在ubuntu14.10上安装puppet 3.6.1管理工具
0.预安装(所有master和agent都要配置):
1、 安装gcc(如果是最新版的ubuntu,该步可以省略):
2、 安装ruby:
sudo apt-get install ruby-full
3、 修改主机名以及域名:
Master:
vi /etc/hostname
查看ip:
Ip为192.168.40.130
vi /etc/hosts
注意,我们在master上面需要添加master的ip域名绑定、所有agent的ip域名绑定。而每一个agent上面只需要添加自己的和master的即可。
Agent:
vi /etc/hostname
查看ip:
Ip为:192.168.40.131
vi /etc/hosts
1.正式安装puppet
1.分别在master以及client上配置:
Master:
(1)安装puppet,puppetmaster,facter:
apt-get installpuppet puppetmaster facter
(2)配置puppet:
①、在/etc/puppet/puppet.conf文件的[master]中添加certname:
②、创建并配置/etc/puppet/mainfetst/site.pp
touch/etc/puppet/manifests/site.pp
③、配置防火墙
iptables-A INPUT -p tcp -m state --state NEW --dport 8140 -j ACCEPT
④、保存:
⑤、启动puppetmaster:
Agent:
(1)、只安装puppet,facter:
apt-get installpuppet facter
(2)、编辑puppet.conf
certname
server
report
pluginsync
(3)、修改/etc/default/puppet
然后重启服务:
(4)、创建:site.pp
2.客户端和服务器端建立通信:
1. agent01向master01发起认证请求:
puppet agent--server=master01.example.com --no-daemonize --verbose
在master01上面列出当前请求认证者的hostname:
让master01认证指定的agent01:
认证后,client的公钥放在文件夹/var/lib/puppet/ssl/ca/signed/
查看证书:
之后,就可以在master上面的site.pp文件上修改内容进行配置了,如果要使客户端更新,只需要在agent上运行命令:puppet agent –test
3.常见问题
1.如果遇到:
杀掉进程,然后重启:
Enable一下:
2.插件
将pluginsync注释取消:
3. root@mater01:/home/lizhen# puppet master--verbose --no-daemonize
Notice: Starting Puppet master version 3.6.1
Info: access[^/catalog/([^/]+)$]: allowing 'method' findInfo:access[^/catalog/([^/]+)$]: allowing 'method' find
Info: access[^/catalog/([^/]+)$]: allowing $1 access
Info: access[^/node/([^/]+)$]: allowing 'method' find
Info: access[^/node/([^/]+)$]: allowing $1 access
Info: access[/certificate_revocation_list/ca]: allowing 'method'find
Info: access[^/catalog/([^/]+)$]: allowing $1 access
Info: access[/certificate_revocation_list/ca]: allowing * access
Info: access[^/node/([^/]+)$]: allowing 'method' find
Info: access[^/report/([^/]+)$]: allowing 'method' save
Info: access[^/node/([^/]+)$]: allowing $1 access
Info: access[^/report/([^/]+)$]: allowing $1 access
Info: access[/certificate_revocation_list/ca]: allowing 'method'find
Info: access[/file]: allowing * access
Info: access[/certificate/ca]: adding authentication anyInfo:access[/certificate_revocation_list/ca]: allowing * access
Info: access[^/report/([^/]+)$]: allowing 'method' save
Info: access[^/report/([^/]+)$]: allowing $1 access
Info: access[/certificate/ca]: allowing 'method' find
Info: access[/file]: allowing * access
Info: access[/certificate/ca]: adding authentication any
Info: access[/certificate/ca]: allowing * access
Info: access[/certificate/ca]: allowing 'method' find
Info: access[/certificate/]: adding authentication any
Info: access[/certificate/ca]: allowing * access
Info: access[/certificate/]: allowing 'method' find
Info: access[/certificate/]: adding authentication any
Info: access[/certificate/]: allowing * access
Info: access[/certificate_request]: adding authentication anyInfo:access[/certificate/]: allowing 'method' find
Info: access[/certificate/]: allowing * access
Info: access[/certificate_request]: allowing 'method' find
Info: access[/certificate_request]: adding authentication any
Info: access[/certificate_request]: allowing 'method' save
Info: access[/certificate_request]: allowing * access
Info: access[/certificate_request]: allowing 'method' find
Info: access[/certificate_request]: allowing 'method' save
Info: access[/v2.0/environments]: allowing 'method' find
Info: access[/certificate_request]: allowing * access
Info: access[/v2.0/environments]: allowing * access
Info: access[/v2.0/environments]: allowing 'method' find
Info: access[/]: adding authentication any
Info: access[/v2.0/environments]: allowing * access
Info: Inserting default '/status' (auth true) ACL
Info: access[/]: adding authentication any
Info: Inserting default '/status' (auth true) ACL
Info: Not Found: Could not find certificate agent01.example.com
Info: Not Found: Could not find certificate agent01.example.com
Info: Not Found: Could not find certificate agent01.example.com
Info: Not Found: Could not find certificate agent01.example.com
解决方法:
rm -f /var/lib/puppet/ssl/certs/*
rm -f /var/lib/puppet/ssl/certificate_requests/*
rm -f/var/lib/puppet/ssl/crl.pem
[main]
logdir=/var/log/puppet
vardir=/var/lib/puppet
ssldir=/var/lib/puppet/ssl
rundir=/var/run/puppet
factpath=$vardir/lib/facter
prerun_command=/etc/puppet/etckeeper-commit-pre
postrun_command=/etc/puppet/etckeeper-commit-post
[master]
# These are needed when the puppetmaster is run by passenger
# and can safely be removed if webrick is used
ssl_client_header = SSL_CLIENT_S_DN
ssl_client_verify_header = SSL_CLIENT_VERIFY
certname=master01.example.com
4.agent端
这个问题主要出现在agent自动更新需要前端显示的时候,我们只需要将原来的agent进程kill掉,然后在以no-daemonize方式运行。
在重新启动即可:
4.其他
在master上面吊销证书:
puppet cert revokeagent01.example.com
删除证书:
puppet cert --cleanagent01.example.com
然后在agent上对应删除证书:
5.测试
(1) agent被动更新:(以master向agent推送指定命令为例)
master上面配置site.pp
在agent上面进行更新:
(2)agent主动更新(以将master上面的指定文件推送到agent上的指定位置为例)
Master上面的文件:
在master上创建/etc/puppet/fileserver.conf,并编辑:([files]可以指定一个模块,代指master上面的某个路径,并且可以任意添加):
在master上配置site.pp:
然后在agent上配置/etc/puppet/puppet.conf:listen以及runinterval
在agent上暂时关闭agent进程,以no-daemonize方式运行:
可以看到是每隔10秒更新一次
下面是几个脚本的例子:(注意:需要在master上的site.pp上编写)
node 'agent02.example.com'{
file{
"/tmp/test4.txt":
owner=>"root",
group=>"root",
mode => 777,
source=>"puppet:///files/test4.txt";
}
}
扫一扫
65
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
