ruby ruby-libs ruby-shadow puppet puppet-server facter
epel-release-5-3.noarch.rpm
安装puppetPuppet的安装方式支持源码安装、yum的rpm包安装。官网推荐使用yum来安装puppet,方便以后的升级、管理、维护。Centos可以采用yum来安装,但是Centos的默认源中没有puppet包,因此需要先安装epel包。Epel是企业版Linux附加软件包(Extra Packages for Enterprise Linux)的缩写,是一个由特别兴趣小组创建、维护并管理的,针对红帽企业版Linux(RHEL)及其衍生发行版(比如CentOS、Scientific Linux)的一个高质量附加软件包项目。对于安装软件我们可以有两种方法,rpm包 和源码包 。下面我们详细的列出两种安装的详解,我们选择哪种方法都可以,但是当然是rpm的要稍微简单一点了。
首先安装方法一 rpm包1. 主服务端Master的安装# yum -y install ruby ruby-libs ruby-shadowwget ftp://ftp.sunet.se/pub/Linux/distributions/yellowdog/yum/6.2/extras/RPMS/epel-release-5-3.noarch.rpm# rpm -ivh epel-release-5-3.noarch.rpm# yum -y install puppet puppet-server facter2. 从服务端Agent的安装# yum install ruby ruby-libs ruby-shadowwget ftp://ftp.sunet.se/pub/Linux/distributions/yellowdog/yum/6.2/extras/RPMS/epel-release-5-3.noarch.rpm# rpm -ivh epel-release-5-3.noarch.rpm# yum -y install puppet facter
源码编译安装先确认一下关闭防火墙 selinux,配置master 和 agent两台服务器 确认主机名为 server.a.com client.b.com确认两台主机在hosts下都有解析在两台服务器之间搭建时间服务器 确认时间一致ntp服务端# vim /etc/ntp.confrestrict default nomodify notrapserver 127.127.1.0fudge 127.127.1.0 stratum 10客户端# ntpdate 192.168.116.50puppet搭建软件:puppet-2.7.12.tar.gz facter-1.6.6.tar.gz 服务器和客户端都要安装两个软件由于puppet 是用ruby语言写的,所以要安装ruby环境# yum install ruby*Facter安装# tar xf facter-1.6.6.tar.gz # cd facter-1.6.6# ruby install.rb
Puppet安装 # tar xf puppet-2.7.12.tar.gz # cd puppet-2.7.12# ruby install.rbServer端 从解开的tar包中拷取相应的配置文件: [root@server puppet-2.7.12]# cp conf/redhat/fileserver.conf /etc/puppet/ [root@server puppet-2.7.12]# cp conf/redhat/puppet.conf /etc/puppet/ [root@server puppet-2.7.12]# cp conf/redhat/server.init/etc/init.d/puppetmaster [root@server puppet-2.7.12]# chmod 755 /etc/init.d/puppetmaster [root@server puppet-2.7.12]# chkconfig --add puppetmaster [root@server puppet-2.7.12]# chkconfig puppetmaster on [root@server puppet-2.7.12]# mkdir /etc/puppet/manifests# pwd /etc/puppet # ls auth.conf fileserver.conf manifests puppet.conf // auth.conf --> client访问puppet server的ACL配置文件 // fileserver.conf --> puppet server 作为文件服务器的ACL配置文件 // manifests --> Puppet脚本主文件目录,至少需要包含site.pp文件 // puppet.conf --> Puppet服务器配置文件
生成puppet账户:[root@server puppet-2.7.12]# puppetmasterd --mkusers 启动服务端服务: # /etc/init.d/puppetmaster start
以上就是服务端的安装配置,现在让我们来配置客户端:解压安装包,从解开的源码包拷取相关配置文件: [root@client puppet-2.7.12]# cp conf/namespaceauth.conf /etc/puppet/ [root@client puppet-2.7.12]# cp conf/redhat/puppet.conf /etc/puppet/ [root@client puppet-2.7.12]# cp conf/redhat/client.init /etc/init.d/puppet [root@client puppet-2.7.12]# chmod a+x /etc/init.d/puppet
修改客户端的配置文件:[root@client puppet-2.7.12]# vi /etc/puppet/puppet.conf #修改内容如下 [main]server=server.a.com //服务器端主机名 [root@client puppet-2.7.12]# vi /etc/puppet/namespaceauth.conf #修改内容如下 [fileserver] allow * [puppetmaster] allow * [puppetrunner] allow * [puppetbucket] allow * [puppetreports] allow * [resource] allow *
生成puppet账户: [root@client puppet-2.7.12]# puppetmasterd --mkusers [root@client puppet]# rm -rf /var/lib/puppet/ssl/* //删除客户端/var/lib/puppet/ssl目录下的文件,否则可能会报错开启服务: # /etc/init.d/puppet start
配置好之后我们就该建立两端的通信了首先是客户端[root@client puppet-2.7.12]# puppetd --test --server server //客户端向server端发送请求 //Puppet 客户端使用 HTTPS 和服务端(master)通信,为了和服务器端通信必须有合法的 SSL认证,第一次运行puppet 客户端的时候会生成一个SSL 证书并指定发给 Puppet 服务端。 info: Creating a new SSL key for client.sxkeji.com warning: peer certificate won't be verified in this SSL sessionwarning: peer certificate won't be verified in this SSL session info: Creating a new SSL certificate request for client.sxkeji.com info: Certificate Request fingerprint (md5): 62:CD:A6:63:A7:8C:89:54:68:AF:95:12:59:16:D7:08 warning: peer certificate won't be verified in this SSL session warning: peer certificate won't be verified in this SSL session warning: peer certificate won't be verified in this SSL session Exiting;no certificate found and waitforcert is disabled
接下来是服务器端:[root@server ~]# puppetca --list //Server端查看请求的主机 client.a.com (05:BF:3C:9E:D8:72:13:24:1D:3F:4C:15:00:E7:FC:25) [root@server ~]# puppetca -s –a //发送接受请求 // puppet 服务端接受到客户端的证书后必须签字(sign)才能允许客户端接入 //puppetca –s –a //对所有客户端全部签名 //puppetca –s client.a.com //只签名某个客户端 notice: Signed certificate request for client.sxkeji.com notice: Removing file Puppet::SSL::CertificateRequest client.sxkeji.com at /var/lib/puppet/ssl/ca/requests/client.a.com.pem' [root@server ~]# puppet cert list --all //使用puppet cert list --all 命令可以查看客户端已经加入 + client.sxkeji.com (05:BF:3C:9E:D8:72:13:24:1D:3F:4C:15:00:E7:FC:25) + server.sxkeji.com (52:A3:37:85:33:4D:97:7B:1B:78:87:DE:4F:EB:1D:DE) (alt names: DNS:puppet, DNS:puppet.a.com, DNS:server.a.com)
接下来我们的client再次发送请求puppetd --test --server server [root@client puppet]# puppetd --test --server server.a.com notice: Ignoring --listen on onetime run info: Caching catalog for client.a.com info: Applying configuration version '1332988321' info: Creating state file /var/lib/puppet/state/state.yaml notice: Finished catalog run in 0.25 seconds完成以上之后server和client就可以正常通信了哦
我们在安装过程中可能会遇到一下问题,以下我们为大家列出了一下可能会出现的问题和解决办法。1、 notice: Ignoring --listen on onetime run notice: Run of Puppet configuration client already in progress; skipping 解决方法:a.可以通过ps –e|grep puppet是否有puppet进程在运行。如果有,则停掉puppet,再运行,即可。 b.没有进程,那有可能puppetdlock存在,则删除之,使用rm -rf /var/puppet/state/puppetdlock 2、 出现一下报错warning: peer certificate won't be verified in this SSL session warning: peer certificate won't be verified in this SSL session warning: peer certificate won't be verified in this SSL session Exiting; no certificate found and waitforcert is disabled 解决方法:mv /var/lib/puppet/ /tmp/ 3、 遇到这种erro的话err: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed. This is often because the time is out of sync on the server or client warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run err: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed. This is often because the time is out of sync on the server or client 解决方法: 务必保持两台主机时间同步rm -rf /var/lib/puppet/ssl/*puppetd --test --server server.robin.com
安装好通信之后我们介绍一下puppet 的用法:Puppet使用一种类似Ruby的描述性语言来定义配置项,配置项在Puppet中被称之为“资源”。这个描述可以申明你配置的状态,例如那个软件包应该被安装,或者那个应用服务应该启动。配置资源由三部分组成:1. 类型,标明被管理的是怎样的资源2. 标题,资源的名称3. 属性,资源状态的值类型 { 标题 :属性 => 值,}
这里我们举个简单的例子,在客户端的 /tmp 目录下新建一个helloworld.txt 文件[root@server ~]# vi /etc/puppet/manifests/site.pp [root@server ~]# cat /etc/puppet/manifests/site.pp node default { file { '/tmp/helloworld.txt': content => 'hello, world\n'; } } 修改以上的.pp 文件然后在客户端执行一条命令即可。
在客户端上执行puppet,运行成功后会在/tmp看到新生成的helloworld.txt [root@client puppet]# puppetd --test --server server.a.com notice: Ignoring --listen on onetime run info: Caching catalog for client.a.com info: Applying configuration version '1332991088' notice: /Stage[main]//Node[default]/File[/tmp/helloworld.txt]/ensure: defined content as '{md5}e4d7f1b4ed2e42d15898f4b27b019da4' notice: Finished catalog run in 0.35 seconds [root@client puppet]# cat /tmp/helloworld.txt hello, world好了,关于puppet还有许多功能,这里就不一一列举了。感谢大家的支持,更多经验分享欢迎关注我哦。。。
务必保持两台主机时间同步
报错一定要看清