2. IT
    3. 手动搭建puppet服务

    手动搭建puppet服务

    xiaoxiao2021-04-13  30

    手动部署puppet服务

    1.配置yum源

    备份系统自带yum源 [root@master ~]# cd /etc/yum.repos.d/ [root@master yum.repos.d]# mkdir bak [root@master yum.repos.d]# mv *.repo bak 配置官网yum源 rpm -Uvh https://yum.puppetlabs.com/puppetlabs-release-pc1-el-7.noarch.rpm

    2.配置hosts

    更改/etc/hosts文件和/etc/hostname [root@master yum.repos.d]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 127.0.0.1 master.puppet.io master #设置fqdn(格式为:ip fqdn hostname) 10.211.55.3 agent.puppet.io #设置agent域名解析 [root@master yum.repos.d]# cat /etc/hostname master 验证fqdn是否设置正确 [root@master ~]# hostname -f master.puppet.io

    3.安装puppet server(依赖puppet-agent包)

    yum安装软件包 yum install puppetserver

    更改配置文件/etc/sysconfig/puppetserver(如果需要) JAVA_ARGS=”-Xms2g -Xmx2g -XX:MaxPermSize=256m”

    更改配置文件puppet.conf(默认不需要更改) [root@master ~]# cat backup/puppetlabs/puppet/puppet.conf # This file can be used to override the default puppet settings. # See the following links for more details on what settings are available: # - https://docs.puppetlabs.com/puppet/latest/reference/config_important_settings.html # - https://docs.puppetlabs.com/puppet/latest/reference/config_about_settings.html # - https://docs.puppetlabs.com/puppet/latest/reference/config_file_main.html # - https://docs.puppetlabs.com/puppet/latest/reference/configuration.html [master] vardir = /opt/puppetlabs/server/data/puppetserver logdir = /var/log/puppetlabs/puppetserver rundir = /var/run/puppetlabs/puppetserver pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid codedir = /etc/puppetlabs/code 启动服务 [root@master ~]# systemctl start puppetserver验证 参考第4步的验证

    4.部署puppet agent

    yum安装软件包(如果部署过puppetserver就不用再次安装,puppetserver依赖于puppet-agent) yum install puppet更改配置文件puppet.conf [root@master ~]# cat /etc/puppetlabs/puppet/puppet.conf # This file can be used to override the default puppet settings. # See the following links for more details on what settings are available: # - https://docs.puppetlabs.com/puppet/latest/reference/config_important_settings.html # - https://docs.puppetlabs.com/puppet/latest/reference/config_about_settings.html # - https://docs.puppetlabs.com/puppet/latest/reference/config_file_main.html # - https://docs.puppetlabs.com/puppet/latest/reference/configuration.html [master] vardir = /opt/puppetlabs/server/data/puppetserver logdir = /var/log/puppetlabs/puppetserver rundir = /var/run/puppetlabs/puppetserver pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid codedir = /etc/puppetlabs/code [agent] #客户端传给master的验证名称 certname = agent.puppet.io pluginsync = true #puppetserver的服务端口 masterport = 8140 #agent使用master的环境指定 environment = production #master的地址 server = master.puppet.io listen = false splay = false splaylimit = 1800 #agent的运行周期 runinterval = 1800 noop = false usecacheonfailure = true 启动服务 [root@master ~]# systemctl start puppet 验证 [root@master puppet]# puppet agent -vt Info: Creating a new SSL key for agent.puppet.io Info: csr_attributes file loading from /etc/puppetlabs/puppet/csr_attributes.yaml Info: Creating a new SSL certificate request for agent.puppet.io Info: Certificate Request fingerprint (SHA256): CE:92:AF:5F:62:12:F6:F4:DB:59:41:7D:16:5B:19:3D:EC:7E:BB:B1:60:D6:DE:5D:2A:14:1A:23:60:8A:E6:B2 Exiting; no certificate found and waitforcert is disabled 查看证书 [root@master puppet]# puppet cert list "agent.puppet.io" (SHA256) CE:92:AF:5F:62:12:F6:F4:DB:59:41:7D:16:5B:19:3D:EC:7E:BB:B1:60:D6:DE:5D:2A:14:1A:23:60:8A:E6:B2

    6.trouble-shoting

    问题:

    * [root@master ~]# puppet agent -vt Exiting; no certificate found and waitforcert is disabled

    解决办法:尝试清理证书:

    root@master ~]# puppet cert clean agent.puppet.io Error: Could not find a serial number for agent.puppet.io 找到证书的文件,并删除,问题即可解决。 [root@master ~]# cd /etc/puppetlabs/puppet puppet/ puppetserver/ [root@master ~]# cd /etc/puppetlabs/puppet [root@master puppet]# find . -name "agent.puppet.io*" ./ssl/public_keys/agent.puppet.io.pem ./ssl/certificate_requests/agent.puppet.io.pem ./ssl/private_keys/agent.puppet.io.pem ./ssl/ca/requests/agent.puppet.io.pem [root@master puppet]# rm -rf ./ssl/public_keys/agent.puppet.io.pem ./ssl/certificate_requests/agent.puppet.io.pem ./ssl/private_keys/agent.puppet.io.pem ./ssl/ca/requests/agent.puppet.io.pem [root@master puppet]# puppet cert list [root@master puppet]#
    转载请注明原文地址: https://ju.6miu.com/read-668569.html

    技术

    最新回复(0)