已登入: Logged in as: 登入
搜尋:
Page last modified 12:10, 10 Oct 2016 by alang
User:alang > IT 專案工作 > Puppet
Page Notifications Off

Puppet

    說明

    系統環境

    • Linux:CentOS 6.8 64-bit, Minimal ISO
    • Puppet:Puppet 3.8


    IP/Hostname

    • master.my.lab / 192.168.31.100
    • node.my.lab / 192.168.31.101

    Puppet Master(Server)安裝

    設定 hosts 與 hostname

    #> /etc/sysconfig/network

HOSTNAME=master.my.lab

#> vi /etc/hosts

192.168.31.100    master.mylab.com
192.168.31.101    node.mylab.com

    設定時間校時

    #> yum install ntpdate
#> vi /etc/cron.hourly/ntpdate.cron

#!/bin/sh
/usr/sbin/ntpdate tock.stdtime.gov.tw &> /dev/null

#> chmod 0755 /usr/sbin/ntpdate

    套件安裝

    #> rpm -ivh https://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm
#> yum install puppetserver

    調整記憶體配置

    #> vi /etc/sysconfig/puppetserver

JAVA_ARGS="-Xms512m -Xmx512m -XX:MaxPermSize=256m"

    TIPs:

    預設 puppet server 需要使用 2G 的記憶體配置,如果實際記憶體不足,必須修改設定檔。

    啟動 puppetserver

    #> serviec puppetserver start

    TIP:

    如果啟動失敗,檢查日誌檔 /var/log/puppetserver/puppetserver.log

    檢查服務狀態

    # ps -ef | grep puppetserver
puppet    1049     1 17 19:05 ?        00:00:59 /usr/bin/java -XX:OnOutOfMemoryError=kill -9 %p -Djava.security.egd=/dev/urandom -Xms512m -Xmx512m -XX:MaxPermSize=256m -cp /usr/share/puppetserver/puppet-server-release.jar clojure.main -m puppetlabs.trapperkeeper.main --config /etc/puppetserver/conf.d -b /etc/puppetserver/bootstrap.cfg

# netstat -lt

tcp        0      0 *:8140                      *:*                         LISTEN

#> puppet master --version
3.8.7

    設定 puppet.conf

    #> vi /etc/puppet/puppet.conf

dns_alt_names = master.my.lab

    TIP:

    dns_alt_names 這用來取代 DNS 名稱,不設定也行。

    CA Master(如果這部 Master 是扮演 CA 主機)

    #> service puppetserver stop
#> puppet master --verbose --no-daemonize

畫面顯示 Notice: Starting Puppet master version 3.8.7
按 Ctrl + C 退出程式

#> service puppetserver start
#> puppet cert list -all

+ "master.my.lab" (SHA256) 10:3F:81:4C:D9:59:E8:35:43:15:32:D9:DA:AF:67:84:9F:77:3A:D7:32:0B:EE:55:BD:A7:DA:64:A3:D5:5C:32 (alt names: "DNS:master.my.lab")

    其他 Non-CA Master(不擔任 CA 主機)

    #> puppet agent --test --ca_server= master.my.lab

    到 CA Master 主機

    #> puppet cert --allow-dns-alt-names sign <CERT-NAME>

    TIP:

    CERT-NAME 可以執行 puppet cert list 查詢

    Puppet Agent(Client)安裝:

    設定 hosts 與 hostname

    #> /etc/sysconfig/network

HOSTNAME=node.my.lab

#> vi /etc/hosts

192.168.31.100    master.mylab.com
192.168.31.101    node.mylab.com

    設定時間校時

    #> yum install ntpdate
#> vi /etc/cron.hourly/ntpdate.cron

#!/bin/sh
/usr/sbin/ntpdate tock.stdtime.gov.tw &> /dev/null

#> chmod 0755 /etc/cron.hourly/ntpdate.cron

    套件安裝

    #> rpm -ivh https://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm
#> yum install puppet

#> puppet --version
3.8.7
    Master 與 Node 的通訊連接

    從 Node 主機上執行

    #> puppet agent --server=master.my.lab --no-daemonize --verbose
Info: Creating a new SSL key for node.my.lab
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for node.my.lab
Info: Certificate Request fingerprint (SHA256): B4:6D:AC:A7:DC:DE:70:2E:31:0E:59:09:14:01:BB:68:C6:67:48:42:43:C4:5A:1B:27:71:05:BF:A2:71:76:AB

    從 Master 主機上執行

    #> puppet cert list
  "node.my.lab" (SHA256) B4:6D:AC:A7:DC:DE:70:2E:31:0E:59:09:14:01:BB:68:C6:67:48:42:43:C4:5A:1B:27:71:05:BF:A2:71:76:AB
    簽署來自 node 的憑證
    #> puppet cert sign node.my.lab
Notice: Signed certificate request for node.my.lab
Notice: Removing file Puppet::SSL::CertificateRequest node.my.lab at '/var/lib/puppet/ssl/ca/requests/node.my.lab.pem'

#> puppet cert list -all
+ "master.my.lab" (SHA256) 84:68:51:7B:6D:BF:8F:A2:A6:2B:8D:78:8D:2B:64:B1:E6:64:08:7B:00:78:CE:22:4D:1E:33:6A:8B:F9:EE:4F (alt names: "DNS:puppet", "DNS:master.my.lab")
+ "node.my.lab"   (SHA256) 56:CF:88:D7:1D:C5:9B:BD:9E:EA:8C:F2:D7:06:07:09:CE:00:CC:10:75:B5:C3:04:08:6F:32:71:CA:6E:ED:15

    從 Node 端再執行一次

    #> puppet agent --server=master.my.lab --no-daemonize --verbose
Notice: Starting Puppet client version 3.8.7
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for node.my.lab
Info: Applying configuration version '1473517210'
Notice: Finished catalog run in 0.09 seconds

按 Ctrl + C 離開

    TIP:

    如果出現
    Warning: Unable to fetch my node definition, but the agent run will continue:
    Warning: undefined method `include?' for nil:NilClass
    重新再執行一次試試

    簡單的測試 Node 與 Master 連線,還可以從 Node 端執行

    # puppet agent --test
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for node.my.lab
Info: Applying configuration version '1473589349'
Notice: Finished catalog run in 0.12 seconds
    清除憑證

    從 Node 端

    #> find /var/lib/puppet/ssl -name node.my.lab.pem -exec rm -f {} \;

從 Master 端
#> puppet cert list -all
#> puppet cert clean <CERT-NAME>

    第一次測試:使 Note 主機建立一個檔案 /tmp/puppet.txt
    從 Node 端:

    #> vi /etc/puppet/puppet.conf

[main]
…

[agent]
…
server = master.my.lab
runinterval = 5
    啟動服務
    #> service puppet start

    從 Master 端

    # vi /etc/puppet/manifests/site.pp

file {"/tmp/puppet.txt":
    content => "puppet test\n",
}
    標籤 (Edit tags)
    • No tags
    什麼連接到這裡

    文件 0

    附加檔案或者圖像
     
    您必須 登入 才能發佈評論。
    Powered by MindTouch Core