puppet-master搭建

puppet 搭建

Table of Contents

1. 配置yum源
2. 配置hosts
3. 安装puppet-server
4. 部署puppet-agent
5. trouble-shoting

配置yum源

• 备份系统自带yum源

    [root@master ~]# cd /etc/yum.repos.d/
    [root@master yum.repos.d]# mkdir bak
    [root@master yum.repos.d]# mv *.repo bak
  

• 配置官网yum源（这个不太好用，建议不使用)

    rpm -Uvh https://yum.puppetlabs.com/puppetlabs-release-pc1-el-7.noarch.rpm
  

配置hosts

• 更改/etc/hosts文件和/etc/hostname

    127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
    ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
    #yum的仓库域名解析
    10.0.10.108     mirrors.polex.io
    #设置fqdn(格式为：ip  fqdn  hostname)
    127.0.0.1       master.puppet.io   master
    #设置agent域名解析
    10.211.55.3     agent.puppet.io
    [root@master yum.repos.d]# cat /etc/hostname
    master
  

• 验证fqdn是否设置正确

[root@master ~]# hostname -f
master.puppet.io

安装puppet-server

• yum安装软件包

yum install puppetserver

• 更改配置文件/etc/sysconfig/puppetserver（如果需要）
  
  JAVA_ARGS="-Xms2g -Xmx2g -XX:MaxPermSize=256m”
  
  替换为
  
  JAVA_ARGS="-Xms512m -Xmx512m -XX:MaxPermSize=256m”

• 更改配置文件puppet.conf（默认不需要更改）

[root@master ~]# cat backup/puppetlabs/puppet/puppet.conf
# This file can be used to override the default puppet settings.
# See the following links for more details on what settings are available:
# - https://docs.puppetlabs.com/puppet/latest/reference/config_important_settings.html
# - https://docs.puppetlabs.com/puppet/latest/reference/config_about_settings.html
# - https://docs.puppetlabs.com/puppet/latest/reference/config_file_main.html
# - https://docs.puppetlabs.com/puppet/latest/reference/configuration.html
[master]
vardir = /opt/puppetlabs/server/data/puppetserver
logdir = /var/log/puppetlabs/puppetserver
rundir = /var/run/puppetlabs/puppetserver
pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid
codedir = /etc/puppetlabs/code

• 启动服务

[root@master ~]# systemctl start puppetserver

• 验证
  
  参考第4步的验证

部署puppet-agent

• yum安装软件包（如果部署过puppetserver就不用再次安装，puppetserver依赖于puppet-agent）

yum install puppet

• 更改配置文件puppet.conf

[root@master ~]# cat /etc/puppetlabs/puppet/puppet.conf
# This file can be used to override the default puppet settings.
# See the following links for more details on what settings are available:
# - https://docs.puppetlabs.com/puppet/latest/reference/config_important_settings.html
# - https://docs.puppetlabs.com/puppet/latest/reference/config_about_settings.html
# - https://docs.puppetlabs.com/puppet/latest/reference/config_file_main.html
# - https://docs.puppetlabs.com/puppet/latest/reference/configuration.html
[master]
vardir = /opt/puppetlabs/server/data/puppetserver
logdir = /var/log/puppetlabs/puppetserver
rundir = /var/run/puppetlabs/puppetserver
pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid
codedir = /etc/puppetlabs/code
[agent]
#客户端传给master的验证名称
certname          = agent.puppet.io
pluginsync        = true
#puppetserver的服务端口
masterport        = 8140
#agent使用master的环境指定
environment       = production
#master的地址
server            = master.puppet.io
listen            = false
splay             = false
splaylimit        = 1800
#agent的运行周期
runinterval       = 1800
noop              = false
usecacheonfailure = true

• 启动服务

[root@master ~]# systemctl start puppet

• 验证

[root@master puppet]# puppet agent -vt
Info: Creating a new SSL key for agent.puppet.io
Info: csr_attributes file loading from /etc/puppetlabs/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for agent.puppet.io
Info: Certificate Request fingerprint (SHA256): CE:92:AF:5F:62:12:F6:F4:DB:59:41:7D:16:5B:19:3D:EC:7E:BB:B1:60:D6:DE:5D:2A:14:1A:23:60:8A:E6:B2
Exiting; no certificate found and waitforcert is disabled
查看证书
[root@master puppet]# puppet cert list
  "agent.puppet.io" (SHA256) CE:92:AF:5F:62:12:F6:F4:DB:59:41:7D:16:5B:19:3D:EC:7E:BB:B1:60:D6:DE:5D:2A:14:1A:23:60:8A:E6:B2

trouble-shoting

• 报错信息如下：

[root@master ~]# puppet agent -vt
Exiting; no certificate found and waitforcert is disabled

解决办法：

尝试清理证书：

[root@master ~]# puppet cert clean agent.puppet.io
Error: Could not find a serial number for agent.puppet.io

找到证书的文件，并删除，问题即可解决。

[root@master ~]# cd /etc/puppetlabs/puppet
puppet/       puppetserver/
[root@master ~]# cd /etc/puppetlabs/puppet
[root@master puppet]# find . -name "agent.puppet.io*"
./ssl/public_keys/agent.puppet.io.pem
./ssl/certificate_requests/agent.puppet.io.pem
./ssl/private_keys/agent.puppet.io.pem
./ssl/ca/requests/agent.puppet.io.pem
[root@master puppet]# rm -rf ./ssl/public_keys/agent.puppet.io.pem ./ssl/certificate_requests/agent.puppet.io.pem ./ssl/private_keys/agent.puppet.io.pem ./ssl/ca/requests/agent.puppet.io.pem
[root@master puppet]# puppet cert list
[root@master puppet]#