-
在master和client均关闭selinux,iptables:
停止iptables
[root@master ~]# service iptables stop
iptables:清除防火墙规则: [确定]
iptables:正在卸载模块: [确定]
[root@master ~]# chkconfig --list |grep iptables
iptables 0:关闭 1:关闭 2:启用 3:启用 4:启用 5:启用 6:关闭
[root@master ~]# chkconfig ptables off
关闭selinux
[root@master ~]# vim /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing 改成 SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
-
为了保证能向master主机申请到正确的有效证书,建议master和client设置ntp:
[root@master ~]# yum -y install ntp
[root@master ~]# ntpdate pool.ntp.org
[root@master ~]# chkconfig ntpd on
[root@master ~]# chkconfig --list|grep ntp
ntpd 0:关闭 1:关闭 2:启用 3:启用 4:启用 5:启用 6:关闭
ntpdate 0:关闭 1:关闭 2:关闭 3:关闭 4:关闭 5:关闭 6:关闭
[root@master ~]# service ntpd start
正在启动 ntpd: [确定]
-
在master和client端设置hosts
Puppet 要求所有机器有完整的域名,如果没有 DNS 服务器提供域名的话,可以在机器上设置主机名(注意:要先安装 Puppet之前设置主机名,因为安装 Puppet 时会把主机名写入证书,客户端和服务端通信需要这个证书),为了简化安装过程我配置了/etc/hosts。
[root@master ~]# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.37.72 master.com
192.168.37.83 client1.com
192.168.37.82 client2.com
-
安装puppet官方源
[root@master ~]# wget http://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-7.noarch.rpm
[root@master ~]# rpm -ivh puppetlabs-release-6-7.noarch.rpm
[root@master ~]# yum update
-
安装 puppet-server
[root@master ~]# yum -y install puppet-server
-
添加自动签发证书
编辑 /etc/puppet/puppet.conf 文件, 在[main]段内加入 autosign = true,server = master.com
[root@master ~]# vim /etc/puppet/puppet.conf
[main]
# The Puppet log directory.
# The default value is '$vardir/log'.
logdir = /var/log/puppet
# Where Puppet PID files are kept.
# The default value is '$vardir/run'.
rundir = /var/run/puppet
# Where SSL certificates are kept.
# The default value is '$confdir/ssl'.
ssldir = $vardir/ssl
autosign = true
server = master.com
-
启动Puppetmaster
[root@master ~]# service puppetmaster start
启动 puppetmaster: [确定]
[root@master ~]# netstat -tunlp | grep :8140
tcp 0 0 0.0.0.0:8140 0.0.0.0:* LISTEN 9148/ruby
-
开机启动
[root@master ~]# chkconfig --list |grep puppet
puppet 0:关闭 1:关闭 2:关闭 3:关闭 4:关闭 5:关闭 6:关闭
puppetmaster 0:关闭 1:关闭 2:关闭 3:关闭 4:关闭 5:关闭 6:关闭
[root@master ~]# chkconfig puppetmaster on
[root@master ~]# chkconfig --list |grep puppet
puppet 0:关闭 1:关闭 2:关闭 3:关闭 4:关闭 5:关闭 6:关闭
puppetmaster 0:关闭 1:关闭 2:启用 3:启用 4:启用 5:启用 6:关闭
-
puppet 安装
[root@client1 ~]# yum -y install puppet
-
为客户端指定puppet服务器,并开启Master的推送功能
编辑 /etc/puppet/puppet.conf 文件,在[agent]段内加入 listen = true,server = master.com
[root@client1 ~]# vim /etc/puppet/puppet.conf
[agent]
# The file in which puppetd stores a list of the classes
# associated with the retrieved configuratiion. Can be loaded in
# the separate ``puppet`` executable using the ``--loadclasses``
# option.
# The default value is '$confdir/classes.txt'.
classfile = $vardir/classes.txt
# Where puppetd caches the local configuration. An
# extension indicating the cache format is added automatically.
# The default value is '$confdir/localconfig'.
localconfig = $vardir/localconfig
listen = true
server = master.com
编辑 /etc/puppet/auth.conf 文件, 在 auth / 最下面加入以下语句
[root@client1 ~]# vim /etc/puppet/auth.conf
path /run
method save
allow master.com
-
启动client
[root@client1 ~]# service puppet start
Starting puppet agent: [确定]
[root@client1 ~]# netstat -tunlp | grep :8139
tcp 0 0 0.0.0.0:8139 0.0.0.0:* LISTEN 15038/ruby
-
开机启动
[root@client1 ~]# chkconfig puppet on
[root@client1 ~]# chkconfig --list |grep puppet
puppet 0:关闭 1:关闭 2:启用 3:启用 4:启用 5:启用 6:关闭
(责任编辑:IT)