puppet master-agent 3.8安装

一、背景拓扑图

image.png

二、配置puppet-master主机

1、编辑/etc/hosts/ 文件

因为puppet之间的通信是通过解析主机名来进行的，因此在生产环境中可在内部DNS中添加相应的主机名解析来实现，实验中我们可使用修改/etc/hosts文件来测试验证。


#修改master主机的主机名为master

[root@puppet-master ~]# hostnamectl set-hostname puppet-master

#修改/etc/hosts文件

root@puppet-master ~]# vim /etc/hosts

127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4

::1 localhost localhost.localdomain localhost6 localhost6.localdomain6

192.168.0.81 puppet-master.localdomain puppet-master

192.168.0.83 puppet-agent.localdomain puppet-agent

2、安装puppetmaster服务

在官方提供的下载地址http://yum.puppetlabs.com/el/7/products/x86_64/中下载相应的rpm包，包括：facter-2.4.6-1.el7.x86_64.rpm，puppet-3.8.7-1.el7.noarch.rpm，puppet-server-3.8.7-1.el7.noarch.rpm，然后在master主机本地安装。


[root@puppet-master src]# yum install -y epel-release        #puppet所需要的部分依赖包来源于epel库

[root@puppet-agent src]# yum install -y puppet-server-3.8.7-1.el7.noarch.rpm facter-2.4.6-1.el7.x86_64.rpm puppet-3.8.7-1.el7.noarch.rpm

3、测试启动puppetmaster服务


[root@puppet-master src]# puppet master --no-daemonize -v

Info: Creating a new SSL key for ca

Info: Creating a new SSL certificate request for ca

Info: Certificate Request fingerprint (SHA256): 68:8D:30:BD:32:68:6D:F3:58:8E:16:92:F5:EA:ED:E4:9E:91:07:87:07:E8:6C:FC:43:C8:98:F1:89:12:D7:91

Notice: Signed certificate request for ca

Info: Creating a new certificate revocation list

Info: Creating a new SSL key for puppet-master.localdomain

Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml

Info: Creating a new SSL certificate request for puppet-master.localdomain

Info: Certificate Request fingerprint (SHA256): 90:B0:E0:B7:D1:96:2A:C2:8B:B8:AD:78:C1:94:D4:56:54:D0:97:30:DE:E0:32:94:2C:CE:AC:CE:9E:89:37:C1

Notice: puppet-master.localdomain has a waiting certificate request

Notice: Signed certificate request for puppet-master.localdomain

Notice: Removing file Puppet::SSL::CertificateRequest puppet-master.localdomain at '/var/lib/puppet/ssl/ca/requests/puppet-master.localdomain.pem'

Notice: Removing file Puppet::SSL::CertificateRequest puppet-master.localdomain at '/var/lib/puppet/ssl/certificate_requests/puppet-master.localdomain.pem'

Notice: Starting Puppet master version 3.8.7

4、以守护进程方式启动puppetmaster服务


[root@puppet-master ~]# systemctl start puppetmaster

[root@puppet-master ~]# systemctl enable puppetmaster

三、配置puppet-agent主机

1、修改/etc/hosts及主机名


#修改agent主机的主机名

[root@puppet-agent ~]# hostnamectl set-hostname puppet-agent

127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4

::1 localhost localhost.localdomain localhost6 localhost6.localdomain6

192.168.0.81 puppet-master.localdomain puppet-master

192.168.0.83 puppet-agent.localdomain puppet-agent

2、安装puppet-agent服务


[root@puppet-agent ~]# cd /usr/local/src/

[root@puppet-agent src]# yum install -y epel-release

[root@puppet-agent src]# yum install -y facter-2.4.6-1.el7.x86_64.rpm puppet-3.8.7-1.el7.noarch.rpm

3、测试启动puppetagent服务


[root@puppet-agent src]# puppet agent --server puppet-master --no-daemonize -v

Info: Caching certificate for ca

Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml

Info: Creating a new SSL certificate request for puppet-agent.localdomain

Info: Certificate Request fingerprint (SHA256): F8:4C:A4:FB:4F:C8:F8:6E:E0:E0:0D:0B:78:C4:20:A1:E2:20:3C:7E:4C:60:5A:DB:9A:53:74:FA:C3:F4:79:6A

Info: Caching certificate for ca

4、在puppetmaster主机上签发对应的agent证书


[root@puppet-master ~]# puppet cert list --all

  "puppet-agent.localdomain" (SHA256) F8:4C:A4:FB:4F:C8:F8:6E:E0:E0:0D:0B:78:C4:20:A1:E2:20:3C:7E:4C:60:5A:DB:9A:53:74:FA:C3:F4:79:6A

+ "puppet-master.localdomain" (SHA256) 80:E5:65:AF:36:76:FD:BF:FE:0F:CC:62:BE:2C:DA:29:F8:B1:28:FB:2C:DB:46:DC:9B:D0:2E:1D:D1:86:14:BA (alt names: "DNS:puppet", "DNS:puppet-master.localdomain", "DNS:puppet.localdomain")

[root@puppet-master ~]# puppet cert sign puppet-agent.localdomain

Notice: Signed certificate request for puppet-agent.localdomain

Notice: Removing file Puppet::SSL::CertificateRequest puppet-agent.localdomain at '/var/lib/puppet/ssl/ca/requests/puppet-agent.localdomain.pem'

在master主机上签发了证书后，重复执行测试启动puppetagent服务


[root@puppet-agent src]# puppet agent --server puppet-master.localdomain --no-daemonize -v

Info: Caching certificate for puppet-agent.localdomain

Info: Caching certificate_revocation_list for ca

Info: Caching certificate for puppet-agent.localdomain

Notice: Starting Puppet client version 3.8.7

Warning: Unable to fetch my node definition, but the agent run will continue:

Warning: undefined method `include?' for nil:NilClass

Info: Retrieving pluginfacts

Info: Retrieving plugin

Info: Caching catalog for puppet-agent.localdomain

Info: Applying configuration version '1536570816'

Info: Creating state file /var/lib/puppet/state/state.yaml

5、编辑puppetagent的配置文件


#在配置文件中的agent配置端添加server参数

[root@puppet-agent src]# vim /etc/puppet/puppet.conf

server = puppet-master.localdomain

6、以守护进程方式启动puppetagent服务


[root@puppet-agent ~]# systemctl start puppetagent

[root@puppet-agent ~]# systemctl enable puppetagent

Created symlink from /etc/systemd/system/multi-user.target.wants/puppet.service to /usr/lib/systemd/system/puppet.service.