运维利器-puppet集中配置管理系统安装测试[转]

2012-08-13 10:56 tetang1230 阅读(307) 评论(0) 编辑收藏举报

环境：
192.168.128.128 puppet-server
192.168.128.32 puppet-client

1，安装前准备工作
puppet是ruby写的程序，依赖ruby环境，rpm -qa|grep ruby检查是否安装，若没安装，可挂载本地光盘或者在线yum安装:
[root@localhost ~]# yum install -y ruby-libs ruby ruby-irb ruby-rdoc

[root@localhost ~]# hostname puppet-server #客户端为puppet-client
[root@localhost ~]# vi /etc/hosts
127.0.0.1 localhost.localdomain localhost puppet-server #客户端为puppet-client
::1 localhost6.localdomain6 localhost6
192.168.128.32 puppet-client #客户端为192.168.128.128 puppet-server
[root@localhost ~]# vi /etc/sysconfig/network
NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=puppet-server #客户端为puppet-client
[root@localhost ~]# vi /etc/resolv.conf
; generated by /sbin/dhclient-script
#search localdomain #注释这行，大部分的文章都没写这一步，造成无法认证；
nameserver 192.168.128.2
修改完以上文件，退出重新登录。

2，puppet-server安装配置
[root@puppet-server ~]# cd /usr/local/src/
[root@puppet-server src]# tar zxf facter-1.6.8.tar.gz
[root@puppet-server src]# tar zxf puppet-2.6.14.tar.gz
[root@puppet-server src]# cd facter-1.6.8
[root@puppet-server facter-1.6.8]# ruby install.rb
[root@puppet-server facter-1.6.8]# cd ../puppet-2.6.14
[root@puppet-server puppet-2.6.14]# ruby install.rb
[root@puppet-server puppet-2.6.14]# cp conf/redhat/fileserver.conf /etc/puppet/
[root@puppet-server puppet-2.6.14]# cp conf/redhat/puppet.conf /etc/puppet/
[root@puppet-server puppet-2.6.14]# cp conf/redhat/server.init /etc/init.d/puppetmaster
[root@puppet-server puppet-2.6.14]# chmod +x /etc/init.d/puppetmasterd
[root@puppet-server puppet-2.6.14]# chkconfig --add puppetmasterd
[root@puppet-server puppet-2.6.14]# chkconfig --level 35 puppetmasterd on
[root@puppet-server puppet-2.6.14]# mkdir /etc/puppet/manifests
[root@puppet-server puppet-2.6.14]# puppetmasterd --mkusers
[root@puppet-server puppet-2.6.14]# /etc/init.d/puppetmasterd start

3，puppet-client安装配置
[root@puppet-client ~]# cd /usr/local/src/
[root@puppet-client src]# tar zxf facter-1.6.8.tar.gz
[root@puppet-client src]# tar zxf puppet-2.6.14.tar.gz
[root@puppet-client src]# cd facter-1.6.8
[root@puppet-client facter-1.6.8]# ruby install.rb
[root@puppet-client facter-1.6.8]# cd ../puppet-2.6.14
[root@puppet-client puppet-2.6.14]# ruby install.rb
[root@puppet-client puppet-2.6.14]# cp conf/namespaceauth.conf /etc/puppet/
[root@puppet-client puppet-2.6.14]# cp conf/redhat/puppet.conf /etc/puppet/
[root@puppet-client puppet-2.6.14]# cp conf/redhat/client.init /etc/init.d/puppetd
[root@puppet-client puppet-2.6.14]# chmod +x /etc/init.d/puppetd
[root@puppet-client puppet-2.6.14]# chkconfig --add puppetd
[root@puppet-client puppet-2.6.14]# chkconfig --level 35 puppetd on
[root@puppet-client puppet-2.6.14]# puppetd --mkusers #创建用户报错，以下手动创建
[root@puppet-client puppet-2.6.14]# groupadd puppet
[root@puppet-client puppet-2.6.14]# useradd -g puppet -M puppet
[root@puppet-client puppet-2.6.14]# /etc/init.d/puppetd start

4，签名认证
客户端发送请求：
[root@puppet-client puppet-2.6.14]# puppetd --test --server puppet-server
warning: peer certificate won't be verified in this SSL session
info: Caching certificate for ca
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
info: Creating a new SSL certificate request for puppet-client
info: Certificate Request fingerprint (md5): FB:5F:4B:05:8E:56:7F:A0:71:B0:59:6C:19:E5:A8:C4
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
Exiting; no certificate found and waitforcert is disabled

服务器端查看认证请求：
[root@puppet-server ~]# puppetca -l
puppet-client (FB:5F:4B:05:8E:56:7F:A0:71:B0:59:6C:19:E5:A8:C4)

认证单个客户端：
[root@puppet-server ~]# puppetca -s puppet-client
notice: Signed certificate request for puppet-client
notice: Removing file Puppet::SSL::CertificateRequest puppet-client at '/var/lib/puppet/ssl/ca/requests/puppet-client.pem'

认证所有客户端：
[root@puppet-server ~]# puppetca -s -a

客户端再次执行，已完成认证：
[root@puppet-client puppet-2.6.14]# puppetd --test --server puppet-server
warning: peer certificate won't be verified in this SSL session
info: Caching certificate for puppet-client
info: Caching certificate_revocation_list for ca
info: Caching catalog for puppet-client
info: Applying configuration version '1337769948'
info: Creating state file /var/lib/puppet/state/state.yaml
notice: Finished catalog run in 0.01 seconds

5，最简单测试：修改客户端文件权限
服务器端添加主配置文件site.pp：
[root@puppet-server ~]# vi /etc/puppet/manifests/site.pp
file
{ "/root/install.log":
owner => "puppet",
group => "puppet",
mode => 666,
}

客户端执行命令：
[root@puppet-client ~]# puppetd --test --server puppet-server

客户端/root/install.log文件执行前后属主权限变化：

刚刚接触puppet，后续将深入配置实例演示……

我与本文的作者安装的稍微有些出入,我添加了epel源之后,直接yum search puppet ,然后安装yum install puppet-server,后面的facter也是可以用yum安装的,node节点与server认证,以及测试的时候,我参考了本文的作者的例子！

会员力量，点亮园子希望

刷新页面返回顶部

linux apache mysql php javascript jquery nginx You are your own hero

运维利器-puppet集中配置管理系统安装测试[转]

About