Home > Others

Puppet initialization installation and configuration (puppet Automation Series 1)

Source: Internet
Author: User
Tags ssl certificate
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

First, the server planning

The following are the latest versions of Yum installed directly.

Server operating system is centos6.2

Puppetmaster1 10.168.32.116 puppstmaster1.jq.com

Puppetmaster2 10.168.32.117 puppetmaster2.jq.com

Puppet1 10.168.32.120 ag1.jq.com

Puppet2 10.168.32.121 ag2.jq.com

PUPPETCA1 10.168.32.118 puppetca1.jq.com

PUPPETCA2 10.168.32.119 puppetca2.jq.com

Facter.x86_64 1:2.3.0-1.el6

Puppet.noarch 0:3.7.3-1.el6

Second, software Installation

2.1 Installing the Epel Package

All servers Install Epel packages

RPM-IVH http://mirror.bjtu.edu.cn/fedora-epel/6/x86_64/epel-release-6-8.noarch.rpm

RPM-IVH http://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm

2.2 Puppet Master installation configuration

[[Email protected] ~] #yum Install Puppet-server puppet

[[Email protected] ~] #yum Install Facter

[Email protected] ~]# cat/etc/puppet/puppet.conf

[Main]

LogDir =/var/log/puppet

Rundir =/var/run/puppet

Ssldir = $vardir/ssl

[Agent]

Classfile = $vardir/classes.txt

Localconfig = $vardir/localconfig

Server = puppetmaster1.jq.com

CertName = puppetmaster1_cert.jq.com

[Master]

CertName = puppetmaster1.jq.com

Create site.pp file, site.pp file is puppet read all module pp file start

[Email protected] ~]# touch/etc/puppet/manifests/site.pp

[Email protected] ~]#/etc/init.d/puppetmaster restart

stopping puppetmaster: [OK]

Starting puppetmaster: [OK]

[Email protected] ~]#/etc/init.d/puppetmaster restart

[Email protected] ~]# chkconfig puppetmaster on

The boot daemon initializes the puppet environment, creates a local authentication center, creates a master-related certificate and key, and opens the appropriate network socket to wait for the client to connect. You can view puppet's SSL information and related certificates in the/etc/puppet/ssl directory.

[Email protected] ~]# tree/var/lib/puppet/ssl/

/var/lib/puppet/ssl/

├──ca

│├──ca_crl.pem

│├──ca_crt.pem

│├──ca_key.pem

│├──ca_pub.pem

│├──inventory.txt

│├──private

││└──ca.pass

│├──requests

│├──serial

│└──signed

│├──puppetmaster1_cert.jq.com.pem

│└──puppetmaster1.jq.com.pem

├──certificate_requests

│└──puppetmaster1_cert.jq.com.pem

├──certs

│├──ca.pem

│├──puppetmaster1_cert.jq.com.pem

│└──puppetmaster1.jq.com.pem

├──crl.pem

├──private

├──private_keys

│├──puppetmaster1_cert.jq.com.pem

│└──puppetmaster1.jq.com.pem

└──public_keys

├──puppetmaster1_cert.jq.com.pem

└──puppetmaster1.jq.com.pem

The boot daemon initializes the puppet environment, creates a local authentication center, creates a master-related certificate and key, and opens the appropriate network socket* to wait for the client to connect. You can view puppet's SSL information and related certificates in the/etc/puppet/ssl directory.

[Email protected] ~]# tree/var/lib/puppet/ssl/

/var/lib/puppet/ssl/

├──ca

│├──ca_crl.pem

│├──ca_crt.pem

│├──ca_key.pem

│├──ca_pub.pem

│├──inventory.txt

│├──private

││└──ca.pass

│├──requests

│├──serial

│└──signed

│├──puppetmaster1_cert.jq.com.pem

│└──puppetmaster1.jq.com.pem

├──certificate_requests

│└──puppetmaster1_cert.jq.com.pem

├──certs

│├──ca.pem

│├──puppetmaster1_cert.jq.com.pem

│└──puppetmaster1.jq.com.pem

├──crl.pem

├──private

├──private_keys

│├──puppetmaster1_cert.jq.com.pem

│└──puppetmaster1.jq.com.pem

└──public_keys

├──puppetmaster1_cert.jq.com.pem

└──puppetmaster1.jq.com.pem

9 Directories, files

The first time you start puppet, you can use

Puppet agent-t--verbose--no-daemonize command test.

The parameter--verbose causes master to output verbose logs, while the--no-daemonize parameter enables the Masteris to run in the foreground and redirect the output to standard output. You can also add the--debug parameter to produce more verbose debug output.

Viewing the listening status when the puppetmaster service is turned on, the TCP 8140 port is listening by default

[Email protected] ~]# NETSTAT-NLATP | grep 8140

TCP 0 0 0.0.0.0:8140 0.0.0.0:* LISTEN 18524/ruby

[Email protected] ~]# lsof-i:8140

COMMAND PID USER FD TYPE DEVICE size/off NODE NAME

Puppetmas 1976 puppet 5u IPv4 14331 0t0 TCP *:8140 (LISTEN)

2.3 Puppet Agent Installation Configuration

Installing Puppet and Facter

[email protected] ssl]# Yum install-y puppet Facter

facter.x86_64 1:2.3.0-1.el6 Puppet.noarch 0:3.7.3-1.el6

[Email protected] puppet]# cat/etc/puppet/puppet.conf

# # Config by puppet # # #

[Main]

LogDir =/var/log/puppet

Rundir =/var/run/puppet

Ssldir = $vardir/ssl

#pluginsync = False

[Agent]

Classfile = $vardir/classes.txt

Localconfig = $vardir/localconfig

Server = puppetmaster1.jq.com

CertName = ag1_cert.jq.com

Runinterval = 1000

Request a Certificate

[Email protected] puppet]# puppet agent-t

Info:creating a new SSL key for ag1_cert.jq.com

Info:caching Certificate for CA

Info:csr_attributes File Loading From/etc/puppet/csr_attributes.yaml

Info:creating a new SSL certificate request for Ag1_cert.jq.com

Info:certificate Request Fingerprint (SHA256): ad:51:37:b7:5d:4e:7c:9f:7d:5e:7b:c6:de:6a:00:f4:aa:ce:a9:51:c0 : 89:73:90:1e:71:dc:0e:9c:63:a3:2f

Info:caching Certificate for CA

Exiting; No certificate found and Waitforcert is disabled

Master Registration Certificate

[Email protected] ~]# puppet cert--sign--ag1.jq.com

Client requests again

[Email protected] puppet]# puppet agent-t

The first time you start puppet, you can use

Puppet agent-t--verbose--no-daemonize command test.

The parameter--verbose causes master to output verbose logs, while the--no-daemonize parameter enables the Masteris to run in the foreground and redirect the output to standard output. You can also add the--debug parameter to produce more verbose debug output. Puppet Agent Installation Configuration

Viewing the listening status when the puppetmaster service is turned on, the TCP 8140 port is listening by default

[Email protected] ~]# NETSTAT-NLATP | grep 8140

TCP 0 0 0.0.0.0:8140 0.0.0.0:* LISTEN 18524/ruby

[Email protected] ~]# lsof-i:8140

COMMAND PID USER FD TYPE DEVICE size/off NODE NAME

Puppetmas 1976 puppet 5u IPv4 14331 0t0 TCP *:8140 (LISTEN)

This system puppet all according to Kisspuppet's blog (http://kisspuppet.com/) to carry on the experiment, very thanks!!!

Puppet initialization installation and configuration (puppet Automation Series 1)

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
puppet configuration file puppet configuration management tool configuration management puppet chef puppet configuration tool ansible and puppet puppet scripts puppet overview

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More