【Puppet】安装配置Puppet

一、参考链接

阿里巴巴开源镜像站-OPSX镜像站-阿里云开发者社区

puppet镜像-puppet下载地址-puppet安装教程-阿里巴巴开源镜像站

序 | Puppet运维实战 (gitbooks.io)

二、Puppet介绍

Puppet是IT自动化的行业标准。 以一种简单而强大的方式管理和自动化更多的基础架构和复杂的工作流。

三、Puppet安装

安装准备

master和node端

# 修改主机名
hostnamectl set-hostname master

#配置域名解析
 vim /etc/hosts
192.168.200.11  master
192.168.200.12  node

#关闭防火墙
systemctl stop firewalld
systemctl disable firewalld

#关闭SELinux安全模式
setenforce 0
sed -i 's/SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config

#配置时间同步
yum install -y ntpdate
ntpdate ntp1.aliyun.com

#配置CentOS镜像源
curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo

sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo

#更新YUM源
yum clean all
yum makecache

#升级系统
yum update

安装master端

安装、配置并使用Puppet | Puppet运维实战

https://puppet.com/

# 安装阿里云仓库
rpm -ivh https://mirrors.aliyun.com/puppet/yum/puppetlabs-release-el-7.noarch.rpm

# 安装Puppet-server、puppet和facter
yum install -y puppet puppet-server facter

# 备份配置文件
cp /etc/puppet/puppet.conf{,.bak} 

# 配置puppet.conf
[root@master puppet]# vim puppet.conf
[root@master puppet]# cat puppet.conf
[main]
    # The Puppet log directory.
    # The default value is '$vardir/log'.
    logdir = /var/log/puppet

    # Where Puppet PID files are kept.
    # The default value is '$vardir/run'.
    rundir = /var/run/puppet

    # Where SSL certificates are kept.
    # The default value is '$confdir/ssl'.
    ssldir = $vardir/ssl

[agent]
    # The file in which puppetd stores a list of the classes
    # associated with the retrieved configuratiion.  Can be loaded in
    # the separate ``puppet`` executable using the ``--loadclasses``
    # option.
    # The default value is '$confdir/classes.txt'.
    classfile = $vardir/classes.txt

    # Where puppetd caches the local configuration.  An
    # extension indicating the cache format is added automatically.
    # The default value is '$confdir/localconfig'.
    localconfig = $vardir/localconfig
    server = master
    certname = node

[master]
    certname = master
[root@master puppet]# 

# 启动puppetmaster服务
systemctl start puppetmaster
systemctl enable puppetmaster
systemctl status puppetmaster

# 查看本地证书情况
# puppetmaster第一次启动会自动生成证书自动注册自己
[root@master puppet]# tree /var/lib/puppet/ssl/
/var/lib/puppet/ssl/
├── ca
│   ├── ca_crl.pem
│   ├── ca_crt.pem
│   ├── ca_key.pem
│   ├── ca_pub.pem
│   ├── inventory.txt
│   ├── private
│   │   └── ca.pass
│   ├── requests
│   ├── serial
│   └── signed
│       └── master.pem
├── certificate_requests
├── certs
│   ├── ca.pem
│   └── master.pem
├── crl.pem
├── private
├── private_keys
│   └── master.pem
└── public_keys
    └── master.pem

9 directories, 13 files
[root@master puppet]# 

# 查看监听状态
# puppetmaster服务开启后，默认监听TCP 8140端口
[root@master puppet]# netstat -nlatp | grep 8140
tcp        0      0 0.0.0.0:8140            0.0.0.0:*               LISTEN      1396/ruby 
[root@master puppet]# lsof -i:8140
COMMAND  PID   USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
puppet  1396 puppet    8u  IPv4  24447      0t0  TCP *:8140 (LISTEN)

安装node端

# 安装准备步骤相同

# 安装阿里云仓库
rpm -ivh https://mirrors.aliyun.com/puppet/yum/puppetlabs-release-el-7.noarch.rpm

# 安装puppet和facter
yum install puppet facter

# 配置puppet.conf
[root@node ~]# cp /etc/puppet/puppet.conf{,.bak}    #备份配置文件
[root@node ~]# cat /etc/puppet/puppet.conf        
[main]
    # The Puppet log directory.
    # The default value is '$vardir/log'.
    logdir = /var/log/puppet        #默认日志存放路径

    # Where Puppet PID files are kept.
    # The default value is '$vardir/run'.
    rundir = /var/run/puppet        #pid存放路径

    # Where SSL certificates are kept.
    # The default value is '$confdir/ssl'.
    ssldir = $vardir/ssl             #证书存放目录，默认$vardir为/var/lib/puppet

[agent]
    # The file in which puppetd stores a list of the classes
    # associated with the retrieved configuratiion.  Can be loaded in
    # the separate ``puppet`` executable using the ``--loadclasses``
    # option.
    # The default value is '$confdir/classes.txt'.
    classfile = $vardir/classes.txt

    # Where puppetd caches the local configuration.  An
    # extension indicating the cache format is added automatically.
    # The default value is '$confdir/localconfig'.
    localconfig = $vardir/localconfig
    server = master        #指向puppetmaster端
    certname = node        #设置自己的certname名


# 开启puppet服务
systemctl start puppet
systemctl enable puppet

Node端向Master端发起认证

# 通过调试模式启动节点向Puppetmaster端发起认证
[root@node ~]# puppet agent --test
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for node
Info: Applying configuration version '1645352953'
Notice: Finished catalog run in 0.01 seconds

# 服务器端确定认证
[root@master ~]# puppet cert --list --all    #查看认证情况
  "node"   (SHA256) 6F:FC:CF:DB:1F:F1:B4:91:C7:8B:48:DE:64:A1:8D:D9:24:27:4B:B9:A9:72:5C:0E:6D:3F:A3:0B:B7:37:87:AE #未认证
+ "master" (SHA256) 87:C4:5B:16:2A:13:E1:D0:B0:58:63:2F:F1:87:98:6D:B6:A4:5D:9B:65:92:D8:72:38:45:FF:2A:18:FD:BA:41    #带+表示已经注册成功
[root@master ~]#

[root@master ~]# puppet cert --sign node    #注册node
Notice: Signed certificate request for node
Notice: Removing file Puppet::SSL::CertificateRequest node at '/var/lib/puppet/ssl/ca/requests/node.pem'
[root@master ~]#

[root@master ~]# puppet cert --list --all   #再次查看认证情况
+ "master" (SHA256) 87:C4:5B:16:2A:13:E1:D0:B0:58:63:2F:F1:87:98:6D:B6:A4:5D:9B:65:92:D8:72:38:45:FF:2A:18:FD:BA:41
+ "node"   (SHA256) 35:B1:01:AA:28:DF:76:AA:B2:67:BE:D4:5C:C1:90:3C:C2:68:44:9A:BA:F3:DD:96:2B:37:6E:9E:85:11:E3:E1


[root@master ~]# tree /var/lib/puppet/ssl/    #另外一种查看认证的方式
/var/lib/puppet/ssl/
├── ca
│   ├── ca_crl.pem
│   ├── ca_crt.pem
│   ├── ca_key.pem
│   ├── ca_pub.pem
│   ├── inventory.txt
│   ├── private
│   │   └── ca.pass
│   ├── requests
│   ├── serial
│   └── signed
│       ├── master.pem
│       └── node.pem
├── certificate_requests
│   └── node.pem
├── certs
│   ├── ca.pem
│   ├── master.pem
│   └── node.pem
├── crl.pem
├── private
├── private_keys
│   ├── master.pem
│   └── node.pem
└── public_keys
    ├── master.pem
    └── node.pem

9 directories, 18 files