本文详细介绍Puppet自动化部署的全过程,包括安装配置Puppet Server及Client两端,通过具体步骤展示如何实现客户端与服务端的安全连接。
安装
安装前准备
安装依赖包
# yum install ruby ruby-libs ruby-rdoc
配置puppet Server端hostname
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.10.200.78 eucahgc.hgctech.com eucahgc
10.10.200.77 db.hgctech.com db
10.10.200.215 linux-nfs.hgctech.com linux-nfs
10.10.200.172 centos6-mysql-172.hgctech.com centos6-mysql-172
[root@db manifests]# vi /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=db.hgctech.com
配置Puppet Client端hostname
[root@centos6-mysql-172 ~]# vi /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.10.200.172 centos6-mysql-172.hgctech.com centos6-mysql-172
10.10.200.77 db.hgctech.com db
[root@centos6-mysql-172 ~]# vi /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=centos6-mysql-172.hgctech.com
配置ntp
#chkconfig ntpd on
#service ntpd start
#ntpdate -u pool.ntp.org
配置防火墙
# service iptables stop
iptables: Flushing firewall rules: [ OK ]
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Unloading modules: [ OK ]
安装facter
#wget http://downloads.puppetlabs.com/facter/facter-1.7.3.tar.gz
#tar -zxvf facter-1.7.3.tar.gz
#cd facter-1.7.3
#ruby install.rb
安装puppet Server端
#wget http://downloads.puppetlabs.com/puppet/puppet-3.3.2.tar.gz
#tar -zxvf puppet-3.3.2.tar.gz
#cd puppet-3.3.2
#ruby install.rb
配置puppet
#cp ext/redhat/fileserver.conf /etc/puppet/
#cp ext/redhat/puppet.conf /etc/puppet/
#cp ext/redhat/server.init /etc/init.d/puppetmaster#chmod a+x /etc/init.d/puppetmaster
#chkconfig --add puppetmaster
#chkconfig puppetmaster on
修改puppet.conf配置文件
[main]
# The Puppet log directory.
# The default value is '$vardir/log'.
logdir = /var/log/puppet
# Where Puppet PID files are kept.
# The default value is '$vardir/run'.
rundir = /var/run/puppet
# Where SSL certificates are kept.
# The default value is '$confdir/ssl'.
ssldir = $vardir/ssl
server = db.hgctech.com
certname = db.hgctech.com
pluginsync=false
[agent]
# The file in which puppetd stores a list of the classes
# associated with the retrieved configuratiion. Can be loaded in
# the separate ``puppet`` executable using the ``--loadclasses``
# option.
# The default value is '$confdir/classes.txt'.
classfile = $vardir/classes.txt
# Where puppetd caches the local configuration. An
# extension indicating the cache format is added automatically.
# The default value is '$confdir/localconfig'.
localconfig = $vardir/localconfig
创建puppet所需的用户组以及用户
puppet resource group puppet ensure=present
puppet resource user puppet ensure=present gid=puppet shell='/sbin/nologin'
启动puppet
[root@db puppet-3.3.2]# service puppetmaster start
Starting puppetmaster: [ OK ]
安装puppet Client端
#wget http://downloads.puppetlabs.com/puppet/puppet-3.3.2.tar.gz
#tar -zxvf puppet-3.3.2.tar.gz
#cd puppet-3.3.2
#ruby install.rb
配置puppet
#cp ext/redhat/client.init /etc/init.d/puppet
#chmod a+x /etc/init.d/puppet
#cp ext/redhat/puppet.conf /etc/puppet/
#chkconfig --add puppet
#chkconfig puppet on
修改puppet.conf配置文件
[main]
# The Puppet log directory.
# The default value is '$vardir/log'.
logdir = /var/log/puppet
# Where Puppet PID files are kept.
# The default value is '$vardir/run'.
rundir = /var/run/puppet
# Where SSL certificates are kept.
# The default value is '$confdir/ssl'.
ssldir = $vardir/ssl
pluginsync=false
server = db.hgctech.com
[agent]
# The file in which puppetd stores a list of the classes
# associated with the retrieved configuratiion. Can be loaded in
# the separate ``puppet`` executable using the ``--loadclasses``
# option.
# The default value is '$confdir/classes.txt'.
classfile = $vardir/classes.txt
# Where puppetd caches the local configuration. An
# extension indicating the cache format is added automatically.
# The default value is '$confdir/localconfig'.
localconfig = $vardir/localconfig
启动puppet client
[root@centos6-mysql-172 ~]# service puppet start
Starting puppet agent: [ OK ]
连接puppet server
在client执行
[root@centos6-mysql-172 ~]# puppet agent --test
Info: Creating a new SSL key for centos6-mysql-172.hgctech.com
Info: Caching certificate for ca
Info: Creating a new SSL certificate request for centos6-mysql-172.hgctech.com
Info: Certificate Request fingerprint (SHA256): 4E:A9:15:AE:38:13:2F:B0:B9:09:44:A5:BB:C1:CD:AE:21:26:DC:1E:D6:4B:FB:7B:29:D8:93:8E:D3:A1:F2:AE
Exiting; no certificate found and waitforcert is disabled
在server端添加该客户端
查看该客户端的认证信息
[root@db puppet-3.3.2]# puppet cert list -all
"centos6-mysql-172.hgctech.com" (SHA256) 4E:A9:15:AE:38:13:2F:B0:B9:09:44:A5:BB:C1:CD:AE:21:26:DC:1E:D6:4B:FB:7B:29:D8:93:8E:D3:A1:F2:AE
+ "db.hgctech.com" (SHA256) 13:D5:FE:12:A0:50:5D:BE:FF:B6:1F:E2:06:51:50:CB:4B:B5:37:9F:F3:48:65:0D:01:5D:EC:CC:0C:75:01:48 (alt names: "DNS:db.hgctech.com", "DNS:puppet", "DNS:puppet.hgctech.com")
+ "eucahgc" (SHA256) B4:4A:9E:A5:36:A9:BB:98:77:00:BE:F9:FA:47:02:34:F8:DA:D5:A7:A5:B0:6A:76:2F:96:D2:CC:2E:10:20:37
+ "linux-nfs.hgctech.com" (SHA256) 10:20:37:0F:A4:03:5B:DD:BD:29:C0:67:57:65:B6:CA:A9:61:CE:BA:88:1E:40:1E:6C:B9:13:A7:39:3E:45:95
添加该客户端
[root@db puppet-3.3.2]# puppet cert sign centos6-mysql-172.hgctech.com
Notice: Signed certificate request for centos6-mysql-172.hgctech.com
Notice: Removing file Puppet::SSL::CertificateRequest centos6-mysql-172.hgctech.com at '/var/lib/puppet/ssl/ca/requests/centos6-mysql-172.hgctech.com.pem'
在客户端重新验证是否成功
[root@centos6-mysql-172 ~]# puppet agent -t
Info: Caching certificate for centos6-mysql-172.hgctech.com
Info: Caching certificate_revocation_list for ca
Info: Caching catalog for centos6-mysql-172.hgctech.com
Info: Applying configuration version '1385359029'
Info: Creating state file /var/lib/puppet/state/state.yaml
Notice: Finished catalog run in 0.05 seconds
扫一扫
16
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
