puppet的安装

puppet
功能和简介:用于多台服务器的批量管理和部署
需要的包: facter-1.6.18.tar.gz    puppet-2.7.22.tar.gz  (facter包是puppet的依赖包)
步骤:
server-ip:192.168.13.54 域名 www.wyx1.com
client-ip:192.168.13.55 域名 www.wyx2.com

server:
iptables -F
setenforce 0
hostname www.wyx1.com
vim /etc/hosts
192.168.13.54 www.wyx1.com
192.168.13.55 www.wyx2.com

1。时间同步,并写入crontab,服务端和客户端都要做 (有时可以不做)
15 1 ** * /usr/sbin/ntpdate pool.ntp.org; hwclock -w >/dev/null 2>&1

2.安装ruby--puppet是ruby语言编写的
yum install ruby ruby-libs ruby-rdoc -y

3.安装facter
tar xvf facter-1.6.18.tar.gz
cd  facter-1.6.18
ruby install.rb

4.安装puppet
tar xvf puppet-2.7.22.tar.gz
cd puppet-2.7.22
ruby install.rb

5.复制配置文件
cp conf/redhat/fileserver.conf /etc/puppet/
cp conf/redhat/puppet.conf /etc/puppet/
cp conf/redhat/server.init /etc/init.d/puppetmaster

6.设置puppetmaster 服务开机启动
chmod 755 /etc/init.d/puppetmaster
chkconfig --add puppetmaster
chkconfig --level 35 puppetmaster on

7.创建puppet帐号
[[email protected] puppet-2.7.14]# puppetmasterd --mkusers

8.确认是否生成清单文件夹
[[email protected] puppet-2.7.14]# ls -l /etc/puppet/
-rw-r--r-- 1 root root 2552 Sep 3 12:11 auth.conf
-rwxr-xr-x 1 root root 381 Sep 3 12:13 fileserver.conf
drwxr-xr-x 2 root root 4096 Sep 3 12:17 manifests
-rwxr-xr-x 1 root root 853 Sep 3 12:13 puppet.conf

9.确认系统生成puppet用户
[[email protected] puppet-2.7.14]# id puppet
uid=1002(puppet) gid=1002(puppet) groups=1002(puppet)

cat /etc/passwd |grep puppet
puppet:x:1002:1002::/home/puppet:/bin/bash

10.保证/var/lib/puppet/rrd目录存在且属主是puppet
ls -l /var/lib/puppet/
total 36
drwxr-x--- 2 puppet puppet 4096 Sep 3 12:17 bucket
drwxr-xr-x 2 root root 4096 Sep 3 12:17 facts
drwxr-xr-x 2 root root 4096 Sep 3 12:17 lib
drwxr-x--- 2 puppet puppet 4096 Sep 3 12:17 reports
drwxr-x--- 2 puppet puppet 4096 Sep 3 12:17 rrd
drwxr-x--- 2 puppet puppet 4096 Sep 3 12:17 server_data
drwxrwx--x 8 puppet root 4096 Sep 3 12:26 ssl
drwxr-xr-t 2 root root 4096 Sep 3 12:17 state
drwxr-x--- 2 puppet puppet 4096 Sep 3 12:17 yaml

11.查看端口
netstat -Tanlp | grep 8140
tcp 0 0 0.0.0.0:8140 0.0.0.0:* LISTEN 4556/ruby

--------------------------------------------------------------------------------
client

1。时间同步,并写入crontab,服务端和客户端都要做 (有时可以不做)
15 1 ** * /usr/sbin/ntpdate pool.ntp.org; hwclock -w >/dev/null 2>&1

2.安装ruby--puppet是ruby语言编写的
yum install ruby ruby-libs ruby-rdoc -y

3.安装facter
tar xvf facter-1.6.18.tar.gz
cd  facter-1.6.18
ruby install.rb

4.安装puppet
tar xvf puppet-2.7.22.tar.gz
cd puppet-2.7.22
ruby install.rb

5.复制配置文件
[[email protected] puppet-2.7.14]# cp conf/redhat/client.init /etc/init.d/puppet
[[email protected] puppet-2.7.14]# chkconfig --level 35 puppet on
[[email protected] puppet-2.7.14]# puppetd --mkusers
Could not prepare for execution: Got 1 failure(s) while initializing: change from absent to present
failed: Could not create user puppet: Execution of ‘/usr/sbin/useradd -g puppet -M puppet‘ returned 3: useradd:
invalid numeric argument ‘puppet‘

[[email protected] puppet-2.7.14]# groupadd puppet;useradd -g puppet -M puppet
[[email protected] puppet-2.7.14]# chmod 777 /etc/init.d/puppet
[[email protected] puppet-2.7.14]# service puppet start
Starting puppet: [ OK ]

6.测试解析与puppetmaster端口是否畅通

telnet www.wyx1.com 8140
Trying 192.168.13.54...
Connected to www.wyx1.com(192.168.13.54).
Escape character is ‘^]‘.

[[email protected] puppet-2.7.14]# puppetd --test --server www.wyx1.com
warning: peer certificate won‘t be verified in this SSL session
info: Caching certificate for ca
warning: peer certificate won‘t be verified in this SSL session
warning: peer certificate won‘t be verified in this SSL session
info: Creating a new SSL certificate request for client1.info.com
info: Certificate Request fingerprint (md5): 07:C9:D4:43:3C:3E:D6:D1:0A:B1:8B:71:DB:6B:9D:FE
warning: peer certificate won‘t be verified in this SSL session
warning: peer certificate won‘t be verified in this SSL session
warning: peer certificate won‘t be verified in this SSL session
Exiting; no certificate found and waitforcert is disabled

# puppetd --test --server puppetmaster.info.com命令是指puppetd 从 puppetmaster.info.com去读取
puppet配置文件. 第一次连接,双方会进行ssl证书的验证,这是一个新的客户端,在服务器端那里还没有被认证,
因此需要在服务器端进行证书认证

-------------------------------------------------------------------------------
以下这步批准证书是在服务端操作
查看当前待批准证书列表:
[[email protected] ~]# puppetca -l
 www.wyx2.com (07:C9:D4:43:3C:3E:D6:D1:0A:B1:8B:71:DB:6B:9D:FE)

批准当前证书:
[[email protected] ~]# puppetca -s -a
notice: Signed certificate request for client1.info.com
notice: Removing file Puppet::SSL::CertificateRequest client1.info.com at‘/var/lib/puppet/ssl/ca/requests/client1.info.com.pem‘

查看验证签名,注意前面的+号,说明已经签名:
[[email protected] ~]# puppetca -a --list
+ www.wyx2.com (03:BE:50:AE:72:1A:39:79:17:F4:E5:74:FD:CC:BC:8C)
+ www.wyx1.com(97:34:BF:26:A6:0E:E9:9C:DB:76:D3:53:D0:56:60:83) (alt names: DNS:puppet, DNS:puppet.info.com, DNS:puppetmaster.info.com)

回到客户端操作,从服务端取回已批准的证书
puppetd --test --server www.wyx1.com
warning: peer certificate won‘t be verified in this SSL session
info: Caching certificate for client1.info.com
info: Caching certificate_revocation_list for ca
info: Caching catalog for www.wyx2.com
info: Applying configuration version ‘1378188531

功能测试
服务端:
建立pp文件测试
puppet的第一个执行的代码是在/etc/puppet/manifest/site.pp ,因此这个文件必须存在,而且其他的代码也要通过代码来调用.
[[email protected] ~]# vim /etc/puppet/manifests/site.pp
node default {
file {"/tmp/viong.txt":
content=>"good,test pass!\nHello World!\n";}
    }
上面的代码对默认连入的puppet客户端执行一个操作,在/tmp目录生成一个viong.txt文件,内容是good,test pass! 回车换行Hello World!回车换行.

初次创建pp文件,需要重启puppetmaster
[[email protected] ~]# service puppetmaster restart
Stopping puppetmaster: [ OK ]
Starting puppetmaster: [ OK ]

客户端:
[[email protected] puppet-2.7.14]# puppetd --test --server www.wyx1.com
info: Caching catalog for www.wyx2.com
info: Applying configuration version ‘1378190404‘
notice: /Stage[main]//Node[default]/File[/tmp/viong.txt]/ensure: defined content as ‘{md5}4750aa5be82dae5db286a5859700dd51‘
notice: Finished catalog run in 0.03 seconds

8.如果报错

9.[[email protected] puppet-2.7.14]# puppetd --test --server www.wyx1.com
err: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not parse for environment production: Syntax error at end of file; expected ‘}‘ at /etc/puppet/manifests/site.pp:4 on node client1.info.com
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run
可能是/etc/puppet/manifests/site.pp 这个文件书写格式有问题。

在客户端查看:
[[email protected] puppet-2.7.14]# ls -l /tmp/viong.txt
cat /tmp/viong.txt
good,test pass!
Hello World!

排错

1.  连接master的时候出现如下报错:
dnsdomainname: Unknown host
解决办法:检查机器主机名的设置,以及是否添加进hosts。
2.   连接master的时候出现如下报错:
err: Could not request certificate: getaddrinfo: Name or service not known
解决办法:服务器端没有配置hosts域名绑定,在hosts中添加。
3.  连接master的时候出现如下报错:
warning: peer certificate won‘t be verified in this SSL session
解决办法:服务端还没有返回签发证书,使用puppet cert --list查看
4.  连接master的时候出现如下报错:
err: Could not retrieve catalog from remote server: certificate verify failed
解决办法:客户端和服务器端时间不同步,SSL连接需要依赖主机上的时间是否正确。执行更新时间的命令:/sbin/ntpdate asia.pool.ntp.org

5.Puppet错误Run of Puppet configuration client already in progress; skipping解决:
rm -rf /var/lib/puppet/state/puppetdlock

时间: 2024-10-15 07:15:38

puppet的安装的相关文章

puppet初始化安装和配置(puppet自动化系列1)

一.服务器规划 以下均直接yum安装最新版. 服务器操作系统为centos6.2 Puppetmaster1 10.168.32.116 puppstmaster1.jq.com Puppetmaster2 10.168.32.117 puppetmaster2.jq.com Puppet1 10.168.32.120 ag1.jq.com Puppet2 10.168.32.121 ag2.jq.com Puppetca1 10.168.32.118 puppetca1.jq.com Pupp

puppet yum安装配置,简单证书维护

Puppet学习之puppet的安装和配置 一.Puppet简介 Puppet基于ruby语言开发的自动化系统配置工具,可以C/S模式或独立运行,支持对所有UNIX及类UNIX系统的配置管理,最新版本也开始支持对Windows操作系统有限的一些管理.Puppet适用于服务器管的整个过程 ,比如初始安装.配置更新以及系统下线. 二.Puppet的安装 Puppet的安装方式支持源码安装.yum安装以及ruby的gem安装.官网推荐使用yum来安装puppet,方面以后的升级.管理.维护.Cento

Linux puppet的安装配置部署

一.puppet简介 puppet是一个为实现数据中心自动化管理而设计的配置管理软件,能够管理IT基础设施的整个生命周期:供应(provisioning)配置(configuration).联动(orchestration)及报告(reporting).puppet基于C/S架构,类似于zabbiz,有master与agent节点之分.它是一个开源的(谈不上真正的开源,因为有商业版与社区版之分).新一代的.集中化的配置管理工具,由ruby语言研发,它拥有自己的配置语言(PCL,puppet co

[自动化]Puppet服务安装和部署

puppet简介 puppet是一种基于ruby语言开发的Lnux.Unix.windows平台的集中配置管理系统.它使用自有的puppet描述语言,可管理配置文件file.用户user.cron任务.软件包.系统服务等系统实体. puppet依赖于C/S(客户端/服务器)的部署架构.它需要在puppet服务器上安装puppet-server软件包(以下简称master),在需要管理的目标主机上安装puppet客户端软件(以下简称client). 为了保证安全,master和client之间是基

Puppet的安装和初使用

一个人管一百台服务器的时候,就要用到批量处理工具,这样可以把大量无聊重复的任务一口气完成,之前我一直用pssh,因为pssh就是一个类似for in语句的工作原理,但是这玩意不能保证时时同步服务器组的内容,所以在这一点上puppet更牛,也是现代管理中puppet更受青睐的原因. puppet跟 zabbix一样,也是管理员所操作的中心机是"服务器端",需要安装一个puppet-server ,而被操作的那些机器叫"客户端",每台机器都需要安装一个puppet-cl

puppet简单安装

本次安装使用的操作系统环境:Centos6.5 x86_64,puppet3.8.3 ##服务器端 1.修改主机名(很重要) 服务端和各个客户端都要确保域名能正常解析到对应的服务器上! 可用使用DNS服务,这里就使用修改hosts的方式来简化了. #vim /etc/hosts 192.168.0.26   maseter.puppet.com #vim /etc/sysconfig/network 修改HOSTNAME HOSTNAME=maseter.puppet.com 不想重启的话将临时

Puppet的安装和初配置

一.前言: Puppet是Puppet Labs基于ruby语言开发的自动化系统配置工具,可以以C/S模式或独立模式运行,支持对所有UNIX及类UNIX系统的批量配置和管理,最新版本也开始支持对Windows操作系统有限的一些管理. Puppet适用于服务器管理的整个过程,比如初始安装.配置.更新以及系统下线. Puppet原理: Puppet的工作细节分成如下几个步骤:   1.客户端puppetd调用facter,facter会探测出这台主机的一些变量如主机名.内存大小.IP地址等.然后pu

Puppet学习--基础安装和配置

0. 安装环境 客户端IP puppet_client.example.net(192.168.1.10) 服务端IP puppet_server.example.net(192.168.1.11) OS版本 CentOS release 6.6 x86_64 puppet版本 3.7.5 1.预安装配置 需要在服务端和客户端进行一些必要的预安装配置,因此本节下面的命令需要在客户端和服务端均要执行. (1) yum install ruby #安装ruby (2) 修改/etc/hosts,写入

在CentOS 6.4上安装Puppet配置管理工具

在CentOS 6.4上安装Puppet配置管理工具 linux, puppetAdd comments 五052013 上篇说了下在ubuntu12.04上安装puppet,安装的版本为puppet2.7.11版本,今天尝试了下在CentOS6.4系统上安装puppet 3.1.1版本,本文参考chenshake的文章 ? 1 2 3 4 OS:centso 6.4 X64 Puppet 3.1.1 Puppet master: master.canghai.com Puppet client