Environment Description:
Os:centos 5.4 i386
puppetmaster 192.168.0.12 hostname:puppetmaster.info.com
Client 192.168.0.64 hostname:client1.info.com
schematic diagram:
1) client collects client information via Facter and sends to server
2) Connect to the server and request catalog log
3) Information for the request nodes (node)
4) Instances from the server-side receive node
5) Compile code (including grammar checking, etc.)
6) query whether there are exported virtual resources
7) If available, receive virtual resources from the database
8) receive the full catalog log
9) Store catalog log to database
10) The client receives the full catalog log
One, time synchronization, and write Crontab
- 1 * * */usr/sbin/ntpdate pool.ntp.org; Hwclock-w >/dev/null 2>&1
Second, modify the hostname, and write to the/etc/hosts file
Puppet requires that all machines have a full domain name (FQDN), and if no DNS server provides a domain name, you can set the host name on both machines
(Note that it is recommended to set the hostname before installing Puppet, because the host name is written to the certificate when the Puppet is installed, the client and server communication requires this certificate)
- 192.168.0.12 puppetmaster.info.com
- 192.168.0.64 client1.info.com
Third, install Ruby
- [email protected] ~]# yum install ruby Ruby-libs ruby-rdoc-y
- [Email protected] ~]# Ruby--version
- Ruby 1.8.5 (2006-08-25) [I386-linux]
I installed the 1.8.5, do not install 1.8.7 Puppet is not supported, (I have not tried, if there is unsupported situation, pay attention to here. )
Iv. installation of Facter
You must install Facter before installing puppet
Facter is a system inventory Tool, collect some of the main information, such as CPU, host IP, etc., it collects values sent to the puppet server side, the server can be based on different conditions to different node machines to generate different puppet configuration files
Puppet Resource Download Point http://downloads.puppetlabs.com/
- [Email protected] src]# wget http://downloads.puppetlabs.com/facter/facter-1.6.8.tar.gz
- [Email protected] src]# tar xzvf facter-1.6.8.tar.gz
- [Email protected] src]# CD facter-1.6.8
- [Email protected] facter-1.6.8]# Ruby INSTALL.RB
V. Installation of Puppet
- [Email protected] src]# wget http://downloads.puppetlabs.com/puppet/puppet-2.7.14.tar.gz
- [Email protected] src]# tar xzvf puppet-2.7.14.tar.gz
- [Email protected] src]# CD puppet-2.7.14
- [Email protected] puppet-2.7.14]# Ruby INSTALL.RB
Vi. Copying configuration files
- [email protected] puppet-2.7.14]# CP conf/redhat/fileserver.conf/etc/puppet/
- [email protected] puppet-2.7.14]# CP conf/redhat/puppet.conf/etc/puppet/
- [email protected] puppet-2.7.14]# CP Conf/redhat/server.init/etc/init.d/puppetmaster
Seven, set up the puppetmaster service boot
- [Email protected] puppet-2.7.14]# ls-l/etc/init.d/puppetmaster
- -rwxr-xr-x 1 root root 3936 Sep 3 12:13/etc/init.d/puppetmaster
- [Email protected] puppet-2.7.14]#
- [Email protected] puppet-2.7.14]# chkconfig--add puppetmaster
- [Email protected] puppet-2.7.14]# chkconfig--level puppetmaster on
Eight, create puppet account
- [Email protected] puppet-2.7.14]# Puppetmasterd--mkusers
1) Confirm that the manifest folder is generated
- [Email protected] puppet-2.7.14]# ls-l/etc/puppet/
- Total 16
- -rw-r--r--1 root root 2552 Sep 3 12:11 auth.conf
- -rwxr-xr-x 1 root root 381 Sep 3 12:13 fileserver.conf
- Drwxr-xr-x 2 root root 4096 Sep 3 12:17 manifests
- -rwxr-xr-x 1 root root 853 Sep 3 12:13 puppet.conf
2) Confirm that the system generates puppet users
- [[email protected] puppet-2.7.14]# ID puppet
- uid=1002 (puppet) gid=1002 (puppet) groups=1002 (puppet)
- [Email protected] puppet]# cat/etc/passwd |grep puppet
- Puppet:x:1002:1002::/home/puppet:/bin/bash
3) Ensure that the/VAR/LIB/PUPPET/RRD directory exists and that the owner is puppet
- [Email protected] puppet]# ls-l/var/lib/puppet/
- Total 36
- Drwxr-x---2 puppet puppet 4096 Sep 3 12:17 bucket
- Drwxr-xr-x 2 root root 4096 Sep 3 12:17 Facts
- Drwxr-xr-x 2 root root 4096 Sep 3 12:17 Lib
- Drwxr-x---2 puppet puppet 4096 Sep 3 12:17 reports
- Drwxr-x---2 puppet puppet 4096 Sep 3 12:17 RRD
- Drwxr-x---2 puppet puppet 4096 Sep 3 12:17 server_data
- Drwxrwx--x 8 puppet root 4096 Sep 3 12:26 SSL
- Drwxr-xr-t 2 root root 4096 Sep 3 12:17 state
- Drwxr-x---2 puppet puppet 4096 Sep 3 12:17 Yaml
4) View Port
- [Email protected] puppet]# NETSTAT-TANLP | grep 8140
- TCP 0 0 0.0.0.0:8140 0.0.0.0:* LISTEN 4556/ruby
5) Open the 8140 port of the firewall
#vi/etc/sysconfig/iptables
Increase:
-A input-m state--state new-m tcp-p TCP--dport 8140-j ACCEPT
Restart the firewall after saving:
#service iptables Restart
Client:
Install Facter,puppet same as puppetmaster. But the copied files are as follows
- [email protected] puppet-2.7.14]# CP Conf/redhat/client.init/etc/init.d/puppet
- CP conf/redhat/puppet.conf/etc/puppet/
- [Email protected] puppet-2.7.14]# chkconfig--level puppet on
To create a puppet user:
- [Email protected] puppet-2.7.14]# puppetd--mkusers
- Could not prepare for Execution:got 1 failure (s) while initializing:change from absent to present failed:could not crea Te user puppet:executionof '/usr/sbin/useradd-g puppet-m puppet ' returned 3:useradd:invalid numeric argument ' puppet '
- [Email protected] puppet-2.7.14]# Groupadd puppet;useradd-g puppet-m puppet
- [[Email protected] puppet-2.7.14]# service puppet start
- Starting puppet: [OK]
Modify puppet.conf, set 10 seconds to synchronize the service:
#vi/etc/puppet/puppet.conf
[Agent]
Server = puppetmaster.info.com
Listen = True
Report = True
Runinterval = 10
To restart the server:
#service Puppet Restart
Test parsing and puppetmaster ports are unblocked
Click ( here) to collapse or open
- [[Email protected] puppet-2.7.14]# telnet puppetmaster.info.com 8140
- Trying 192.168.0.12 ...
- Connected to Puppetmaster.info.com (192.168.0.12).
- Escape character is ' ^] '.
- [Email protected] puppet-2.7.14]# puppetd--test--server puppetmaster.info.com
- Warning:peer Certificate won ' is verified in this SSL session
- Info:caching Certificate for CA
- Warning:peer Certificate won ' is verified in this SSL session
- Warning:peer Certificate won ' is verified in this SSL session
- Info:creating a new SSL certificate request for Client1.info.com
- Info:certificate Request Fingerprint (MD5): 07:c9:d4:43:3c:3e:d6:d1:0a:b1:8b:71:db:6b:9d:fe
- Warning:peer Certificate won ' is verified in this SSL session
- Warning:peer Certificate won ' is verified in this SSL session
- Warning:peer Certificate won ' is verified in this SSL session
- Exiting; No certificate found and Waitforcert is disabled
# puppetd--test--server puppetmaster.info.com command refers to puppetd to read from puppetmaster.info.com
Puppet configuration file. The first connection, the two sides will be the SSL certificate authentication, this is a new client, on the server side there is not yet certified, so need to be on the server side certificate certification
The following step approves the certificate is operated on the server side
View the list of certificates currently pending approval
Click ( here) to collapse or open
- [Email protected] ~]# puppetca-l
- Client1.info.com (07:C9:D4:43:3C:3E:D6:D1:0A:B1:8B:71:DB:6B:9D:FE)
Approving the current certificate
Click ( here) to collapse or open
- [Email protected] ~]# puppetca-s client1.info.com
- notice:signed Certificate Request for Client1.info.com
- notice:removing file Puppet::ssl::certificaterequest client1.info.com at '/var/lib/puppet/ssl/ca/requests/ Client1.info.com.pem '
Review the verification signature, note the preceding + sign, and indicate that it has been signed
Click ( here) to collapse or open
- [Email protected] ~]# puppetca-a--list
- + client1.info.com (03:be:50:ae:72:1a:39:79:17:f4:e5:74:fd:cc:bc:8c)
- + puppetmaster.info.com (97:34:bf:26:a6:0e:e9:9c:db:76:d3:53:d0:56:60:83) (Alt Names:DNS:puppet, DNS: Puppet.info.com, DNS:puppetmaster.info.com)
If you want to approve all certificates
Click ( here) to collapse or open
- Puppetca-s-A
- You can also add this line to the puppet.conf on the puppetmaster side:
- Autosign = True
- Automatic certificate signing on the service side
Back to client operations, retrieving approved certificates from the server
Click ( here) to collapse or open
- [Email protected] puppet-2.7.14]# puppetd--test--server puppetmaster.info.com
- Warning:peer Certificate won ' is verified in this SSL session
- Info:caching Certificate for Client1.info.com
- Info:caching Certificate_revocation_list for CA
- info:caching Catalog for Client1.info.com
- Info:applying configuration Version ' 1378188531
Verify that the certificate is correct
Click ( here) to collapse or open
- Service side:
- [Email protected] ~]# MD5SUM/VAR/LIB/PUPPET/SSL/CA/SIGNED/CLIENT1.INFO.COM.PEM
- 27a295f39a6b4a6c7ceb74c9c3a5084c/var/lib/puppet/ssl/ca/signed/client1.info.com.pem
- Client:
- [Email protected] puppet-2.7.14]# MD5SUM/ETC/PUPPET/SSL/CERTS/CLIENT1.INFO.COM.PEM
- 27a295f39a6b4a6c7ceb74c9c3a5084c/etc/puppet/ssl/certs/client1.info.com.pem
- A problem with modifying the hostname causes an inability to authenticate and requires a re-request for a certificate, operating the following two steps:
- Service side:
- [Email protected] ~]# RM/VAR/LIB/PUPPET/SSL/CA/SIGNED/CLIENT1.INFO.COM.PEM-RF
- Client:
- [Email protected] puppet-2.7.14]# rm/etc/puppet/ssl/certs/-RF
Functional Testing
Service side:
Build pp file test
The first code executed by puppet is in/etc/puppet/manifest/site.pp, so the file must exist, and the other code will be called through the code.
Click ( here) to collapse or open
- [Email protected] ~]# vim/etc/puppet/manifests/site.pp
- Node Default {
- file {"/tmp/viong.txt":
- Content=> "Good,test Pass!\nhello world!\n";}
- }
The above code performs an operation on the default puppet client, generating a viong.txt file in the/tmp directory, Good,test pass! Carriage return Wrap Hello world! carriage return line.
The first time you create a PP file, you need to restart puppetmaster
Click ( here) to collapse or open
- [Email protected] ~]# service puppetmaster restart
- stopping puppetmaster: [OK]
- Starting puppetmaster: [OK]
Client:
Click ( here) to collapse or open
- [Email protected] puppet-2.7.14]# puppetd--test--server puppetmaster.info.com
- info:caching Catalog for Client1.info.com
- Info:applying configuration version ' 1378190404 '
- Notice:/stage[main]//node[default]/file[/tmp/viong.txt]/ensure:defined content as ' {MD5} 4750aa5be82dae5db286a5859700dd51 '
- notice:finished catalog run in 0.03 seconds
- If an error
- [Email protected] puppet-2.7.14]# puppetd--test--server puppetmaster.info.com
- Err:could not retrieve catalog from remote Server:error to server:could not to parse for environment Production:synta X error at end of file; Expected '} ' at/etc/puppet/manifests/site.pp:4 on node client1.info.com
- Warning:not using cache on failed catalog
- Err:could not retrieve catalog; Skipping run
- Maybe it's/etc/puppet/manifests/site.pp. This file has a problem writing format.
In the client view:
Click ( here) to collapse or open
- [Email protected] puppet-2.7.14]# ls-l/tmp/viong.txt
- -rw-r--r--1 root root, Sep 3 14:50/tmp/viong.txt
- [Email protected] puppet-2.7.14]# Cat/tmp/viong.txt
- Good,test pass!
Hello world!
Centos Installation Puppet