puppet 搭建

Table of Contents

  1. 配置yum源
  2. 配置hosts
  3. 安装puppet-server
  4. 部署puppet-agent
  5. trouble-shoting

配置yum源

  • 备份系统自带yum源

      [root@master ~]# cd /etc/yum.repos.d/
    
  [root@master yum.repos.d]# mkdir bak
    
  [root@master yum.repos.d]# mv *.repo bak

  • 配置官网yum源(这个不太好用,建议不使用)

      rpm -Uvh https://yum.puppetlabs.com/puppetlabs-release-pc1-el-7.noarch.rpm

配置hosts

  • 更改/etc/hosts文件和/etc/hostname

      127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
    
  ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
    
  #yum的仓库域名解析
    
  10.0.10.108     mirrors.polex.io
    
  #设置fqdn(格式为:ip  fqdn  hostname)
    
  127.0.0.1       master.puppet.io   master
    
  #设置agent域名解析
    
  10.211.55.3     agent.puppet.io
    
  [root@master yum.repos.d]# cat /etc/hostname
    
  master

  • 验证fqdn是否设置正确

[root@master ~]# hostname -f

master.puppet.io

安装puppet-server

  • yum安装软件包
yum install puppetserver

  • 更改配置文件/etc/sysconfig/puppetserver(如果需要)

    JAVA_ARGS="-Xms2g -Xmx2g -XX:MaxPermSize=256m”

    替换为

    JAVA_ARGS="-Xms512m -Xmx512m -XX:MaxPermSize=256m”

  • 更改配置文件puppet.conf(默认不需要更改)

[root@master ~]# cat backup/puppetlabs/puppet/puppet.conf

# This file can be used to override the default puppet settings.

# See the following links for more details on what settings are available:

# - https://docs.puppetlabs.com/puppet/latest/reference/config_important_settings.html

# - https://docs.puppetlabs.com/puppet/latest/reference/config_about_settings.html

# - https://docs.puppetlabs.com/puppet/latest/reference/config_file_main.html

# - https://docs.puppetlabs.com/puppet/latest/reference/configuration.html

[master]

vardir = /opt/puppetlabs/server/data/puppetserver

logdir = /var/log/puppetlabs/puppetserver

rundir = /var/run/puppetlabs/puppetserver

pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid

codedir = /etc/puppetlabs/code
  • 启动服务
[root@master ~]# systemctl start puppetserver
  • 验证

    参考第4步的验证

部署puppet-agent

  • yum安装软件包(如果部署过puppetserver就不用再次安装,puppetserver依赖于puppet-agent)
yum install puppet
  • 更改配置文件puppet.conf
[root@master ~]# cat /etc/puppetlabs/puppet/puppet.conf

# This file can be used to override the default puppet settings.

# See the following links for more details on what settings are available:

# - https://docs.puppetlabs.com/puppet/latest/reference/config_important_settings.html

# - https://docs.puppetlabs.com/puppet/latest/reference/config_about_settings.html

# - https://docs.puppetlabs.com/puppet/latest/reference/config_file_main.html

# - https://docs.puppetlabs.com/puppet/latest/reference/configuration.html

[master]

vardir = /opt/puppetlabs/server/data/puppetserver

logdir = /var/log/puppetlabs/puppetserver

rundir = /var/run/puppetlabs/puppetserver

pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid

codedir = /etc/puppetlabs/code

[agent]

#客户端传给master的验证名称

certname          = agent.puppet.io

pluginsync        = true

#puppetserver的服务端口

masterport        = 8140

#agent使用master的环境指定

environment       = production

#master的地址

server            = master.puppet.io

listen            = false

splay             = false

splaylimit        = 1800

#agent的运行周期

runinterval       = 1800

noop              = false

usecacheonfailure = true
  • 启动服务
[root@master ~]# systemctl start puppet
  • 验证
[root@master puppet]# puppet agent -vt

Info: Creating a new SSL key for agent.puppet.io

Info: csr_attributes file loading from /etc/puppetlabs/puppet/csr_attributes.yaml

Info: Creating a new SSL certificate request for agent.puppet.io

Info: Certificate Request fingerprint (SHA256): CE:92:AF:5F:62:12:F6:F4:DB:59:41:7D:16:5B:19:3D:EC:7E:BB:B1:60:D6:DE:5D:2A:14:1A:23:60:8A:E6:B2

Exiting; no certificate found and waitforcert is disabled

查看证书

[root@master puppet]# puppet cert list

  "agent.puppet.io" (SHA256) CE:92:AF:5F:62:12:F6:F4:DB:59:41:7D:16:5B:19:3D:EC:7E:BB:B1:60:D6:DE:5D:2A:14:1A:23:60:8A:E6:B2

trouble-shoting

  • 报错信息如下:
[root@master ~]# puppet agent -vt

Exiting; no certificate found and waitforcert is disabled

解决办法:

尝试清理证书:

[root@master ~]# puppet cert clean agent.puppet.io

Error: Could not find a serial number for agent.puppet.io

找到证书的文件,并删除,问题即可解决。

[root@master ~]# cd /etc/puppetlabs/puppet

puppet/       puppetserver/

[root@master ~]# cd /etc/puppetlabs/puppet

[root@master puppet]# find . -name "agent.puppet.io*"

./ssl/public_keys/agent.puppet.io.pem

./ssl/certificate_requests/agent.puppet.io.pem

./ssl/private_keys/agent.puppet.io.pem

./ssl/ca/requests/agent.puppet.io.pem

[root@master puppet]# rm -rf ./ssl/public_keys/agent.puppet.io.pem ./ssl/certificate_requests/agent.puppet.io.pem ./ssl/private_keys/agent.puppet.io.pem ./ssl/ca/requests/agent.puppet.io.pem

[root@master puppet]# puppet cert list

[root@master puppet]#

puppet-master搭建的更多相关文章

  1. Advacned Puppet: Puppet Master性能调优

    本文是Advanced Puppet系列的第一篇:Puppet master性能调优,谈一谈如何优化和提高C/S架构下master端的性能. 故事情节往往惊人地类似:你是一名使用Puppet管理线上业 ...

  2. Puppet master nginx 扩展提升性能(puppet自动化系列4)

    puppet使用SSL(https)协议来进行通讯,默认情况下,puppet server端使用基于Ruby的WEBRick HTTP服务器.由于WEBRick HTTP服务器在处理agent端的性能 ...

  3. 自动化运维工具之Puppet master/agent模型、站点清单和puppet多环境设定

    前文我们了解了puppe中模块的使用,回顾请参考https://www.cnblogs.com/qiuhom-1874/p/14086315.html:今天我来了解下puppet的master/age ...

  4. Configure Puppet Master with Passenger and Apache on Centos

    What is Passenger? Passenger (AKA mod_rails or mod_rack) is an Apache 2.x module which lets you run ...

  5. WEBrick/Rack Puppet Master

    Puppet's Services: The WEBrick Puppet Master Puppet master is the application that compiles configur ...

  6. Puppet master/agent installation on RHEL7

    ==================================================================================================== ...

  7. 部署puppet master/agent模型

    自己画的一个简单的架构图 agent端每隔30分钟到master端请求与自己相关的catalog. 各节点时间要同步. 依赖DNS,各节点能通过主机名能解析. 1.同步时间 # yum install ...

  8. puppet master/agent

    puppet master/agent 配置 安装 master: yum install puppet-server agent: yum install puppet 自动签名 puppet的ma ...

  9. Puppet的搭建和应用

    Puppet的部署与应用 1. 案例概述 作为一名系统管理员,维护服务器正常运行是最基本的职责,在管理几台到几十台服务器时,大部分管理员喜欢自己写小工具来维护,但随着服务器的数量曾多,任务量也逐渐增多 ...

  10. puppet master 用 nginx + unicorn 作为前端

    目录 1. 概要 2. nginx + unicorn 配置 2.1. package 安装 2.2. 配置文件设置 2.2.1. 配置 unicorn 2.2.2. 配置nginx 2.3. 测试配 ...

随机推荐

  1. 将EditPad Lite 加入鼠标右键

    > 开始 > regedit 如图新建shell及command

  2. tmux使用(程序员适用)

    原文:http://jack-boy.iteye.com/blog/1586908 tmux基本使用     tmux是一个优秀的终端复用软件,即使非正常掉线,也能保证当前的任务运行,这一点对于远程S ...

  3. 【深度学习】安装TensorFlow-GPU

    1.Windows版 准备 干净的系统,没有安装过Python,有的话就卸载了. 另外我的系统安装了VS2015 VS2017(这里我不知道是不是必备的). 现在TensorFlow和cuda以及cu ...

  4. Git使用(二、分支的创建和上传)

    介绍使用TortoiseGit创建分支并push到gitlab项目库,转载请注明出处. 一.创建一个新的文件夹,把要待编辑的工程从gitlab上pull到该文件夹. 其中URL从gitlab的对应项目 ...

  5. Python中使用cx_Oracle调用Oracle存储过程

    import cx_Oracle as cx import datetime def execute_sql(): # 声明变量 date_time = datetime.datetime.now() ...

  6. 未能加载文件或程序集“ .....WebUI ”或它的某一个依赖项,试图加载格式不正确的程序

    编译Web网站没有问题(需要引用oracle.dataAccess.dll),在运行时报错如下: 解决: 1. 将项目编译生成x86模式(win7 64位) 2. 有可能本机运行有问题,发布到IIS, ...

  7. SLAM

    |__all together ship |__SLAM__ |__Graph SLAM__ |__完成约束 |__完成Graph SLAM__ |                          ...

  8. 20145232韩文浩 《网络对抗技术》 Web安全基础实践

    问题回答 SQL注入攻击原理?如何防御? 原理:SQL注入攻击指的是通过构建特殊的输入作为参数传入Web应用程序,而这些输入大都是SQL语法里的一些组合,通过执行SQL语句进而执行攻击者所要的操作,使 ...

  9. 论文word排版相关插件

    其中包括破解版的MathType.EndNote X7以及Aurora 链接:http://pan.baidu.com/s/1boRZTmf 密码:a6ai

  10. Android-finished with non-zero exit value 2

    网上都是说,由于导入的依赖出现重复造成的,或者说 由于buildtools版本太高造成的,而我遇到的这个问题,这种两种方式无法去解决,所以才有了一下这种解决方式: 第一步,打开项目最外层的 build ...