欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页

【Puppet】安装配置Puppet

程序员文章站 2024-01-02 23:40:46
...

一、参考链接

阿里巴巴开源镜像站-OPSX镜像站-阿里云开发者社区

puppet镜像-puppet下载地址-puppet安装教程-阿里巴巴开源镜像站

序 | Puppet运维实战 (gitbooks.io)

二、Puppet介绍

Puppet是IT自动化的行业标准。 以一种简单而强大的方式管理和自动化更多的基础架构和复杂的工作流。

三、Puppet安装

安装准备

master和node端

  1. # 修改主机名
  2. hostnamectl set-hostname master
  3. #配置域名解析
  4. vim /etc/hosts
  5. 192.168.200.11 master
  6. 192.168.200.12 node
  7. #关闭防火墙
  8. systemctl stop firewalld
  9. systemctl disable firewalld
  10. #关闭SELinux安全模式
  11. setenforce 0
  12. sed -i 's/SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config
  13. #配置时间同步
  14. yum install -y ntpdate
  15. ntpdate ntp1.aliyun.com
  16. #配置CentOS镜像源
  17. curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
  18. sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo
  19. #更新YUM源
  20. yum clean all
  21. yum makecache
  22. #升级系统
  23. yum update

安装master端

安装、配置并使用Puppet | Puppet运维实战

https://puppet.com/

  1. # 安装阿里云仓库
  2. rpm -ivh https://mirrors.aliyun.com/puppet/yum/puppetlabs-release-el-7.noarch.rpm
  3. # 安装Puppet-server、puppet和facter
  4. yum install -y puppet puppet-server facter
  5. # 备份配置文件
  6. cp /etc/puppet/puppet.conf{,.bak}
  7. # 配置puppet.conf
  8. [root@master puppet]# vim puppet.conf
  9. [root@master puppet]# cat puppet.conf
  10. [main]
  11. # The Puppet log directory.
  12. # The default value is '$vardir/log'.
  13. logdir = /var/log/puppet
  14. # Where Puppet PID files are kept.
  15. # The default value is '$vardir/run'.
  16. rundir = /var/run/puppet
  17. # Where SSL certificates are kept.
  18. # The default value is '$confdir/ssl'.
  19. ssldir = $vardir/ssl
  20. [agent]
  21. # The file in which puppetd stores a list of the classes
  22. # associated with the retrieved configuratiion. Can be loaded in
  23. # the separate ``puppet`` executable using the ``--loadclasses``
  24. # option.
  25. # The default value is '$confdir/classes.txt'.
  26. classfile = $vardir/classes.txt
  27. # Where puppetd caches the local configuration. An
  28. # extension indicating the cache format is added automatically.
  29. # The default value is '$confdir/localconfig'.
  30. localconfig = $vardir/localconfig
  31. server = master
  32. certname = node
  33. [master]
  34. certname = master
  35. [root@master puppet]#
  36. # 启动puppetmaster服务
  37. systemctl start puppetmaster
  38. systemctl enable puppetmaster
  39. systemctl status puppetmaster
  40. # 查看本地证书情况
  41. # puppetmaster第一次启动会自动生成证书自动注册自己
  42. [root@master puppet]# tree /var/lib/puppet/ssl/
  43. /var/lib/puppet/ssl/
  44. ├── ca
  45. ├── ca_crl.pem
  46. ├── ca_crt.pem
  47. ├── ca_key.pem
  48. ├── ca_pub.pem
  49. ├── inventory.txt
  50. ├── private
  51. └── ca.pass
  52. ├── requests
  53. ├── serial
  54. └── signed
  55. └── master.pem
  56. ├── certificate_requests
  57. ├── certs
  58. ├── ca.pem
  59. └── master.pem
  60. ├── crl.pem
  61. ├── private
  62. ├── private_keys
  63. └── master.pem
  64. └── public_keys
  65. └── master.pem
  66. 9 directories, 13 files
  67. [root@master puppet]#
  68. # 查看监听状态
  69. # puppetmaster服务开启后,默认监听TCP 8140端口
  70. [root@master puppet]# netstat -nlatp | grep 8140
  71. tcp 0 0 0.0.0.0:8140 0.0.0.0:* LISTEN 1396/ruby
  72. [root@master puppet]# lsof -i:8140
  73. COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
  74. puppet 1396 puppet 8u IPv4 24447 0t0 TCP *:8140 (LISTEN)

安装node端

  1. # 安装准备步骤相同
  2. # 安装阿里云仓库
  3. rpm -ivh https://mirrors.aliyun.com/puppet/yum/puppetlabs-release-el-7.noarch.rpm
  4. # 安装puppet和facter
  5. yum install puppet facter
  6. # 配置puppet.conf
  7. [root@node ~]# cp /etc/puppet/puppet.conf{,.bak} #备份配置文件
  8. [root@node ~]# cat /etc/puppet/puppet.conf
  9. [main]
  10. # The Puppet log directory.
  11. # The default value is '$vardir/log'.
  12. logdir = /var/log/puppet #默认日志存放路径
  13. # Where Puppet PID files are kept.
  14. # The default value is '$vardir/run'.
  15. rundir = /var/run/puppet #pid存放路径
  16. # Where SSL certificates are kept.
  17. # The default value is '$confdir/ssl'.
  18. ssldir = $vardir/ssl #证书存放目录,默认$vardir为/var/lib/puppet
  19. [agent]
  20. # The file in which puppetd stores a list of the classes
  21. # associated with the retrieved configuratiion. Can be loaded in
  22. # the separate ``puppet`` executable using the ``--loadclasses``
  23. # option.
  24. # The default value is '$confdir/classes.txt'.
  25. classfile = $vardir/classes.txt
  26. # Where puppetd caches the local configuration. An
  27. # extension indicating the cache format is added automatically.
  28. # The default value is '$confdir/localconfig'.
  29. localconfig = $vardir/localconfig
  30. server = master #指向puppetmaster端
  31. certname = node #设置自己的certname名
  32. # 开启puppet服务
  33. systemctl start puppet
  34. systemctl enable puppet

Node端向Master端发起认证

  1. # 通过调试模式启动节点向Puppetmaster端发起认证
  2. [root@node ~]# puppet agent --test
  3. Info: Retrieving pluginfacts
  4. Info: Retrieving plugin
  5. Info: Caching catalog for node
  6. Info: Applying configuration version '1645352953'
  7. Notice: Finished catalog run in 0.01 seconds
  8. # 服务器端确定认证
  9. [root@master ~]# puppet cert --list --all #查看认证情况
  10. "node" (SHA256) 6F:FC:CF:DB:1F:F1:B4:91:C7:8B:48:DE:64:A1:8D:D9:24:27:4B:B9:A9:72:5C:0E:6D:3F:A3:0B:B7:37:87:AE #未认证
  11. + "master" (SHA256) 87:C4:5B:16:2A:13:E1:D0:B0:58:63:2F:F1:87:98:6D:B6:A4:5D:9B:65:92:D8:72:38:45:FF:2A:18:FD:BA:41 #带+表示已经注册成功
  12. [root@master ~]#
  13. [root@master ~]# puppet cert --sign node #注册node
  14. Notice: Signed certificate request for node
  15. Notice: Removing file Puppet::SSL::CertificateRequest node at '/var/lib/puppet/ssl/ca/requests/node.pem'
  16. [root@master ~]#
  17. [root@master ~]# puppet cert --list --all #再次查看认证情况
  18. + "master" (SHA256) 87:C4:5B:16:2A:13:E1:D0:B0:58:63:2F:F1:87:98:6D:B6:A4:5D:9B:65:92:D8:72:38:45:FF:2A:18:FD:BA:41
  19. + "node" (SHA256) 35:B1:01:AA:28:DF:76:AA:B2:67:BE:D4:5C:C1:90:3C:C2:68:44:9A:BA:F3:DD:96:2B:37:6E:9E:85:11:E3:E1
  20. [root@master ~]# tree /var/lib/puppet/ssl/ #另外一种查看认证的方式
  21. /var/lib/puppet/ssl/
  22. ├── ca
  23. ├── ca_crl.pem
  24. ├── ca_crt.pem
  25. ├── ca_key.pem
  26. ├── ca_pub.pem
  27. ├── inventory.txt
  28. ├── private
  29. └── ca.pass
  30. ├── requests
  31. ├── serial
  32. └── signed
  33. ├── master.pem
  34. └── node.pem
  35. ├── certificate_requests
  36. └── node.pem
  37. ├── certs
  38. ├── ca.pem
  39. ├── master.pem
  40. └── node.pem
  41. ├── crl.pem
  42. ├── private
  43. ├── private_keys
  44. ├── master.pem
  45. └── node.pem
  46. └── public_keys
  47. ├── master.pem
  48. └── node.pem
  49. 9 directories, 18 files

上一篇:

下一篇: