Today, I will continue to introduce the relevant knowledge of Linux operation and maintenance. The main content of this article is the installation of puppet.
1. Preparation for puppet installation
First, let's prepare for puppet installation. Prepare two Vmware virtual machines to install puppet client and server respectively. The two devices are as follows:
puppet client: 192.168.136.11
puppet server: 192.168.136.20
Since puppet works based on hostnames, we must modify the hosts file on the two devices before configuring puppet. Make the two devices have the same host name recognition. Of course, if the DNS server in the current network can perform resolution, this step can also be skipped.
Add the following contents to the /etc/hosts file of both devices:
192.168.136.20 puppet-server
192.168.136.11 puppet-client
After completing the above configuration, the puppet client and server can communicate with each other based on the host name. The results are as follows:
In addition, in order to make the puppet service run normally, we also need to close the Linux firewall. The command to close the firewall on Linux is as follows:
systemctl stop firewalld
iptables -F
setenforce 0
The above command needs to be run on both devices.
Second, the puppet server installation
Next, we install the puppet server.
Excuting an order:
yum install -y puppet-server
That's it.
However, the installation of puppet-server needs to install the extension source of epel. Therefore, if the extension source has not been installed, the installation will fail and the installation package will not be found. In this case, you can execute the command:
yum install -y epel-release
be resolved. The following puppet client installation is similar to this, so I won't go into details.
Three, puppet client installation
Next, we move on to the installation of the puppet client.
Excuting an order:
yum install -y puppet
You can complete the installation of the puppet client.
Fourth, the puppet client applies for a certificate
Although we have completed the installation of the puppet client and server, our puppet cannot work properly at this time. The puppet client needs to apply for a certificate from the puppet server, and the puppet server needs to issue a certificate to the puppet client. Next, we control the puppet client to apply for a certificate. First, open the puppet service on the puppet server. Note that the name of the puppet service is puppetmaster at this time. So we need to execute the command:
systemctl start puppetmaster
After the puppet server is opened, it will listen to the local port 8140, and the result is as follows:
Then, execute the command on the puppet client:
puppet agent --server puppet-server --test
Among them, the –server parameter is the host name of the specified server. The execution result of this command is as follows:
After the execution is completed, the puppet server will receive the client’s certificate. On the puppet server, execute the command:
puppet cert --list
You can view the client's certificate application, and the results are as follows:
5. The puppet server issues a certificate
Next, the puppet server needs to issue a certificate to the puppet client and execute the command:
puppet cert -s 【客户端主机名】
The certificate can be issued to the specified client, and the execution result is as follows:
In this way, after we issue the certificate to the responding client, we cannot query the client in the puppet cert --list command, but we can query the client through the following command To the issued certificate:
puppet cert --list --all
The execution result of this command is as follows:
Originality is not easy, please indicate the source for reprinting: https://blog.csdn.net/weixin_40228200