puppet 安装

yum源配置

1. wget http://ftp.kaist.ac.kr/fedora//epel/6/i386/epel-release-6-8.noarch.rpm
2. yum list | grep puppet`  //测试yum源配置有没有问题

NTP时间服务器配置

 vi /etc/ntp.conf 
-----------------------
driftfile /var/lib/ntp/drift
Broadcastdelay 0.008
logfile /var/log/ntp.log
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
restrict 127.0.0.1 
restrict -6 ::1


restrict 172.16.1.0 mask 255.255.0.0 nomodify notrap

server 127.127.1.0
fudge 127.127.1.0 stratum 10 refid NIST
includefile /etc/ntp/crypto/pw
keys /etc/ntp/keys 

启动ntpd服务并加入开机启动

service ntpd start   
chkconfig ntpd on 

过几分钟之后客户端进行测试

1. service ntpd start
2. ntpdate 172.16.1.1 #这个IP地址是你时间服务器的IP地址

puppetmaster的安装

yum install -y puppetmaster puppet facter #系统会自己安装ruby环境，因为puppet是用ruby写的所以需要ruby环境的支持  

配置puppet.conf

vim /etc/puppet/puppet.conf

[main]
logdir = /var/log/puppet  #默认日志存放路径
rundir = /var/run/puppet  #pid存放路径
ssldir = $vardir/ssl #证书存放目录，默认$vardir为/var/lib/puppet
[agent]
classfile = $vardir/classes.txt
localconfig = $vardir/localconfig
server = puppetmaster.kisspuppet.com #设置agent认证连接master端的服务器名称，注意这个名字必须能够被节点解析
certname = puppetmaster_cert.kisspuppet.com #设置agent端certname名称
[master]
certname = puppetmaster.kisspuppet.com  puppetmaster.kisspuppet.com #设置puppetmaster认证服务器名

创建site.pp文件

touch /etc/puppet/manifests/site.pp

启动puppetmaster服务

1. /etc/init.d/puppetmaster start  
2. chkconfig puppetmaster on 

查看证书的生成情况 因为第一次启动会自动生成证书自动注册自己

tree /var/lib/puppet/ssl

/var/lib/puppet/ssl/
├── ca
│   ├── ca_crl.pem
│   ├── ca_crt.pem
│   ├── ca_key.pem
│   ├── ca_pub.pem
│   ├── inventory.txt
│   ├── private
│   │   └── ca.pass
│   ├── requests
│   ├── serial
│   └── signed
│       └── puppetmaster.kisspuppet.com.pem  #已注册
├── certificate_requests
├── certs
│   ├── ca.pem
│   └── puppetmaster.kisspuppet.com.pem
├── crl.pem
├── private
├── private_keys
│   └── puppetmaster.kisspuppet.com.pem
└── public_keys
└── puppetmaster.kisspuppet.com.pem

列出已经注册成功的证书

puppet cert --list --all  #带+标示已经注册成功

puppetagent安装

yum install puppet facter

配置puppet.conf

vim /etc/puppet/puppet.conf

[main]
logdir = /var/log/puppet
rundir = /var/run/puppet
ssldir = $vardir/ssl

[agent]
classfile = $vardir/classes.txt
localconfig = $vardir/localconfig
server = puppetmaster.kisspuppet.com  #指向puppetmaster端
certname = agent1_cert.kisspuppet.com #设置自己的certname名

通过调试模式启动节点向Puppetmaster端发起认证

puppet agent --test

info: Creating a new SSL key for agent1_cert.kisspuppet.com
info: Caching certificate for ca
info: Creating a new SSL certificate request for agent1_cert.kisspuppet.com
info: Certificate Request fingerprint (md5): 69:D2:86:E4:7F:00:E0:55:61:19:02:34:9E:9B:AF:F9
Exiting; no certificate found and waitforcert is disabled

服务器端确定认证

 [root@puppetmaster ~]#puppet cert --list --all
 "agent1_cert.kisspuppet.com"  (69:D2:86:E4:7F:00:E0:55:61:19:02:34:9E:9B:AF:F9) #未认证
+ "puppetmaster.kisspuppet.com" (C0:E3:6B:76:36:EC:92:93:4D:BF:F0:8F:77:00:91:C8) (alt names: "DNS:puppet", "DNS:puppet.kisspuppet.com", "DNS:puppetmaster.kisspuppet.com")

注册client1

[root@puppetmaster ~]#puppet cert --sign agent1_cert.kisspuppet.com #注册agent1
notice: Signed certificate request for agent1_cert.kisspuppet.com
notice: Removing file Puppet::SSL::CertificateRequest agent1_cert.kisspuppet.com at '/var/lib/puppet/ssl/ca/requests/agent1_cert.kisspuppet.com.pem'

再次查看认证情况

[root@puppetmaster ~]# puppet cert --list --all 
+ "agent1_cert.kisspuppet.com"  (3E:46:4E:75:34:9A:5A:62:A6:3C:AE:BD:49:EE:C0:F5)
+ "puppetmaster.kisspuppet.com" (C0:E3:6B:76:36:EC:92:93:4D:BF:F0:8F:77:00:91:C8) (alt names: "DNS:puppet", "DNS:puppet.kisspuppet.com", "DNS:puppetmaster.kisspuppet.com")

client2和client3和client1一样都需要编辑本配置文件并启动服务

其它节点一起认证

[root@puppetmaster ~]# puppet agent --test #puppetmaster自己申请agent认证
info: Creating a new SSL key for puppetmaster_cert.kisspuppet.com
info: Creating a new SSL certificate request for puppetmaster_cert.kisspuppet.com
info: Certificate Request fingerprint (md5): 7D:AC:F7:97:04:2B:E4:C5:74:4A:16:05:DB:F6:6A:98
Exiting; no certificate found and waitforcert is disabled

[root@puppetmaster ~]# puppet cert --sign --all #注册所有请求的节点
notice: Signed certificate request for puppetmaster_cert.kisspuppet.com
notice: Removing file Puppet::SSL::CertificateRequest puppetmaster_cert.kisspuppet.com at '/var/lib/puppet/ssl/ca/requests/puppetmaster_cert.kisspuppet.com.pem'
notice: Signed certificate request for agent2_cert.kisspuppet.com
notice: Removing file Puppet::SSL::CertificateRequest agent2_cert.kisspuppet.com at '/var/lib/puppet/ssl/ca/requests/agent2_cert.kisspuppet.com.pem'
notice: Signed certificate request for agent3_cert.kisspuppet.com
notice: Removing file Puppet::SSL::CertificateRequest agent3_cert.kisspuppet.com at '/var/lib/puppet/ssl/ca/requests/agent3_cert.kisspuppet.com.pem'

[root@puppetmaster ~]# puppet cert --list --all #查看所有节点认证
+ "agent1_cert.kisspuppet.com"       (3E:46:4E:75:34:9A:5A:62:A6:3C:AE:BD:49:EE:C0:F5)
+ "agent2_cert.kisspuppet.com"       (A0:CE:70:BE:A9:11:BF:F4:C8:EF:25:8E:C2:2C:3B:B7)
+ "agent3_cert.kisspuppet.com"       (98:93:F7:0C:ED:94:81:3D:51:14:86:68:2B:F3:F1:A0)
+ "puppetmaster.kisspuppet.com"      (C0:E3:6B:76:36:EC:92:93:4D:BF:F0:8F:77:00:91:C8) (alt names: "DNS:puppet", "DNS:puppet.kisspuppet.com", "DNS:puppetmaster.kisspuppet.com")
+ "puppetmaster_cert.kisspuppet.com" (57:A3:D7:3D:64:2F:D6:FD:BC:2A:6C:79:68:73:EA:AB)

编写简单的motd模块

创建模块目录结构 注意：再未指定modulepath搜索路径的情况下，会有默认搜索路径的，可通过以下方式查看到

[root@puppetmaster ~]# puppet master --genconfig >/etc/puppet/puppet.conf.out
[root@puppetmaster ~]# cat /etc/puppet/puppet.conf.out | grep modulepath
    modulepath = /etc/puppet/modules:/usr/share/puppet/modules

[root@puppetmaster modules]# tree /etc/puppet/modules/
/etc/puppet/modules/
└── motd
    ├── files  #存放文件目录
    │   └── etc
    │       └── motd
    ├── manifests  #存放模块pp配置文件目录
    │   └── init.pp
    └── templates #存放模板目录

5 directories, 2 files

编写pp文件

[root@puppetmaster modules]# vim motd/manifests/init.pp 
class motd{                 #定义一个类叫motd
  package{ 'setup':    #定义package资源
    ensure => present,  #要求setup这个包处于被安装状态
  }
  file{ '/etc/motd':  #定义file资源
    ensure  => present,  #要求file文件处于存在状态
    owner   => 'root', #要求file文件属主为root
    group   => 'root', #要求file文件属组为root
    mode    => '0644', #要求file文件权限为644
    source  => "puppet://$puppetserver/modules/motd/etc/motd", #要求file文件从puppetmaster端服务器下载
    require => Package['setup'], #要求文件被配置之前先执行package资源
  }
}

[root@puppetmaster modules]# cat motd/files/etc/motd 
--                       --
--------puppet test---------
--                       --

编写site.pp文件

[root@puppetmaster ~]# vim /etc/puppet/manifests/site.pp 

$puppetserver = 'puppetmaster.kisspuppet.com' #设置全局变量
node 'puppetmaster_cert.kisspuppet.com'{
  include  motd
}
node 'agent1_cert.kisspuppet.com'{
  include  motd
}

node 'agent2_cert.kisspuppet.com'{
  include  motd
}

node 'agent3_cert.kisspuppet.com'{
  include  motd
}

测试motd模块

[root@agent1 ~]# puppet agent --test  #测试节点agent1
info: Caching catalog for agent1_cert.kisspuppet.com
info: Applying configuration version '1394304542'
notice: /Stage[main]/Motd/File[/etc/motd]/content: 
--- /etc/motd    2000-01-13 07:18:52.000000000 +0800
+++ /tmp/puppet-file20140309-4571-1vqc18j-0    2014-03-09 02:51:47.000000000 +0800
@@ -0,0 +1,3 @@
+--                       --
+--------puppet test---------
+--                       --

info: FileBucket adding {md5}d41d8cd98f00b204e9800998ecf8427e
info: /Stage[main]/Motd/File[/etc/motd]: Filebucketed /etc/motd to puppet with sum d41d8cd98f00b204e9800998ecf8427e
notice: /Stage[main]/Motd/File[/etc/motd]/content: content changed '{md5}d41d8cd98f00b204e9800998ecf8427e' to '{md5}87ea3a1af8650395038472457cc7f2b1'
notice: Finished catalog run in 0.40 seconds

[root@agent1 ~]# cat /etc/motd 
--                       --
--------puppet test---------
--                       --
[root@agent1 ~]# 


[root@puppetmaster ~]# puppet agent -t  #测试节点puppetmaster
info: Caching catalog for puppetmaster_cert.kisspuppet.com
info: Applying configuration version '1394305371'
notice: /Stage[main]/Motd/File[/etc/motd]/content: 
--- /etc/motd    2010-01-12 21:28:22.000000000 +0800
+++ /tmp/puppet-file20140309-3102-1gadon0-0    2014-03-09 03:02:51.966998294 +0800
@@ -0,0 +1,3 @@
+--                       --
+--------puppet test---------
+--                       --

info: FileBucket adding {md5}d41d8cd98f00b204e9800998ecf8427e
info: /Stage[main]/Motd/File[/etc/motd]: Filebucketed /etc/motd to puppet with sum d41d8cd98f00b204e9800998ecf8427e
notice: /Stage[main]/Motd/File[/etc/motd]/content: content changed '{md5}d41d8cd98f00b204e9800998ecf8427e' to '{md5}87ea3a1af8650395038472457cc7f2b1'
info: Creating state file /var/lib/puppet/state/state.yaml
notice: Finished catalog run in 0.52 seconds
[root@puppetmaster ~]# cat /etc/motd 
--                       --
--------puppet test---------
--                       --

转载自：https://kisspuppet.gitbooks.io/puppet/content/puppetlearningbase3.html