RedHat6.5 puppet配置(二)- 服务端与客户端部署配置
雷晋
puppet服务安装配置方案
RedHat 6.5 YUM源(epel)分发的puppet版本为2.7.26,而我们需要的是puppet 3系列最新版本3.8.4,因此不能直接通过redhat 6.5 的yum源进行安装。为安装服务版本要求的puppet可以实现的方案:
- 配置官方提供的版本源,然后YUM源安装
- 下载相应的RPM包,直接通过RPM包进行安装
- 下载相应版本的源代码,通过编译源代码安装
本文档通过 [方案一] 配置官方提供的版本源,然后YUM源安装配置。
节点互联网连接代理设置
由于我的测试环境不能直接与互联网连接,需要配置代理上网。如果已经具有互联网连接权限就不用配置了
[root@puppet-master opt]# export http_proxy=10.59.63.224:3128puppet软件源配置
# 下载puppet软件源设置rpm包
[root@puppet-master ~]# wget http://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-11.noarch.rpm
# 配置puppet软件源
[root@puppet-master ~]# rpm -ivh puppetlabs-release-6-11.noarch.rpm
# 查看puppet repo设置内容
[root@puppet-master yum.repos.d]# cat puppetlabs.repo
[puppetlabs-products]
name=Puppet Labs Products El 6 - $basearch
baseurl=http://yum.puppetlabs.com/el/6/products/$basearch
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-puppetlabs
enabled=1
gpgcheck=1
[puppetlabs-xxx] # xxx=[deps,devel,products-source,deps-source,devel-source]
...[root@puppet-master ~]# yum clean all
[root@puppet-master ~]# yum makecache查看puppet版本信息
[root@puppet-master ~]# yum info puppet-server
Name : puppet-server
Version : 3.8.4
Summary : Server for the puppet system management tool
[root@puppet-master ~]# yum info puppet
Name : puppet
Version : 3.8.4
Summary : A network tool for managing many disparate systems
[root@puppet-master ~]# yum info puppet-dashboard
Name : puppet-dashboard
Version : 1.2.23
Summary : Systems Management web applicationpuppet服务端安装配置(puppet master)
安装ruby
[root@puppet-master ~]# yum -y install ruby
[root@puppet-master ~]# yum -y install ruby-rdoc
# 如下不用做,可能因为版本太高反而有问题,下面的过程会给出问题output
# 根据要求配置rubygems-1.3.7版本。
[root@puppet-master ~]# wget https://rubygems.org/rubygems/rubygems-2.5.0.zip
[root@puppet-master ~]# unzip rubygems-2.5.0.zip;cd rubygems-2.5.0
[root@puppet-master rubygems-2.5.0]# ruby setup.rb安装puppet服务端软件puppet-master以及相关依赖
[root@puppet-master ~]# yum install puppet-server
...
Error: Package: rubygem-json-1.5.5-3.el6.x86_64 (puppetlabs-deps)
Requires: rubygems >= 1.3.7
# 前面已经安装了rubygems 2.5.0了啊,为何还是报这个错误一致没有弄明白,难道是版本太高了,
# 然后就去找rubygems 1.3.7 rpm来安装,还真解决了
[root@puppet-master ~]# yum install -y http://mirrors.163.com/centos/6.7/os/x86_64/Packages/rubygems-1.3.7-5.el6.noarch.rpm
[root@puppet-master ~]# yum install puppet-server
=================================================================================================================================================================================================================
Package Arch Version Repository Size
=================================================================================================================================================================================================================
Installing:
puppet-server noarch 3.8.4-1.el6 puppetlabs-products 24 k
Installing for dependencies:
augeas-libs x86_64 1.0.0-5.el6 rhel-source 308 k
facter x86_64 1:2.4.4-1.el6 puppetlabs-products 99 k
hiera noarch 1.3.4-1.el6 puppetlabs-products 23 k
libselinux-ruby x86_64 2.0.94-5.3.el6_4.1 rhel-source 99 k
puppet noarch 3.8.4-1.el6 puppetlabs-products 1.6 M
ruby-augeas x86_64 0.4.1-3.el6 puppetlabs-deps 21 k
ruby-shadow x86_64 1:2.2.0-2.el6 puppetlabs-deps 13 k
rubygem-json x86_64 1.5.5-3.el6 puppetlabs-deps 763 k
Transaction Summary
=================================================================================================================================================================================================================启动puppet服务
[root@puppet-master ~]# chkconfig --list |grep puppet
puppet 0:off 1:off 2:off 3:off 4:off 5:off 6:off
puppetmaster 0:off 1:off 2:off 3:off 4:off 5:off 6:off
[root@puppet-master ~]# chkconfig puppet on
[root@puppet-master ~]# chkconfig puppetmaster on
[root@puppet-master ~]# service puppet start
[root@puppet-master ~]# service puppetmaster start
#puppet master服务端口默认为8140
[root@puppet-master ~]# netstat -nlatp | grep 8140
tcp 0 0 0.0.0.0:8140 0.0.0.0:* LISTEN 17991/rubypuppet客户端安装配置(puppet client)
安装ruby
[root@glusterfs01|02|03 ~]# yum -y install ruby
[root@glusterfs01|02|03 ~]# yum -y install ruby-rdoc
[root@glusterfs01|02|03 ~]# yum install -y http://mirrors.163.com/centos/6.7/os/x86_64/Packages/rubygems-1.3.7-5.el6.noarch.rpm安装puppet客户端软件puppet
[root@glusterfs01|02|03 ~]# yum -y install puppet启动puppet客户端
[root@glusterfs01|02|03 ~]# chkconfig --list |grep puppet
puppet 0:off 1:off 2:off 3:off 4:off 5:off 6:off
[root@glusterfs01|02|03 ~]# chkconfig puppet on
[root@glusterfs01|02|03 ~]# service puppet startpuppet客户端配置
修改/etc/puppet/puppet.conf,指定master服务器
[root@glusterfs01|02|03 ~]# cat /etc/puppet/puppet.conf
[main]
...
[agent]
...
localconfig = $vardir/localconfig
server = puppet-master.example.com
# 重启puppet客户端服务
[root@glusterfs01|02|03 ~]# service puppet restartpuppet服务端查看,前面没有 + 表示尚未认证
[root@puppet-master ~]# puppet cert list --all
"glusterfs01.example.com" (SHA256) FC:5F:58:C9:89:F2:A6:D0:6E:72:E6:86:7F:63:FF:F1:4E:7B:87:37:11:F3:71:9B:87:D8:79:52:DD:EB:7C:A1
"glusterfs02.example.com" (SHA256) F2:72:C7:94:E0:4C:F7:66:1F:F4:E5:B7:9A:62:DC:9F:4E:1E:E3:09:67:68:14:D8:17:0C:D1:E6:B1:E3:1D:92
"glusterfs03.example.com" (SHA256) 6B:FC:10:84:E0:D1:B4:21:F9:78:E4:77:9C:F6:3D:F7:7B:B5:37:31:7D:AA:3C:42:56:30:07:81:47:A8:4D:C9
+ "puppet-master.example.com" (SHA256) 4A:3E:E0:25:D5:A8:39:37:1A:37:59:56:2C:73:BC:86:3C:48:8C:E3:D0:10:38:DE:03:7A:BC:EE:56:50:E1:6C (alt names: "DNS:puppet", "DNS:puppet-master.example.com", "DNS:puppet.example.com")puppet客户端与服务端的认证证书签发
如上一节最后在puppet服务端查看认证列表 puppet cert list 显示尚未认证。puppet认证方式多种,可以手动逐条认证,也可以配置自动认证,我们先看下手动认证模式如何操作。下一篇研究下puppet认证相关内容。
[root@puppet-master ~]# puppet cert --sign glusterfs01.example.com
Notice: Signed certificate request for glusterfs01.example.com
Notice: Removing file Puppet::SSL::CertificateRequest glusterfs01.example.com at '/var/lib/puppet/ssl/ca/requests/glusterfs01.example.com.pem'查看下认证结果
[root@puppet-master ~]# puppet cert list --all
"glusterfs02.example.com" (SHA256) F2:72:C7:94:E0:4C:F7:66:1F:F4:E5:B7:9A:62:DC:9F:4E:1E:E3:09:67:68:14:D8:17:0C:D1:E6:B1:E3:1D:92
"glusterfs03.example.com" (SHA256) 6B:FC:10:84:E0:D1:B4:21:F9:78:E4:77:9C:F6:3D:F7:7B:B5:37:31:7D:AA:3C:42:56:30:07:81:47:A8:4D:C9
+ "glusterfs01.example.com" (SHA256) 3F:96:D8:AC:8B:F3:27:63:9D:2B:28:DC:4A:58:81:91:FF:DA:A8:90:A8:39:10:DA:88:FF:00:60:B0:6E:E9:4D
+ "puppet-master.example.com" (SHA256) 4A:3E:E0:25:D5:A8:39:37:1A:37:59:56:2C:73:BC:86:3C:48:8C:E3:D0:10:38:DE:03:7A:BC:EE:56:50:E1:6C (alt names: "DNS:puppet", "DNS:puppet-master.example.com", "DNS:puppet.example.com")
类似资料: