Puppet+foreman 本地yum安裝手冊

Michael_DD發表於2015-07-06
Puppet+foreman 本地yum安裝手冊



server:
192.168.9.248 szpuppet.server.com


agent:
192.168.9.143 zabbix


作業系統:CentOS6.4
本地yum
[root@szpuppet yum.repos.d]# cat rhle64_centos.repo 
[foreman]
name=Foreman
baseurl=file:///root/foreman-repo-master/foreman
enabled=1
gpgcheck=0
[puppet]
name=puppet
baseurl=file:///root/foreman-repo-master/puppet-el6
enabled=1
gpgcheck=0
[rhel]
name=Red Hat Enterprise Linux Server
baseurl=file:///var/ftp/pub/Server
enabled=1
gpgcheck=0


採用hosts解析,所以要修改/etc/hosts


*******************************************************************************
安裝puppetmaster (伺服器端)
安裝puppetmaster,並生成CA和證書
# yum install puppet puppet-server facter
# vi /etc/puppet/puppet.conf
[main]
    # The Puppet log directory.
    # The default value is '$vardir/log'.
    logdir = /var/log/puppet


    # Where Puppet PID files are kept.
    # The default value is '$vardir/run'.
    rundir = /var/run/puppet


    # Where SSL certificates are kept.
    # The default value is '$confdir/ssl'.
    ssldir = $vardir/ssl
    
    server              = szpuppet.server.com
    certname            = szpuppet.server.com
    pluginsync          = false


[agent]
    # The file in which puppetd stores a list of the classes
    # associated with the retrieved configuratiion.  Can be loaded in
    # the separate ``puppet`` executable using the ``--loadclasses``
    # option.
    # The default value is '$confdir/classes.txt'.
    classfile = $vardir/classes.txt


    # Where puppetd caches the local configuration.  An
    # extension indicating the cache format is added automatically.
    # The default value is '$confdir/localconfig'.
    localconfig = $vardir/localconfig
    server = szpuppet.server.com
    pluginsync = false


[master]   
    environmentpath     = /etc/puppet/environments
    basemodulepath      = /etc/puppet/modules:/usr/share/puppet/modules  
    environment_timeout = 10




# /etc/init.d/puppetmaster start
Starting puppetmaster:                                     [  OK  ]




# puppet cert --list --all
+ "puppetmaster162.kisspuppet.com" (SHA256) 2E:B3:73:4F:CD:EE:0C:64:2C:DF:24:E6:D3:62:F3:1C:AC:A3:28:60:67:1D:0C:8C:C5:CA:68:5B:4B:2F:49:B9 (alt names: "DNS:puppet", "DNS:puppet.kisspuppet.com", "DNS:puppetmaster162.kisspuppet.com")








測試puppetmaster是否能夠正常使用
# puppet agent -t
Info: Caching catalog for szpuppet.server.com
Info: Applying configuration version '1435911393'
Info: Creating state file /var/lib/puppet/state/state.yaml
Notice: Finished catalog run in 0.02 seconds




*******************************************************************************
安裝puppet agent (客戶端)
# yum install puppet


# vi /etc/puppet/puppet.conf 
[main]
    # The Puppet log directory.
    # The default value is '$vardir/log'.
    logdir = /var/log/puppet


    # Where Puppet PID files are kept.
    # The default value is '$vardir/run'.
    rundir = /var/run/puppet


    # Where SSL certificates are kept.
    # The default value is '$confdir/ssl'.
    ssldir = $vardir/ssl
    
    server              = szpuppet.server.com
    pluginsync          = false


[agent]
    # The file in which puppetd stores a list of the classes
    # associated with the retrieved configuratiion.  Can be loaded in
    # the separate ``puppet`` executable using the ``--loadclasses``
    # option.
    # The default value is '$confdir/classes.txt'.
    classfile = $vardir/classes.txt


    # Where puppetd caches the local configuration.  An
    # extension indicating the cache format is added automatically.
    # The default value is '$confdir/localconfig'.
    localconfig = $vardir/localconfig
    server              = szpuppet.server.com
    pluginsync          = false
   
# puppet agent
# ps -ef | grep puppet
root     15447     1  1 16:25 ?        00:00:02 /usr/bin/ruby /usr/bin/puppet agent
root     15510 15277  0 16:28 pts/0    00:00:00 grep puppet


# puppet agent -t
Exiting; no certificate found and waitforcert is disabled
未授權證書






*******************************************************************************
證書認證
相server申請證書
客戶端執行:
# puppet agent --server szpuppet.server.com


伺服器端執行:
(單個授權證書)
# puppet cert sign zabbix
Notice: Signed certificate request for zabbix
Notice: Removing file Puppet::SSL::CertificateRequest zabbix at '/var/lib/puppet/ssl/ca/requests/zabbix.pem'


(全部授權證書)
#puppet cert sign --all




(檢視所有證書)
# puppet cert -all
+ "szpuppet.server.com" (SHA256) 12:19:BA:72:5E:AB:7B:FA:2F:DD:38:6D:62:34:E7:38:B3:EA:E0:F9:03:35:84:BE:09:96:14:26:C4:F7:86:C1 (alt names: "DNS:puppet", "DNS:puppet.server.com", "DNS:szpuppet.server.com")
+ "zabbix"              (SHA256) 46:E0:6F:0B:14:64:0C:C3:ED:4D:AA:A0:7B:78:C6:CE:EB:91:C4:9F:24:6A:DD:1D:CA:AD:1D:1E:06:BF:06:8C


*******************************************************************************
驗證通訊:


server端:
# cd /etc/puppet/manifests/
# ll
total 0
# vi site.pp
node default{
file { "/tmp/test.txt":
content => "Hello,agent,this is puppet test!n"}


#/etc/init.d/puppetmaster restart




agent端:
# puppet agent --server szpuppet.server.com --test
Info: Caching catalog for zabbix
Info: Applying configuration version '1436146178'
Notice: /Stage[main]/Main/Node[default]/File[/tmp/test.txt]/content: 
--- /tmp/test.txt       2015-07-03 16:43:33.144433003 +0800
+++ /tmp/puppet-file20150706-10930-1ipgx7i-0    2015-07-06 09:29:38.775285552 +0800
@@ -0,0 +1 @@
+Hello,agent,this is puppet test!n
\ No newline at end of file


Info: /Stage[main]/Main/Node[default]/File[/tmp/test.txt]: Filebucketed /tmp/test.txt to puppet with sum d41d8cd98f00b204e9800998ecf8427e
Notice: /Stage[main]/Main/Node[default]/File[/tmp/test.txt]/content: content changed '{md5}d41d8cd98f00b204e9800998ecf8427e' to '{md5}fda5a8abd3ca710bc39ce6c90b25cb73'
Notice: Finished catalog run in 0.14 seconds


更多應用舉例,請參考puppet配置一文


*******************************************************************************




安裝Foreman


透過foreman-installer安裝foreman
# yum install foreman-installer


foreman預設安裝選擇的資料庫為postgresql,這裡選用mysql進行安裝。
注意:openssl版本要升級到1.0.1e版本


安裝包
# rpm -ivh ruby193-runtime-1-6.el6.x86_64.rpm
# rpm -ivh centos-release-SCL-6-5.el6.centos.x86_64.rpm


保證只有原來一個yum
#rm -rf /etc/yum.repos.d/CentOS-SCL.repo


# yum install foreman  mod_passenger mod_ssl ruby193-rubygem-passenger-native mysql mysql-server foreman-mysql2 
#
...
Updated:
  openssl.x86_64 0:1.0.1e-15.el6                                                   
Replaced:
  ruby193-v8.x86_64 1:3.14.5.10-2.el6                                              
Complete!


安裝foreman-proxy及依賴包


# yum install tftp-server syslinux foreman-proxy




只代理puppet和puppetCA,可以透過以下方式安裝
#foreman-installer --enable-foreman --enable-foreman-proxy --enable-puppet  --puppet-server=true --foreman-proxy-puppetrun=true  --foreman-proxy-puppetca=true    --foreman-configure-epel-repo=false  --foreman-proxy-register-in-foreman=false 
 Could not start Service[httpd]: Execution of '/sbin/service httpd start' returned 1: Starting httpd: [Mon Jul 06 10:33:12 2015] [warn] module passenger_module is already loaded, skipping
 /Stage[main]/Apache::Service/Service[httpd]/ensure: change from stopped to running failed: Could not start Service[httpd]: Execution of '/sbin/service httpd start' returned 1: Starting httpd: [Mon Jul 06 10:33:12 2015] [warn] module passenger_module is already loaded, skipping
Installing             --- /etc/foreman-proxy/settings.d/puppet.ymlser[f2014- [99%] [.............................................Installing             Done                                               [100%] [..............................................]
  Something went wrong! Check the log for ERROR-level output
  * Foreman is running at
      Initial credentials are admin / krz9RbinLp4jasAe
  * Foreman Proxy is running at :8443
  * Puppetmaster is running at port 8140
  The full log is at /var/log/foreman-installer/foreman-installer.log


httpd啟動失敗,埠被佔用了
修改一下埠






代理TFTP, DNS, DHCP, Puppet, and Puppet CA,並且puppetmaster會以apache+passenger的方式安裝執行。
#foreman-installer --enable-foreman --enable-foreman-proxy --enable-puppet  --puppet-server=true --foreman-proxy-puppetrun=true  --foreman-proxy-puppetca=true   --foreman-proxy-dhcp=true  --foreman-proxy-tftp=true  --foreman-proxy-dns=true --foreman-proxy-dns-interface=eth0 --foreman-proxy-dns-zone=kisspuppet.com  --foreman-proxy-dns-reverse=10.168.192.in-addr.arpa  --foreman-proxy-dns-forwarders=8.8.8.8 --foreman-proxy-dns-forwarders=8.8.4.4 --foreman-configure-epel-repo=false  --foreman-proxy-register-in-foreman=false




安裝完成之後,透過火狐或者谷歌瀏覽器訪問看是否安裝成功https://192.168.9.248






檢查foreman、foreman-proxy、puppetmaster是否安裝成功
# /etc/init.d/httpd status
httpd (pid  25433) is running...
# /etc/init.d/foreman-proxy status
foreman-proxy (pid  25605) is running...
# netstat -naltp | grep 8443
tcp        0      0 0.0.0.0:8443                0.0.0.0:*                   LISTEN      25605/ruby          
# netstat -naltp | grep 80
tcp        0      0 :::80                       :::*                        LISTEN      25433/httpd         
# netstat -naltp | grep 8140
tcp        0      0 :::8140                     :::*                        LISTEN      25433/httpd   


基本上安裝完成!!


yum包地址:(百度網盤地址)


來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/29500582/viewspace-1724261/,如需轉載,請註明出處,否則將追究法律責任。

相關文章