puppet源码安装

wuhuizhong

浏览: 682681 次
性别:
来自: 中山

最近访客更多访客>>

fstanwh

submaze

zhangcaiyanbeyond

kisang

博主相关

博客

微博

相册

留言

关于我

文章分类

社区版块

存档分类

博客分类：

linux

puppet Server: 172.18.60.200

puppet Client: 172.18.60.59 172.18.60.88

一、下载地址
puppet下载地址:
http://downloads.puppetlabs.com/puppet/puppet-2.7.22.tar.gz

facter下载地址:
http://downloads.puppetlabs.com/facter/facter-1.6.18.tar.gz

ruby下载地址:
http://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7.tar.gz

二、环境准备

1.时间必须一致:
crontab -e
*/2 * * * * /usr/sbin/ntpdate clock.nc.fukuoka-u.ac.jp >/dev/null 2>&1

2.必須安装:gcc-c++、install openssl*

3.修改主機名: 服务器及客户端一样
[root@zserpap ~]# more /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
#127.0.0.1              ZSAP localhost.localdomain localhost
#172.18.60.200               ZSAP localhost.localdomain localhost
::1             localhost6.localdomain6 localhost6
172.18.60.200 zserpap.zs_py.com.cn zserpap
172.18.60.59 pyytestdb.zs_py.com.cn pyytestdb
172.18.60.88 zsperdb.zs_py.com.cn zsperdb

[root@zserpap ~]# more /etc/sysconfig/network
NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=zserpap.zs_py.com.cn
GATEWAY=172.18.60.254

[root@zserpap ~]# hostname zserpap.zs_py.com.cn

4.检查防火墙确保8140端口开放.
禁用防火墙和SELinux
service iptables stop
chkconfig iptables off
setenforce 0
cat /etc/sysconfig/selinux <<EOF
SELINUX=disabled
SELINUXTYPE=targeted
EOF

三、安装应用软件
1、首先安装ruby
tar -zxvf ruby-1.8.7.tar.gz
cd ruby-1.8.7
./configure --prefix=/usr/local/ruby
make
make install
操作系统PATH路径:
vi /etc/profile
export PATH=/usr/local/ruby/bin:$PATH
查看ruby --version版本

顯示ruby的lib搜索路徑:
$ ruby -e 'puts $:'

安裝 rubygems
ruby setup.rb
puppet要求gem在1.3.4以下.

2、安装facter
tar -zxvf facter-1.6.18.tar.gz
cd facter-1.6.18
ruby install.rb

3、安装puppet
tar -zxvf puppet-2.7.22.tar.gz
cd puppet-2.7.22/
ruby install.rb
[root@zserpap puppet-2.7.22]# cp conf/auth.conf /etc/puppet/
[root@zserpap puppet-2.7.22]# cp conf/namespaceauth.conf /etc/puppet/
[root@zserpap puppet-2.7.22]# cp conf/redhat/puppet.conf /etc/puppet/
[root@zserpap puppet-2.7.22]# cp conf/redhat/server.init /etc/init.d/puppetmaster
[root@zserpap puppet-2.7.22]# chmod +x /etc/init.d/puppetmaster
[root@zserpap puppet-2.7.22]# /etc/init.d/puppetmaster start
Starting puppetmaster: /bin/bash: /usr/sbin/puppetmasterd: No such file or directory
                                                           [FAILED]

[root@zserpap puppet-2.7.22]# cp sbin/puppetmasterd /usr/sbin/
[root@zserpap puppet-2.7.22]# chmod -R 777 /usr/sbin/puppetmasterd
[root@zserpap puppet-2.7.22]# cp sbin/puppetmasterd /bin/puppetmasterd
[root@zserpap puppet-2.7.22]# chmod -R 777 /bin/puppetmasterd
[root@zserpap puppet-2.7.22]# /etc/init.d/puppetmaster start
Starting puppetmaster: /usr/bin/env: ruby: No such file or directory
                                                           [FAILED]
[root@zserpap puppet-2.7.22]# ls /usr/local/ruby/bin/
erb         filebucket pi          puppetdoc   rdoc        ruby
facter      irb         puppet      ralsh       ri          testrb
[root@zserpap puppet-2.7.22]# ln -s /usr/local/ruby/bin/ruby /usr/bin/
[root@zserpap puppet-2.7.22]# /etc/init.d/puppetmaster start
Starting puppetmaster: Could not prepare for execution: Got 6 failure(s) while initializing: change from absent to directory failed: Could not set 'directory on ensure: Could not find group puppet; change from absent to directory failed: Could not set 'directory on ensure: Could not find group puppet; change from absent to directory failed: Could not set 'directory on ensure: Could not find group puppet; change from absent to directory failed: Could not set 'directory on ensure: Could not find group puppet; change from absent to directory failed: Could not set 'directory on ensure: Could not find group puppet; change from absent to directory failed: Could not set 'directory on ensure: Could not find group puppet
                                                           [FAILED]
[root@zserpap puppet-2.7.22]# useradd puppet
[root@zserpap puppet-2.7.22]# /etc/init.d/puppetmaster start
Starting puppetmaster:                                     [ OK ]

[root@zserpap sbin]# pwd
/usr/local/src/puppet-2.7.22/sbin
cp -r * /usr/sbin/

[root@zserpap manifests]# chkconfig --add puppetmaster
[root@zserpap manifests]# chkconfig puppetmaster on

客户端其它安装和服务器安装相同，除了用 cp conf/redhat/client.init /etc/init.d/puppet
tar -zxvf puppet-2.7.22.tar.gz

cd puppet-2.7.22/
ruby install.rb

[root@pyytestdb puppet-2.7.22]# cp conf/auth.conf /etc/puppet/
[root@pyytestdb puppet-2.7.22]# cp conf/namespaceauth.conf /etc/puppet/
[root@pyytestdb puppet-2.7.22]# cp conf/redhat/puppet.conf /etc/puppet/
[root@pyytestdb puppet-2.7.22]# cp conf/redhat/client.init /etc/init.d/puppet
[root@pyytestdb puppet-2.7.22]# chmod +x /etc/init.d/puppet
[root@pyytestdb puppet-2.7.22]# service puppet start
Starting puppet: /bin/bash: /usr/sbin/puppetd: No such file or directory
                                                           [FAILED]
[root@pyytestdb puppet-2.7.22]# cp sbin/puppetd /usr/sbin/puppetd
[root@pyytestdb puppet-2.7.22]# service puppet start
Starting puppet: /usr/bin/env: ruby: No such file or directory
                                                           [FAILED]
[root@pyytestdb puppet-2.7.22]# chmod +x /usr/sbin/puppetd
[root@pyytestdb puppet-2.7.22]# service puppet start
Starting puppet: /usr/bin/env: ruby: No such file or directory
                                                           [FAILED]
[root@pyytestdb puppet-2.7.22]# ln -s /usr/local/ruby/bin/ruby /usr/bin/
[root@pyytestdb puppet-2.7.22]# /etc/init.d/puppet start
Starting puppet:                                           [ OK ]

启动服务
chkconfig puppet on
service puppet start

安装完毕后进行测试：

在服务器端执行:
# puppetca --list
应该是无
在服务端查看验证签名,注意前面的+号，说明已经签名
# puppetca -a --list

在客户端执行
[root@pyytestdb ~]# puppetd --server zserpap.zs_py.com.cn --test
info: Caching certificate for ca
info: Creating a new SSL certificate request for pyytestdb.zs_py.com.cn
info: Certificate Request fingerprint (md5): F0:83:B6:70:D4:C0:D2:40:C2:CD:5B:B3                                                                             :00:31:D4:39
Exiting; no certificate found and waitforcert is disabled

再到服务器端执行：
[root@zserpap ~]# puppetca –s pyytestdb.zs_py.com.cn
Invalid method –s to apply

如果看到了客户端的证书请求，
针对客户端请求为
puppetca –s pyytestdb.zs_py.com.cn
用下面的命令对所有证书请求签名：
puppetca -s –a
[root@zserpap ~]# puppetca -s -a
notice: Signed certificate request for pyytestdb.zs_py.com.cn
notice: Removing file Puppet::SSL::CertificateRequest pyytestdb.zs_py.com.cn at '/var/lib/puppet/ssl/ca/requests/pyytestdb.zs_py.com.cn.pem'

在主服务器上/etc/puppet/manifests

vi /etc/puppet/manifests/site.pp
node default{
   file { "/tmp/puppet_test.txt":
           content=> "hello, This is test of PUPPET";
}
}

再重启一下服务器 service puppetmaster restart 和客户端 service puppet restart
再执行 puppetd --server zserpap.zs_py.com.cn --test
[root@pyytestdb ~]# puppetd --server zserpap.zs_py.com.cn --test
info: Caching certificate for pyytestdb.zs_py.com.cn
info: Caching certificate_revocation_list for ca
info: Caching catalog for pyytestdb.zs_py.com.cn
info: Applying configuration version '1372658911'
notice: /Stage[main]//Node[default]/File[/tmp/test.txt]/ensure: defined content as '{md5}100b144907af2a4786003758a0a6a563'
info: Creating state file /var/lib/puppet/state/state.yaml
notice: Finished catalog run in 0.03 seconds

看/tmp下面是不是有 puppet_test.txt 文件了

==============================================================================================================================
增加多个site.pp

可以先在site.pp中增加

import "test.pp"

然后再在里面执行需要操作的内容。

可用 puppetd --server zserpap.zs_py.com.cn --test 进行测试。
如果有报错
err: Could not retrieve catalog from remote server: Error 400 on SERVER: Node 'default' is already defined at /etc/puppet/manifests/test.pp:1; cannot redefine at /etc/puppet/manifests/site.pp:2 on node zsperdb.zs_py.com.cn
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run

那么需要在客户端执行 puppet agent --enable 即可。

puppet agent --disable 为关闭。

记得重启 puppetmaster 和 puppet

参考内容:
默认时间 vi /etc/puppet/puppet.con
runinterval =1800 ###默认是30分钟，可以修改此处的值，单位为秒
有的时间修改了这个没有用，是什么原因呢：
我也曾修改过多次，没效果，后在客户端的配置文件再加了一句 server = zserpap.zs_py.com.cn
然后重启
在客户端修改即可！最好重启一下 service puppet restart

puppet 如何全客户端自动签名
a. vi /etc/puppet/puppet.conf
[puppetmaster]
autosign=true      #增加这两行
autosing=/etc/puppet/autosign.conf
#增加这两行添加
* 表示所有，或者添加域名,IP或者网段。举例：
b.再编辑 /etc/puppet/autosign.conf
*
*.test.com
192.168.0.1/24

错误总结:
第一次认证的时候报下边的错误：
[root@client ~]# puppetd --server zserpap.zs_py.com.cn --test
err: Could not retrieve catalog from remote server: certificate verify failed
原因有三种：
第一：是hostname没有设置好，在安装前一定要把hostname设置好，设置好之后尽量重启机器。实在不行就删了重新安装。
第二：时间不同步，时间不同步也会报认证失败的错误，可以用date设置时间，只要不是差得太多就没事。
第三：是ssl的问题，在你用的这个客户端puppet已经做过其他的机器的客户端的情况下，因为已经生成的有证书，可能会和现在的冲突，把/var/lib/puppet/ssl这个文件夹删掉之后就行了。

配置c/s模式的puppet的实验环境
Puppet的的客户端和服务端是靠ssl链接的，在服务端有一个自签名的根证书，在安装软件的时候自动生成。每个客户端的证书要经过根证书签名才能和服务器连接。所以首先要在客户端执行下面的命令来请求服务器签名证书。
puppetd --server zserpap.zs_py.com.cn --test

參考:

http://qinghua.blog.51cto.com/202629/837268

http://www.chenshake.com/puppet-study-notes/

分享到：

Linux运维常用命令 | ORACLE 管理索引

2013-07-01 16:31
浏览 3392
评论(0)
分类:操作系统
查看更多

发表评论

您还没有登录,请您登录后再发表评论

最近访客更多访客>>

博主相关

文章分类

社区版块

存档分类

最新评论