Installation of Puppet

Source: Internet
Author: User
Tags rrd ssl certificate ssl connection

Puppet
Features and introduction: Batch management and deployment for multiple servers
Required Package: facter-1.6.18.tar.gz puppet-2.7.22.tar.gz (Facter package is Puppet's dependent package)
Steps:
server-ip:192.168.13.54 Domain name www.wyx1.com
client-ip:192.168.13.55 Domain name www.wyx2.com

Server
Iptables-f
Setenforce 0
Hostname www.wyx1.com
Vim/etc/hosts
192.168.13.54 www.wyx1.com
192.168.13.55 www.wyx2.com


1. Time synchronization, and write crontab, server and client to do (sometimes do not do)
1 * */usr/sbin/ntpdate pool.ntp.org; Hwclock-w >/dev/null 2>&1

2. Installation Ruby--puppet is written in the Ruby language
Yum install ruby Ruby-libs ruby-rdoc-y

3. Installing Facter
Tar xvf facter-1.6.18.tar.gz
CD facter-1.6.18
Ruby Install.rb

4. Installing puppet
Tar xvf puppet-2.7.22.tar.gz
CD puppet-2.7.22
Ruby Install.rb

5. Copy the configuration file
CP conf/redhat/fileserver.conf/etc/puppet/
CP conf/redhat/puppet.conf/etc/puppet/
CP Conf/redhat/server.init/etc/init.d/puppetmaster


6. Setting up the puppetmaster service boot
chmod 755/etc/init.d/puppetmaster
Chkconfig--add puppetmaster
Chkconfig--level puppetmaster on

7. Create a Puppet account
[Email protected] puppet-2.7.14]# Puppetmasterd--mkusers

8. Verify that the manifest folder is generated
[Email protected] puppet-2.7.14]# ls-l/etc/puppet/
-rw-r--r--1 root root 2552 Sep 3 12:11 auth.conf
-rwxr-xr-x 1 root root 381 Sep 3 12:13 fileserver.conf
Drwxr-xr-x 2 root root 4096 Sep 3 12:17 manifests
-rwxr-xr-x 1 root root 853 Sep 3 12:13 puppet.conf

9. Confirm that the system generates puppet users
[[email protected] puppet-2.7.14]# ID puppet
uid=1002 (puppet) gid=1002 (puppet) groups=1002 (puppet)

CAT/ETC/PASSWD |grep Puppet
Puppet:x:1002:1002::/home/puppet:/bin/bash

10. Ensure that the/VAR/LIB/PUPPET/RRD directory exists and that the owner is puppet
Ls-l/var/lib/puppet/
Total 36
Drwxr-x---2 puppet puppet 4096 Sep 3 12:17 bucket
Drwxr-xr-x 2 root root 4096 Sep 3 12:17 Facts
Drwxr-xr-x 2 root root 4096 Sep 3 12:17 Lib
Drwxr-x---2 puppet puppet 4096 Sep 3 12:17 reports
Drwxr-x---2 puppet puppet 4096 Sep 3 12:17 RRD
Drwxr-x---2 puppet puppet 4096 Sep 3 12:17 server_data
Drwxrwx--x 8 puppet root 4096 Sep 3 12:26 SSL
Drwxr-xr-t 2 root root 4096 Sep 3 12:17 state
Drwxr-x---2 puppet puppet 4096 Sep 3 12:17 Yaml

11. View Ports
NETSTAT-TANLP | grep 8140
TCP 0 0 0.0.0.0:8140 0.0.0.0:* LISTEN 4556/ruby


--------------------------------------------------------------------------------
Client

1. Time synchronization, and write crontab, server and client to do (sometimes do not do)
1 * */usr/sbin/ntpdate pool.ntp.org; Hwclock-w >/dev/null 2>&1

2. Installation Ruby--puppet is written in the Ruby language
Yum install ruby Ruby-libs ruby-rdoc-y

3. Installing Facter
Tar xvf facter-1.6.18.tar.gz
CD facter-1.6.18
Ruby Install.rb

4. Installing puppet
Tar xvf puppet-2.7.22.tar.gz
CD puppet-2.7.22
Ruby Install.rb

5. Copy the configuration file
[email protected] puppet-2.7.14]# CP Conf/redhat/client.init/etc/init.d/puppet
[Email protected] puppet-2.7.14]# chkconfig--level puppet on
[Email protected] puppet-2.7.14]# puppetd--mkusers
Could not prepare for Execution:got 1 failure (s) while initializing:change from absent to present
Failed:could not create user puppet:execution of '/usr/sbin/useradd-g puppet-m puppet ' returned 3:useradd:
Invalid numeric argument ' puppet '

[Email protected] puppet-2.7.14]# Groupadd puppet;useradd-g puppet-m puppet
[Email protected] puppet-2.7.14]# chmod 777/etc/init.d/puppet
[[Email protected] puppet-2.7.14]# service puppet start
Starting puppet: [OK]

6. Test parsing and Puppetmaster port is unblocked

Telnet www.wyx1.com 8140
Trying 192.168.13.54 ...
Connected to Www.wyx1.com (192.168.13.54).
Escape character is ' ^] '.

[Email protected] puppet-2.7.14]# puppetd--test--server www.wyx1.com
Warning:peer Certificate won ' is verified in this SSL session
Info:caching Certificate for CA
Warning:peer Certificate won ' is verified in this SSL session
Warning:peer Certificate won ' is verified in this SSL session
Info:creating a new SSL certificate request for Client1.info.com
Info:certificate Request Fingerprint (MD5): 07:c9:d4:43:3c:3e:d6:d1:0a:b1:8b:71:db:6b:9d:fe
Warning:peer Certificate won ' is verified in this SSL session
Warning:peer Certificate won ' is verified in this SSL session
Warning:peer Certificate won ' is verified in this SSL session
Exiting; No certificate found and Waitforcert is disabled

# puppetd--test--server puppetmaster.info.com command refers to puppetd to read from puppetmaster.info.com
Puppet configuration file. The first connection, the two sides will be the SSL certificate authentication, this is a new client, on the server side there has not been certified,
Therefore, certificate authentication is required on the server side

-------------------------------------------------------------------------------
The following step approves the certificate is operated on the server side
To view the list of certificates currently pending approval:
[Email protected] ~]# puppetca-l
Www.wyx2.com (07:C9:D4:43:3C:3E:D6:D1:0A:B1:8B:71:DB:6B:9D:FE)

Approve the current certificate:
[[email protected] ~]# Puppetca-s-A
notice:signed Certificate Request for Client1.info.com
notice:removing file Puppet::ssl::certificaterequest client1.info.com at '/var/lib/puppet/ssl/ca/requests/ Client1.info.com.pem '

Review the verification signature, note the preceding + sign, stating that it has been signed:
[Email protected] ~]# puppetca-a--list
+ www.wyx2.com (03:be:50:ae:72:1a:39:79:17:f4:e5:74:fd:cc:bc:8c)
+ www.wyx1.com (97:34:bf:26:a6:0e:e9:9c:db:76:d3:53:d0:56:60:83) (Alt Names:DNS:puppet, DNS:puppet.info.com, DNS: puppetmaster.info.com)


Back to client operations, retrieving approved certificates from the server
puppetd--test--server www.wyx1.com
Warning:peer Certificate won ' is verified in this SSL session
Info:caching Certificate for Client1.info.com
Info:caching Certificate_revocation_list for CA
info:caching Catalog for Www.wyx2.com
Info:applying configuration Version ' 1378188531


Functional Testing
Service side:
Build pp file test
The first code executed by puppet is in/etc/puppet/manifest/site.pp, so the file must exist, and the other code will be called through the code.
[Email protected] ~]# vim/etc/puppet/manifests/site.pp
Node Default {
file {"/tmp/viong.txt":
Content=> "Good,test Pass!\nhello world!\n";}
}
The above code performs an operation on the default puppet client, generating a viong.txt file in the/tmp directory, Good,test pass! Carriage return Wrap Hello world! carriage return line.

The first time you create a PP file, you need to restart puppetmaster
[Email protected] ~]# service puppetmaster restart
stopping puppetmaster: [OK]
Starting puppetmaster: [OK]

Client:
[Email protected] puppet-2.7.14]# puppetd--test--server www.wyx1.com
info:caching Catalog for Www.wyx2.com
Info:applying configuration version ' 1378190404 '
Notice:/stage[main]//node[default]/file[/tmp/viong.txt]/ensure:defined content as ' {MD5} 4750aa5be82dae5db286a5859700dd51 '
notice:finished catalog run in 0.03 seconds


8. If an error

9.[[email protected] puppet-2.7.14]# puppetd--test--server www.wyx1.com
Err:could not retrieve catalog from remote Server:error to server:could not to parse for environment Production:synta X error at end of file; Expected '} ' at/etc/puppet/manifests/site.pp:4 on node client1.info.com
Warning:not using cache on failed catalog
Err:could not retrieve catalog; Skipping run
Maybe it's/etc/puppet/manifests/site.pp. This file has a problem writing format.


In the client view:
[Email protected] puppet-2.7.14]# ls-l/tmp/viong.txt
Cat/tmp/viong.txt
Good,test pass!
Hello world!





Wrong row

1. The following error occurred when connecting to master:
Dnsdomainname:unknown Host
Workaround: Check the settings of the machine hostname and whether to add it into hosts.
2. The following error occurred when connecting to master:
Err:could not request Certificate:getaddrinfo:Name or service not known
Workaround: The server side does not configure the hosts domain name binding, which is added in the hosts.
3. The following error occurred when connecting to master:
Warning:peer Certificate won ' is verified in this SSL session
Workaround: The service side has not returned the issuing certificate, use puppet cert--list to view
4. The following error occurred when connecting to master:
Err:could Retrieve catalog from remote Server:certificate verify failed
Workaround: The client and server side time is out of sync and the SSL connection needs to depend on whether the time on the host is correct. command to perform update time:/sbin/ntpdate asia.pool.ntp.org

5.Puppet error run of Puppet configuration client already in progress; Skipping solution:
Rm-rf/var/lib/puppet/state/puppetdlock

Installation of Puppet

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.