puppet 搭建

来源：互联网发布：日本爱知电机编辑：程序博客网时间：2024/05/22 07:55

puppet 搭建总结
c/s结构，需要ssl验证，证书依赖主机名

server信息：

[root@test data0]# cat /etc/hosts127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4#::1         localhost localhost.localdomain localhost6 localhost6.localdomain610.210.71.145   test.145 10.210.71.144   test.14410.210.71.143   test.143

其中test.145 是server 端
需要的软件

1.puppet-server-2.7.25-2.el6.noarch2.puppet-2.7.25-2.el6.noarch3.facter-1.6.18-3.el6.x86_64

依赖的epl:http://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-6.noarch.rpm
1.puppermaster 端test.145 安装puppet-server facter

[root@test data0]# yum install puppet-server facter -y 中间省略Installed:  facter.x86_64 0:1.6.18-7.el6                                   puppet-server.noarch 0:2.7.25-2.el6                                  Dependency Installed:  puppet.noarch 0:2.7.25-2.el6                                                                                                        Complete!

2.puppet master 启动

[root@test data0]# /etc/init.d/puppetmaster restartStopping puppetmaster:                                     [FAILED]Starting puppetmaster:                                     [  OK  ]

3.ca 查看

[root@test ~]# puppetca --list --all [root@test ~]#

什么都没用，因为没人请求验证呢
-----------------------------------------------------------------------------
4.client 安装

[root@test ~]# hostname test.143[root@test ~]# yum install puppet facter -yLoaded plugins: fastestmirror省略Installed:  facter.x86_64 0:1.6.18-7.el6                                      puppet.noarch 0:2.7.25-2.el6                                     Complete![root@test ~]#

安装完毕
5.配置并且启动

[root@test puppet]# cat /etc/puppet/puppet.conf[main]    # The Puppet log directory.    # The default value is '$vardir/log'.    logdir = /var/log/puppet    # Where Puppet PID files are kept.    # The default value is '$vardir/run'.    rundir = /var/run/puppet    # Where SSL certificates are kept.    # The default value is '$confdir/ssl'.    ssldir = $vardir/ssl    report = true[agent]    # The file in which puppetd stores a list of the classes    # associated with the retrieved configuratiion.  Can be loaded in    # the separate ``puppet`` executable using the ``--loadclasses``    # option.    # The default value is '$confdir/classes.txt'.    classfile = $vardir/classes.txt    # Where puppetd caches the local configuration.  An    # extension indicating the cache format is added automatically.    # The default value is '$confdir/localconfig'.    localconfig = $vardir/localconfig    listen = true    server = test.145[root@test puppet]# /etc/init.d/puppet startStarting puppet:                                           [  OK  ][root@test puppet]#

配置并且启动完毕，同时提出了验证请求。

6.puppetmaster 查看并且验证通过

[root@test ~]# puppetca --list --all [root@test ~]# puppetca --list --all [root@test ~]# puppetca --list --all   "test.143" (5B:2D:F4:B2:E6:C1:7D:F3:E7:5E:ED:69:E7:74:07:0B)[root@test ~]# hostname test.145[root@test ~]# puppetca -s -a notice: Signed certificate request for test.143notice: Removing file Puppet::SSL::CertificateRequest test.143 at '/var/lib/puppet/ssl/ca/requests/test.143.pem'[root@test ~]# puppetca --list --all + "test.143" (D9:D5:89:D3:32:2C:CB:9D:50:F5:24:60:97:F5:C7:D7)[root@test ~]#

变成加号了，验证通过，一个最简单的puppet cs 写完了。

写个简单的demo

[root@test ~]# cat /etc/puppet/manifests/site.pp node default {    file {        "/tmp/hello_puppet":        content=>"hello_puppet nice to meet you";    }   }[root@test ~]# hostname test.145[root@test ~]#

puppet的入口文件是site.pp

然后去客户端验证一下。

[root@test puppet]# !puppuppetd --testnotice: Ignoring --listen on onetime runinfo: Caching catalog for test.143info: Applying configuration version '1417590794'notice: /Stage[main]//Node[default]/File[/tmp/hello_puppet]/ensure: defined content as '{md5}6152d048657a8a30d6894b3a6f164657'notice: Finished catalog run in 0.23 seconds[root@test puppet]# cat /tmp/hello_puppet hello_puppet nice to meet you[root@test puppet]# hostname test.143[root@test puppet]#

done 完成了。

0 0