centos 搭建 puppet

注意事项:

A:客户端和服务器端版本要一致。如果版本不一致的话，那么高版本的只能是puppet server,另一台只能为puppet客户端，也就是说puppet 服务端的版本可以 大于或者等于客户端版本，不可以小与.

B:由于SSL证书依赖时间同步。请注意服务端与客户端保持一致。推荐使用ntp 同步时间。

C:由于基于主机名，推荐使用FQDN标准格式 如:master.puppet.com。认证过后请不要随便修改主机名。

一准备工作:

环境: 一台master ip地址192.168.1.220   一台slaveip地址192.168.1.223

1.修改两台机器的主机名.

修改master机器

vim /etc/sysconfig/network

HOSTNAME=master.puppet.com

修改slave机器

vim /etc/sysconfig/network

HOSTNAME=slave.puppet.com

以上方法修改重启后生效,如果不想重启两台机器分别在用命令hostname来修改主机名.如 hostname xxx.puppet.com.

2.同步机器的时间(这一点很重要)

两台机器分别执行如下命令

ntpdate asia.pool.ntp.org

3.修改hosts文件,因为puppet靠主机名通信.

修改master的hosts文件

vim /etc/hosts

192.168.1.220 master.puppet.com

192.168.1.223 slave.puppet.com

修改slave的hosts文件

vim /etc/hosts

192.168.1.220 master.puppet.com

192.168.1.223 slave.puppet.com

二 安装puppet

master主机安装puppet

yum -y install ruby ruby-libs ruby-shadow

wget http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm

rpm -Uvh epel-release-6-8.noarch.rpm

yum -y install puppet puppet-server facter

slave主机安装puppet

yum install ruby ruby-libs ruby-shadow

wget http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm

rpm -Uvh epel-release-6-8.noarch.rpm

yum -y install puppet facter

至此如果安装过程不报错的话，puppet已经安装成功了。如果报错请google.

三 puppet的启动

启动master服务端的进程

首次启动使用命令: puppet master --verbose --no-daemonize    

   注:这种方式启动有助于测试和调试错误.你可以看到启动的整个过程，启动过程会做一些初始化的工作，为master创建本地证书认证中心，证书和key。并打开socket等待client的连接。你可以在/etc/puppet/ssl目录看到相关的文件和目录。

[root@master puppet]# puppet master --verbose --no-daemonize

info: Creating a new SSL key for ca

info: Creating a new SSL certificate request for ca

info: Certificate Request fingerprint (md5): 6B:A7:DE:0B:C7:BA:29:99:8A:1A:DD:42:50:CC:33:E0

notice: Signed certificate request for ca

notice: Rebuilding inventory file

info: Creating a new certificate revocation list

info: Creating a new SSL key for master.limit.centos

info: Creating a new SSL certificate request for master.limit.centos

info: Certificate Request fingerprint (md5): 10:90:1A:D5:E2:94:47:71:F4:5D:44:6E:CF:DE:F0:EB

notice: master.limit.centos has a waiting certificate request

notice: Signed certificate request for master.limit.centos

notice: Removing file Puppet::SSL::CertificateRequest master.limit.centos at ‘/etc/puppet/ssl/ca/requests/master.puppet.centos.pem‘  

notice: Removing file Puppet::SSL::CertificateRequest master.limit.centos at ‘/etc/puppet/ssl/certificate_requests/master.puppet.centos.pem‘    

notice: Starting Puppet master version 2.7.23

注: 按ctrl + c 结束上面的进程!(貌似不会自动退出) 以守护进程的方式启动 /etc/rc.d/init.d/puppetmaster restart

如果你的puppet的根目录没有ssl目录可以到/var/lib/puppet/目录查找, ssl目录的位置是在puppet.conf文件中指定的.我的默认是在/var/lib/puppet/目录下,经过修改ssldir = /etc/puppet/ssl 把ssl目录的位置定义到了/etc/puppet/目录下. /etc/puppet/目录是puppet安装的根目录.

slave端的启动与授权.

   1,修改slave主机的puppet.conf配置文件.在[main]段添加 server = master.puppet.com

   2.slave连接master申请证书

   在slave上使用命令: puppet agent --server=master.puppet.com --no-daemonize --verbose

   info: Creating a new SSL key for slave.puppet.com

   info: Caching certificate for ca

   info: Creating a new SSL certificate request for slave.puppet.com

   info: Certificate Request fingerprint (md5): 54:11:FB:75:87:94:AF:6B:D1:6B:AD:6B:44:3E:74:A0

   ctrl + c 结束进程

   3.在master上办法证书

   puppet cert --list   #查看申请的证书

   "slave.puppet.com" (DD:CF:28:EE:98:38:50:D2:6C:19:C6:5E:2D:60:D5:36)

   puppet cert --sign slave.puppet.com    #给slave签发证书.

   notice: Signed certificate request for slave.puppet.com

   notice: Removing file Puppet::SSL::CertificateRequest slave.puppet.com at ‘/etc/puppet/ssl/ca/requests/slave.cacti.linux.pem‘

   注:puppet cert --sign –all #签发所有证书!   puppet cert --clean slave.puppet.com  #删除slave的证书!  

   4.在来到slave上执行命令 puppet agent --server=master.puppet.com --no-daemonize --verbose    

   info: Caching certificate for slave.puppet.com

   notice: Starting Puppet client version 2.7.23

   info: Caching certificate_revocation_list for ca

   info: Caching catalog for slave.cacti.linux

   info: Applying configuration version ‘1392370988‘

   notice: Finished catalog run in 0.02 seconds    #到此证书申请完成!

   ctrl + c 结束进程

   5.启动slave端, 命令:/etc/rc.d/init.d/puppet start

 注:如遇到错误提示http://my.oschina.net/denglz/blog/164700,这上面有一些常见的错误解答.

-------完成上面步骤以后,只能说面master和slave能够连接, 至于你想让他做什么工作就看你自己怎么配置了!

我的需要是让puppet帮我实现文件分发, 要求: slave不自动更新master的目录和文件,需要更新时由master端向下推送!

http://sfzhang88.blog.51cto.com/4995876/1160131

http://502245466.blog.51cto.com/7559397/1312837

本文出自 “求学” 博客，请务必保留此出处http://denglz.blog.51cto.com/3617037/1359294

centos 搭建 puppet

原文：http://denglz.blog.51cto.com/3617037/1359294