1)创建puppet帐号和组:
[root@localhost ~]#useradd -r puppet
2)安装ruby:
[root@localhost ~]#yum -y install ruby ruby-libs ruby-shadow
3)下载源码文件:
[root@localhost ~]#mkdir tools; cd tools
[root@localhost tools]#wget
[root@localhost tools]#wget
[root@localhost tools]#tar zxvf facter-1.6.0.tar.gz
[root@localhost tools]#cd facter-1.6.0
[root@localhost tools]# facter --在客户端和服务器端执行(获取变量名和内容)
[root@localhost facter-1.6.0]#./install.rb
[root@localhost facter-1.6.0]#cd ..
[root@localhost tools]#tar zxvf puppet-2.7.2.rc2.tar.gz
[root@localhost tools]#cd puppet-2.7.2.rc2
[root@localhost puppet-2.7.2.rc2]#./install.rb
4)防火墙配置(puppetserver):
-A INPUT -p tcp -m state --state NEW --dport 8140 -j ACCEPT
&配置阶段最好是关闭防火墙来调试
5)server端的安装配置和启动服务:
[root@server puppet-2.7.2rc2]# cp conf/redhat/fileserver.conf /etc/puppet/
[root@server puppet-2.7.2rc2]# cp conf/redhat/puppet.conf /etc/puppet/
[root@server puppet-2.7.2rc2]# cp conf/redhat/server.init /etc/init.d/puppetmaster
[root@server puppet-2.7.2rc2]# chmod +x /etc/init.d/puppetmaster
[root@server puppet-2.7.2rc2]# chkconfig --add puppetmaster
[root@server puppet-2.7.2rc2]# chkconfig puppetmaster on
[root@server puppet-2.7.2rc2]# service puppetmaster start
Starting puppetmaster: [ OK ]
6)测试(服务器端或客户端都可以):
[root@localhost ~]#puppetd --test --server db-212
info: Caching catalog for db-212
info: Applying configuration version '1312638608'
info: Creating state file /var/lib/puppet/state/state.yaml
notice: Finished catalog run in 0.06 seconds
7) [root@puppet puppet]# puppetca --list
[root@puppet puppet]# puppetca --configprint ssldir
/etc/puppet/ssl
[root@puppet puppet]# puppetmasterd --configprint ssldir
/etc/puppet/ssl
[root@puppet puppet]# puppetd --test --debug
问题集:
Q:[root@db-212 ~]# puppetd --test --server db-212
dnsdomainname: Unknown host
dnsdomainname: Unknown host
err: Could not request certificate: Connection refused - connect(2)
Exiting; failed to retrieve certificate and waitforcert is disabled
A:此错误是没有启动puppetmasterd服务和配置绑定主机名
[root@localhost ~]#vi /etc/hosts
在最后一行添加:
192.168.1.2 db-212
[root@localhost ~]#puppetmasterd --启动服务
Q: [root@t-db2 ~]# puppetd --server puppet.com --test
err: Could not request certificate: No route to host - connect(2)
Exiting; failed to retrieve certificate and waitforcert is disabled
A: server端没有开启8140 port or close iptables firewall
Q: [root@db-211 puppet-2.7.2rc2]# puppetd --test --server db-212
info: Creating a new SSL key for db-211
err: Could not request certificate: getaddrinfo: Name or service not known
Exiting; failed to retrieve certificate and waitforcert is disabled
A: 客户端没有配置服务器端的域名绑定:
[root@localhost ~]#vi /etc/hosts
在最后一行添加:
192.168.1.2 db-212
Q: [root@t-db2 ~]# puppetd --server puppet.com --test
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
Exiting; no certificate found and waitforcert is disabled
A: 在puppet server执行下列语句:
[root@puppet ~]# puppetca -l --返回下个未签名的证书清单
t-db2
[root@puppet ~]# puppetca -s t-db2 --签名证书
notice: Signed certificate request for t-db2
notice: Removing file Puppet::SSL::CertificateRequest t-db2 at '/var/lib/puppet/ssl/ca/requests/t-db2.pem'
&puppet配置文件结构图:
& ensure => absent; #absent是检测文件是否存在,如果存在则删除
ensure => present; #present正好相反,如果不存在则创建
ensure => directory; #创建一个目录的方法
force = > true; 删除一个目录必须加上这个参数
source => "PATH"; 指定数据来源
backup => ".bak_$uptime_seconds"; 覆盖前备份文件
阅读(3389) | 评论(0) | 转发(0) |
