puppet安装

配置主机名
[root@server ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.220.138 server
192.168.220.139 client

[root@client ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.220.138 server
192.168.220.139 client

[root@server ~]#  rpm -ivh http://yum.puppetlabs.com/el/7/products/x86_64/puppetlabs-release-7-12.noarch.rpm
[root@client ~]#  rpm -ivh http://yum.puppetlabs.com/el/7/products/x86_64/puppetlabs-release-7-12.noarch.rpm

[root@server ~]# yum install openssl openssl-devel  ruby -y
[root@client ~]# yum install openssl openssl-devel ruby -y
[root@server ~]# yum install puppet-server puppet -y
[root@client ~]# yum install puppet -y
[root@server ~]# ls /etc/puppet/
auth.conf  environments  fileserver.conf  manifests  modules  puppet.conf
[root@client ~]# ls /etc/puppet/
auth.conf  modules  puppet.conf

# auth.conf --> client访问puppet server的ACL配置文件
# fileserver.conf --> puppet server 作为文件服务器的ACL配置文件
# puppet.conf --> Puppet服务器配置文件
# manifests --> Puppet脚本主文件目录，至少需要包含site.pp文件。site.pppuppet主文件（入口文件）。所有要在服务器上执行的操作都写在这种.pp结尾的文件中。

[root@server ~]# systemctl start puppetmaster
[root@server ~]# netstat -antup | grep 8140
tcp        0      0 0.0.0.0:8140            0.0.0.0:*               LISTEN      4115/ruby
[root@server ~]# lsof -i:8140
COMMAND  PID   USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
puppet  4115 puppet    8u  IPv4  24693      0t0  TCP *:8140 (LISTEN)

[root@client ~]# vim /etc/puppet/puppet.conf
添加
[agent]
server=server    #指定puppetmaster主机名
[root@client ~]# systemctl restart puppet
[root@client ~]#  puppet agent -t #发送认证
[root@server ~]# puppet cert list    #查看证书
[root@server ~]# puppet cert --sign --list
  "client"             (SHA256) 18:E4:F0:93:C5:F3:DA:AB:72:4F:5E:B2:BE:7E:56:4E:02:78:AB:3D:16:98:C0:64:02:9A:49:9E:A2:C7:E4:FE
[root@server ~]# puppet cert --sign client    #通过认证
[root@server ~]# ls /var/lib/puppet/ssl/ca/signed/
client.pem
 

 

案例测试

[root@server ~]# vim /etc/puppet/manifests/site.pp
 node default{
     file {"/tmp/test.txt":
             content=>"this is test file;"

}
}
[root@client ~]# systemctl restart puppet
[root@client ~]# cat /tmp/test.txt 
this is test file

[root@server ~]# vim /etc/puppet/manifests/site.pp
  1 node default{
  2     file { "/tmp/test.txt":
  3             content=> "this is test file",
  4             owner=> "puppet",
  5             group=> "puppet",
  6             mode=> 777;
  7 }
  8 }
[root@client opt]# puppet agent --test
[root@client opt]# ll /tmp/test.txt 
-rwxrwxrwx 1 puppet puppet 17 8月  18 10:26 /tmp/test.txt
 

 

这种问题的话是PuppetMaster端和PuppetClient的证书不匹配。

解决方法如下：

                                   清除Master和客户端的SSl证书：

                                  Master：puppet cert --clean --all

                                Client：rm -rf /var/lib/puppet/ssl/
重启解决
 

 

 

来源：oschina

链接：https://my.oschina.net/u/3966437/blog/4294760