一. 服务器端和客户端都需要做的操作。
1. 下载软件
wget
http://puppetlabs.com/downloads/facter/facter-1.6.4.tar.gz
wget http://downloads.puppetlabs.com/puppet/puppet-2.7.9.tar.gz
2. 安装ruby puppet是ruby开发的,所以需要安装。
Yum -y install ruby
3. 安装facter
Ruby install.rb
4. 安装puppet 安装都非常快。不到1分钟。
Ruby install.rb
5. 同步时间
cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
/usr/sbin/ntpdate time.nist.gov
二. 服务器端的操作。
1. 创建目录,拷贝文件等。
mkdir /etc/puppet
cp conf/auth.conf /etc/puppet/
cp conf/redhat/fileserver.conf /etc/puppet/
cp conf/redhat/puppet.conf /etc/puppet/
cp conf/redhat/server.init /etc/init.d/puppetmaster
chmod 755 /etc/init.d/puppetmaster
chkconfig --add puppetmaster
chkconfig puppetmaster on
mkdir -p /etc/puppet/manifests
2. 创建puppet帐户
puppetmasterd --mkusers
3. 建立相应的目录
mkdir /var/lib/puppet/rrd/
chown puppet.puppet /var/lib/puppet/rrd/
4. 启动服务 /etc/init.d/puppetmaster start
三. 客户端端的操作
1. 创建目录,拷贝文件等
mkdir /etc/puppet
cp conf/auth.conf /etc/puppet/
cp conf/namespaceauth.conf /etc/puppet/
cp conf/redhat/puppet.conf /etc/puppet/
cp conf/redhat/client.init /etc/init.d/puppet
chmod 755 /etc/init.d/puppet
chkconfig --add puppet
chkconfig puppet on
2. 创建puppet用户和组
puppetd –mkusers ;如果报错,则手工建立puppet用户和组(puppet放到puppet组)
3. 创建目录
mkdir /var/lib/puppet/rrd
chown puppet.puppet /var/lib/puppet/rrd
四. 测试
1. 客户端执行puppetd --test --server server.puppet.com发送认证请求
[root@localhost puppet-2.7.9]# puppetd --test --server server.puppet.com
warning: peer certificate won't be verified in this SSL session
info: Caching certificate for ca
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
info: Creating a new SSL certificate request for localhost.localdomain
info: Certificate Request fingerprint (md5): C5:76:BF:68:12:82:BD:42:86:0F:28:16:1B:6A:75:DD
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
Exiting; no certificate found and waitforcert is disabled
2. 服务器端执行puppetca -s -a
[root@biansongshan-d1 soft]# puppetca -s –a发送接受请求。
notice: Signed certificate request for localhost.localdomain
notice: Removing file Puppet::SSL::CertificateRequest localhost.localdomain at '/var/lib/puppet/ssl/ca/requests/localhost.localdomain.pem'
3. 客户端再次发送请求puppetd --test --server server.puppet.com
[root@localhost puppet-2.7.9]# puppetd --test --server server.puppet.com
info: Caching certificate_revocation_list for ca
info: Caching catalog for localhost.localdomain
info: Applying configuration version '1325218033'
info: Creating state file /var/lib/puppet/state/state.yaml
notice: Finished catalog run in 0.04 seconds
出现上面信息表示server端已接受请求,连接成功。如果报下面错误
[root@localhost puppet-2.7.9]# puppetd --test --server server.puppet.com
err: Could not retrieve catalog from remote server: hostname not match with the server certificate
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run
err: Could not send report: hostname not match with the server certificate
则需要修改服务器的主机名和本机的hosts解析。
五. 实际举例子
到这里证明puppet的基本设置已经没有问题了;下面举一个例子:
1. 现在在服务器的/etc/puppet/manifests/建立site.pp里面放置如下内容
node default {
file{"/tmp/a.txt":
content => "helo,I am abc.bbb!abc.aaa \n bbbbbb \n cccc \n dddd \n",
ensure => present,
mode => 644,
owner => root,
group => root,
}
}
2. 在客户端上执行puppetd --test --server server.puppet.com可以发现/tmp/会生成a.txt文件,内容是content里面的内容。
[root@localhost ~]# cat /tmp/a.txt
helo,I am abc.bbb!abc.aaa
bbbbbb
cccc
dddd
到这里就已经完全ok了。