• 企业400电话
  • 微网小程序
  • AI电话机器人
  • 电商代运营
  • 全 部 栏 目

    企业400电话 网络优化推广 AI电话机器人 呼叫中心 网站建设 商标✡知产 微网小程序 电商运营 彩铃•短信 增值拓展业务
    在CentOS系统下安装Puppet和Puppet Foreman的教程

    一、系统环境:
     
    Centos6.4 x86_64
     
    192.168.6.171 puppet.domain.com
     
    192.168.6.173 agent1.domian.com

    二、关闭selinux 和 iptables(我这里是测试环境,也可以增加puppet端口8140)
     

    复制代码
    代码如下:
    setenforce 0

    /etc/init.d/iptables stop chkconfig iptables off

     

    三、更改主机名、使用host解析
     

    复制代码
    代码如下:
    [root@test ~]# cat /etc/sysconfig/network // # 192.168.6.171
    NETWORKING=yes
    NETWORKING_IPV6=no
    HOSTNAME=puppet.domain.com

    [root@test ~]# cat /etc/hosts
    192.168.6.171 puppet.domain.com
    192.168.6.173 agent1.domain.com

    [root@test ~]cat /etc/sysconfig/network // # 192.168.6.173
    NETWORKING=yes
    NETWORKING_IPV6=no
    HOSTNAME=agent1.domain.com

    [root@test ~]# cat /etc/hosts
    192.168.6.171 puppet.domain.com
    192.168.6.173 agent1.domain.com

     

    四、安装yum源

    1、# 下载地址 https://lug.ustc.edu.cn/wiki/mirrors/help/centos
     

    复制代码
    代码如下:
    [root@puppet yum.repos.d]# cat CentOS-Base.repo
    # CentOS-Base.repo
    #
    # The mirror system uses the connecting IP address of the client and the
    # update status of each mirror to pick mirrors that are updated to and
    # geographically close to the client. You should use this for CentOS updates
    # unless you are manually picking other mirrors.
    #
    # If the mirrorlist= does not work for you, as a fall back you can try the
    # remarked out baseurl= line instead.
    #
    #

    [base]
    name=CentOS-$releasever - Base - mirrors.ustc.edu.cn
    baseurl=http://mirrors.ustc.edu.cn/centos/$releasever/os/$basearch/
    #mirrorlist=http://mirrorlist.centos.org/?release=$releaseverarch=$basearchrepo=os
    gpgcheck=1
    gpgkey=http://mirrors.ustc.edu.cn/centos/RPM-GPG-KEY-CentOS-6

    #released updates
    [updates]
    name=CentOS-$releasever - Updates - mirrors.ustc.edu.cn
    baseurl=http://mirrors.ustc.edu.cn/centos/$releasever/updates/$basearch/
    #mirrorlist=http://mirrorlist.centos.org/?release=$releaseverarch=$basearchrepo=updates
    gpgcheck=1
    gpgkey=http://mirrors.ustc.edu.cn/centos/RPM-GPG-KEY-CentOS-6

    #additional packages that may be useful
    [extras]
    name=CentOS-$releasever - Extras - mirrors.ustc.edu.cn
    baseurl=http://mirrors.ustc.edu.cn/centos/$releasever/extras/$basearch/
    #mirrorlist=http://mirrorlist.centos.org/?release=$releaseverarch=$basearchrepo=extras
    gpgcheck=1
    gpgkey=http://mirrors.ustc.edu.cn/centos/RPM-GPG-KEY-CentOS-6

    #additional packages that extend functionality of existing packages
    [centosplus]
    name=CentOS-$releasever - Plus - mirrors.ustc.edu.cn
    baseurl=http://mirrors.ustc.edu.cn/centos/$releasever/centosplus/$basearch/
    #mirrorlist=http://mirrorlist.centos.org/?release=$releaseverarch=$basearchrepo=centosplus
    gpgcheck=1
    enabled=0
    gpgkey=http://mirrors.ustc.edu.cn/centos/RPM-GPG-KEY-CentOS-6

    #contrib - packages by Centos Users
    [contrib]
    name=CentOS-$releasever - Contrib - mirrors.ustc.edu.cn
    baseurl=http://mirrors.ustc.edu.cn/centos/$releasever/contrib/$basearch/
    #mirrorlist=http://mirrorlist.centos.org/?release=$releaseverarch=$basearchrepo=contrib
    gpgcheck=1
    enabled=0
    gpgkey=http://mirrors.ustc.edu.cn/centos/RPM-GPG-KEY-CentOS-6

    2、安装puppet官方yum源
     

    复制代码
    代码如下:
    rpm -Uvh http://yum.puppetlabs.com/el/6Server/products/x86_64/puppetlabs-release-6-6.noarch.rpm

    五、安装ruby环境(master和agent端都要操作)
     

    复制代码
    代码如下:
    yum -y install ruby ruby-libs ruby-shadow



    [root@puppet yum.repos.d]# ruby -v //# 检查ruby版本
    ruby 1.8.7 (2011-06-30 patchlevel 352) [x86_64-linux]

     
    master:

    复制代码
    代码如下:
    yum -y install puppet-server

     
     
     
    agent:

    复制代码
    代码如下:
    yum -y install puppet

     
     

    六、puppet配置文件(看到外面很多的文档又是[main] [agent] [master] 把我都绕晕了 我就直接贴我的配置文件 很简单要改的东西很少)

    1、master端的配置文件
     

    复制代码
    代码如下:
    [root@pupet ~]# cd /etc/puppet/

    [root@pupet puppet]# cat puppet.conf

    [main]

    vardir = /var/lib/puppet // # 用来存放缓存数据、配置、客户端返回的报告及文件备份

    logdir = /var/log/puppet

    rundir = /var/run/puppet

    ssldir = $vardir/ssl // # 签发认证文件目录



    [master]

    reports = foreman,console,log // # 发送报告至console,foreman,log

    certname = puppet.domain.com // # 配置主机名是puppet.domain.com

    pluginsync = true // # 开启插件同步

    environment = production // # 指定运行环境是生产

    # /etc/init.d/puppetmaster start 启动puppetmaster

     
     

    2、agent端的配置文件
     

    复制代码
    代码如下:
    [root@agent ~]# cd /etc/puppet/
    [root@agent puppet]# cat puppet.conf
    [main]
    logdir = /var/log/puppet
    rundir = /var/run/puppet
    ssldir = $vardir/ssl
    pluginsync = true

    [agent]
    classfile = $vardir/classes.txt
    localconfig = $vardir/localconfigs
    #runinterval = 300
    listen = true
    report = true
    server = puppet.domain.com // #指定server端

    # /etc/init.d/puppet start 启动puppet agent

     

    七、puppet验证

    1、客户端发起验证
     

    复制代码
    代码如下:
    [root@agent1 yum.repos.d]# puppet agent --test --server puppet.domain.com

    Info: Caching certificate for ca
    Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
    Info: Creating a new SSL certificate request for agent1.domain.com
    Info: Certificate Request fingerprint (SHA256): C0:BB:24:3B:4B:59:F1:63:3D:EA:C1:EB:5B:2D:84:68:23:BA:F3:3D:0A:E6:8C:0E:38:3F:9E:F3:40:24:9A:68
    Info: Caching certificate for ca
    Exiting; no certificate found and waitforcert is disabled

    2、服务端查看
     

    复制代码
    代码如下:
    [root@puppet puppet]# puppet cert --list --all

    "agent1.domain.com" (SHA256) C0:BB:24:3B:4B:59:F1:63:3D:EA:C1:EB:5B:2D:84:68:23:BA:F3:3D:0A:E6:8C:0E:38:3F:9E:F3:40:24:9A:68
    + "puppet.domain.com" (SHA256) AF:F9:25:75:0F:3A:C5:E2:B5:71:EE:4E:65:82:7A:C1:3E:20:74:EF:57:2D:2D:1D:E5:47:1D:03:76:A5:5C:07 (alt names: "DNS:puppet", "DNS:puppet.domain.com")

    3、服务端完成验证(显示+号代表添加进来了 没有的话是带添加的主机)
     

    复制代码
    代码如下:
    [root@puppet puppet]# puppet cert sign agent1.domain.com

    Notice: Signed certificate request for agent1.domain.com
    Notice: Removing file Puppet::SSL::CertificateRequest agent1.domain.com at '/var/lib/puppet/ssl/ca/requests/agent1.domain.com.pem'

    复制代码
    代码如下:
    [root@puppet puppet]# puppet cert --list --all

    + "agent1.domain.com" (SHA256) 70:00:4D:89:53:2B:A4:C4:16:C4:DA:F1:63:59:5A:7A:0C:26:47:3B:74:4D:1C:29:C3:1B:BF:2E:B1:F4:89:D5
    + "puppet.domain.com" (SHA256) AF:F9:25:75:0F:3A:C5:E2:B5:71:EE:4E:65:82:7A:C1:3E:20:74:EF:57:2D:2D:1D:E5:47:1D:03:76:A5:5C:07 (alt names: "DNS:puppet", "DNS:puppet.domain.com")

    4、服务端自动验证配置
     

    复制代码
    代码如下:
    vi /etc/puppet/puppet.conf // # 添加自动验证配置文件路径并开启

    autosign = $confdir/autosign.conf { mode = 664 }
    auto = true

    vi /etc/puppet/autosign.conf // # 指定所有以.domain.com结尾的主机名自动添加验证

    *.domain.com

    5、master取消授权
     

    复制代码
    代码如下:
    puppet cert --revoke agent1.domain.com

    6、master删除授权
     
    在master端:
     

    复制代码
    代码如下:
    puppet cert --clean agent1.domain.com

     
    在agent端:
     

    复制代码
    代码如下:
    find /var/lib/puppet/ssl/ -iname 'hostname'.pem -exec /bin/rm –rf {}

    八、测试puppet文件推送功能
     
    master端:
     

    复制代码
    代码如下:
    # 定义一个test模块

    [root@puppet test]# pwd
    /etc/puppet/modules/test
    [root@puppet test]# ls
    files manifests templates

    # 自定资源文件

    [root@puppet test]# cd manifests/
    [root@puppet manifests]# ls
    init.pp
    [root@puppet manifests]# cat init.pp
    class test {
    file { "/tmp/$hostname.txt": content => "hello $hostname.txt"; }
    }

    # 对agent.domain.com节点倒入test模块

    [root@puppet nodes]# pwd
    /etc/puppet/manifests/nodes
    [root@puppet nodes]# cat agent.domain.com.pp
    node 'agent.domain.com' {
    include test
    }

    # 入口文件导入所有的节点

    [root@puppet manifests]# pwd
    /etc/puppet/manifests
    [root@puppet manifests]# cat site.pp
    import "nodes/*.domain.com.pp"

     
    # agent 端
     

    复制代码
    代码如下:
    [root@agent1 yum.repos.d]# puppet agent --test --server puppet.domain.com
    Notice: Ignoring --listen on onetime run
    Info: Retrieving pluginfacts
    Info: Retrieving plugin
    Info: Caching catalog for agent1.domain.com
    Info: Applying configuration version '1408524165'
    Notice: /Stage[main]/Test/File[/tmp/agent1.txt]/ensure: defined content as '{md5}7509cca57ec6faec2d5dd2c76a68ea0b'
    Notice: Finished catalog run in 0.10 seconds

    # 验证文件

    [root@agent1 yum.repos.d]# cat /tmp/agent1.txt
    hello agent1.txt

    安装Puppet foreman

    准备工作:

    1.在安装foreman之前呢咱们需要安装epel的源否则在执行yum -y install foreman-installer 很多包是安装不上的


    复制代码
    代码如下:
    rpm -ivh http://mirrors.sohu.com/fedora-epel/6/x86_64/epel-release-6-8.noarch.rpm

    一、安装
     

    复制代码
    代码如下:
    yum -y install http://yum.theforeman.org/releases/1.6/el6/x86_64/foreman-release.rpm // 推荐使用官方的源自动解决依赖问题

    yum -y install foreman-installer // # 开始安装 如果发现有的包安装报错需要仔细检查是不是源的问题(推荐epel源) 或者 防火墙 和 selinux

    二、运行foreman安装(以下二选其一即可,推荐非交互安装方式)
     

    复制代码
    代码如下:
    foreman-installer // # 这里所有的过程都是自动的 时间有点长,是太长了 好长...我又邪恶了~~

    foreman-installer -i // # 如果需要自定义安装 可以使用 -i 选择交互式安装 详情请参考官方手册

    # 貌似每次我安装都会卡在这里,不知道什么原因 我每次都会把它结束掉重新执行foreman-installer 就好了 无解。。

    Installing Debug: Package[foreman-postgresql](provider=yum): [22%] [....................

    5794 ? Ss 0:04 /usr/bin/python /usr/bin/yum -d 0 -e 0 -y install foreman-postgresql // 进程一直卡在这里

    # 安装完后可以很清楚的看到httpd启动失败 咱们这里需要手动启动一下 /etc/init.d/httpd start 安装两次都是失败不知道是不是个例

    Could not start Service[httpd]: Execution of '/sbin/service httpd start' returned 1: Starting httpd: [FAILED]
    /Stage[main]/Apache::Service/Service[httpd]/ensure: change from stopped to running failed: Could not start Service[httpd]: Execution of '/sbin/service httpd start' returned 1: Starting httpd: [FAILED]

    # 启动foreman-proxy

    /etc/init.d/foreman-proxy start

    三、访问web页面
     
    # 登录web需要密码这个密码在安装成功后终端会有显示
     
    * Foreman is running at https://puppet.domain.com
    Initial credentials are strong>admin / sFuCu73KydURMTbi/strong>
    * Foreman Proxy is running at https://puppet.domain.com:8443
    * Puppetmaster is running at port 8140
    The full log is at /var/log/foreman-installer/foreman-installer.log


    上一篇:CentOS自动化安装实战
    下一篇:在CentOS系统上安装网络监控软件ntopng
  • 相关文章
  • 

    © 2016-2020 巨人网络通讯 版权所有

    《增值电信业务经营许可证》 苏ICP备15040257号-8

    在CentOS系统下安装Puppet和Puppet Foreman的教程 在,CentOS,系统,下,安装,Puppet,