Puppet installation and configuration-preparation work
Two machines: 192.168.205.20 (server side) 192.168.205.21 (client)
Two machines close SELinux, empty iptables rules, and save, set hostname
Vim/etc/selinux/config
Selinux=disabled
Iptables-f
Service Iptables Save
20 on hostname web9.aming.com, vi/etc/sysconfig/network definition hostname (permanent)
21 on hostname web10.aming.com,vi/etc/sysconfig/network definition hostname
Edit the Hosts file, 20 and 21 all for
192.168.205.20 web9.aming.com
192.168.205.21 web10.aming.com
Two machines install ntpdate and set up a task plan for automatic synchronization time:
Yum Install-y NTP
CRONTAB-E//Join
*/10 * * * * ntpdate time.windows.com >/dev/null 2>&1
Puppet Installation
Service side (20) on
Install puppet source (both server and client installed)
Rpm-ivh "http://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-7.noarch.rpm"
Installing the server-side program
Yum Install-y puppet-server
Start the service
Service puppetmaster Start
Boot up
Chkconfig puppetmaster on
On the client (21)
Install puppet source (both server and client installed)
Rpm-ivh "http://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-7.noarch.rpm"
Installing the client program
Yum Install-y puppet
Modify configuration file vim/etc/puppet/puppet.conf, add under [Agent]
listen= true
Server = web9.aming.com//hosts on service side
Runinterval = 30//Automatic update every 30 seconds
Start the service
Service Puppet Start
Boot up
Chkconfig Puppet on
Puppet installation and configuration-configuring authentication
Server-side View list of client certificates
Puppet cert list--all//If a certificate is issued, it will be preceded by the bank with A +
Generate an SSL certificate on the client
Puppet Agent--test--server web9.aming.com
Server-side issue of the specified client certificate
Puppet cert--sign web10.aming.com
The server can delete the specified client certificate
Puppet cert Clean web10.aming.com
Remove all certificates
Puppet cert Clean--all
Attention
When the server deletes the client's certificate, the client will delete the file from the previous certificate directory.
rm-rf/var/lib/puppet/ssl/* (client operation) and restart/etc/init.d/puppetrestart
It is useful to check whether the syntax has an incorrect command
Puppet parser Validate manifests/init.pp
Puppet Installation and configuration