[root@master2 ~]# puppet config print environment
production
[root@master2 ~]#
[root@master2 ~]# puppet agent --configprint environment
production
[root@master1 puppet]# vim autosign.conf
*.com
重启服务:[root@master1 puppet]# systemctl restart puppetmaster
清除证书:
[root@master1 puppet]# puppet cert clean master2.com
客户端删除证书:
[root@master2 ~]# rm -rf /var/lib/puppet/ssl/*
客户端连接:
[root@master2 ~]# puppet agent --server=master1.com --no-daemonize --verbose
Info: Creating a new SSL key for master2.com
Info: Caching certificate for ca
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for master2.com
Info: Certificate Request fingerprint (SHA256): 0C:E7:25:E3:C3:62:26:F3:A7:35:65:10:9E:53:0F:F0:A1:18:22:AC:D7:AE:EF:6D:C0:78:DE:B1:FB:77:93:5D
Info: Caching certificate for master2.com
Info: Caching certificate_revocation_list for ca
Info: Caching certificate for ca
Notice: Starting Puppet client version 3.8.4
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for master2.com
Info: Applying configuration version '1514001433'
Notice: Finished catalog run in 2.33 seconds
[root@master2 ~]# puppet config print | grep listen
listen = false
开启:
[root@master2 ~]# vim /etc/puppet/puppet.conf
[agent]
listen = true
重启服务:
[root@master2 ~]# systemctl restart puppetagent
[root@master2 ~]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:8139 *:*
[root@master2 ~]# vim /etc/puppet/namespaceauth.conf
[root@master2 ~]# vim /etc/puppet/namespaceauth.conf
[puppetrunner]
allow master1.com
[root@master2 ~]# vim /etc/puppet/auth.conf
path /run
method save
allow master1.com
# deny everything else; this ACL is not strictly necessary, but
# illustrates the default policy.
path /
auth any
[root@master2 ~]# systemctl restart puppetagent
[root@master1 puppet]# mkdir -pv /etc/puppet/modules/varnish/{manifests,files,templates,lib,tests,spec}
mkdir: created directory ‘/etc/puppet/modules/varnish’
mkdir: created directory ‘/etc/puppet/modules/varnish/manifests’
mkdir: created directory ‘/etc/puppet/modules/varnish/files’
mkdir: created directory ‘/etc/puppet/modules/varnish/templates’
mkdir: created directory ‘/etc/puppet/modules/varnish/lib’
mkdir: created directory ‘/etc/puppet/modules/varnish/tests’
mkdir: created directory ‘/etc/puppet/modules/varnish/spec’
[root@master1 puppet]# vim /etc/puppet/modules/varnish/manifests/init.pp
class varnish {
package{'varnish':
ensure => latest,
}
}
在master端的站点清单申明新定义的类:
[root@master1 puppet]# vim /etc/puppet/manifests/site.pp
node "master2.com" {
include varnish
include nginx::proxy
}
重启服务:
[root@master1 puppet]# systemctl restart puppetmaster
[root@master1 puppet]# puppet kick master2.com
Warning: Puppet kick is deprecated. See http://links.puppetlabs.com/puppet-kick-deprecation
Warning: Failed to load ruby LDAP library. LDAP functionality will not be available
Triggering master2.com
Getting status
status is success
master2.com finished with exit code 0
Finished
[root@master2 ~]# tail /var/log/puppet/http.log
20:07:ab:88:68:a9:cd:ba:86:c2:70:d9:22:5d:e8:3a:ad:1e:
d4:ab:f2:f1:a5:04:43:a7:29:75:24:f0:56:84:dc:e0:77:1c:
43:a3:5f:2e:37:28:d4:90:9f:14:3c:30:c1:e0:cf:72:68:a3:
ba:2a:c8:c6:db:68:b9:67:9d:de:63:f1:89:50:b9:07:d7:93:
85:e7:84:29:cb:fa:61:31:52:05:5d:e0:ca:36:2d:eb:f0:3e:
03:72:7d:03:8f:a4:e5:2e:b3:c3:ee:5c:f0:4d:7d:ce:e2:65:
86:4d:f6:cb:e4:49:bc:f2
[2017-12-23 12:28:21] INFO WEBrick::HTTPServer#start: pid=3737 port=8139
[2017-12-23 12:30:08] 10.201.106.131 - - [23/Dec/2017:12:30:08 CST] "PUT /production/run/master2.com HTTP/1.1" 200 84
[2017-12-23 12:30:08] - -> /production/run/master2.com
[root@master2 ~]#
转载于:https://blog.51cto.com/zhongle21/2089231