一. 安装
1. 安装源
#163系统基础源
wget http://mirrors.163.com/.help/CentOS6-Base-163.repo -P /etc/yum.repos.d/
rhel 6.0 sohu源
[sohu]
name = sohu
baseurl = http://mirrors.sohu.com/centos/6/os/x86_64/
enabled = 1
gpgcheck = 0
http://mirrors.sohu.com/centos/7.0.1406/os/x86_64/
#puppet官方源
rhel7 :
rpm -Uvh http://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm
rhel 6:
rpm -Uvh http://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-10.noarch.rpm
rhel 5:
rpm -Uvh http://yum.puppetlabs.com/el/5/products/x86_64/puppetlabs-release-5-1.noarch.rpm
安装中报错及解决:
1.Requires: ruby(selinux)
wget http://download.longgeek.com/Puppet_for_rhel6.2/libselinux-ruby-2.0.94-5.2.el6.x86_64.rpm
wget http://people.redhat.com/dwalsh/SELinux/RHEL6/x86_64/libselinux-ruby-2.0.94-5.2.el6.x86_64.rpm
2.Requires: rubygems
wget http://rpmfind.net/linux/centos/6.3/os/x86_64/Packages/rubygems-1.3.7-1.el6.noarch.rpm
3.Requires: ruby-rdoc
wget http://download.longgeek.com/Puppet_for_rhel6.2/ruby-rdoc-1.8.7.352-3.el6.x86_64.rpm
#以下网站可统一下载所有依赖包:
http://download.longgeek.com/Puppet_for_rhel6.2/
#服务端安装
yum install puppet puppet-server
#客户端安装
yum install puppet
二. 客户端连接测试:
1.服务端配置:
#新建主配置文件:
cat /etc/puppet/manifests/site.pp
import "nodes.pp"
#新建节点默认配置文件(用于连接客户端测试):
#以下配置文件,将在所有客户端上新建一个/tmp/test 文件,内容为“hello\n”,文件权限为“ 0644”
cat /etc/puppet/manifests/nodes.pp
node default {
file{
"/tmp/test":
content=>"hello\n",
mode=>0644;
}
}
#开启puppet服务:
/etc/init.d/puppetmaster start
#启动后会开启8140端口
netstat –ntlp
tcp 0 0 0.0.0.0:8140 0.0.0.0:* LISTEN 3127/ruby
#让puppet服务开机启动
chkconfig puppetmaster on
2.客户端
#申请连接到服务端的SSL证书
puppet agent --server master_hostname --test
Info: Caching certificate for ca
Info: Creating a new SSL certificate request for client.com
Info: Certificate Request fingerprint (SHA256): 2E:7F:F1:FA:43:FC:B7:6B:7CE:15:31:C0:73:46:A6:40:02:E9:74:FF:1B9C:C283:2B:6E:29:45:64
Exiting; no certificate found and waitforcert is disabled
#这时在服务端查看客户端申请请求:
puppet cert –-list
#服务端向客户端颁发证书
puppet cert –s clinet_hostname
4. 证书颁发后可在/var/lib/puppet/ssl/ca/signed 中 可以看到颁发的证书
3. 验证服务端与客户端是连接是否正常:在客户端执行:
[root@node2 /]# puppet agent --server puppet.paidui.cn --test
Info: Caching certificate for node2.paidui.cn
Info: Caching certificate_revocation_list for ca
Info: Retrieving plugin
Info: Caching catalog for node2.paidui.cn
Info: Applying configuration version '1363779682'
Notice: /Stage[main]//Node[default]/File[/tmp/test]/ensure: defined content as '{md5}b1946ac92492d2347c6235b4d2611184'
Info: Creating state file /var/lib/puppet/state/state.yaml
Notice: Finished catalog run in 0.06 seconds
#执行完成后,/etc/tmp/test 文件已经建立,表示成功。
Error: Could not request certificate: Could not write C:/ProgramData/PuppetLabs/
puppet/etc/ssl/private_keys/web-211.pem to privatekeydir: invalid byte sequence
in US-ASCII
PF大神分享:
http://note.youdao.com/share/?id=a0ba9354124551e375116bede22774f6&type=note