Puppet
內容表格
說明
系統環境:
Linux:CentOS 6.8 64-bit, Minimal ISO
Puppet:Puppet 3.8
IP/Hostname:
master.my.lab / 192.168.31.100
node.my.lab / 192.168.31.101
Puppet Master(Server)安裝
設定 hosts 與 hostname
#> /etc/sysconfig/network HOSTNAME=master.my.lab #> vi /etc/hosts 192.168.31.100 master.mylab.com 192.168.31.101 node.mylab.com
設定時間校時
#> yum install ntpdate #> vi /etc/cron.hourly/ntpdate.cron #!/bin/sh /usr/sbin/ntpdate tock.stdtime.gov.tw &> /dev/null #> chmod 0755 /usr/sbin/ntpdate
套件安裝
#> rpm -ivh https://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm #> yum install puppetserver
調整記憶體配置
#> vi /etc/sysconfig/puppetserver JAVA_ARGS="-Xms512m -Xmx512m -XX:MaxPermSize=256m"
TIPs:
預設 puppet server 需要使用 2G 的記憶體配置,如果實際記憶體不足,必須修改設定檔。
啟動 puppetserver
#> serviec puppetserver start
TIP:
如果啟動失敗,檢查日誌檔 /var/log/puppetserver/puppetserver.log
檢查服務狀態
# ps -ef | grep puppetserver puppet 1049 1 17 19:05 ? 00:00:59 /usr/bin/java -XX:OnOutOfMemoryError=kill -9 %p -Djava.security.egd=/dev/urandom -Xms512m -Xmx512m -XX:MaxPermSize=256m -cp /usr/share/puppetserver/puppet-server-release.jar clojure.main -m puppetlabs.trapperkeeper.main --config /etc/puppetserver/conf.d -b /etc/puppetserver/bootstrap.cfg # netstat -lt tcp 0 0 *:8140 *:* LISTEN #> puppet master --version 3.8.7
設定 puppet.conf
#> vi /etc/puppet/puppet.conf dns_alt_names = master.my.lab
TIP:
dns_alt_names 這用來取代 DNS 名稱,不設定也行。
CA Master(如果這部 Master 是扮演 CA 主機)
#> service puppetserver stop #> puppet master --verbose --no-daemonize 畫面顯示 Notice: Starting Puppet master version 3.8.7 按 Ctrl + C 退出程式 #> service puppetserver start #> puppet cert list -all + "master.my.lab" (SHA256) 10:3F:81:4C:D9:59:E8:35:43:15:32:D9:DA:AF:67:84:9F:77:3A:D7:32:0B:EE:55:BD:A7:DA:64:A3:D5:5C:32 (alt names: "DNS:master.my.lab")
其他 Non-CA Master(不擔任 CA 主機)
#> puppet agent --test --ca_server= master.my.lab
到 CA Master 主機
#> puppet cert --allow-dns-alt-names sign <CERT-NAME>
TIP:
CERT-NAME 可以執行 puppet cert list 查詢
Puppet Agent(Client)安裝:
設定 hosts 與 hostname
#> /etc/sysconfig/network
HOSTNAME=node.my.lab
#> vi /etc/hosts
192.168.31.100 master.mylab.com
192.168.31.101 node.mylab.com
設定時間校時
#> yum install ntpdate
#> vi /etc/cron.hourly/ntpdate.cron
#!/bin/sh
/usr/sbin/ntpdate tock.stdtime.gov.tw &> /dev/null
#> chmod 0755 /etc/cron.hourly/ntpdate.cron
套件安裝
#> rpm -ivh https://yum.puppetlabs.com/puppetlab...l-6.noarch.rpm
#> yum install puppet
#> puppet --version
3.8.7
Master 與 Node 的通訊連接
從 Node 主機上執行
#> puppet agent --server=master.my.lab --no-daemonize --verbose
Info: Creating a new SSL key for node.my.lab
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for node.my.lab
Info: Certificate Request fingerprint (SHA256): B4:6D:AC:A7:DC:DE:70:2E:31:0E:59:09:14:01:BB:68:C6:67:48:42:43:C4:5A:1B:27:71:05:BF:A2:71:76:AB
從 Master 主機上執行
#> puppet cert list
"node.my.lab" (SHA256) B4:6D:AC:A7:DC:DE:70:2E:31:0E:59:09:14:01:BB:68:C6:67:48:42:43:C4:5A:1B:27:71:05:BF:A2:71:76:AB
簽署來自 node 的憑證
#> puppet cert sign node.my.lab
Notice: Signed certificate request for node.my.lab
Notice: Removing file Puppet::SSL::CertificateRequest node.my.lab at '/var/lib/puppet/ssl/ca/requests/node.my.lab.pem'
#> puppet cert list -all
+ "master.my.lab" (SHA256) 84:68:51:7B:6D:BF:8F:A2:A6:2B:8D:78:8D:2B:64:B1:E6:64:08:7B:00:78:CE:22:4D:1E:33:6A:8B:F9:EE:4F (alt names: "DNS:puppet", "DNS:master.my.lab")
+ "node.my.lab" (SHA256) 56:CF:88:D7:1D:C5:9B:BD:9E:EA:8C:F2:D7:06:07:09:CE:00:CC:10:75:B5:C3:04:08:6F:32:71:CA:6E:ED:15
從 Node 端再執行一次
#> puppet agent --server=master.my.lab --no-daemonize --verbose
Notice: Starting Puppet client version 3.8.7
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for node.my.lab
Info: Applying configuration version '1473517210'
Notice: Finished catalog run in 0.09 seconds
按 Ctrl + C 離開
TIP:
如果出現
Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: undefined method `include?' for nil:NilClass
重新再執行一次試試
簡單的測試 Node 與 Master 連線,還可以從 Node 端執行
# puppet agent --test
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for node.my.lab
Info: Applying configuration version '1473589349'
Notice: Finished catalog run in 0.12 seconds
清除憑證
從 Node 端
#> find /var/lib/puppet/ssl -name node.my.lab.pem -exec rm -f {} \;
從 Master 端
#> puppet cert list -all
#> puppet cert clean <CERT-NAME>
第一次測試:使 Note 主機建立一個檔案 /tmp/puppet.txt
從 Node 端:
#> vi /etc/puppet/puppet.conf
[main]
…
[agent]
…
server = master.my.lab
runinterval = 5
啟動服務
#> service puppet start
從 Master 端
# vi /etc/puppet/manifests/site.pp
file {"/tmp/puppet.txt":
content => "puppet test\n",
}
相關連結
https://docs.puppet.com/puppet/3.8/reference/