puppet 安装
yum源配置
1. wget http://ftp.kaist.ac.kr/fedora//epel/6/i386/epel-release-6-8.noarch.rpm
2. yum list | grep puppet` //测试yum源配置有没有问题
NTP时间服务器配置
vi /etc/ntp.conf
-----------------------
driftfile /var/lib/ntp/drift
Broadcastdelay 0.008
logfile /var/log/ntp.log
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
restrict 127.0.0.1
restrict -6 ::1
restrict 172.16.1.0 mask 255.255.0.0 nomodify notrap
server 127.127.1.0
fudge 127.127.1.0 stratum 10 refid NIST
includefile /etc/ntp/crypto/pw
keys /etc/ntp/keys
启动ntpd服务并加入开机启动
service ntpd start
chkconfig ntpd on
过几分钟之后客户端进行测试
1. service ntpd start
2. ntpdate 172.16.1.1 #这个IP地址是你时间服务器的IP地址
puppetmaster的安装
yum install -y puppetmaster puppet facter #系统会自己安装ruby环境,因为puppet是用ruby写的所以需要ruby环境的支持
配置puppet.conf
vim /etc/puppet/puppet.conf
[main]
logdir = /var/log/puppet #默认日志存放路径
rundir = /var/run/puppet #pid存放路径
ssldir = $vardir/ssl #证书存放目录,默认$vardir为/var/lib/puppet
[agent]
classfile = $vardir/classes.txt
localconfig = $vardir/localconfig
server = puppetmaster.kisspuppet.com #设置agent认证连接master端的服务器名称,注意这个名字必须能够被节点解析
certname = puppetmaster_cert.kisspuppet.com #设置agent端certname名称
[master]
certname = puppetmaster.kisspuppet.com puppetmaster.kisspuppet.com #设置puppetmaster认证服务器名
创建site.pp文件
touch /etc/puppet/manifests/site.pp
启动puppetmaster服务
1. /etc/init.d/puppetmaster start
2. chkconfig puppetmaster on
查看证书的生成情况 因为第一次启动会自动生成证书自动注册自己
tree /var/lib/puppet/ssl
/var/lib/puppet/ssl/
├── ca
│ ├── ca_crl.pem
│ ├── ca_crt.pem
│ ├── ca_key.pem
│ ├── ca_pub.pem
│ ├── inventory.txt
│ ├── private
│ │ └── ca.pass
│ ├── requests
│ ├── serial
│ └── signed
│ └── puppetmaster.kisspuppet.com.pem #已注册
├── certificate_requests
├── certs
│ ├── ca.pem
│ └── puppetmaster.kisspuppet.com.pem
├── crl.pem
├── private
├── private_keys
│ └── puppetmaster.kisspuppet.com.pem
└── public_keys
└── puppetmaster.kisspuppet.com.pem
列出已经注册成功的证书
puppet cert --list --all #带+标示已经注册成功
puppetagent安装
yum install puppet facter
配置puppet.conf
vim /etc/puppet/puppet.conf
[main]
logdir = /var/log/puppet
rundir = /var/run/puppet
ssldir = $vardir/ssl
[agent]
classfile = $vardir/classes.txt
localconfig = $vardir/localconfig
server = puppetmaster.kisspuppet.com #指向puppetmaster端
certname = agent1_cert.kisspuppet.com #设置自己的certname名
通过调试模式启动节点向Puppetmaster端发起认证
puppet agent --test
info: Creating a new SSL key for agent1_cert.kisspuppet.com
info: Caching certificate for ca
info: Creating a new SSL certificate request for agent1_cert.kisspuppet.com
info: Certificate Request fingerprint (md5): 69:D2:86:E4:7F:00:E0:55:61:19:02:34:9E:9B:AF:F9
Exiting; no certificate found and waitforcert is disabled
服务器端确定认证
[root@puppetmaster ~]#puppet cert --list --all
"agent1_cert.kisspuppet.com" (69:D2:86:E4:7F:00:E0:55:61:19:02:34:9E:9B:AF:F9) #未认证
+ "puppetmaster.kisspuppet.com" (C0:E3:6B:76:36:EC:92:93:4D:BF:F0:8F:77:00:91:C8) (alt names: "DNS:puppet", "DNS:puppet.kisspuppet.com", "DNS:puppetmaster.kisspuppet.com")
注册client1
[root@puppetmaster ~]#puppet cert --sign agent1_cert.kisspuppet.com #注册agent1
notice: Signed certificate request for agent1_cert.kisspuppet.com
notice: Removing file Puppet::SSL::CertificateRequest agent1_cert.kisspuppet.com at '/var/lib/puppet/ssl/ca/requests/agent1_cert.kisspuppet.com.pem'
再次查看认证情况
[root@puppetmaster ~]# puppet cert --list --all
+ "agent1_cert.kisspuppet.com" (3E:46:4E:75:34:9A:5A:62:A6:3C:AE:BD:49:EE:C0:F5)
+ "puppetmaster.kisspuppet.com" (C0:E3:6B:76:36:EC:92:93:4D:BF:F0:8F:77:00:91:C8) (alt names: "DNS:puppet", "DNS:puppet.kisspuppet.com", "DNS:puppetmaster.kisspuppet.com")
client2和client3和client1一样都需要编辑本配置文件并启动服务
其它节点一起认证
[root@puppetmaster ~]# puppet agent --test #puppetmaster自己申请agent认证
info: Creating a new SSL key for puppetmaster_cert.kisspuppet.com
info: Creating a new SSL certificate request for puppetmaster_cert.kisspuppet.com
info: Certificate Request fingerprint (md5): 7D:AC:F7:97:04:2B:E4:C5:74:4A:16:05:DB:F6:6A:98
Exiting; no certificate found and waitforcert is disabled
[root@puppetmaster ~]# puppet cert --sign --all #注册所有请求的节点
notice: Signed certificate request for puppetmaster_cert.kisspuppet.com
notice: Removing file Puppet::SSL::CertificateRequest puppetmaster_cert.kisspuppet.com at '/var/lib/puppet/ssl/ca/requests/puppetmaster_cert.kisspuppet.com.pem'
notice: Signed certificate request for agent2_cert.kisspuppet.com
notice: Removing file Puppet::SSL::CertificateRequest agent2_cert.kisspuppet.com at '/var/lib/puppet/ssl/ca/requests/agent2_cert.kisspuppet.com.pem'
notice: Signed certificate request for agent3_cert.kisspuppet.com
notice: Removing file Puppet::SSL::CertificateRequest agent3_cert.kisspuppet.com at '/var/lib/puppet/ssl/ca/requests/agent3_cert.kisspuppet.com.pem'
[root@puppetmaster ~]# puppet cert --list --all #查看所有节点认证
+ "agent1_cert.kisspuppet.com" (3E:46:4E:75:34:9A:5A:62:A6:3C:AE:BD:49:EE:C0:F5)
+ "agent2_cert.kisspuppet.com" (A0:CE:70:BE:A9:11:BF:F4:C8:EF:25:8E:C2:2C:3B:B7)
+ "agent3_cert.kisspuppet.com" (98:93:F7:0C:ED:94:81:3D:51:14:86:68:2B:F3:F1:A0)
+ "puppetmaster.kisspuppet.com" (C0:E3:6B:76:36:EC:92:93:4D:BF:F0:8F:77:00:91:C8) (alt names: "DNS:puppet", "DNS:puppet.kisspuppet.com", "DNS:puppetmaster.kisspuppet.com")
+ "puppetmaster_cert.kisspuppet.com" (57:A3:D7:3D:64:2F:D6:FD:BC:2A:6C:79:68:73:EA:AB)
编写简单的motd模块
创建模块目录结构 注意:再未指定modulepath搜索路径的情况下,会有默认搜索路径的,可通过以下方式查看到
[root@puppetmaster ~]# puppet master --genconfig >/etc/puppet/puppet.conf.out
[root@puppetmaster ~]# cat /etc/puppet/puppet.conf.out | grep modulepath
modulepath = /etc/puppet/modules:/usr/share/puppet/modules
[root@puppetmaster modules]# tree /etc/puppet/modules/
/etc/puppet/modules/
└── motd
├── files #存放文件目录
│ └── etc
│ └── motd
├── manifests #存放模块pp配置文件目录
│ └── init.pp
└── templates #存放模板目录
5 directories, 2 files
编写pp文件
[root@puppetmaster modules]# vim motd/manifests/init.pp
class motd{ #定义一个类叫motd
package{ 'setup': #定义package资源
ensure => present, #要求setup这个包处于被安装状态
}
file{ '/etc/motd': #定义file资源
ensure => present, #要求file文件处于存在状态
owner => 'root', #要求file文件属主为root
group => 'root', #要求file文件属组为root
mode => '0644', #要求file文件权限为644
source => "puppet://$puppetserver/modules/motd/etc/motd", #要求file文件从puppetmaster端服务器下载
require => Package['setup'], #要求文件被配置之前先执行package资源
}
}
[root@puppetmaster modules]# cat motd/files/etc/motd
-- --
--------puppet test---------
-- --
编写site.pp文件
[root@puppetmaster ~]# vim /etc/puppet/manifests/site.pp
$puppetserver = 'puppetmaster.kisspuppet.com' #设置全局变量
node 'puppetmaster_cert.kisspuppet.com'{
include motd
}
node 'agent1_cert.kisspuppet.com'{
include motd
}
node 'agent2_cert.kisspuppet.com'{
include motd
}
node 'agent3_cert.kisspuppet.com'{
include motd
}
测试motd模块
[root@agent1 ~]# puppet agent --test #测试节点agent1
info: Caching catalog for agent1_cert.kisspuppet.com
info: Applying configuration version '1394304542'
notice: /Stage[main]/Motd/File[/etc/motd]/content:
--- /etc/motd 2000-01-13 07:18:52.000000000 +0800
+++ /tmp/puppet-file20140309-4571-1vqc18j-0 2014-03-09 02:51:47.000000000 +0800
@@ -0,0 +1,3 @@
+-- --
+--------puppet test---------
+-- --
info: FileBucket adding {md5}d41d8cd98f00b204e9800998ecf8427e
info: /Stage[main]/Motd/File[/etc/motd]: Filebucketed /etc/motd to puppet with sum d41d8cd98f00b204e9800998ecf8427e
notice: /Stage[main]/Motd/File[/etc/motd]/content: content changed '{md5}d41d8cd98f00b204e9800998ecf8427e' to '{md5}87ea3a1af8650395038472457cc7f2b1'
notice: Finished catalog run in 0.40 seconds
[root@agent1 ~]# cat /etc/motd
-- --
--------puppet test---------
-- --
[root@agent1 ~]#
[root@puppetmaster ~]# puppet agent -t #测试节点puppetmaster
info: Caching catalog for puppetmaster_cert.kisspuppet.com
info: Applying configuration version '1394305371'
notice: /Stage[main]/Motd/File[/etc/motd]/content:
--- /etc/motd 2010-01-12 21:28:22.000000000 +0800
+++ /tmp/puppet-file20140309-3102-1gadon0-0 2014-03-09 03:02:51.966998294 +0800
@@ -0,0 +1,3 @@
+-- --
+--------puppet test---------
+-- --
info: FileBucket adding {md5}d41d8cd98f00b204e9800998ecf8427e
info: /Stage[main]/Motd/File[/etc/motd]: Filebucketed /etc/motd to puppet with sum d41d8cd98f00b204e9800998ecf8427e
notice: /Stage[main]/Motd/File[/etc/motd]/content: content changed '{md5}d41d8cd98f00b204e9800998ecf8427e' to '{md5}87ea3a1af8650395038472457cc7f2b1'
info: Creating state file /var/lib/puppet/state/state.yaml
notice: Finished catalog run in 0.52 seconds
[root@puppetmaster ~]# cat /etc/motd
-- --
--------puppet test---------
-- --
转载自:https://kisspuppet.gitbooks.io/puppet/content/puppetlearningbase3.html
puppet 安装的更多相关文章
- Puppet安装及部署
本篇博客主要介绍Puppet的安装部署,后续会更新其他相关内容 一.简介 二.环境介绍 三.安装Puppet 四.配置Puppet-dashboard 五.配置Puppet Kick 一.简介 Pup ...
- puppet安装配置及使用
puppet安装前准备 一.服务器信息 master端:10.10.10.201 master.fansik.com slave端:10.10.10.156 slave.fansik.com 三台机 ...
- puppet安装
server xuesong1 10.152.14.85 client xuesong 10.152.14.106 系统centos5.8 两台配置都配置 /etc/ho ...
- Puppet安装与配置简介(附视频教程)
Puppet是一种Linux平台的集中配置管理系统,他可管理配置文件.用户.cron任务.软件包.系统服务等.puppet把这些系统实体称之为资源,puppet采用C/S星状的结构,所有的客户端和一个 ...
- puppet安装和使用
puppet是一种Linux.Unix.windows平台的集中配置管理系统,使用自有的puppet描写叙述语言,可管理配置 文件.用户.cron任务.软件包.系统服务等.puppet把这些系统实体称 ...
- CentOS下puppet安装
简介 Puppet是开源的基于Ruby的系统配置管理工具,puppet是一个C/S结构, 当然,这里的C可以有很多,因此,也可以说是一个星型结构. 所有的puppet客户端同一个服务器端的puppet ...
- centos6.5环境自动化运维之puppet实现nginx反向代理功能及puppet安装配置详解
puppet是一种Linux.Unix.windows平台的集中配置管理系统,使用自有的puppet描述语言,可管理配置文件.用户.cron任务.软件包.系统服务等.puppet把这些系统实体称之为资 ...
- puppet安装和配置
一.安装puppet准备 //安装准备 ,两台机器都要操作 . 两台机器 172.7.15.106 (server) 172.7.15.111 (client) . 关闭防火墙 setenforce ...
- Puppet 安装配置
环境说明: OS:CentOS 5.4 i386 puppetmaster 192.168.0.12 hostname: puppetmaster.info.com client ...
随机推荐
- [USACO2005][POJ3169]Layout(差分约束)
题目:http://poj.org/problem?id=3169 题意:给你一组不等式了,求满足的最小解 分析: 裸裸的差分约束. 总结一下差分约束: 1.“求最大值”:写成"<=& ...
- Java 关键字 native
native 关键字说明其修饰的方法是一个原生态方法,方法对应的实现不是在当前文件中,而是在用其他语言实现的文件中.Java语言本身不能对操作系统底层进行访问和操作,但是可以通过JNI接口调用其他语言 ...
- Java设计模式-装饰模式(Decorator)
顾名思义,装饰模式就是给一个对象增加一些新的功能,而且是动态的,要求装饰对象和被装饰对象实现同一个接口,装饰对象持有被装饰对象的实例,关系图如下: Source类是被装饰类,Decorator类是一个 ...
- Java 线程并发策略
1 什么是并发问题. 多个进程或线程同时(或着说在同一段时间内)访问同一资源会产生并发问题. 2 java中synchronized的用法 用法1 public class Test{ public ...
- 用批处理文件来手动启动和停止Oracle服务
服务名称 说明 OracleOracle_homeTNSListener 对应于数据库的监听程序 OracleServiceSID 对应于数据库的例程 OracleDBConsoleSID ...
- Java编程思想学习(十三) java I/O
Java中使用流来处理程序的输入和输出操作,流是一个抽象的概念,封装了程序数据于输入输出设备交换的底层细节.JavaIO中又将流分为字节流和字符流,字节流主要用于处理诸如图像,音频视频等二进制格式数据 ...
- BZOJ-1834 网络扩容 最小费用最大流+最大流+乱搞
1834: [ZJOI2010]network 网络扩容 Time Limit: 3 Sec Memory Limit: 64 MB Submit: 2269 Solved: 1136 [Submit ...
- 解决:Angular-cli:执行ng-build --prod后,dist文件里无js文件、文件未压缩等问题
Angular2.0于2016年9月上线,我于9月入坑. 入坑以来,一直让我很困惑的问题 1.angular-cli是个什么鬼东西? 2.为什么我们自己的资源文件还没写什么,就有起码50多个js文件加 ...
- IOS基础之(十四) KVO/KVC
资料参考: http://www.cnblogs.com/kenshincui/p/3871178.html http://www.cnblogs.com/stoic/archive/2012/07/ ...
- shell与变量的声明的操作
1.给命令起别名:alias 执行下面命令后,可以使用dir代替ls –l 命令,显示目录中的文件详细信息: 还可以用一个别名表示几个命令 的结合: 2.ps:显示当前登录会话的所有活动进程: 3.更 ...