Puppet自动化部署-安装及配置(3)
本文介绍Puppet Master及Agent相关的安装及配置。
一. 官网下载Puppet安装YUM源
[root@puppet-master ~]# rpm -ivh https://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm
Retrieving https://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm
warning: /var/tmp/rpm-tmp.F1Q84J: Header V4 RSA/SHA512 Signature, key ID 4bd6ec30: NOKEY
Preparing... ########################################### [100%]
1:puppetlabs-release ########################################### [100%]
[root@puppet-master ~]# rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm
Retrieving https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm
warning: /var/tmp/rpm-tmp.7HTwmp: Header V3 RSA/SHA256 Signature, key ID 0608b895: NOKEY
Preparing... ########################################### [100%]
1:epel-release ########################################### [100%]
[root@puppet-master ~]# 【修改puppetlabs.repo】
[root@puppet-master yum.repos.d]# sed -i s/gpgcheck=1/gpgcheck=0/g puppetlabs.repo ##不修改安装不上 ##Agent端配置同上!!
二. 安装Puppetmaster
(1)安装相关软件包
[root@puppet-master yum.repos.d]# yum install -y puppet-server facter puppet ###相关依赖系统会自动安装,前提YUM源安装完善
(2)修改puppet.conf主配置文件
[root@puppet-master ~]# vim /etc/puppet/puppet.conf
[main]
# The Puppet log directory.
# The default value is '$vardir/log'.
logdir = /var/log/puppet ###默认存放日志路径
# Where Puppet PID files are kept.
# The default value is '$vardir/run'.
rundir = /var/run/puppet ###pid存放路径 # Where SSL certificates are kept.
# The default value is '$confdir/ssl'.
ssldir = $vardir/ssl ###证书存放目录,$vardir为/var/lib/puppet [agent]
# The file in which puppetd stores a list of the classes
# associated with the retrieved configuratiion. Can be loaded in
# the separate ``puppet`` executable using the ``--loadclasses``
# option.
# The default value is '$confdir/classes.txt'.
classfile = $vardir/classes.txt # Where puppetd caches the local configuration. An
# extension indicating the cache format is added automatically.
# The default value is '$confdir/localconfig'.
localconfig = $vardir/localconfig
certname = puppet-master.nlf.com
server = puppet-master.nlf.com ###设置agent认证连接master端的服务器名称,此名称必须得能够解析
[master]
certname = puppet-master.nlf.com ###设置puppetmaster认证服务器名称
[root@puppet-master ~]#
(3)启动puppetmaster服务
[root@puppet-master ~]# /etc/init.d/puppetmaster start
Starting puppetmaster: [ OK ]
[root@puppet-master ~]# chkconfig puppetmaster on ###设置开机启动
[root@puppet-master ~]# chkconfig --list|grep puppetmaster
puppetmaster 0:off 1:off 2:on 3:on 4:on 5:on 6:off
(4) 查看puppetmaster是否自动验证自己身份
[root@puppet-master ~]# tree /var/lib/puppet/ssl/ ###tree工具需要安装
/var/lib/puppet/ssl/
├── ca
│ ├── ca_crl.pem
│ ├── ca_crt.pem
│ ├── ca_key.pem
│ ├── ca_pub.pem
│ ├── inventory.txt
│ ├── private
│ │ └── ca.pass
│ ├── requests
│ ├── serial
│ └── signed
│ └── puppet-master.nlf.com.pem
├── certificate_requests
├── certs
│ ├── ca.pem
│ └── puppet-master.nlf.com.pem
├── crl.pem
├── private
├── private_keys
│ └── puppet-master.nlf.com.pem
└── public_keys
└── puppet-master.nlf.com.pem 9 directories, 13 files
[root@puppet-master ~]# puppet cert --list -all ###带“+”表明注册成功
+ "puppet-master.nlf.com" (SHA256) 48:E6:9D:CF:ED:06:D7:45:D2:30:95:B7:33:5F:41:5F:3C:00:B2:A8:94:03:3A:C7:08:1B:0B:7D:F5:7F:3A:D8 (alt names: "DNS:puppet", "DNS:puppet-master.nlf.com", "DNS:puppet.nlf.com")
[root@puppet-master ~]#
(4)查看puppetmaster监听服务
[root@puppet-master ~]# netstat -tulnp |grep 8140
tcp 0 0 0.0.0.0:8140 0.0.0.0:* LISTEN 26637/ruby
[root@puppet-master ~]# lsof -i:8140
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
puppet 26637 puppet 5u IPv4 39347 0t0 TCP *:8140 (LISTEN)
[root@puppet-master ~]#
三. 安装Agent客户端
(1)安装相关软件包
[root@puppet-agent1 ~]# yum install -y puppet facter
(2)修改puppet.conf主配置文件
[root@puppet-agent1 ~]# cat /etc/puppet/puppet.conf
[main]
# The Puppet log directory.
# The default value is '$vardir/log'.
logdir = /var/log/puppet # Where Puppet PID files are kept.
# The default value is '$vardir/run'.
rundir = /var/run/puppet # Where SSL certificates are kept.
# The default value is '$confdir/ssl'.
ssldir = $vardir/ssl [agent]
# The file in which puppetd stores a list of the classes
# associated with the retrieved configuratiion. Can be loaded in
# the separate ``puppet`` executable using the ``--loadclasses``
# option.
# The default value is '$confdir/classes.txt'.
classfile = $vardir/classes.txt # Where puppetd caches the local configuration. An
# extension indicating the cache format is added automatically.
# The default value is '$confdir/localconfig'.
localconfig = $vardir/localconfig
certname = puppet-agent1.nlf.com ###设置本机的certname名称
server = puppet-master.nlf.com ###指向puppetmaster进行身份验证
[root@puppet-agent1 ~]#
四. Agent端向Master进行身份验证
Agent端向Master验证
首次验证是没有通过,需要Master端进行身份验证
[root@puppet-agent1 ~]# puppet agent -t
Info: Creating a new SSL key for puppet-agent1.nlf.com
Info: Caching certificate for ca
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for puppet-agent1.nlf.com
Info: Certificate Request fingerprint (SHA256): 89:C3:7E:20:B4:F2:0E:2D:A3:E7:92:21:9E:11:D2:F9:D1:16:7B:EB:AB:EA:5A:7E:9B:F8:6B:CC:80:5F:E8:08
Info: Caching certificate for ca
Exiting; no certificate found and waitforcert is disabled
[root@puppet-agent1 ~]#
Master端查看请求验证
在puppet-master通过puppet-agent1的请求验证,查看puppet-master需要验证的客户端
[root@puppet-master ~]# puppet cert --sign --list ##没有带“+”说明没有进行身份验证
"puppet-agent1.nlf.com" (SHA256) 89:C3:7E:20:B4:F2:0E:2D:A3:E7:92:21:9E:11:D2:F9:D1:16:7B:EB:AB:EA:5A:7E:9B:F8:6B:CC:80:5F:E8:08
[root@puppet-master ~]#
Master通过客户端的验证
[root@puppet-master ~]# puppet cert --sign puppet-agent1.nlf.com
Notice: Signed certificate request for puppet-agent1.nlf.com
Notice: Removing file Puppet::SSL::CertificateRequest puppet-agent1.nlf.com at '/var/lib/puppet/ssl/ca/requests/puppet-agent1.nlf.com.pem'
[root@puppet-master ~]#
Agent端再次验证Master验证
[root@puppet-agent1 ~]# puppet agent -t
Info: Caching certificate for puppet-agent1.nlf.com
Info: Caching certificate_revocation_list for ca
Info: Caching certificate for puppet-agent1.nlf.com
Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: undefined method `include?' for nil:NilClass
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for puppet-agent1.nlf.com
Info: Applying configuration version '1482305454'
Info: Creating state file /var/lib/puppet/state/state.yaml
Notice: Finished catalog run in 0.01 seconds
[root@puppet-agent1 ~]#
查看通过身份验证的客户端的证书存放目录
[root@puppet-master ~]# tree /var/lib/puppet/ssl/
/var/lib/puppet/ssl/
├── ca
│ ├── ca_crl.pem
│ ├── ca_crt.pem
│ ├── ca_key.pem
│ ├── ca_pub.pem
│ ├── inventory.txt
│ ├── private
│ │ └── ca.pass
│ ├── requests
│ ├── serial
│ └── signed
│ ├── puppet-agent1.nlf.com.pem
│ └── puppet-master.nlf.com.pem
├── certificate_requests
├── certs
│ ├── ca.pem
│ └── puppet-master.nlf.com.pem
├── crl.pem
├── private
├── private_keys
│ └── puppet-master.nlf.com.pem
└── public_keys
└── puppet-master.nlf.com.pem 9 directories, 14 files
[root@puppet-master ~]#
至此,Puppetmaster与Agent完成了C/S架构的部署,接下来就是相关资源的编写!
Puppet自动化部署-安装及配置(3)的更多相关文章
- puppet自动化部署
puppet自动化部署 puppet 实现运维自动化管理的软件. 官方网站: http://puppetlabs.com/ pupptet下载链接:http://downloads.puppe ...
- 自动化运维之Cobbler自动化部署安装操作系统
Cobbler概述: Cobbler可以用来快速建立 Linux 网络安装环境,它已将 Linux 网络安装的技术门槛,从大专以上文化水平,成功降低到初中以下,连补鞋匠都能学会. 在生产环境中,经常批 ...
- MySQL5.6.12 rpm制作及及自动化部署安装
转自:http://blog.itpub.net/29254281/viewspace-1268918/ 首先,下载rpmbuildyum install rpm-build -y它是Red Hat用 ...
- Puppet自动化部署-前期环境准备(2)
在安装Puppet环境之前需要配置好机器的基本配置,如规范网络地址IP.hostname,certname认证名称,ntp时间同步等配置完毕,完善的搭建自动化环境. 1.环境介绍 此处实现部署的环境是 ...
- (二)docker的部署安装,配置,基础命令
一.docker 的安装部署 这里不过多介绍,下面这两个linux发型版 安装可以参考 ubuntu的 docker-ce安装 centos7的 docker-ce安装 二.docker配置文件 重要 ...
- puppet自动化安装服务
puppet自动化部署 主机环境: server(master)端:172.25.7.1(server1.example.com) client(agent)端:172.25.7.2 172.25.7 ...
- Gitlab配置webhooks实现自动化部署
Gitlab 自动化部署 原理介绍 配置gitlab当push动作的时候,访问服务器上的一个链接比如www.shenke.group/hook.php hook.php里面写着一行代码,会让服务器gi ...
- Linux 自动化部署Rsyslog服务
Linux 自动化部署Rsyslog服务 源码如下: #/bin/bash #该脚本用于自动化部署Ryslog服务配置 #作者:雨中落叶 #博客:https://www.cnblogs.com/yuz ...
- Ansible安装及配置
ansible分为以下几个部份: Ansible:核心引擎 Modules:包括 Ansible 自带的核心模块(core modules)及自定义模块 (custom modules): 核心模块: ...
随机推荐
- ORACLE百万记录SQL语句优化技巧
1.对查询进行优化,应尽量避免全表扫描,首先应考虑在 where 及 order by 涉及的列上建立索引. 2.应尽量避免在 where 子句中对字段进行 null 值判断,否则将导致引擎放弃使用索 ...
- asp.net MVC4 表单 - CheckBox兴趣爱好
1.Model层定义属性 public class vmUser { public string userName { get; set; } public string sex { get; set ...
- 几大主流浏览器内核(Rendering Engine)
"浏览器内核",英文为"Rendering Engine",也叫"渲染引擎",作用是帮助浏览器来渲染网页的内容,将页面内容和排版代码转换为用 ...
- 【Java】增强的for流程
增强for循环语法: for(type element: array) { System.out.println(element); } 可遍历输出数组元素,但无法获取元素下标. 相关链接 ...
- C++网络套接字编程TCP和UDP实例
原文地址:C++网络套接字编程TCP和UDP实例作者:xiaojiangjiang 1. 创建一个简单的SOCKET编程流程如下 面向有连接的套接字编程 服务器: 1) 创建套接字(so ...
- 数据库 'xxx 的事务日志已满。若要查明无法重用日志中的空间的原因,请参阅 sys.databases 中的 log_reuse_wait_desc 列。
---清空日志: USE [master] GO ALTER DATABASE cits SET RECOVERY SIMPLE WITH NO_WAIT GO ALTER DATABASE cits ...
- redis的一些操作
public class WnsRedisFactory { private static Cache pool = null; private static JedisConnectionFacto ...
- 转载:gulp文件
这是我的文件目录结构图 下面是我gulpfile.js的配置 'use strict' var gulp=require('gulp'); var gutil=require('gulp-util' ...
- WinForm用户控件、动态创建添加控件、timer控件--2016年12月12日
好文要顶 关注我 收藏该文 徐淳 关注 - 1 粉丝 - 3 0 0 用户控件: 通过布局将多个控件整合为一个控件,根据自己的需要进行修改,可对用户控件内的所有控件及控件属性进行修 ...
- 常用js代码集
<img src="{:url('publics/verify')}" onclick="this.src='{:url('publics/verify')}'&q ...