`
wuhuizhong
  • 浏览: 668027 次
  • 性别: Icon_minigender_1
  • 来自: 中山
社区版块
存档分类
最新评论

puppet源码安装

 
阅读更多

puppet Server: 172.18.60.200

puppet Client: 172.18.60.59 172.18.60.88

一、下载地址
puppet下载地址:
http://downloads.puppetlabs.com/puppet/puppet-2.7.22.tar.gz

facter下载地址:
http://downloads.puppetlabs.com/facter/facter-1.6.18.tar.gz

ruby下载地址:
http://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7.tar.gz

二、环境准备

1.时间必须一致:
crontab -e
*/2 * * * * /usr/sbin/ntpdate clock.nc.fukuoka-u.ac.jp >/dev/null 2>&1

2.必須安装:gcc-c++、install openssl*

3.修改主機名: 服务器及客户端一样
[root@zserpap ~]# more /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
#127.0.0.1              ZSAP localhost.localdomain localhost
#172.18.60.200               ZSAP localhost.localdomain localhost
::1             localhost6.localdomain6 localhost6
172.18.60.200 zserpap.zs_py.com.cn zserpap
172.18.60.59 pyytestdb.zs_py.com.cn pyytestdb
172.18.60.88 zsperdb.zs_py.com.cn zsperdb

[root@zserpap ~]# more /etc/sysconfig/network
NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=zserpap.zs_py.com.cn
GATEWAY=172.18.60.254

[root@zserpap ~]# hostname zserpap.zs_py.com.cn

4.检查防火墙确保8140端口开放.
禁用防火墙和SELinux
service iptables stop
chkconfig iptables off
setenforce 0
cat /etc/sysconfig/selinux <<EOF
SELINUX=disabled
SELINUXTYPE=targeted
EOF


三、安装应用软件
1、首先安装ruby
tar -zxvf ruby-1.8.7.tar.gz
cd ruby-1.8.7
./configure --prefix=/usr/local/ruby
make
make install
操作系统PATH路径:
vi  /etc/profile
export PATH=/usr/local/ruby/bin:$PATH
查看ruby --version版本

 

顯示ruby的lib搜索路徑:
$ ruby -e 'puts $:'

安裝 rubygems
ruby setup.rb
puppet要求gem在1.3.4以下.


2、安装facter
tar -zxvf facter-1.6.18.tar.gz
cd facter-1.6.18           
ruby install.rb

3、安装puppet
tar -zxvf puppet-2.7.22.tar.gz 
cd puppet-2.7.22/
ruby install.rb
[root@zserpap puppet-2.7.22]# cp conf/auth.conf /etc/puppet/
[root@zserpap puppet-2.7.22]# cp conf/namespaceauth.conf /etc/puppet/
[root@zserpap puppet-2.7.22]# cp conf/redhat/puppet.conf /etc/puppet/
[root@zserpap puppet-2.7.22]# cp conf/redhat/server.init /etc/init.d/puppetmaster
[root@zserpap puppet-2.7.22]# chmod +x /etc/init.d/puppetmaster
[root@zserpap puppet-2.7.22]# /etc/init.d/puppetmaster start
Starting puppetmaster: /bin/bash: /usr/sbin/puppetmasterd: No such file or directory
                                                           [FAILED]
  
[root@zserpap puppet-2.7.22]# cp sbin/puppetmasterd /usr/sbin/
[root@zserpap puppet-2.7.22]# chmod -R 777 /usr/sbin/puppetmasterd
[root@zserpap puppet-2.7.22]# cp sbin/puppetmasterd /bin/puppetmasterd
[root@zserpap puppet-2.7.22]# chmod -R 777 /bin/puppetmasterd
[root@zserpap puppet-2.7.22]# /etc/init.d/puppetmaster start         
Starting puppetmaster: /usr/bin/env: ruby: No such file or directory
                                                           [FAILED]
[root@zserpap puppet-2.7.22]# ls /usr/local/ruby/bin/
erb         filebucket  pi          puppetdoc   rdoc        ruby       
facter      irb         puppet      ralsh       ri          testrb     
[root@zserpap puppet-2.7.22]# ln -s /usr/local/ruby/bin/ruby /usr/bin/
[root@zserpap puppet-2.7.22]# /etc/init.d/puppetmaster start         
Starting puppetmaster: Could not prepare for execution: Got 6 failure(s) while initializing: change from absent to directory failed: Could not set 'directory on ensure: Could not find group puppet; change from absent to directory failed: Could not set 'directory on ensure: Could not find group puppet; change from absent to directory failed: Could not set 'directory on ensure: Could not find group puppet; change from absent to directory failed: Could not set 'directory on ensure: Could not find group puppet; change from absent to directory failed: Could not set 'directory on ensure: Could not find group puppet; change from absent to directory failed: Could not set 'directory on ensure: Could not find group puppet
                                                           [FAILED]
[root@zserpap puppet-2.7.22]# useradd puppet
[root@zserpap puppet-2.7.22]# /etc/init.d/puppetmaster start
Starting puppetmaster:                                     [  OK  ]
 
[root@zserpap sbin]# pwd
/usr/local/src/puppet-2.7.22/sbin
cp -r * /usr/sbin/
 
[root@zserpap manifests]# chkconfig --add puppetmaster
[root@zserpap manifests]# chkconfig puppetmaster on

客户端其它安装和服务器安装相同,除了用 cp conf/redhat/client.init /etc/init.d/puppet
tar -zxvf puppet-2.7.22.tar.gz
 
cd puppet-2.7.22/
ruby install.rb

[root@pyytestdb puppet-2.7.22]# cp conf/auth.conf /etc/puppet/
[root@pyytestdb puppet-2.7.22]# cp conf/namespaceauth.conf /etc/puppet/
[root@pyytestdb puppet-2.7.22]# cp conf/redhat/puppet.conf /etc/puppet/
[root@pyytestdb puppet-2.7.22]# cp conf/redhat/client.init /etc/init.d/puppet
[root@pyytestdb puppet-2.7.22]# chmod +x /etc/init.d/puppet 
[root@pyytestdb puppet-2.7.22]# service puppet start
Starting puppet: /bin/bash: /usr/sbin/puppetd: No such file or directory
                                                           [FAILED]
[root@pyytestdb puppet-2.7.22]# cp sbin/puppetd /usr/sbin/puppetd
[root@pyytestdb puppet-2.7.22]# service puppet start             
Starting puppet: /usr/bin/env: ruby: No such file or directory
                                                           [FAILED]
[root@pyytestdb puppet-2.7.22]# chmod +x /usr/sbin/puppetd 
[root@pyytestdb puppet-2.7.22]# service puppet start       
Starting puppet: /usr/bin/env: ruby: No such file or directory
                                                           [FAILED]
[root@pyytestdb puppet-2.7.22]# ln -s /usr/local/ruby/bin/ruby /usr/bin/
[root@pyytestdb puppet-2.7.22]# /etc/init.d/puppet start
Starting puppet:                                           [  OK  ]

 

启动服务
chkconfig puppet on
service puppet start


安装完毕后进行测试:

在服务器端执行:
# puppetca --list
应该是无
在服务端查看验证签名,注意前面的+号,说明已经签名
# puppetca -a --list

在客户端执行
[root@pyytestdb ~]# puppetd --server zserpap.zs_py.com.cn  --test
info: Caching certificate for ca
info: Creating a new SSL certificate request for pyytestdb.zs_py.com.cn
info: Certificate Request fingerprint (md5): F0:83:B6:70:D4:C0:D2:40:C2:CD:5B:B3                                                                             :00:31:D4:39
Exiting; no certificate found and waitforcert is disabled

再到服务器端执行:
[root@zserpap ~]# puppetca –s pyytestdb.zs_py.com.cn
Invalid method –s to apply

如果看到了客户端的证书请求,
针对客户端请求为
puppetca –s pyytestdb.zs_py.com.cn
用下面的命令对所有证书请求签名:
puppetca -s –a
[root@zserpap ~]# puppetca -s -a
notice: Signed certificate request for pyytestdb.zs_py.com.cn
notice: Removing file Puppet::SSL::CertificateRequest pyytestdb.zs_py.com.cn at '/var/lib/puppet/ssl/ca/requests/pyytestdb.zs_py.com.cn.pem'

在主服务器上/etc/puppet/manifests

vi /etc/puppet/manifests/site.pp
node default{
   file { "/tmp/puppet_test.txt":
           content=> "hello, This is test of PUPPET";
}
}

再重启一下服务器 service puppetmaster restart 和客户端 service puppet restart
再执行 puppetd --server zserpap.zs_py.com.cn  --test
[root@pyytestdb ~]# puppetd --server zserpap.zs_py.com.cn  --test
info: Caching certificate for pyytestdb.zs_py.com.cn
info: Caching certificate_revocation_list for ca
info: Caching catalog for pyytestdb.zs_py.com.cn
info: Applying configuration version '1372658911'
notice: /Stage[main]//Node[default]/File[/tmp/test.txt]/ensure: defined content as '{md5}100b144907af2a4786003758a0a6a563'
info: Creating state file /var/lib/puppet/state/state.yaml
notice: Finished catalog run in 0.03 seconds

看/tmp下面是不是有 puppet_test.txt 文件了

==============================================================================================================================
增加多个site.pp

可以先在site.pp中增加

import "test.pp"

然后再在里面执行需要操作的内容。

可用 puppetd --server zserpap.zs_py.com.cn  --test 进行测试。
如果有报错
err: Could not retrieve catalog from remote server: Error 400 on SERVER: Node 'default' is already defined at /etc/puppet/manifests/test.pp:1; cannot redefine at /etc/puppet/manifests/site.pp:2 on node zsperdb.zs_py.com.cn
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run

那么需要在客户端执行 puppet agent --enable 即可。

puppet agent --disable 为关闭。

记得重启 puppetmaster 和 puppet

参考内容:
默认时间 vi /etc/puppet/puppet.con
runinterval =1800 ###默认是30分钟,可以修改此处的值,单位为秒
有的时间修改了这个没有用,是什么原因呢:
我也曾修改过多次,没效果,后在客户端的配置文件再加了一句 server = zserpap.zs_py.com.cn
然后重启
在客户端修改即可!最好重启一下 service puppet restart

puppet 如何全客户端自动签名
a. vi /etc/puppet/puppet.conf
[puppetmaster]
autosign=true      #增加这两行
autosing=/etc/puppet/autosign.conf 
#增加这两行添加
* 表示所有,或者添加域名,IP或者网段。举例:
b.再编辑 /etc/puppet/autosign.conf
*
*.test.com
192.168.0.1/24

错误总结:
第一次认证的时候报下边的错误:
[root@client ~]# puppetd --server zserpap.zs_py.com.cn  --test
err: Could not retrieve catalog from remote server: certificate verify failed
原因有三种:
第一:是hostname没有设置好,在安装前一定要把hostname设置好,设置好之后尽量重启机器。实在不行就删了重新安装。
第二:时间不同步,时间不同步也会报认证失败的错误,可以用date设置时间,只要不是差得太多就没事。
第三:是ssl的问题,在你用的这个客户端puppet已经做过其他的机器的客户端的情况下,因为已经生成的有证书,可能会和现在的冲突,把/var/lib/puppet/ssl这个文件夹删掉之后就行了。

配置c/s模式的puppet的实验环境
Puppet的的客户端和服务端是靠ssl链接的,在服务端有一个自签名的根证书,在安装软件的时候自动生成。每个客户端的证书要经过根证书签名才能和服务器连接。所以首先要在客户端执行下面的命令来请求服务器签名证书。
puppetd --server zserpap.zs_py.com.cn  --test

參考:

http://qinghua.blog.51cto.com/202629/837268

http://www.chenshake.com/puppet-study-notes/

 

 

分享到:
| ORACLE 管理索引
评论
发表评论

您还没有登录,请您登录后再发表评论

相关推荐

Magicbox
Global site tag (gtag.js) - Google Analytics