puppet

Puppet前期環境（網絡、解析、yum源、NTP）在上一章節已經準備就緒，接下來我們就開始安裝Puppet了，安裝Puppet其實很簡單，官方已經提供了yum源，只需要自己將所需要的安裝包下載下來然后做成本地yum源即可使用。?注意：本實驗完全采用自定義的certname名，如果不設置默認會使用系統變量hostname的值。

一、安裝Puppetmaster

1、安裝Puppet-server、puppet和facter

[root@puppetmaster?~]#?yum?install?puppet?puppet-server?facter?-y?#系統會自己安裝一些ruby依賴包環境

2、配置puppet.conf?注意：這個里面配置了兩個certname名稱，其中[master]中配置的certname是為所有節點認證用的master名稱，[agent]中配置的certname是他本身agent的名稱，當然不配置默認是和master的名稱是一樣的。

[root@puppetmaster?~]#?cp?/etc/puppet/puppet.conf{,.bak}???#備份
[root@puppetmaster?~]#?vim?/etc/puppet/puppet.conf??#注釋已經刪除
[main]logdir?=?/var/log/puppet??#默認日志存放路徑rundir?=?/var/run/puppet??#pid存放路徑ssldir?=?$vardir/ssl?#證書存放目錄，默認$vardir為/var/lib/puppet
[agent]classfile?=?$vardir/classes.txtlocalconfig?=?$vardir/localconfigserver?=?puppetmaster.kisspuppet.com?#設置agent認證連接master端的服務器名稱，注意這個名字必須能夠被節點解析certname?=?puppetmaster_cert.kisspuppet.com?#設置agent端certname名稱
[master]certname?=?puppetmaster.kisspuppet.com??puppetmaster.kisspuppet.com?#設置puppetmaster認證服務器名

3、創建site.pp文件?site.pp文件是puppet讀取所有模塊pp文件的開始，在3.0版本以前必須設置，否則服務無法啟動。

[root@puppetmaster?~]#?touch?/etc/puppet/manifests/site.pp

4、啟動puppetmaster服務

[root@puppetmaster?~]#?/etc/init.d/puppetmaster?start
Starting?puppetmaster:???????[??OK??]
[root@puppetmaster?~]#?chkconfig?puppetmaster?on?#設置開機啟動

5、查看本地證書情況?puppetmaster第一次啟動會自動生成證書自動注冊自己

[root@puppetmaster?~]#?tree?/var/lib/puppet/ssl/
/var/lib/puppet/ssl/
├──?ca
│???├──?ca_crl.pem
│???├──?ca_crt.pem
│???├──?ca_key.pem
│???├──?ca_pub.pem
│???├──?inventory.txt
│???├──?private
│???│???└──?ca.pass
│???├──?requests
│???├──?serial
│???└──?signed
│???????└──?puppetmaster.kisspuppet.com.pem??#已注冊
├──?certificate_requests
├──?certs
│???├──?ca.pem
│???└──?puppetmaster.kisspuppet.com.pem
├──?crl.pem
├──?private
├──?private_keys
│???└──?puppetmaster.kisspuppet.com.pem
└──?public_keys└──?puppetmaster.kisspuppet.com.pem
9?directories,?13?files
[root@puppetmaster?~]#?puppet?cert?--list?--all??#帶+標示已經注冊成功
+?"puppetmaster.kisspuppet.com"?(C0:E3:6B:76:36:EC:92:93:4D:BF:F0:8F:77:00:91:C8)?(alt?names:?"DNS:puppet",?"DNS:puppet.kisspuppet.com",?"DNS:puppetmaster.kisspuppet.com")

6、查看監聽狀態?puppetmaster服務開啟后，默認監聽TCP 8140端口

[root@puppetmaster?~]#?netstat?-nlatp?|?grep?8140
tcp????????0??????0?0.0.0.0:8140????????????????0.0.0.0:*???????????????????LISTEN??????1976/ruby???????????
[root@puppetmaster?~]#?lsof?-i:8140
COMMAND????PID???USER???FD???TYPE?DEVICE?SIZE/OFF?NODE?NAME
puppetmas?1976?puppet????5u??IPv4??14331??????0t0??TCP?*:8140?(LISTEN)

二、安裝Agent

以agent1為例

1、安裝puppet和facter

[root@agent1?~]#?yum?install?puppet?facter?#系統會自己安裝一些ruby依賴包環境

2、配置puppet.conf

[root@agent1?~]#?cp?/etc/puppet/puppet.conf{,.bak}
[root@agent1?~]#?vim?/etc/puppet/puppet.conf
[main]logdir?=?/var/log/puppetrundir?=?/var/run/puppetssldir?=?$vardir/ssl[agent]classfile?=?$vardir/classes.txtlocalconfig?=?$vardir/localconfigserver?=?puppetmaster.kisspuppet.com??#指向puppetmaster端certname?=?agent1_cert.kisspuppet.com?#設置自己的certname名

3、通過調試模式啟動節點向Puppetmaster端發起認證

[root@agent1?~]#?puppet?agent?--test
info:?Creating?a?new?SSL?key?for?agent1_cert.kisspuppet.com
info:?Caching?certificate?for?ca
info:?Creating?a?new?SSL?certificate?request?for?agent1_cert.kisspuppet.com
info:?Certificate?Request?fingerprint?(md5):?69:D2:86:E4:7F:00:E0:55:61:19:02:34:9E:9B:AF:F9
Exiting;?no?certificate?found?and?waitforcert?is?disabled

4、服務器端確定認證

[root@puppetmaster?~]#?puppet?cert?--list?--all?#查看認證情況"agent1_cert.kisspuppet.com"??(69:D2:86:E4:7F:00:E0:55:61:19:02:34:9E:9B:AF:F9)?#未認證
+?"puppetmaster.kisspuppet.com"?(C0:E3:6B:76:36:EC:92:93:4D:BF:F0:8F:77:00:91:C8)?(alt?names:?"DNS:puppet",?"DNS:puppet.kisspuppet.com",?"DNS:puppetmaster.kisspuppet.com")
[root@puppetmaster?~]#?puppet?cert?--sign?agent1_cert.kisspuppet.com?#注冊agent1
notice:?Signed?certificate?request?for?agent1_cert.kisspuppet.com
notice:?Removing?file?Puppet::SSL::CertificateRequest?agent1_cert.kisspuppet.com?at?'/var/lib/puppet/ssl/ca/requests/agent1_cert.kisspuppet.com.pem'[root@puppetmaster?~]#?puppet?cert?--list?--all?#再次查看認證情況
+?"agent1_cert.kisspuppet.com"??(3E:46:4E:75:34:9A:5A:62:A6:3C:AE:BD:49:EE:C0:F5)
+?"puppetmaster.kisspuppet.com"?(C0:E3:6B:76:36:EC:92:93:4D:BF:F0:8F:77:00:91:C8)?(alt?names:?"DNS:puppet",?"DNS:puppet.kisspuppet.com",?"DNS:puppetmaster.kisspuppet.com")[root@puppetmaster?~]#?tree?/var/lib/puppet/ssl/?#另外一種查看認證的方式
/var/lib/puppet/ssl/
├──?ca
│???├──?ca_crl.pem
│???├──?ca_crt.pem
│???├──?ca_key.pem
│???├──?ca_pub.pem
│???├──?inventory.txt
│???├──?private
│???│???└──?ca.pass
│???├──?requests
│???├──?serial
│???└──?signed
│???????├──?agent1_cert.kisspuppet.com.pem??#已經注冊成功
│???????└──?puppetmaster.kisspuppet.com.pem
├──?certificate_requests
├──?certs
│???├──?ca.pem
│???└──?puppetmaster.kisspuppet.com.pem
├──?crl.pem
├──?private
├──?private_keys
│???└──?puppetmaster.kisspuppet.com.pem
└──?public_keys└──?puppetmaster.kisspuppet.com.pem
9?directories,?14?files

5、其它節點一起認證

[root@puppetmaster?~]#?puppet?agent?--test?#puppetmaster自己申請agent認證
info:?Creating?a?new?SSL?key?for?puppetmaster_cert.kisspuppet.com
info:?Creating?a?new?SSL?certificate?request?for?puppetmaster_cert.kisspuppet.com
info:?Certificate?Request?fingerprint?(md5):?7D:AC:F7:97:04:2B:E4:C5:74:4A:16:05:DB:F6:6A:98
Exiting;?no?certificate?found?and?waitforcert?is?disabled[root@puppetmaster?~]#?puppet?cert?--sign?--all?#注冊所有請求的節點
notice:?Signed?certificate?request?for?puppetmaster_cert.kisspuppet.com
notice:?Removing?file?Puppet::SSL::CertificateRequest?puppetmaster_cert.kisspuppet.com?at?'/var/lib/puppet/ssl/ca/requests/puppetmaster_cert.kisspuppet.com.pem'
notice:?Signed?certificate?request?for?agent2_cert.kisspuppet.com
notice:?Removing?file?Puppet::SSL::CertificateRequest?agent2_cert.kisspuppet.com?at?'/var/lib/puppet/ssl/ca/requests/agent2_cert.kisspuppet.com.pem'
notice:?Signed?certificate?request?for?agent3_cert.kisspuppet.com
notice:?Removing?file?Puppet::SSL::CertificateRequest?agent3_cert.kisspuppet.com?at?'/var/lib/puppet/ssl/ca/requests/agent3_cert.kisspuppet.com.pem'[root@puppetmaster?~]#?puppet?cert?--list?--all?#查看所有節點認證
+?"agent1_cert.kisspuppet.com"???????(3E:46:4E:75:34:9A:5A:62:A6:3C:AE:BD:49:EE:C0:F5)
+?"agent2_cert.kisspuppet.com"???????(A0:CE:70:BE:A9:11:BF:F4:C8:EF:25:8E:C2:2C:3B:B7)
+?"agent3_cert.kisspuppet.com"???????(98:93:F7:0C:ED:94:81:3D:51:14:86:68:2B:F3:F1:A0)
+?"puppetmaster.kisspuppet.com"??????(C0:E3:6B:76:36:EC:92:93:4D:BF:F0:8F:77:00:91:C8)?(alt?names:?"DNS:puppet",?"DNS:puppet.kisspuppet.com",?"DNS:puppetmaster.kisspuppet.com")
+?"puppetmaster_cert.kisspuppet.com"?(57:A3:D7:3D:64:2F:D6:FD:BC:2A:6C:79:68:73:EA:AB)

三、編寫簡單的motd模塊

1、創建模塊目錄結構?注意：再未指定modulepath搜索路徑的情況下，會有默認搜索路徑的，可通過以下方式查看到

[root@puppetmaster?~]#?puppet?master?--genconfig?>/etc/puppet/puppet.conf.out
[root@puppetmaster?~]#?cat?/etc/puppet/puppet.conf.out?|?grep?modulepathmodulepath?=?/etc/puppet/modules:/usr/share/puppet/modules[root@puppetmaster?modules]#?tree?/etc/puppet/modules/
/etc/puppet/modules/
└──?motd├──?files??#存放文件目錄│???└──?etc│???????└──?motd├──?manifests??#存放模塊pp配置文件目錄│???└──?init.pp└──?templates?#存放模板目錄5?directories,?2?files

2、編寫pp文件

[root@puppetmaster?modules]#?vim?motd/manifests/init.pp?
class?motd{?????????????????#定義一個類叫motdpackage{?'setup':????#定義package資源ensure?=>?present,??#要求setup這個包處于被安裝狀態}file{?'/etc/motd':??#定義file資源ensure??=>?present,??#要求file文件處于存在狀態owner???=>?'root',?#要求file文件屬主為rootgroup???=>?'root',?#要求file文件屬組為rootmode????=>?'0644',?#要求file文件權限為644source??=>?"puppet://$puppetserver/modules/motd/etc/motd",?#要求file文件從puppetmaster端服務器下載require?=>?Package['setup'],?#要求文件被配置之前先執行package資源}
}[root@puppetmaster?modules]#?cat?motd/files/etc/motd?
--???????????????????????--
--------puppet?test---------
--???????????????????????--

3、編寫site.pp文件

[root@puppetmaster?~]#?vim?/etc/puppet/manifests/site.pp?
$puppetmaster?=?'puppetmaster.kisspuppet.com'?#設置全局變量
node?'puppetmaster_cert.kisspuppet.com'{include??motd
}
node?'agent1_cert.kisspuppet.com'{include??motd
}
node?'agent2_cert.kisspuppet.com'{include??motd
}
node?'agent3_cert.kisspuppet.com'{include??motd
}

四、測試motd模塊

[root@agent1?~]#?puppet?agent?--test??#測試節點agent1
info:?Caching?catalog?for?agent1_cert.kisspuppet.com
info:?Applying?configuration?version?'1394304542'
notice:?/Stage[main]/Motd/File[/etc/motd]/content:?
---?/etc/motd????2000-01-13?07:18:52.000000000?+0800
+++?/tmp/puppet-file20140309-4571-1vqc18j-0????2014-03-09?02:51:47.000000000?+0800
@@?-0,0?+1,3?@@
+--???????????????????????--
+--------puppet?test---------
+--???????????????????????--
info:?FileBucket?adding?{md5}d41d8cd98f00b204e9800998ecf8427e
info:?/Stage[main]/Motd/File[/etc/motd]:?Filebucketed?/etc/motd?to?puppet?with?sum?d41d8cd98f00b204e9800998ecf8427e
notice:?/Stage[main]/Motd/File[/etc/motd]/content:?content?changed?'{md5}d41d8cd98f00b204e9800998ecf8427e'?to?'{md5}87ea3a1af8650395038472457cc7f2b1'
notice:?Finished?catalog?run?in?0.40?seconds[root@agent1?~]#?cat?/etc/motd?
--???????????????????????--
--------puppet?test---------
--???????????????????????--
[root@agent1?~]#?[root@puppetmaster?~]#?puppet?agent?-t??#測試節點puppetmaster
info:?Caching?catalog?for?puppetmaster_cert.kisspuppet.com
info:?Applying?configuration?version?'1394305371'
notice:?/Stage[main]/Motd/File[/etc/motd]/content:?
---?/etc/motd????2010-01-12?21:28:22.000000000?+0800
+++?/tmp/puppet-file20140309-3102-1gadon0-0????2014-03-09?03:02:51.966998294?+0800
@@?-0,0?+1,3?@@
+--???????????????????????--
+--------puppet?test---------
+--???????????????????????--
info:?FileBucket?adding?{md5}d41d8cd98f00b204e9800998ecf8427e
info:?/Stage[main]/Motd/File[/etc/motd]:?Filebucketed?/etc/motd?to?puppet?with?sum?d41d8cd98f00b204e9800998ecf8427e
notice:?/Stage[main]/Motd/File[/etc/motd]/content:?content?changed?'{md5}d41d8cd98f00b204e9800998ecf8427e'?to?'{md5}87ea3a1af8650395038472457cc7f2b1'
info:?Creating?state?file?/var/lib/puppet/state/state.yaml
notice:?Finished?catalog?run?in?0.52?seconds
[root@puppetmaster?~]#?cat?/etc/motd?
--???????????????????????--
--------puppet?test---------

轉載于:https://blog.51cto.com/fodaa/1968609