Centos6.2下puppet客户端安装

安装过程：

Centos6.2编译 ruby-1.8.6-p114报错：

    ./configure    #正常

    make             #报错

    error1：math.c:37:13: error: missing binary operator before token "("

    --> 修改math.c文件line37，修改define 为 defined

    error2：compiling openssl处出错退出

 

原因：ruby-1.8.6/1.8.7不支持openssl-1.0， Ruby 源码安装时用到 openssl 必须是 0.9.8X，而openssl-1.0为Centos6.2安装中自带，升级ruby版本至1.9

 

wget http://ftp.ruby-lang.org/pub/ruby/ruby-1.9-stable.tar.gz

tar zxvf filename

./configure

make

make install

一切正常

ruby --version

    ---> ruby 1.9.2p290 (2011-07-09 revision 32553) [x86_64-linux]

 

按正常步骤安装完

    facter-1.6.0.tar.gz

    puppet-2.7.1.tar.gz

执行puppet测试命令

puppetd --server puppetmaster --test 

    info: Creating a new SSL key for puppet_client

    err: Could not request certificate: SSL_connect returned=1 errno=0 3 read server certificate B: certificate verify failed

    Exiting; failed to retrieve certificate and waitforcert is disabled

 

为ruby-1.9的普遍ssl错误，无法与puppetmaster通信请求ssl证书，需要手动生成

（参考链接：http://urgetopunt.com/puppet/2011/09/14/puppet-ruby19.html）

1.拷贝puppetmaster上的ca.pem到客户端的puppet/ssl/certs/目录

    scp root@puppetmaster_ip:/var/lib/puppet/ssl/certs/ca.pem /etc/puppet/ssl/certs/

2.这一步是求puppetmaster的ca.pem的哈希值?

    openssl x509 -hash -noout -in /etc/puppet/ssl/certs/ca.pem

    --> da939353

3.查看本机openssl目录

    openssl version -d

    --> OPENSSLDIR: "/etc/pki/tls"

4.创建一个软连接

    ln -s /etc/puppet/ssl/certs/ca.pem /etc/pki/tls/certs/da939353 .0

    ###da939353 .0 --link to-> /etc/puppet/ssl/certs/ca.pem

5.再执行

    puppetd --server puppetmaster --test

6.执行成功，验证方法

    登录puppetmaster，在/var/lib/puppet/ssl/ca/signed里有认证文件

    puppetca -l -a|grep $puppet_agent_name也能查找认证文件