centos怎么搭建puppet
發(fā)布時(shí)間:2021-07-27 11:45
來(lái)源:億速云
閱讀:0
作者:chen
欄目: 編程語(yǔ)言
歡迎投稿:712375056
本篇內容主要講解“centos怎么搭建puppet”��,感興趣的朋友不妨來(lái)看看��。本文介紹的方法操作簡(jiǎn)單快捷�����,實(shí)用性強�。下面就讓小編來(lái)帶大家學(xué)習“centos怎么搭建puppet”吧!
注意事項:
A:客戶(hù)端和端版本要一致�����。如果版本不一致的話(huà)����,那么高版本的只能是puppet server,另一臺只能為puppet客戶(hù)端��,也就是說(shuō)puppet 服務(wù)端的版本可以 大于或者等于客戶(hù)端版本����,不可以小與.
B:由于依賴(lài)時(shí)間同步�����。請注意服務(wù)端與客戶(hù)端保持一致��。推薦使用ntp 同步時(shí)間�����。
C:由于基于主機名�,推薦使用FQDN標準格式 如:master.puppet.com�。認證過(guò)后請不要隨便修改主機名���。
一準備工作:
環(huán)境: 一臺master ip地址192.168.1.220 一臺slaveip地址192.168.1.223
1.修改兩臺機器的主機名.
修改master機器
vim /etc/sysconfig/network
HOSTNAME=master.puppet.com
修改slave機器
vim /etc/sysconfig/network
HOSTNAME=slave.puppet.com
以上方法修改重啟后生效,如果不想重啟兩臺機器分別在用命令hostname來(lái)修改主機名.如 hostname xxx.puppet.com.
2.同步機器的時(shí)間(這一點(diǎn)很重要)
兩臺機器分別執行如下命令
ntpdate asia.pool.ntp.org
3.修改hosts文件,因為puppet靠主機名通信.
修改master的hosts文件
vim /etc/hosts
192.168.1.220 master.puppet.com
192.168.1.223 slave.puppet.com
修改slave的hosts文件
vim /etc/hosts
192.168.1.220 master.puppet.com
192.168.1.223 slave.puppet.com
二 安裝puppet
master主機安裝puppet
yum -y install ruby ruby-libs ruby-shadow
wget http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
#源如果失效請手動(dòng)下載puppet2.7.32 puppet-server2.7.32 facter1.6.18 地址http://dl.fedoraproject.org/pub/epel/6/x86_64/
rpm -Uvh epel-release-6-8.noarch.rpm
yum -y install puppet puppet-server facter
slave主機安裝puppet
yum install ruby ruby-libs ruby-shadow
wget http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
rpm -Uvh epel-release-6-8.noarch.rpm
yum -y install puppet facter
至此如果安裝過(guò)程不報錯的話(huà)�����,puppet已經(jīng)安裝成功了���。如果報錯請google.
三 puppet的啟動(dòng)
啟動(dòng)master服務(wù)端的進(jìn)程
啟動(dòng)之前必須先創(chuàng )建site.pp文件,site.pp文件是啟動(dòng)puppet server必須存在的.文件里面不用輸入任何字符,只需要這個(gè)文件存在就可以!
touch /etc/puppet/manifests/site.pp
然后使用啟動(dòng)命令: puppet master --verbose --no-daemonize
注:這種方式啟動(dòng)有助于測試和調試錯誤.你可以看到啟動(dòng)的整個(gè)過(guò)程�,啟動(dòng)過(guò)程會(huì )做一些初始化的工作���,為master創(chuàng )建本地ssl/' target='_blank'>證書(shū)認證中心�����,證書(shū)和key����。并打開(kāi)socket等待client的連接����。你可以在/etc/puppet/ssl目錄看到相關(guān)的文件和目錄��。
[root@master puppet]# puppet master --verbose --no-daemonize
info: Creating a new SSL key for ca
info: Creating a new SSL certificate request for ca
info: Certificate Request fingerprint (md5): 6B:A7:DE:0B:C7:BA:29:99:8A:1A:DD:42:50:CC:33:E0
notice: Signed certificate request for ca
notice: Rebuilding inventory file
info: Creating a new certificate revocation list
info: Creating a new SSL key for master.limit.centos
info: Creating a new SSL certificate request for master.limit.centos
info: Certificate Request fingerprint (md5): 10:90:1A:D5:E2:94:47:71:F4:5D:44:6E:CF:DE:F0:EB
notice: master.limit.centos has a waiting certificate request
notice: Signed certificate request for master.limit.centos
notice: Removing file Puppet::SSL::CertificateRequest master.limit.centos at '/etc/puppet/ssl/ca/requests/master.puppet.centos.pem'
notice: Removing file Puppet::SSL::CertificateRequest master.limit.centos at '/etc/puppet/ssl/certificate_requests/master.puppet.centos.pem'
notice: Starting Puppet master version 2.7.23
注: 按ctrl + c 結束上面的進(jìn)程!(貌似不會(huì )自動(dòng)退出) 以守護進(jìn)程的方式啟動(dòng) /etc/rc.d/init.d/puppetmaster restart
如果你的puppet的根目錄沒(méi)有ssl目錄可以到/var/lib/puppet/目錄查找, ssl目錄的位置是在puppet.conf文件中指定的.我的默認是在/var/lib/puppet/目錄下,經(jīng)過(guò)修改ssldir = /etc/puppet/ssl 把ssl目錄的位置定義到了/etc/puppet/目錄下. /etc/puppet/目錄是puppet安裝的根目錄.
slave端的啟動(dòng)與授權.
1,修改slave主機的puppet.conf配置文件.在[main]段添加 server = master.puppet.com
2.slave連接master申請證書(shū)
在slave上使用命令: puppet agent --server=master.puppet.com --no-daemonize --verbose
info: Creating a new SSL key for slave.puppet.com
info: Caching certificate for ca
info: Creating a new SSL certificate request for slave.puppet.com
info: Certificate Request fingerprint (md5): 54:11:FB:75:87:94:AF:6B:D1:6B:AD:6B:44:3E:74:A0
ctrl + c 結束進(jìn)程
3.在master上辦法證書(shū)
puppet cert --list #查看申請的證書(shū)
"slave.puppet.com" (DD:CF:28:EE:98:38:50:D2:6C:19:C6:5E:2D:60:D5:36)
puppet cert --sign slave.puppet.com #給slave簽發(fā)證書(shū).
notice: Signed certificate request for slave.puppet.com
notice: Removing file Puppet::SSL::CertificateRequest slave.puppet.com at '/etc/puppet/ssl/ca/requests/slave.cacti.linux.pem'
注:puppet cert --sign –all #簽發(fā)所有證書(shū)! puppet cert --clean slave.puppet.com #刪除slave的證書(shū)!
4.在來(lái)到slave上執行命令 puppet agent --server=master.puppet.com --no-daemonize --verbose
info: Caching certificate for slave.puppet.com
notice: Starting Puppet client version 2.7.23
info: Caching certificate_revocation_list for ca
info: Caching catalog for slave.cacti.linux
info: Applying configuration version '1392370988'
notice: Finished catalog run in 0.02 seconds #到此證書(shū)申請完成!
ctrl + c 結束進(jìn)程
注:如果需要重新申請證書(shū),務(wù)必把client端ssl目錄下的所有文件刪除, 并且刪除server端對應的已有的證書(shū)!!
5.啟動(dòng)slave端, 命令:/etc/rc.d/init.d/puppet start
注:如遇到錯誤提示http://my.oschina.net/denglz/blog/164700,這上面有一些常見(jiàn)的錯誤解答.
-------完成上面步驟以后,只能說(shuō)面master和slave能夠連接, 至于你想讓他做什么工作就看你自己怎么配置了!
我的需要是讓puppet幫我實(shí)現文件分發(fā), 要求: slave不自動(dòng)更新master的目錄和文件,需要更新時(shí)由master端向下推送!
slave端需要配置的地方!
1; vim auth.conf
path /
auth any
allow * #添加此行
2; vim puppet.conf
[main]
server = master.puppet.com
[agent]
listen = true #添加此行
3; vim /etc/init.d/puppet
找到 [ -n "${PUPPET_SERVER}" ] && PUPPET_OPTS="--server=${PUPPET_SERVER} "這一行���,然后在最末尾添加--no-client
添加后的效果:
[ -n "${PUPPET_SERVER}" ] && PUPPET_OPTS="--server=${PUPPET_SERVER} --no-client"
然后重啟客戶(hù)端puppet�,/etc/init.d/puppet restart �����,這樣客戶(hù)端就不會(huì )主動(dòng)跟服務(wù)端同步了(記得把/etc/puppet/puppet.conf里runinterval注釋(⊙o⊙)哦)�。
然后去服務(wù)端執行puppet kick -d --host 客戶(hù)端主機名 即可實(shí)現只想推送功能����。
master 端需要修改的文件
1; vim fileserver.conf #文件添加一下內容.
[puppet_ankang]
path /web/root/puppet_ankang
allow 192.168.127.0/24
2;
vim manifests/site.pp
node 'slave.cacti.linux'{ #
file {"/web/root/puppet_ankang": #/web/root/puppet_ankang是slave端被同步的目錄
ensure => directory,
source => "puppet://master.puppet.com/puppet_ankang/", #master.puppet.com是server端的主機名; puppet_ankang是fileserver.conf 文件中 [puppet_ankang] 的名字!
#ignore => ".svn"
recurse => true,
purge => true,
force => true,
}
}
master端使用命令: puppet kick -d slave.cacti.linux 向slave端推送如果報錯:
Host slave.cacti.linux failed: Error 403 on SERVER: Forbidden request: master.puppet.com(192.168.127.183) access to /run/slave.cacti.linux [save] authenticated at /etc/puppet/auth.conf:99
這是因為slave端的auth.conf文件需要添加一行內容:
修改auth.conf
path /
auth any
allow * #添加allow *
正常的提示應該是這樣的
[root@master puppet]# puppet kick -d slave.cacti.linux
Triggering slave.cacti.linux
Getting status
status is success
slave.cacti.linux finished with exit code 0
Finished
