16.Puppet 安装

1.准备工作

  master   192.168.86.128   amd64 7.8 server(puppet-master) facter hiera
  slave-1  192.168.86.130   amd64 7.8 client(puppet-agent) facter hiera
  facter-2.4.4.tar.gz
  puppet-3.7.4.tar.gz  
  ruby-1.9.3
  hiera-1.3.4

2.安装基础包:master 和 slave-1

  apt-get install wget tree lrzsz -y  
  apt-get -y install ruby1.9.3 ruby-json

3.安装hiera(安装puppet时需要用到的):master 和 slave-1

   wget http://ftp.cn.debian.org/debian/pool/main/h/hiera/hiera_1.3.4-1_all.deb
   dpkg -i hiera_1.3.4-1_all.deb

4.安装puppetmaster 和 facter :master

   #下载软件包
   wget --no-check-certificate https://downloads.puppetlabs.com/facter/facter-2.4.4.tar.gz
   wget --no-check-certificate https://downloads.puppetlabs.com/puppet/puppet-3.7.4.tar.gz
  
   #安装facter
   tar zxvf facter-2.4.4.tar.gz
   cd facter-2.4.4
   ruby install.rb
   
   #安装puppet
   tar zxvf puppet-3.7.4.tar.gz
   cd puppet-3.7.4
   ruby install.rb
   
   #检查master是否正确安装了facter
   facter
   
   #看下puppet.conf安装在master上的位置
   find / -name "*puppet.conf*"

5.配置master上的puppet server

   #创建puppet用户,:puppet服务端是以puppet用户运行的,而puppet客户端是root用户运行。
   #这样做的目的是:master在服务端以普通用户运行安全性比较高,而agent在客户端以root用户运行,
   #是因为master在创建用户、修改系统文件等资源时,需要具有最高权限。
   useradd -M -s /sbin/nologin puppet
   cat /etc/passwd |grep puppet

   #修改配置文件
   cp /usr/local/puppet-3.7.4/ext/debian/puppet.conf /etc/puppet/
   vim /etc/puppet/puppet.conf
          #在main标签下添加:
          pluginsync=false
          server = master
          certname = master

   #修改启动脚本
   cp /usr/local/puppet-3.7.4/ext/debian/puppetmaster.init /etc/init.d/puppetmaster
   vim /etc/init.d/puppetmaster
          #添加
          PORT=8140
          IP="192.168.86.128"
          #在下面代码后追加
          --startas $DAEMON -- $NAME $DAEMON_OPTS --masterport=$PORT --bindaddress=$IP

    #给脚本执行权限
    chmod +x /etc/init.d/puppetmaster

    #创建这个文件并添加以下内容(启动puppetmaster脚本时需要用到 否则会报错 启不来服务的) (serverA)
    echo "START=yes" > /etc/default/puppetmaster

    #启动puppetmaster服务
    /etc/init.d/puppetmaster start

    #查看端口
    netstat -tupnl |grep 8140
   
    #查看进程
    ps -ef |grep pupp
  
    #设置开机启动
    update-rc.d puppetmaster defaults
    update-rc.d: using dependency based boot sequencing
   
    #查看设置是否成功
    ll /etc/rc2.d/ |grep pupp

    #查看下本地注册存放位置
    tree /var/lib/puppet/ssl/

    #查看已注册
    puppet cert list --all

    #查看下相关日志
    cat /var/log/puppet/masterhttp.log
    tac /var/log/syslog |more

    #最后查看下软件版本
    facter -v
    ruby -v
    puppet -V
    hiera -v

6.安装client(agent) 和 facter 在slave-1上

    #下载facter和puppet包
    wget --no-check-certificate https://downloads.puppetlabs.com/facter/facter-2.4.4.tar.gz
    wget --no-check-certificate https://downloads.puppetlabs.com/puppet/puppet-3.7.4.tar.gz
    
    #安装facter
    tar zxvf facter-2.4.4.tar.gz
    cd facter-2.4.4
    ruby install.rb
   
    #安装puppet
    tar zxvf puppet-3.7.4.tar.gz
    cd puppet-3.7.4
    ruby install.rb
   
    #检查master是否正确安装了facter
    facter
   
    #看下puppet.conf安装在master上的位置
    find / -name "*puppet.conf*"

7.配置slave-1上的puppet client

   #修改配置文件
   cp /usr/local/puppet-3.7.4/ext/debian/puppet.conf /etc/puppet/
   vim /etc/puppet/puppet.conf
          #在main标签下添加:
          pluginsync=false

   #agent向master请求注册
   puppet agent --server master --verbose --test

   #查看日志有看到已经向服务端请求证书
   tac /var/log/syslog |more

   #在puppet master上看到有请求证书了
   puppet cert list --all

   #服务端签发证书(master) 如果需要一次性全部签发证书可以使用puppet cert sign --all
   puppet cert sign slave-1

   #查看全部已注册 (master)
   puppet cert list --all
   + "master.cloud"  (SHA256) 
19:01:63:DA:59:6A:7A:FC:47:38:BD:16:61:67:BE:67:90:5B:CC:9D:85:C2:6A:AC:80:E7:C8:C3:B6:38:50:03 (alt names: "DNS:master.cloud", "DNS:puppet", "DNS:puppet.cloud")
+ "slave-1.cloud" (SHA256) 01:93:5D:52:04:98:55:83:E5:9B:70:4C:71:60:15:4F:32:56:5B:4A:37:64:40:CE:2C:93:9D:08:F9:D9:CD:98
   #客户端确认(主动去拉) (slave-1)
   puppet agent --server master --verbose --test

8.测试agent主动获取,相当于Pull的方式

    #server创建先创建manifests目录
    mkdir -p /etc/puppet/manifests
    
    #server创建站点内容
    vim /etc/puppet/manifests/site.pp
      node default {
	file {
		"/tmp/helloworld.txt":
		content => "hello, world\n";
	}
      }
    
    #agent强制更新 (slave-1)
    puppet agent --server master --verbose --test

9.测试agent被动获取,相当于server主动推送

   #在agent创建需要同步的文件内容
   vim /etc/puppet/manifests/site.pp
          node default {
             file {
                 "/tmp/helloworld.txt":
                  content => "hello\n";
             }
          }
    #在agent修改/etc/puppet/auth.conf追加1行内容
    echo 'allow *' >> /etc/puppet/auth.conf

    #在agent创建namespaceauth.conf文件 追加以下内容
    vim /etc/puppet/namespaceauth.conf
          [fileserver] 
          allow *
          [puppetmaster] 
          allow *
          [puppetrunner] 
          allow *
          [puppetbucket] 
          allow *
          [puppetreports] 
          allow *
          [resource] 
          allow *
     #在agent修改/etc/puppet/puppet.conf
     vim /etc/puppet/puppet.conf
     listen=true
     runinterval=86400
    
     #在agent启动puppet agent,ip是agent的ip
     puppet agent --server master --bindaddress=192.168.86.130
     
     #在agent查看进程
      ps -ef |grep pupp

     #在agent查看端口
     netstat -tupnl |grep 8139

     #在server端使用puppet kick命令推送文件
     puppet kick -p 1 --host slave-1

     #在agent查看文件和内容
     cat /tmp/helloworld.txt

10.master和slave之间的证书出现问题的解决方式

   #agent端,删除/var/lib/puppet/ssl目录
   rm -fr /var/lib/puppet/ssl

   #master端,删除/var/lib/puppet/ssl/ca/signed目录下的证书文件
   rm -fr /var/lib/puppet/ssl/ca/signed/slave-1.cloud.pem
posted @ 2017-07-19 17:55  桃源仙居  阅读(116)  评论(0)    收藏  举报