因为puppet是基于ruby写的,所以需要ruby
yum install ruby ruby-libs ruby-shadow -y
验证版本
ruby -v
puppet的yum仓库
rpm -Uvh http://yum.puppetlabs.com/el/7Server/products/x86_64/puppetlabs-release-7-12.noarch.rpm
服务端
yum install puppet-server -y
客户端
yum install puppet -y
验证下安装包
我这个书还在介绍2.6 2.7 和3.0的区别,这货都已经到3.87了
启动下服务并且加自启动
systemctl list-unit-files | grep puppet
systemctl start puppetmaster
systemctl status -l puppetmaster
都加好了
systemctl list-unit-files | grep puppet
检查端口,都起来了
netstat -antulp | grep 8140
增加dns解析
vi /etc/hosts
192.168.10.133 puppetmaster
192.168.10.134 puppetagent
验证下
防火墙开一下8143端口
iptables -A INPUT -p tcp --dport 8140 -j ACCEPT
or
iptables -A INPUT -p tcp -s 192.168.10.0/24 --dport 8140 -j ACCEPT
查看下规则
iptables --list
配置下主机文件,修改site.pp增加输出文件配置
vi /etc/puppet/manifests/site.pp
node default { file { "/tmp/puppettest1.txt": content => "hello, first puppet test"; } }
客户端发起测试
puppet agent --server puppetmaster --test
容我修个错误
Exiting; no certificate found and waitforcert is disabled
服务端是有证书的啊
tree /var/lib/puppet/ssl/
原来是客户端先客户端发起证书验证请求,在证书到达之前,会每隔2分钟请求一次,明白了,服务器端去查看证书请求列表
puppet cert --list
发现请求的客户端
puppet cert sign puppetagent
puppet agent --server puppetmaster --test
验证下文件内容,之前定义的文件已经在agent中了
客户端重新签名之前需要删除hostname.pem文件
find /var/lib/puppet/ssl/ -iname 'hostname'.pem -exec /bin/rm -rf {}
服务端重新签名也需要删除hostname.pem
find $(puppet master --configprint ssldir) -name "$(puppet master --configprint certname).pem" -delete
删除客户端认证信息
puppet cert --clean {node certname}