Puppet是配置管理工具的一种,这篇文章主要介绍一下Puppet的安装与设定。
什么是Puppet
Puppet是puppetlabs出品的配置管理工具,每年的DORA的DevOps报告就是有puppetlabs牵头做的,puppet作为出色的管理工具,也是可圈可点。通过可读性很好的设定描述信息,可以完成很多复杂的功能,比如如下确保软件wget被安装,用户admin被创建,而不用关系太多具体细节,剩余的交给Agent/Master构成的Puppet来做。
package { 'wget':
ensure => installed,
}
user { 'admin':
ensure => present,
}
Agent/Master VS Stand-alone
Puppet可以作为Agent/Master的模式也可以用于Stand-alone的模式,后者则仅仅作为单机版本工具的使用,可根据情况进行选择。
安装准备
本文的安装与设定信息如下
IP | Hostname | OS | Puppet软件 |
---|---|---|---|
192.169.31.131 | host131 | CentOS7.4 | Puppet-server 5.4 |
192.169.31.133 | host133 | CentOS7.4 | Puppet-agent 5.4 |
安装Master
安装Puppet Master需要如下步骤:
- Step 1: rpm -Uvh
https://yum.puppet.com/puppet5/puppet5-release-el-7.noarch.rpm - Step 2: yum install puppetserver
版本确认
[root@host131 ~]# puppet --version
5.4.0
[root@host131 ~]#
安装Agent
安装Puppet Agent需要如下步骤:
- Step 1:rpm -Uvh
https://yum.puppet.com/puppet5/puppet5-release-el-7.noarch.rpm - Step 2:yum install puppet-agent
版本确认
[root@host133 ~]# puppet --version
5.4.0
[root@host133 ~]#
初始化设定
启动Puppet master
在master所在节点host131,使用如下命令启动master,其中–debug为输出调试信息
[root@host131 ~]# puppet master --no-daemonize --debug
Debug: Applying settings catalog for sections main, master, ssl, metrics
Debug: Evicting cache entry for environment 'production'
Debug: Caching environment 'production' (ttl = 0 sec)
...
启动Agent
在agent所在节点host133,尝试连接host133,因为非缺省设定,可通过server=host131传入设定
[root@host133 ~]# puppet agent --server=host131 --test --debug
Debug: Applying settings catalog for sections main, agent, ssl
Debug: Caching environment 'production' (ttl = 0 sec)
Debug: Evicting cache entry for environment 'production'
Debug: Caching environment 'production' (ttl = 0 sec)
...
Debug: Dynamically-bound port lookup failed; falling back to ca_port setting
Debug: Creating new connection for https://host131:8140
Exiting; no certificate found and waitforcert is disabled
[root@host133 ~]#
根据提示发现证书设定不正确,所以接下来需要设定服务器侧证书信息
缺省证书信息
列出当前证书信息,发现有两张证书,其中当前机器host131的和host133,host133前不带+表明此证书未通过审核。
[root@host131 ~]# puppet cert list -all
"host133" (SHA256) 52:2A:AE:C0:58:47:B1:C3:8E:BC:80:F5:51:71:6C:46:77:58:00:4C:96:61:6D:FA:4E:AD:59:4B:F6:71:78:4E
+ "host131" (SHA256) 0E:2E:2B:22:61:E8:F1:59:3A:E4:92:F9:99:2E:3F:D4:7F:D6:E6:83:21:E0:96:4B:1F:4E:7A:A3:D4:EE:FA:78
[root@host131 ~]#
因为证书host133未通过审核,所以从客户端host133发过来的测试信息未能通过,使用命令对此证书进行审核和确认
[root@host131 ~]# puppet cert sign host133
Signing Certificate Request for:
"host133" (SHA256) 52:2A:AE:C0:58:47:B1:C3:8E:BC:80:F5:51:71:6C:46:77:58:00:4C:96:61:6D:FA:4E:AD:59:4B:F6:71:78:4E
Notice: Signed certificate request for host133
Notice: Removing file Puppet::SSL::CertificateRequest host133 at '/etc/puppetlabs/puppet/ssl/ca/requests/host133.pem'
[root@host131 ~]#
[root@host131 ~]# puppet cert list -all
+ "host131" (SHA256) 0E:2E:2B:22:61:E8:F1:59:3A:E4:92:F9:99:2E:3F:D4:7F:D6:E6:83:21:E0:96:4B:1F:4E:7A:A3:D4:EE:FA:78
+ "host133" (SHA256) 68:4B:45:DD:99:C7:F7:ED:25:BB:DC:BD:18:3A:81:8C:EF:9F:1D:3E:FB:1E:2D:73:B3:77:31:DE:46:E4:E1:E5
[root@host131 ~]#
重新进行Agent连接
再次进行Agent连接,则发现Agent已经能够正常与Master进行通信了。
[root@host133 ~]# puppet agent --server=host131 --test
Info: Caching certificate for host133
Info: Caching certificate_revocation_list for ca
Info: Caching certificate for host133
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Retrieving locales
Info: Caching catalog for host133
Info: Applying configuration version '1519038659'
Info: Creating state file /opt/puppetlabs/puppet/cache/state/state.yaml
Notice: Applied catalog in 0.01 seconds
[root@host133 ~]#