puppet自动化运维之puppet安装篇
2014-04-24 10:34
357 查看
摘要: 个人近期将发布puppet自动化运维的亲身实战,有很多来之网上的文档,特别是http://kisspuppet.com和《Puppet实战》的。此次推出puppet的安装过程,欢迎网友指正。
puppet自动化运维之puppet安装篇
注:要在安装软件以前先设置主机名,因为生成证书的时候要把主机名写入证书,如果证书生成好了再改主机名,就连不上,这是很多初学者遇到问题。每个客户端的证书要经过根证书签名才能和服务器连接。
本次的测试,仅有一台puppet master和puppet agent,但适用任何的构架。
服务端ip: 192.168.10.1 hostname:master.perofu.com
客户端ip: 192.168.10.3 hostname:client.perofu.com
注:ruby必须是1.8.5的,以上的不兼容,大家都这么说。
本文的ip和上面的不一样,但这不影响实验效果。
echo "192.168.10.1 master.perofu.com" >>/etc/hosts
echo "192.168.10.3 client.perofu.com" >>/etc/hosts
…
②.配置主机名:
hostname master.perofu.com
vi /etc/sysconfig/network
HOSTNAME=master.perofu.com
③.安装ruby1.8.5,(1.8.6)不支持:
yum -y install ruby ruby-libs ruby-rdoc ruby-irb
注:如果需要查看帮助文档,才需要安装ruby-rdoc ruby-irb
④.安装NTP同步时间,统一master和client上的时间:
yum install ntp -y
chkconfig --level 35 ntpd on
crontab -e
10 5 * * * root /usr/sbin/ntpdate time.nist.gov &> /dev/null ; /sbin/hwclock -w
service crond restart
ntpdate pool.ntp.org; hwclock -w
注:每天凌晨5点10分同步time.nist.gov,并将 Linux 时间写入 BIOS时。
如果master和client的时间不一致,在证书验证环节,就不能成功。
⑤.安装facter:
tar -axf facter-latest.tgz -C /usr/local/src/
cd /usr/local/src/facter-1.6.8/
ruby install.rb
⑥.安装puppet:
tar -axf puppet-2.6.3.tar.gz -C /usr/local/src/
cd /usr/local/src/puppet-2.6.3/
ruby install.rb
mkdir -p /etc/puppet/manifests
cp conf/auth.conf /etc/puppet/
cp conf/redhat/fileserver.conf /etc/puppet/
cp conf/redhat/puppet.conf /etc/puppet/
cp conf/redhat/server.init /etc/init.d/puppetmaster
chmod +x /etc/init.d/puppetmaster
chkconfig --add puppetmaster
chkconfig puppetmaster on
puppetmasterd --mkusers #生成pupput用户,#如出现错误,则执行groupadd puppet;useradd -g puppet puppet
mkdir -p /var/lib/puppet/rrd
chown puppet:puppet /var/lib/puppet/rrd
/etc/init.d/puppetmaster start #启动
netstat -anplt |gerp :8140 #是否已启动
echo "192.168.10.1 master.perofu.com" >>/etc/hosts
echo "192.168.10.3 client.perofu.com" >>/etc/hosts
②.配置主机名:
hostname client.perofu.com
vi /etc/sysconfig/network
HOSTNAME=client.perofu.com
③.安装ruby1.8.5,(1.8.6不支持):
yum -y install ruby ruby-libs ruby-rdoc ruby-irb
注:如果需要查看帮助文档,才需要安装ruby-rdoc ruby-irb。
④.安装NTP同步时间,统一master和client上的时间:
yum install ntp -y
chkconfig --level 35 ntpd on
crontab -e
10 5 * * * root /usr/sbin/ntpdate time.nist.gov &> /dev/null ; /sbin/hwclock -w
service crond restart
ntpdate pool.ntp.org; hwclock -w
注:每天凌晨5点10分同步time.nist.gov,并将 Linux 时间写入 BIOS时。
如果master和client的时间不一致,在证书验证环节,就不能成功。
⑤.安装facter:
tar -axf facter-latest.tgz -C /usr/local/src/
cd /usr/local/src/facter-1.6.8/
ruby install.rb
⑥.安装puppet
tar -axf puppet-2.6.3.tar.gz -C /usr/local/src/
cd /usr/local/src/puppet-2.6.3/
ruby install.rb
mkdir -p /etc/puppet
cp conf/auth.conf /etc/puppet/
cp conf/namespaceauth.conf /etc/puppet/
cp conf/redhat/puppet.conf /etc/puppet/
cp conf/redhat/client.init /etc/init.d/puppet
chmod +x /etc/init.d/puppet
chkconfig --add puppet
chkconfig puppet on
puppetd --mkusers #如出现错误,则执行groupadd puppet;useradd -g puppet puppet
mkdir -p /var/lib/puppet/rrd
chown puppet:puppet /var/lib/puppet/rrd
/etc/init.d/puppet start
puppetca -s 证书名 #签收指定的证书
puppetca -s -a #签收所有未签收的证书
import "test.pp"
vi /etc/puppet/manifest/test.pp
file { "/tmp/testfile":
ensure => present,
mode => 644,
owner => root,
group => root
}
/etc/init.d/puppetmaster restart #第一次创建site.pp,必须重启
#请求服务器的/etc/puppet/manifests/下的内容。
⑥.报错之certificate verify failed:
问题:
解决:
至此,puppet安装篇就结束了,接下来的是puppet资源的学习,请听下回分解!!!
puppet自动化运维之puppet安装篇
注:要在安装软件以前先设置主机名,因为生成证书的时候要把主机名写入证书,如果证书生成好了再改主机名,就连不上,这是很多初学者遇到问题。每个客户端的证书要经过根证书签名才能和服务器连接。
本次的测试,仅有一台puppet master和puppet agent,但适用任何的构架。
0、安装前提
系统配置:centos x86_64 6.x 最小化安装+ Developtool服务端ip: 192.168.10.1 hostname:master.perofu.com
客户端ip: 192.168.10.3 hostname:client.perofu.com
注:ruby必须是1.8.5的,以上的不兼容,大家都这么说。
本文的ip和上面的不一样,但这不影响实验效果。
1、服务器端安装
①.将服务端和所有的客户端的主机名写入/etc/hosts:echo "192.168.10.1 master.perofu.com" >>/etc/hosts
echo "192.168.10.3 client.perofu.com" >>/etc/hosts
…
②.配置主机名:
hostname master.perofu.com
vi /etc/sysconfig/network
HOSTNAME=master.perofu.com
③.安装ruby1.8.5,(1.8.6)不支持:
yum -y install ruby ruby-libs ruby-rdoc ruby-irb
注:如果需要查看帮助文档,才需要安装ruby-rdoc ruby-irb
④.安装NTP同步时间,统一master和client上的时间:
yum install ntp -y
chkconfig --level 35 ntpd on
crontab -e
10 5 * * * root /usr/sbin/ntpdate time.nist.gov &> /dev/null ; /sbin/hwclock -w
service crond restart
ntpdate pool.ntp.org; hwclock -w
注:每天凌晨5点10分同步time.nist.gov,并将 Linux 时间写入 BIOS时。
如果master和client的时间不一致,在证书验证环节,就不能成功。
⑤.安装facter:
tar -axf facter-latest.tgz -C /usr/local/src/
cd /usr/local/src/facter-1.6.8/
ruby install.rb
⑥.安装puppet:
tar -axf puppet-2.6.3.tar.gz -C /usr/local/src/
cd /usr/local/src/puppet-2.6.3/
ruby install.rb
mkdir -p /etc/puppet/manifests
cp conf/auth.conf /etc/puppet/
cp conf/redhat/fileserver.conf /etc/puppet/
cp conf/redhat/puppet.conf /etc/puppet/
cp conf/redhat/server.init /etc/init.d/puppetmaster
chmod +x /etc/init.d/puppetmaster
chkconfig --add puppetmaster
chkconfig puppetmaster on
puppetmasterd --mkusers #生成pupput用户,#如出现错误,则执行groupadd puppet;useradd -g puppet puppet
mkdir -p /var/lib/puppet/rrd
chown puppet:puppet /var/lib/puppet/rrd
/etc/init.d/puppetmaster start #启动
netstat -anplt |gerp :8140 #是否已启动
2、客户端安装
①.将服务端和自己的客户端的主机名写入/etc/hosts:echo "192.168.10.1 master.perofu.com" >>/etc/hosts
echo "192.168.10.3 client.perofu.com" >>/etc/hosts
②.配置主机名:
hostname client.perofu.com
vi /etc/sysconfig/network
HOSTNAME=client.perofu.com
③.安装ruby1.8.5,(1.8.6不支持):
yum -y install ruby ruby-libs ruby-rdoc ruby-irb
注:如果需要查看帮助文档,才需要安装ruby-rdoc ruby-irb。
④.安装NTP同步时间,统一master和client上的时间:
yum install ntp -y
chkconfig --level 35 ntpd on
crontab -e
10 5 * * * root /usr/sbin/ntpdate time.nist.gov &> /dev/null ; /sbin/hwclock -w
service crond restart
ntpdate pool.ntp.org; hwclock -w
注:每天凌晨5点10分同步time.nist.gov,并将 Linux 时间写入 BIOS时。
如果master和client的时间不一致,在证书验证环节,就不能成功。
⑤.安装facter:
tar -axf facter-latest.tgz -C /usr/local/src/
cd /usr/local/src/facter-1.6.8/
ruby install.rb
⑥.安装puppet
tar -axf puppet-2.6.3.tar.gz -C /usr/local/src/
cd /usr/local/src/puppet-2.6.3/
ruby install.rb
mkdir -p /etc/puppet
cp conf/auth.conf /etc/puppet/
cp conf/namespaceauth.conf /etc/puppet/
cp conf/redhat/puppet.conf /etc/puppet/
cp conf/redhat/client.init /etc/init.d/puppet
chmod +x /etc/init.d/puppet
chkconfig --add puppet
chkconfig puppet on
puppetd --mkusers #如出现错误,则执行groupadd puppet;useradd -g puppet puppet
mkdir -p /var/lib/puppet/rrd
chown puppet:puppet /var/lib/puppet/rrd
/etc/init.d/puppet start
3、证书验证
①.服务端发送证书请求:
puppetd --test --server master.perofu.com| [root@client ~]# puppetd --test --server master.perofu.com warning: peer certificate won't be verified in this SSL session info: Caching certificate for ca warning: peer certificate won't be verified in this SSL session warning: peer certificate won't be verified in this SSL session info: Creating a new SSL certificate request for client.perofu.com info: Certificate Request fingerprint (md5): 01:D3:C8:57:79:5B:C1:86:55:97:A6:44:4D:48:2E:67 warning: peer certificate won't be verified in this SSL session warning: peer certificate won't be verified in this SSL session warning: peer certificate won't be verified in this SSL session Exiting; no certificate found and waitforcert is disabled |
②.为客户端签名证书,仅对某个客户端第一次使用:
puppetca -l #查看未签收的证书puppetca -s 证书名 #签收指定的证书
puppetca -s -a #签收所有未签收的证书
| [root@master ~]# puppetca -s -a notice: Signed certificate request for client.perofu.com notice: Removing file Puppet::SSL::CertificateRequest client.perofu.com at '/var/lib/puppet/ssl/ca/requests/client.perofu.com.pem' |
③.在服务端建立puppet的site.pp:
vi /etc/puppet/manifests/site.ppimport "test.pp"
vi /etc/puppet/manifest/test.pp
file { "/tmp/testfile":
ensure => present,
mode => 644,
owner => root,
group => root
}
/etc/init.d/puppetmaster restart #第一次创建site.pp,必须重启
④.签过之后,客户端再次向服务器发起请求:
puppetd --test --server master.perofu.com| [root@client ~]# puppetd --test --server master.perofu.com info: Caching catalog for master.perofu.com info: Applying configuration version '1386457551' notice: /Stage[main]//File[/tmp/testfile]/ensure: created info: Creating state file /var/lib/puppet/state/state.yaml notice: Finished catalog run in 0.02 seconds |
⑤.检测master和client的证书是否一致:
| #服务端: [root@master ~]# md5sum /var/lib/puppet/ssl/ca/signed/client.perofu.com.pem c979523db046a665468dbd735107e55f /var/lib/puppet/ssl/ca/signed/client.perofu.com.pem #客服端: [root@client ~]# md5sum /var/lib/puppet/ssl/certs/client.perofu.com.pem c979523db046a665468dbd735107e55f /var/lib/puppet/ssl/certs/client.perofu.com.pem |
⑥.报错之certificate verify failed:
问题:| err: /File[/var/lib/puppet/lib]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed err: /File[/var/lib/puppet/lib]: Failed to retrieve current state of resource: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed Could not retrieve file metadata for puppet://puppet.example.com/plugins: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed err: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed |
| #1.可能是时间不同步,请在master和agent上执行: ntpdate pool.ntp.org; hwclock –w #2.在master和agent上删除现有的证书,在重新验证,即可: find /var/lib/puppet/ssl -type f -print0 |xargs -0r rm |
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- centos6.5环境自动化运维之puppet实现nginx反向代理功能及puppet安装配置详解
- 自动化运维之 - puppet 服务端安装
- centos6.5环境自动化运维之puppet实现nginx反向代理功能及puppet安装配置详解
- puppet自动化运维工具安装配置
- 自动化运维工具puppet安装配置
- 自动化运维工具puppet安装配置
- 自动化运维之 - puppet client端安装
- 自动化运维工具puppet安装配置
- 自动化运维管理平台puppet安装
- puppet运维自动化配置安装学习
- 自动化运维三贱客之 Puppet 安装
- 自动化运维工具puppet安装配置
- 自动化运维工具 puppet安装部署
- 自动化运维puppet整理
- puppet自动化运维之group资源
- 自动化运维平台puppet的高级应用
- 比Ansible更吊的自动化运维工具,自动化统一安装部署自动化部署unifyDeploy0.4版本发布
- 运维系统自动化安装
- 运维自动化管理之puppet + nginx 部署与配置