CentOS7: Installing puppet

Environment Description:

192.168.153.133 Master.localdomain #Puppet Server

192.168.153.134 Agent1.localdomain #Puppet Agent

The machine name here does not have the underline and other special services, otherwise it will be reported "the scheme puppet does not accept registry part" error message.

1. Installing puppet Server

$ hostnamectl set-hostname  master.localdomain         #设置机器名称 $ systemctl reboot                                    cat /etc/  192.168. 154.133 Master Master.localdomain 192.168. 154.134  Yuminstall puppet-server                            #安装Puppet server# firewall-cmd-- Permanent--add-port=8140/tcp6        #修改防火墙, add 8140 ports

2. Installing the puppet Agent

$ hostnamectl set-hostname  agent1.localdomain         #设置机器名称 $ systemctl reboot                                    cat /etc/  192.168. 154.133 Master Master.localdomain  Yuminstall puppet                                 #安装Puppet Agent

3. Test puppet

Create test file site.pp (server side):

cat /etc/puppet/manifests/site.ppnode Default {    file"/tmp/ Helloworld.txt"  :        "Hello world! " ,    }}

Start the server in No-daemonize mode so that you can see the operation information (server side) in the console:

$ puppet Master--no-daemonize--3.6. 2         #启动成功, you'll see this information.

To edit the client puppet.conf, add the server configuration entry (agent side):

cat /etc/puppet/puppet.conf[agent]    ...     = Master.localdomain

Start agent (agent side):

$ puppet Agent--testinfo:creating A new SSL key foragent1.localdomainInfo:Caching Certificate forcainfo:csr_attributesfileLoading from/etc/puppet/csr_attributes.yamlInfo:Creating A new SSL certificate request foragent1.localdomainInfo:Certificate Request Fingerprint (SHA256): 1 D: ,: A: 3b:1f: +: 8c:b5:Bayi: the: 0f:ff:cc:4a:4f:8e:ba:b4:5f:7c:94: the: the: the: a2:0c:c0: -:D 9:1d: -: 9einfo:caching Certificate forcaexiting; No certificate found and Waitforcert is disabled

After startup, the agent requests a certificate from the server because the certificate has not yet been audited by the server, so the communication is not successful at this time.

Go back to the server and query the certificate via puppet cert:

$ puppet Cert List-- All"Agent1.localdomain"(SHA256) 1 D: ,: A: 3b:1f: +: 8c:b5:Bayi: the: 0f:ff:cc:4a:4f:8e:ba:b4+"Master.localdomain"(SHA256) -: A1: A: -: A: to: the: a5:e5: the: 2b:f6: -: to: a8:d6:1f:9b

The certificate list has a CS_AGNET1 request and is currently in an unaudited state (first without +). Audit Certificate:

$ puppet cert sign agent1.localdomain$ puppet cert list-- All+"Agent1.localdomain"(SHA256) the: 7F: -: A8:3c:b8:ef:b9:e2:ad:1d:5c:d7: the: B6: Geneva: CF: -+"Master.localdomain"(SHA256) -: A1: A: -: A: to: the: a5:e5: the: 2b:f6: -: to: a8:d6:1f:9b:

Start the agent again:

# Puppet Agent--for'1479087051'{MD5 }ed076287532e86365e841e92bfc50d8c'in0.02 seconds

At this point, view/tmp/helloworld.txt, the file is automatically synchronized.

During the certificate request process, if there is a problem, you can remove the certificate re-application, which generally resolves the issue.

rm -rf/var/lib/puppet     #删除缓存文件Server: $ puppet cert clean Agent1.localdomain

CentOS7: Installing puppet