RHEL6.3 源码安装Puppet

2024-12-07 技术教程

操作系统RHEL6.3 x64facter: https://downloads.puppetlabs.com/facter/puppet: https://downloads.puppetlabs.com/puppet/一.安装puppet Server1.配置yum源[root@master ~]# cat /etc/yum.repos.d/yum.repo [core]name=rhelbaseurl=ftp://dhcp.clovem.com/pub/enabled=1gpgcheck=02.安装ruby [root@master ~]# yum install ruby ruby-libs ruby-shadow -y3.安装facter[root@master ~]# tar zxvf facter-1.6.8.tgz ; cd facter-1.6.8[root@master ~]# ruby install.rb4.安装puppet master[root@master ~]# tar zxvf puppet-3.2.0-rc1.tar.gz ; cd puppet-3.2.0-rc1[root@master ~]# ruby install.rb5.复制配置文件[root@master puppet-3.2.0-rc1]# cp ext/redhat/puppet.conf /etc/puppet/puppet.conf[root@master puppet-3.2.0-rc1]# cp ext/redhat/server.init /etc/init.d/puppetmaster[root@master puppet-3.2.0-rc1]# useradd puppet [root@master puppet-3.2.0-rc1]#chmod a+x /etc/init.d/puppetmaster[root@master puppet-3.2.0-rc1]#chkconfig --add puppetmaster[root@master puppet-3.2.0-rc1]#chkconfig puppetmaster on [root@master puppet-3.2.0-rc1]#service puppetmaster start 二.安装puppet Agent1.配置yum源[root@rs1 ~]# cat /etc/yum.repos.d/yum.repo [core]name=rhelbaseurl=ftp://dhcp.clovem.com/pub/enabled=1gpgcheck=02.安装ruby [root@rs1 ~]# yum install ruby ruby-libs ruby-shadow -y3.安装facter[root@rs1 ~]# tar zxvf facter-1.6.8.tgz ; cd facter-1.6.8[root@rs1 ~]# ruby install.rb4.安装puppet agent[root@rs1 ~]# tar zxvf puppet-3.2.0-rc1.tar.gz ; cd puppet-3.2.0-rc1[root@rs1 ~]# ruby install.rb5.复制配置文件[root@rs1 puppet-3.2.0-rc1]# cp ext/redhat/puppet.conf /etc/puppet/puppet.conf[root@rs1 puppet-3.2.0-rc1]# cp ext/redhat/client.init /etc/init.d/puppet[root@rs1 puppet-3.2.0-rc1]#chkconfig --add puppet[root@rs1 puppet-3.2.0-rc1]#chkconfig puppet on [root@rs1 puppet-3.2.0-rc1]#service puppet start 三. 配置认证1.Agent端(1)添加解析记录[root@rs1 ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4::1 localhost localhost.localdomain localhost6 localhost6.localdomain6172.24.40.23 master.clovem.com172.24.40.25 rs1.clovem.com在/etc/puppet/puppet.conf 的[main]中加入server=master.clovem.com[root@rs1 ~]# cat /etc/puppet/puppet.conf |grep server server=master.clovem.com(2) 发送验证请求[root@rs1 ~]# puppet agent --server=master.clovem.com --testInfo: Creating a new SSL key for rs1.clovem.comInfo: Caching certificate for caInfo: Creating a new SSL certificate request for rs1.clovem.comInfo: Certificate Request fingerprint (SHA256): 51:95:52:65:05:BF:3D:C7:23:AA:2F:48:E7:42:B7:A5:83:58:25:E3:F2:7F:47:78:D6:30:F7:F9:6B:0C:F6:4EExiting; no certificate found and waitforcert is disabled[root@rs1 ~]# ll /var/lib/puppet/ssl/certs/total 4-rw-r--r-- 1 root root 1887 May 7 23:14 ca.pem2.服务端(1) 添加解析记录[root@master ~]# cat /etc/hosts127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4::1 localhost localhost.localdomain localhost6 localhost6.localdomain6172.24.40.10 dhcp.clovem.com172.24.40.23 master.clovem.com172.24.40.25 rs1.clovem.com(2) 列出验证请求[root@master ~]# puppet cert list "rs1.clovem.com" (SHA256) 51:95:52:65:05:BF:3D:C7:23:AA:2F:48:E7:42:B7:A5:83:58:25:E3:F2:7F:47:78:D6:30:F7:F9:6B:0C:F6:4E(3) 进行证书签名[root@master ~]# puppet cert --sign rs1.clovem.com //如果需要签名所有，使用--sign --allNotice: Signed certificate request for rs1.clovem.comNotice: Removing file Puppet::SSL::CertificateRequest rs1.clovem.com at '/var/lib/puppet/ssl/ca/requests/rs1.clovem.com.pem'3.客户端验证[root@rs1 ~]# puppet agent --server=master.clovem.com --testInfo: Caching certificate for rs1.clovem.comInfo: Caching certificate_revocation_list for caInfo: Retrieving pluginError: /File[/var/lib/puppet/lib]: Could not evaluate: Could not retrieve information from environment production source(s) puppet://master.clovem.com/pluginsInfo: Caching catalog for rs1.clovem.comInfo: Applying configuration version '1367939978'Info: Creating state file /var/lib/puppet/state/state.yamlNotice: Finished catalog run in 0.03 seconds[root@rs1 ~]# ls /var/lib/puppet/ssl/certs/ //发现此时多出rs1.clovem.com.pemca.pem rs1.clovem.com.pem三.简单测试1.服务端配置：[root@master ~]# cat /etc/puppet/manifests/site.pp //修改之后立即生效，无需重启puppetmaster服务node default{ file { "/tmp/test.txt": content=> "hello, this is firt puppet test\n"; }}2.客户端查看是否成功创建文件由于puppet Agent端默认30分钟跟Master端进行同步配置文件，所以此处进行手动重启，查看是否成功如果需要修改同步时间，在/etc/puppet/puppet.conf 的[agent]下加入runinterval = n ，表示n秒同步[root@ts1 ~]# service puppet restart [root@ts1 ~]# cat /tmp/test.txt hello, this is firt puppet test