CentOS(5和6)下puppet的C/S模式实例

服务器端采用CentOS6   ip:192.168.1.225

客户端采用  CentOS5    ip:192.168.1.193

1、  在服务器端(采用是CentOS6)

[root@ethnicity~]#wget Fedora.RedHat.com/pub/epel/6/i386/epel-release-6-5.noarch.rpm

[root@ethnicity ~]# rpm -Uvh epel-release-6-5.noarch.rpm

[root@server ~]# echo $HOSTNAME

server.puppet

[root@server ~]# yum install ruby rubygems rubygem-rails rubygem-sqlite3-ruby ruby-devel ruby-mysql

[root@server ~]# yum install mysql-server    //安装puppet服务器端软件

[root@server ~]# yum -y install puppet-server puppet

[root@server ~]# cd /etc/puppet/

[root@server puppet]# vi site.pp   //设置资源控制

node default { file { "/tmp/puppettest1.txt": content => "hello,first puppet manifest"; } }

[root@server puppet]# mv site.pp  manifests/   //设置一个被管理的资源

[root@server ~]# vim /etc/hosts   //hosts信息

192.168.1.225   server.puppet   server  # Added by NetworkManager

192.168.1.193 client.puppet  client

[root@server puppet]# service puppetmaster start

[root@server ~]# /usr/sbin/ntpdate time.nist.gov  //和客户端同步时间

7 Dec 16:51:06 ntpdate[3424]: step time server 192.43.244.18 offset 1775852.670622 sec

[root@server ~]# cd /tmp/

[root@server tmp]# cat puppettest1.txt   //编辑测试文件,这文件刚开始仅仅在服务器端才有

hello,first puppet manifest

[root@server ~]# /etc/init.d/puppet start

服务器端的设置结束

2、  在客户端的设置(采用的是CentOS5)

[root@client~]#wget

[root@client ~]# rpm -Uvh epel-release-5-4.noarch.rpm

[root@client ~]# echo $HOSTNAME

client.puppet

[root@client ~]# vim /etc/hosts

192.168.1.225 server.puppet  server

192.168.1.193 client.puppet  client

[root@client ~]# yum -y install puppet

[root@client tmp]# /usr/sbin/ntpdate time.nist.gov

7 Dec 16:51:48 ntpdate[3505]: step time server 192.43.244.18 offset 4569976.891801 sec

[root@client ~]# /etc/init.d/puppet start

3、  实现的过程(根据名字自行分别客户端和服务器端)

(1)、首先是客户端的签名请求

[root@client ~]# puppetd --test --server server.puppet

warning: peer certificate won't be verified in this SSL session

info: Caching certificate for ca

warning: peer certificate won't be verified in this SSL session

warning: peer certificate won't be verified in this SSL session

info: Creating a new SSL certificate request for client.puppet

info: Certificate Request fingerprint (md5): 32:E8:31:70:7A:B5:9E:2B:B9:B9:A0:9F:A1:92:E7:7A

warning: peer certificate won't be verified in this SSL session

warning: peer certificate won't be verified in this SSL session

warning: peer certificate won't be verified in this SSL session

Exiting; no certificate found and waitforcert is disabled

(2)、服务器端检测和签名

[root@server ~]# puppetca -l

client.puppet (32:E8:31:70:7A:B5:9E:2B:B9:B9:A0:9F:A1:92:E7:7A)

[root@server ~]# puppetca -s client.puppet

notice: Signed certificate request for client.puppet

notice: Removing file Puppet::SSL::CertificateRequest client.puppet at '/var/lib/puppet/ssl/ca/requests/client.puppet.pem'

(3)、客户端的资源请求

[root@client ~]# cd /tmp/

[root@client tmp]# puppetd --test --server server.puppet

info: Caching catalog for client.puppet

info: Applying configuration version '1323248041'

notice: /Stage[main]//Node[default]/File[/tmp/puppettest1.txt]/ensure: defined content as '{md5}886609dedc5c8a0c58f3aa8d566175cc'

notice: Finished catalog run in 0.08 seconds

[root@client tmp]# ls   //这样就按照配置生成了文件(或者说创建)

gconfd-root  mapping-root  puppettest1.txt  scim-panel-socket:0-root

[root@client ~]# cat /tmp/puppettest1.txt   //和服务器端的一模一样

hello,first puppet manifest

这样就成功了

实验中遇到的问题集:

第一个问题:

[root@client ~]# puppetd --test --server server.puppet

info: Creating a new SSL key for client.puppet

err: Could not request certificate: No route to host - connect(2)

Exiting; failed to retrieve certificate and waitforcert is disabled

解决办法:关闭清除iptables规则,还有关闭SElinux

第二个问题:

[root@client ~]# puppetd --test --server server.puppet

warning: peer certificate won't be verified in this SSL session

info: Caching certificate for client.puppet

err: Could not retrieve catalog from remote server: certificate verify failed

warning: Not using cache on failed catalog

err: Could not retrieve catalog; skipping run

原因:客户端和服务器端的时间不同步。解决办法:客户端和服务器端运行/usr/sbin/ntpdate time.nist.gov

第三个问题:

err: Could not request certificate: Connection refused - connect(2)

Exiting; failed to retrieve certificate and waitforcert is disabled

解决办法:按照以上实例设置好hosts文件,同时要启动puppetmaster(service puppetmaster start)

第四个问题:

err: Could not call puppetca.getcert: #<Errno::ENETENREACH: Network is

unreachable --connect(2)>

err: Could not request certificate: Certificate retrieval failed:

Network is unreachable --connect(2)

解决办法,配置主机信息和安装puppet按照正确的顺序

先配置主机信息,保证可以双方ping XXXXXX(主机名)可以联通

然后配置服务器端的puppetmster,最后配置客户端的puppet

内容版权声明:除非注明,否则皆为本站原创文章。

转载注明出处:http://www.heiqu.com/psdzs.html