Puppet 安装部署


清空 iptables 规则

vim /etc/sysconfig/iptables
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT

设置 ntp

[root@lost1 test]# ntpdate pool.ntp.org
24 Feb 11:24:55 ntpdate[2540]: step time server 202.112.29.82 offset -28798.519271 sec
[root@lost2 test]# ntpdate pool.ntp.org
24 Feb 11:25:00 ntpdate[2648]: step time server 202.112.29.82 offset -28798.248673 sec
[root@lost3 test]# ntpdate pool.ntp.org
24 Feb 11:25:04 ntpdate[3528]: step time server 202.112.29.82 offset -28798.070055 sec

设置 hostname

[root@lost1 test]# vim /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=lost1.com
[root@lost2 test]# vim /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=lost2.com
[root@lost3 test]# vim /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=lost3.com

配置 hosts

10.129.149.149     lost1.com
10.129.149.150     lost2.com
10.129.148.216     lost3.com

官方 yum 地址。
http://yum.puppetlabs.com/
更新 yum 源

wget http://yum.puppetlabs.com/el/6.5/products/x86_64/puppetlabs-release-6-11.noarch.rpm
rpm -ivh puppetlabs-release-6-11.noarch.rpm
yum update

安装 Puppet master

yum install puppet-server
chkconfig --list |grep puppet
chkconfig puppet on
chkconfig --list |grep puppet
chkconfig puppetmaster on
chkconfig --list |grep puppet
service puppetmaster start

安装 Puppet

yum install puppet
chkconfig --list |grep puppet
chkconfig puppet on
chkconfig --list |grep puppet
service puppet start

master 端 puppet.conf 配置

[root@lost1 test]# vim /etc/puppet/puppet.conf
[main]
    logdir = /var/log/puppet
    rundir = /var/run/puppet
    ssldir = $vardir/ssl

[agent]
    classfile = $vardir/classes.txt
    localconfig = $vardir/localconfig

agent 端 puppet.conf 配置

[root@lost2 test]# vim /etc/puppet/puppet.conf
[main]
    logdir = /var/log/puppet
    rundir = /var/run/puppet
    ssldir = $vardir/ssl

[agent]
    classfile = $vardir/classes.txt
    localconfig = $vardir/localconfig
    server = lost1.com

agnet 向 master 发起认证

[root@lost2 test]# puppet agent --test

master 端查看认证状态

[root@lost1 puppet]# puppet cert --list --all
+ "lost1.com" (SHA256) 63:6B:DE:7E:E6:DA:68:71:90:23:42:64:19:9F:A1:36:B7:14:D8:56:3C:8E:AD:C9:E9:2E:DC:4E:81:FF:33:8F (alt names: "DNS:lost1.com", "DNS:puppet", "DNS:puppet.com")
+ "lost2.com" (SHA256) 56:BE:3A:B5:6C:5C:73:7E:31:0C:30:88:49:3E:9D:E5:37:D1:61:F9:C4:6C:66:75:46:0D:6A:4B:6D:8D:A6:99
+ "lost3.com" (SHA256) 8F:53:A5:BC:1E:BA:11:DF:AB:8E:86:C3:C9:5E:9C:F4:F2:67:E6:76:EA:E5:58:13:2D:B2:39:12:79:66:F2:A3

[root@lost1 puppet]# tree /var/lib/puppet/ssl/
/var/lib/puppet/ssl/
├── ca
│   ├── autosign.conf
│   ├── ca_crl.pem
│   ├── ca_crt.pem
│   ├── ca_key.pem
│   ├── ca_pub.pem
│   ├── inventory.txt
│   ├── private
│   │   └── ca.pass
│   ├── requests
│   ├── serial
│   └── signed
│       ├── lost1.com.pem
│       ├── lost2.com.pem
│       └── lost3.com.pem
├── certificate_requests
├── certs
│   ├── ca.pem
│   └── lost1.com.pem
├── crl.pem
├── private
├── private_keys
│   └── lost1.com.pem
└── public_keys
    └── lost1.com.pem
分享:

评论