Puppet自动化部署-安装及配置(3)
本文介绍Puppet Master及Agent相关的安装及配置。
一. 官网下载Puppet安装YUM源
[root@puppet-master ~]# rpm -ivh https://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm
Retrieving https://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm
warning: /var/tmp/rpm-tmp.F1Q84J: Header V4 RSA/SHA512 Signature, key ID 4bd6ec30: NOKEY
Preparing... ########################################### [100%]
1:puppetlabs-release ########################################### [100%]
[root@puppet-master ~]# rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm
Retrieving https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm
warning: /var/tmp/rpm-tmp.7HTwmp: Header V3 RSA/SHA256 Signature, key ID 0608b895: NOKEY
Preparing... ########################################### [100%]
1:epel-release ########################################### [100%]
[root@puppet-master ~]# 【修改puppetlabs.repo】
[root@puppet-master yum.repos.d]# sed -i s/gpgcheck=1/gpgcheck=0/g puppetlabs.repo ##不修改安装不上 ##Agent端配置同上!!
二. 安装Puppetmaster
(1)安装相关软件包
[root@puppet-master yum.repos.d]# yum install -y puppet-server facter puppet ###相关依赖系统会自动安装,前提YUM源安装完善
(2)修改puppet.conf主配置文件
[root@puppet-master ~]# vim /etc/puppet/puppet.conf
[main]
# The Puppet log directory.
# The default value is '$vardir/log'.
logdir = /var/log/puppet ###默认存放日志路径
# Where Puppet PID files are kept.
# The default value is '$vardir/run'.
rundir = /var/run/puppet ###pid存放路径 # Where SSL certificates are kept.
# The default value is '$confdir/ssl'.
ssldir = $vardir/ssl ###证书存放目录,$vardir为/var/lib/puppet [agent]
# The file in which puppetd stores a list of the classes
# associated with the retrieved configuratiion. Can be loaded in
# the separate ``puppet`` executable using the ``--loadclasses``
# option.
# The default value is '$confdir/classes.txt'.
classfile = $vardir/classes.txt # Where puppetd caches the local configuration. An
# extension indicating the cache format is added automatically.
# The default value is '$confdir/localconfig'.
localconfig = $vardir/localconfig
certname = puppet-master.nlf.com
server = puppet-master.nlf.com ###设置agent认证连接master端的服务器名称,此名称必须得能够解析
[master]
certname = puppet-master.nlf.com ###设置puppetmaster认证服务器名称
[root@puppet-master ~]#
(3)启动puppetmaster服务
[root@puppet-master ~]# /etc/init.d/puppetmaster start
Starting puppetmaster: [ OK ]
[root@puppet-master ~]# chkconfig puppetmaster on ###设置开机启动
[root@puppet-master ~]# chkconfig --list|grep puppetmaster
puppetmaster 0:off 1:off 2:on 3:on 4:on 5:on 6:off
(4) 查看puppetmaster是否自动验证自己身份
[root@puppet-master ~]# tree /var/lib/puppet/ssl/ ###tree工具需要安装
/var/lib/puppet/ssl/
├── ca
│ ├── ca_crl.pem
│ ├── ca_crt.pem
│ ├── ca_key.pem
│ ├── ca_pub.pem
│ ├── inventory.txt
│ ├── private
│ │ └── ca.pass
│ ├── requests
│ ├── serial
│ └── signed
│ └── puppet-master.nlf.com.pem
├── certificate_requests
├── certs
│ ├── ca.pem
│ └── puppet-master.nlf.com.pem
├── crl.pem
├── private
├── private_keys
│ └── puppet-master.nlf.com.pem
└── public_keys
└── puppet-master.nlf.com.pem 9 directories, 13 files
[root@puppet-master ~]# puppet cert --list -all ###带“+”表明注册成功
+ "puppet-master.nlf.com" (SHA256) 48:E6:9D:CF:ED:06:D7:45:D2:30:95:B7:33:5F:41:5F:3C:00:B2:A8:94:03:3A:C7:08:1B:0B:7D:F5:7F:3A:D8 (alt names: "DNS:puppet", "DNS:puppet-master.nlf.com", "DNS:puppet.nlf.com")
[root@puppet-master ~]#
(4)查看puppetmaster监听服务
[root@puppet-master ~]# netstat -tulnp |grep 8140
tcp 0 0 0.0.0.0:8140 0.0.0.0:* LISTEN 26637/ruby
[root@puppet-master ~]# lsof -i:8140
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
puppet 26637 puppet 5u IPv4 39347 0t0 TCP *:8140 (LISTEN)
[root@puppet-master ~]#
三. 安装Agent客户端
(1)安装相关软件包
[root@puppet-agent1 ~]# yum install -y puppet facter
(2)修改puppet.conf主配置文件
[root@puppet-agent1 ~]# cat /etc/puppet/puppet.conf
[main]
# The Puppet log directory.
# The default value is '$vardir/log'.
logdir = /var/log/puppet # Where Puppet PID files are kept.
# The default value is '$vardir/run'.
rundir = /var/run/puppet # Where SSL certificates are kept.
# The default value is '$confdir/ssl'.
ssldir = $vardir/ssl [agent]
# The file in which puppetd stores a list of the classes
# associated with the retrieved configuratiion. Can be loaded in
# the separate ``puppet`` executable using the ``--loadclasses``
# option.
# The default value is '$confdir/classes.txt'.
classfile = $vardir/classes.txt # Where puppetd caches the local configuration. An
# extension indicating the cache format is added automatically.
# The default value is '$confdir/localconfig'.
localconfig = $vardir/localconfig
certname = puppet-agent1.nlf.com ###设置本机的certname名称
server = puppet-master.nlf.com ###指向puppetmaster进行身份验证
[root@puppet-agent1 ~]#
四. Agent端向Master进行身份验证
Agent端向Master验证
首次验证是没有通过,需要Master端进行身份验证
[root@puppet-agent1 ~]# puppet agent -t
Info: Creating a new SSL key for puppet-agent1.nlf.com
Info: Caching certificate for ca
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for puppet-agent1.nlf.com
Info: Certificate Request fingerprint (SHA256): 89:C3:7E:20:B4:F2:0E:2D:A3:E7:92:21:9E:11:D2:F9:D1:16:7B:EB:AB:EA:5A:7E:9B:F8:6B:CC:80:5F:E8:08
Info: Caching certificate for ca
Exiting; no certificate found and waitforcert is disabled
[root@puppet-agent1 ~]#
Master端查看请求验证
在puppet-master通过puppet-agent1的请求验证,查看puppet-master需要验证的客户端
[root@puppet-master ~]# puppet cert --sign --list ##没有带“+”说明没有进行身份验证
"puppet-agent1.nlf.com" (SHA256) 89:C3:7E:20:B4:F2:0E:2D:A3:E7:92:21:9E:11:D2:F9:D1:16:7B:EB:AB:EA:5A:7E:9B:F8:6B:CC:80:5F:E8:08
[root@puppet-master ~]#
Master通过客户端的验证
[root@puppet-master ~]# puppet cert --sign puppet-agent1.nlf.com
Notice: Signed certificate request for puppet-agent1.nlf.com
Notice: Removing file Puppet::SSL::CertificateRequest puppet-agent1.nlf.com at '/var/lib/puppet/ssl/ca/requests/puppet-agent1.nlf.com.pem'
[root@puppet-master ~]#
Agent端再次验证Master验证
[root@puppet-agent1 ~]# puppet agent -t
Info: Caching certificate for puppet-agent1.nlf.com
Info: Caching certificate_revocation_list for ca
Info: Caching certificate for puppet-agent1.nlf.com
Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: undefined method `include?' for nil:NilClass
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for puppet-agent1.nlf.com
Info: Applying configuration version '1482305454'
Info: Creating state file /var/lib/puppet/state/state.yaml
Notice: Finished catalog run in 0.01 seconds
[root@puppet-agent1 ~]#
查看通过身份验证的客户端的证书存放目录
[root@puppet-master ~]# tree /var/lib/puppet/ssl/
/var/lib/puppet/ssl/
├── ca
│ ├── ca_crl.pem
│ ├── ca_crt.pem
│ ├── ca_key.pem
│ ├── ca_pub.pem
│ ├── inventory.txt
│ ├── private
│ │ └── ca.pass
│ ├── requests
│ ├── serial
│ └── signed
│ ├── puppet-agent1.nlf.com.pem
│ └── puppet-master.nlf.com.pem
├── certificate_requests
├── certs
│ ├── ca.pem
│ └── puppet-master.nlf.com.pem
├── crl.pem
├── private
├── private_keys
│ └── puppet-master.nlf.com.pem
└── public_keys
└── puppet-master.nlf.com.pem 9 directories, 14 files
[root@puppet-master ~]#
至此,Puppetmaster与Agent完成了C/S架构的部署,接下来就是相关资源的编写!
Puppet自动化部署-安装及配置(3)的更多相关文章
- puppet自动化部署
puppet自动化部署 puppet 实现运维自动化管理的软件. 官方网站: http://puppetlabs.com/ pupptet下载链接:http://downloads.puppe ...
- 自动化运维之Cobbler自动化部署安装操作系统
Cobbler概述: Cobbler可以用来快速建立 Linux 网络安装环境,它已将 Linux 网络安装的技术门槛,从大专以上文化水平,成功降低到初中以下,连补鞋匠都能学会. 在生产环境中,经常批 ...
- MySQL5.6.12 rpm制作及及自动化部署安装
转自:http://blog.itpub.net/29254281/viewspace-1268918/ 首先,下载rpmbuildyum install rpm-build -y它是Red Hat用 ...
- Puppet自动化部署-前期环境准备(2)
在安装Puppet环境之前需要配置好机器的基本配置,如规范网络地址IP.hostname,certname认证名称,ntp时间同步等配置完毕,完善的搭建自动化环境. 1.环境介绍 此处实现部署的环境是 ...
- (二)docker的部署安装,配置,基础命令
一.docker 的安装部署 这里不过多介绍,下面这两个linux发型版 安装可以参考 ubuntu的 docker-ce安装 centos7的 docker-ce安装 二.docker配置文件 重要 ...
- puppet自动化安装服务
puppet自动化部署 主机环境: server(master)端:172.25.7.1(server1.example.com) client(agent)端:172.25.7.2 172.25.7 ...
- Gitlab配置webhooks实现自动化部署
Gitlab 自动化部署 原理介绍 配置gitlab当push动作的时候,访问服务器上的一个链接比如www.shenke.group/hook.php hook.php里面写着一行代码,会让服务器gi ...
- Linux 自动化部署Rsyslog服务
Linux 自动化部署Rsyslog服务 源码如下: #/bin/bash #该脚本用于自动化部署Ryslog服务配置 #作者:雨中落叶 #博客:https://www.cnblogs.com/yuz ...
- Ansible安装及配置
ansible分为以下几个部份: Ansible:核心引擎 Modules:包括 Ansible 自带的核心模块(core modules)及自定义模块 (custom modules): 核心模块: ...
随机推荐
- .net导入excel数据到数据库中
在开发过程中我们经常面临着需要将数据导出或者导入到系统中,例如一些生产管理系统,项目管理系统等等都会有这样的需求: 将excel数据到系统中思路:获取excel中每一行的数据,然后存入集合中,批量添加 ...
- angularJS绑定数据时自动转义html标签
angularJS在进行数据绑定时默认是会以文本的形式输出,也就是对你数据中的html标签不进行转义照单全收,这样提高了安全性,防止了html标签中的注入攻击,但有些时候还是需要的,特别是从数据库读取 ...
- 转:CentOS/Debian/Ubuntu一键安装LAMP(Apache/MySQL/PHP)环境
CentOS/Debian/Ubuntu一键安装LAMP(Apache/MySQL/PHP) 今天遇到一个网友提到需要在Linux VPS服务器中安装LAMP(Apache/MySQL/PHP)网站环 ...
- mysql:ibdata1和mysql-bin log管理
MySql ibdata1文件太大如何缩小 MySql innodb如果是共享表空间,ibdata1文件越来越大,达到了30多个G,对一些没用的表进行清空:truncate table xxx;然后o ...
- pg gem 安装(postgresql94)
使用下面命令安装报错 gem install pg 错误: [root@AS-test middle_database]# gem install pgBuilding native extensio ...
- 左右手坐标系转换时R和T的具体形式分析
本文介绍了在计算机视觉的一些应用中,左手坐标系和右手坐标系之间转换时,旋转矩阵R和平移向量T的具体表达形式有哪些变化.
- angular路由详解:
1.$routeProvider ngRoute模块中的服务 2.otherwise:设置用于路由改变时,与任何其他定义的路由无法匹配的时候执行的代码 3.when:为$route服务定义新的路由 例 ...
- jemalloc在linux上从安装到使用
jemalloc在linux上从安装到使用 上次在引导大家安装Redis时提到可能会报错: 发现了redis有用到jemalloc. 首先,jemalloc是干什么的? 我们看看作者自己的介绍: j ...
- erlang 在线生成crashdump
一般说来抓dump 4种 方式: 1. erlang:halt(“abort”). 2. 在erlang shell下输入CTRL C + “大写的A” 3.等着进程崩溃 ...
- docker swarm-mode
root@node1:~# docker versionClient: Version: 1.12.3 API version: 1.24 Go version: go1.6.3 Git commit ...