Puppet自动化部署-安装及配置(3)
本文介绍Puppet Master及Agent相关的安装及配置。
一. 官网下载Puppet安装YUM源
[root@puppet-master ~]# rpm -ivh https://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm
Retrieving https://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm
warning: /var/tmp/rpm-tmp.F1Q84J: Header V4 RSA/SHA512 Signature, key ID 4bd6ec30: NOKEY
Preparing... ########################################### [100%]
1:puppetlabs-release ########################################### [100%]
[root@puppet-master ~]# rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm
Retrieving https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm
warning: /var/tmp/rpm-tmp.7HTwmp: Header V3 RSA/SHA256 Signature, key ID 0608b895: NOKEY
Preparing... ########################################### [100%]
1:epel-release ########################################### [100%]
[root@puppet-master ~]# 【修改puppetlabs.repo】
[root@puppet-master yum.repos.d]# sed -i s/gpgcheck=1/gpgcheck=0/g puppetlabs.repo ##不修改安装不上 ##Agent端配置同上!!
二. 安装Puppetmaster
(1)安装相关软件包
[root@puppet-master yum.repos.d]# yum install -y puppet-server facter puppet ###相关依赖系统会自动安装,前提YUM源安装完善
(2)修改puppet.conf主配置文件
[root@puppet-master ~]# vim /etc/puppet/puppet.conf
[main]
# The Puppet log directory.
# The default value is '$vardir/log'.
logdir = /var/log/puppet ###默认存放日志路径
# Where Puppet PID files are kept.
# The default value is '$vardir/run'.
rundir = /var/run/puppet ###pid存放路径 # Where SSL certificates are kept.
# The default value is '$confdir/ssl'.
ssldir = $vardir/ssl ###证书存放目录,$vardir为/var/lib/puppet [agent]
# The file in which puppetd stores a list of the classes
# associated with the retrieved configuratiion. Can be loaded in
# the separate ``puppet`` executable using the ``--loadclasses``
# option.
# The default value is '$confdir/classes.txt'.
classfile = $vardir/classes.txt # Where puppetd caches the local configuration. An
# extension indicating the cache format is added automatically.
# The default value is '$confdir/localconfig'.
localconfig = $vardir/localconfig
certname = puppet-master.nlf.com
server = puppet-master.nlf.com ###设置agent认证连接master端的服务器名称,此名称必须得能够解析
[master]
certname = puppet-master.nlf.com ###设置puppetmaster认证服务器名称
[root@puppet-master ~]#
(3)启动puppetmaster服务
[root@puppet-master ~]# /etc/init.d/puppetmaster start
Starting puppetmaster: [ OK ]
[root@puppet-master ~]# chkconfig puppetmaster on ###设置开机启动
[root@puppet-master ~]# chkconfig --list|grep puppetmaster
puppetmaster 0:off 1:off 2:on 3:on 4:on 5:on 6:off
(4) 查看puppetmaster是否自动验证自己身份
[root@puppet-master ~]# tree /var/lib/puppet/ssl/ ###tree工具需要安装
/var/lib/puppet/ssl/
├── ca
│ ├── ca_crl.pem
│ ├── ca_crt.pem
│ ├── ca_key.pem
│ ├── ca_pub.pem
│ ├── inventory.txt
│ ├── private
│ │ └── ca.pass
│ ├── requests
│ ├── serial
│ └── signed
│ └── puppet-master.nlf.com.pem
├── certificate_requests
├── certs
│ ├── ca.pem
│ └── puppet-master.nlf.com.pem
├── crl.pem
├── private
├── private_keys
│ └── puppet-master.nlf.com.pem
└── public_keys
└── puppet-master.nlf.com.pem 9 directories, 13 files
[root@puppet-master ~]# puppet cert --list -all ###带“+”表明注册成功
+ "puppet-master.nlf.com" (SHA256) 48:E6:9D:CF:ED:06:D7:45:D2:30:95:B7:33:5F:41:5F:3C:00:B2:A8:94:03:3A:C7:08:1B:0B:7D:F5:7F:3A:D8 (alt names: "DNS:puppet", "DNS:puppet-master.nlf.com", "DNS:puppet.nlf.com")
[root@puppet-master ~]#
(4)查看puppetmaster监听服务
[root@puppet-master ~]# netstat -tulnp |grep 8140
tcp 0 0 0.0.0.0:8140 0.0.0.0:* LISTEN 26637/ruby
[root@puppet-master ~]# lsof -i:8140
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
puppet 26637 puppet 5u IPv4 39347 0t0 TCP *:8140 (LISTEN)
[root@puppet-master ~]#
三. 安装Agent客户端
(1)安装相关软件包
[root@puppet-agent1 ~]# yum install -y puppet facter
(2)修改puppet.conf主配置文件
[root@puppet-agent1 ~]# cat /etc/puppet/puppet.conf
[main]
# The Puppet log directory.
# The default value is '$vardir/log'.
logdir = /var/log/puppet # Where Puppet PID files are kept.
# The default value is '$vardir/run'.
rundir = /var/run/puppet # Where SSL certificates are kept.
# The default value is '$confdir/ssl'.
ssldir = $vardir/ssl [agent]
# The file in which puppetd stores a list of the classes
# associated with the retrieved configuratiion. Can be loaded in
# the separate ``puppet`` executable using the ``--loadclasses``
# option.
# The default value is '$confdir/classes.txt'.
classfile = $vardir/classes.txt # Where puppetd caches the local configuration. An
# extension indicating the cache format is added automatically.
# The default value is '$confdir/localconfig'.
localconfig = $vardir/localconfig
certname = puppet-agent1.nlf.com ###设置本机的certname名称
server = puppet-master.nlf.com ###指向puppetmaster进行身份验证
[root@puppet-agent1 ~]#
四. Agent端向Master进行身份验证
Agent端向Master验证
首次验证是没有通过,需要Master端进行身份验证
[root@puppet-agent1 ~]# puppet agent -t
Info: Creating a new SSL key for puppet-agent1.nlf.com
Info: Caching certificate for ca
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for puppet-agent1.nlf.com
Info: Certificate Request fingerprint (SHA256): 89:C3:7E:20:B4:F2:0E:2D:A3:E7:92:21:9E:11:D2:F9:D1:16:7B:EB:AB:EA:5A:7E:9B:F8:6B:CC:80:5F:E8:08
Info: Caching certificate for ca
Exiting; no certificate found and waitforcert is disabled
[root@puppet-agent1 ~]#
Master端查看请求验证
在puppet-master通过puppet-agent1的请求验证,查看puppet-master需要验证的客户端
[root@puppet-master ~]# puppet cert --sign --list ##没有带“+”说明没有进行身份验证
"puppet-agent1.nlf.com" (SHA256) 89:C3:7E:20:B4:F2:0E:2D:A3:E7:92:21:9E:11:D2:F9:D1:16:7B:EB:AB:EA:5A:7E:9B:F8:6B:CC:80:5F:E8:08
[root@puppet-master ~]#
Master通过客户端的验证
[root@puppet-master ~]# puppet cert --sign puppet-agent1.nlf.com
Notice: Signed certificate request for puppet-agent1.nlf.com
Notice: Removing file Puppet::SSL::CertificateRequest puppet-agent1.nlf.com at '/var/lib/puppet/ssl/ca/requests/puppet-agent1.nlf.com.pem'
[root@puppet-master ~]#
Agent端再次验证Master验证
[root@puppet-agent1 ~]# puppet agent -t
Info: Caching certificate for puppet-agent1.nlf.com
Info: Caching certificate_revocation_list for ca
Info: Caching certificate for puppet-agent1.nlf.com
Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: undefined method `include?' for nil:NilClass
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for puppet-agent1.nlf.com
Info: Applying configuration version '1482305454'
Info: Creating state file /var/lib/puppet/state/state.yaml
Notice: Finished catalog run in 0.01 seconds
[root@puppet-agent1 ~]#
查看通过身份验证的客户端的证书存放目录
[root@puppet-master ~]# tree /var/lib/puppet/ssl/
/var/lib/puppet/ssl/
├── ca
│ ├── ca_crl.pem
│ ├── ca_crt.pem
│ ├── ca_key.pem
│ ├── ca_pub.pem
│ ├── inventory.txt
│ ├── private
│ │ └── ca.pass
│ ├── requests
│ ├── serial
│ └── signed
│ ├── puppet-agent1.nlf.com.pem
│ └── puppet-master.nlf.com.pem
├── certificate_requests
├── certs
│ ├── ca.pem
│ └── puppet-master.nlf.com.pem
├── crl.pem
├── private
├── private_keys
│ └── puppet-master.nlf.com.pem
└── public_keys
└── puppet-master.nlf.com.pem 9 directories, 14 files
[root@puppet-master ~]#
至此,Puppetmaster与Agent完成了C/S架构的部署,接下来就是相关资源的编写!
Puppet自动化部署-安装及配置(3)的更多相关文章
- puppet自动化部署
puppet自动化部署 puppet 实现运维自动化管理的软件. 官方网站: http://puppetlabs.com/ pupptet下载链接:http://downloads.puppe ...
- 自动化运维之Cobbler自动化部署安装操作系统
Cobbler概述: Cobbler可以用来快速建立 Linux 网络安装环境,它已将 Linux 网络安装的技术门槛,从大专以上文化水平,成功降低到初中以下,连补鞋匠都能学会. 在生产环境中,经常批 ...
- MySQL5.6.12 rpm制作及及自动化部署安装
转自:http://blog.itpub.net/29254281/viewspace-1268918/ 首先,下载rpmbuildyum install rpm-build -y它是Red Hat用 ...
- Puppet自动化部署-前期环境准备(2)
在安装Puppet环境之前需要配置好机器的基本配置,如规范网络地址IP.hostname,certname认证名称,ntp时间同步等配置完毕,完善的搭建自动化环境. 1.环境介绍 此处实现部署的环境是 ...
- (二)docker的部署安装,配置,基础命令
一.docker 的安装部署 这里不过多介绍,下面这两个linux发型版 安装可以参考 ubuntu的 docker-ce安装 centos7的 docker-ce安装 二.docker配置文件 重要 ...
- puppet自动化安装服务
puppet自动化部署 主机环境: server(master)端:172.25.7.1(server1.example.com) client(agent)端:172.25.7.2 172.25.7 ...
- Gitlab配置webhooks实现自动化部署
Gitlab 自动化部署 原理介绍 配置gitlab当push动作的时候,访问服务器上的一个链接比如www.shenke.group/hook.php hook.php里面写着一行代码,会让服务器gi ...
- Linux 自动化部署Rsyslog服务
Linux 自动化部署Rsyslog服务 源码如下: #/bin/bash #该脚本用于自动化部署Ryslog服务配置 #作者:雨中落叶 #博客:https://www.cnblogs.com/yuz ...
- Ansible安装及配置
ansible分为以下几个部份: Ansible:核心引擎 Modules:包括 Ansible 自带的核心模块(core modules)及自定义模块 (custom modules): 核心模块: ...
随机推荐
- make menuconfig出错,需要安装libncurses5-dev找不到文件的终极解决办法(不必更换源,适用于ubuntu 32位平台)
make menuconfig 错误,显示有curse 字样的文件没有装.用apt-get install 找不到,网上其他的办法说是源的问题,所以又更新了一下源,但是还是不好用,网速慢,更新太慢. ...
- qt5中文代码编码编译问题
qt中文代码用vs2010编译问题解决 总结说就是qt5默认UTF8不支持微软默认的ANSI(GB2312/GBK).解决办法是把中文字符串全部用 QString::fromLocal8Bit() 封 ...
- Jquery制作--焦点图左右轮播
公司项目经常用到轮播焦点图,于是自己写了一个纯jq形式的横向轮播焦点图,可点击小圆点或者左右按钮进行切换,属于定宽类型.改成自适应宽度的也不难,将css里面的bannerCon宽度改为百分比,再在js ...
- libvirt 安装篇
1. 环境:Centos 7 python 2.7 2. 安装 sudo yum install gcc python-devel libvirt libvirt-devel sudo ...
- iOS9新特性 window决定程序的状态栏管理问题
Xcode7升级之后遇到的问题 问题一: 老项目在Xcode6上运行没有任何问题,但在Xcode7上运行直接崩了! 经过一波分析: 发现是因为我顶部状态栏处添加了topWindow,用于处理Tab ...
- eclipse中ctrl+h默认打开是JavaSearch,怎么设置成默认打开是FileSearch
window->preferences->General->keys. 找到File Search(有搜索框的,可以搜索),然后在下方 Binding按下ctrl +h .
- [转载]PV操作简单理解
原文链接:http://blog.csdn.net/liushuijinger/article/details/7586656 进程通常分为就绪.运行和阻塞三个工作状态.三种状态在某些条件下可以转 ...
- angularJs 控制文本长度,超出省略号过滤器
1.控制文本长度,超出省略号 在模版中: <label>{{item.abbr| cut:true:20:' ...' }}<label> js: angular.module ...
- AM335x tscadc platform driver 相关代码跟踪
TI AM335x ti am335x_tsc.c 代码跟踪 在kernel 首层目录: 先运行make ARCH=arm tags 这个作用是建立tags文件,只含有arm架构的,利用ctag即可进 ...
- hibernate id 策略
@Id@GeneratedValue(generator = "paymentableGenerator")@GenericGenerator(name = "payme ...