[root@master1 puppet]# yum -y install puppet-server-3.8.4-1.el7.noarch.rpm
[root@master1 puppet]# rpm -ql puppet-server
/etc/puppet/environments
/etc/puppet/environments/example_env
/etc/puppet/environments/example_env/README.environment
/etc/puppet/environments/example_env/manifests
/etc/puppet/environments/example_env/modules
/etc/puppet/fileserver.conf
/etc/puppet/manifests
/usr/lib/systemd/system/puppetmaster.service
/usr/share/man/man8/puppet-ca.8.gz
/usr/share/man/man8/puppet-master.8.gz
[root@master1 ~]# puppet config print
[root@master1 ~]# puppet doc --list
configuration - A reference for all settings
function - All functions available in the parser
indirection - Indirection types and their terminus classes
metaparameter - All Puppet metaparameters and all their details
providers - Which providers are valid for this machine
report - All available transaction reports
type - All Puppet resource types and all their details
[root@master1 ~]# puppet doc -r configuration
[root@master1 ~]# puppet doc -r type
[root@master1 ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.201.106.21 node1.com node1
10.201.106.22 node2.com node2
10.201.106.23 node3.com node3
10.201.106.24 node4.com node4
10.201.106.131 master1.com master1
10.201.106.132 master2.com master2
10.201.106.133 master3.com master3
10.201.106.134 master4.com master4
[root@master1 ~]# puppet master -v --no-daemonize
Info: Creating a new SSL key for ca
Info: Creating a new SSL certificate request for ca
Info: Certificate Request fingerprint (SHA256): 54:35:74:46:41:CD:4F:87:6F:03:79:C7:3A:76:B2:B7:CD:A0:7C:58:0C:66:CA:83:28:77:C9:BA:1E:BA:08:8A
Notice: Signed certificate request for ca
Info: Creating a new certificate revocation list
Info: Creating a new SSL key for master1.master1.com
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for master1.master1.com
Info: Certificate Request fingerprint (SHA256): F5:2A:6A:A1:EF:03:EF:D1:81:EE:1A:8C:B8:25:14:C6:2B:45:30:21:7C:BA:81:9F:24:64:73:53:6A:56:DC:D2
Notice: master1.master1.com has a waiting certificate request
Notice: Signed certificate request for master1.master1.com
Notice: Removing file Puppet::SSL::CertificateRequest master1.master1.com at '/var/lib/puppet/ssl/ca/requests/master1.master1.com.pem'
Notice: Removing file Puppet::SSL::CertificateRequest master1.master1.com at '/var/lib/puppet/ssl/certificate_requests/master1.master1.com.pem'
Notice: Starting Puppet master version 3.8.4
[root@master1 ~]# ls /var/lib/puppet/ssl/
ca certificate_requests certs crl.pem private private_keys public_keys
[root@master1 ~]# rm -rf /var/lib/puppet/ssl/*
[root@master1 ~]# ls /usr/lib/systemd/system/puppet*
/usr/lib/systemd/system/puppetagent.service /usr/lib/systemd/system/puppet.service
/usr/lib/systemd/system/puppetmaster.service
[root@master1 ~]# systemctl start puppetmaster.service
[root@master1 ~]# ss -tnlp | more 8140
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:8140 *:* users:(("puppet",pid=200
06,fd=8))
[root@master2 puppet]# yum install -y puppet-3.8.4-1.el7.noarch.rpm facter-2.4.1-1.el7.x86_64.rpm
[root@master2 puppet]# puppet agent --server=master1.com --no-daemonize --noop --test --verbose
Info: Creating a new SSL key for master2.master2.com
Info: Caching certificate for ca
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for master2.master2.com
Info: Certificate Request fingerprint (SHA256): 10:35:2B:3E:D3:AA:8C:9D:52:A7:34:CF:6B:7F:26:74:80:04:92:E1:FA:86:00:3A:BF:0D:5B:34:F0:AC:D0:F6
Info: Caching certificate for ca
Exiting; no certificate found and waitforcert is disabled
[root@master2 puppet]# puppet agent --server=master1.com --no-daemonize --verbose
查看待签署证书:
[root@master1 ~]# puppet cert list
"master2.master2.com" (SHA256) 10:35:2B:3E:D3:AA:8C:9D:52:A7:34:CF:6B:7F:26:74:80:04:92:E1:FA:86:00:3A:BF:0D:5B:34:F0:AC:D0:F6
[root@master1 ~]#
签署agent节点证书:
[root@master1 ~]# puppet cert sign master2.master2.com
Notice: Signed certificate request for master2.master2.com
Notice: Removing file Puppet::SSL::CertificateRequest master2.master2.com at '/var/lib/puppet/ssl/ca/requests/master2.master2.com.pem'
agent连接(注意时间同步,如果失败重新签署证书,时间同步,hosts解析检查,需要*.com在前面,参考http://www.minunix.com/2014/05/puppet-faq02/):
[root@master2 ~]# puppet agent --server=master1.com --no-daemonize --verbose
[root@master2 ~]# puppet agent --server=master1.com --no-daemonize --verbose
Info: Caching certificate for master2.com
Info: Caching certificate_revocation_list for ca
Info: Caching certificate for master2.com
Notice: Starting Puppet client version 3.8.4
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for master2.com
Info: Applying configuration version '1513926001'
Info: Creating state file /var/lib/puppet/state/state.yaml
Notice: Finished catalog run in 0.03 seconds
[root@master2 ~]# systemctl start puppetagent.service
[root@master1 ~]# puppet cert list --all
+ "master1.com" (SHA256) CA:B2:28:A9:7F:5E:7E:BB:06:68:44:7D:31:0D:31:BD:7B:96:29:67:56:DA:1E:AF:0A:E5:98:B7:45:98:A2:AD (alt names: "DNS:master1.com", "DNS:puppet", "DNS:puppet.com")
+ "master2.com" (SHA256) B7:23:B6:07:81:F8:6D:E9:E6:92:48:4B:F5:68:FA:24:7B:45:E8:1F:31:AC:3F:49:B0:E4:11:6A:B9:CB:03:16
[root@master1 ~]# puppet cert clean master2.com
Notice: Revoked certificate with serial 16
Notice: Removing file Puppet::SSL::Certificate master2.com at '/var/lib/puppet/ssl/ca/signed/master2.com.pem'
Notice: Removing file Puppet::SSL::Certificate master2.com at '/var/lib/puppet/ssl/certs/master2.com.pem'
[root@master1 ~]#
客户端删除证书:
[root@master2 ~]# rm -rf /var/lib/puppet/ssl/*
客户端重新请求:
[root@master2 ~]# puppet agent --server=master1.com --no-daemonize --verbose
master端签署证书:
[root@master1 ~]# puppet cert sign master2.com
Notice: Signed certificate request for master2.com
Notice: Removing file Puppet::SSL::CertificateRequest master2.com at '/var/lib/puppet/ssl/ca/requests/master2.com.pem'
查看已有模块:
[root@master1 ~]# puppet module list
显示模块路径:
[root@master1 ~]# puppet config print modulepath
/etc/puppet/modules:/usr/share/puppet/modules
设置模块路径:
[root@master1 manifests]# pwd
/etc/puppet/manifests
[root@master1 manifests]# vim site.pp
node "master2.com" {
include nginx::proxy
}
重启master服务:
[root@master1 manifests]# systemctl restart puppetmaster.service
agent端测试运行,不真正执行:
[root@master2 ~]# puppet agent --server=master1.com --no-daemonize --verbose --noop
Notice: Starting Puppet client version 3.8.4
Info: Caching certificate_revocation_list for ca
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for master2.com
Info: Applying configuration version '1513967443'
Notice: /Stage[main]/Nginx::Proxy/File[/etc/nginx/nginx.conf]/ensure: current_value absent, should be file (noop)
Info: /Stage[main]/Nginx::Proxy/File[/etc/nginx/nginx.conf]: Scheduling refresh of Service[nginx]
Notice: Class[Nginx::Proxy]: Would have triggered 'refresh' from 1 events
Notice: /Stage[main]/Nginx/Package[nginx]/ensure: current_value absent, should be latest (noop)
Notice: /Stage[main]/Nginx/Service[nginx]/ensure: current_value stopped, should be running (noop)
Info: /Stage[main]/Nginx/Service[nginx]: Unscheduling refresh on Service[nginx]
Notice: Class[Nginx]: Would have triggered 'refresh' from 2 events
Notice: Stage[main]: Would have triggered 'refresh' from 2 events
Notice: Finished catalog run in 0.92 seconds
报错是因为配置文件顺序写错了,应该先安装程序包,再提供配置文件,最后启动服务:
或者用requit解决:
class nginx::webserver inherits nginx {
file{'/etc/nginx/nginx.conf':
source => 'puppet:///modules/nginx/nginx_web.conf',
ensure => file,
notify => Service['nginx'],
require => Package['nginx'],
}
}
class nginx::proxy inherits nginx {
file{'/etc/nginx/nginx.conf':
content => template('nginx/nginx_proxy.conf.erb'),
ensure => file,
notify => Service['nginx'],
require => Package['nginx'],
}
}
[root@master2 ~]# puppet agent --server=master1.com --no-daemonize --verbose
Notice: Starting Puppet client version 3.8.4
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for master2.com
Info: Applying configuration version '1513967443'
Info: Computing checksum on file /etc/nginx/nginx.conf
Info: /Stage[main]/Nginx::Proxy/File[/etc/nginx/nginx.conf]: Filebucketed /etc/nginx/nginx.conf to puppet with sum 93bc8e01bfd45e7e18b23acc178ae25b
Notice: /Stage[main]/Nginx::Proxy/File[/etc/nginx/nginx.conf]/content: content changed '{md5}93bc8e01bfd45e7e18b23acc178ae25b' to '{md5}0efa2f8bb50f170b0cf039c626dd25e3'
Info: /Stage[main]/Nginx::Proxy/File[/etc/nginx/nginx.conf]: Scheduling refresh of Service[nginx]
Notice: /Stage[main]/Nginx/Service[nginx]/ensure: ensure changed 'stopped' to 'running'
Info: /Stage[main]/Nginx/Service[nginx]: Unscheduling refresh on Service[nginx]
Notice: Finished catalog run in 4.18 seconds
正式运行:
[root@master2 ~]# systemctl start puppetagent.service
转载于:https://blog.51cto.com/zhongle21/2089230