运维利器-puppet集中配置管理系统安装测试[转]
2012-08-13 10:56 tetang1230 阅读(309) 评论(0) 编辑 收藏 举报环境:
192.168.128.128 puppet-server
192.168.128.32 puppet-client
1,安装前准备工作
puppet是ruby写的程序,依赖ruby环境,rpm -qa|grep ruby检查是否安装,若没安装,可挂载本地光盘或者在线yum安装:
[root@localhost ~]# yum install -y ruby-libs ruby ruby-irb ruby-rdoc
[root@localhost ~]# hostname puppet-server #客户端为puppet-client
[root@localhost ~]# vi /etc/hosts
127.0.0.1 localhost.localdomain localhost puppet-server #客户端为puppet-client
::1 localhost6.localdomain6 localhost6
192.168.128.32 puppet-client #客户端为192.168.128.128 puppet-server
[root@localhost ~]# vi /etc/sysconfig/network
NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=puppet-server #客户端为puppet-client
[root@localhost ~]# vi /etc/resolv.conf
; generated by /sbin/dhclient-script
#search localdomain #注释这行,大部分的文章都没写这一步,造成无法认证;
nameserver 192.168.128.2
修改完以上文件,退出重新登录。
2,puppet-server安装配置
[root@puppet-server ~]# cd /usr/local/src/
[root@puppet-server src]# tar zxf facter-1.6.8.tar.gz
[root@puppet-server src]# tar zxf puppet-2.6.14.tar.gz
[root@puppet-server src]# cd facter-1.6.8
[root@puppet-server facter-1.6.8]# ruby install.rb
[root@puppet-server facter-1.6.8]# cd ../puppet-2.6.14
[root@puppet-server puppet-2.6.14]# ruby install.rb
[root@puppet-server puppet-2.6.14]# cp conf/redhat/fileserver.conf /etc/puppet/
[root@puppet-server puppet-2.6.14]# cp conf/redhat/puppet.conf /etc/puppet/
[root@puppet-server puppet-2.6.14]# cp conf/redhat/server.init /etc/init.d/puppetmaster
[root@puppet-server puppet-2.6.14]# chmod +x /etc/init.d/puppetmasterd
[root@puppet-server puppet-2.6.14]# chkconfig --add puppetmasterd
[root@puppet-server puppet-2.6.14]# chkconfig --level 35 puppetmasterd on
[root@puppet-server puppet-2.6.14]# mkdir /etc/puppet/manifests
[root@puppet-server puppet-2.6.14]# puppetmasterd --mkusers
[root@puppet-server puppet-2.6.14]# /etc/init.d/puppetmasterd start
3,puppet-client安装配置
[root@puppet-client ~]# cd /usr/local/src/
[root@puppet-client src]# tar zxf facter-1.6.8.tar.gz
[root@puppet-client src]# tar zxf puppet-2.6.14.tar.gz
[root@puppet-client src]# cd facter-1.6.8
[root@puppet-client facter-1.6.8]# ruby install.rb
[root@puppet-client facter-1.6.8]# cd ../puppet-2.6.14
[root@puppet-client puppet-2.6.14]# ruby install.rb
[root@puppet-client puppet-2.6.14]# cp conf/namespaceauth.conf /etc/puppet/
[root@puppet-client puppet-2.6.14]# cp conf/redhat/puppet.conf /etc/puppet/
[root@puppet-client puppet-2.6.14]# cp conf/redhat/client.init /etc/init.d/puppetd
[root@puppet-client puppet-2.6.14]# chmod +x /etc/init.d/puppetd
[root@puppet-client puppet-2.6.14]# chkconfig --add puppetd
[root@puppet-client puppet-2.6.14]# chkconfig --level 35 puppetd on
[root@puppet-client puppet-2.6.14]# puppetd --mkusers #创建用户报错,以下手动创建
[root@puppet-client puppet-2.6.14]# groupadd puppet
[root@puppet-client puppet-2.6.14]# useradd -g puppet -M puppet
[root@puppet-client puppet-2.6.14]# /etc/init.d/puppetd start
4,签名认证
客户端发送请求:
[root@puppet-client puppet-2.6.14]# puppetd --test --server puppet-server
warning: peer certificate won't be verified in this SSL session
info: Caching certificate for ca
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
info: Creating a new SSL certificate request for puppet-client
info: Certificate Request fingerprint (md5): FB:5F:4B:05:8E:56:7F:A0:71:B0:59:6C:19:E5:A8:C4
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
Exiting; no certificate found and waitforcert is disabled
服务器端查看认证请求:
[root@puppet-server ~]# puppetca -l
puppet-client (FB:5F:4B:05:8E:56:7F:A0:71:B0:59:6C:19:E5:A8:C4)
认证单个客户端:
[root@puppet-server ~]# puppetca -s puppet-client
notice: Signed certificate request for puppet-client
notice: Removing file Puppet::SSL::CertificateRequest puppet-client at '/var/lib/puppet/ssl/ca/requests/puppet-client.pem'
认证所有客户端:
[root@puppet-server ~]# puppetca -s -a
客户端再次执行,已完成认证:
[root@puppet-client puppet-2.6.14]# puppetd --test --server puppet-server
warning: peer certificate won't be verified in this SSL session
info: Caching certificate for puppet-client
info: Caching certificate_revocation_list for ca
info: Caching catalog for puppet-client
info: Applying configuration version '1337769948'
info: Creating state file /var/lib/puppet/state/state.yaml
notice: Finished catalog run in 0.01 seconds
5,最简单测试:修改客户端文件权限
服务器端添加主配置文件site.pp:
[root@puppet-server ~]# vi /etc/puppet/manifests/site.pp
file
{ "/root/install.log":
owner => "puppet",
group => "puppet",
mode => 666,
}
客户端执行命令:
[root@puppet-client ~]# puppetd --test --server puppet-server
客户端/root/install.log文件执行前后属主权限变化:
刚刚接触puppet,后续将深入配置实例演示……
ps
我与本文的作者安装的稍微有些出入,我添加了epel源之后,直接yum search puppet ,然后安装yum install puppet-server,后面的facter也是可以用yum安装的,node节点与server认证,以及测试的时候,我参考了本文的作者的例子!
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】凌霞软件回馈社区,博客园 & 1Panel & Halo 联合会员上线
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】博客园社区专享云产品让利特惠,阿里云新客6.5折上折
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步