yum源配置
1. wget http://ftp.kaist.ac.kr/fedora//epel/6/i386/epel-release-6-8.noarch.rpm
2. yum list | grep puppet` //測試yum源配置有沒有問題
NTP時間伺服器配置
vi /etc/ntp.conf
-----------------------
driftfile /var/lib/ntp/drift
Broadcastdelay 0.008
logfile /var/log/ntp.log
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
restrict 127.0.0.1
restrict -6 ::1
restrict 172.16.1.0 mask 255.255.0.0 nomodify notrap
server 127.127.1.0
fudge 127.127.1.0 stratum 10 refid NIST
includefile /etc/ntp/crypto/pw
keys /etc/ntp/keys
啟動ntpd服務並加入開機啟動
service ntpd start
chkconfig ntpd on
過幾分鐘之後客戶端進行測試
1. service ntpd start
2. ntpdate 172.16.1.1 #這個IP地址是你時間伺服器的IP地址
puppetmaster的安裝
yum install -y puppetmaster puppet facter #系統會自己安裝ruby環境,因為puppet是用ruby寫的所以需要ruby環境的支援
配置puppet.conf
vim /etc/puppet/puppet.conf
[main]
logdir = /var/log/puppet #預設日誌存放路徑
rundir = /var/run/puppet #pid存放路徑
ssldir = $vardir/ssl #證書存放目錄,預設$vardir為/var/lib/puppet
[agent]
classfile = $vardir/classes.txt
localconfig = $vardir/localconfig
server = puppetmaster.kisspuppet.com #設定agent認證連線master端的伺服器名稱,注意這個名字必須能夠被節點解析
certname = puppetmaster_cert.kisspuppet.com #設定agent端certname名稱
[master]
certname = puppetmaster.kisspuppet.com puppetmaster.kisspuppet.com #設定puppetmaster認證伺服器名
建立site.pp檔案
touch /etc/puppet/manifests/site.pp
啟動puppetmaster服務
1. /etc/init.d/puppetmaster start
2. chkconfig puppetmaster on
檢視證書的生成情況 因為第一次啟動會自動生成證書自動註冊自己
tree /var/lib/puppet/ssl
/var/lib/puppet/ssl/
├── ca
│ ├── ca_crl.pem
│ ├── ca_crt.pem
│ ├── ca_key.pem
│ ├── ca_pub.pem
│ ├── inventory.txt
│ ├── private
│ │ └── ca.pass
│ ├── requests
│ ├── serial
│ └── signed
│ └── puppetmaster.kisspuppet.com.pem #已註冊
├── certificate_requests
├── certs
│ ├── ca.pem
│ └── puppetmaster.kisspuppet.com.pem
├── crl.pem
├── private
├── private_keys
│ └── puppetmaster.kisspuppet.com.pem
└── public_keys
└── puppetmaster.kisspuppet.com.pem
列出已經註冊成功的證書
puppet cert --list --all #帶+標示已經註冊成功
puppetagent安裝
yum install puppet facter
配置puppet.conf
vim /etc/puppet/puppet.conf
[main]
logdir = /var/log/puppet
rundir = /var/run/puppet
ssldir = $vardir/ssl
[agent]
classfile = $vardir/classes.txt
localconfig = $vardir/localconfig
server = puppetmaster.kisspuppet.com #指向puppetmaster端
certname = agent1_cert.kisspuppet.com #設定自己的certname名
通過除錯模式啟動節點向Puppetmaster端發起認證
puppet agent --test
info: Creating a new SSL key for agent1_cert.kisspuppet.com
info: Caching certificate for ca
info: Creating a new SSL certificate request for agent1_cert.kisspuppet.com
info: Certificate Request fingerprint (md5): 69:D2:86:E4:7F:00:E0:55:61:19:02:34:9E:9B:AF:F9
Exiting; no certificate found and waitforcert is disabled
伺服器端確定認證
[root@puppetmaster ~]#puppet cert --list --all
"agent1_cert.kisspuppet.com" (69:D2:86:E4:7F:00:E0:55:61:19:02:34:9E:9B:AF:F9) #未認證
+ "puppetmaster.kisspuppet.com" (C0:E3:6B:76:36:EC:92:93:4D:BF:F0:8F:77:00:91:C8) (alt names: "DNS:puppet", "DNS:puppet.kisspuppet.com", "DNS:puppetmaster.kisspuppet.com")
註冊client1
[root@puppetmaster ~]#puppet cert --sign agent1_cert.kisspuppet.com #註冊agent1
notice: Signed certificate request for agent1_cert.kisspuppet.com
notice: Removing file Puppet::SSL::CertificateRequest agent1_cert.kisspuppet.com at '/var/lib/puppet/ssl/ca/requests/agent1_cert.kisspuppet.com.pem'
再次檢視認證情況
[root@puppetmaster ~]# puppet cert --list --all
+ "agent1_cert.kisspuppet.com" (3E:46:4E:75:34:9A:5A:62:A6:3C:AE:BD:49:EE:C0:F5)
+ "puppetmaster.kisspuppet.com" (C0:E3:6B:76:36:EC:92:93:4D:BF:F0:8F:77:00:91:C8) (alt names: "DNS:puppet", "DNS:puppet.kisspuppet.com", "DNS:puppetmaster.kisspuppet.com")
client2和client3和client1一樣都需要編輯本配置檔案並啟動服務
其它節點一起認證
[root@puppetmaster ~]# puppet agent --test #puppetmaster自己申請agent認證
info: Creating a new SSL key for puppetmaster_cert.kisspuppet.com
info: Creating a new SSL certificate request for puppetmaster_cert.kisspuppet.com
info: Certificate Request fingerprint (md5): 7D:AC:F7:97:04:2B:E4:C5:74:4A:16:05:DB:F6:6A:98
Exiting; no certificate found and waitforcert is disabled
[root@puppetmaster ~]# puppet cert --sign --all #註冊所有請求的節點
notice: Signed certificate request for puppetmaster_cert.kisspuppet.com
notice: Removing file Puppet::SSL::CertificateRequest puppetmaster_cert.kisspuppet.com at '/var/lib/puppet/ssl/ca/requests/puppetmaster_cert.kisspuppet.com.pem'
notice: Signed certificate request for agent2_cert.kisspuppet.com
notice: Removing file Puppet::SSL::CertificateRequest agent2_cert.kisspuppet.com at '/var/lib/puppet/ssl/ca/requests/agent2_cert.kisspuppet.com.pem'
notice: Signed certificate request for agent3_cert.kisspuppet.com
notice: Removing file Puppet::SSL::CertificateRequest agent3_cert.kisspuppet.com at '/var/lib/puppet/ssl/ca/requests/agent3_cert.kisspuppet.com.pem'
[root@puppetmaster ~]# puppet cert --list --all #檢視所有節點認證
+ "agent1_cert.kisspuppet.com" (3E:46:4E:75:34:9A:5A:62:A6:3C:AE:BD:49:EE:C0:F5)
+ "agent2_cert.kisspuppet.com" (A0:CE:70:BE:A9:11:BF:F4:C8:EF:25:8E:C2:2C:3B:B7)
+ "agent3_cert.kisspuppet.com" (98:93:F7:0C:ED:94:81:3D:51:14:86:68:2B:F3:F1:A0)
+ "puppetmaster.kisspuppet.com" (C0:E3:6B:76:36:EC:92:93:4D:BF:F0:8F:77:00:91:C8) (alt names: "DNS:puppet", "DNS:puppet.kisspuppet.com", "DNS:puppetmaster.kisspuppet.com")
+ "puppetmaster_cert.kisspuppet.com" (57:A3:D7:3D:64:2F:D6:FD:BC:2A:6C:79:68:73:EA:AB)
編寫簡單的motd模組
建立模組目錄結構 注意:再未指定modulepath搜尋路徑的情況下,會有預設搜尋路徑的,可通過以下方式檢視到
[root@puppetmaster ~]# puppet master --genconfig >/etc/puppet/puppet.conf.out
[root@puppetmaster ~]# cat /etc/puppet/puppet.conf.out | grep modulepath
modulepath = /etc/puppet/modules:/usr/share/puppet/modules
[root@puppetmaster modules]# tree /etc/puppet/modules/
/etc/puppet/modules/
└── motd
├── files #存放檔案目錄
│ └── etc
│ └── motd
├── manifests #存放模組pp配置檔案目錄
│ └── init.pp
└── templates #存放模板目錄
5 directories, 2 files
編寫pp檔案
[root@puppetmaster modules]# vim motd/manifests/init.pp
class motd{ #定義一個類叫motd
package{ 'setup': #定義package資源
ensure => present, #要求setup這個包處於被安裝狀態
}
file{ '/etc/motd': #定義file資源
ensure => present, #要求file檔案處於存在狀態
owner => 'root', #要求file檔案屬主為root
group => 'root', #要求file檔案屬組為root
mode => '0644', #要求file檔案許可權為644
source => "puppet://$puppetserver/modules/motd/etc/motd", #要求file檔案從puppetmaster端伺服器下載
require => Package['setup'], #要求檔案被配置之前先執行package資源
}
}
[root@puppetmaster modules]# cat motd/files/etc/motd
-- --
--------puppet test---------
-- --
編寫site.pp檔案
[root@puppetmaster ~]# vim /etc/puppet/manifests/site.pp
$puppetserver = 'puppetmaster.kisspuppet.com' #設定全域性變數
node 'puppetmaster_cert.kisspuppet.com'{
include motd
}
node 'agent1_cert.kisspuppet.com'{
include motd
}
node 'agent2_cert.kisspuppet.com'{
include motd
}
node 'agent3_cert.kisspuppet.com'{
include motd
}
測試motd模組
[root@agent1 ~]# puppet agent --test #測試節點agent1
info: Caching catalog for agent1_cert.kisspuppet.com
info: Applying configuration version '1394304542'
notice: /Stage[main]/Motd/File[/etc/motd]/content:
--- /etc/motd 2000-01-13 07:18:52.000000000 +0800
+++ /tmp/puppet-file20140309-4571-1vqc18j-0 2014-03-09 02:51:47.000000000 +0800
@@ -0,0 +1,3 @@
+-- --
+--------puppet test---------
+-- --
info: FileBucket adding {md5}d41d8cd98f00b204e9800998ecf8427e
info: /Stage[main]/Motd/File[/etc/motd]: Filebucketed /etc/motd to puppet with sum d41d8cd98f00b204e9800998ecf8427e
notice: /Stage[main]/Motd/File[/etc/motd]/content: content changed '{md5}d41d8cd98f00b204e9800998ecf8427e' to '{md5}87ea3a1af8650395038472457cc7f2b1'
notice: Finished catalog run in 0.40 seconds
[root@agent1 ~]# cat /etc/motd
-- --
--------puppet test---------
-- --
[root@agent1 ~]#
[root@puppetmaster ~]# puppet agent -t #測試節點puppetmaster
info: Caching catalog for puppetmaster_cert.kisspuppet.com
info: Applying configuration version '1394305371'
notice: /Stage[main]/Motd/File[/etc/motd]/content:
--- /etc/motd 2010-01-12 21:28:22.000000000 +0800
+++ /tmp/puppet-file20140309-3102-1gadon0-0 2014-03-09 03:02:51.966998294 +0800
@@ -0,0 +1,3 @@
+-- --
+--------puppet test---------
+-- --
info: FileBucket adding {md5}d41d8cd98f00b204e9800998ecf8427e
info: /Stage[main]/Motd/File[/etc/motd]: Filebucketed /etc/motd to puppet with sum d41d8cd98f00b204e9800998ecf8427e
notice: /Stage[main]/Motd/File[/etc/motd]/content: content changed '{md5}d41d8cd98f00b204e9800998ecf8427e' to '{md5}87ea3a1af8650395038472457cc7f2b1'
info: Creating state file /var/lib/puppet/state/state.yaml
notice: Finished catalog run in 0.52 seconds
[root@puppetmaster ~]# cat /etc/motd
-- --
--------puppet test---------
-- --
轉載自:https://kisspuppet.gitbooks.io/puppet/content/puppetlearningbase3.html