1.两台服务器安装前部署：

 关闭selinux

 /bin/sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/sysconfig/selinux

 /bin/sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config

 统一时间安装ntp

 yum install ntp* -y

 service ntpd restart

 /bin/cat > /var/spool/cron/root << EOFW

 * */1 * * * /usr/sbin/ntpdate ntp.api.bz;/usr/sbin/hwclock -w > /dev/null 2>&1

 EOFW

 设置本地dns

 /bin/cat > /etc/resolv.conf << _resolv

 nameserver 114.114.114.114

 nameserver 202.106.0.20

 nameserver 114.114.115.115

 _resolv

2.下载必要软件

 wget http://downloads.puppetlabs.com/facter/facter-1.6.5.tar.gz

 wget http://downloads.puppetlabs.com/puppet/puppet-2.6.13.tar.gz

 yum install -y ruby ruby-rdoc  ruby-devel  ruby-ri

3.安装：

 服务器端puppet：

 tar zxvf facter-1.6.5.tar.gz

 cd facter-1.6.5

 ruby install.rb

 cd ..

 tar zxvf puppet-2.6.13.tar.gz

 cd puppet-2.6.13

 ruby install.rb

 cp conf/auth.conf /etc/puppet/

 cp conf/redhat/fileserver.conf /etc/puppet/

 cp conf/redhat/puppet.conf /etc/puppet/

 cp conf/redhat/server.init /etc/init.d/puppetmaster

 chmod +x /etc/init.d/puppetmaster

 chkconfig –add puppetmaster

 chkconfig puppetmaster on

 生成pupput用户

 puppetmasterd –mkusers  如果报错，则手工建立puppet用户和组(puppet放到puppet组)

 启动

 /etc/init.d/puppetmaster start

 客户端agent：

 tar zxvf facter-1.6.5.tar.gz

 cd facter-1.6.5

 ruby install.rb

 cd ..

 tar zxvf puppet-2.6.13.tar.gz

 cd puppet-2.6.13

 ruby install.rb

 cp conf/auth.conf /etc/puppet/

 cp conf/namespaceauth.conf /etc/puppet/

 cp conf/redhat/puppet.conf /etc/puppet/

 cp conf/redhat/client.init /etc/init.d/puppet

 chmod +x /etc/init.d/puppet

 vi /etc/puppet/puppet.conf

 —

 [agent]

  Listen = true

  Server = puppet

 —

 vi /etc/puppet/namespaceauth.conf

 —-

 [fileserver]

   allow *

 [puppetmaster]

   allow *

 [puppetrunner]

   allow *

 [puppetbucket]

   allow *

 [puppetreports]

   allow *

 [resource]

 allow *

 —-

 生成pupput用户

 puppetd –mkusers  如果报错，则手工建立puppet用户和组(puppet放到puppet组)

 启动

 /etc/init.d/puppet start

4.修改主机名和hosts解析

 修改双方的/etc/hosts文件，添加各自的IP地址对应的主机名，生产环境做内部DNS比较好，不用修改每台服务器的hosts文件。

  192.168.5.22 puppet.domain.com

  192.168.5.23 agent.domain.com

5.认证和测试

 在服务端设置：vim /etc/puppet/manifests/site.pp

 node default { file { "/tmp/puppettest1.txt": content => "Hello,First Puppet test"; } }

 客户端执行puppetd –test –server server.puppet.com发送认证请求

 puppetd –test –server server.puppet.com

 服务器端执行puppetca -s -a

 puppetca -s –a发送接受请求。

 客户端再次发送请求

 puppetd –test –server server.puppet.com

 出现上面信息表示server端已接受请求，连接成功。如果报下面错误

 puppetd –test –server server.puppet.com

 err: Could not retrieve catalog from remote server: hostname not match with the server certificate

 warning: Not using cache on failed catalog

 err: Could not retrieve catalog; skipping run

 err: Could not send report: hostname not match with the server certificate

 则需要修改服务器的主机名和本机的hosts解析。

6.测试

 下面再举一个例子：

  在服务器的/etc/puppet/manifests/建立site.pp里面放置如下内容

  node default {

  file{"/tmp/a.txt":

  content => "helo,I am abc.bbb!abc.aaa n bbbbbb n cccc n dddd n",

  ensure  => present,

  mode => 644,

  owner => root,

  group => root,

  }

  }

  在客户端上执行puppetd –test –server server.puppet.com可以发现/tmp/会生成a.txt文件，内容是content里面的内容。

  cat /tmp/a.txt

  helo,I am abc.bbb!abc.aaa

  bbbbbb

  cccc

  dddd

  到这里就已经完全ok了。