Puppet自动化部署-安装及配置(3)
本文介绍Puppet Master及Agent相关的安装及配置。
一. 官网下载Puppet安装YUM源
[root@puppet-master ~]# rpm -ivh https://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm
Retrieving https://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm
warning: /var/tmp/rpm-tmp.F1Q84J: Header V4 RSA/SHA512 Signature, key ID 4bd6ec30: NOKEY
Preparing... ########################################### [100%]
1:puppetlabs-release ########################################### [100%]
[root@puppet-master ~]# rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm
Retrieving https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm
warning: /var/tmp/rpm-tmp.7HTwmp: Header V3 RSA/SHA256 Signature, key ID 0608b895: NOKEY
Preparing... ########################################### [100%]
1:epel-release ########################################### [100%]
[root@puppet-master ~]# 【修改puppetlabs.repo】
[root@puppet-master yum.repos.d]# sed -i s/gpgcheck=1/gpgcheck=0/g puppetlabs.repo ##不修改安装不上 ##Agent端配置同上!!
二. 安装Puppetmaster
(1)安装相关软件包
[root@puppet-master yum.repos.d]# yum install -y puppet-server facter puppet ###相关依赖系统会自动安装,前提YUM源安装完善
(2)修改puppet.conf主配置文件
[root@puppet-master ~]# vim /etc/puppet/puppet.conf
[main]
# The Puppet log directory.
# The default value is '$vardir/log'.
logdir = /var/log/puppet ###默认存放日志路径
# Where Puppet PID files are kept.
# The default value is '$vardir/run'.
rundir = /var/run/puppet ###pid存放路径 # Where SSL certificates are kept.
# The default value is '$confdir/ssl'.
ssldir = $vardir/ssl ###证书存放目录,$vardir为/var/lib/puppet [agent]
# The file in which puppetd stores a list of the classes
# associated with the retrieved configuratiion. Can be loaded in
# the separate ``puppet`` executable using the ``--loadclasses``
# option.
# The default value is '$confdir/classes.txt'.
classfile = $vardir/classes.txt # Where puppetd caches the local configuration. An
# extension indicating the cache format is added automatically.
# The default value is '$confdir/localconfig'.
localconfig = $vardir/localconfig
certname = puppet-master.nlf.com
server = puppet-master.nlf.com ###设置agent认证连接master端的服务器名称,此名称必须得能够解析
[master]
certname = puppet-master.nlf.com ###设置puppetmaster认证服务器名称
[root@puppet-master ~]#
(3)启动puppetmaster服务
[root@puppet-master ~]# /etc/init.d/puppetmaster start
Starting puppetmaster: [ OK ]
[root@puppet-master ~]# chkconfig puppetmaster on ###设置开机启动
[root@puppet-master ~]# chkconfig --list|grep puppetmaster
puppetmaster 0:off 1:off 2:on 3:on 4:on 5:on 6:off
(4) 查看puppetmaster是否自动验证自己身份
[root@puppet-master ~]# tree /var/lib/puppet/ssl/ ###tree工具需要安装
/var/lib/puppet/ssl/
├── ca
│ ├── ca_crl.pem
│ ├── ca_crt.pem
│ ├── ca_key.pem
│ ├── ca_pub.pem
│ ├── inventory.txt
│ ├── private
│ │ └── ca.pass
│ ├── requests
│ ├── serial
│ └── signed
│ └── puppet-master.nlf.com.pem
├── certificate_requests
├── certs
│ ├── ca.pem
│ └── puppet-master.nlf.com.pem
├── crl.pem
├── private
├── private_keys
│ └── puppet-master.nlf.com.pem
└── public_keys
└── puppet-master.nlf.com.pem 9 directories, 13 files
[root@puppet-master ~]# puppet cert --list -all ###带“+”表明注册成功
+ "puppet-master.nlf.com" (SHA256) 48:E6:9D:CF:ED:06:D7:45:D2:30:95:B7:33:5F:41:5F:3C:00:B2:A8:94:03:3A:C7:08:1B:0B:7D:F5:7F:3A:D8 (alt names: "DNS:puppet", "DNS:puppet-master.nlf.com", "DNS:puppet.nlf.com")
[root@puppet-master ~]#
(4)查看puppetmaster监听服务
[root@puppet-master ~]# netstat -tulnp |grep 8140
tcp 0 0 0.0.0.0:8140 0.0.0.0:* LISTEN 26637/ruby
[root@puppet-master ~]# lsof -i:8140
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
puppet 26637 puppet 5u IPv4 39347 0t0 TCP *:8140 (LISTEN)
[root@puppet-master ~]#
三. 安装Agent客户端
(1)安装相关软件包
[root@puppet-agent1 ~]# yum install -y puppet facter
(2)修改puppet.conf主配置文件
[root@puppet-agent1 ~]# cat /etc/puppet/puppet.conf
[main]
# The Puppet log directory.
# The default value is '$vardir/log'.
logdir = /var/log/puppet # Where Puppet PID files are kept.
# The default value is '$vardir/run'.
rundir = /var/run/puppet # Where SSL certificates are kept.
# The default value is '$confdir/ssl'.
ssldir = $vardir/ssl [agent]
# The file in which puppetd stores a list of the classes
# associated with the retrieved configuratiion. Can be loaded in
# the separate ``puppet`` executable using the ``--loadclasses``
# option.
# The default value is '$confdir/classes.txt'.
classfile = $vardir/classes.txt # Where puppetd caches the local configuration. An
# extension indicating the cache format is added automatically.
# The default value is '$confdir/localconfig'.
localconfig = $vardir/localconfig
certname = puppet-agent1.nlf.com ###设置本机的certname名称
server = puppet-master.nlf.com ###指向puppetmaster进行身份验证
[root@puppet-agent1 ~]#
四. Agent端向Master进行身份验证
Agent端向Master验证
首次验证是没有通过,需要Master端进行身份验证
[root@puppet-agent1 ~]# puppet agent -t
Info: Creating a new SSL key for puppet-agent1.nlf.com
Info: Caching certificate for ca
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for puppet-agent1.nlf.com
Info: Certificate Request fingerprint (SHA256): 89:C3:7E:20:B4:F2:0E:2D:A3:E7:92:21:9E:11:D2:F9:D1:16:7B:EB:AB:EA:5A:7E:9B:F8:6B:CC:80:5F:E8:08
Info: Caching certificate for ca
Exiting; no certificate found and waitforcert is disabled
[root@puppet-agent1 ~]#
Master端查看请求验证
在puppet-master通过puppet-agent1的请求验证,查看puppet-master需要验证的客户端
[root@puppet-master ~]# puppet cert --sign --list ##没有带“+”说明没有进行身份验证
"puppet-agent1.nlf.com" (SHA256) 89:C3:7E:20:B4:F2:0E:2D:A3:E7:92:21:9E:11:D2:F9:D1:16:7B:EB:AB:EA:5A:7E:9B:F8:6B:CC:80:5F:E8:08
[root@puppet-master ~]#
Master通过客户端的验证
[root@puppet-master ~]# puppet cert --sign puppet-agent1.nlf.com
Notice: Signed certificate request for puppet-agent1.nlf.com
Notice: Removing file Puppet::SSL::CertificateRequest puppet-agent1.nlf.com at '/var/lib/puppet/ssl/ca/requests/puppet-agent1.nlf.com.pem'
[root@puppet-master ~]#
Agent端再次验证Master验证
[root@puppet-agent1 ~]# puppet agent -t
Info: Caching certificate for puppet-agent1.nlf.com
Info: Caching certificate_revocation_list for ca
Info: Caching certificate for puppet-agent1.nlf.com
Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: undefined method `include?' for nil:NilClass
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for puppet-agent1.nlf.com
Info: Applying configuration version '1482305454'
Info: Creating state file /var/lib/puppet/state/state.yaml
Notice: Finished catalog run in 0.01 seconds
[root@puppet-agent1 ~]#
查看通过身份验证的客户端的证书存放目录
[root@puppet-master ~]# tree /var/lib/puppet/ssl/
/var/lib/puppet/ssl/
├── ca
│ ├── ca_crl.pem
│ ├── ca_crt.pem
│ ├── ca_key.pem
│ ├── ca_pub.pem
│ ├── inventory.txt
│ ├── private
│ │ └── ca.pass
│ ├── requests
│ ├── serial
│ └── signed
│ ├── puppet-agent1.nlf.com.pem
│ └── puppet-master.nlf.com.pem
├── certificate_requests
├── certs
│ ├── ca.pem
│ └── puppet-master.nlf.com.pem
├── crl.pem
├── private
├── private_keys
│ └── puppet-master.nlf.com.pem
└── public_keys
└── puppet-master.nlf.com.pem 9 directories, 14 files
[root@puppet-master ~]#
至此,Puppetmaster与Agent完成了C/S架构的部署,接下来就是相关资源的编写!
Puppet自动化部署-安装及配置(3)的更多相关文章
- puppet自动化部署
puppet自动化部署 puppet 实现运维自动化管理的软件. 官方网站: http://puppetlabs.com/ pupptet下载链接:http://downloads.puppe ...
- 自动化运维之Cobbler自动化部署安装操作系统
Cobbler概述: Cobbler可以用来快速建立 Linux 网络安装环境,它已将 Linux 网络安装的技术门槛,从大专以上文化水平,成功降低到初中以下,连补鞋匠都能学会. 在生产环境中,经常批 ...
- MySQL5.6.12 rpm制作及及自动化部署安装
转自:http://blog.itpub.net/29254281/viewspace-1268918/ 首先,下载rpmbuildyum install rpm-build -y它是Red Hat用 ...
- Puppet自动化部署-前期环境准备(2)
在安装Puppet环境之前需要配置好机器的基本配置,如规范网络地址IP.hostname,certname认证名称,ntp时间同步等配置完毕,完善的搭建自动化环境. 1.环境介绍 此处实现部署的环境是 ...
- (二)docker的部署安装,配置,基础命令
一.docker 的安装部署 这里不过多介绍,下面这两个linux发型版 安装可以参考 ubuntu的 docker-ce安装 centos7的 docker-ce安装 二.docker配置文件 重要 ...
- puppet自动化安装服务
puppet自动化部署 主机环境: server(master)端:172.25.7.1(server1.example.com) client(agent)端:172.25.7.2 172.25.7 ...
- Gitlab配置webhooks实现自动化部署
Gitlab 自动化部署 原理介绍 配置gitlab当push动作的时候,访问服务器上的一个链接比如www.shenke.group/hook.php hook.php里面写着一行代码,会让服务器gi ...
- Linux 自动化部署Rsyslog服务
Linux 自动化部署Rsyslog服务 源码如下: #/bin/bash #该脚本用于自动化部署Ryslog服务配置 #作者:雨中落叶 #博客:https://www.cnblogs.com/yuz ...
- Ansible安装及配置
ansible分为以下几个部份: Ansible:核心引擎 Modules:包括 Ansible 自带的核心模块(core modules)及自定义模块 (custom modules): 核心模块: ...
随机推荐
- 深入理解javascript原型和闭包 (转)
该教程绕开了javascript的一些基本的语法知识,直接讲解javascript中最难理解的两个部分,也是和其他主流面向对象语言区别最大的两个部分--原型和闭包,当然,肯定少不了原型链和作用域链.帮 ...
- 关于MapReduce中自定义分区类(四)
MapTask类 在MapTask类中找到run函数 if(useNewApi){ runNewMapper(job, splitMetaInfo, umbilical, reporter ...
- 在SQL中 给字符串补0方法
--第一种方法SELECT RIGHT('00000'+CAST(ID AS nvarchar(50)),5) FROM dbo.TableName --左边补0,如 00001,00039 SELE ...
- poj 1737男人八题之一 orz ltc
这是楼教主的男人八题之一.很高兴我能做八分之一的男人了. 题目大意:求有n个顶点的连通图有多少个. 解法: 1. 用总数减去不联通的图(网上说可以,我觉得时间悬) 2. 用动态规划(数学递推) ...
- [BZOJ1014][JSOI2008]火星人prefix
[BZOJ1014][JSOI2008]火星人prefix 试题描述 火星人最近研究了一种操作:求一个字串两个后缀的公共前缀.比方说,有这样一个字符串:madamimadam,我们将这个字符串的各个字 ...
- 转DNS DLZ +MYSQL
关于bind的软件介绍这里就不讲解了 大家都知道是干嘛的 这里多介绍一下DLZ这个东西 大家都知道维护bind的时候 如果想新增一个zone 需要vim 编辑添加 这样.....然后bind启动后从 ...
- PHP中被定义为false的
if($res == false){ echo "未定义通过<br>"; } $res = 0; if($res == false){ echo "0数字通过 ...
- 【splay】文艺平衡树 BZOJ 3223
Description 您需要写一种数据结构(可参考题目标题),来维护一个有序数列,其中需要提供以下操作:翻转一个区间,例如原有序序列是5 4 3 2 1,翻转区间是[2,4]的话,结果是5 2 3 ...
- 去除html的 标签
// 去除html的 标签 String str = " 2016-09-02"; if (str.indexOf("\u00A0") != -1) { st ...
- appium实现截图和清空EditText
前些日子,配置好了appium测试环境,至于环境怎么搭建,参考:http://www.cnblogs.com/tobecrazy/p/4562199.html 知乎Android客户端登陆:htt ...