aluminiumfoil 2016-08-03
一、准备环境
1、设置主机名和hosts文件
Master
Agent
2、启动节点ntpd服务
3、制作本地yum仓库
4、搭建FTP服务器,提供自定义yum仓库访问接口
[root@master ~]# cat /etc/vsftpd/vsftpd.conf listen=YES anonymous_enable=YES local_enable=YES write_enable=YES local_umask=022 anon_upload_enable=YES anon_mkdir_write_enable=YES anon_other_write_enable=YES dirmessage_enable=YES xferlog_enable=YES xferlog_file=/etc/vsftpd/vsftpd.log xferlog_std_format=YES ftpd_banner=Welcome to Ftp(installed by DQ) pam_service_name=vsftpd userlist_enable=YES tcp_wrappers=YES
5、将生成好的yum源copy到FTP共享目录中
[root@master ~]# cp -arv /home/puppet /var/ftp/pub/
6、agent上配置远程yum仓库
[root@agent ~]# cat /etc/yum.repos.d/puppet.repo [CentOS-puppet] name=puppetlabs epel gems for centos baseurl=ftp://master.puppet.com/pub/puppet/ enabled=1 gpgcheck=0 priority=1
测试puppet yum是否可用
二、Master端yum安装配置puppet
1、安装Puppet-server、puppet和facter
[root@master ~]# yum install puppet puppet-server facter -y
2、配置puppet.conf 注意:配置文件中有两个certname,[master]中配置的certname是为所有节点认证用的master名称,[agent]中配置的certname是其本身agent的名称,当然不配置默认是和master的名称是一样的。
[root@master ~]# cp /etc/puppet/puppet.conf{,.bak} [root@master ~]# cat /etc/puppet/puppet.conf |grep "^\s*[^# \t].*$" [main] logdir = /var/log/puppet rundir = /var/run/puppet ssldir = $vardir/ssl #证书存放目录,默认$vardir为/var/lib/puppet [agent] classfile = $vardir/classes.txt server = master.puppet.com #设置agent认证连接master端的服务器名称,注意这个名字必须能够被节点解析 certname = agent.puppet.com #设置agent端certname名称 localconfig = $vardir/localconfig [master] certname = master.puppet.com #设置puppetmaster认证服务器名
3、创建site.pp文件 site.pp文件是puppet读取所有模块pp文件的开始,在3.0版本以前必须设置,否则服务无法启动。
[root@master ~]# touch /etc/puppet/manifests/site.pp
4、启动puppetmaster服务
[root@master ~]# /etc/init.d/puppetmaster start Starting puppetmaster: [ OK ]
5、查看本地证书情况 puppetmaster第一次启动会自动生成证书自动注册自己
[root@master ~]# tree /var/lib/puppet/ssl/ /var/lib/puppet/ssl/ ├── ca │ ├── ca_crl.pem │ ├── ca_crt.pem │ ├── ca_key.pem │ ├── ca_pub.pem │ ├── inventory.txt │ ├── private │ │ └── ca.pass │ ├── requests │ ├── serial │ └── signed │ └── master.puppet.com.pem #已注册 ├── certificate_requests ├── certs │ ├── ca.pem │ └── master.puppet.com.pem ├── crl.pem ├── private ├── private_keys │ └── master.puppet.com.pem └── public_keys └── master.puppet.com.pem 9 directories, 13 files [root@master ~]# puppet cert --list --all + "master.puppet.com" #带+标示已经注册成功(CF:74:C7:C7:91:DB:F5:82:3A:5E:01:93:E8:23:64:C4) + (alt names: "DNS:master.puppet.com", "DNS:puppet", "DNS:puppet.puppet.com")
6、查看监听状态 puppetmaster服务开启后,默认监听TCP 8140端口
二、Agent端yum安装配置puppet
1、安装puppet和facter
[root@agent ~]# yum install puppet facter -y
2、配置puppet.conf
3、agent通过调试模式启动节点向master端发起认证
4、master端确定认证
[root@master ~]# puppet cert --list --all [root@master ~]# puppet cert --sign agent.puppet.com [root@master ~]# tree /var/lib/puppet/ssl/
查看认证情况,agent未认证
注册agent
再次查看认证情况,agent已认证
Puppet 学习系列:
相关阅读:
Puppet 的详细介绍:请点这里
Puppet 的下载地址:请点这里