puppet的安裝

puppet
功能和簡介：用於多臺服務器的批量管理和部署
需要的包： facter-1.6.18.tar.gz    puppet-2.7.22.tar.gz  (facter包是puppet的依賴包）
步驟：
server-ip：192.168.13.54 域名 www.wyx1.com
client-ip：192.168.13.55 域名 www.wyx2.com

server：
iptables -F
setenforce 0
hostname www.wyx1.com
vim /etc/hosts
192.168.13.54 www.wyx1.com
192.168.13.55 www.wyx2.com


1。時間同步,並寫入crontab,服務端和客戶端都要做 （有時可以不做）
15 1 ** * /usr/sbin/ntpdate pool.ntp.org; hwclock -w >/dev/null 2>&1

2.安裝ruby--puppet是ruby語言編寫的
yum install ruby ruby-libs ruby-rdoc -y

3.安裝facter
tar xvf facter-1.6.18.tar.gz
cd  facter-1.6.18
ruby install.rb

4.安裝puppet
tar xvf puppet-2.7.22.tar.gz
cd puppet-2.7.22
ruby install.rb

5.複製配置文件
cp conf/redhat/fileserver.conf /etc/puppet/
cp conf/redhat/puppet.conf /etc/puppet/
cp conf/redhat/server.init /etc/init.d/puppetmaster


6.設置puppetmaster 服務開機啓動
chmod 755 /etc/init.d/puppetmaster
chkconfig --add puppetmaster
chkconfig --level 35 puppetmaster on

7.創建puppet帳號
[root@puppetmaster puppet-2.7.14]# puppetmasterd --mkusers

8.確認是否生成清單文件夾
[root@puppetmaster puppet-2.7.14]# ls -l /etc/puppet/
-rw-r--r-- 1 root root 2552 Sep 3 12:11 auth.conf
-rwxr-xr-x 1 root root 381 Sep 3 12:13 fileserver.conf
drwxr-xr-x 2 root root 4096 Sep 3 12:17 manifests
-rwxr-xr-x 1 root root 853 Sep 3 12:13 puppet.conf

9.確認系統生成puppet用戶
[root@puppetmaster puppet-2.7.14]# id puppet
uid=1002(puppet) gid=1002(puppet) groups=1002(puppet)

cat /etc/passwd |grep puppet
puppet:x:1002:1002::/home/puppet:/bin/bash

10.保證/var/lib/puppet/rrd目錄存在且屬主是puppet
ls -l /var/lib/puppet/
total 36
drwxr-x--- 2 puppet puppet 4096 Sep 3 12:17 bucket
drwxr-xr-x 2 root root 4096 Sep 3 12:17 facts
drwxr-xr-x 2 root root 4096 Sep 3 12:17 lib
drwxr-x--- 2 puppet puppet 4096 Sep 3 12:17 reports
drwxr-x--- 2 puppet puppet 4096 Sep 3 12:17 rrd
drwxr-x--- 2 puppet puppet 4096 Sep 3 12:17 server_data
drwxrwx--x 8 puppet root 4096 Sep 3 12:26 ssl
drwxr-xr-t 2 root root 4096 Sep 3 12:17 state
drwxr-x--- 2 puppet puppet 4096 Sep 3 12:17 yaml

11.查看端口
netstat -Tanlp | grep 8140
tcp 0 0 0.0.0.0:8140 0.0.0.0:* LISTEN 4556/ruby


--------------------------------------------------------------------------------
client

1。時間同步,並寫入crontab,服務端和客戶端都要做 （有時可以不做）
15 1 ** * /usr/sbin/ntpdate pool.ntp.org; hwclock -w >/dev/null 2>&1

2.安裝ruby--puppet是ruby語言編寫的
yum install ruby ruby-libs ruby-rdoc -y

3.安裝facter
tar xvf facter-1.6.18.tar.gz
cd  facter-1.6.18
ruby install.rb

4.安裝puppet
tar xvf puppet-2.7.22.tar.gz
cd puppet-2.7.22
ruby install.rb

5.複製配置文件
[root@client1 puppet-2.7.14]# cp conf/redhat/client.init /etc/init.d/puppet
[root@client1 puppet-2.7.14]# chkconfig --level 35 puppet on
[root@client1 puppet-2.7.14]# puppetd --mkusers
Could not prepare for execution: Got 1 failure(s) while initializing: change from absent to present
failed: Could not create user puppet: Execution of '/usr/sbin/useradd -g puppet -M puppet' returned 3: useradd:
invalid numeric argument 'puppet'

[root@client1 puppet-2.7.14]# groupadd puppet;useradd -g puppet -M puppet
[root@client1 puppet-2.7.14]# chmod 777 /etc/init.d/puppet
[root@client1 puppet-2.7.14]# service puppet start
Starting puppet: [ OK ]

6.測試解析與puppetmaster端口是否暢通

telnet www.wyx1.com 8140
Trying 192.168.13.54...
Connected to www.wyx1.com(192.168.13.54).
Escape character is '^]'.

[root@client1 puppet-2.7.14]# puppetd --test --server www.wyx1.com
warning: peer certificate won't be verified in this SSL session
info: Caching certificate for ca
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
info: Creating a new SSL certificate request for client1.info.com
info: Certificate Request fingerprint (md5): 07:C9:D4:43:3C:3E:D6:D1:0A:B1:8B:71:DB:6B:9D:FE
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
Exiting; no certificate found and waitforcert is disabled

# puppetd --test --server puppetmaster.info.com命令是指puppetd 從 puppetmaster.info.com去讀取
puppet配置文件. 第一次連接,雙方會進行ssl證書的驗證,這是一個新的客戶端,在服務器端那裏還沒有被認證,
因此需要在服務器端進行證書認證

-------------------------------------------------------------------------------
以下這步批准證書是在服務端操作
查看當前待批准證書列表：
[root@puppetmaster ~]# puppetca -l
 www.wyx2.com (07:C9:D4:43:3C:3E:D6:D1:0A:B1:8B:71:DB:6B:9D:FE)

批准當前證書：
[root@puppetmaster ~]# puppetca -s -a
notice: Signed certificate request for client1.info.com
notice: Removing file Puppet::SSL::CertificateRequest client1.info.com at'/var/lib/puppet/ssl/ca/requests/client1.info.com.pem'

查看驗證簽名,注意前面的+號，說明已經簽名:
[root@puppetmaster ~]# puppetca -a --list
+ www.wyx2.com (03:BE:50:AE:72:1A:39:79:17:F4:E5:74:FD:CC:BC:8C)
+ www.wyx1.com(97:34:BF:26:A6:0E:E9:9C:DB:76:D3:53:D0:56:60:83) (alt names: DNS:puppet, DNS:puppet.info.com, DNS:puppetmaster.info.com)


回到客戶端操作，從服務端取回已批准的證書
puppetd --test --server www.wyx1.com
warning: peer certificate won't be verified in this SSL session
info: Caching certificate for client1.info.com
info: Caching certificate_revocation_list for ca
info: Caching catalog for www.wyx2.com
info: Applying configuration version '1378188531


功能測試
服務端：
建立pp文件測試
puppet的第一個執行的代碼是在/etc/puppet/manifest/site.pp ,因此這個文件必須存在,而且其他的代碼也要通過代碼來調用.
[root@puppetmaster ~]# vim /etc/puppet/manifests/site.pp
node default {
file {"/tmp/viong.txt":
content=>"good,test pass!\nHello World!\n";}
    }
上面的代碼對默認連入的puppet客戶端執行一個操作,在/tmp目錄生成一個viong.txt文件,內容是good,test pass! 回車換行Hello World!回車換行.

初次創建pp文件，需要重啓puppetmaster
[root@puppetmaster ~]# service puppetmaster restart
Stopping puppetmaster: [ OK ]
Starting puppetmaster: [ OK ]

客戶端：
[root@client1 puppet-2.7.14]# puppetd --test --server www.wyx1.com
info: Caching catalog for www.wyx2.com
info: Applying configuration version '1378190404'
notice: /Stage[main]//Node[default]/File[/tmp/viong.txt]/ensure: defined content as '{md5}4750aa5be82dae5db286a5859700dd51'
notice: Finished catalog run in 0.03 seconds


8.如果報錯

9.[root@client1 puppet-2.7.14]# puppetd --test --server www.wyx1.com
err: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not parse for environment production: Syntax error at end of file; expected '}' at /etc/puppet/manifests/site.pp:4 on node client1.info.com
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run
可能是/etc/puppet/manifests/site.pp 這個文件書寫格式有問題。


在客戶端查看:
[root@client1 puppet-2.7.14]# ls -l /tmp/viong.txt
cat /tmp/viong.txt
good,test pass!
Hello World!





排錯

1.  連接master的時候出現如下報錯：
dnsdomainname: Unknown host
解決辦法：檢查機器主機名的設置，以及是否添加進hosts。
2.   連接master的時候出現如下報錯：
err: Could not request certificate: getaddrinfo: Name or service not known
解決辦法：服務器端沒有配置hosts域名綁定，在hosts中添加。
3.  連接master的時候出現如下報錯：
warning: peer certificate won't be verified in this SSL session
解決辦法：服務端還沒有返回簽發證書，使用puppet cert --list查看
4.  連接master的時候出現如下報錯：
err: Could not retrieve catalog from remote server: certificate verify failed
解決辦法：客戶端和服務器端時間不同步，SSL連接需要依賴主機上的時間是否正確。執行更新時間的命令：/sbin/ntpdate asia.pool.ntp.org

5.Puppet錯誤Run of Puppet configuration client already in progress; skipping解決：
rm -rf /var/lib/puppet/state/puppetdlock