puppet安装测试

puppet安装测试

一,环境

 1,ip地址

   server端:192.168.2.129  (centos5.6  i386)

   client端:192.168.2.130  (centos5.6  i386)

 2,配置环境

    Puppet是基于Ruby写成的,安装前服务端和客户端都要准备好Ruby环境.

    配置yum源

   vim /etc/yum.repo.d/puppet.repo

[puppetlabs]  

name=Puppet Labs Packages  

baseurl=http://yum.puppetlabs.com/base/  

enabled=0  

gpgcheck=0 

 

    vim /etc/yum.repo.d/ruby.repo

[ruby]

name=ruby 

baseurl=http://centos.karan.org/el5/misc/testing/i386/RPMS/ 

gpgcheck=0 

enabled=0

    安装ruby环境

     yum install ruby ruby-rdoc 

 

注意:安装puppet 2.6需要有ruby1.8.6的支持,以上安装的ruby为1.8.6

 

二,安装

  1,服务器端(192.168.2.129)

     安装epel

     rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-4.noarch.rpm

    

     安装puppet服务

     yum --enablerepo=epel,epel-puppet install puppet-server

    

     chkconfig --level 2345 puppetmaster on 

 

     修改hosts,添加下面行:

      192.168.2.129    server.puppet.com   

      192.168.2.130    client.puppet.com

     

     Server端首次运行前,编辑/etc/puppet/manifests/site.pp文件,内容可以用最基本的

[root@server manifests]# vim site.pp

 

node "client.puppet.com" {

        file {"/tmp/temp1.txt" : 

               content => "hello,client."

             }

}

 

 

   2,客户端(192.168.2.130)

      安装epel

      rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-4.noarch.rpm

    

      安装puppet服务

      yum install puppet

      chkconfig --level 2345 puppet on 

 

      修改hosts,添加下面行:

      192.168.2.129    server.puppet.com   

      192.168.2.130    client.puppet.com

 

三,测试

   1,启动

 

    服务器端启动puppet

    [root@server ~]# /etc/init.d/puppetmaster start

  

    客户端启动puppet

    [root@client ~]#/etc/init.d/puppet once -v

这时客户机会去连接服务器端,但是由于连接是在ssl上的,而服务器还没有sign过客户端的cert,客户机被断开,客户机端的服务也会被停

 

止。

    [root@client ~]# puppetd --server server.puppet.com --test

 

     客户端发出请求认证

    

    服务器端

    [root@server ~]# puppetca --list

client.puppet.com (67:BE:EA:24:79:F2:16:8F:D9:59:F4:C1:3B:8D:DC:19)

如果出现以上信息说明服务器端和客户端连接成功,下面可以给客户机签名。

    [root@server ~]# puppetca  --sign  client.puppet.com

     

    客户端

    在服务器端给客户端做完签名后,在客户端启动puppetd,可以看到客户在正常连接server。并且应用sever上为客户定制的配置策略。

    [root@client ~]#/etc/init.d/puppet once -v

 

   2,测试连接

     在测试前,首先用客户端连接服务器端。

     客户端执行:

[root@client ~]# puppetd --server server.puppet.com --test

warning: peer certificate won't be verified in this SSL session

info: Caching certificate for ca

warning: peer certificate won't be verified in this SSL session

warning: peer certificate won't be verified in this SSL session

info: Creating a new SSL certificate request for client.puppet.com

info: Certificate Request fingerprint (md5): 67:BE:EA:24:79:F2:16:8F:D9:59:F4:C1:3B:8D:DC:19

warning: peer certificate won't be verified in this SSL session

warning: peer certificate won't be verified in this SSL session、

warning: peer certificate won't be verified in this SSL session

Exiting; no certificate found and waitforcert is disabled

 

  如果出现以下错误:

错误1:

[root@client ~]# puppetd --server server.puppet.com --test

warning: peer certificate won't be verified in this SSL session

info: Caching certificate for ca

warning: peer certificate won't be verified in this SSL session

info: Caching certificate for client.puppet.com

err: Could not request certificate: Retrieved certificate does not match private key; please remove certificate from server 

 

and regenerate it with the current key

Exiting; failed to retrieve certificate and waitforcert is disabled

   解决方法:

    #puppetca --clean client.puppet.com   (服务端)  或者     #puppetca -c -a

    #/etc/init.d/puppetmaster restart  (服务端)

    #rm -rf /var/lib/puppet     (客户端)

    #/etc/init.d/puppet stop  && /etc/init.d/puppet once -v   (客户端)

     # puppetd --server server.puppet.com --test (客户端)

    #puppetca --list        (服务端)

client.puppet.com (67:BE:EA:24:79:F2:16:8F:D9:59:F4:C1:3B:8D:DC:19)

如果出现以上信息说明服务器端和客户端连接成功

 

 错误2:

 [root@client ~]# puppetd --server server.puppet.com --test

warning: peer certificate won't be verified in this SSL session

info: Caching certificate for client.puppet.com

err: Could not retrieve catalog from remote server: certificate verify failed

warning: Not using cache on failed catalog

err: Could not retrieve catalog; skipping run

 解决方法:

    是由于服务器端和客户端的时间不同步造成的,在客户端和服务器端执行:

[root@server ~]# /usr/sbin/ntpdate time.nist.gov

 [root@client ~]# /usr/sbin/ntpdate time.nist.gov

然后重复错误1的解决方法步骤!

 错误3:

 [root@client ~]# puppetd --server server.puppet.com --test

notice: Run of Puppet configuration client already in progress; skipping

 

解决方法:

出现此现象是由于/etc/puppet/manifests/site.pp配置文件没有写正确

[root@server ~]# cat /etc/puppet/manifests/site.pp

node "client.puppet.com" {

        file {"/tmp/temp1.txt" : 

               content => "hello,client."

#               source => "puppet://server.puppet.com/tmp/temp1.txt"

             }

}

     客户端需要再次执行:

[root@client ~]#puppetd --server server.puppet.com --verbose --waitforcert 60

--server 告诉它master节点的ip,--waitforcert 每60秒去server端检查,--verbose 可选的输出冗余信息   

  或者   [root@client ~]# puppetd --server server.puppet.com --test 

 

warning: peer certificate won't be verified in this SSL session

info: Caching certificate for client.puppet.com

info: Caching certificate_revocation_list for ca

info: Caching catalog for client.puppet.com

info: Applying configuration version '1322473855'

info: Creating state file /var/lib/puppet/state/state.yaml

notice: Finished catalog run in 0.03 seconds

 

 

配置成功的标志:

 

 当申请到证书以后我们对比下这两个文件,他们的MD5值是一样的

服务端:[root@server ~]# md5sum /var/lib/puppet/ssl/ca/signed/client.puppet.com.pem 

e3152aea5e755a10a02604d51d7ab56d  /var/lib/puppet/ssl/ca/signed/client.puppet.com.pem

客户端:[root@client ~]# md5sum /var/lib/puppet/ssl/certs/client.puppet.com.pem 

e3152aea5e755a10a02604d51d7ab56d  /var/lib/puppet/ssl/certs/client.puppet.com.pem

 

 

 

   3,测试实验

     在客户端查看puppet服务是否启动,然后执行:

 [root@client tmp]# puppetd --server server.puppet.com --test

info: Caching catalog for client.puppet.com

info: Applying configuration version '1322450970'

notice: /Stage[main]//Node[client.puppet.com]/File[/tmp/temp1.txt]/ensure: defined content as '{md5}

 

e105a4b8fc6a6001dc7c28526c20c0d4'

notice: Finished catalog run in 0.04 seconds

  执行后:

[root@client ~]# cat /tmp/temp1.txt 

hello,client.

说明配置成功

 

 

 

 

 

[root@server puppet]# /etc/init.d/puppetmaster restart

Stopping puppetmaster: [FAILED]

Starting puppetmaster: /usr/lib/ruby/site_ruby/1.8/puppet/network/http.rb:8:in `server_class_by_type': Mongrel is not 

 

installed on this platform (ArgumentError)

        from /usr/lib/ruby/site_ruby/1.8/puppet/network/server.rb:157:in `http_server_class_by_type'

        from /usr/lib/ruby/site_ruby/1.8/puppet/network/server.rb:137:in `http_server_class'

        from /usr/lib/ruby/site_ruby/1.8/puppet/network/server.rb:58:in `initialize'

        from /usr/lib/ruby/site_ruby/1.8/puppet/application/master.rb:104:in `new'

        from /usr/lib/ruby/site_ruby/1.8/puppet/application/master.rb:104:in `main'

        from /usr/lib/ruby/site_ruby/1.8/puppet/application/master.rb:46:in `run_command'

        from /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:305:in `run'

        from /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:420:in `hook'

        from /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:305:in `run'

        from /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:411:in `exit_on_fail'

        from /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:305:in `run'

        from /usr/sbin/puppetmasterd:4

[FAILED]

配置文件用默认的就不会报错

 

关于设置主机名:

在客户端服务器上只需修改hostname.rb,在主机名前加上mac地址,就不用修改/etc/hosts,这样可以保证主机名的唯一性。

[root@CDN-BJ-186 ~]# vim /usr/lib/ruby/site_ruby/1.8/facter/hostname.rb 

 

Facter.add(:hostname, :ldapname => "cn") do

    setcode do

        hostname = nil

        name = Facter::Util::Resolution.exec('/sbin/ifconfig -a |sed -n \'1p\'|awk \'{gsub(/:/,"-",$5);print $5".oss.com"}\'') or nil

        if name

            if name =~ /^([\w-]+)\.(.+)$/

                hostname = $1+"-core"

                # the Domain class uses this

                $domain = $2

            else

                hostname = name

            end

            hostname

        else

            nil

        end

    end

end

 

Facter.add(:hostname) do

    confine :kernel => :darwin, :kernelrelease => "R7"

    setcode do

        %x{/usr/sbin/scutil --get LocalHostName}

    end

end

 

或者

Facter.add(:hostname, :ldapname => "cn") do

  setcode do

    hostname = nil

    #if name = Facter::Util::Resolution.exec('hostname')

    if name = Facter::Util::Resolution.exec("ifconfig |grep eth0|awk '{print $NF}'|head -n 1")

      if name =~ /(.*?)\./

        hostname = $1

      else

        hostname = name

      end

    end

    hostname + ".ku6-puppet.com"

  end

end

 

Facter.add(:hostname) do

  confine :kernel => :darwin, :kernelrelease => "R7"

  setcode do

    Facter::Util::Resolution.exec('/usr/sbin/scutil --get LocalHostName')

  end

end

 

 客户端和服务端都只需要加上服务器域名和对应的ip

10.10.10.2     server.puppet.com

 

 

puppet常用命令

检查manifests文件是否有语法错误

puppet  --parseonly  manifests/site.pp

调试代码命令

puppet -l /tmp/site.log  /etc/puppet/manifests/site.pp

调试代码片段

puppet apply -e 'file {"/tmp/temp.txt":content=>"123"}'

显示模块路径命令

puppet  --configprint  modulepath

显示所有设置

puppet  --configprint  all

可参考: http://www.mysqlops.com/2011/10/18/puppet-zhongwen.html

http://www.slideshare.net/myw58/puppet-7159473

你可能感兴趣的:(puppet安装测试)