puppet是一个IT基础设施自动化管理工具,它能够帮助系统管理员管理基础设施的整个生命周期: 供应(provisioning)、配置(configuration)、联动(orchestration)及报告(reporting)。
安装环境centos7.5 ,1台server 2台client
192.168.1.114 master.puppetcao.com
192.168.1.115 nginxnode1.puppetcao.com
192.168.1.116 nginxnode2.puppetcao.com
一。修改hostname避免认证出现各种问题(server 如下,client类似)
第一个地方 [root@master manifests]# cat /etc/hosts 127.0.0.1 master.puppetcao.com localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.1.114 master.puppetcao.com 192.168.1.115 nginxnode1.puppetcao.com 192.168.1.116 nginxnode2.puppetcao.com 第二个地方 hostnamectl set-hostname master.puppetcao.com 第三个地方 [root@master manifests]# cat /etc/hostname master.puppetcao.com
二。安装puppet (client先不要启动 等配置好再启动)
安装puppet server rpm -ivh http://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm yum update yum install puppet-server systemctl restart puppetmaster 安装puppet client rpm -ivh http://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm yum update yum install puppet
三.认证
修改 node上的/etc/puppet/puppet.conf 增加下面信息(2台client certname不一样) certname=nginxnode2.puppetcao.com server=master.puppetcao.com runinterval=60 认证client端发起认证 [root@nginxnode1 yum.repos.d]# puppet agent -t Info: Creating a new SSL key for nginxnode1.puppetcao.com Info: Caching certificate for ca Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml Info: Creating a new SSL certificate request for nginxnode1.puppetcao.com Info: Certificate Request fingerprint (SHA256): DA:80:03:FC:14:39:99:7A:6C:31:BB:78:5B:23:25:96:CD:8B:27:80:14:82:0E:B2:D2:04:0E:FC:BB:7F:1E:FC Info: Caching certificate for ca Exiting; no certificate found and waitforcert is disabled server端 查看认证并授权 [root@master ~]# puppet cert --list "nginxnode1.puppetcao.com" (SHA256) DA:80:03:FC:14:39:99:7A:6C:31:BB:78:5B:23:25:96:CD:8B:27:80:14:82:0E:B2:D2:04:0E:FC:BB:7F:1E:FC [root@master ~]# puppet cert sign --all Notice: Signed certificate request for nginxnode1.puppetcao.com Notice: Removing file Puppet::SSL::CertificateRequest nginxnode1.puppetcao.com at '/var/lib/puppet/ssl/ca/requests/nginxnode1.puppetcao.com.pem' client端 认证 [root@nginxnode1 yum.repos.d]# puppet agent -t Info: Caching certificate for nginxnode1.puppetcao.com Info: Caching certificate_revocation_list for ca Info: Caching certificate for nginxnode1.puppetcao.com Warning: Unable to fetch my node definition, but the agent run will continue: Warning: undefined method `include?' for nil:NilClass Info: Retrieving pluginfacts Info: Retrieving plugin Info: Caching catalog for nginxnode1.puppetcao.com Info: Applying configuration version '1568783659' Info: Creating state file /var/lib/puppet/state/state.yaml Notice: Finished catalog run in 0.01 seconds 看到上面信息即正常