centos 7 部署puppet及应用

安装参考：

https://jingyan.baidu.com/article/5553fa8298cf9c65a239342b.html
https://www.cnblogs.com/eastson/p/6056456.html

在服务端及客户端/etc/hosts中添加

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.20.100  master.localdomain
192.168.20.101  agent1.localdomain

服务端及客户端时间同步

timedatectl set-timezone Asia/Shanghai #设置时区

ntpdate ntp1.aliyun.com  #同步时间

服务端及客户端添加epel源

yum install epel-release -y

1、安装服务端

安装依赖库：

yum install -y ruby ruby-devel

安装puppet源

rpm -ivh puppetlabs-release-7-10.noarch.rpm

安装服务端 

yum install puppet-server 

启动服务端

有两种方式

a) systemctl start puppetmaster    #以服务的形式启动 *

b) puppet master --verbose --no-daemonize   #命令

2、安装客户端 

安装依赖库：

yum install -y ruby ruby-devel

安装puppet源

rpm -ivh puppetlabs-release-7-10.noarch.rpm

yum install puppet

修改配置文件/etc/puppet/puppet.conf

[main]
    # The Puppet log directory.
    # The default value is '$vardir/log'.
    logdir = /var/log/puppet

    # Where Puppet PID files are kept.
    # The default value is '$vardir/run'.
    rundir = /var/run/puppet

    # Where SSL certificates are kept.
    # The default value is '$confdir/ssl'.
    ssldir = $vardir/ssl

[agent]
    # The file in which puppetd stores a list of the classes
    # associated with the retrieved configuratiion.  Can be loaded in
    # the separate ``puppet`` executable using the ``--loadclasses``
    # option.
    # The default value is '$confdir/classes.txt'.
    classfile = $vardir/classes.txt

    # Where puppetd caches the local configuration.  An
    # extension indicating the cache format is added automatically.
    # The default value is '$confdir/localconfig'.
    localconfig = $vardir/localconfig

    certname = agent1.localdomain
    server = master.localdomain
    report = true
    runinterval=300  #同步周期

启动客户端也有两种方式

a) systemctl start puppet #以服务的方式启动

b) puppet agent --test --server master.localdomain #命令*

3、客户端申请证书

客户端执行 puppet agent --test  --server master.localdomain 向服务端申请证书

服务端查看申请并审核

puppet cert list --all
puppet cert sign agent1.localdomain

4、puppet应用

参考：

https://blog.csdn.net/weixin_40228200/article/details/123654954

修改服务端配置文件 /etc/puppet/fileserver.conf，添加[files]

[files]
path  /etc/puppet/files/ #试过别的目录，报400的错，好像是没权限
allow *

在/etc/puppet/manifests下创建site.pp文件

node default{
        file {
                "/root/test/puppet":
                ensure => directory;
        }
        file {
                "/root/test/bb.txt":
                ensure => link,
                target => "/root/test/b.txt"
        }
        file {
                "/root/test/tt.txt":
                mode => '644',
                owner => 'root',
                group => 'root',
                source => 'puppet://master.localdomain/files/tt.txt'
        }
}

重启服务端 

systemctl restart puppetmaster

在客户端下执行同步

puppet agent --test