您现在的位置是:网站首页> 编程资料编程资料
在CentOS系统下安装Puppet和Puppet Foreman的教程_RedHat/Centos_操作系统_
2024-03-01
141人已围观
简介 在CentOS系统下安装Puppet和Puppet Foreman的教程_RedHat/Centos_操作系统_
一、系统环境:
Centos6.4 x86_64
192.168.6.171 puppet.domain.com
192.168.6.173 agent1.domian.com
二、关闭selinux 和 iptables(我这里是测试环境,也可以增加puppet端口8140)
复制代码
代码如下:setenforce 0
/etc/init.d/iptables stop && chkconfig iptables off
/etc/init.d/iptables stop && chkconfig iptables off
三、更改主机名、使用host解析
复制代码
代码如下:[root@test ~]# cat /etc/sysconfig/network // # 192.168.6.171
NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=puppet.domain.com
[root@test ~]# cat /etc/hosts
192.168.6.171 puppet.domain.com
192.168.6.173 agent1.domain.com
[root@test ~]cat /etc/sysconfig/network // # 192.168.6.173
NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=agent1.domain.com
[root@test ~]# cat /etc/hosts
192.168.6.171 puppet.domain.com
192.168.6.173 agent1.domain.com
NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=puppet.domain.com
[root@test ~]# cat /etc/hosts
192.168.6.171 puppet.domain.com
192.168.6.173 agent1.domain.com
[root@test ~]cat /etc/sysconfig/network // # 192.168.6.173
NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=agent1.domain.com
[root@test ~]# cat /etc/hosts
192.168.6.171 puppet.domain.com
192.168.6.173 agent1.domain.com
四、安装yum源
1、# 下载地址 https://lug.ustc.edu.cn/wiki/mirrors/help/centos
复制代码
代码如下:[root@puppet yum.repos.d]# cat CentOS-Base.repo
# CentOS-Base.repo
#
# The mirror system uses the connecting IP address of the client and the
# update status of each mirror to pick mirrors that are updated to and
# geographically close to the client. You should use this for CentOS updates
# unless you are manually picking other mirrors.
#
# If the mirrorlist= does not work for you, as a fall back you can try the
# remarked out baseurl= line instead.
#
#
[base]
name=CentOS-$releasever - Base - mirrors.ustc.edu.cn
baseurl=http://mirrors.ustc.edu.cn/centos/$releasever/os/$basearch/
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os
gpgcheck=1
gpgkey=http://mirrors.ustc.edu.cn/centos/RPM-GPG-KEY-CentOS-6
#released updates
[updates]
name=CentOS-$releasever - Updates - mirrors.ustc.edu.cn
baseurl=http://mirrors.ustc.edu.cn/centos/$releasever/updates/$basearch/
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates
gpgcheck=1
gpgkey=http://mirrors.ustc.edu.cn/centos/RPM-GPG-KEY-CentOS-6
#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras - mirrors.ustc.edu.cn
baseurl=http://mirrors.ustc.edu.cn/centos/$releasever/extras/$basearch/
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras
gpgcheck=1
gpgkey=http://mirrors.ustc.edu.cn/centos/RPM-GPG-KEY-CentOS-6
#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus - mirrors.ustc.edu.cn
baseurl=http://mirrors.ustc.edu.cn/centos/$releasever/centosplus/$basearch/
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus
gpgcheck=1
enabled=0
gpgkey=http://mirrors.ustc.edu.cn/centos/RPM-GPG-KEY-CentOS-6
#contrib - packages by Centos Users
[contrib]
name=CentOS-$releasever - Contrib - mirrors.ustc.edu.cn
baseurl=http://mirrors.ustc.edu.cn/centos/$releasever/contrib/$basearch/
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=contrib
gpgcheck=1
enabled=0
gpgkey=http://mirrors.ustc.edu.cn/centos/RPM-GPG-KEY-CentOS-6
# CentOS-Base.repo
#
# The mirror system uses the connecting IP address of the client and the
# update status of each mirror to pick mirrors that are updated to and
# geographically close to the client. You should use this for CentOS updates
# unless you are manually picking other mirrors.
#
# If the mirrorlist= does not work for you, as a fall back you can try the
# remarked out baseurl= line instead.
#
#
[base]
name=CentOS-$releasever - Base - mirrors.ustc.edu.cn
baseurl=http://mirrors.ustc.edu.cn/centos/$releasever/os/$basearch/
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os
gpgcheck=1
gpgkey=http://mirrors.ustc.edu.cn/centos/RPM-GPG-KEY-CentOS-6
#released updates
[updates]
name=CentOS-$releasever - Updates - mirrors.ustc.edu.cn
baseurl=http://mirrors.ustc.edu.cn/centos/$releasever/updates/$basearch/
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates
gpgcheck=1
gpgkey=http://mirrors.ustc.edu.cn/centos/RPM-GPG-KEY-CentOS-6
#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras - mirrors.ustc.edu.cn
baseurl=http://mirrors.ustc.edu.cn/centos/$releasever/extras/$basearch/
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras
gpgcheck=1
gpgkey=http://mirrors.ustc.edu.cn/centos/RPM-GPG-KEY-CentOS-6
#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus - mirrors.ustc.edu.cn
baseurl=http://mirrors.ustc.edu.cn/centos/$releasever/centosplus/$basearch/
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus
gpgcheck=1
enabled=0
gpgkey=http://mirrors.ustc.edu.cn/centos/RPM-GPG-KEY-CentOS-6
#contrib - packages by Centos Users
[contrib]
name=CentOS-$releasever - Contrib - mirrors.ustc.edu.cn
baseurl=http://mirrors.ustc.edu.cn/centos/$releasever/contrib/$basearch/
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=contrib
gpgcheck=1
enabled=0
gpgkey=http://mirrors.ustc.edu.cn/centos/RPM-GPG-KEY-CentOS-6
2、安装puppet官方yum源
复制代码
代码如下:rpm -Uvh http://yum.puppetlabs.com/el/6Server/products/x86_64/puppetlabs-release-6-6.noarch.rpm
五、安装ruby环境(master和agent端都要操作)
复制代码
代码如下:yum -y install ruby ruby-libs ruby-shadow
[root@puppet yum.repos.d]# ruby -v //# 检查ruby版本
ruby 1.8.7 (2011-06-30 patchlevel 352) [x86_64-linux]
[root@puppet yum.repos.d]# ruby -v //# 检查ruby版本
ruby 1.8.7 (2011-06-30 patchlevel 352) [x86_64-linux]
master:
复制代码
代码如下:yum -y install puppet-server
agent:
复制代码
代码如下:yum -y install puppet
六、puppet配置文件(看到外面很多的文档又是[main] [agent] [master] 把我都绕晕了 我就直接贴我的配置文件 很简单要改的东西很少)
1、master端的配置文件
复制代码
代码如下:[root@pupet ~]# cd /etc/puppet/
[root@pupet puppet]# cat puppet.conf
[main]
vardir = /var/lib/puppet // # 用来存放缓存数据、配置、客户端返回的报告及文件备份
logdir = /var/log/puppet
rundir = /var/run/puppet
ssldir = $vardir/ssl // # 签发认证文件目录
[master]
reports = foreman,console,log // # 发送报告至console,foreman,log
certname = puppet.domain.com // # 配置主机名是puppet.domain.com
pluginsync = true // # 开启插件同步
environment = production // # 指定运行环境是生产
# /etc/init.d/puppetmaster start 启动puppetmaster
[root@pupet puppet]# cat puppet.conf
[main]
vardir = /var/lib/puppet // # 用来存放缓存数据、配置、客户端返回的报告及文件备份
logdir = /var/log/puppet
rundir = /var/run/puppet
ssldir = $vardir/ssl // # 签发认证文件目录
[master]
reports = foreman,console,log // # 发送报告至console,foreman,log
certname = puppet.domain.com // # 配置主机名是puppet.domain.com
pluginsync = true // # 开启插件同步
environment = production // # 指定运行环境是生产
# /etc/init.d/puppetmaster start 启动puppetmaster
2、agent端的配置文件
复制代码
代码如下:[root@agent ~]# cd /etc/puppet/
[root@agent puppet]# cat puppet.conf
[main]
logdir = /var/log/puppet
rundir = /var/run/puppet
ssldir = $vardir/ssl
pluginsync = true
[agent]
classfile = $vardir/classes.txt
localconfig = $vardir/localconfigs
#runinterval = 300
listen = true
report = true
server = puppet.domain.com // #指定server端
# /etc/init.d/puppet start 启动puppet agent
[root@agent puppet]# cat puppet.conf
[main]
logdir = /var/log/puppet
rundir = /var/run/puppet
ssldir = $vardir/ssl
pluginsync = true
[agent]
classfile = $vardir/classes.txt
localconfig = $vardir/localconfigs
#runinterval = 300
listen = true
report = true
server = puppet.domain.com // #指定server端
# /etc/init.d/puppet start 启动puppet agent
七、puppet验证
1、客户端发起验证
复制代码
代码如下:[root@agent1 yum.repos.d]# puppet agent --test --server puppet.domain.com
Info: Caching certificate for ca
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for agent1.domain.com
Info: Certificate Request fingerprint (SHA256): C0:BB:24:3B:4B:59:F1:63:3D:EA:C1:EB:5B:2D:84:68:23:BA:F3:3D:0A:E6:8C:0E:38:3F:9E:F3:40:24:9A:68
Info: Caching certificate for ca
Exiting; no certificate found and waitforcert is disabled
2、服务端查看
复制代码
代码如下:[root@puppet puppet]# puppet cert --list --all
"agent1.domain.com" (SHA256) C0:BB:24:3B:4B:59:F1:63:3D:EA:C1:EB:5B:2D:84:68:23:BA:F3:3D:0A:E6:8C:0E:38:3F:9E:F3:40:24:9A:68
+ "puppet.domain.com" (SHA256) AF:F9:25:75:0F:3A:C5:E2:B5:71:EE:4E:65:82:7A:C1:3E:20:74:EF:57:2D:2D:1D:E5:47:1D:03:76:A5:5C:07 (alt names: "DNS:puppet", "DNS:puppet.domain.com")
3、服务端完成验证(显示+号代表添加进来了 没有的话是带添加的主机)
复制代码
代码如下:[root@puppet puppet]# puppet cert sign agent1.domain.com
Notice: Signed certificate request for agent1.domain.com
Notice: Removing file Puppet::SSL::CertificateRequest agent1.domain.com at '/var/lib/puppet/ssl/ca/requests/agent1.domain.com.pem'
复制代码
代码如下:[root@puppet puppet]# puppet cert --list --all
+ "agent1.domain.com" (SHA256) 70:00:4D:89:53:2B:A4:C4:16:C4:DA:F1:63:59:5A:7A:0C:26:47:3B:74:4D:1C:29:C3:1B:BF:2E:B1:F4:89:D5
+ "puppet.domain.com" (SHA256) AF:F9:25:75:0F:3A:C5:E2:B5:71:EE:4E:65:82:7A:C1:3E:20:74:EF:57:2D:2D:1D:E5:47:1D:03:76:A5:5C:07 (alt names: "DNS:puppet", "DNS:puppet.domain.com")
4、服务端自动验证配置
复制代码
代码如下:vi /etc/puppet/puppet.conf // # 添加自动验证配置文件路径并开启
autosign = $confdir/autosign.conf { mode = 664 }
auto = true
vi /etc/puppet/autosign.conf // # 指定所有以.domain.com结尾的主机名自动添加验证
*.domain.com
autosign = $confdir/autosign.conf { mode = 664 }
auto = true
vi /etc/puppet/autosign.conf // # 指定所有以.domain.com结尾的主机名自动添加验证
*.domain.com
5、master取消授权
复制代码
代码如下:puppet cert --revoke agent1.domain.com
6、master删除授权
在master端:
复制代码
代码如下:puppet cert --clean agent1.domain.com
在agent端:
复制代码
代码如下:find /var/lib/puppet/ssl/ -iname 'hostname'.pem -exec /bin/rm –rf {}
八、测试puppet文件推送功能
master端:
相关内容
- 和平精英特斯拉能赠送别人吗 徽章转赠好友条件_手机游戏_游戏攻略_
- 最强蜗牛最新密令 最强蜗牛7月份密令_手机游戏_游戏攻略_
- 和平精英七夕军需甜蜜誓言多少钱 七夕军需甜蜜誓言售价一览_手机游戏_游戏攻略_
- 光遇日月岛怎么进单人 光遇日月岛进入方法_手机游戏_游戏攻略_
- 解神者X2饕餮怎么打 解神者X2饕餮无伤打法_手机游戏_游戏攻略_
- 最强蜗牛各功能解锁条件 最强蜗牛全功能解锁攻略_手机游戏_游戏攻略_
- 光遇先祖最优兑换顺序推荐 先祖兑换图_手机游戏_游戏攻略_
- 香肠派对三周年活动有哪些 三周年狂欢庆典福利一览_手机游戏_游戏攻略_
- 最强蜗牛教皇给什么奖励 教皇奖励介绍_手机游戏_游戏攻略_
- 第五人格雕刻家什么时候上线 雕刻家背景故事介绍_手机游戏_游戏攻略_
点击排行
本栏推荐
