Home > Developer > CentOS

Centos Installation Puppet

Source: Internet
Author: User
Tags rrd
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Environment Description:

Os:centos 5.4 i386
puppetmaster 192.168.0.12 hostname:puppetmaster.info.com
Client 192.168.0.64 hostname:client1.info.com


schematic diagram:




1) client collects client information via Facter and sends to server
2) Connect to the server and request catalog log
3) Information for the request nodes (node)
4) Instances from the server-side receive node
5) Compile code (including grammar checking, etc.)
6) query whether there are exported virtual resources
7) If available, receive virtual resources from the database
8) receive the full catalog log
9) Store catalog log to database
10) The client receives the full catalog log


One, time synchronization, and write Crontab

    1. 1 * * */usr/sbin/ntpdate pool.ntp.org; Hwclock-w >/dev/null 2>&1


Second, modify the hostname, and write to the/etc/hosts file

Puppet requires that all machines have a full domain name (FQDN), and if no DNS server provides a domain name, you can set the host name on both machines
(Note that it is recommended to set the hostname before installing Puppet, because the host name is written to the certificate when the Puppet is installed, the client and server communication requires this certificate)

    1. 192.168.0.12 puppetmaster.info.com
    2. 192.168.0.64 client1.info.com



Third, install Ruby

    1. [email protected] ~]# yum install ruby Ruby-libs ruby-rdoc-y
    4. [Email protected] ~]# Ruby--version
    5. Ruby 1.8.5 (2006-08-25) [I386-linux]

I installed the 1.8.5, do not install 1.8.7 Puppet is not supported, (I have not tried, if there is unsupported situation, pay attention to here. )

Iv. installation of Facter

You must install Facter before installing puppet
Facter is a system inventory Tool, collect some of the main information, such as CPU, host IP, etc., it collects values sent to the puppet server side, the server can be based on different conditions to different node machines to generate different puppet configuration files


Puppet Resource Download Point http://downloads.puppetlabs.com/

    1. [Email protected] src]# wget http://downloads.puppetlabs.com/facter/facter-1.6.8.tar.gz
    2. [Email protected] src]# tar xzvf facter-1.6.8.tar.gz
    3. [Email protected] src]# CD facter-1.6.8
    4. [Email protected] facter-1.6.8]# Ruby INSTALL.RB



V. Installation of Puppet

    1. [Email protected] src]# wget http://downloads.puppetlabs.com/puppet/puppet-2.7.14.tar.gz
    2. [Email protected] src]# tar xzvf puppet-2.7.14.tar.gz
    3. [Email protected] src]# CD puppet-2.7.14
    4. [Email protected] puppet-2.7.14]# Ruby INSTALL.RB



Vi. Copying configuration files

    1. [email protected] puppet-2.7.14]# CP conf/redhat/fileserver.conf/etc/puppet/
    2. [email protected] puppet-2.7.14]# CP conf/redhat/puppet.conf/etc/puppet/
    3. [email protected] puppet-2.7.14]# CP Conf/redhat/server.init/etc/init.d/puppetmaster



Seven, set up the puppetmaster service boot

    1. [Email protected] puppet-2.7.14]# ls-l/etc/init.d/puppetmaster
    2. -rwxr-xr-x 1 root root 3936 Sep 3 12:13/etc/init.d/puppetmaster
    3. [Email protected] puppet-2.7.14]#
    4. [Email protected] puppet-2.7.14]# chkconfig--add puppetmaster
    5. [Email protected] puppet-2.7.14]# chkconfig--level puppetmaster on


Eight, create puppet account

    1. [Email protected] puppet-2.7.14]# Puppetmasterd--mkusers



1) Confirm that the manifest folder is generated

    1. [Email protected] puppet-2.7.14]# ls-l/etc/puppet/
    2. Total 16
    3. -rw-r--r--1 root root 2552 Sep 3 12:11 auth.conf
    4. -rwxr-xr-x 1 root root 381 Sep 3 12:13 fileserver.conf
    5. Drwxr-xr-x 2 root root 4096 Sep 3 12:17 manifests
    6. -rwxr-xr-x 1 root root 853 Sep 3 12:13 puppet.conf


2) Confirm that the system generates puppet users

    1. [[email protected] puppet-2.7.14]# ID puppet
    2. uid=1002 (puppet) gid=1002 (puppet) groups=1002 (puppet)
    4. [Email protected] puppet]# cat/etc/passwd |grep puppet
    5. Puppet:x:1002:1002::/home/puppet:/bin/bash



3) Ensure that the/VAR/LIB/PUPPET/RRD directory exists and that the owner is puppet

    1. [Email protected] puppet]# ls-l/var/lib/puppet/
    2. Total 36
    3. Drwxr-x---2 puppet puppet 4096 Sep 3 12:17 bucket
    4. Drwxr-xr-x 2 root root 4096 Sep 3 12:17 Facts
    5. Drwxr-xr-x 2 root root 4096 Sep 3 12:17 Lib
    6. Drwxr-x---2 puppet puppet 4096 Sep 3 12:17 reports
    7. Drwxr-x---2 puppet puppet 4096 Sep 3 12:17 RRD
    8. Drwxr-x---2 puppet puppet 4096 Sep 3 12:17 server_data
    9. Drwxrwx--x 8 puppet root 4096 Sep 3 12:26 SSL
    10. Drwxr-xr-t 2 root root 4096 Sep 3 12:17 state
    11. Drwxr-x---2 puppet puppet 4096 Sep 3 12:17 Yaml


4) View Port

    1. [Email protected] puppet]# NETSTAT-TANLP | grep 8140
    2. TCP 0 0 0.0.0.0:8140 0.0.0.0:* LISTEN 4556/ruby

5) Open the 8140 port of the firewall
#vi/etc/sysconfig/iptables

Increase:

-A input-m state--state new-m tcp-p TCP--dport 8140-j ACCEPT

Restart the firewall after saving:

#service iptables Restart


Client:

Install Facter,puppet same as puppetmaster. But the copied files are as follows

    1. [email protected] puppet-2.7.14]# CP Conf/redhat/client.init/etc/init.d/puppet
    2. CP conf/redhat/puppet.conf/etc/puppet/
    3. [Email protected] puppet-2.7.14]# chkconfig--level puppet on

To create a puppet user:

    1. [Email protected] puppet-2.7.14]# puppetd--mkusers
    2. Could not prepare for Execution:got 1 failure (s) while initializing:change from absent to present failed:could not crea Te user puppet:executionof '/usr/sbin/useradd-g puppet-m puppet ' returned 3:useradd:invalid numeric argument ' puppet '
    4. [Email protected] puppet-2.7.14]# Groupadd puppet;useradd-g puppet-m puppet
    5. [[Email protected] puppet-2.7.14]# service puppet start
    6. Starting puppet: [OK]

Modify puppet.conf, set 10 seconds to synchronize the service:

#vi/etc/puppet/puppet.conf
[Agent]
Server = puppetmaster.info.com
Listen = True
Report = True
Runinterval = 10

To restart the server:

#service Puppet Restart


Test parsing and puppetmaster ports are unblocked

Click ( here) to collapse or open

  2. [[Email protected] puppet-2.7.14]# telnet puppetmaster.info.com 8140
  4. Trying 192.168.0.12 ...
  6. Connected to Puppetmaster.info.com (192.168.0.12).
  8. Escape character is ' ^] '.
  12. [Email protected] puppet-2.7.14]# puppetd--test--server puppetmaster.info.com
  14. Warning:peer Certificate won ' is verified in this SSL session
  16. Info:caching Certificate for CA
  18. Warning:peer Certificate won ' is verified in this SSL session
  20. Warning:peer Certificate won ' is verified in this SSL session
  22. Info:creating a new SSL certificate request for Client1.info.com
  24. Info:certificate Request Fingerprint (MD5): 07:c9:d4:43:3c:3e:d6:d1:0a:b1:8b:71:db:6b:9d:fe
  26. Warning:peer Certificate won ' is verified in this SSL session
  28. Warning:peer Certificate won ' is verified in this SSL session
  30. Warning:peer Certificate won ' is verified in this SSL session
  32. Exiting; No certificate found and Waitforcert is disabled

# puppetd--test--server puppetmaster.info.com command refers to puppetd to read from puppetmaster.info.com
Puppet configuration file. The first connection, the two sides will be the SSL certificate authentication, this is a new client, on the server side there is not yet certified, so need to be on the server side certificate certification



The following step approves the certificate is operated on the server side

View the list of certificates currently pending approval

Click ( here) to collapse or open

    1. [Email protected] ~]# puppetca-l
    2. Client1.info.com (07:C9:D4:43:3C:3E:D6:D1:0A:B1:8B:71:DB:6B:9D:FE)




Approving the current certificate

Click ( here) to collapse or open

    1. [Email protected] ~]# puppetca-s client1.info.com
    2. notice:signed Certificate Request for Client1.info.com
    3. notice:removing file Puppet::ssl::certificaterequest client1.info.com at '/var/lib/puppet/ssl/ca/requests/ Client1.info.com.pem '



Review the verification signature, note the preceding + sign, and indicate that it has been signed

Click ( here) to collapse or open

    1. [Email protected] ~]# puppetca-a--list
    2. + client1.info.com (03:be:50:ae:72:1a:39:79:17:f4:e5:74:fd:cc:bc:8c)
    3. + puppetmaster.info.com (97:34:bf:26:a6:0e:e9:9c:db:76:d3:53:d0:56:60:83) (Alt Names:DNS:puppet, DNS: Puppet.info.com, DNS:puppetmaster.info.com)



If you want to approve all certificates

Click ( here) to collapse or open

    1. Puppetca-s-A
    2. You can also add this line to the puppet.conf on the puppetmaster side:
    3. Autosign = True
    4. Automatic certificate signing on the service side


Back to client operations, retrieving approved certificates from the server

Click ( here) to collapse or open

    1. [Email protected] puppet-2.7.14]# puppetd--test--server puppetmaster.info.com
    2. Warning:peer Certificate won ' is verified in this SSL session
    3. Info:caching Certificate for Client1.info.com
    4. Info:caching Certificate_revocation_list for CA
    5. info:caching Catalog for Client1.info.com
    6. Info:applying configuration Version ' 1378188531



Verify that the certificate is correct

Click ( here) to collapse or open

    1. Service side:
    2. [Email protected] ~]# MD5SUM/VAR/LIB/PUPPET/SSL/CA/SIGNED/CLIENT1.INFO.COM.PEM
    3. 27a295f39a6b4a6c7ceb74c9c3a5084c/var/lib/puppet/ssl/ca/signed/client1.info.com.pem
    5. Client:
    6. [Email protected] puppet-2.7.14]# MD5SUM/ETC/PUPPET/SSL/CERTS/CLIENT1.INFO.COM.PEM
    7. 27a295f39a6b4a6c7ceb74c9c3a5084c/etc/puppet/ssl/certs/client1.info.com.pem
    10. A problem with modifying the hostname causes an inability to authenticate and requires a re-request for a certificate, operating the following two steps:
    11. Service side:
    12. [Email protected] ~]# RM/VAR/LIB/PUPPET/SSL/CA/SIGNED/CLIENT1.INFO.COM.PEM-RF
    14. Client:
    15. [Email protected] puppet-2.7.14]# rm/etc/puppet/ssl/certs/-RF



Functional Testing

Service side:
Build pp file test
The first code executed by puppet is in/etc/puppet/manifest/site.pp, so the file must exist, and the other code will be called through the code.

Click ( here) to collapse or open

    1. [Email protected] ~]# vim/etc/puppet/manifests/site.pp
    2. Node Default {
    3. file {"/tmp/viong.txt":
    4. Content=> "Good,test Pass!\nhello world!\n";}
    5. }


The above code performs an operation on the default puppet client, generating a viong.txt file in the/tmp directory, Good,test pass! Carriage return Wrap Hello world! carriage return line.

The first time you create a PP file, you need to restart puppetmaster

Click ( here) to collapse or open

    1. [Email protected] ~]# service puppetmaster restart
    2. stopping puppetmaster: [OK]
    3. Starting puppetmaster: [OK]


Client:

Click ( here) to collapse or open

  2. [Email protected] puppet-2.7.14]# puppetd--test--server puppetmaster.info.com
  4. info:caching Catalog for Client1.info.com
  6. Info:applying configuration version ' 1378190404 '
  8. Notice:/stage[main]//node[default]/file[/tmp/viong.txt]/ensure:defined content as ' {MD5} 4750aa5be82dae5db286a5859700dd51 '
  10. notice:finished catalog run in 0.03 seconds
  16. If an error
  18. [Email protected] puppet-2.7.14]# puppetd--test--server puppetmaster.info.com
  20. Err:could not retrieve catalog from remote Server:error to server:could not to parse for environment Production:synta X error at end of file; Expected '} ' at/etc/puppet/manifests/site.pp:4 on node client1.info.com
  22. Warning:not using cache on failed catalog
  24. Err:could not retrieve catalog; Skipping run
  28. Maybe it's/etc/puppet/manifests/site.pp. This file has a problem writing format.



In the client view:

Click ( here) to collapse or open

    1. [Email protected] puppet-2.7.14]# ls-l/tmp/viong.txt
    2. -rw-r--r--1 root root, Sep 3 14:50/tmp/viong.txt
    3. [Email protected] puppet-2.7.14]# Cat/tmp/viong.txt
    4. Good,test pass!
      Hello world!

Centos Installation Puppet

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
openstack installation on centos piwik installation centos openstack mitaka installation on centos 7 openstack newton installation on centos 7 puppet scripts puppet overview puppet repository
Related Article
Play Openresty 1.13.6.1 resty-cli module on CentOS 6.9 x86_64
Install build Essentials on CentOS 7 and Ubuntu 14.03
Linux CentOS Centos7 installs oci8 and PDO_OCI extensions
Setting up a PPPoE server on Linux (CentOS)
Installing a Ceph storage cluster under CentOS 7
CENTOS 6.10 Installation VirtualBox virtualization Platform

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More