【Puppet】安裝配置Puppet

一、參考鏈接

阿里巴巴開(kāi)源鏡像站-OPSX鏡像站-阿里云開(kāi)發(fā)者社區(qū)

puppet鏡像-puppet下載地址-puppet安裝教程-阿里巴巴開(kāi)源鏡像站

序 | Puppet運(yùn)維實(shí)戰(zhàn) (gitbooks.io)

二、Puppet介紹

Puppet是IT自動(dòng)化的行業(yè)標(biāo)準(zhǔn)。 以一種簡(jiǎn)單而強(qiáng)大的方式管理和自動(dòng)化更多的基礎(chǔ)架構(gòu)和復(fù)雜的工作流。

三、Puppet安裝

安裝準(zhǔn)備

master和node端

 # 修改主機(jī)名
 hostnamectl set-hostname master
 
 #配置域名解析
  vim /etc/hosts
 192.168.200.11  master
 192.168.200.12  node
 
 #關(guān)閉防火墻
 systemctl stop firewalld
 systemctl disable firewalld
 
 #關(guān)閉SELinux安全模式
 setenforce 0
 sed -i 's/SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config
 
 #配置時(shí)間同步
 yum install -y ntpdate
 ntpdate ntp1.aliyun.com
 
 #配置CentOS鏡像源
 curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
 
 sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo
 
 #更新YUM源
 yum clean all
 yum makecache
 
 #升級(jí)系統(tǒng)
 yum update

安裝master端

安裝、配置并使用Puppet | Puppet運(yùn)維實(shí)戰(zhàn)

https://puppet.com/

 # 安裝阿里云倉(cāng)庫(kù)
 rpm -ivh https://mirrors.aliyun.com/puppet/yum/puppetlabs-release-el-7.noarch.rpm
 
 # 安裝Puppet-server、puppet和facter
 yum install -y puppet puppet-server facter
 
 # 備份配置文件
 cp /etc/puppet/puppet.conf{,.bak} 
 
 # 配置puppet.conf
 [root@master puppet]# vim puppet.conf
 [root@master puppet]# cat puppet.conf
 [main]
  # The Puppet log directory.
  # The default value is '$vardir/log'.
  logdir = /var/log/puppet
 
  # Where Puppet PID files are kept.
  # The default value is '$vardir/run'.
  rundir = /var/run/puppet
 
  # Where SSL certificates are kept.
  # The default value is '$confdir/ssl'.
  ssldir = $vardir/ssl
 
 [agent]
  # The file in which puppetd stores a list of the classes
  # associated with the retrieved configuratiion.  Can be loaded in
  # the separate ``puppet`` executable using the ``--loadclasses``
  # option.
  # The default value is '$confdir/classes.txt'.
  classfile = $vardir/classes.txt
 
  # Where puppetd caches the local configuration.  An
  # extension indicating the cache format is added automatically.
  # The default value is '$confdir/localconfig'.
  localconfig = $vardir/localconfig
  server = master
  certname = node
 
 [master]
  certname = master
 [root@master puppet]# 
 
 # 啟動(dòng)puppetmaster服務(wù)
 systemctl start puppetmaster
 systemctl enable puppetmaster
 systemctl status puppetmaster
 
 # 查看本地證書(shū)情況
 # puppetmaster第一次啟動(dòng)會(huì)自動(dòng)生成證書(shū)自動(dòng)注冊(cè)自己
 [root@master puppet]# tree /var/lib/puppet/ssl/
 /var/lib/puppet/ssl/
 ├── ca
 │   ├── ca_crl.pem
 │   ├── ca_crt.pem
 │   ├── ca_key.pem
 │   ├── ca_pub.pem
 │   ├── inventory.txt
 │   ├── private
 │   │   └── ca.pass
 │   ├── requests
 │   ├── serial
 │   └── signed
 │       └── master.pem
 ├── certificate_requests
 ├── certs
 │   ├── ca.pem
 │   └── master.pem
 ├── crl.pem
 ├── private
 ├── private_keys
 │   └── master.pem
 └── public_keys
  └── master.pem
 
 9 directories, 13 files
 [root@master puppet]# 
 
 # 查看監(jiān)聽(tīng)狀態(tài)
 # puppetmaster服務(wù)開(kāi)啟后,默認(rèn)監(jiān)聽(tīng)TCP 8140端口
 [root@master puppet]# netstat -nlatp | grep 8140
 tcp        0      0 0.0.0.0:8140            0.0.0.0:*               LISTEN      1396/ruby 
 [root@master puppet]# lsof -i:8140
 COMMAND  PID   USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
 puppet  1396 puppet    8u  IPv4  24447      0t0  TCP *:8140 (LISTEN)

安裝node端

 # 安裝準(zhǔn)備步驟相同
 
 # 安裝阿里云倉(cāng)庫(kù)
 rpm -ivh https://mirrors.aliyun.com/puppet/yum/puppetlabs-release-el-7.noarch.rpm
 
 # 安裝puppet和facter
 yum install puppet facter
 
 # 配置puppet.conf
 [root@node ~]# cp /etc/puppet/puppet.conf{,.bak}  #備份配置文件
 [root@node ~]# cat /etc/puppet/puppet.conf 
 [main]
  # The Puppet log directory.
  # The default value is '$vardir/log'.
  logdir = /var/log/puppet  #默認(rèn)日志存放路徑
 
  # Where Puppet PID files are kept.
  # The default value is '$vardir/run'.
  rundir = /var/run/puppet  #pid存放路徑
 
  # Where SSL certificates are kept.
  # The default value is '$confdir/ssl'.
  ssldir = $vardir/ssl       #證書(shū)存放目錄,默認(rèn)$vardir為/var/lib/puppet
 
 [agent]
  # The file in which puppetd stores a list of the classes
  # associated with the retrieved configuratiion.  Can be loaded in
  # the separate ``puppet`` executable using the ``--loadclasses``
  # option.
  # The default value is '$confdir/classes.txt'.
  classfile = $vardir/classes.txt
 
  # Where puppetd caches the local configuration.  An
  # extension indicating the cache format is added automatically.
  # The default value is '$confdir/localconfig'.
  localconfig = $vardir/localconfig
  server = master  #指向puppetmaster端
  certname = node  #設(shè)置自己的certname名

 # 開(kāi)啟puppet服務(wù)
 systemctl start puppet
 systemctl enable puppet

Node端向Master端發(fā)起認(rèn)證

 # 通過(guò)調(diào)試模式啟動(dòng)節(jié)點(diǎn)向Puppetmaster端發(fā)起認(rèn)證
 [root@node ~]# puppet agent --test
 Info: Retrieving pluginfacts
 Info: Retrieving plugin
 Info: Caching catalog for node
 Info: Applying configuration version '1645352953'
 Notice: Finished catalog run in 0.01 seconds
 
 # 服務(wù)器端確定認(rèn)證
 [root@master ~]# puppet cert --list --all  #查看認(rèn)證情況
  "node"   (SHA256) 6F:FC:CF:DB:1F:F1:B4:91:C7:8B:48:DE:64:A1:8D:D9:24:27:4B:B9:A9:72:5C:0E:6D:3F:A3:0B:B7:37:87:AE #未認(rèn)證
 + "master" (SHA256) 87:C4:5B:16:2A:13:E1:D0:B0:58:63:2F:F1:87:98:6D:B6:A4:5D:9B:65:92:D8:72:38:45:FF:2A:18:FD:BA:41  #帶+表示已經(jīng)注冊(cè)成功
 [root@master ~]#
 
 [root@master ~]# puppet cert --sign node  #注冊(cè)node
 Notice: Signed certificate request for node
 Notice: Removing file Puppet::SSL::CertificateRequest node at '/var/lib/puppet/ssl/ca/requests/node.pem'
 [root@master ~]#
 
 [root@master ~]# puppet cert --list --all   #再次查看認(rèn)證情況
 + "master" (SHA256) 87:C4:5B:16:2A:13:E1:D0:B0:58:63:2F:F1:87:98:6D:B6:A4:5D:9B:65:92:D8:72:38:45:FF:2A:18:FD:BA:41
 + "node"   (SHA256) 35:B1:01:AA:28:DF:76:AA:B2:67:BE:D4:5C:C1:90:3C:C2:68:44:9A:BA:F3:DD:96:2B:37:6E:9E:85:11:E3:E1
 
 
 [root@master ~]# tree /var/lib/puppet/ssl/  #另外一種查看認(rèn)證的方式
 /var/lib/puppet/ssl/
 ├── ca
 │   ├── ca_crl.pem
 │   ├── ca_crt.pem
 │   ├── ca_key.pem
 │   ├── ca_pub.pem
 │   ├── inventory.txt
 │   ├── private
 │   │   └── ca.pass
 │   ├── requests
 │   ├── serial
 │   └── signed
 │       ├── master.pem
 │       └── node.pem
 ├── certificate_requests
 │   └── node.pem
 ├── certs
 │   ├── ca.pem
 │   ├── master.pem
 │   └── node.pem
 ├── crl.pem
 ├── private
 ├── private_keys
 │   ├── master.pem
 │   └── node.pem
 └── public_keys
  ├── master.pem
  └── node.pem
 
 9 directories, 18 files
?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請(qǐng)聯(lián)系作者
【社區(qū)內(nèi)容提示】社區(qū)部分內(nèi)容疑似由AI輔助生成,瀏覽時(shí)請(qǐng)結(jié)合常識(shí)與多方信息審慎甄別。
平臺(tái)聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點(diǎn),簡(jiǎn)書(shū)系信息發(fā)布平臺(tái),僅提供信息存儲(chǔ)服務(wù)。

相關(guān)閱讀更多精彩內(nèi)容

友情鏈接更多精彩內(nèi)容