puppet安装

一. 安装

1. 安装源

#163系统基础源

wget http://mirrors.163.com/.help/CentOS6-Base-163.repo -P /etc/yum.repos.d/

rhel 6.0 sohu源

[sohu]

name = sohu

baseurl = http://mirrors.sohu.com/centos/6/os/x86_64/

enabled = 1

gpgcheck = 0

http://mirrors.sohu.com/centos/7.0.1406/os/x86_64/

#puppet官方源

rhel7 :

rpm -Uvh http://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm

rhel 6:

rpm -Uvh http://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-10.noarch.rpm

rhel 5:

rpm -Uvh http://yum.puppetlabs.com/el/5/products/x86_64/puppetlabs-release-5-1.noarch.rpm

安装中报错及解决：

1.Requires: ruby（selinux）

wget http://download.longgeek.com/Puppet_for_rhel6.2/libselinux-ruby-2.0.94-5.2.el6.x86_64.rpm

wget http://people.redhat.com/dwalsh/SELinux/RHEL6/x86_64/libselinux-ruby-2.0.94-5.2.el6.x86_64.rpm

2.Requires: rubygems

wget http://rpmfind.net/linux/centos/6.3/os/x86_64/Packages/rubygems-1.3.7-1.el6.noarch.rpm

3.Requires: ruby-rdoc

wget http://download.longgeek.com/Puppet_for_rhel6.2/ruby-rdoc-1.8.7.352-3.el6.x86_64.rpm

#以下网站可统一下载所有依赖包：

http://download.longgeek.com/Puppet_for_rhel6.2/

#服务端安装

yum install puppet puppet-server

#客户端安装

yum install puppet

二. 客户端连接测试：

1.服务端配置：

#新建主配置文件：

cat /etc/puppet/manifests/site.pp 

import "nodes.pp"

#新建节点默认配置文件（用于连接客户端测试）：

#以下配置文件，将在所有客户端上新建一个/tmp/test 文件，内容为“hello\n”,文件权限为“ 0644”

cat /etc/puppet/manifests/nodes.pp 

node default {

file{

        "/tmp/test":

        content=>"hello\n",

        mode=>0644;

}

}

#开启puppet服务：

/etc/init.d/puppetmaster start

#启动后会开启8140端口
netstat –ntlp 
tcp  0  0   0.0.0.0:8140     0.0.0.0:*     LISTEN      3127/ruby  

#让puppet服务开机启动
chkconfig puppetmaster on

2.客户端

#申请连接到服务端的SSL证书

puppet agent --server master_hostname --test
Info: Caching certificate for ca
Info: Creating a new SSL certificate request for client.com
Info: Certificate Request fingerprint (SHA256): 2E:7F:F1:FA:43:FC:B7:6B:7CE:15:31:C0:73:46:A6:40:02:E9:74:FF:1B9C:C283:2B:6E:29:45:64
Exiting; no certificate found and waitforcert is disabled

#这时在服务端查看客户端申请请求：

 puppet cert –-list

#服务端向客户端颁发证书 

puppet cert –s clinet_hostname

4. 证书颁发后可在/var/lib/puppet/ssl/ca/signed 中 可以看到颁发的证书

3. 验证服务端与客户端是连接是否正常：在客户端执行：

[root@node2 /]# puppet agent --server puppet.paidui.cn --test

Info: Caching certificate for node2.paidui.cn

Info: Caching certificate_revocation_list for ca

Info: Retrieving plugin

Info: Caching catalog for node2.paidui.cn

Info: Applying configuration version '1363779682'

Notice: /Stage[main]//Node[default]/File[/tmp/test]/ensure: defined content as '{md5}b1946ac92492d2347c6235b4d2611184'

Info: Creating state file /var/lib/puppet/state/state.yaml

Notice: Finished catalog run in 0.06 seconds

#执行完成后，/etc/tmp/test  文件已经建立，表示成功。

Error: Could not request certificate: Could not write C:/ProgramData/PuppetLabs/

puppet/etc/ssl/private_keys/web-211.pem to privatekeydir: invalid byte sequence

in US-ASCII

PF大神分享：

http://note.youdao.com/share/?id=a0ba9354124551e375116bede22774f6&type=note

转载于:https://blog.51cto.com/winchoo/1607248