puppet安裝

一．  服務器端和客戶端都需要做的操作。
1. 下載軟件
wget http://puppetlabs.com/downloads/facter/facter-1.6.4.tar.gz
   wget http://downloads.puppetlabs.com/puppet/puppet-2.7.9.tar.gz
2. 安裝ruby  puppet是ruby開發的，所以需要安裝。
Yum   -y install ruby
3. 安裝facter 
Ruby  install.rb
4. 安裝puppet   安裝都非常快。不到1分鐘。
Ruby  install.rb
5. 同步時間
 cp /usr/share/zoneinfo/Asia/Shanghai  /etc/localtime
/usr/sbin/ntpdate time.nist.gov
二． 服務器端的操作。
1. 創建目錄，拷貝文件等。
mkdir /etc/puppet
cp conf/auth.conf /etc/puppet/
cp conf/redhat/fileserver.conf /etc/puppet/
cp conf/redhat/puppet.conf /etc/puppet/
cp conf/redhat/server.init /etc/init.d/puppetmaster
chmod 755 /etc/init.d/puppetmaster
chkconfig --add puppetmaster
chkconfig puppetmaster on
mkdir -p /etc/puppet/manifests
2. 創建puppet帳戶
puppetmasterd --mkusers
3. 建立相應的目錄
mkdir /var/lib/puppet/rrd/
chown puppet.puppet /var/lib/puppet/rrd/
4. 啓動服務 /etc/init.d/puppetmaster start
三． 客戶端端的操作
1. 創建目錄，拷貝文件等
mkdir /etc/puppet
cp conf/auth.conf /etc/puppet/
cp conf/namespaceauth.conf /etc/puppet/
cp conf/redhat/puppet.conf /etc/puppet/
cp conf/redhat/client.init /etc/init.d/puppet
chmod 755 /etc/init.d/puppet
chkconfig --add puppet
chkconfig puppet on
2. 創建puppet用戶和組
puppetd –mkusers ；如果報錯，則手工建立puppet用戶和組(puppet放到puppet組)
3. 創建目錄
mkdir /var/lib/puppet/rrd
    chown puppet.puppet /var/lib/puppet/rrd
四． 測試
1. 客戶端執行puppetd --test --server server.puppet.com發送認證請求
[root@localhost puppet-2.7.9]# puppetd --test --server server.puppet.com
warning: peer certificate won't be verified in this SSL session
info: Caching certificate for ca
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
info: Creating a new SSL certificate request for localhost.localdomain
info: Certificate Request fingerprint (md5): C5:76:BF:68:12:82:BD:42:86:0F:28:16:1B:6A:75:DD
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
Exiting; no certificate found and waitforcert is disabled
2. 服務器端執行puppetca -s -a
[root@biansongshan-d1 soft]# puppetca -s –a發送接受請求。
notice: Signed certificate request for localhost.localdomain
notice: Removing file Puppet::SSL::CertificateRequest localhost.localdomain at '/var/lib/puppet/ssl/ca/requests/localhost.localdomain.pem'
3. 客戶端再次發送請求puppetd --test --server server.puppet.com
[root@localhost puppet-2.7.9]# puppetd --test --server server.puppet.com
info: Caching certificate_revocation_list for ca
info: Caching catalog for localhost.localdomain
info: Applying configuration version '1325218033'
info: Creating state file /var/lib/puppet/state/state.yaml
notice: Finished catalog run in 0.04 seconds
出現上面信息表示server端已接受請求，連接成功。如果報下面錯誤
[root@localhost puppet-2.7.9]# puppetd --test --server server.puppet.com
err: Could not retrieve catalog from remote server: hostname not match with the server certificate
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run
err: Could not send report: hostname not match with the server certificate
則需要修改服務器的主機名和本機的hosts解析。
五． 實際舉例子
到這裏證明puppet的基本設置已經沒有問題了；下面舉一個例子：
1. 現在在服務器的/etc/puppet/manifests/建立site.pp裏面放置如下內容
node default {
file{"/tmp/a.txt":
content => "helo,I am abc.bbb!abc.aaa \n bbbbbb \n cccc \n dddd \n",
ensure  => present,
mode => 644,
owner => root,
group => root,
}
}
2. 在客戶端上執行puppetd --test --server server.puppet.com可以發現/tmp/會生成a.txt文件，內容是content裏面的內容。
 [root@localhost ~]# cat /tmp/a.txt
helo,I am abc.bbb!abc.aaa
 bbbbbb
 cccc
 dddd
到這裏就已經完全ok了。