系統環境:
Linux:CentOS 6.8 64-bit, Minimal ISO
Puppet:Puppet 3.8
IP/Hostname:
master.my.lab / 192.168.31.100
node.my.lab / 192.168.31.101
設定 hosts 與 hostname
#> /etc/sysconfig/network HOSTNAME=master.my.lab #> vi /etc/hosts 192.168.31.100 master.mylab.com 192.168.31.101 node.mylab.com
設定時間校時
#> yum install ntpdate #> vi /etc/cron.hourly/ntpdate.cron #!/bin/sh /usr/sbin/ntpdate tock.stdtime.gov.tw &> /dev/null #> chmod 0755 /usr/sbin/ntpdate
套件安裝
#> rpm -ivh https://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm #> yum install puppetserver
調整記憶體配置
#> vi /etc/sysconfig/puppetserver JAVA_ARGS="-Xms512m -Xmx512m -XX:MaxPermSize=256m"
TIPs:
預設 puppet server 需要使用 2G 的記憶體配置,如果實際記憶體不足,必須修改設定檔。
啟動 puppetserver
#> serviec puppetserver start
TIP:
如果啟動失敗,檢查日誌檔 /var/log/puppetserver/puppetserver.log
檢查服務狀態
# ps -ef | grep puppetserver puppet 1049 1 17 19:05 ? 00:00:59 /usr/bin/java -XX:OnOutOfMemoryError=kill -9 %p -Djava.security.egd=/dev/urandom -Xms512m -Xmx512m -XX:MaxPermSize=256m -cp /usr/share/puppetserver/puppet-server-release.jar clojure.main -m puppetlabs.trapperkeeper.main --config /etc/puppetserver/conf.d -b /etc/puppetserver/bootstrap.cfg # netstat -lt tcp 0 0 *:8140 *:* LISTEN #> puppet master --version 3.8.7
設定 puppet.conf
#> vi /etc/puppet/puppet.conf dns_alt_names = master.my.lab
TIP:
dns_alt_names 這用來取代 DNS 名稱,不設定也行。
CA Master(如果這部 Master 是扮演 CA 主機)
#> service puppetserver stop #> puppet master --verbose --no-daemonize 畫面顯示 Notice: Starting Puppet master version 3.8.7 按 Ctrl + C 退出程式 #> service puppetserver start #> puppet cert list -all + "master.my.lab" (SHA256) 10:3F:81:4C:D9:59:E8:35:43:15:32:D9:DA:AF:67:84:9F:77:3A:D7:32:0B:EE:55:BD:A7:DA:64:A3:D5:5C:32 (alt names: "DNS:master.my.lab")
其他 Non-CA Master(不擔任 CA 主機)
#> puppet agent --test --ca_server= master.my.lab
到 CA Master 主機
#> puppet cert --allow-dns-alt-names sign <CERT-NAME>
TIP:
CERT-NAME 可以執行 puppet cert list 查詢
設定 hosts 與 hostname
#> /etc/sysconfig/network HOSTNAME=node.my.lab #> vi /etc/hosts 192.168.31.100 master.mylab.com 192.168.31.101 node.mylab.com
設定時間校時
#> yum install ntpdate #> vi /etc/cron.hourly/ntpdate.cron #!/bin/sh /usr/sbin/ntpdate tock.stdtime.gov.tw &> /dev/null #> chmod 0755 /etc/cron.hourly/ntpdate.cron
套件安裝
#> rpm -ivh https://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm #> yum install puppet #> puppet --version 3.8.7
Master 與 Node 的通訊連接
從 Node 主機上執行
#> puppet agent --server=master.my.lab --no-daemonize --verbose Info: Creating a new SSL key for node.my.lab Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml Info: Creating a new SSL certificate request for node.my.lab Info: Certificate Request fingerprint (SHA256): B4:6D:AC:A7:DC:DE:70:2E:31:0E:59:09:14:01:BB:68:C6:67:48:42:43:C4:5A:1B:27:71:05:BF:A2:71:76:AB
從 Master 主機上執行
#> puppet cert list "node.my.lab" (SHA256) B4:6D:AC:A7:DC:DE:70:2E:31:0E:59:09:14:01:BB:68:C6:67:48:42:43:C4:5A:1B:27:71:05:BF:A2:71:76:AB
簽署來自 node 的憑證
#> puppet cert sign node.my.lab Notice: Signed certificate request for node.my.lab Notice: Removing file Puppet::SSL::CertificateRequest node.my.lab at '/var/lib/puppet/ssl/ca/requests/node.my.lab.pem' #> puppet cert list -all + "master.my.lab" (SHA256) 84:68:51:7B:6D:BF:8F:A2:A6:2B:8D:78:8D:2B:64:B1:E6:64:08:7B:00:78:CE:22:4D:1E:33:6A:8B:F9:EE:4F (alt names: "DNS:puppet", "DNS:master.my.lab") + "node.my.lab" (SHA256) 56:CF:88:D7:1D:C5:9B:BD:9E:EA:8C:F2:D7:06:07:09:CE:00:CC:10:75:B5:C3:04:08:6F:32:71:CA:6E:ED:15
從 Node 端再執行一次
#> puppet agent --server=master.my.lab --no-daemonize --verbose Notice: Starting Puppet client version 3.8.7 Info: Retrieving pluginfacts Info: Retrieving plugin Info: Caching catalog for node.my.lab Info: Applying configuration version '1473517210' Notice: Finished catalog run in 0.09 seconds 按 Ctrl + C 離開
TIP:
如果出現
Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: undefined method `include?' for nil:NilClass
重新再執行一次試試
簡單的測試 Node 與 Master 連線,還可以從 Node 端執行
# puppet agent --test Info: Retrieving pluginfacts Info: Retrieving plugin Info: Caching catalog for node.my.lab Info: Applying configuration version '1473589349' Notice: Finished catalog run in 0.12 seconds
從 Node 端
#> find /var/lib/puppet/ssl -name node.my.lab.pem -exec rm -f {} \; 從 Master 端 #> puppet cert list -all #> puppet cert clean <CERT-NAME>
第一次測試:使 Note 主機建立一個檔案 /tmp/puppet.txt
從 Node 端:
#> vi /etc/puppet/puppet.conf [main] … [agent] … server = master.my.lab runinterval = 5
#> service puppet start
從 Master 端
# vi /etc/puppet/manifests/site.pp file {"/tmp/puppet.txt": content => "puppet test\n", }