<pre name="code" class="sql">1) 安装Ruby,Ruby-libs和Ruby-shadow,用于进行用户和组管理
2)安装Factor,Puppet 和Puppet-server
3)设置主机名,域名解析或指定hosts
4)通过命令/etc/init.d/puppetmaster start 启动或者以非进程的方式启动Server 通过命令puppet master --no-daemonize --verbose 可以
查看相关日志与输出。
5)在客户端配置文件Puppet.conf中指定Server端,在终端运行puppet agent --test --server server.domain.com 与Master交互完成签名认证。
6)在Server上配置节点信息,告诉客户端要做什么
7)检查语法是否正确(通常采用puppet parser validate test.pp命令进行语法检查)
8)客户端再次运行配置(puppet agent --test)
Facter(或者称为fact)用于收集关于主机的信息,来帮助定制Puppet配置。
配置主机名:
[root@master ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.130.130.170 master
[root@jhoa ~]# ruby -v
ruby 1.8.5 (2006-08-25) [x86_64-linux]
[root@jhoa ~]# rpm -qa | grep ruby
ruby-1.8.5-5.el5_4.8
ruby-libs-1.8.5-5.el5_4.8
安装ruby 版本>=1.8.7
使用源码包安装:
cat /etc/issue
Red Hat Enterprise Linux Server release 6.2 (Santiago)
Kernel
on an m
1)安装yaml-0.1.4.tar.gz
Libraries have been installed in:
/usr/local/lib
echo '/usr/local/lib' >/etc/ld.so.conf.d/libyaml.conf
pwd
/usr/local/lib
ldconfig
如果不安装yaml,在执行
puppet -v
/usr/local/lib/ruby/1.9.1/yaml.rb:84:in `<top (required)>':
It seems your ruby installation is missing psych (for YAML output).
To eliminate this warning, please install libyaml and reinstall your ruby.
See 'puppet help' for help on available puppet subcommands
会报错
2) 安装ruby
这里我们安装1.9.3版本
mkdir /opt/puppetlabs
cd /opt/puppetlabs
tar zxvf ruby-1.9.3-p547.tar.gz
cd ruby-1.9.3-p547
./configure && make
make install
ruby -v
ruby 1.9.3p547 (2014-05-14 revision 45962) [x86_64-linux]
3)安装Facter
版本为facter-1.6.13.tar.gz
tar zxf facter-1.6.13.tar.gz
cd facter-1.6.13
ruby install.rb
4) 安装Puppet
gzip -d -c puppet-3.0.1.tar.gz | tar xf -
cd puppet-3.0.1
ruby install.rb
默认安装在/etc/puppet目录下,如果需要制定安装目录可以使用如下命令
ruby install.rb --destdir=/opt/puppet
5)
生成主配置文件puppet.conf
Puppet 2.6 以后都以[main],[master],[agent]为主。建议使用2.6以上版本
从puppet 2.6以后,puppet简化了可执行命令,使用puppet + subcommand的方式来完成所有操作。
puppetmasteres 用puppet master 替代 --服务端使用
puppetd 用puppet agent 替代等等 ---客户端使用
服务器保存着客户端的所有配置代码,称为manifest,客户端下载manifest后,根据其内容对本机进行配置,如软件安装,文件的管理,用户的管理等。
查看配置文件目录:
puppet agent --configprint confdir
/etc/puppet
服务器配置
puppet master --genconfig >/etc/puppet/puppet.conf
[root@master lib]# puppet master --no-daemonize --verbose
Info: Creating a new SSL key for ca
Info: Creating a new SSL certificate request for ca
Info: Certificate Request fingerprint (SHA256): F1:B2:8F:A0:65:58:24:CF:04:51:60:DB:45:66:18:38:44:49:DB:54:0A:21:3E:70:C9:5D:DD:BE:3A:50:4A:9D
Signed certificate request for ca
Rebuilding inventory file
Info: Creating a new certificate revocation list
Info: Creating a new SSL key for master
Info: Creating a new SSL certificate request for master
Info: Certificate Request fingerprint (SHA256): 89:A9:57:1D:6E:E6:BE:72:4D:92:75:A0:F4:7A:8D:D2:CB:B9:CC:85:8D:8A:C7:DF:39:71:E1:D7:50:66:4B:CC
master has a waiting certificate request
Signed certificate request for master
Removing file Puppet::SSL::CertificateRequest master at '/etc/puppet/ssl/ca/requests/master.pem'
Removing file Puppet::SSL::CertificateRequest master at '/etc/puppet/ssl/certificate_requests/master.pem'
Starting Puppet master version 3.0.1
[root@master lib]# puppet master
[root@master lib]#
[root@master lib]# ps -ef | grep puppet
puppet 19655 1 0 15:44 ? 00:00:00 /usr/local/bin/ruby /usr/local/bin/puppet master
root 19663 3334 0 15:44 pts/1 00:00:00 grep puppet
6)配置客户端
生成客户端配置文件
puppet agent --genconfig >/etc/puppet/puppet.conf
[root@agent1 puppet-3.0.1]# puppet agent --server master --test
Exiting; no certificate found and waitforcert is disabled
[root@agent1 puppet]# rm -rf ssl
[root@agent1 puppet]# puppet agent --server master --test
Info: Creating a new SSL key for agent1
Info: Caching certificate for ca
Info: Caching certificate_request for agent1
Exiting; no certificate found and waitforcert is disabled
7)查看服务器证书:
[root@master ~]# puppet cert --list
"agent1" (SHA256) 5B:A5:7E:64:AA:1B:5D:6D:38:D6:42:8D:29:3A:ED:F4:19:90:92:B9:70:B5:DB:90:9E:E1:C7:B6:74:9C:5A:C4
8)分发证书
[root@master ~]# puppet cert sign agent1
Signed certificate request for agent1
Removing file Puppet::SSL::CertificateRequest agent1 at '/etc/puppet/ssl/ca/requests/agent1.pem'
9)报错解决:
1.
Exiting; no certificate found and waitforcert is disabled
说明agent端没有获得master端的认证
puppet cert sign agent1
You just need to sign the certificate on the puppetmaster:
puppet cert --list (returns a list of unsigned certificates)
puppet cert sign agent1
2.
[root@agent1 puppet]# puppet agent --server master --test
Info: Caching certificate for agent1
Info: Caching certificate_revocation_list for ca
Info: Retrieving plugin
Error: /File[/var/lib/puppet/lib]: Could not evaluate: Could not retrieve information from environment production source(s) puppet://master/plugins
Info: Caching catalog for agent1
Info: Applying configuration version '1410859007'
/Stage[main]//Node[default]/File[/tmp/puppettest1.txt]/ensure: defined content as '{md5}1c5b32d02e0562b168cee6ea9411e212'
Info: Creating state file /var/lib/puppet/state/state.yaml
Finished catalog run in 0.09 seconds
Could not retrieve information from environment production source(s) puppet://
err: /File[/var/lib/puppet/lib]: Could not evaluate: Could not retrieve
information from environment production source(s) puppet://foo/plugins
You are using pluginsync (good) however there are no plugin directories on the puppet master - see this page. Easiest solution is to ensure that you have at least one module with a "lib" subdirectory.
解决方法:这是一般都是通过yum或者apt-get安装了puppet,在puppetmaster和客户端的配置文件 里有pluginsync=true ,
把两端/etc/puppet.conf里pluginsync=true ,改成pluginsync=false,并重启puppetmaster即可解决。
再补充一种方法,如果不设置pluginsync=false,那么就需要至少要建个插件。
3.Error: Could not send report: getaddrinfo: Name or service not known
原因时间不一致,需要同步时间
客户端 report_server = master 改为master
总结生成配置文件后:
服务端不需要修改
客户端需要修改
1. pluginsync = false
2. report_server = master