puppet和ansible的基本安装
2018-06-05 19:20
357 查看
puppet的授权 服务器这里 selinux和firewalld关闭 yum install epel-release (安装仓库) hostnamectl set-hostname master.localdomain(修改主机名) yum install puppet-server [root@localhost signed]# vim /etc/puppet/puppet.conf (添加字段) [master] certname=master.localdomain (指定主服务器) [root@localhost signed]# vim /etc/hosts(添加本地解析) 192.168.1.139 master.localdomain (主服务器) 192.168.1.4 agent1.localdomain (客户端) systemctl rstart puppetmaster(启动服务,一定要加master哦) [root@localhost signed]# ls agent1.pem master.localdomain.pem [root@localhost signed]# pwd /var/lib/puppet/ssl/ca/signed (这个目录下的机器都是授权过的) puppet cert --list(查看当前有那些客户端想要连接服务器) puppet cert --sign "agent1"(允许此机器连接服务器) puppet cert --sign - -all (允许所有机器连接我) 客户端 selinux和firewalld关闭 yum install epel-release (安装仓库) hostnamectl set-hostname agent1.localdomain(修改主机名) yum install puppet(装包) [agent] server = master.localdomain (主服务器) runinterval=10 (每10秒发起一次同步,拉取模式) [root@localhost certificate_requests]# systemctl restart puppetagent(重启,这里一定加上agent) [root@localhost certificate_requests]# ls agent1.localdomain.pem (请求授权文件) [root@localhost certificate_requests]# pwd /var/lib/puppet/ssl/certificate_requests 服务端 [root@localhost requests]# ls (目录查询未授权文件) agent1.pem [root@localhost requests]# puppet cert list(命令查看未授权文件,agent1前面没有+号说明未授权) "agent1" (SHA256) DB:9B:5B:25:D8:BF:B7:9F:7D:25:8E:89:02:F8:F0:4F:92:DB:17:CE:93:2D:47:84:EA:E6:B3:79:D1:9C:7A:B6 [root@localhost requests]# pwd /var/lib/puppet/ssl/ca/requests [root@localhost requests]# puppet cert --sign "agent1"(授权) Notice: Signed certificate request for agent1 Notice: Removing file Puppet::SSL::CertificateRequest agent1 at '/var/lib/puppet/ssl/ca/requests/agent1.pem' [root@localhost requests]# ls [root@localhost requests]# cd .. [root@localhost ca]# ls ca_crl.pem ca_crt.pem ca_key.pem ca_pub.pem inventory.txt private requests serial signed [root@localhost ca]# cd signed/(在已授权目录下找到了agent1,现在可以互相通信了) [root@localhost signed]# ls agent1.pem master.localdomain.pem 来个问题:如果有好几十台机器请求认证授权,服务器怎么办? 当然:puppet cert --sign - -all (允许所有机器连接我)可以解决 但是:我想要服务器通过了自定义的格式自动授权通过定义的节点怎么办? [root@localhost signed]# vim /etc/puppet/puppet.conf [master] certname=master.localdomain autosign=true (添加参数,开启自动授权) autosign=/etc/puppet/autosign.conf (自定义格式文件存放位置) [root@localhost signed]# vim /etc/puppet/autosign.conf *.1 (这里自定义,这个*.1的意思是必须以.1结尾的文件,我自动授权) [root@localhost signed]# systemctl restart puppetmaster(重启) 如果非正常退出节点,再次启动客户端可能会出现一种进程锁的报错,删掉文件重启即可。 配置文件 /etc/puppet/manifests/site.pp (全局入口文件,每次同步最先查找的文件。) ansible安装 服务端 yum install -y ansible [root@localhost ansible]# ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Created directory '/root/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: ba:6c:15:b5:ec:54:11:7e:01:3f:8d:46:5f:9e:b3:6d root@master.localdomain The key's randomart image is: +--[ RSA 2048]----+ | ++o .| | ...o *o| | o o. *o+| | . + o .+| | S+ .E| | .. . . | | .. | | ... | | .o | +-----------------+ [root@localhost ansible]# cd /root/.ssh/ [root@localhost .ssh]# ls id_rsa id_rsa.pub (生成公钥私钥) [root@localhost .ssh]# ssh-copy-id root@192.168.1.4(将公钥写入到1.4/root/.ssh/authorized_keys) [root@localhost ansible]# vim /etc/ansible/ansible.cfg private_key_file = /root/.ssh/id_rsa (指定私钥存放路径) [root@localhost ansible]# vim /etc/ansible/hosts [servers] 192.168.1.4 (定义主机组) [root@localhost ansible]# ansible servers -m ping (基本的ping测试) 192.168.1.4 | SUCCESS => { "changed": false, "ping": "pong" }
ok。。
相关文章推荐
- ansible和puppet的安装和比较
- ansible安装基本使用
- ansible安装配置和基本使用 推荐
- Ansible:简介与基本安装
- ansible安装和基本使用方法
- Ansible1:简介与基本安装
- Ansible1: 简介与基本安装
- 第三十六课 ansible基本应用和corosync群集基础及安装配置
- Ansible基本说明及安装
- [App] Ansible 基本安装
- ansible安装和基本使用
- ansible 安装及基本使用
- Ansible1:简介与基本安装【转】
- Ansible 源码安装与基本使用
- ansible 安装与基本功能的使用
- Ansible 源码安装与基本使用
- neo4j图数据库安装以及基本操作命令
- Linux下网站搭建(2)---Mysql安装和基本操作
- pmwiki 安装和基本配置
- CentOS6.5安装ansible