一、系统环境:Centos6.4 x86_64192.168.6.171 puppet.domain.com192.168.6.173 agent1.domian.com
二、关闭selinux 和 iptables(我这里是测试环境,也可以增加puppet端口8140)复制代码代码如下:setenforce 0 /etc/init.d/iptables stop && chkconfig iptables off
三、更改主机名、使用host解析复制代码代码如下:[root@test ~]# cat /etc/sysconfig/network // # 192.168.6.171NETWORKING=yesNETWORKING_IPV6=noHOSTNAME=puppet.domain.com [root@test ~]# cat /etc/hosts192.168.6.171 puppet.domain.com192.168.6.173 agent1.domain.com [root@test ~]cat /etc/sysconfig/network // # 192.168.6.173NETWORKING=yesNETWORKING_IPV6=noHOSTNAME=agent1.domain.com [root@test ~]# cat /etc/hosts192.168.6.171 puppet.domain.com192.168.6.173 agent1.domain.com
四、安装yum源
1、# 下载地址 https://lug.ustc.edu.cn/wiki/mirrors/help/centos复制代码代码如下:[root@puppet yum.repos.d]# cat CentOS-Base.repo# CentOS-Base.repo## The mirror system uses the connecting IP address of the client and the# update status of each mirror to pick mirrors that are updated to and# geographically close to the client. You should use this for CentOS updates# unless you are manually picking other mirrors.## If the mirrorlist= does not work for you, as a fall back you can try the# remarked out baseurl= line instead.## [base]name=CentOS-$releasever – Base – mirrors.ustc.edu.cnbaseurl=http://mirrors.ustc.edu.cn/centos/$releasever/os/$basearch/#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=osgpgcheck=1gpgkey=http://mirrors.ustc.edu.cn/centos/RPM-GPG-KEY-CentOS-6 #released updates[updates]name=CentOS-$releasever – Updates – mirrors.ustc.edu.cnbaseurl=http://mirrors.ustc.edu.cn/centos/$releasever/updates/$basearch/#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updatesgpgcheck=1gpgkey=http://mirrors.ustc.edu.cn/centos/RPM-GPG-KEY-CentOS-6 #additional packages that may be useful[extras]name=CentOS-$releasever – Extras – mirrors.ustc.edu.cnbaseurl=http://mirrors.ustc.edu.cn/centos/$releasever/extras/$basearch/#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extrasgpgcheck=1gpgkey=http://mirrors.ustc.edu.cn/centos/RPM-GPG-KEY-CentOS-6 #additional packages that extend functionality of existing packages[centosplus]name=CentOS-$releasever – Plus – mirrors.ustc.edu.cnbaseurl=http://mirrors.ustc.edu.cn/centos/$releasever/centosplus/$basearch/#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplusgpgcheck=1enabled=0gpgkey=http://mirrors.ustc.edu.cn/centos/RPM-GPG-KEY-CentOS-6 #contrib – packages by Centos Users[contrib]name=CentOS-$releasever – Contrib – mirrors.ustc.edu.cnbaseurl=http://mirrors.ustc.edu.cn/centos/$releasever/contrib/$basearch/#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=contribgpgcheck=1enabled=0gpgkey=http://mirrors.ustc.edu.cn/centos/RPM-GPG-KEY-CentOS-6
2、安装puppet官方yum源复制代码代码如下:rpm -Uvh http://yum.puppetlabs.com/el/6Server/products/x86_64/puppetlabs-release-6-6.noarch.rpm
五、安装ruby环境(master和agent端都要操作)复制代码代码如下:yum -y install ruby ruby-libs ruby-shadow [root@puppet yum.repos.d]# ruby -v //# 检查ruby版本ruby 1.8.7 (2011-06-30 patchlevel 352) [x86_64-linux]master:复制代码代码如下:yum -y install puppet-server agent:复制代码代码如下:yum -y install puppet
六、puppet配置文件(看到外面很多的文档又是[main] [agent] [master] 把我都绕晕了 我就直接贴我的配置文件 很简单要改的东西很少)
1、master端的配置文件复制代码代码如下:[root@pupet ~]# cd /etc/puppet/ [root@pupet puppet]# cat puppet.conf [main] vardir = /var/lib/puppet // # 用来存放缓存数据、配置、客户端返回的报告及文件备份 logdir = /var/log/puppet rundir = /var/run/puppet ssldir = $vardir/ssl // # 签发认证文件目录 [master] reports = foreman,console,log // # 发送报告至console,foreman,log certname = puppet.domain.com // # 配置主机名是puppet.domain.com pluginsync = true // # 开启插件同步 environment = production // # 指定运行环境是生产 # /etc/init.d/puppetmaster start 启动puppetmaster
2、agent端的配置文件复制代码代码如下:[root@agent ~]# cd /etc/puppet/[root@agent puppet]# cat puppet.conf[main]logdir = /var/log/puppetrundir = /var/run/puppetssldir = $vardir/sslpluginsync = true [agent]classfile = $vardir/classes.txtlocalconfig = $vardir/localconfigs#runinterval = 300listen = truereport = trueserver = puppet.domain.com // #指定server端 # /etc/init.d/puppet start 启动puppet agent
七、puppet验证
1、客户端发起验证复制代码代码如下:[root@agent1 yum.repos.d]# puppet agent –test –server puppet.domain.comInfo: Caching certificate for caInfo: csr_attributes file loading from /etc/puppet/csr_attributes.yamlInfo: Creating a new SSL certificate request for agent1.domain.comInfo: Certificate Request fingerprint (SHA256): C0:BB:24:3B:4B:59:F1:63:3D:EA:C1:EB:5B:2D:84:68:23:BA:F3:3D:0A:E6:8C:0E:38:3F:9E:F3:40:24:9A:68Info: Caching certificate for caExiting; no certificate found and waitforcert is disabled
2、服务端查看复制代码代码如下:[root@puppet puppet]# puppet cert –list –all"agent1.domain.com" (SHA256) C0:BB:24:3B:4B:59:F1:63:3D:EA:C1:EB:5B:2D:84:68:23:BA:F3:3D:0A:E6:8C:0E:38:3F:9E:F3:40:24:9A:68+ "puppet.domain.com" (SHA256) AF:F9:25:75:0F:3A:C5:E2:B5:71:EE:4E:65:82:7A:C1:3E:20:74:EF:57:2D:2D:1D:E5:47:1D:03:76:A5:5C:07 (alt names: "DNS:puppet", "DNS:puppet.domain.com")
3、服务端完成验证(显示+号代表添加进来了 没有的话是带添加的主机)复制代码代码如下:[root@puppet puppet]# puppet cert sign agent1.domain.comNotice: Signed certificate request for agent1.domain.comNotice: Removing file Puppet::SSL::CertificateRequest agent1.domain.com at \’/var/lib/puppet/ssl/ca/requests/agent1.domain.com.pem\’复制代码代码如下:[root@puppet puppet]# puppet cert –list –all+ "agent1.domain.com" (SHA256) 70:00:4D:89:53:2B:A4:C4:16:C4:DA:F1:63:59:5A:7A:0C:26:47:3B:74:4D:1C:29:C3:1B:BF:2E:B1:F4:89:D5+ "puppet.domain.com" (SHA256) AF:F9:25:75:0F:3A:C5:E2:B5:71:EE:4E:65:82:7A:C1:3E:20:74:EF:57:2D:2D:1D:E5:47:1D:03:76:A5:5C:07 (alt names: "DNS:puppet", "DNS:puppet.domain.com")
4、服务端自动验证配置复制代码代码如下:vi /etc/puppet/puppet.conf // # 添加自动验证配置文件路径并开启 autosign = $confdir/autosign.conf { mode = 664 }auto = true vi /etc/puppet/autosign.conf // # 指定所有以.domain.com结尾的主机名自动添加验证 *.domain.com
5、master取消授权复制代码代码如下:puppet cert –revoke agent1.domain.com
6、master删除授权在master端:复制代码代码如下:puppet cert –clean agent1.domain.com在agent端:复制代码代码如下:find /var/lib/puppet/ssl/ -iname \’hostname\’.pem -exec /bin/rm –rf {}
八、测试puppet文件推送功能master端:复制代码代码如下:# 定义一个test模块 [root@puppet test]# pwd/etc/puppet/modules/test[root@puppet test]# lsfiles manifests templates # 自定资源文件 [root@puppet test]# cd manifests/[root@puppet manifests]# lsinit.pp[root@puppet manifests]# cat init.ppclass test {file { \”/tmp/$hostname.txt\”: content => \”hello $hostname.txt\”; }} # 对agent.domain.com节点倒入test模块 [root@puppet nodes]# pwd/etc/puppet/manifests/nodes[root@puppet nodes]# cat agent.domain.com.ppnode \’agent.domain.com\’ {include test} # 入口文件导入所有的节点 [root@puppet manifests]# pwd/etc/puppet/manifests[root@puppet manifests]# cat site.ppimport \”nodes/*.domain.com.pp\”# agent 端复制代码代码如下:[root@agent1 yum.repos.d]# puppet agent –test –server puppet.domain.comNotice: Ignoring –listen on onetime runInfo: Retrieving pluginfactsInfo: Retrieving pluginInfo: Caching catalog for agent1.domain.comInfo: Applying configuration version \’1408524165\’Notice: /Stage[main]/Test/File[/tmp/agent1.txt]/ensure: defined content as \'{md5}7509cca57ec6faec2d5dd2c76a68ea0b\’Notice: Finished catalog run in 0.10 seconds # 验证文件 [root@agent1 yum.repos.d]# cat /tmp/agent1.txthello agent1.txt
安装Puppet foreman
准备工作:
1.在安装foreman之前呢咱们需要安装epel的源否则在执行yum -y install foreman-installer 很多包是安装不上的
复制代码代码如下:rpm -ivh http://mirrors.sohu.com/fedora-epel/6/x86_64/epel-release-6-8.noarch.rpm
一、安装复制代码代码如下:yum -y install http://yum.theforeman.org/releases/1.6/el6/x86_64/foreman-release.rpm // 推荐使用官方的源自动解决依赖问题 yum -y install foreman-installer // # 开始安装 如果发现有的包安装报错需要仔细检查是不是源的问题(推荐epel源) 或者 防火墙 和 selinux
二、运行foreman安装(以下二选其一即可,推荐非交互安装方式)复制代码代码如下:foreman-installer // # 这里所有的过程都是自动的 时间有点长,是太长了 好长…我又邪恶了~~ foreman-installer -i // # 如果需要自定义安装 可以使用 -i 选择交互式安装 详情请参考官方手册 # 貌似每次我安装都会卡在这里,不知道什么原因 我每次都会把它结束掉重新执行foreman-installer 就好了 无解。。 Installing Debug: Package[foreman-postgresql](provider=yum): [22%] [……………….. 5794 ? Ss 0:04 /usr/bin/python /usr/bin/yum -d 0 -e 0 -y install foreman-postgresql // 进程一直卡在这里 # 安装完后可以很清楚的看到httpd启动失败 咱们这里需要手动启动一下 /etc/init.d/httpd start 安装两次都是失败不知道是不是个例 Could not start Service[httpd]: Execution of \’/sbin/service httpd start\’ returned 1: Starting httpd: [FAILED]/Stage[main]/Apache::Service/Service[httpd]/ensure: change from stopped to running failed: Could not start Service[httpd]: Execution of \’/sbin/service httpd start\’ returned 1: Starting httpd: [FAILED] # 启动foreman-proxy /etc/init.d/foreman-proxy start
三、访问web页面# 登录web需要密码这个密码在安装成功后终端会有显示* Foreman is running at https://puppet.domain.comInitial credentials are <strong>admin / sFuCu73KydURMTbi</strong>* Foreman Proxy is running at https://puppet.domain.com:8443* Puppetmaster is running at port 8140The full log is at /var/log/foreman-installer/foreman-installer.log
