前提:
1、客户端和服务端主机名必须为FQDN格式例如:server.a.com
2、uname -n 执行结果和主机名相同
3、编辑/etc/hosts文件使能够互相解析
4、时间同步
这里假设:
服务端-->IP:192.168.56.101,主机名:server.a.com
客户端-->IP:192.168.56.102,主机名:client.a.com
一、服务器端安装相关的软件包
[root@server ~]# rpm -ivh epel-release-5-4.noarch.rpm
//软件包:epel-release-5-4.noarch.rpm可从?query=epel&submit=Search+...选择合适版本下载
[root@server ~]# yum -y install puppet-server
[root@server ~]# service puppetmaster start
二、客户端安装相关软件包
[root@client ~]# rpm -ivh epel-release-5-4.noarch.rpm
[root@client ~]# yum -y install puppet
三、申请并签发证书
客户端操作:
[root@client ~]# puppetd --test --server server.a.com
--------------------看到类似如下执行结果-----------------------
info: Creating a new SSL key for client.a.com
warning: peer certificate won't be verified in this SSL session
info: Caching certificate for ca
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
info: Creating a new SSL certificate request for client.a.com
info: Certificate Request fingerprint (md5): 38:36:3B:A7:0A:87:F0:45:38:69:60:51:8E:DD:C5:90
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
Exiting; no certificate found and waitforcert is disabled
---------------------------------------------------------------
服务器端操作:
[root@server ~]# puppetca -l //查看客户端的证书申请
"client.a.com" (38:36:3B:A7:0A:87:F0:45:38:69:60:51:8E:DD:C5:90)
签发客户端的证书申请
[root@server ~]# puppetca -s client.a.com
notice: Signed certificate request for client.a.com
notice: Removing file Puppet::SSL::CertificateRequest client.a.com at '/var/lib/puppet/ssl/ca/requests/client.a.com.pem'
客户端操作:
[root@client ~]# puppetd --test --server server.a.com //客户端取回签发后的证书
warning: peer certificate won't be verified in this SSL session
info: Caching certificate for client.a.com
info: Caching certificate_revocation_list for ca
info: Caching catalog for client.a.com
info: Applying configuration version '1345553919'
info: Creating state file /var/lib/puppet/state/state.yaml
notice: Finished catalog run in 0.02 seconds
四、测试是否正常
在服务端编写执行代码:
[root@server ~]# vim /etc/puppet/manifests/site.pp
-----------------添加如下内容-----------------------
file { "/tmp/temp1.txt":
content => "Hello World\n"; }
}
-----------------添加内容结束------------------------
在客户端执行命令:
[root@client ~]# puppetd --test --server server.a.com
info: Caching catalog for client.a.com
info: Applying configuration version '1345554018'
notice: /Stage[main]//Node[default]/File[/tmp/temp1.txt]/ensure: defined content as '{md5}b10a8db164e0754105b7a99be72e3fe5'
notice: Finished catalog run in 0.11 seconds
在客户端查看是否成功创建:
[root@client ~]# cat /tmp/temp1.txt
Hello World
成功完成!
遇到问题:
[root@puppet-client ~]# puppetd --test --server puppet-server
info: Creating a new SSL key for puppet-client.router
err: Could not request certificate: Connection refused - connect(2)
Exiting; failed to retrieve certificate and waitforcert is disabled
解决方法:启动服务端puppetmaster服务,检查iptables规则
注意事项:要在安装软件前先设置主机名,因为生成证书的时候要把主机名写入证书,如果证书生成好了再改主机名就连不上了,切记! 另外主机名必须使用FQDN格式,至少我在没使用时测试好多次都不能成功,其实接下来要做的才是最重要的工作也就是定义资源了,可惜本人水平非常有限不能与大家来分享了,只是安装puppet就费了大半天时间,各种错误各种问题...