Puppet

    版本為 06:01, 27 Nov 2024

    到這個版本。

    返回到 版本存檔.

    查閱目前版本

    說明

    系統環境:
    Linux:CentOS 6.8 64-bit, Minimal ISO
    Puppet:Puppet 3.8

    IP/Hostname:
    master.my.lab / 192.168.31.100
    node.my.lab / 192.168.31.101

     

    Puppet Master(Server)安裝

    設定 hosts 與 hostname

    #> /etc/sysconfig/network
    
    HOSTNAME=master.my.lab
    
    #> vi /etc/hosts
    
    192.168.31.100    master.mylab.com
    192.168.31.101    node.mylab.com
    

    設定時間校時

    #> yum install ntpdate
    #> vi /etc/cron.hourly/ntpdate.cron
    
    #!/bin/sh
    /usr/sbin/ntpdate tock.stdtime.gov.tw &> /dev/null
    
    #> chmod 0755 /usr/sbin/ntpdate
    

    套件安裝

    #> rpm -ivh https://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm
    #> yum install puppetserver
    

    調整記憶體配置

    #> vi /etc/sysconfig/puppetserver
    
    JAVA_ARGS="-Xms512m -Xmx512m -XX:MaxPermSize=256m"
    

    TIPs:

    預設 puppet server 需要使用 2G 的記憶體配置,如果實際記憶體不足,必須修改設定檔。

    啟動 puppetserver

    #> serviec puppetserver start
    

    TIP:

    如果啟動失敗,檢查日誌檔 /var/log/puppetserver/puppetserver.log

    檢查服務狀態

    # ps -ef | grep puppetserver
    puppet    1049     1 17 19:05 ?        00:00:59 /usr/bin/java -XX:OnOutOfMemoryError=kill -9 %p -Djava.security.egd=/dev/urandom -Xms512m -Xmx512m -XX:MaxPermSize=256m -cp /usr/share/puppetserver/puppet-server-release.jar clojure.main -m puppetlabs.trapperkeeper.main --config /etc/puppetserver/conf.d -b /etc/puppetserver/bootstrap.cfg
    
    # netstat -lt
    
    tcp        0      0 *:8140                      *:*                         LISTEN
    
    #> puppet master --version
    3.8.7
    

    設定 puppet.conf

    #> vi /etc/puppet/puppet.conf
    
    dns_alt_names = master.my.lab
    

    TIP:

    dns_alt_names 這用來取代 DNS 名稱,不設定也行。

    CA Master(如果這部 Master 是扮演 CA 主機)

    #> service puppetserver stop
    #> puppet master --verbose --no-daemonize
    
    畫面顯示 Notice: Starting Puppet master version 3.8.7
    按 Ctrl + C 退出程式
    
    #> service puppetserver start
    #> puppet cert list -all
    
    + "master.my.lab" (SHA256) 10:3F:81:4C:D9:59:E8:35:43:15:32:D9:DA:AF:67:84:9F:77:3A:D7:32:0B:EE:55:BD:A7:DA:64:A3:D5:5C:32 (alt names: "DNS:master.my.lab")
    

    其他 Non-CA Master(不擔任 CA 主機)

    #> puppet agent --test --ca_server= master.my.lab
    

    到 CA Master 主機

    #> puppet cert --allow-dns-alt-names sign <CERT-NAME>
    

    TIP:

    CERT-NAME 可以執行 puppet cert list 查詢

    Puppet Agent(Client)安裝:

    設定 hosts 與 hostname

    #> /etc/sysconfig/network
    
    HOSTNAME=node.my.lab
    
    #> vi /etc/hosts
    
    192.168.31.100    master.mylab.com
    192.168.31.101    node.mylab.com
    

    設定時間校時

    #> yum install ntpdate
    #> vi /etc/cron.hourly/ntpdate.cron
    
    #!/bin/sh
    /usr/sbin/ntpdate tock.stdtime.gov.tw &> /dev/null
    
    #> chmod 0755 /etc/cron.hourly/ntpdate.cron
    

    套件安裝

    #> rpm -ivh https://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm
    #> yum install puppet
    
    #> puppet --version
    3.8.7
    

    Master 與 Node 的通訊連接
    從 Node 主機上執行

    #> puppet agent --server=master.my.lab --no-daemonize --verbose
    Info: Creating a new SSL key for node.my.lab
    Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
    Info: Creating a new SSL certificate request for node.my.lab
    Info: Certificate Request fingerprint (SHA256): B4:6D:AC:A7:DC:DE:70:2E:31:0E:59:09:14:01:BB:68:C6:67:48:42:43:C4:5A:1B:27:71:05:BF:A2:71:76:AB
    

    從 Master 主機上執行

    #> puppet cert list
      "node.my.lab" (SHA256) B4:6D:AC:A7:DC:DE:70:2E:31:0E:59:09:14:01:BB:68:C6:67:48:42:43:C4:5A:1B:27:71:05:BF:A2:71:76:AB
    

    簽署來自 node 的憑證

    #> puppet cert sign node.my.lab
    Notice: Signed certificate request for node.my.lab
    Notice: Removing file Puppet::SSL::CertificateRequest node.my.lab at '/var/lib/puppet/ssl/ca/requests/node.my.lab.pem'
    
    #> puppet cert list -all
    + "master.my.lab" (SHA256) 84:68:51:7B:6D:BF:8F:A2:A6:2B:8D:78:8D:2B:64:B1:E6:64:08:7B:00:78:CE:22:4D:1E:33:6A:8B:F9:EE:4F (alt names: "DNS:puppet", "DNS:master.my.lab")
    + "node.my.lab"   (SHA256) 56:CF:88:D7:1D:C5:9B:BD:9E:EA:8C:F2:D7:06:07:09:CE:00:CC:10:75:B5:C3:04:08:6F:32:71:CA:6E:ED:15
    

    從 Node 端再執行一次

    #> puppet agent --server=master.my.lab --no-daemonize --verbose
    Notice: Starting Puppet client version 3.8.7
    Info: Retrieving pluginfacts
    Info: Retrieving plugin
    Info: Caching catalog for node.my.lab
    Info: Applying configuration version '1473517210'
    Notice: Finished catalog run in 0.09 seconds
    
    按 Ctrl + C 離開
    

    TIP:

    如果出現
    Warning: Unable to fetch my node definition, but the agent run will continue:
    Warning: undefined method `include?' for nil:NilClass
    重新再執行一次試試

    簡單的測試 Node 與 Master 連線,還可以從 Node 端執行

    # puppet agent --test
    Info: Retrieving pluginfacts
    Info: Retrieving plugin
    Info: Caching catalog for node.my.lab
    Info: Applying configuration version '1473589349'
    Notice: Finished catalog run in 0.12 seconds
    
    清除憑證

    從 Node 端

    #> find /var/lib/puppet/ssl -name node.my.lab.pem -exec rm -f {} \;
    
    從 Master 端
    #> puppet cert list -all
    #> puppet cert clean <CERT-NAME>
    

    第一次測試:使 Note 主機建立一個檔案 /tmp/puppet.txt
    從 Node 端:

    #> vi /etc/puppet/puppet.conf
    
    [main]
    …
    
    [agent]
    …
    server = master.my.lab
    runinterval = 5
    
    啟動服務
    #> service puppet start
    

    從 Master 端

    # vi /etc/puppet/manifests/site.pp
    
    file {"/tmp/puppet.txt":
        content => "puppet test\n",
    }
    
    Powered by MindTouch Core