Puppet+foreman 本地yum安装手册
server:
192.168.9.248 szpuppet.server.com
agent:
192.168.9.143 zabbix
操作系统:CentOS6.4
本地yum
[root@szpuppet yum.repos.d]# cat rhle64_centos.repo
[foreman]
name=Foreman
baseurl=file:///root/foreman-repo-master/foreman
enabled=1
gpgcheck=0
[puppet]
name=puppet
baseurl=file:///root/foreman-repo-master/puppet-el6
enabled=1
gpgcheck=0
[rhel]
name=Red Hat Enterprise Linux Server
baseurl=file:///var/ftp/pub/Server
enabled=1
gpgcheck=0
采用hosts解析,所以要修改/etc/hosts
*******************************************************************************
安装puppetmaster (服务器端)
安装puppetmaster,并生成CA和证书
# yum install puppet puppet-server facter
# vi /etc/puppet/puppet.conf
[main]
# The Puppet log directory.
# The default value is '$vardir/log'.
logdir = /var/log/puppet
# Where Puppet PID files are kept.
# The default value is '$vardir/run'.
rundir = /var/run/puppet
# Where SSL certificates are kept.
# The default value is '$confdir/ssl'.
ssldir = $vardir/ssl
server = szpuppet.server.com
certname = szpuppet.server.com
pluginsync = false
[agent]
# The file in which puppetd stores a list of the classes
# associated with the retrieved configuratiion. Can be loaded in
# the separate ``puppet`` executable using the ``--loadclasses``
# option.
# The default value is '$confdir/classes.txt'.
classfile = $vardir/classes.txt
# Where puppetd caches the local configuration. An
# extension indicating the cache format is added automatically.
# The default value is '$confdir/localconfig'.
localconfig = $vardir/localconfig
server = szpuppet.server.com
pluginsync = false
[master]
environmentpath = /etc/puppet/environments
basemodulepath = /etc/puppet/modules:/usr/share/puppet/modules
environment_timeout = 10
# /etc/init.d/puppetmaster start
Starting puppetmaster: [ OK ]
# puppet cert --list --all
+ "puppetmaster162.kisspuppet.com" (SHA256) 2E:B3:73:4F:CD:EE:0C:64:2C:DF:24:E6:D3:62:F3:1C:AC:A3:28:60:67:1D:0C:8C:C5:CA:68:5B:4B:2F:49:B9 (alt names: "DNS:puppet", "DNS:puppet.kisspuppet.com", "DNS:puppetmaster162.kisspuppet.com")
测试puppetmaster是否能够正常使用
# puppet agent -t
Info: Caching catalog for szpuppet.server.com
Info: Applying configuration version '1435911393'
Info: Creating state file /var/lib/puppet/state/state.yaml
Notice: Finished catalog run in 0.02 seconds
*******************************************************************************
安装puppet agent (客户端)
# yum install puppet
# vi /etc/puppet/puppet.conf
[main]
# The Puppet log directory.
# The default value is '$vardir/log'.
logdir = /var/log/puppet
# Where Puppet PID files are kept.
# The default value is '$vardir/run'.
rundir = /var/run/puppet
# Where SSL certificates are kept.
# The default value is '$confdir/ssl'.
ssldir = $vardir/ssl
server = szpuppet.server.com
pluginsync = false
[agent]
# The file in which puppetd stores a list of the classes
# associated with the retrieved configuratiion. Can be loaded in
# the separate ``puppet`` executable using the ``--loadclasses``
# option.
# The default value is '$confdir/classes.txt'.
classfile = $vardir/classes.txt
# Where puppetd caches the local configuration. An
# extension indicating the cache format is added automatically.
# The default value is '$confdir/localconfig'.
localconfig = $vardir/localconfig
server = szpuppet.server.com
pluginsync = false
# puppet agent
# ps -ef | grep puppet
root 15447 1 1 16:25 ? 00:00:02 /usr/bin/ruby /usr/bin/puppet agent
root 15510 15277 0 16:28 pts/0 00:00:00 grep puppet
# puppet agent -t
Exiting; no certificate found and waitforcert is disabled
未授权证书
*******************************************************************************
证书认证
相server申请证书
客户端运行:
# puppet agent --server szpuppet.server.com
服务器端运行:
(单个授权证书)
# puppet cert sign zabbix
Notice: Signed certificate request for zabbix
Notice: Removing file Puppet::SSL::CertificateRequest zabbix at '/var/lib/puppet/ssl/ca/requests/zabbix.pem'
(全部授权证书)
#puppet cert sign --all
(查看所有证书)
# puppet cert -all
+ "szpuppet.server.com" (SHA256) 12:19:BA:72:5E:AB:7B:FA:2F:DD:38:6D:62:34:E7:38:B3:EA:E0:F9:03:35:84:BE:09:96:14:26:C4:F7:86:C1 (alt names: "DNS:puppet", "DNS:puppet.server.com", "DNS:szpuppet.server.com")
+ "zabbix" (SHA256) 46:E0:6F:0B:14:64:0C:C3:ED:4D:AA:A0:7B:78:C6:CE:EB:91:C4:9F:24:6A:DD:1D:CA:AD:1D:1E:06:BF:06:8C
*******************************************************************************
验证通信:
server端:
# cd /etc/puppet/manifests/
# ll
total 0
# vi site.pp
node default{
file { "/tmp/test.txt":
content => "Hello,agent,this is puppet test!n"}
#/etc/init.d/puppetmaster restart
agent端:
# puppet agent --server szpuppet.server.com --test
Info: Caching catalog for zabbix
Info: Applying configuration version '1436146178'
Notice: /Stage[main]/Main/Node[default]/File[/tmp/test.txt]/content:
--- /tmp/test.txt 2015-07-03 16:43:33.144433003 +0800
+++ /tmp/puppet-file20150706-10930-1ipgx7i-0 2015-07-06 09:29:38.775285552 +0800
@@ -0,0 +1 @@
+Hello,agent,this is puppet test!n
\ No newline at end of file
Info: /Stage[main]/Main/Node[default]/File[/tmp/test.txt]: Filebucketed /tmp/test.txt to puppet with sum d41d8cd98f00b204e9800998ecf8427e
Notice: /Stage[main]/Main/Node[default]/File[/tmp/test.txt]/content: content changed '{md5}d41d8cd98f00b204e9800998ecf8427e' to '{md5}fda5a8abd3ca710bc39ce6c90b25cb73'
Notice: Finished catalog run in 0.14 seconds
更多应用举例,请参考puppet配置一文
*******************************************************************************
安装Foreman
通过foreman-installer安装foreman
# yum install foreman-installer
foreman默认安装选择的数据库为postgresql,这里选用mysql进行安装。
注意:openssl版本要升级到1.0.1e版本
安装包
# rpm -ivh ruby193-runtime-1-6.el6.x86_64.rpm
# rpm -ivh centos-release-SCL-6-5.el6.centos.x86_64.rpm
保证只有原来一个yum
#rm -rf /etc/yum.repos.d/CentOS-SCL.repo
# yum install foreman mod_passenger mod_ssl ruby193-rubygem-passenger-native mysql mysql-server foreman-mysql2
#
...
Updated:
openssl.x86_64 0:1.0.1e-15.el6
Replaced:
ruby193-v8.x86_64 1:3.14.5.10-2.el6
Complete!
安装foreman-proxy及依赖包
# yum install tftp-server syslinux foreman-proxy
只代理puppet和puppetCA,可以通过以下方式安装
#foreman-installer --enable-foreman --enable-foreman-proxy --enable-puppet --puppet-server=true --foreman-proxy-puppetrun=true --foreman-proxy-puppetca=true --foreman-configure-epel-repo=false --foreman-proxy-register-in-foreman=false
Could not start Service[httpd]: Execution of '/sbin/service httpd start' returned 1: Starting httpd: [Mon Jul 06 10:33:12 2015] [warn] module passenger_module is already loaded, skipping
/Stage[main]/Apache::Service/Service[httpd]/ensure: change from stopped to running failed: Could not start Service[httpd]: Execution of '/sbin/service httpd start' returned 1: Starting httpd: [Mon Jul 06 10:33:12 2015] [warn] module passenger_module is already loaded, skipping
Installing --- /etc/foreman-proxy/settings.d/puppet.ymlser[f2014- [99%] [.............................................Installing Done [100%] [..............................................]
Something went wrong! Check the log for ERROR-level output
* Foreman is running at https://szpuppet.server.com
Initial credentials are admin / krz9RbinLp4jasAe
* Foreman Proxy is running at https://szpuppet.server.com:8443
* Puppetmaster is running at port 8140
The full log is at /var/log/foreman-installer/foreman-installer.log
httpd启动失败,端口被占用了
修改一下端口
代理TFTP, DNS, DHCP, Puppet, and Puppet CA,并且puppetmaster会以apache+passenger的方式安装运行。
#foreman-installer --enable-foreman --enable-foreman-proxy --enable-puppet --puppet-server=true --foreman-proxy-puppetrun=true --foreman-proxy-puppetca=true --foreman-proxy-dhcp=true --foreman-proxy-tftp=true --foreman-proxy-dns=true --foreman-proxy-dns-interface=eth0 --foreman-proxy-dns-zone=kisspuppet.com --foreman-proxy-dns-reverse=10.168.192.in-addr.arpa --foreman-proxy-dns-forwarders=8.8.8.8 --foreman-proxy-dns-forwarders=8.8.4.4 --foreman-configure-epel-repo=false --foreman-proxy-register-in-foreman=false
安装完成之后,通过火狐或者谷歌浏览器访问看是否安装成功https://192.168.9.248
检查foreman、foreman-proxy、puppetmaster是否安装成功
# /etc/init.d/httpd status
httpd (pid 25433) is running...
# /etc/init.d/foreman-proxy status
foreman-proxy (pid 25605) is running...
# netstat -naltp | grep 8443
tcp 0 0 0.0.0.0:8443 0.0.0.0:* LISTEN 25605/ruby
# netstat -naltp | grep 80
tcp 0 0 :::80 :::* LISTEN 25433/httpd
# netstat -naltp | grep 8140
tcp 0 0 :::8140 :::* LISTEN 25433/httpd
基本上安装完成!!
yum包地址:(百度网盘地址)
http://pan.baidu.com/s/1gdxreYv
server:
192.168.9.248 szpuppet.server.com
agent:
192.168.9.143 zabbix
操作系统:CentOS6.4
本地yum
[root@szpuppet yum.repos.d]# cat rhle64_centos.repo
[foreman]
name=Foreman
baseurl=file:///root/foreman-repo-master/foreman
enabled=1
gpgcheck=0
[puppet]
name=puppet
baseurl=file:///root/foreman-repo-master/puppet-el6
enabled=1
gpgcheck=0
[rhel]
name=Red Hat Enterprise Linux Server
baseurl=file:///var/ftp/pub/Server
enabled=1
gpgcheck=0
采用hosts解析,所以要修改/etc/hosts
*******************************************************************************
安装puppetmaster (服务器端)
安装puppetmaster,并生成CA和证书
# yum install puppet puppet-server facter
# vi /etc/puppet/puppet.conf
[main]
# The Puppet log directory.
# The default value is '$vardir/log'.
logdir = /var/log/puppet
# Where Puppet PID files are kept.
# The default value is '$vardir/run'.
rundir = /var/run/puppet
# Where SSL certificates are kept.
# The default value is '$confdir/ssl'.
ssldir = $vardir/ssl
server = szpuppet.server.com
certname = szpuppet.server.com
pluginsync = false
[agent]
# The file in which puppetd stores a list of the classes
# associated with the retrieved configuratiion. Can be loaded in
# the separate ``puppet`` executable using the ``--loadclasses``
# option.
# The default value is '$confdir/classes.txt'.
classfile = $vardir/classes.txt
# Where puppetd caches the local configuration. An
# extension indicating the cache format is added automatically.
# The default value is '$confdir/localconfig'.
localconfig = $vardir/localconfig
server = szpuppet.server.com
pluginsync = false
[master]
environmentpath = /etc/puppet/environments
basemodulepath = /etc/puppet/modules:/usr/share/puppet/modules
environment_timeout = 10
# /etc/init.d/puppetmaster start
Starting puppetmaster: [ OK ]
# puppet cert --list --all
+ "puppetmaster162.kisspuppet.com" (SHA256) 2E:B3:73:4F:CD:EE:0C:64:2C:DF:24:E6:D3:62:F3:1C:AC:A3:28:60:67:1D:0C:8C:C5:CA:68:5B:4B:2F:49:B9 (alt names: "DNS:puppet", "DNS:puppet.kisspuppet.com", "DNS:puppetmaster162.kisspuppet.com")
测试puppetmaster是否能够正常使用
# puppet agent -t
Info: Caching catalog for szpuppet.server.com
Info: Applying configuration version '1435911393'
Info: Creating state file /var/lib/puppet/state/state.yaml
Notice: Finished catalog run in 0.02 seconds
*******************************************************************************
安装puppet agent (客户端)
# yum install puppet
# vi /etc/puppet/puppet.conf
[main]
# The Puppet log directory.
# The default value is '$vardir/log'.
logdir = /var/log/puppet
# Where Puppet PID files are kept.
# The default value is '$vardir/run'.
rundir = /var/run/puppet
# Where SSL certificates are kept.
# The default value is '$confdir/ssl'.
ssldir = $vardir/ssl
server = szpuppet.server.com
pluginsync = false
[agent]
# The file in which puppetd stores a list of the classes
# associated with the retrieved configuratiion. Can be loaded in
# the separate ``puppet`` executable using the ``--loadclasses``
# option.
# The default value is '$confdir/classes.txt'.
classfile = $vardir/classes.txt
# Where puppetd caches the local configuration. An
# extension indicating the cache format is added automatically.
# The default value is '$confdir/localconfig'.
localconfig = $vardir/localconfig
server = szpuppet.server.com
pluginsync = false
# puppet agent
# ps -ef | grep puppet
root 15447 1 1 16:25 ? 00:00:02 /usr/bin/ruby /usr/bin/puppet agent
root 15510 15277 0 16:28 pts/0 00:00:00 grep puppet
# puppet agent -t
Exiting; no certificate found and waitforcert is disabled
未授权证书
*******************************************************************************
证书认证
相server申请证书
客户端运行:
# puppet agent --server szpuppet.server.com
服务器端运行:
(单个授权证书)
# puppet cert sign zabbix
Notice: Signed certificate request for zabbix
Notice: Removing file Puppet::SSL::CertificateRequest zabbix at '/var/lib/puppet/ssl/ca/requests/zabbix.pem'
(全部授权证书)
#puppet cert sign --all
(查看所有证书)
# puppet cert -all
+ "szpuppet.server.com" (SHA256) 12:19:BA:72:5E:AB:7B:FA:2F:DD:38:6D:62:34:E7:38:B3:EA:E0:F9:03:35:84:BE:09:96:14:26:C4:F7:86:C1 (alt names: "DNS:puppet", "DNS:puppet.server.com", "DNS:szpuppet.server.com")
+ "zabbix" (SHA256) 46:E0:6F:0B:14:64:0C:C3:ED:4D:AA:A0:7B:78:C6:CE:EB:91:C4:9F:24:6A:DD:1D:CA:AD:1D:1E:06:BF:06:8C
*******************************************************************************
验证通信:
server端:
# cd /etc/puppet/manifests/
# ll
total 0
# vi site.pp
node default{
file { "/tmp/test.txt":
content => "Hello,agent,this is puppet test!n"}
#/etc/init.d/puppetmaster restart
agent端:
# puppet agent --server szpuppet.server.com --test
Info: Caching catalog for zabbix
Info: Applying configuration version '1436146178'
Notice: /Stage[main]/Main/Node[default]/File[/tmp/test.txt]/content:
--- /tmp/test.txt 2015-07-03 16:43:33.144433003 +0800
+++ /tmp/puppet-file20150706-10930-1ipgx7i-0 2015-07-06 09:29:38.775285552 +0800
@@ -0,0 +1 @@
+Hello,agent,this is puppet test!n
\ No newline at end of file
Info: /Stage[main]/Main/Node[default]/File[/tmp/test.txt]: Filebucketed /tmp/test.txt to puppet with sum d41d8cd98f00b204e9800998ecf8427e
Notice: /Stage[main]/Main/Node[default]/File[/tmp/test.txt]/content: content changed '{md5}d41d8cd98f00b204e9800998ecf8427e' to '{md5}fda5a8abd3ca710bc39ce6c90b25cb73'
Notice: Finished catalog run in 0.14 seconds
更多应用举例,请参考puppet配置一文
*******************************************************************************
安装Foreman
通过foreman-installer安装foreman
# yum install foreman-installer
foreman默认安装选择的数据库为postgresql,这里选用mysql进行安装。
注意:openssl版本要升级到1.0.1e版本
安装包
# rpm -ivh ruby193-runtime-1-6.el6.x86_64.rpm
# rpm -ivh centos-release-SCL-6-5.el6.centos.x86_64.rpm
保证只有原来一个yum
#rm -rf /etc/yum.repos.d/CentOS-SCL.repo
# yum install foreman mod_passenger mod_ssl ruby193-rubygem-passenger-native mysql mysql-server foreman-mysql2
#
...
Updated:
openssl.x86_64 0:1.0.1e-15.el6
Replaced:
ruby193-v8.x86_64 1:3.14.5.10-2.el6
Complete!
安装foreman-proxy及依赖包
# yum install tftp-server syslinux foreman-proxy
只代理puppet和puppetCA,可以通过以下方式安装
#foreman-installer --enable-foreman --enable-foreman-proxy --enable-puppet --puppet-server=true --foreman-proxy-puppetrun=true --foreman-proxy-puppetca=true --foreman-configure-epel-repo=false --foreman-proxy-register-in-foreman=false
Could not start Service[httpd]: Execution of '/sbin/service httpd start' returned 1: Starting httpd: [Mon Jul 06 10:33:12 2015] [warn] module passenger_module is already loaded, skipping
/Stage[main]/Apache::Service/Service[httpd]/ensure: change from stopped to running failed: Could not start Service[httpd]: Execution of '/sbin/service httpd start' returned 1: Starting httpd: [Mon Jul 06 10:33:12 2015] [warn] module passenger_module is already loaded, skipping
Installing --- /etc/foreman-proxy/settings.d/puppet.ymlser[f2014- [99%] [.............................................Installing Done [100%] [..............................................]
Something went wrong! Check the log for ERROR-level output
* Foreman is running at https://szpuppet.server.com
Initial credentials are admin / krz9RbinLp4jasAe
* Foreman Proxy is running at https://szpuppet.server.com:8443
* Puppetmaster is running at port 8140
The full log is at /var/log/foreman-installer/foreman-installer.log
httpd启动失败,端口被占用了
修改一下端口
代理TFTP, DNS, DHCP, Puppet, and Puppet CA,并且puppetmaster会以apache+passenger的方式安装运行。
#foreman-installer --enable-foreman --enable-foreman-proxy --enable-puppet --puppet-server=true --foreman-proxy-puppetrun=true --foreman-proxy-puppetca=true --foreman-proxy-dhcp=true --foreman-proxy-tftp=true --foreman-proxy-dns=true --foreman-proxy-dns-interface=eth0 --foreman-proxy-dns-zone=kisspuppet.com --foreman-proxy-dns-reverse=10.168.192.in-addr.arpa --foreman-proxy-dns-forwarders=8.8.8.8 --foreman-proxy-dns-forwarders=8.8.4.4 --foreman-configure-epel-repo=false --foreman-proxy-register-in-foreman=false
安装完成之后,通过火狐或者谷歌浏览器访问看是否安装成功https://192.168.9.248
检查foreman、foreman-proxy、puppetmaster是否安装成功
# /etc/init.d/httpd status
httpd (pid 25433) is running...
# /etc/init.d/foreman-proxy status
foreman-proxy (pid 25605) is running...
# netstat -naltp | grep 8443
tcp 0 0 0.0.0.0:8443 0.0.0.0:* LISTEN 25605/ruby
# netstat -naltp | grep 80
tcp 0 0 :::80 :::* LISTEN 25433/httpd
# netstat -naltp | grep 8140
tcp 0 0 :::8140 :::* LISTEN 25433/httpd
基本上安装完成!!
yum包地址:(百度网盘地址)
http://pan.baidu.com/s/1gdxreYv
来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/29500582/viewspace-1724261/,如需转载,请注明出处,否则将追究法律责任。
转载于:http://blog.itpub.net/29500582/viewspace-1724261/
7874
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
