环境的介绍
服务端:192.168.0.119 sr119-monitor CentOS release 5.3 (Final) 64位
客户端:192.168.0.14 sr14-lvs CentOS release 5.3 (Final) 32位
关闭Selinux,
一. 下载安装所需软件包及基础环境配置
#wget
#wget
1)添加puppet用户
#groupadd puppet
#useradd -g puppet -s /bin/false -M puppet
2)修改hosts文件
#echo "192.168.0.119 sr119-monitor" >>/etc/hosts
#echo "192.168.0.14 sr14-lvs" >>/etc/hosts
3)ruby,Puppet是基于ruby开发的,所以必须安装ruby,可以使用yum或rpm安装ruby。
#rpm -qa|grep ruby
ruby-libs-1.8.5-5.el5_3.7
ruby-1.8.5-5.el5_3.7
二.安装,服务器端和客户端一致
1)安装facter,用来搜集当前系统的环境变量
#tar -zxvf facter-1.6.4.tar.gz
#cd facter-1.6.4
#ruby install.rb
#facter //可以看到系统信息
安装成功
2)安装puppet
#tar -zxvf puppet-2.7.9.tar.gz
#cd puppet-2.7.9
#ruby install.rb
#cp conf/redhat/* /etc/puppet/
3)验证安装是否成功
# puppet master
#ps –ef|grep puppet|grep –v grep
puppet 18967 1 0 15:08 ? 00:00:00 /usr/bin/ruby /usr/bin/puppet master
看到上面信息证明安装成功
三,服务器端设置
#cp /etc/puppet/server.init /etc/init.d/puppetmasterd
#chmod 755 /etc/init.d/puppetmasterd
#chkconfig --add puppetmasterd
#chkconfig --level 35 puppetmasterd on
#service puppetmasterd start
#netstat -natlp|grep ruby
tcp 0 0 0.0.0.0:8140 0.0.0.0:* LISTEN 18967/ruby
Puppet服务端默认8140端口侦听服务,需要在iptables上开启该端口。
四,客户端配置
#cp /etc/puppet/client.init /etc/init.d/puppetd
#chmod 755 /etc/init.d/ puppetd
#chkconfig --add puppetd
#chkconfig --level 35 puppetd on
#service puppetd start
# ps -ef|grep puppet|grep -v grep
root 2572 1 0 15:08 ? 00:00:00 /usr/bin/ruby /usr/sbin/puppet
五.审批证书
1)客户端申请证书
# puppetd --server sr119-monitor --test
info: Creating a new SSL key for sr14-lvs
warning: peer certificate won't be verified in this SSL session
info: Caching certificate for ca
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
info: Creating a new SSL certificate request for sr14-lvs
info: Certificate Request fingerprint (md5): 69:BE:01:74:06:FF:42:BB:78:59:29:F6:09:AA:14:BB
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
Exiting; no certificate found and waitforcert is disabled
2)服务端接受证书
查看当前待批准证书列表
# puppetca --list
sr14-lvs
批准当前证书
# puppetca -s sr14-lvs
# puppetca -s -a \\批准所有申请的证书
PS:
在/etc/puppet/puppet.conf里加入autosign = true,可以实现自动认证
3)客户端取回通过审批的证书
# puppetd --server sr119-monitor --test
warning: peer certificate won't be verified in this SSL session
info: Caching certificate for sr14-lvs
info: Caching certificate_revocation_list for ca
info: Caching catalog for sr14-lvs
info: Applying configuration version '1315491634'
notice: Finished catalog run in 0.02 seconds
注意:生成证书时主机名会写入证书,如果生成证书后再更改主机名证书就失效了。
4)重新审批变更过主机名的机器
服务端删除以前注册的证书
#rm -rf /var/lib/puppet/ssl/ca/signed/sr14-lvs.pem
客户端删除ssl目录,然后重新执行1,2,3步骤
#rm -rf /var/lib/puppet/ssl/
ps:
申请证书时如出现error 字样 则 删除client上的ssl文件夹,重新执行puppetd --server sr119-monitor --test
err: Could not retrieve catalog from remote server: certificate verify failed
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run
六.测试
1.在服务器端建立manifest
# vi /etc/puppet/manifests/site.pp
node default {
file { "/tmp/temp.txt":
content =>"Hello the world!";}
}
保存退出。
2.在客户端执行命令获取任务
# puppetd --server sr119-monitor --test
info: Caching catalog for sr14-lvs
info: Applying configuration version '1316163118'
notice: /Stage[main]//Node[default]/File[/tmp/temp.txt]/ensure: defined content as '{md5}e777f67b068b983360554b28cf6d0bb7'
notice: Finished catalog run in 0.13 seconds
3.在客户端查看结果
# cat /tmp/temp.txt
Hello the world!
发现文件已经完成同步,测试成功!
阅读(1853) | 评论(2) | 转发(1) |