CentOS6.4: install puppet3.1.1 on the system. For more information, see chenshake's article OS: centso6.4X64Puppet3.1.1Puppetm.
Install puppet 3.1.1 on CentOS6.4 system. For more information, see chenshake.
|
OS: centso 6.4 X64Puppet 3.1.1Puppet master: master. canghai. comPuppet clients: node1-5.canghai.com |
Puppet requires that all machines have a complete domain name (FQDN). If no DNS server provides a domain name, you can set the host name on the two machines (note that you must set the host name before installing Puppet, because the host name is written into the certificate when Puppet is installed, this certificate is required for communication between the client and the server.) because I have configured DNS, you do not need to change the hosts, if not, you need to change the hosts file.
1. disable selinux and iptables and set ntp
CentOS-6.4-x86_64-minimal.iso is used to minimize installation, so first install ntp, wget and other commonly used tools
Install ntp wget
Disable selinux
|
Sed-I '/SELINUX/s/enforcing/disabled/g'/etc/selinux/configsetenforce 0 |
Stop iptables
|
Chkconfig ip6tables offchkconfig iptables off/etc/init. d/ip6tables stop/etc/init. d/iptables stop |
Set ntp
|
Ntpdate pool. ntp. orgchkconfig ntp onservice ntpd start |
2. install the puppet service
Puppet is not in the basic CentOS Source. you must add the official sources provided by PuppetLabs:
|
Wget http://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-7.noarch.rpmrpm-ivh puppetlabs-release-6-7.noarch.rpmyum update |
Install and enable the puppet service on the master:
|
Yum install puppet-serverchkconfig puppet onservice puppetmaster start |
Install the puppet client on clients
|
Yum install puppetchkconfig puppet onservice puppet start |
3. configure puppet
For the puppet client, modify/etc/puppet. conf and specify the master server
|
Vi/etc/puppet. conf [main] # The Puppet log directory. # The default value is '$ vardir/log '. logdir =/var/log/puppet # Where Puppet PID files are kept. # The default value is '$ vardir/run '. rundir =/var/run/puppet # Where SSL certificates are kept. # The default value is '$ confdir/ssl '. ssldir = $ vardir/ssl [agent] # The file in which puppetd stores a list of the classes # associated with the retrieved provided atiion. can be loaded in # the separate ''puppet'' executable using the ''-- loadclasses'' # option. # The default value is '$ confdir/classes.txt '. classfile = $ vardir/classes.txt # Where puppetd caches the local configuration. an # extension indicating the cache format is added automatically. # The default value is '$ confdir/localconfig '. localconfig = $ vardir/localconfigserver = master.canghai.com |
Restart the puppet service.
4. the Client applies for a certificate
Server-side automatic certificate issuance settings
Set the master to automatically issue all certificates. we only need to create the autosign. conf file in the/etc/puppet directory. (You do not need to modify the/etc/puppet. conf file because the location of my default autosign. conf file is not modified)
|
Cat>/etc/puppet/autosign. conf < |
In this way, all requests from canghai.com are automatically signed.
The client needs to send a request to the server for the server to manage the client. this is actually a process of issuing certificates. when you run the puppet client for the first time, an SSL certificate is generated and sent to the Puppet server. if the server agrees to manage the client, the certificate is issued. you can use this command to issue the certificate, because we have set the server address on the client, we do not need to contact the server address.
To learn more about the registration process and daily troubleshooting, you can add parameters because the configuration file contains
-No-daemonize foreground output log
-Verbose: enter more detailed logs.
-Debug more detailed logs, used in troubleshooting
-Test indicates the test. you can use the-test parameter.
|
Puppet agent -- no-daemonize -- onetime -- verbose -- debug |
You can apply for a certificate. because I configured the automatic issuance certificate, it was issued directly and executed on the server.
|
Puppet cert list -- all + "master.canghai.com" (SHA256) CA: 50: 6A: 51: D5: AD: F0: 73: BF: 83: A0: 4A: BF: 1F: 4E: F0: 56: C9: 4B: D8: 4D: BB: 62: 10: EE: 14: 16: D5: 96: D0: B6: F7 (alt names: "DNS: master.canghai.com", "DNS: puppet", "DNS: puppet.canghai.com") + "node1.canghai.com" (SHA256) B8: 95: 69: 2B: 7B: 3E: F4: 38: CA: 63: BE: A0: ED: 3C: E7: 05: 1F: 93: 53: 2D: 1C: 60: 67: E9: D8: 20: 99: 90: B8: 9B: D6: 40 + "node2.canghai.com" (SHA256) 6C: 65: 34: 9D: B1: 82: 35: 24: EF: 3F: 10: 2B: 10: F0: 0B: 44: 42: AB: 84: 42: 29: B5: 73: 1A: A0: 1D: D5: 1E: 9E: 24: BC: e3 + "node3.canghai.com" (SHA256) 57: 54: 33: 37: 23: A7: CD: BE: F6: 25: BD: 6F: E3: DA: F9: 57: 48: 50: C7: 5E: 36: 8F: F4: BA: C8: 27: DF: B0: A2: 84: 5F: AF + "node4.canghai.com" (SHA256) 65: 2F: 0E: E7: 98: F5: 05: 40: 31: 2F: FF: 36: A5: 3E: DE: C1: 91: E8: 45: 16: 55: 60: A1: 82: 74: BC: 84: EC: BA: C0: 62: F0 + "node5.canghai.com" (SHA256) 8C: 1B: 31: B6: C0: 9C: a5: AF: 89: 6C: 85: 1B: BA: D0: 03: 63: 07: 4C: B1: 89: D4: E6: B7: 4E: CA: 4A: 23: C7: 3C: 5F: CA: 3D |
You can see that all clients have issued certificates. the "+" sign is successfully issued. if the certificate has not been signed, you can use
|
Puppet cert -- sign node1.canghai.com |
To issue the certificate. after the certificate is issued, run
The certificate has been issued.
5. install the puppet dashboard on the server.
Install mysql
|
Yum install-y mysql-devel mysql-server |
Optimize mysql settings
Edit/etc/my. cnf and add the last line in the [mysqld] field.
|
Cat/etc/my. cnf [mysqld] datadir =/var/lib/mysqlsocket =/var/lib/mysql. sockuser = mysql # Disabling symbolic-links is recommended to prevent assorted security riskssymbolic-links = 0max_allowed_packet = 32 M [mysqld_safe] log-error =/var/log/mysqld. logpid-file =/var/run/mysqld. pid |
Start the service
|
/Etc/init. d/mysqld startchkconfig mysqld on |
Set the mysql password. here the password is 123456.
|
Mysqladmin-u root password '123' |
Create a dashboard database
Passenger + Apache + Dashboard
This allows Apache to support ruby. because Passenger is not in the official centos source, you need to add the epel source.
|
Wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpmrpm-ivh epel-release-6-8.noarch.rpmyum install mod_passenger puppet-dashboard |
Configure Dashboard
|
Vi/usr/share/puppet-dashboard/config/database. ymlproduction: database: dashboard username: dashboard password: 123456 encoding: utf8 adapter: mysql |
Modify time zone
|
Vi/usr/share/puppet-dashboard/config/environment. rb # config. time_zone = 'utc' config. time_zone = 'Beijing' |
Initialize database
|
Cd/usr/share/puppet-dashboard/rake RAILS_ENV = production db: migrate |
Configure Apache
We need to integrate Passenger and apache
|
Cat>/etc/httpd/conf. d/passenger. conf <EOFLoadModule passenger_module modules/mod_passenger.so PassengerRoot/usr/share/rubygems/gems/passenger-3.0.17PassengerRuby/usr/bin/rubyPassengerHighPerformance limit 12 limit 1500 limit 120 RailsAutoDetect On ServerName master. canghai. comDocumentRoot "/usr/share/puppet-dashboard/public/" <Directory "/usr/share/puppet-dashboard/public/"> Options NoneAllowOverride AuthConfigOrder allow, denyallow from all ErrorLog/var/log/httpd/master.canghai.com _ error. logLogLevel warnCustomLog/var/log/httpd/master.canghai.com _ access. log combinedServerSignature On EOF |
Start the service
|
/Etc/init. d/httpd startchkconfig httpd on |
Configure puppet
Let Dashboard use Reports. now the Report function is enabled by default, so you do not need to set the agent. you only need to set the Server side.
|
Vi/etc/puppet. conf [master] reports = store, httpreporturl = http://master.canghai.com: 80/reports/upload |
Restart puppetmaster service
|
/Etc/init. d/puppetmaster restart |
At this time, you can directly access puppet Dashboard through http: // ip
Import Report
|
Cd/usr/share/puppet-dashboardrake RAILS_ENV = production reports: import |
At this time, you can access the Dashboard to view the import task.
4. execute the imported reports
|
Cd/usr/share/puppet-dashboardrake jobs: work RAILS_ENV = "production" |