puppet 搭建

Table of Contents

  1. 配置yum源
  2. 配置hosts
  3. 安装puppet-server
  4. 部署puppet-agent
  5. trouble-shoting

配置yum源

  • 备份系统自带yum源

      [root@master ~]# cd /etc/yum.repos.d/
    [root@master yum.repos.d]# mkdir bak
    [root@master yum.repos.d]# mv *.repo bak
  • 配置官网yum源(这个不太好用,建议不使用)

      rpm -Uvh https://yum.puppetlabs.com/puppetlabs-release-pc1-el-7.noarch.rpm

配置hosts

  • 更改/etc/hosts文件和/etc/hostname

      127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
    ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
    #yum的仓库域名解析
    10.0.10.108 mirrors.polex.io
    #设置fqdn(格式为:ip fqdn hostname)
    127.0.0.1 master.puppet.io master
    #设置agent域名解析
    10.211.55.3 agent.puppet.io
    [root@master yum.repos.d]# cat /etc/hostname
    master
  • 验证fqdn是否设置正确

[root@master ~]# hostname -f
master.puppet.io

安装puppet-server

  • yum安装软件包
yum install puppetserver
  • 更改配置文件/etc/sysconfig/puppetserver(如果需要)

    JAVA_ARGS="-Xms2g -Xmx2g -XX:MaxPermSize=256m”

    替换为

    JAVA_ARGS="-Xms512m -Xmx512m -XX:MaxPermSize=256m”

  • 更改配置文件puppet.conf(默认不需要更改)

[root@master ~]# cat backup/puppetlabs/puppet/puppet.conf
# This file can be used to override the default puppet settings.
# See the following links for more details on what settings are available:
# - https://docs.puppetlabs.com/puppet/latest/reference/config_important_settings.html
# - https://docs.puppetlabs.com/puppet/latest/reference/config_about_settings.html
# - https://docs.puppetlabs.com/puppet/latest/reference/config_file_main.html
# - https://docs.puppetlabs.com/puppet/latest/reference/configuration.html
[master]
vardir = /opt/puppetlabs/server/data/puppetserver
logdir = /var/log/puppetlabs/puppetserver
rundir = /var/run/puppetlabs/puppetserver
pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid
codedir = /etc/puppetlabs/code
  • 启动服务
[root@master ~]# systemctl start puppetserver
  • 验证

    参考第4步的验证

部署puppet-agent

  • yum安装软件包(如果部署过puppetserver就不用再次安装,puppetserver依赖于puppet-agent)
yum install puppet
  • 更改配置文件puppet.conf
[root@master ~]# cat /etc/puppetlabs/puppet/puppet.conf
# This file can be used to override the default puppet settings.
# See the following links for more details on what settings are available:
# - https://docs.puppetlabs.com/puppet/latest/reference/config_important_settings.html
# - https://docs.puppetlabs.com/puppet/latest/reference/config_about_settings.html
# - https://docs.puppetlabs.com/puppet/latest/reference/config_file_main.html
# - https://docs.puppetlabs.com/puppet/latest/reference/configuration.html
[master]
vardir = /opt/puppetlabs/server/data/puppetserver
logdir = /var/log/puppetlabs/puppetserver
rundir = /var/run/puppetlabs/puppetserver
pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid
codedir = /etc/puppetlabs/code
[agent]
#客户端传给master的验证名称
certname = agent.puppet.io
pluginsync = true
#puppetserver的服务端口
masterport = 8140
#agent使用master的环境指定
environment = production
#master的地址
server = master.puppet.io
listen = false
splay = false
splaylimit = 1800
#agent的运行周期
runinterval = 1800
noop = false
usecacheonfailure = true
  • 启动服务
[root@master ~]# systemctl start puppet
  • 验证
[root@master puppet]# puppet agent -vt
Info: Creating a new SSL key for agent.puppet.io
Info: csr_attributes file loading from /etc/puppetlabs/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for agent.puppet.io
Info: Certificate Request fingerprint (SHA256): CE:92:AF:5F:62:12:F6:F4:DB:59:41:7D:16:5B:19:3D:EC:7E:BB:B1:60:D6:DE:5D:2A:14:1A:23:60:8A:E6:B2
Exiting; no certificate found and waitforcert is disabled
查看证书
[root@master puppet]# puppet cert list
"agent.puppet.io" (SHA256) CE:92:AF:5F:62:12:F6:F4:DB:59:41:7D:16:5B:19:3D:EC:7E:BB:B1:60:D6:DE:5D:2A:14:1A:23:60:8A:E6:B2

trouble-shoting

  • 报错信息如下:
[root@master ~]# puppet agent -vt
Exiting; no certificate found and waitforcert is disabled

解决办法:

尝试清理证书:

[root@master ~]# puppet cert clean agent.puppet.io
Error: Could not find a serial number for agent.puppet.io

找到证书的文件,并删除,问题即可解决。

[root@master ~]# cd /etc/puppetlabs/puppet
puppet/ puppetserver/
[root@master ~]# cd /etc/puppetlabs/puppet
[root@master puppet]# find . -name "agent.puppet.io*"
./ssl/public_keys/agent.puppet.io.pem
./ssl/certificate_requests/agent.puppet.io.pem
./ssl/private_keys/agent.puppet.io.pem
./ssl/ca/requests/agent.puppet.io.pem
[root@master puppet]# rm -rf ./ssl/public_keys/agent.puppet.io.pem ./ssl/certificate_requests/agent.puppet.io.pem ./ssl/private_keys/agent.puppet.io.pem ./ssl/ca/requests/agent.puppet.io.pem
[root@master puppet]# puppet cert list
[root@master puppet]#

puppet-master搭建的更多相关文章

  1. Advacned Puppet: Puppet Master性能调优

    本文是Advanced Puppet系列的第一篇:Puppet master性能调优,谈一谈如何优化和提高C/S架构下master端的性能. 故事情节往往惊人地类似:你是一名使用Puppet管理线上业 ...

  2. Puppet master nginx 扩展提升性能(puppet自动化系列4)

    puppet使用SSL(https)协议来进行通讯,默认情况下,puppet server端使用基于Ruby的WEBRick HTTP服务器.由于WEBRick HTTP服务器在处理agent端的性能 ...

  3. 自动化运维工具之Puppet master/agent模型、站点清单和puppet多环境设定

    前文我们了解了puppe中模块的使用,回顾请参考https://www.cnblogs.com/qiuhom-1874/p/14086315.html:今天我来了解下puppet的master/age ...

  4. Configure Puppet Master with Passenger and Apache on Centos

    What is Passenger? Passenger (AKA mod_rails or mod_rack) is an Apache 2.x module which lets you run ...

  5. WEBrick/Rack Puppet Master

    Puppet's Services: The WEBrick Puppet Master Puppet master is the application that compiles configur ...

  6. Puppet master/agent installation on RHEL7

    ==================================================================================================== ...

  7. 部署puppet master/agent模型

    自己画的一个简单的架构图 agent端每隔30分钟到master端请求与自己相关的catalog. 各节点时间要同步. 依赖DNS,各节点能通过主机名能解析. 1.同步时间 # yum install ...

  8. puppet master/agent

    puppet master/agent 配置 安装 master: yum install puppet-server agent: yum install puppet 自动签名 puppet的ma ...

  9. Puppet的搭建和应用

    Puppet的部署与应用 1. 案例概述 作为一名系统管理员,维护服务器正常运行是最基本的职责,在管理几台到几十台服务器时,大部分管理员喜欢自己写小工具来维护,但随着服务器的数量曾多,任务量也逐渐增多 ...

  10. puppet master 用 nginx + unicorn 作为前端

    目录 1. 概要 2. nginx + unicorn 配置 2.1. package 安装 2.2. 配置文件设置 2.2.1. 配置 unicorn 2.2.2. 配置nginx 2.3. 测试配 ...

随机推荐

  1. 将EditPad Lite 加入鼠标右键

    > 开始 > regedit 如图新建shell及command

  2. tmux使用(程序员适用)

    原文:http://jack-boy.iteye.com/blog/1586908 tmux基本使用     tmux是一个优秀的终端复用软件,即使非正常掉线,也能保证当前的任务运行,这一点对于远程S ...

  3. 【深度学习】安装TensorFlow-GPU

    1.Windows版 准备 干净的系统,没有安装过Python,有的话就卸载了. 另外我的系统安装了VS2015 VS2017(这里我不知道是不是必备的). 现在TensorFlow和cuda以及cu ...

  4. Git使用(二、分支的创建和上传)

    介绍使用TortoiseGit创建分支并push到gitlab项目库,转载请注明出处. 一.创建一个新的文件夹,把要待编辑的工程从gitlab上pull到该文件夹. 其中URL从gitlab的对应项目 ...

  5. Python中使用cx_Oracle调用Oracle存储过程

    import cx_Oracle as cx import datetime def execute_sql(): # 声明变量 date_time = datetime.datetime.now() ...

  6. 未能加载文件或程序集“ .....WebUI ”或它的某一个依赖项,试图加载格式不正确的程序

    编译Web网站没有问题(需要引用oracle.dataAccess.dll),在运行时报错如下: 解决: 1. 将项目编译生成x86模式(win7 64位) 2. 有可能本机运行有问题,发布到IIS, ...

  7. SLAM

    |__all together ship |__SLAM__ |__Graph SLAM__ |__完成约束 |__完成Graph SLAM__ |                          ...

  8. 20145232韩文浩 《网络对抗技术》 Web安全基础实践

    问题回答 SQL注入攻击原理?如何防御? 原理:SQL注入攻击指的是通过构建特殊的输入作为参数传入Web应用程序,而这些输入大都是SQL语法里的一些组合,通过执行SQL语句进而执行攻击者所要的操作,使 ...

  9. 论文word排版相关插件

    其中包括破解版的MathType.EndNote X7以及Aurora 链接:http://pan.baidu.com/s/1boRZTmf 密码:a6ai

  10. Android-finished with non-zero exit value 2

    网上都是说,由于导入的依赖出现重复造成的,或者说 由于buildtools版本太高造成的,而我遇到的这个问题,这种两种方式无法去解决,所以才有了一下这种解决方式: 第一步,打开项目最外层的 build ...