Puppet简介
puppet是一种Linux、Unix、windows平台的集中配置管理系统,使用自有的puppet描述语言,可管理配置文件、用户、cron任务、软件包、系统服务等。puppet把这些系
统实体称之为资源,puppet的设计目标是简化对这些资源的管理以及妥善处理资源间的依赖关系。puppet采用C/S星状的结构,所有的客户端和一个或几个服务器交互。每
个客户端周期的(默认半个小时)向服务器发送请求,获得其最新的配置信息,保证和该配置信息同步。每个puppet客户端每半小时(可以设置)连接一次服务器端, 下载最新的配置文件,并且严格按照配置文件来配置服务器. 配置完成以后,puppet客户端可以反馈给服务器端一个消息. 如果出错,也会给服务器端反馈一个消息.
一、安装前的设置
1、主机名设置server和client端相同
[root@localhost ~]# cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
192.168.1.117 server.puppet.com server
192.168.1.119 client.puppet.com
2、时间的同步
[root@client ~]# yum install ntp -y
[root@server ~]# ntpdate pool.ntp.org
11 Mar 18:22:05 ntpdate[13039]: step time server 218.75.4.130 offset 28799.024489 sec
[root@server ~]# service ntpd start
Starting ntpd: [ OK ]
3、centos默认的yum源是不带puppet安装包的,所以升级epel
[root@server ~]# rpm -Uvh http://dl.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm
Retrieving http://dl.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm
warning: /var/tmp/rpm-xfer.zyChLd: Header V3 DSA signature: NOKEY, key ID 217521f6
Preparing...
########################################### [100%]
1:epel-release
########################################### [100%]
puppet server端的配置
开始安装puppet server
[root@server ~]# yum install -y puppet-server facter ruby ruby-libs ruby-shadow
修改puppet server端的配置文件
[root@localhost puppet]# cat /etc/puppet/puppet.conf | grep -v ^# | grep -v ^$
[main]
logdir = /var/log/puppet
rundir = /var/run/puppet
ssldir = $vardir/ssl
autosign=true
server=server.puppet.com
[agent]
classfile = $vardir/classes.txt
localconfig = $vardir/localconfig
[root@server ~]# service puppetmaster start ####服务端重启检测
Starting puppetmaster: [ OK ]
[root@server ~]# ps -ef | grep puppet
puppet 7268 1 2 15:25 ? 00:00:01 /usr/bin/ruby
/usr/sbin/puppetmasterd
root 7274 7003 0 15:25 pts/0 00:00:00 grep puppet
[root@localhost puppet]# netstat -tunlp | grep 8140
tcp 0 0 0.0.0.0:8140 0.0.0.0:* LISTEN 8244/ruby
puppet客户端配置
[root@client ~]# uname -a
Linux client.puppet.com 2.6.18-308.el5 #1 SMP Tue Feb 21 20:05:41 EST 2012 i686 i686 i386 GNU/Linux
[root@client ~]# cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 client.puppet.com client
192.168.1.117 server.puppet.com
[root@client ~]# yum install ntp -y
[root@client ~]# service ntpd start
Starting ntpd: [ OK ]
[root@client ~]# ntpdate pool.ntp.org ###时间同步
11 Mar 18:22:05 ntpdate[13039]: step time server 218.75.4.130 offset 28799.024489 sec
修改client端的yum源
[root@client ~]# rpm -Uvh
http://dl.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm
Retrieving http://dl.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm
warning: /var/tmp/rpm-xfer.D9B24U: Header V3 DSA signature: NOKEY, key ID
217521f6
Preparing...
########################################### [100%]
1:epel-release
########################################### [100%]
[root@client ~]# yum install puppet facter ruby ruby-libs ruby-shadow -y
……
……
……
客户端启动并生成认证
[root@client ~]# /etc/init.d/puppet start ###客户端的重启
Starting puppet: [ OK ]
[root@localhost ssl]# puppet agent -t
info: Caching certificate for ca
info: Creating a new SSL certificate request for localhost.localdomain
info: Certificate Request fingerprint (md5): 77:EB:FB:B1:2B:17:1B:EC:49:7B:F6:AE:18:07:89:E6
info: Caching certificate for localhost.localdomain
notice: Ignoring --listen on onetime run
info: Caching certificate_revocation_list for ca
info: Caching catalog for localhost.localdomain
info: Applying configuration version '1394537138'
info: Creating state file /var/lib/puppet/state/state.yaml
notice: Finished catalog run in 0.18 seconds
master 端查看签发的证书列表
[root@server ssl]# puppet cert list --all
+ "localhost.localdomain" (58:B7:86:98:96:9E:C2:35:E7:BA:E6:11:A1:87:F8:8E)
+ "server.puppet.com" (4B:1D:A8:E4:98:2E:A3:59:F8:05:BB:A5:1F:80:43:3D) (alt names: "DNS:puppet", "DNS:puppet.puppet.com", "DNS:server.puppet.com")
+ 表示已经获得签名
- 表示证书被注销
表示未获得证书