歡迎來到Linux教程網
Linux教程網
Linux教程網
Linux教程網
您现在的位置: Linux教程網 >> UnixLinux >  >> Linux基礎 >> 關於Linux

Centos 6.3下Puppet的安裝配置過程

系統環境:centos6.3

puppet:   puppet-2.7.13

facter:   facter-1.6.5

ruby:     yum源

注:

facter用來獲取客戶端系統信息(如hostname,ip,OS-Version,fqdn等)

ruby是puppet的開發環境

puppet server: 192.168.7.196

puppet client: 192.168.7.197

(server)為僅服務器端配置

(client)為僅客戶器端配置

(server,client)為服務器端與客戶端配置

一.配置環境(server,client):

1.關閉iptables和selinux(server,client)

# service iptables stop

# setenforce 0

# vi /etc/sysconfig/selinux

---------------

SELINUX=disabled

---------------

2.安裝ruby開發環境(centos6.3默認更新源)(server,client)

# yum -y install ruby*

3.計劃同步時間:(server,client)

每5分鐘同步一次時間

# crontab -e

-------------

*/5 * * * * /usr/sbin/ntpdate -u asia.pool.ntp.org

-------------

# service crond restart

# chkconfig crond on

4.修改服務器及客戶端HOST及主機名:

(server,client)

# vi /etc/hosts

-------------------

192.168.7.196    server.example.com    server

192.168.7.197    client.example.com    client

-------------------

(server)

# vi /etc/sysconfig/network

----------------

HOSTNAME=server.example.com

----------------

(client)

# vi /etc/sysconfig/network

----------------

HOSTNAME=client.example.com

----------------

二.安裝應用軟件(server,client):

(server):

1.安裝facter:

# wget http://downloads.puppetlabs.com/facter/facter-1.6.5.tar.gz

# tar zxvf facter-1.6.5.tar.gz

# cd facter-1.6.5

# ruby install.rb

2.安裝puppet:

# wget http://downloads.puppetlabs.com/puppet/puppet-2.6.13.tar.gz

# tar zxvf puppet-2.6.13.tar.gz

# cd puppet-2.6.13

# ruby install.rb

# cp conf/auth.conf /etc/puppet/

# cp conf/redhat/fileserver.conf /etc/puppet/

# cp conf/redhat/puppet.conf /etc/puppet/

# mkdir -p /etc/puppet/manifests

設置開機啟動腳本:

# cp conf/redhat/server.init /etc/init.d/puppetmaster

# chmod +x /etc/init.d/puppetmaster

# chkconfig --add puppetmaster

# chkconfig puppetmaster on

生成pupput用戶:

# puppetmasterd --mkusers

啟動puppetmaster服務(端口:8140):

# service puppetmaster start

(client):

1.安裝facter:

# wget http://downloads.puppetlabs.com/facter/facter-1.6.5.tar.gz

# tar zxvf facter-1.6.5.tar.gz

# cd facter-1.6.5

# ruby install.rb

2.安裝puppet:

# wget http://downloads.puppetlabs.com/puppet/puppet-2.6.13.tar.gz

# tar zxvf puppet-2.6.13.tar.gz

# cd puppet-2.6.13

# ruby install.rb

# cp conf/auth.conf /etc/puppet/

# cp conf/namespaceauth.conf /etc/puppet/

# cp conf/redhat/puppet.conf /etc/puppet/

設置開機啟動腳本:

# cp conf/redhat/client.init /etc/init.d/puppet

# chmod +x /etc/init.d/puppet

# chkconfig --add puppet

# chkconfig puppet on

# vi /etc/puppet/puppet.conf

在[agent]條目下添加以下內容:

-------

Listen = true

Server = server.example.com

--------

# vi /etc/puppet/namespaceauth.conf

修改成以下內容:

---------

[fileserver]

allow *

[puppetmaster]

allow *

[puppetrunner]

allow *

[puppetbucket]

allow *

[puppetreports]

allow *

[resource]

allow *

---------

生成pupput用戶:

# puppetmasterd --mkusers

啟動puppet服務(端口:8140):

# /etc/init.d/puppet start

至此安裝完畢,現在需要配置客戶端與服務器端的認證連接,從而將服務器端的配置的內容分發到各個客 戶端,實現集中配置管理。

三.認證並分發:

(client):

客戶端發送請求

# puppetd --test --server server.example.com

報錯:

--------------------

err: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0

state=SSLv3 read server certificate B: certificate verify failed

warning: Not using cache on failed catalog

err: Could not retrieve catalog; skipping run

--------------------

解決方法:

這可能是換了不同的兩台puppetmaster服務器引起的。解決方法,刪除現有ssl證書。

# find /var/lib/puppet -type f -print0 |xargs -0r rm

重新發送請求:

# puppetd --test --server server.example.com

-------------------

info: Creating a new SSL key for client.example.com

warning: peer certificate won't be verified in this SSL session

info: Caching certificate for ca

warning: peer certificate won't be verified in this SSL session

warning: peer certificate won't be verified in this SSL session

info: Creating a new SSL certificate request for client.example.com

info: Certificate Request fingerprint (md5):

32:E8:CD:32:BF:62:86:64:B3:98:A4:EB:8A:71:D2:99

warning: peer certificate won't be verified in this SSL session

warning: peer certificate won't be verified in this SSL session

warning: peer certificate won't be verified in this SSL session

Exiting; no certificate found and waitforcert is disabled

-------------------

發送成功。

(server):

服務器端查看是否有請求證書的客戶端服務器

# puppetca --list

------------------

client.example.com (32:E8:CD:32:BF:62:86:64:B3:98:A4:EB:8A:71:D2:99)

------------------

收到客戶端認證信息

服務器端對client.example.com簽名

# puppetca -s client.example.com

或對所有客戶端全部簽名

# puppetca -s -a

查看驗證簽名,注意前面的+號,說明已經簽名

# puppetca -a --list

---------------------

+ client.example.com (19:6F:4C:84:B1:69:16:3C:A1:38:C2:2E:6F:B6:67:12)

---------------------

md5驗證服務器端收到的證書是否正確

(server):

# md5sum /var/lib/puppet/ssl/ca/signed/client.example.com.pem

---------------------

1ebfd47775ec8f3e2ae112d75ccba132  /var/lib/puppet/ssl/ca/signed/client.example.com.pem

---------------------

(client):

# md5sum /var/lib/puppet/ssl/certs/client.example.com.pem

---------------------

1ebfd47775ec8f3e2ae112d75ccba132  /var/lib/puppet/ssl/certs/client.example.com.pem

---------------------

MD5值相同,說明我們的puppetmaster和客戶端的puppet已經成功建立通信

 

注:出現修改主機名問題引起無法認證,需要重新申請證書,操作可以按照如下兩個步驟:

(server):

# rm -rf /var/lib/puppet/ssl/ca/signed/*.pem  // "*.pem"為修改過主機名的證書

(client):

# rm -rf /var/lib/puppet/ssl/

配置完畢,開始驗證分發效果:

(server):

修改server端配置文件:

# vi /etc/puppet/manifests/site.pp

-----------------

node default{

  file { "/tmp/test":

          content=> "this is a test file";

}

}

-----------------

重啟puppetmaster,更新配置文件信息。

# service puppetmaster restart

(client):

重啟puppet(可不用重啟)

# service puppet restart

同步文件:

# puppetd --server server.example.com  --test

------------------

warning: peer certificate won't be verified in this SSL session

info: Caching certificate for client.example.com

info: Caching certificate_revocation_list for ca

info: Caching catalog for client.example.com

info: Applying configuration version '1369124449'

notice: /Stage[main]//Node[default]/File[/tmp/test]/ensure: defined content as '{md5} 100b144907af2a4786003758a0a6a563'

info: Creating state file /var/lib/puppet/state/state.yaml

notice: Finished catalog run in 0.02 seconds

------------------

查看/tmp/test文件及文件內容

# cat /tmp/test

-----------

this is a test file

-----------

完成。

Copyright © Linux教程網 All Rights Reserved