環境:
系統:centos5.6
puppet服務器:192.168.56.123 puppet-server
puppet客戶端:192.168.56.124 client
注意:最小化安裝centos5.6並修改好相應的ip和hostname才能繼續以下步驟,否則先安裝puppet後修改主機名,puppet生成的ca文件將不能使用。
安裝擴展源:(服務端客戶端都要安裝)
訪問https://fedoraproject.org/wiki/EPEL/zh-cn,選擇相應的epel-release'包
安裝:
wget http://download.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm
rpm -Uvh epel-release-5-4.noarch.rpm
安裝ntp對時程序:
yum install -y ntp
對時程序加入crontab:
vi /etc/crontab
添加:
5 * * * * root /sbin/ntpdate pool.ntp.org >/dev/null 2>&1
Server端安裝:
yum install -y puppet-server ruby ruby-rdoc
chkconfig --level 35 puppetmaster on
添加客戶端到hosts:
vi /etc/hosts
192.168.56.124 client
啓動puppet服務器:
創建三個目錄:
mkdir -p /etc/puppet/manifests/{classes,files,nodes}
設置全局參數:
vi /etc/puppet/manifests/site.pp
添加:
import "nodes/*.pp"
import "classes/*.pp"
創建類:
vi /etc/puppet/manifests/classes/test_class.pp
編輯:
class test_class {
file { "/tmp/testfiles":
ensure => present,
mode => 644,
owner => root,
group => root
}
}
vi /etc/puppet/manifests/classes/linux_Environment_class.pp
編輯:
class linux_Environment_class {
file { "/etc/profile.d/global.sh":
source =>"puppet://puppet-server/files/global.sh",
ensure => present,
mode => 644,
owner => root,
group => root
}
}
添加節點主機:
vi /etc/puppet/manifests/nodes/client.pp
編輯:
node client {
include test_class
include linux_Environment_class
}
配置服務器端文件服務:
vi /etc/puppet/fileserver.conf
添加:
[files]
path /etc/puppet/manifests/files
allow 192.168.56.0/24
創建存放files的文件夾:
mkdir -p /etc/puppet/manifests/files
將global.sh文件拷貝到/etc/puppet/manifests/files 下:
scp [email protected]:/etc/profile.d/global.sh /etc/puppet/manifests/files/global.sh
puppet服務端如何配置自動給客戶端簽名:
編輯 /etc/puppet/puppet.conf添加如下內容:
vi /etc/puppet/puppet.conf
[puppetmaster]
autosign=true
autosign = /etc/puppet/autosign.conf
再編輯 /etc/puppet/autosign.conf添加 * 表示所有,或者添加域名,舉例:
vi /etc/puppet/autosign.conf
添加:
*
*.example.com
啓動Server端:
service puppetmaster start
查看服務端是否啓動成功:
ps aux|grep 'puppet'|grep -v grep
注意:如不成功,查看相關日誌:
tail -f /var/log/messages |grep 'puppet'
客戶端安裝:
yum install -y puppet ruby ruby-rdoc
chkconfig --level 35 puppet on
修改客戶端配置:
vi /etc/puppet/puppet.conf
添加:
runinterval = 30 #30秒
server=puppet-server
listen = true
注意:這個值默認是1800秒,表示檢查更新的時間間隔(秒)。
server指定的是puppet服務器名。
listen打開本地監聽端口8139
添加server端到hosts:
vi /etc/hosts
192.168.56.123 puppet-server
啓動客戶端:
/etc/init.d/puppet start
客戶端向服務器端發送測試請求:
puppetd --test --server puppet-server
會出現以下信息:
[root@client ~]# puppetd --test --server puppet-server
warning: peer certificate won't be verified in this SSL session
info: Caching certificate for ca
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
info: Creating a new SSL certificate request for client
info: Certificate Request fingerprint (md5): EB:86:71:EB:22:65:0A:A0:93:AD:FB:DD:8D:60:44:A3
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
Exiting; no certificate found and waitforcert is disabled
這個告警是因爲這時客戶端去連接server,由於連接是在ssl上的,而Server還沒有sign過客戶端的cert,客戶機被斷開。
所以服務器端執行:
puppetca --list
會出現以下信息:
[root@puppet-server log]# puppetca --list
client (EB:86:71:EB:22:65:0A:A0:93:AD:FB:DD:8D:60:44:A3)
服務器端將會顯示被請求客戶端的信息:
服務器端執行:
puppetca -s -a
注意:此命令是允許列表中所有的客戶請求。如果想認證單個客戶端的請求,請執行:puppetca -s client
會出現以下信息:
[root@puppet-server log]# puppetca -s -a
notice: Signed certificate request for client
notice: Removing file Puppet::SSL::CertificateRequest client at '/var/lib/puppet/ssl/ca/requests/client.pem'
客戶端繼續執行:
[root@client ~]# puppetd --test --server puppet-server
warning: peer certificate won't be verified in this SSL session
info: Caching certificate for client
info: Caching certificate_revocation_list for ca
info: Caching catalog for client
info: Applying configuration version '1328494632'
notice: /Stage[main]/Test_class/File[/tmp/testfiles]/ensure: created
notice: /Stage[main]/Linux_environment_class/File[/etc/profile.d/global.sh]/ensure: defined content as '{md5}8869bd495610ff47b88f866a15ac746d'
info: Creating state file /var/lib/puppet/state/state.yaml
notice: Finished catalog run in 0.22 seconds
這時,testfiles文件以及global.sh文件都已建立並拷貝。