本文介绍Puppet Master及Agent相关的安装及配置。

一. 官网下载Puppet安装YUM源

[root@puppet-master ~]# rpm -ivh https://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm

Retrieving https://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm

warning: /var/tmp/rpm-tmp.F1Q84J: Header V4 RSA/SHA512 Signature, key ID 4bd6ec30: NOKEY

Preparing...                ########################################### [100%]

   1:puppetlabs-release     ########################################### [100%]

[root@puppet-master ~]# rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm

Retrieving https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm

warning: /var/tmp/rpm-tmp.7HTwmp: Header V3 RSA/SHA256 Signature, key ID 0608b895: NOKEY

Preparing...                ########################################### [100%]

   1:epel-release           ########################################### [100%]

[root@puppet-master ~]#

【修改puppetlabs.repo】

[root@puppet-master yum.repos.d]# sed -i  s/gpgcheck=1/gpgcheck=0/g puppetlabs.repo  ##不修改安装不上

##Agent端配置同上!!

 

二. 安装Puppetmaster

  (1)安装相关软件包

[root@puppet-master yum.repos.d]# yum install -y puppet-server facter puppet  ###相关依赖系统会自动安装,前提YUM源安装完善

  (2)修改puppet.conf主配置文件  

[root@puppet-master ~]# vim /etc/puppet/puppet.conf
[main]

    # The Puppet log directory.

    # The default value is '$vardir/log'.

    logdir = /var/log/puppet        ###默认存放日志路径



    # Where Puppet PID files are kept.

    # The default value is '$vardir/run'.

    rundir = /var/run/puppet        ###pid存放路径

    # Where SSL certificates are kept.

    # The default value is '$confdir/ssl'.

    ssldir = $vardir/ssl           ###证书存放目录,$vardir为/var/lib/puppet

[agent]

    # The file in which puppetd stores a list of the classes

    # associated with the retrieved configuratiion.  Can be loaded in

    # the separate ``puppet`` executable using the ``--loadclasses``

    # option.

    # The default value is '$confdir/classes.txt'.

    classfile = $vardir/classes.txt

    # Where puppetd caches the local configuration.  An

    # extension indicating the cache format is added automatically.

    # The default value is '$confdir/localconfig'.

    localconfig = $vardir/localconfig

  certname = puppet-master.nlf.com

  server  = puppet-master.nlf.com       ###设置agent认证连接master端的服务器名称,此名称必须得能够解析

[master]

    certname = puppet-master.nlf.com      ###设置puppetmaster认证服务器名称

[root@puppet-master ~]#

  

  (3)启动puppetmaster服务

[root@puppet-master ~]# /etc/init.d/puppetmaster start

Starting puppetmaster:                                     [  OK  ]

[root@puppet-master ~]# chkconfig puppetmaster on    ###设置开机启动

[root@puppet-master ~]# chkconfig --list|grep puppetmaster

puppetmaster   	0:off	1:off	2:on	3:on	4:on	5:on	6:off

  (4) 查看puppetmaster是否自动验证自己身份

[root@puppet-master ~]# tree /var/lib/puppet/ssl/     ###tree工具需要安装

/var/lib/puppet/ssl/

├── ca

│   ├── ca_crl.pem

│   ├── ca_crt.pem

│   ├── ca_key.pem

│   ├── ca_pub.pem

│   ├── inventory.txt

│   ├── private

│   │   └── ca.pass

│   ├── requests

│   ├── serial

│   └── signed

│       └── puppet-master.nlf.com.pem

├── certificate_requests

├── certs

│   ├── ca.pem

│   └── puppet-master.nlf.com.pem

├── crl.pem

├── private

├── private_keys

│   └── puppet-master.nlf.com.pem

└── public_keys

    └── puppet-master.nlf.com.pem

9 directories, 13 files

[root@puppet-master ~]# puppet cert --list -all    ###带“+”表明注册成功

+ "puppet-master.nlf.com" (SHA256) 48:E6:9D:CF:ED:06:D7:45:D2:30:95:B7:33:5F:41:5F:3C:00:B2:A8:94:03:3A:C7:08:1B:0B:7D:F5:7F:3A:D8 (alt names: "DNS:puppet", "DNS:puppet-master.nlf.com", "DNS:puppet.nlf.com")

[root@puppet-master ~]#

  (4)查看puppetmaster监听服务

[root@puppet-master ~]# netstat -tulnp |grep 8140

tcp        0      0 0.0.0.0:8140                0.0.0.0:*                   LISTEN      26637/ruby

[root@puppet-master ~]# lsof -i:8140

COMMAND   PID   USER   FD   TYPE DEVICE SIZE/OFF NODE NAME

puppet  26637 puppet    5u  IPv4  39347      0t0  TCP *:8140 (LISTEN)

[root@puppet-master ~]#

  

三. 安装Agent客户端

  (1)安装相关软件包

[root@puppet-agent1 ~]# yum install -y puppet facter

   (2)修改puppet.conf主配置文件

[root@puppet-agent1 ~]# cat /etc/puppet/puppet.conf

[main]

    # The Puppet log directory.

    # The default value is '$vardir/log'.

    logdir = /var/log/puppet

    # Where Puppet PID files are kept.

    # The default value is '$vardir/run'.

    rundir = /var/run/puppet

    # Where SSL certificates are kept.

    # The default value is '$confdir/ssl'.

    ssldir = $vardir/ssl

[agent]

    # The file in which puppetd stores a list of the classes

    # associated with the retrieved configuratiion.  Can be loaded in

    # the separate ``puppet`` executable using the ``--loadclasses``

    # option.

    # The default value is '$confdir/classes.txt'.

    classfile = $vardir/classes.txt

    # Where puppetd caches the local configuration.  An

    # extension indicating the cache format is added automatically.

    # The default value is '$confdir/localconfig'.

    localconfig = $vardir/localconfig

    certname = puppet-agent1.nlf.com        ###设置本机的certname名称

    server = puppet-master.nlf.com       ###指向puppetmaster进行身份验证
 [root@puppet-agent1 ~]#

 

四. Agent端向Master进行身份验证

  Agent端向Master验证

  首次验证是没有通过,需要Master端进行身份验证

[root@puppet-agent1 ~]# puppet agent -t

Info: Creating a new SSL key for puppet-agent1.nlf.com

Info: Caching certificate for ca

Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml

Info: Creating a new SSL certificate request for puppet-agent1.nlf.com

Info: Certificate Request fingerprint (SHA256): 89:C3:7E:20:B4:F2:0E:2D:A3:E7:92:21:9E:11:D2:F9:D1:16:7B:EB:AB:EA:5A:7E:9B:F8:6B:CC:80:5F:E8:08

Info: Caching certificate for ca

Exiting; no certificate found and waitforcert is disabled

[root@puppet-agent1 ~]#

  Master端查看请求验证

  在puppet-master通过puppet-agent1的请求验证,查看puppet-master需要验证的客户端

[root@puppet-master ~]# puppet cert --sign --list    ##没有带“+”说明没有进行身份验证

  "puppet-agent1.nlf.com" (SHA256) 89:C3:7E:20:B4:F2:0E:2D:A3:E7:92:21:9E:11:D2:F9:D1:16:7B:EB:AB:EA:5A:7E:9B:F8:6B:CC:80:5F:E8:08

[root@puppet-master ~]#

  Master通过客户端的验证

[root@puppet-master ~]# puppet cert --sign puppet-agent1.nlf.com

Notice: Signed certificate request for puppet-agent1.nlf.com

Notice: Removing file Puppet::SSL::CertificateRequest puppet-agent1.nlf.com at '/var/lib/puppet/ssl/ca/requests/puppet-agent1.nlf.com.pem'

[root@puppet-master ~]#

  Agent端再次验证Master验证

[root@puppet-agent1 ~]# puppet agent -t

Info: Caching certificate for puppet-agent1.nlf.com

Info: Caching certificate_revocation_list for ca

Info: Caching certificate for puppet-agent1.nlf.com

Warning: Unable to fetch my node definition, but the agent run will continue:

Warning: undefined method `include?' for nil:NilClass

Info: Retrieving pluginfacts

Info: Retrieving plugin

Info: Caching catalog for puppet-agent1.nlf.com

Info: Applying configuration version '1482305454'

Info: Creating state file /var/lib/puppet/state/state.yaml

Notice: Finished catalog run in 0.01 seconds

[root@puppet-agent1 ~]#

  

  查看通过身份验证的客户端的证书存放目录

[root@puppet-master ~]# tree /var/lib/puppet/ssl/

/var/lib/puppet/ssl/

├── ca

│   ├── ca_crl.pem

│   ├── ca_crt.pem

│   ├── ca_key.pem

│   ├── ca_pub.pem

│   ├── inventory.txt

│   ├── private

│   │   └── ca.pass

│   ├── requests

│   ├── serial

│   └── signed

│       ├── puppet-agent1.nlf.com.pem

│       └── puppet-master.nlf.com.pem

├── certificate_requests

├── certs

│   ├── ca.pem

│   └── puppet-master.nlf.com.pem

├── crl.pem

├── private

├── private_keys

│   └── puppet-master.nlf.com.pem

└── public_keys

    └── puppet-master.nlf.com.pem

9 directories, 14 files

[root@puppet-master ~]#

  至此,Puppetmaster与Agent完成了C/S架构的部署,接下来就是相关资源的编写!

 

Puppet自动化部署-安装及配置(3)的更多相关文章

  1. puppet自动化部署

    puppet自动化部署 puppet  实现运维自动化管理的软件. 官方网站: http://puppetlabs.com/    pupptet下载链接:http://downloads.puppe ...

  2. 自动化运维之Cobbler自动化部署安装操作系统

    Cobbler概述: Cobbler可以用来快速建立 Linux 网络安装环境,它已将 Linux 网络安装的技术门槛,从大专以上文化水平,成功降低到初中以下,连补鞋匠都能学会. 在生产环境中,经常批 ...

  3. MySQL5.6.12 rpm制作及及自动化部署安装

    转自:http://blog.itpub.net/29254281/viewspace-1268918/ 首先,下载rpmbuildyum install rpm-build -y它是Red Hat用 ...

  4. Puppet自动化部署-前期环境准备(2)

    在安装Puppet环境之前需要配置好机器的基本配置,如规范网络地址IP.hostname,certname认证名称,ntp时间同步等配置完毕,完善的搭建自动化环境. 1.环境介绍 此处实现部署的环境是 ...

  5. (二)docker的部署安装,配置,基础命令

    一.docker 的安装部署 这里不过多介绍,下面这两个linux发型版 安装可以参考 ubuntu的 docker-ce安装 centos7的 docker-ce安装 二.docker配置文件 重要 ...

  6. puppet自动化安装服务

    puppet自动化部署 主机环境: server(master)端:172.25.7.1(server1.example.com) client(agent)端:172.25.7.2 172.25.7 ...

  7. Gitlab配置webhooks实现自动化部署

    Gitlab 自动化部署 原理介绍 配置gitlab当push动作的时候,访问服务器上的一个链接比如www.shenke.group/hook.php hook.php里面写着一行代码,会让服务器gi ...

  8. Linux 自动化部署Rsyslog服务

    Linux 自动化部署Rsyslog服务 源码如下: #/bin/bash #该脚本用于自动化部署Ryslog服务配置 #作者:雨中落叶 #博客:https://www.cnblogs.com/yuz ...

  9. Ansible安装及配置

    ansible分为以下几个部份: Ansible:核心引擎 Modules:包括 Ansible 自带的核心模块(core modules)及自定义模块 (custom modules): 核心模块: ...

随机推荐

  1. 很方便的后台ajax上传文件

    <a href="javascript:void(0);" url="{:U('teacherd?id='.$vo['id'])}" class=&quo ...

  2. [译]flexbox全揭秘

    原文:http://css-tricks.com/snippets/css/a-guide-to-flexbox/ 弹性布局(弹性盒子,现今仍是w3c的候选推荐),目标在于,对于一个容器中的各个项目块 ...

  3. Shell脚本学习第二课·

    Shell文件包含 shell也可以包含外部脚本,语法格式如下: . filename 或 source filename 例如创建两个shell脚本. 脚本1:test1.sh url = &quo ...

  4. java程序员快速掌握python系列——概述

    这一系列主要是总结学习python过程中的方方面面(已经学完,时间大概是一周左右).当然限于个人水平java也就是够用,python短时间内也不可能深入到哪里去.所以这次的分享的目的是能够快速使用py ...

  5. WPF这样的界面应该如何编写呢?

    如上图: 外围是一个Border,内部填充一个Grid,Grid分成两行,第一行有一个按钮可以进行操作(主要是操作ListBox的数据源:增加和删除对象),第二行填充一个ListBox,绑定数据源并根 ...

  6. latex公式编号

    1 \begin{flalign*} 2 % In this way (this arrange of &), the equation will in the center and alig ...

  7. CROSS APPLY应用实例

    --功能说明:统计每个人的平均分数,新字段[AVG_Score]根据PersonID链接到原表[tbiz_AssScore]上 SELECT [ID] ,[ProjectID] ,[PersonID] ...

  8. pullToRefreshListView的简单使用

    1.加入library后直接布局 library下载地址:http://pan.baidu.com/s/1dFJu8pF <com.handmark.pulltorefresh.library. ...

  9. input函数出现的问题(Python)

    参考书<A Learner's Guide to Programming Using the Python Language>,写下如下的程序: # coding=utf-8 # 以上是为 ...

  10. Reverse Core 第二部分 - 14&15章 - 运行时压缩&调试UPX压缩的notepad

    @date: 2016/11/29 @author: dlive 0x00 前言 周六周日两天在打HCTF2016线上赛,没时间看书,打完比赛接着看~~ 0x01 运行时压缩 对比upx压缩前后的no ...