系统环境:Centos 6.7
根据系统加入PuppetLabs官方源
wget http://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-7.noarch.rpm
rpm -ivh puppetlabs-release-6-7.noarch.rpmmaster端安装
yum install -y ruby facter puppet-server
[main]
# The Puppet log directory.
# The default value is '$vardir/log'.
logdir = /var/log/puppet
# Where Puppet PID files are kept.
# The default value is '$vardir/run'.
rundir = /var/run/puppet
# Where SSL certificates are kept.
# The default value is '$confdir/ssl'.
ssldir = $vardir/ssl
[agent]
# The file in which puppetd stores a list of the classes
# associated with the retrieved configuratiion. Can be loaded in
# the separate ``puppet`` executable using the ``--loadclasses``
# option.
# The default value is '$confdir/classes.txt'.
classfile = $vardir/classes.txt
# Where puppetd caches the local configuration. An
# extension indicating the cache format is added automatically.
# The default value is '$confdir/localconfig'.
localconfig = $vardir/localconfig
server = puppet # 服务器名称
[master]
certname = puppet # puppetmaster认证服务器名称
#修改配置
vim /etc/puppet/puppet.conf
启动服务
service puppet start
service puppetmaster start
加入开启启动
chkconfig puppet on
chkconfig puppetmaster on
[root@puppet ~]# puppet cert --list -all # 带“+”表明注册成功
+ "puppet" (SHA256) 41:CB:D2:51:8D:B1:48:6E:6E:97:CD:EE:5A:36:DB:F8:66:9B:F9:BB:57:F9:18:4C:11:3D:4E:0A:4E:9C:8F:04安装Agent客户端
#绑定hosts
vim /etc/hosts
192.168.0.1 puppet
yum install -y puppet facter
[main]
# The Puppet log directory.
# The default value is '$vardir/log'.
logdir = /var/log/puppet
# Where Puppet PID files are kept.
# The default value is '$vardir/run'.
rundir = /var/run/puppet
# Where SSL certificates are kept.
# The default value is '$confdir/ssl'.
ssldir = $vardir/ssl
[agent]
# The file in which puppetd stores a list of the classes
# associated with the retrieved configuratiion. Can be loaded in
# the separate ``puppet`` executable using the ``--loadclasses``
# option.
# The default value is '$confdir/classes.txt'.
classfile = $vardir/classes.txt
# Where puppetd caches the local configuration. An
# extension indicating the cache format is added automatically.
# The default value is '$confdir/localconfig'.
localconfig = $vardir/localconfig
server = puppet # 设置puppetmaster# Agent发送身份验证
[root@api ~]# puppet agent -t
Info: Creating a new SSL key for api
Info: Caching certificate for ca
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for api
Info: Certificate Request fingerprint (SHA256): 1B:71:9D:C6:09:F6:84:14:A2:23:3F:89:77:4F:16:DB:20:CD:B8:F7:1A:F0:90:54:13:ED:5A:9B:8E:AD:40:3E
Info: Caching certificate for ca
Exiting; no certificate found and waitforcert is disabled
# Master 查看请求验证
[root@puppet ~]# puppet cert --sign --list
"api" (SHA256) 1B:71:9D:C6:09:F6:84:14:A2:23:3F:89:77:4F:16:DB:20:CD:B8:F7:1A:F0:90:54:13:ED:5A:9B:8E:AD:40:3E
# Master 通过客户端认证
[root@puppet ~]# puppet cert --sign api
Notice: Signed certificate request for api
Notice: Removing file Puppet::SSL::CertificateRequest api at '/var/lib/puppet/ssl/ca/requests/api.pem'
# 查看 Master 认证机器
[root@puppet ~]# puppet cert list --all
+ "api" (SHA256) 6C:A7:50:6A:29:CD:09:A9:CA:0E:0F:84:81:33:97:34:C9:0E:CC:D2:A3:2D:52:F5:25:64:C3:98:A0:02:E6:07
+ "puppet" (SHA256) 41:CB:D2:51:8D:B1:48:6E:6E:97:CD:EE:5A:36:DB:F8:66:9B:F9:BB:57:F9:18:4C:11:3D:4E:0A:4E:9C:8F:04
# Agent 测试认证后结果
[root@api ~]# puppet agent -t
Info: Caching certificate for api
Info: Caching certificate_revocation_list for ca
Info: Caching certificate for api
Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: undefined method `include?' for nil:NilClass
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for api
Info: Applying configuration version '1510131350'
Info: Creating state file /var/lib/puppet/state/state.yaml
Notice: Finished catalog run in 0.03 seconds
721
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
