centos7上安装puppet
这里在docker中的两个centos容器中安装puppet。因此不存在服务器时间问题,如果是虚拟机或者物理机安装,一定要注意两台服务器时间要同步。如果时间不同步,会导致如下错误。Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=error: cer
这里在docker中的两个centos容器中安装puppet。因此不存在服务器时间问题,如果是虚拟机或者物理机安装,一定要注意两台服务器时间要同步。
如果时间不同步,会导致如下错误。
Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=error: certificate verify failed: [CRL is not yet valid for /CN=linux-node1.com]
客户端,服务端均需要安装epel-release,默认centos yum包管理器中没有puppet相关包,需要安装扩张包即epel-release。
yum install epel-release -y
一、服务端
安装puppet-server
yum install -y puppet-server
配置hosts
172.17.0.3 91c968c989ae client.com 172.17.0.2 67783e936e27 master.com
配置puppet.conf,在[main]段增加certname属性。
[main] # The Puppet log directory. # The default value is '$vardir/log'. logdir = /var/log/puppet # Where Puppet PID files are kept. # The default value is '$vardir/run'. rundir = /var/run/puppet # Where SSL certificates are kept. # The default value is '$confdir/ssl'. ssldir = $vardir/ssl certname = master.com
编辑/etc/puppet/manifest/site.pp,指定在tmp目录创建一个文件/tmp/helloworld
node default { file { "/tmp/helloworld.txt": content => "hello,world!" } }
启动puppetmaster
systemctl start puppetmaster
二、客户端
客户端安装puppet
yum install -y puppet
配置hosts,同服务端
配置puppet.conf,在agent段增加certname,server,report属性,如下所示:
[agent] # The file in which puppetd stores a list of the classes # associated with the retrieved configuratiion. Can be loaded in # the separate ``puppet`` executable using the ``--loadclasses`` # option. # The default value is '$confdir/classes.txt'. classfile = $vardir/classes.txt # Where puppetd caches the local configuration. An # extension indicating the cache format is added automatically. # The default value is '$confdir/localconfig'. localconfig = $vardir/localconfig certname = client.com server = master.com report = true
证书默认没有签发,测试发现,需要证书。
[root@91c968c989ae /]# puppet agent --test Info: Creating a new SSL key for client.com Info: Caching certificate for ca Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml Info: Creating a new SSL certificate request for client.com Info: Certificate Request fingerprint (SHA256): C1:5A:8F:F5:65:68:EC:7B:CD:A1:9B:94:7A:B1:AB:86:0C:2C:14:0E:A5:27:5E:9C:B4:88:70:8E:D4:62:E5:81 Info: Caching certificate for ca Exiting; no certificate found and waitforcert is disabled
三、签发证书
刚开始,客户端证书没有被审核,前面没有+
[root@67783e936e27 puppet]# puppet cert list -a "client.com" (SHA256) C1:5A:8F:F5:65:68:EC:7B:CD:A1:9B:94:7A:B1:AB:86:0C:2C:14:0E:A5:27:5E:9C:B4:88:70:8E:D4:62:E5:81 + "67783e936e27" (SHA256) DB:A4:97:30:A6:71:0D:16:2A:2A:C6:13:8A:CD:2E:19:97:D9:0E:5B:56:ED:59:82:AB:DF:C1:DA:BD:02:84:63
签发证书:puppet cert sign client.com,签发完成,发现证书已经被审核通过。
[root@67783e936e27 puppet]# puppet cert sign client.com Notice: Signed certificate request for client.com Notice: Removing file Puppet::SSL::CertificateRequest client.com at '/var/lib/puppet/ssl/ca/requests/client.com.pem' [root@67783e936e27 puppet]# puppet cert list -a + "67783e936e27" (SHA256) DB:A4:97:30:A6:71:0D:16:2A:2A:C6:13:8A:CD:2E:19:97:D9:0E:5B:56:ED:59:82:AB:DF:C1:DA:BD:02:84:63 + "client.com" (SHA256) 26:EA:AA:4F:79:4D:B6:DE:93:D7:E2:04:A0:68:83:75:0A:73:D7:D7:87:0B:48:F3:8C:7B:80:60:1F:02:F1:30
签发证书之后,再次测试,已经从服务端获取到了文件。
[root@91c968c989ae /]# puppet agent --test Info: Caching certificate_revocation_list for ca Info: Retrieving pluginfacts Info: Retrieving plugin Info: Caching catalog for client.com Info: Applying configuration version '1521738889' Notice: /Stage[main]/Main/Node[default]/File[/tmp/helloworld.txt]/ensure: defined content as '{md5}c0e84e870874dd37ed0d164c7986f03a' Info: Creating state file /var/lib/puppet/state/state.yaml Notice: Finished catalog run in 0.01 seconds [root@91c968c989ae /]#
查看客户端上的目录/tmp,有了文件helloworld.txt,并且内容为[hello,world!]
[root@91c968c989ae /]# cd /tmp [root@91c968c989ae tmp]# cat helloworld.txt hello,world![root@91c968c989ae tmp]# [root@91c968c989ae tmp]# ls helloworld.txt [root@91c968c989ae tmp]#
华为开发者空间,是为全球开发者打造的专属开发空间,汇聚了华为优质开发资源及工具,致力于让每一位开发者拥有一台云主机,基于华为根生态开发、创新。
更多推荐
2
0- 0
已为社区贡献23条内容
所有评论(0)