificate found and waitforcert is disabled
Master注册证书
[root@puppetmaster1 ~]# puppet cert --sign --ag1.jq.com
客户端再次请求
[root@ag1 puppet]# puppet agent -t
第一次启动puppet,可以使用
puppet agent -t --verbose --no-daemonize 命令测试。
参数 --verbose使master输出详细的日志,而--no-daemonize参数使masteriS程运行在前台并将输出重定向到标准输出 。你还可以加上--debug参数 来产生更加详细的调 试输出 。 Puppet agent安装配置
查看监听状态 puppetmaster服务开启后,默认监听TCP 8140端口
[root@puppetmaster1 ~]# netstat -nlatp | grep 8140
tcp 0 0 0.0.0.0:8140 0.0.0.0:* LISTEN 18524/ruby
[root@puppetmaster1 ~]# lsof -i:8140
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
puppetmas 1976 puppet 5u IPv4 14331 0t0 TCP *:8140 (LISTEN)
本系统puppet均根据kisspuppet的博客(http://kisspuppet.com/)进行实验,非常感谢!!!
最新文章
- Android中常见的图片加载框架
- Nginx基本使用
- Java中的四舍五入
- Nginx基础知识之————RTMP模块专题(实践文档)
- modelsim(3) - summary ,issue,tips
- gulp-rev:项目部署缓存解决方案----gulp系列(六)
- row_number()over(partition by 字段 order by 字段)ID,修改重复行的字段值。
- 仿知乎程序 fragment的切换以及toolbar在不同页面下显示的menu不同
- 记一次奇怪IE动态加载js的乱码
- springdata+redis配置详解
- 草料生成app自动下载的二维码
- ssh服务突然连接不了案例总结
- 学习笔记71—Python 报错处理集
- vue 图片下载到本地,图片保存到本地
- DrawableAnimation小练习
- 数据恢复Winhex的核心理念
- linux下sort命令使用详解---linux将文本文件内容加以排序命令
- getRealPath函数编译报错问题
- Luogu4423 BJWC2011 最小三角形 平面最近点对
- shell编程之helloworld
热门文章
- A、B两伙马贼意外地在一片沙漠中发现了一处金矿,双方都想独占金矿,但各自的实力都不足以吞下对方,经过谈判后,双方同意用一个公平的方式来处理这片金矿。处理的规则如下:他们把整个金矿分成n段,由A、B开始轮流从最左端或最右端占据一段,直到分完为止。 马贼A想提前知道他们能分到多少金子,因此请你帮忙计算他们最后各自拥有多少金子?(两伙马贼均会采取对己方有利的策略)
- Spring mybatis自动扫描dao
- <LeetCode OJ> 121. /122. Best Time to Buy and Sell Stock(I / II)
- bash学习记录
- 2017-01-20_dp测试
- 【BZOJ3451】Tyvj1953 Normal 点分治+FFT+期望
- html学习笔记(1)--处理特殊字符以及其他的一些小细节
- Grasswire"草根连线":Pinterest图片流+Reddit众包新闻门户
- 利用wxpython显示OpenCV图像
- SSH Tunnel扫盲(ssh port forwarding端口转发)