Install puppet on centos7

Source: Internet
Author: User

Install puppet on centos7

1. Install puppet. Note: the client and server versions should be the same as possible. If they cannot be the same, the client version cannot be too old. The server version cannot be lower than the client version.

Installation and simple configuration steps:

Installation preparation (applicable to server and client ):

First, you need to change the computer name: hostname puppet. nn. local or: hostname-F/etc/hostname (enter your computer name in this file, and create one if it does not exist)

Second, it is very important to change the/etc/hosts file (it is best to write the agent in too) to ensure that the ping at both ends is as follows:

192.168.1.1 puppet. nn. local // server end

192.168.1.2 agent. nn. local // agent End

Disable iptables and selinux.

Iptables-F (or open port 8140: iptables-a input-p tcp-m state -- state NEW-s 192.168.1.0/24 -- dport 8140-j ACCEPT)

Setenforce 0 or change enforce in/etc/selinux/config to disabled ----- "reboot your computer

Finally, make sure that the time between the server and the client remains the same. Otherwise, an error occurs when the client obtains the certificate. Ntp is the best choice. I installed the ntp server on puppet (not recommended in the experiment environment and production environment)

It is best to use the package manager of each version for installation. The following installation method is to use the redhat System for installation.

A. First install the epel Source: https://fedoraproject.org/wiki/epel/zh-cn, and select the desired download path. Such as: epel-release-7.noarch.rpm

Install: rpm-Uvh epel-release-7.noarch.rpm and then: yum update

B. Install the ruby and ruby libraries:

Yum-y install ruby-libs ruby-shadow (required by puppet)

C. Install the puppet Server:

Yum-y install puppet (client Side) puppet-server facter (equivalent to asset management, which can automatically report or obtain client information (such as software environment and operating system ))

* *** Add puppetmaster (main program) to the startup Item:

Earlier than RHEL7: chkconfig -- level 3 5 on puppetmaster

RHEL7: systemctl enable puppetmaster. service

D. Configure the server.

The main configuration file of puppet is/etc/puppet. conf.

Add the following content:

[Master]

Certname = puppet. nn. local // server name

Change the certificate storage address. We recommend that you store the Certificate in/var/puppet/ssl (/var/puppet/folder must be manually created and the owner should be changed to puppet users and groups)

[Main]

Ssldir =/var/puppet/ssl

Save and exit

Create the/etc/puppet/manifests/site. pp file. If there is a file, you do not need to create it. If not, create it. This file is related to whether puppetmaster can be started.

Start: service puppetmaster start (RHEL7: systemctl start puppetmaster. service). We recommend that you use puppet master -- verbose -- no-daemonize for the first time to view detailed information.

E. Configure the client:

The client configuration file is also:/etc/puppet. conf

Add the following content:

[Agent]

Certname = agent. nn. local

Server = puppet. nn. local

Report = true

Change the ssldir option as on the server.

[Main]

Ssldir =/var/puppet/ssl

Save and exit

Start: service puppet start or systemctl start puppet. service (RHEL7)

F. test:

Client:

Puppet agent -- server = puppet. nn. local -- verbose -- no-daemonize -- debug (if the server is started in no-daemonize mode, add this option to the client)

The purpose of this command is to enable the puppet agent in the mode of no Daemon. The advantage is that you can see the communication with the server and the process of signing the certificate to facilitate debugging. By default, puppet requests a signature from the server every 2 minutes.

The agent service is started only when the signed certificate sent from the server is obtained. You can also set the waiting time through -- waitforcert = time. If the time is 0, do not wait.

Server:

View the client Signature Application: puppet cert -- list

Sign the client: puppet cert -- sign agent. nn. local

Clear user certificate: puppet cert -- clean agent. nn. local (the client must delete the certificate at the same time: rm-rf/var/puppet/ssl/agent. nn. local)

G. when the problem is over, I would like to remind you that most of your firewall failures are caused by it. At least I have encountered such problems, such as no route to host.

References: proficient in puppet

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.