Puppet的安装与简单配置

0.参考书籍:Pro Puppet 2nd Edition.pdf

1.一般都是client-server的模式。可以允许client的版本比server低,但是不能允许server的版本比client低。另外如果client的版本比较低,很多功能可能不能正常使用。

2.安装步骤
小秦使用的是redhat 6.5的企业版。
首先设置yum源:

[root@CONTROLLER01 ~]# rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
Retrieving http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
warning: /var/tmp/rpm-tmp.jXYGPG: Header V3 RSA/SHA256 Signature, key ID 0608b895: NOKEY
Preparing...                ########################################### [100%]
   1:epel-release           ########################################### [100%]
[root@CONTROLLER01 ~]# rpm -ivh http://yum.puppetlabs.com/el/6/products/i386/puppetlabs-release-6-7.noarch.rpm
Retrieving http://yum.puppetlabs.com/el/6/products/i386/puppetlabs-release-6-7.noarch.rpm
warning: /var/tmp/rpm-tmp.m4c7d7: Header V4 RSA/SHA1 Signature, key ID 4bd6ec30: NOKEY
Preparing...                ########################################### [100%]
   1:puppetlabs-release     ########################################### [100%]

然后下载安装包。先是在server上,要安装如下的包:

[root@CONTROLLER01 ~]# yum install puppet puppet-server facter

在client上,只需要安装下面的包:

[root@COMPUTE01 ~]# yum install puppet facter

这里puppet包含了agent,puppet-server就是master server,facter就是收集主机信息的。

3.安装后的配置
puppet的配置文件是puppet.conf,一般在linux平台是存放在/etc/puppet/目录下的。如果不存在,可以先生成一个:

[root@CONTROLLER01 puppet]# puppet master --genconfig > puppet.conf

这里主要是配置server这个选项为我们master server的地址:

[root@CONTROLLER01 puppet]# cat puppet.conf 
[main]
    # The Puppet log directory.
    # The default value is '$vardir/log'.
    logdir = /var/log/puppet

    # Where Puppet PID files are kept.
    # The default value is '$vardir/run'.
    rundir = /var/run/puppet

    # Where SSL certificates are kept.
    # The default value is '$confdir/ssl'.
    ssldir = $vardir/ssl

    server = CONTROLLER01.thuanqin.com

[agent]
    # The file in which puppetd stores a list of the classes
    # associated with the retrieved configuratiion.  Can be loaded in
    # the separate ``puppet`` executable using the ``--loadclasses``
    # option.
    # The default value is '$confdir/classes.txt'.
    classfile = $vardir/classes.txt

    # Where puppetd caches the local configuration.  An
    # extension indicating the cache format is added automatically.
    # The default value is '$confdir/localconfig'.
    localconfig = $vardir/localconfig

然后建立一个site.pp文件:

[root@CONTROLLER01 manifests]# pwd
/etc/puppet/manifests
[root@CONTROLLER01 manifests]# touch site.pp

再配置一下防火墙。master需要打开8140端口:

[root@CONTROLLER01 manifests]# iptables -A INPUT -p tcp -m state --state NEW --dport 8140 -j ACCEPT
[root@CONTROLLER01 manifests]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[  OK  ]

然后启动puppet:

[root@CONTROLLER01 manifests]# service puppetmaster start
Starting puppetmaster:                                     [  OK  ]

4.agent与server取得通信
运行如下命令看下puppet agent和server之间可否正常通信(如果在agent的puppet.conf中配置了server参数,那么下面的–server就可以省略):

[root@COMPUTE01 Desktop]# puppet agent --test --server=CONTROLLER01.thuanqin.com
Info: Caching certificate for ca
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for compute01.thuanqin.com
Info: Certificate Request fingerprint (SHA256): F5:44:FD:40:8B:6B:52:DB:EF:AE:89:1C:53:42:BD:49:20:C4:02:B8:E9:40:88:35:7C:AB:86:C4:0F:DE:5E:F0
Info: Caching certificate for ca
Exiting; no certificate found and waitforcert is disabled

现在在master上对agent的cert进行一个签名:

[root@CONTROLLER01 puppet]# puppet cert list
  "compute01.thuanqin.com" (SHA256) F5:44:FD:40:8B:6B:52:DB:EF:AE:89:1C:53:42:BD:49:20:C4:02:B8:E9:40:88:35:7C:AB:86:C4:0F:DE:5E:F0
[root@CONTROLLER01 puppet]# puppet cert sign compute01.thuanqin.com
Notice: Signed certificate request for compute01.thuanqin.com
Notice: Removing file Puppet::SSL::CertificateRequest compute01.thuanqin.com at '/var/lib/puppet/ssl/ca/requests/compute01.thuanqin.com.pem'

现在agent就可以正常和server通信了。

5.安装vim
下面来测试一下puppet是否可以正常工作,在master的site.pp中,写入如下代码:

[root@CONTROLLER01 manifests]# cat site.pp 
node 'COMPUTE01.thuanqin.com' {
	package { 'vim-common':
		ensure => present,
	}
}

目的就是要保证我们的compute01上安装了vim这个包。然后在agent上运行puppet agent –test就可以了。
如果安装书中说的,vim-common写成vim的话,会的提示:

Error: Execution of '/usr/bin/yum -d 0 -e 0 -y list vim' returned 1: Error: No matching Packages to list
Error: /Stage[main]/Main/Node[compute01.thuanqin.com]/Package[vim-comm]/ensure: change from absent to present failed: Execution of '/usr/bin/yum -d 0 -e 0 -y list vim' returned 1: Error: No matching Packages to list

具体原因没有细看,毕竟这次小秦还只是想试试看这个puppet。
还有就是如果出现了下面的警告:

Warning: The package type's allow_virtual parameter will be changing its default value from false to true in a future release. If you do not want to allow virtual packages, please explicitly set allow_virtual to false.
   (at /usr/lib/ruby/site_ruby/1.8/puppet/type.rb:816:in `set_default')

那么可以在site.pp中的package的属性里(小秦我还不清楚这个应不应该称之为属性)加上这一行:

allow_virtual => false,

发表评论

电子邮件地址不会被公开。 必填项已用*标注

*