puppet 安装与配置
在RHEL6.5上安装puppet, puppet的客户端称为agent, 服务端称为Master.
安装
安装步骤
1.配置Master和agent的主机名,因为建立连接时需要用主机名。
[root@23 ~]# cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=23.dev
GATEWAY=192.168.198.1
2.安装基础依赖包
yum -y install ruby ruby-libs ruby-shadow
3.添加安装地址到yum源中
rpm -Uvh http://yum.puppetlabs.com/el/6.5/products/x86_64/puppetlabs-release-6-5.noarch.rpm
yum clean all
4.Master端安装puppet
yum install puppet-server
[root@23 ~]# puppet -V
3.8.7
[root@23 ~]# facter -v
2.4.6
5.客户端安装puppet
yum install puppet
配置
1.启动Master端
/etc/init.d/puppetmaster start
2.查看监听端口8140,关闭防火墙
[root@23 ~]# netstat -tlnp
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:8140 0.0.0.0:* LISTEN 4597/ruby
3.启动agent端
/etc/init.d/puppet start
4.Master上添加输出文件
[root@23 ~]# cat /etc/puppet/manifests/site.pp
node default { file { “/tmp/puppettest1.txt”: content => “hello,puppet”; } }
5.agent端配置Server主机名
[root@agent ~]# cat /etc/puppet/puppet.conf
[main]
# The Puppet log directory.
# The default value is ‘$vardir/log’.
logdir = /var/log/puppet
server = 23.dev
6.agent发起验证请求
puppet agent –test –verbose
Exiting; no certificate found and waitforcert is disabled
7.Master端对agent发起的请求进行签名
puppet cert sign ‘cert-request-name’
8.agent端再次进行配置
puppet agent –test –verbose
9.验证配置
cat /tmp/puppettest1.txt
hello,puppet
证书命令
常用命令:
1. Master上查看所有未完成的证书请求
puppet cert –list
2.Master上查看所有证书,包含已签发的
puppet cert –list –all
3.签发证书
puppet cert sign ‘cert-name’
4.撤销一个客户端证书
puppet cert –revoke ‘cert-name’
5.撤销并删除一个证书
puppet cert –clean ‘cert-name’
错误处理
ERROR 1:
[root@agent]# puppet agent –test –verbose
Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: SSL_connect returned=1 errno=0 state=SSLv3 read server session ticket A: sslv3 alert certificate revoked
Info: Retrieving pluginfacts
Error: /File[/var/lib/puppet/facts.d]: Failed to generate additional resources using ‘eval_generate’: SSL_connect returned=1 errno=0 state=SSLv3 read server session ticket A: sslv3 alert certificate revoked
Error: /File[/var/lib/puppet/facts.d]: Could not evaluate: Could not retrieve file metadata for puppet://23.dev/pluginfacts: SSL_connect returned=1 errno=0 state=SSLv3 read server session ticket A: sslv3 alert certificate revoked
Info: Retrieving plugin
Error: /File[/var/lib/puppet/lib]: Failed to generate additional resources using ‘eval_generate’: SSL_connect returned=1 errno=0 state=SSLv3 read server session ticket A: sslv3 alert certificate revoked
Error: /File[/var/lib/puppet/lib]: Could not evaluate: Could not retrieve file metadata for puppet://23.dev/plugins: SSL_connect returned=1 errno=0 state=SSLv3 read server session ticket A: sslv3 alert certificate revoked
Error: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server session ticket A: sslv3 alert certificate revoked
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
Error: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 read server session ticket A: sslv3 alert certificate revoked
Resolved:
应该是由于Master端和agent端的证书,由于删除导致不一致,需要清除后,重新生成。
Server:
puppet cert –clean ‘cert-name’
Client:
rm -rf /var/lib/puppet/ssl
ERROR 2:
Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: No route to host - connect(2)
Info: Retrieving pluginfacts
Error: /File[/var/lib/puppet/facts.d]: Failed to generate additional resources using ‘eval_generate’: No route to host - connect(2)
Error: /File[/var/lib/puppet/facts.d]: Could not evaluate: Could not retrieve file metadata for puppet://23.dev/pluginfacts: No route to host - connect(2)
Info: Retrieving plugin
Error: /File[/var/lib/puppet/lib]: Failed to generate additional resources using ‘eval_generate’: No route to host - connect(2)
Error: /File[/var/lib/puppet/lib]: Could not evaluate: Could not retrieve file metadata for puppet://23.dev/plugins: No route to host - connect(2)
Error: Could not retrieve catalog from remote server: No route to host - connect(2)
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
Error: Could not send report: No route to host - connect(2)
Resolved:
Master端没有开启8140端口,或者防火墙不允许访问。