本文介绍Puppet Master及Agent相关的安装及配置。

一. 官网下载Puppet安装YUM源

[root@puppet-master ~]# rpm -ivh https://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm

Retrieving https://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm

warning: /var/tmp/rpm-tmp.F1Q84J: Header V4 RSA/SHA512 Signature, key ID 4bd6ec30: NOKEY

Preparing...                ########################################### [100%]

   1:puppetlabs-release     ########################################### [100%]

[root@puppet-master ~]# rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm

Retrieving https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm

warning: /var/tmp/rpm-tmp.7HTwmp: Header V3 RSA/SHA256 Signature, key ID 0608b895: NOKEY

Preparing...                ########################################### [100%]

   1:epel-release           ########################################### [100%]

[root@puppet-master ~]#

【修改puppetlabs.repo】

[root@puppet-master yum.repos.d]# sed -i  s/gpgcheck=1/gpgcheck=0/g puppetlabs.repo  ##不修改安装不上

##Agent端配置同上!!

 

二. 安装Puppetmaster

  (1)安装相关软件包

[root@puppet-master yum.repos.d]# yum install -y puppet-server facter puppet  ###相关依赖系统会自动安装,前提YUM源安装完善

  (2)修改puppet.conf主配置文件  

[root@puppet-master ~]# vim /etc/puppet/puppet.conf
[main]

    # The Puppet log directory.

    # The default value is '$vardir/log'.

    logdir = /var/log/puppet        ###默认存放日志路径



    # Where Puppet PID files are kept.

    # The default value is '$vardir/run'.

    rundir = /var/run/puppet        ###pid存放路径

    # Where SSL certificates are kept.

    # The default value is '$confdir/ssl'.

    ssldir = $vardir/ssl           ###证书存放目录,$vardir为/var/lib/puppet

[agent]

    # The file in which puppetd stores a list of the classes

    # associated with the retrieved configuratiion.  Can be loaded in

    # the separate ``puppet`` executable using the ``--loadclasses``

    # option.

    # The default value is '$confdir/classes.txt'.

    classfile = $vardir/classes.txt

    # Where puppetd caches the local configuration.  An

    # extension indicating the cache format is added automatically.

    # The default value is '$confdir/localconfig'.

    localconfig = $vardir/localconfig

  certname = puppet-master.nlf.com

  server  = puppet-master.nlf.com       ###设置agent认证连接master端的服务器名称,此名称必须得能够解析

[master]

    certname = puppet-master.nlf.com      ###设置puppetmaster认证服务器名称

[root@puppet-master ~]#

  

  (3)启动puppetmaster服务

[root@puppet-master ~]# /etc/init.d/puppetmaster start

Starting puppetmaster:                                     [  OK  ]

[root@puppet-master ~]# chkconfig puppetmaster on    ###设置开机启动

[root@puppet-master ~]# chkconfig --list|grep puppetmaster

puppetmaster   	0:off	1:off	2:on	3:on	4:on	5:on	6:off

  (4) 查看puppetmaster是否自动验证自己身份

[root@puppet-master ~]# tree /var/lib/puppet/ssl/     ###tree工具需要安装

/var/lib/puppet/ssl/

├── ca

│   ├── ca_crl.pem

│   ├── ca_crt.pem

│   ├── ca_key.pem

│   ├── ca_pub.pem

│   ├── inventory.txt

│   ├── private

│   │   └── ca.pass

│   ├── requests

│   ├── serial

│   └── signed

│       └── puppet-master.nlf.com.pem

├── certificate_requests

├── certs

│   ├── ca.pem

│   └── puppet-master.nlf.com.pem

├── crl.pem

├── private

├── private_keys

│   └── puppet-master.nlf.com.pem

└── public_keys

    └── puppet-master.nlf.com.pem

9 directories, 13 files

[root@puppet-master ~]# puppet cert --list -all    ###带“+”表明注册成功

+ "puppet-master.nlf.com" (SHA256) 48:E6:9D:CF:ED:06:D7:45:D2:30:95:B7:33:5F:41:5F:3C:00:B2:A8:94:03:3A:C7:08:1B:0B:7D:F5:7F:3A:D8 (alt names: "DNS:puppet", "DNS:puppet-master.nlf.com", "DNS:puppet.nlf.com")

[root@puppet-master ~]#

  (4)查看puppetmaster监听服务

[root@puppet-master ~]# netstat -tulnp |grep 8140

tcp        0      0 0.0.0.0:8140                0.0.0.0:*                   LISTEN      26637/ruby

[root@puppet-master ~]# lsof -i:8140

COMMAND   PID   USER   FD   TYPE DEVICE SIZE/OFF NODE NAME

puppet  26637 puppet    5u  IPv4  39347      0t0  TCP *:8140 (LISTEN)

[root@puppet-master ~]#

  

三. 安装Agent客户端

  (1)安装相关软件包

[root@puppet-agent1 ~]# yum install -y puppet facter

   (2)修改puppet.conf主配置文件

[root@puppet-agent1 ~]# cat /etc/puppet/puppet.conf

[main]

    # The Puppet log directory.

    # The default value is '$vardir/log'.

    logdir = /var/log/puppet

    # Where Puppet PID files are kept.

    # The default value is '$vardir/run'.

    rundir = /var/run/puppet

    # Where SSL certificates are kept.

    # The default value is '$confdir/ssl'.

    ssldir = $vardir/ssl

[agent]

    # The file in which puppetd stores a list of the classes

    # associated with the retrieved configuratiion.  Can be loaded in

    # the separate ``puppet`` executable using the ``--loadclasses``

    # option.

    # The default value is '$confdir/classes.txt'.

    classfile = $vardir/classes.txt

    # Where puppetd caches the local configuration.  An

    # extension indicating the cache format is added automatically.

    # The default value is '$confdir/localconfig'.

    localconfig = $vardir/localconfig

    certname = puppet-agent1.nlf.com        ###设置本机的certname名称

    server = puppet-master.nlf.com       ###指向puppetmaster进行身份验证
 [root@puppet-agent1 ~]#

 

四. Agent端向Master进行身份验证

  Agent端向Master验证

  首次验证是没有通过,需要Master端进行身份验证

[root@puppet-agent1 ~]# puppet agent -t

Info: Creating a new SSL key for puppet-agent1.nlf.com

Info: Caching certificate for ca

Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml

Info: Creating a new SSL certificate request for puppet-agent1.nlf.com

Info: Certificate Request fingerprint (SHA256): 89:C3:7E:20:B4:F2:0E:2D:A3:E7:92:21:9E:11:D2:F9:D1:16:7B:EB:AB:EA:5A:7E:9B:F8:6B:CC:80:5F:E8:08

Info: Caching certificate for ca

Exiting; no certificate found and waitforcert is disabled

[root@puppet-agent1 ~]#

  Master端查看请求验证

  在puppet-master通过puppet-agent1的请求验证,查看puppet-master需要验证的客户端

[root@puppet-master ~]# puppet cert --sign --list    ##没有带“+”说明没有进行身份验证

  "puppet-agent1.nlf.com" (SHA256) 89:C3:7E:20:B4:F2:0E:2D:A3:E7:92:21:9E:11:D2:F9:D1:16:7B:EB:AB:EA:5A:7E:9B:F8:6B:CC:80:5F:E8:08

[root@puppet-master ~]#

  Master通过客户端的验证

[root@puppet-master ~]# puppet cert --sign puppet-agent1.nlf.com

Notice: Signed certificate request for puppet-agent1.nlf.com

Notice: Removing file Puppet::SSL::CertificateRequest puppet-agent1.nlf.com at '/var/lib/puppet/ssl/ca/requests/puppet-agent1.nlf.com.pem'

[root@puppet-master ~]#

  Agent端再次验证Master验证

[root@puppet-agent1 ~]# puppet agent -t

Info: Caching certificate for puppet-agent1.nlf.com

Info: Caching certificate_revocation_list for ca

Info: Caching certificate for puppet-agent1.nlf.com

Warning: Unable to fetch my node definition, but the agent run will continue:

Warning: undefined method `include?' for nil:NilClass

Info: Retrieving pluginfacts

Info: Retrieving plugin

Info: Caching catalog for puppet-agent1.nlf.com

Info: Applying configuration version '1482305454'

Info: Creating state file /var/lib/puppet/state/state.yaml

Notice: Finished catalog run in 0.01 seconds

[root@puppet-agent1 ~]#

  

  查看通过身份验证的客户端的证书存放目录

[root@puppet-master ~]# tree /var/lib/puppet/ssl/

/var/lib/puppet/ssl/

├── ca

│   ├── ca_crl.pem

│   ├── ca_crt.pem

│   ├── ca_key.pem

│   ├── ca_pub.pem

│   ├── inventory.txt

│   ├── private

│   │   └── ca.pass

│   ├── requests

│   ├── serial

│   └── signed

│       ├── puppet-agent1.nlf.com.pem

│       └── puppet-master.nlf.com.pem

├── certificate_requests

├── certs

│   ├── ca.pem

│   └── puppet-master.nlf.com.pem

├── crl.pem

├── private

├── private_keys

│   └── puppet-master.nlf.com.pem

└── public_keys

    └── puppet-master.nlf.com.pem

9 directories, 14 files

[root@puppet-master ~]#

  至此,Puppetmaster与Agent完成了C/S架构的部署,接下来就是相关资源的编写!

 

Puppet自动化部署-安装及配置(3)的更多相关文章

  1. puppet自动化部署

    puppet自动化部署 puppet  实现运维自动化管理的软件. 官方网站: http://puppetlabs.com/    pupptet下载链接:http://downloads.puppe ...

  2. 自动化运维之Cobbler自动化部署安装操作系统

    Cobbler概述: Cobbler可以用来快速建立 Linux 网络安装环境,它已将 Linux 网络安装的技术门槛,从大专以上文化水平,成功降低到初中以下,连补鞋匠都能学会. 在生产环境中,经常批 ...

  3. MySQL5.6.12 rpm制作及及自动化部署安装

    转自:http://blog.itpub.net/29254281/viewspace-1268918/ 首先,下载rpmbuildyum install rpm-build -y它是Red Hat用 ...

  4. Puppet自动化部署-前期环境准备(2)

    在安装Puppet环境之前需要配置好机器的基本配置,如规范网络地址IP.hostname,certname认证名称,ntp时间同步等配置完毕,完善的搭建自动化环境. 1.环境介绍 此处实现部署的环境是 ...

  5. (二)docker的部署安装,配置,基础命令

    一.docker 的安装部署 这里不过多介绍,下面这两个linux发型版 安装可以参考 ubuntu的 docker-ce安装 centos7的 docker-ce安装 二.docker配置文件 重要 ...

  6. puppet自动化安装服务

    puppet自动化部署 主机环境: server(master)端:172.25.7.1(server1.example.com) client(agent)端:172.25.7.2 172.25.7 ...

  7. Gitlab配置webhooks实现自动化部署

    Gitlab 自动化部署 原理介绍 配置gitlab当push动作的时候,访问服务器上的一个链接比如www.shenke.group/hook.php hook.php里面写着一行代码,会让服务器gi ...

  8. Linux 自动化部署Rsyslog服务

    Linux 自动化部署Rsyslog服务 源码如下: #/bin/bash #该脚本用于自动化部署Ryslog服务配置 #作者:雨中落叶 #博客:https://www.cnblogs.com/yuz ...

  9. Ansible安装及配置

    ansible分为以下几个部份: Ansible:核心引擎 Modules:包括 Ansible 自带的核心模块(core modules)及自定义模块 (custom modules): 核心模块: ...

随机推荐

  1. Mysql基础(一)

    Mysql的历史度娘上一堆,就不再介绍了. 本文依照此路径学习Mysql数据库:数据库->表->数据 首先启动Mysql服务,然后通过控制台命令登入root账户输入密码回车 C:\User ...

  2. JavaScript 智能社 拖拽

    <!DOCTYPE HTML> <html> <head> <meta charset="utf-8"> <title> ...

  3. PHP数组常用函数

    [官方]PHP Array 函数 一.数组操作的基本函数 数组的键名和值 array_values($arr);  获得数组的值 array_keys($arr);  获得数组的键名 array_fl ...

  4. PHP代码 如何网页获取用户的openid

    public function getOpenid($appid, $appsecret) { $SERVER_NAME = $_SERVER['SERVER_NAME']; $REQUEST_URI ...

  5. 对前台传回的list进行分割,并放在sql语句的in中

    前端数据集传回数据 var matDeptHisMonthPlanStore = Ext.data.StoreManager.lookup('matDeptHisMonthPlanStore'); m ...

  6. 在_vimrc中 set noexpandtab python 不起效果

    我ctm,今天配置不让tab转为空格,在_vimrc中set noexpandtab 不起效果. set ts=4也不起效果. 但是在命令行中其效果. 我都不知道咋办了. 问人说我有可能使用的不是那个 ...

  7. Python目录

  8. AtomicBoolean介绍与使用

       java.util.concurrent.atomic.AtomicBoolean 继承自Object. 介绍: 在这个Boolean值的变化的时候不允许在之间插入,保持操作的原子性 方法和举例 ...

  9. HTTP Header 详解

    HTTP(HyperTextTransferProtocol)即超文本传输协议,目前网页传输的的通用协议.HTTP协议采用了请求/响应模型,浏览器或其他客户端发出请求,服务器给与响应.就整个网络资源传 ...

  10. Merge K Sorted Arrays

    This problem can be solved by using a heap. The time is O(nlog(n)). Given m arrays, the minimum elem ...