前提:
1、客戶端和服務端主機名必須爲FQDN格式例如:server.a.com
2、uname -n 執行結果和主機名相同
3、編輯/etc/hosts文件使能夠互相解析
4、時間同步
這裏假設:
服務端-->IP:192.168.56.101,主機名:server.a.com
客戶端-->IP:192.168.56.102,主機名:client.a.com
一、服務器端安裝相關的軟件包
[root@server ~]# rpm -ivh epel-release-5-4.noarch.rpm
//軟件包:epel-release-5-4.noarch.rpm可從http://www.rpmfind.net/linux/rpm2html/search.php?query=epel&submit=Search+...選擇合適版本下載
[root@server ~]# yum -y install puppet-server
[root@server ~]# service puppetmaster start
二、客戶端安裝相關軟件包
[root@client ~]# rpm -ivh epel-release-5-4.noarch.rpm
[root@client ~]# yum -y install puppet
三、申請並簽發證書
客戶端操作:
[root@client ~]# puppetd --test --server server.a.com
--------------------看到類似如下執行結果-----------------------
info: Creating a new SSL key for client.a.com
warning: peer certificate won't be verified in this SSL session
info: Caching certificate for ca
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
info: Creating a new SSL certificate request for client.a.com
info: Certificate Request fingerprint (md5): 38:36:3B:A7:0A:87:F0:45:38:69:60:51:8E:DD:C5:90
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
Exiting; no certificate found and waitforcert is disabled
---------------------------------------------------------------
服務器端操作:
[root@server ~]# puppetca -l //查看客戶端的證書申請
"client.a.com" (38:36:3B:A7:0A:87:F0:45:38:69:60:51:8E:DD:C5:90)
簽發客戶端的證書申請
[root@server ~]# puppetca -s client.a.com
notice: Signed certificate request for client.a.com
notice: Removing file Puppet::SSL::CertificateRequest client.a.com at '/var/lib/puppet/ssl/ca/requests/client.a.com.pem'
客戶端操作:
[root@client ~]# puppetd --test --server server.a.com //客戶端取回簽發後的證書
warning: peer certificate won't be verified in this SSL session
info: Caching certificate for client.a.com
info: Caching certificate_revocation_list for ca
info: Caching catalog for client.a.com
info: Applying configuration version '1345553919'
info: Creating state file /var/lib/puppet/state/state.yaml
notice: Finished catalog run in 0.02 seconds
四、測試是否正常
在服務端編寫執行代碼:
[root@server ~]# vim /etc/puppet/manifests/site.pp
-----------------添加如下內容-----------------------
file { "/tmp/temp1.txt":
content => "Hello World\n"; }
}
-----------------添加內容結束------------------------
在客戶端執行命令:
[root@client ~]# puppetd --test --server server.a.com
info: Caching catalog for client.a.com
info: Applying configuration version '1345554018'
notice: /Stage[main]//Node[default]/File[/tmp/temp1.txt]/ensure: defined content as '{md5}b10a8db164e0754105b7a99be72e3fe5'
notice: Finished catalog run in 0.11 seconds
在客戶端查看是否成功創建:
[root@client ~]# cat /tmp/temp1.txt
Hello World
成功完成!
遇到問題:
[root@puppet-client ~]# puppetd --test --server puppet-server
info: Creating a new SSL key for puppet-client.router
err: Could not request certificate: Connection refused - connect(2)
Exiting; failed to retrieve certificate and waitforcert is disabled
解決方法:啓動服務端puppetmaster服務,檢查iptables規則
注意事項:要在安裝軟件前先設置主機名,因爲生成證書的時候要把主機名寫入證書,如果證書生成好了再改主機名就連不上了,切記! 另外主機名必須使用FQDN格式,至少我在沒使用時測試好多次都不能成功,其實接下來要做的纔是最重要的工作也就是定義資源了,可惜本人水平非常有限不能與大家來分享了,只是安裝puppet就費了大半天時間,各種錯誤各種問題...