zoukankan      html  css  js  c++  java

  • puppet-master搭建

    puppet 搭建

    Table of Contents

    1. 配置yum源
    2. 配置hosts
    3. 安装puppet-server
    4. 部署puppet-agent
    5. trouble-shoting

    配置yum源

    • 备份系统自带yum源

        [root@master ~]# cd /etc/yum.repos.d/
  [root@master yum.repos.d]# mkdir bak
  [root@master yum.repos.d]# mv *.repo bak

    • 配置官网yum源(这个不太好用,建议不使用)

        rpm -Uvh https://yum.puppetlabs.com/puppetlabs-release-pc1-el-7.noarch.rpm

    配置hosts

    • 更改/etc/hosts文件和/etc/hostname

        127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
  ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
  #yum的仓库域名解析
  10.0.10.108     mirrors.polex.io
  #设置fqdn(格式为:ip  fqdn  hostname)
  127.0.0.1       master.puppet.io   master
  #设置agent域名解析
  10.211.55.3     agent.puppet.io
  [root@master yum.repos.d]# cat /etc/hostname
  master

    • 验证fqdn是否设置正确

    [root@master ~]# hostname -f
master.puppet.io

    安装puppet-server

    • yum安装软件包
    yum install puppetserver

    • 更改配置文件/etc/sysconfig/puppetserver(如果需要)
      JAVA_ARGS="-Xms2g -Xmx2g -XX:MaxPermSize=256m”
      替换为
      JAVA_ARGS="-Xms512m -Xmx512m -XX:MaxPermSize=256m”

    • 更改配置文件puppet.conf(默认不需要更改)

    [root@master ~]# cat backup/puppetlabs/puppet/puppet.conf
# This file can be used to override the default puppet settings.
# See the following links for more details on what settings are available:
# - https://docs.puppetlabs.com/puppet/latest/reference/config_important_settings.html
# - https://docs.puppetlabs.com/puppet/latest/reference/config_about_settings.html
# - https://docs.puppetlabs.com/puppet/latest/reference/config_file_main.html
# - https://docs.puppetlabs.com/puppet/latest/reference/configuration.html
[master]
vardir = /opt/puppetlabs/server/data/puppetserver
logdir = /var/log/puppetlabs/puppetserver
rundir = /var/run/puppetlabs/puppetserver
pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid
codedir = /etc/puppetlabs/code
    • 启动服务
    [root@master ~]# systemctl start puppetserver
    • 验证
      参考第4步的验证

    部署puppet-agent

    • yum安装软件包(如果部署过puppetserver就不用再次安装,puppetserver依赖于puppet-agent)
    yum install puppet
    • 更改配置文件puppet.conf
    [root@master ~]# cat /etc/puppetlabs/puppet/puppet.conf
# This file can be used to override the default puppet settings.
# See the following links for more details on what settings are available:
# - https://docs.puppetlabs.com/puppet/latest/reference/config_important_settings.html
# - https://docs.puppetlabs.com/puppet/latest/reference/config_about_settings.html
# - https://docs.puppetlabs.com/puppet/latest/reference/config_file_main.html
# - https://docs.puppetlabs.com/puppet/latest/reference/configuration.html
[master]
vardir = /opt/puppetlabs/server/data/puppetserver
logdir = /var/log/puppetlabs/puppetserver
rundir = /var/run/puppetlabs/puppetserver
pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid
codedir = /etc/puppetlabs/code
[agent]
#客户端传给master的验证名称
certname          = agent.puppet.io
pluginsync        = true
#puppetserver的服务端口
masterport        = 8140
#agent使用master的环境指定
environment       = production
#master的地址
server            = master.puppet.io
listen            = false
splay             = false
splaylimit        = 1800
#agent的运行周期
runinterval       = 1800
noop              = false
usecacheonfailure = true
    • 启动服务
    [root@master ~]# systemctl start puppet
    • 验证
    [root@master puppet]# puppet agent -vt
Info: Creating a new SSL key for agent.puppet.io
Info: csr_attributes file loading from /etc/puppetlabs/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for agent.puppet.io
Info: Certificate Request fingerprint (SHA256): CE:92:AF:5F:62:12:F6:F4:DB:59:41:7D:16:5B:19:3D:EC:7E:BB:B1:60:D6:DE:5D:2A:14:1A:23:60:8A:E6:B2
Exiting; no certificate found and waitforcert is disabled
查看证书
[root@master puppet]# puppet cert list
  "agent.puppet.io" (SHA256) CE:92:AF:5F:62:12:F6:F4:DB:59:41:7D:16:5B:19:3D:EC:7E:BB:B1:60:D6:DE:5D:2A:14:1A:23:60:8A:E6:B2

    trouble-shoting

    • 报错信息如下:
    [root@master ~]# puppet agent -vt
Exiting; no certificate found and waitforcert is disabled

    解决办法:
    尝试清理证书:

    [root@master ~]# puppet cert clean agent.puppet.io
Error: Could not find a serial number for agent.puppet.io

    找到证书的文件,并删除,问题即可解决。

    [root@master ~]# cd /etc/puppetlabs/puppet
puppet/       puppetserver/
[root@master ~]# cd /etc/puppetlabs/puppet
[root@master puppet]# find . -name "agent.puppet.io*"
./ssl/public_keys/agent.puppet.io.pem
./ssl/certificate_requests/agent.puppet.io.pem
./ssl/private_keys/agent.puppet.io.pem
./ssl/ca/requests/agent.puppet.io.pem
[root@master puppet]# rm -rf ./ssl/public_keys/agent.puppet.io.pem ./ssl/certificate_requests/agent.puppet.io.pem ./ssl/private_keys/agent.puppet.io.pem ./ssl/ca/requests/agent.puppet.io.pem
[root@master puppet]# puppet cert list
[root@master puppet]#
  • 相关阅读:
    片段
    告诉长夜
    明天
    开源一个WEB版本GEF,基于SVG的网页流程图框架
    RCP:ISourceLocator翻译
    SVG:textPath深入理解
    SVG:linearGradient渐变在直线上失效的问题解决方案
    【半平面交】BZOJ2618[Cqoi2006]凸多边形
    【旋转卡壳+凸包】BZOJ1185:[HNOI2007]最小矩形覆盖
    【凸包+旋转卡壳】平面最远点对
  • 原文地址:https://www.cnblogs.com/mauricewei/p/7825550.html
Copyright © 2011-2022 走看看