主机命名方式：
            角色名-运营商-机房名-机器IP.域名
          
            web-cnc-sh-1.1.1.1.shamereedwine.com

三个节点，确保三个节点能互相解析
agent   node1：  node1.shamereedwine.com  192.168.0.109
agent   node2：  node2.shamereedwine.com  192.168.0.113
Master  192.168.0.112



Master：

1、安装puppet-server
[root@www ~]# yum install puppet-server

2、使用puppet help master查看一些帮助信息
[root@www puppet]# puppet help master
puppet-master(8) -- The puppet master daemon
========

SYNOPSIS
--------
The central puppet server. Functions as a certificate authority by
default.


USAGE
-----
puppet master [-D|--daemonize|--no-daemonize] [-d|--debug] [-h|--help]
  [-l|--logdest syslog||console] [-v|--verbose] [-V|--version]
  [--compile ]

----------


3、以非守护进程方式运行,开启调试模式、详细模式，可以看到在相应的目录下生成证书和公钥、私钥文件
puppet master --no-daemonize -d -v

cd  /var/lib/puppet/ssl

[root@www ssl]# ls
ca  certificate_requests  certs  crl.pem  private  private_keys  public_keys

4、生成配置文件，把该命令生成的信息追加到/etc/puppet/puppet.conf的文件中
[root@www ssl]# puppet master --genconfig >> /etc/puppet/puppet.conf

5、启动puppet-server 服务
[root@www ssl]# service puppetmaster start
启动 puppetmaster：                                        [确定]

6、查看puppet监听的端口
[root@www ssl]# ss -tnlp
State       Recv-Q Send-Q                                        Local Address:Port                                          Peer Address:Port
LISTEN      0      5                                                         *:8140                                                     *:*      users:(("puppet",25643,5))

node1:
node2:

配置并安装官网的yum源
wget
rpm -ivh puppetlabs-release-6-5.noarch.rpm

yum install puppet


node2:

1、修改主配置文件指定server的地址
vim  /etc/puppet/puppet.conf
server =

2、以测试的方式执行
[root@node2 ~]# puppet agent --server -d -v --noop --test

Master：

1、列出签署证书请求，看到下面是node2发来的
[root@www ssl]# puppet cert list
"node2.shamereedwine.com" (SHA256) 12:FC:FD:89:64:98:C9:96:49:62:81:AB:B4:14:B2:A2:7A:1A:48:A3:B0:DC:1B:56:D3:2A:A4:A4:0E:FF:49:FC

2、给node2签署证书
[root@www ssl]# puppet cert sign node2.shamereedwine.com
Notice: Signed certificate request for node2.shamereedwine.com
Notice: Removing file Puppet::SSL::CertificateRequest node2.shamereedwine.com at '/var/lib/puppet/ssl/ca/requests/node2.shamereedwine.com.pem'

node2:
请求自己的catalog
[root@node2 ~]# puppet agent --server -d -v --test

Master：

1、定义站点pp文件，
cd  /etc/puppet/manifests
[root@www manifests]# vim site.pp
import "*.shamereedwine.com.pp"

[root@www manifests]# vim node2.shamereedwine.com
node 'node2.shamereedwine.com' {
        include nginx::web
}

2、重启puppetmaster
[root@www init.d]# service puppetmaster restart
停止 puppetmaster：                                        [确定]
启动 puppetmaster：                                        [确定]

node2:
重新请求自己的catalog
[root@node2 ~]# puppet agent --server -d -v --test

Master：

1、复制节点2为节点1
[root@www manifests]# cp node2.shamereedwine.com node1.shamereedwine.com

2、修改节点1的配置
[root@www manifests]# vim node1.shamereedwine.com
node 'node1.shamereedwine.com' {
        include nginx::web
}

node1:
修改自己的puppet.conf配置文件，把server指向puppetmaster的地址
vim  /etc/puppet/puppet.conf
server =

Master
1、给node1签下名
[root@www manifests]# puppet cert sign node1.shamereedwine.com
Notice: Signed certificate request for node1.shamereedwine.com
Notice: Removing file Puppet::SSL::CertificateRequest node1.shamereedwine.com at '/var/lib/puppet/ssl/ca/requests/node1.shamereedwine.com.pem'


总结：
        puppet master:
            1、安装puppet-master
            2、# puppet master --genconfig  >> /etc/puppet/puppet.conf
            3、启动puppetmaster服务
     
        puppet agent:
            1、安装puppet
            2、编辑配置文件/etc/puppet/puppet.conf，在[agent]添加
                 server=puppetmaster的主机名或域名
            3、启动puppet服务

          签署证书：
                 master:
                       #  puppet cert list
                       #  puppet cert sign NODE_NAME
                       #  puppet cert sign --all
        
           注意： master端的任何修改，都要重新装载puppetmaster服务：