<ins id='qvk3'></ins>
  1. <tr id='qvk3'><strong id='qvk3'></strong><small id='qvk3'></small><button id='qvk3'></button><li id='qvk3'><noscript id='qvk3'><big id='qvk3'></big><dt id='qvk3'></dt></noscript></li></tr><ol id='qvk3'><table id='qvk3'><blockquote id='qvk3'><tbody id='qvk3'></tbody></blockquote></table></ol><u id='qvk3'></u><kbd id='qvk3'><kbd id='qvk3'></kbd></kbd>

  2. <acronym id='qvk3'><em id='qvk3'></em><td id='qvk3'><div id='qvk3'></div></td></acronym><address id='qvk3'><big id='qvk3'><big id='qvk3'></big><legend id='qvk3'></legend></big></address>

      <span id='qvk3'></span>

      <i id='qvk3'><div id='qvk3'><ins id='qvk3'></ins></div></i>
        1. <fieldset id='qvk3'></fieldset>

          <i id='qvk3'></i>

          <dl id='qvk3'></dl>

          <code id='qvk3'><strong id='qvk3'></strong></code>

          在CentOS系统下安装Puppet和Puppet Foreman的教程

          • 时间:
          • 浏览:6
          • 来源:124软件资讯网

              一、系统情况:

              Centos6.4 x86_64

              192.168.6.171 puppet.domain.com

              192.168.6.173 agent1.domian.com

              二、关闭selinux 和 iptables(我这里是测试情况,也可以增添puppet端口8140)

              代码如下:

              setenforce 0

              /etc/init.d/iptables stop && chkconfig iptables off

              三、更改主机名、使用host剖析

              代码如下:

              [root@test ~]# cat /etc/sysconfig/network // # 192.168.6.171

              NETWORKING=yes

              NETWORKING_IPV6=no

              HOSTNAME=puppet.domain.com

              [root@test ~]# cat /etc/hosts

              192.168.6.171 puppet.domain.com

              192.168.6.173 agent1.domain.com

              [root@test ~]cat /etc/sysconfig/network // # 192.168.6.173

              NETWORKING=yes

              NETWORKING_IPV6=no

              HOSTNAME=agent1.domain.com

              [root@test ~]# cat /etc/hosts

              192.168.6.171 puppet.domain.com

              192.168.6.173 agent1.domain.com

              四、安装yum源

              1、# 下载地址 https://lug.ustc.edu.cn/wiki/mirrors/help/centos

              代码如下:

              [root@puppet yum.repos.d]# cat CentOS-Base.repo

              # CentOS-Base.repo

              #

              # The mirror system uses the connecting IP address of the client and the

              # update status of each mirror to pick mirrors that are updated to and

              # geographically close to the client. You should use this for CentOS updates

              # unless you are manually picking other mirrors.

              #

              # If the mirrorlist= does not work for you, as a fall back you can try the

              # remarked out baseurl= line instead.

              #

              #

              [base]

              name=CentOS-$releasever - Base - mirrors.ustc.edu.cn

              baseurl=http://mirrors.ustc.edu.cn/centos/$releasever/os/$basearch/

              #mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os

              gpgcheck=1

              gpgkey=http://mirrors.ustc.edu.cn/centos/RPM-GPG-KEY-CentOS-6

              #released updates

              [updates]

              name=CentOS-$releasever - Updates - mirrors.ustc.edu.cn

              baseurl=http://mirrors.ustc.edu.cn/centos/$releasever/updates/$basearch/

              #mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates

              gpgcheck=1

              gpgkey=http://mirrors.ustc.edu.cn/centos/RPM-GPG-KEY-CentOS-6

              #additional packages that may be useful

              [extras]

              name=CentOS-$releasever - Extras - mirrors.ustc.edu.cn

              baseurl=http://mirrors.ustc.edu.cn/centos/$releasever/extras/$basearch/

              #mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras

              gpgcheck=1

              gpgkey=http://mirrors.ustc.edu.cn/centos/RPM-GPG-KEY-CentOS-6

              #additional packages that extend functionality of existing packages

              [centosplus]

              name=CentOS-$releasever - Plus - mirrors.ustc.edu.cn

              baseurl=http://mirrors.ustc.edu.cn/centos/$releasever/centosplus/$basearch/

              #mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus

              gpgcheck=1

              enabled=0

              gpgkey=http://mirrors.ustc.edu.cn/centos/RPM-GPG-KEY-CentOS-6

              #contrib - packages by Centos Users

              [contrib]

              name=CentOS-$releasever - Contrib - mirrors.ustc.edu.cn

              baseurl=http://mirrors.ustc.edu.cn/centos/$releasever/contrib/$basearch/

              #mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=contrib

              gpgcheck=1

              enabled=0

              gpgkey=http://mirrors.ustc.edu.cn/centos/RPM-GPG-KEY-CentOS-6

              2、安装puppet官方yum源

              代码如下:

              rpm -Uvh http://yum.puppetlabs.com/el/6Server/products/x86_64/puppetlabs-release-6-6.noarch.rpm

              五、安装ruby情况(master和agent端都要操作)

              代码如下:

              yum -y install ruby ruby-libs ruby-shadow

              [root@puppet yum.repos.d]# ruby -v //# 检查ruby版本

              ruby 1.8.7 (2011-06-30 patchlevel 352) [x86_64-linux]

              master:

              代码如下:

              yum -y install puppet-server

              agent:

              代码如下:

              yum -y install puppet

              六、puppet设置文件(看到外面许多的文档又是[main] [agent] [master] 把我都绕晕了 我就直接贴我的设置文件 很简朴要改的工具很少)

              1、master端的设置文件

              代码如下:

              [root@pupet ~]# cd /etc/puppet/

              [root@pupet puppet]# cat puppet.conf

              [main]

              vardir = /var/lib/puppet // # 用来存放缓存数据、设置、客户端返回的陈诉及文件备份

              logdir = /var/log/puppet

              rundir = /var/run/puppet

              ssldir = $vardir/ssl // # 签发认证文件目录

              [master]

              reports = foreman,console,log // # 发送陈诉至console,foreman,log

              certname = puppet.domain.com // # 设置主机名是puppet.domain.com

              pluginsync = true // # 开启插件同步

              environment = production // # 指定运行情况是生产

              # /etc/init.d/puppetmaster start 启动puppetmaster

              2、agent端的设置文件

              代码如下:

              [root@agent ~]# cd /etc/puppet/

              [root@agent puppet]# cat puppet.conf

              [main]

              logdir = /var/log/puppet

              rundir = /var/run/puppet

              ssldir = $vardir/ssl

              pluginsync = true

              [agent]

              classfile = $vardir/classes.txt

              localconfig = $vardir/localconfigs

              #runinterval = 300

              listen = true

              report = true

              server = puppet.domain.com // #指定server端

              # /etc/init.d/puppet start 启动puppet agent

              七、puppet验证

              1、客户端提倡验证

              代码如下:

              [root@agent1 yum.repos.d]# puppet agent --test --server puppet.domain.com

              Info: Caching certificate for ca

              Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml

              Info: Creating a new SSL certificate request for agent1.domain.com

              Info: Certificate Request fingerprint (SHA256): C0:BB:24:3B:4B:59:F1:63:3D:EA:C1:EB:5B:2D:84:68:23:BA:F3:3D:0A:E6:8C:0E:38:3F:9E:F3:40:24:9A:68

              Info: Caching certificate for ca

              Exiting; no certificate found and waitforcert is disabled

              2、服务端检察

              代码如下:

              [root@puppet puppet]# puppet cert --list --all

              "agent1.domain.com" (SHA256) C0:BB:24:3B:4B:59:F1:63:3D:EA:C1:EB:5B:2D:84:68:23:BA:F3:3D:0A:E6:8C:0E:38:3F:9E:F3:40:24:9A:68

              + "puppet.domain.com" (SHA256) AF:F9:25:75:0F:3A:C5:E2:B5:71:EE:4E:65:82:7A:C1:3E:20:74:EF:57:2D:2D:1D:E5:47:1D:03:76:A5:5C:07 (alt names: "DNS:puppet", "DNS:puppet.domain.com")

              3、服务端完成验证(显示+号代表添加进来了 没有的话是带添加的主机)

              代码如下:

              [root@puppet puppet]# puppet cert sign agent1.domain.com

              Notice: Signed certificate request for agent1.domain.com

              Notice: Removing file Puppet::SSL::CertificateRequest agent1.domain.com at '/var/lib/puppet/ssl/ca/requests/agent1.domain.com.pem'

              代码如下:

              [root@puppet puppet]# puppet cert --list --all

              + "agent1.domain.com" (SHA256) 70:00:4D:89:53:2B:A4:C4:16:C4:DA:F1:63:59:5A:7A:0C:26:47:3B:74:4D:1C:29:C3:1B:BF:2E:B1:F4:89:D5

              + "puppet.domain.com" (SHA256) AF:F9:25:75:0F:3A:C5:E2:B5:71:EE:4E:65:82:7A:C1:3E:20:74:EF:57:2D:2D:1D:E5:47:1D:03:76:A5:5C:07 (alt names: "DNS:puppet", "DNS:puppet.domain.com")

              4、服务端自动验证设置

              代码如下:

              vi /etc/puppet/puppet.conf // # 添加自动验证设置文件路径并开启

              autosign = $confdir/autosign.conf { mode = 664 }

              auto = true

              vi /etc/puppet/autosign.conf // # 指定所有以.domain.com末端的主机名自动添加验证

              *.domain.com

              5、master作废授权

              代码如下:

              puppet cert --revoke agent1.domain.com

              6、master删除授权

              在master端:

              代码如下:

              puppet cert --clean agent1.domain.com

              在agent端:

              代码如下:

              find /var/lib/puppet/ssl/ -iname 'hostname'.pem -exec /bin/rm –rf {}

              八、测试puppet文件推送功效

              master端:

              代码如下:

              # 界说一个test模块

              [root@puppet test]# pwd

              /etc/puppet/modules/test

              [root@puppet test]# ls

              files manifests templates

              # 自定资源文件

              [root@puppet test]# cd manifests/

              [root@puppet manifests]# ls

              init.pp

              [root@puppet manifests]# cat init.pp

              class test {

              file { "/tmp/$hostname.txt": content => "hello $hostname.txt"; }

              }

              # 对agent.domain.com节点倒入test模块

              [root@puppet nodes]# pwd

              /etc/puppet/manifests/nodes

              [root@puppet nodes]# cat agent.domain.com.pp

              node 'agent.domain.com' {

              include test

              }

              # 入口文件导入所有的节点

              [root@puppet manifests]# pwd

              /etc/puppet/manifests

              [root@puppet manifests]# cat site.pp

              import "nodes/*.domain.com.pp"

              # agent 端

              代码如下:

              [root@agent1 yum.repos.d]# puppet agent --test --server puppet.domain.com

              Notice: Ignoring --listen on onetime run

              Info: Retrieving pluginfacts

              Info: Retrieving plugin

              Info: Caching catalog for agent1.domain.com

              Info: Applying configuration version '1408524165'

              Notice: /Stage[main]/Test/File[/tmp/agent1.txt]/ensure: defined content as '{md5}7509cca57ec6faec2d5dd2c76a68ea0b'

              Notice: Finished catalog run in 0.10 seconds

              # 验证文件

              [root@agent1 yum.repos.d]# cat /tmp/agent1.txt

              hello agent1.txt

              安装Puppet foreman

              准备事情:

              1.在安装foreman之前呢咱们需要安装epel的源否则在执行yum -y install foreman-installer 许多包是安装不上的

              代码如下:

              rpm -ivh http://mirrors.sohu.com/fedora-epel/6/x86_64/epel-release-6-8.noarch.rpm

              一、安装

              代码如下:

              yum -y install http://yum.theforeman.org/releases/1.6/el6/x86_64/foreman-release.rpm // 推荐使用官方的源自动解决依赖问题

              yum -y install foreman-installer // # 最先安装 若是发现有的包安装报错需要仔细检查是不是源的问题(推荐epel源) 或者 防火墙 和 selinux

              二、运行foreman安装(以下二选其一即可,推荐非交互安装方式)

              复制代码

              代码如下:

              foreman-installer // # 这里所有的历程都是自动的 时间有点长  ,是太长了 好长...我又邪恶了~~

              foreman-installer -i // # 若是需要自界说安装 可以使用 -i 选择交互式安装 详情请参考官方手册

              # 貌似每次我安装都市卡在这里,不知道什么缘故原由 我每次都市把它竣事掉重新执行foreman-installer 就好了 无解  。 。

              Installing Debug: Package[foreman-postgresql](provider=yum): [22%] [....................

              5794 ? Ss 0:04 /usr/bin/python /usr/bin/yum -d 0 -e 0 -y install foreman-postgresql // 历程一直卡在这里

              # 安装完后可以很清晰的看到httpd启动失败 咱们这里需要手动启动一下 /etc/init.d/httpd start 安装两次都是失败不知道是不是个例

              Could not start Service[httpd]: Execution of '/sbin/service httpd start' returned 1: Starting httpd: [FAILED]

              /Stage[main]/Apache::Service/Service[httpd]/ensure: change from stopped to running failed: Could not start Service[httpd]: Execution of '/sbin/service httpd start' returned 1: Starting httpd: [FAILED]

              # 启动foreman-proxy

              /etc/init.d/foreman-proxy start

              三、会见web页面

              # 登录web需要密码这个密码在安装乐成后终端会有显示

              * Foreman is running at https://puppet.domain.com

              Initial credentials are admin / sFuCu73KydURMTbi

              * Foreman Proxy is running at https://puppet.domain.com:8443

              * Puppetmaster is running at port 8140

              The full log is at /var/log/foreman-installer/foreman-installer.log