ntpdate us.pool.ntp.org
crontab -e
0-59/10 * * * * /usr/sbin/ntpdate us.pool.ntp.org | logger -t NTP
puppet不在CentOS的基本源中,需要加入 PuppetLabs 提供的官方源:
[root@master ~]# wget http://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-7.noarch.rpm
[root@master ~]# rpm -ivh puppetlabs-release-6-7.noarch.rpm
[root@master ~]#yum update
[root@master ~]# yum install puppet-server
[root@master ~]# service puppetmaster start
Starting puppetmaster: [ OK ]
在agent上安装puppet客户端
[root@node1 ~]# yum install puppet
[root@node1 ~]# service puppet start
Starting puppet agent: [ OK ]
5.配置puppet,客户端自动认证
master
修改/etc/puppet/puppet.conf,其实只需要main和master配置就可以了。
[root@master-192 requests]# cat /etc/puppet/puppet.conf
[main]
#cache data,report,files backup
vardir = /puppet_data
# The Puppet log directory.
# The default value is '$vardir/log'.
logdir = /puppet_log
# Where Puppet PID files are kept.
# The default value is '$vardir/run'.
rundir = /var/run/puppet
# Where SSL certificates are kept.
# The default value is '$confdir/ssl'.
ssldir = $vardir/ssl
[agent]
# The file in which puppetd stores a list of the classes
# associated with the retrieved configuratiion. Can be loaded in
# the separate ``puppet`` executable using the ``--loadclasses``
# option.
# The default value is '$confdir/classes.txt'.
classfile = $vardir/classes.txt
# Where puppetd caches the local configuration. An
# extension indicating the cache format is added automatically.
# The default value is '$confdir/localconfig'.
localconfig = $vardir/localconfig
[master]
certname = master-192.168.9.157.centos.test.com
#自动认证配置
autosign = /etc/puppet/autosign.conf
#开启自动认证
autosign = true
启动
[root@master-192 puppet]# service puppetmaster start
启动 puppetmaster: [确定]
agent
修改/etc/puppet/puppet.conf,两个agent配置一样。
[root@app-192 ssl]# cat /etc/puppet/puppet.conf
[main]
# The Puppet log directory.
# The default value is '$vardir/log'.
logdir = /puppet_log
# Where Puppet PID files are kept.
# The default value is '$vardir/run'.
rundir = /var/run/puppet
# Where SSL certificates are kept.
# The default value is '$confdir/ssl'.
ssldir = $vardir/ssl
[agent]
# The file in which puppetd stores a list of the classes
# associated with the retrieved configuratiion. Can be loaded in
# the separate ``puppet`` executable using the ``--loadclasses``
# option.
# The default value is '$confdir/classes.txt'.
classfile = $vardir/classes.txt
# Where puppetd caches the local configuration. An
# extension indicating the cache format is added automatically.
# The default value is '$confdir/localconfig'.
localconfig = $vardir/localconfig
server = master-192.168.9.157.centos.test.com
启动
[root@app-192 puppet]# service puppet start
Starting puppet agent: [确定]
查看master的日志,会发现两个agent向master发起认证签名。
在master上查看证书申请
[root@master-192 requests]# puppet cert list --all
+ "app-192.168.9.158.centos.test.com" (SHA256) A9:92:C0:F5:E3:9F:B7:6E:E4:4B:06:E7:E7:C1:93:17:6C:5B:4B:40:9E:E4:7D:2D:0B:5B:4D:B7:D1:25:F9:FE
+ "app-192.168.9.159.centos.test.com" (SHA256) 72:7C:B3:C3:1A:A5:95:B7:F2:D7:2E:69:50:A1:0C:77:C1:E2:55:0F:FF:BD:F1:B8:29:5A:0B:AE:7C:F3:B9:ED
+ "master-192.168.9.157.centos.test.com" (SHA256) AA:AC:3D:FF:E4:50:BC:FF:CA:F7:7D:09:89:79:9F:E9:07:4D:A8:F5:64:23:C2:BA:37:B4:A2:7C:62:3B:9C:28 (alt names: "DNS:master-192.168.9.157.centos.test.com", "DNS:puppet", "DNS:puppet.168.9.157.centos.test.com")
带'+'说明已签发。
到此入门级puppet已经安装好。