#服務端跟客戶端均關閉iptables
serviceiptables stop
chkconfigiptables off
#服務端跟客戶端均關閉修改selinux
sed -i 'SELINUX/s/enforce/disabled' /etc/selinux/config
#服務端跟客戶端均修改hosts文件
[root@puppet01~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomainlocalhost6 localhost6.localdomain6
192.168.1.231puppetserver
192.168.1.232puppetclient
#服務端:
rpm-Uvh http://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-1.noarch.rpm
yuminstall puppet-server –y
#客戶端:
rpm-Uvh http://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-1.noarch.rpm
yuminstall puppet -y
#服務端開啓puppetmaster服務
/etc/init.d/puppetmasterstart
#客戶端證書申請
puppetagent --server puppetserver--test
#服務端查看證書是否生成
[root@puppet01~]# puppet cert --list
"puppet02" (SHA256)36:1F:C6:80:48:66:90:52:87:3B:55:AB:6C:66:31:3F:33:35:CF:AE:8A:3A:BA:F9:D0:70:EE:C2:3F:FD:23:9C
#服務端頒發證書
#可以爲特定的主機頒發證書命令:puppetcert –s
#給所有的主機頒發證書命令:puppetcert –s and –a
#爲客戶端頒發證書:
puppetcert --s puppetclient #後面是主機名
#客戶端/tmp下面創建個test.txt文件
touchtest.txt
#服務端下面編輯site.pp
vi /etc/puppet/manifests/site.pp
node default {
file {
"/tmp/test.txt": content => "helo,test!";
}
}
#客戶端測試
puppetagent --server puppetserver --test
#成功信息:
Info:Caching certificate for puppetclient
Info:Caching certificate_revocation_list for ca
Info:Caching certificate for puppetclient
Info:Retrieving pluginfacts
Info:Retrieving plugin
Info:Caching catalog for puppetclient
Info:Applying configuration version '1426557149'
Notice:/Stage[main]/Main/Node[default]/File[/tmp/test.txt]/content:
---/tmp/test.txt 2015-03-1621:51:08.889040996 -0400
+++/tmp/puppet-file20150316-1468-1n3cxlt-0 2015-03-1621:52:29.746041636 -0400
@@-0,0 +1 @@
+hello,test!
\No newline at end of file
Info:Computing checksum on file /tmp/test.txt
Info:/Stage[main]/Main/Node[default]/File[/tmp/test.txt]: Filebucketed /tmp/test.txtto puppet with sum d41d8cd98f00b204e9800998ecf8427e
Notice:/Stage[main]/Main/Node[default]/File[/tmp/test.txt]/content: content changed'{md5}d41d8cd98f00b204e9800998ecf8427e' to'{md5}18ea2a60db7763506261f87ecb82fb96'
Info:Creating state file /var/lib/puppet/state/state.yaml
Notice:Finished catalog run in 0.05 seconds
#puppet自動認證
在服務端的puppet.conf配置文件裏面[main]下方加入
autosign= true
然後重啓puppetmaster服務。
#這樣在客戶端執行puppetd –server=puppetserver–test服務端會自動認證
#重新生成證書:
因爲很多時候需要更換主機名稱,所以需要重新認證
#首先在客戶端刪除:rm –rf/var/lib/puppet/ssl 文件夾
#然後在服務端刪除:puppet cert--clean puppetclient
#最後重新獲取證書:puppet agent--server puppetserver –test
#配置客戶端自動同步:
#客戶端配置puppet相關參數和同步時間:
vi/etc/puppet/sysconfig/puppet
#The puppetmaster server
PUPPET_SERVER=puppetserver
#If you wish to specify the port to connect to do so here
PUPPET_PORT=8140
#Where to log to. Specify syslog to send log messages to the system log.
PUPPET_LOG=/var/log/puppet/puppet.log
#You may specify other parameters to the puppet client here
PUPPET_EXTRA_OPTS=--waitforcert=500
#最後重啓puppet 服務
/etc/init.d/puppetstart
#默認配置完畢後,客戶端是半小時同步一次的,我們可以修改同步的時間間隔:
vim/etc/puppet/puppet.conf
#在[agent]下方加入:runinterval = 60
#代表是60秒跟服務器同步一次
#最後重啓puppet服務
/etc/init.d/puppetstart
#puppetrun的使用(puppet kick)
#在服務器端使用puppetrun這個命令可以給客戶端發送一段信號,告訴客戶端立刻跟服務器同步
1. 修改客戶端上的puppet配置文件
vim /etc/puppet/puppet.conf
在[agent]下方添加
listen = true #目的是讓puppet監聽8139端口2. 修改客戶端的puppet的/etc/sysconfig/puppet文件
vim /etc/sysconfig/puppet
PUPPET_SERVER=puppetserver #server主機名稱3. 在客戶端新建namespaceauth.conf文件
[puppetrunner]
allow *4. 在客戶端修改auth.conf,在 paht / 的前面添加以下內容:
#test
path /run
method save
allow *5. 最後重啓puppet服務
/etc/init.d/puppet restart6. 在服務端測試命令:
puppet kick –d host puppetclient
#code 0表示成功