puppet工具使用2:安装测试
服务端:192.168.1.101 puppet-server
客户端:192.168.1.102 puppet-client
OS:RHEL5.7 64bit(Linux version 2.6.18-274.el5)
一、安装前环境准备(服务端puppet-server为例)
1、添加puppet用户:
[root@puppet-server ~]# groupadd puppet
[root@puppet-server ~]# useradd -g puppet -s /bin/false -M puppet
2、修改hosts文件:
[root@puppet-server ~]# cat /etc/hosts
192.168.1.101 puppet-server
192.168.1.102 puppet-client
hostname验证
[root@puppet-server ~]# hostname
puppet-server
[root@puppet-server ~]# ping puppet-client
3、安装ruby:puppet是基于ruby开发的,所以必须安装ruby
[root@puppet-server ~]# rpm -qa |grep ruby
ruby-1.8.5-19.el5_6.1
ruby-libs-1.8.5-19.el5_6.1
可以使用yum安装(详见yum配置参考)
4、安装facter:facter是官方wiki提到的必须安装的一个包,用来搜集当前安装系统的环境变量信息的。
[root@puppet-server opt]# ll /opt
-rw-r--r-- 1 root root 71295 Oct 22 17:59 facter-1.5.8.tar.gz
[root@puppet-server opt]# tar -zxvf facter-1.5.8.tar.gz
[root@puppet-server opt]# cd facter-1.5.8
[root@puppet-server facter-1.5.8]# ruby install.rb
[root@puppet-server facter-1.5.8]# cd ~
[root@puppet-server ~]# facter
执行facter可以看到facter获取的变量名和内容
5、在客户端puppet-client也执行上述安装。
二、puppet安装(服务端puppet-server为例)
1、puppet安装
[root@puppet-server opt]# ll /opt
-rw-r--r-- 1 root root 1492177 Oct 22 18:00 puppet-2.6.1.tar.gz
[root@puppet-server opt]# tar -zxvf puppet-2.6.1.tar.gz
[root@puppet-server opt]# cd puppet-2.6.1
[root@puppet-server puppet-2.6.1]# ruby install.rb
[root@puppet-server puppet-2.6.1]# mkdir -p /etc/puppet
[root@puppet-server puppet-2.6.1]# cp conf/redhat/* /etc/puppet/
将配置文件拷贝到/etc/puppet下
2、验证安装是否成功:
[root@puppet-server puppet-2.6.1]# puppet master
[root@puppet-server puppet-2.6.1]# ps -ef |grep puppet
puppet 4394 1 0 10:23 ? 00:00:00 /usr/bin/ruby /usr/sbin/puppetmasterd
root 4533 3117 0 11:18 pts/0 00:00:00 grep puppet
[root@puppet-server puppet-2.6.1]# kill -9 4394
3、在客户端puppet-client也执行上述安装。
4、服务端的服务设置并自启动
[root@puppet-server ~]# cp /etc/puppet/server.init /etc/init.d/puppetmasterd
[root@puppet-server ~]# chmod 755 /etc/init.d/puppetmasterd
[root@puppet-server ~]# chkconfig --add puppetmasterd
[root@puppet-server ~]# chkconfig --level 35 puppetmasterd on
[root@puppet-server ~]# service puppetmaster abc
puppetmaster: unrecognized service
[root@puppet-server ~]# service puppetmasterd abc
Usage:/etc/init.d/puppetmasterd {start|stop|status|restart|reload|force-reload|condrestart|genconfig}
[root@puppet-server ~]# service puppetmasterd start
默认端口8140
[root@puppet-server ~]# netstat -anp |grep 8140
tcp 0 0 0.0.0.0:8140 0.0.0.0:* LISTEN 4394/ruby
三、证书审批
1、 客户端申请证书
[root@puppet-client ~]# telnet puppet-server 8140
Trying 192.168.1.101...
Connected to puppet-server (192.168.1.101).
Escape character is '^]'.
Connection closed by foreign host.
[root@puppet-client ~]# puppetd --test --server puppet-server
2、 服务端接受申请
[root@puppet-server ~]# puppetca –list
puppet-client
批准当前证书:
[root@puppet-server ~]# puppetca -s puppet-client
notice: Signed certificate request for puppet-client
notice: Removing file Puppet::SSL::CertificateRequest puppet-client at '/var/lib/puppet/ssl/ca/requests/ puppet-client.pem'
3、 客户端取回已通过审批的证书
[root@puppet-client ~]# puppetd --test --server puppet-server
warning: peer certificate won't be verified in this SSL session
info: Caching certificate for puppet-client
info: Caching certificate_revocation_list for ca
info: Caching catalog for puppet-client
info: Applying configuration version '1287374005'
info: Creating state file /var/lib/puppet/state/state.yaml
notice: Finished catalog run in 0.01 seconds
4、 如果需要重新审批证书,需要删除服务端和客户端已有的证书,重新生成
[root@puppet-server ~]# rm -f /var/lib/puppet/ssl/ca/signed/puppet-client.pem
[root@puppet-client ~]# rm -rf /var/lib/puppet/ssl/
四、测试功能
1、 在服务端建立一个/etc/puppet/manifests/site.pp文件
[root@puppet-server ~]# cat /etc/puppet/manifests/site.pp
node default {
file {"/tmp/puppettest.txt":
content=>"I'm puppettest";}
}
第一次建立这个site.pp 文件需要重启puppet服务
[root@puppet-server ~]# service puppetmasterd restart
2、 在客户端执行
[root@puppet-client ~]# puppetd --test --server puppet-server
在/tmp下已经生成服务端site.pp定义的文件:
[root@puppet-client ~]# cat /tmp/puppettest.txt
I'm puppettest
五、客户端配置守护进程
[root@puppet-client ~]# puppetd --test --server caotest-1.cym --verbose --waitforcert 60
--server 告诉它master结点的ip,--waitforcert是说每60秒去server检查,--verbose是可选的输出冗余信息
至此,puppet安装测试完毕!
转载于:https://blog.51cto.com/panamao/1034698