当前位置: > Linux服务器 > 服务器设置 >

CentOS(5和6)下puppet的C/S模式实例

时间:2014-10-30 11:55来源:linux.it.net.cn 作者:it

实验的规划:

服务器端采用CentOS6   ip:192.168.1.225

客户端采用  CentOS5    ip:192.168.1.193

 

1、  在服务器端(采用是CentOS6)

[root@linuxso.com~]#wget http://download.fedora.redhat.com/pub/epel/6/i386/epel-release-6-5.noarch.rpm

[root@linuxso.com ~]# rpm -Uvh epel-release-6-5.noarch.rpm

[root@linuxso.com ~]# echo $HOSTNAME

server.puppet

[root@linuxso.com ~]# yum install ruby rubygems rubygem-rails rubygem-sqlite3-ruby ruby-devel ruby-mysql

[root@linuxso.com ~]# yum install mysql-server    //安装puppet服务器端软件

[root@linuxso.com ~]# yum -y install puppet-server puppet

[root@linuxso.com ~]# cd /etc/puppet/

[root@linuxso.com puppet]# vi site.pp   //设置资源控制

 

node default { file { "/tmp/puppettest1.txt": content => "hello,first puppet manifest"; } }

[root@linuxso.com puppet]# mv site.pp  manifests/   //设置一个被管理的资源

[root@linuxso.com ~]# vim /etc/hosts   //hosts信息

 

192.168.1.225   server.puppet   server  # Added by NetworkManager

192.168.1.193 client.puppet  client

[root@linuxso.com puppet]# service puppetmaster start

[root@linuxso.com ~]# /usr/sbin/ntpdate time.nist.gov  //和客户端同步时间

 7 Dec 16:51:06 ntpdate[3424]: step time server 192.43.244.18 offset 1775852.670622 sec

[root@linuxso.com ~]# cd /tmp/

[root@linuxso.com tmp]# cat puppettest1.txt   //编辑测试文件,这文件刚开始仅仅在服务器端才有

hello,first puppet manifest

[root@linuxso.com ~]# /etc/init.d/puppet start

服务器端的设置结束

 

2、  在客户端的设置(采用的是CentOS5)

[root@linuxso.com~]#wget http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-4.noarch.rpm

[root@linuxso.com ~]# rpm -Uvh epel-release-5-4.noarch.rpm

 [root@linuxso.com ~]# echo $HOSTNAME

client.puppet

[root@linuxso.com ~]# vim /etc/hosts

192.168.1.255 server.puppet  server

192.168.1.193 client.puppet  client

[root@linuxso.com ~]# yum -y install puppet

[root@linuxso.com tmp]# /usr/sbin/ntpdate time.nist.gov

 7 Dec 16:51:48 ntpdate[3505]: step time server 192.43.244.18 offset 4569976.891801 sec

[root@linuxso.com ~]# /etc/init.d/puppet start

3、  实现的过程(根据名字自行分别客户端和服务器端)

(1)、首先是客户端的签名请求

[root@linuxso.com ~]# puppetd --test --server server.puppet

warning: peer certificate won't be verified in this SSL session

info: Caching certificate for ca

warning: peer certificate won't be verified in this SSL session

warning: peer certificate won't be verified in this SSL session

info: Creating a new SSL certificate request for client.puppet

info: Certificate Request fingerprint (md5): 32:E8:31:70:7A:B5:9E:2B:B9:B9:A0:9F:A1:92:E7:7A

warning: peer certificate won't be verified in this SSL session

warning: peer certificate won't be verified in this SSL session

warning: peer certificate won't be verified in this SSL session

Exiting; no certificate found and waitforcert is disabled

(2)、服务器端检测和签名

[root@linuxso.com ~]# puppetca -l

  client.puppet (32:E8:31:70:7A:B5:9E:2B:B9:B9:A0:9F:A1:92:E7:7A)

[root@linuxso.com ~]# puppetca -s client.puppet

notice: Signed certificate request for client.puppet

notice: Removing file Puppet::SSL::CertificateRequest client.puppet at '/var/lib/puppet/ssl/ca/requests/client.puppet.pem'

(3)、客户端的资源请求

[root@linuxso.com ~]# cd /tmp/

[root@linuxso.com tmp]# puppetd --test --server server.puppet

info: Caching catalog for client.puppet

info: Applying configuration version '1323248041'

notice: /Stage[main]//Node[default]/File[/tmp/puppettest1.txt]/ensure: defined content as '{md5}886609dedc5c8a0c58f3aa8d566175cc'

notice: Finished catalog run in 0.08 seconds

[root@linuxso.com tmp]# ls   //这样就按照配置生成了文件(或者说创建)

gconfd-root  mapping-root  puppettest1.txt  scim-panel-socket:0-root

[root@linuxso.com ~]# cat /tmp/puppettest1.txt   //和服务器端的一模一样

hello,first puppet manifest

这样就成功了

 

实验中遇到的问题集:

第一个问题:

[root@linuxso.com ~]# puppetd --test --server server.puppet

info: Creating a new SSL key for client.puppet

err: Could not request certificate: No route to host - connect(2)

Exiting; failed to retrieve certificate and waitforcert is disabled

解决办法:关闭清除iptables规则,还有关闭SElinux

第二个问题:

[root@linuxso.com ~]# puppetd --test --server server.puppet

warning: peer certificate won't be verified in this SSL session

info: Caching certificate for client.puppet

err: Could not retrieve catalog from remote server: certificate verify failed

warning: Not using cache on failed catalog

err: Could not retrieve catalog; skipping run

原因:客户端和服务器端的时间不同步。解决办法:客户端和服务器端运行/usr/sbin/ntpdate time.nist.gov

第三个问题:

err: Could not request certificate: Connection refused - connect(2)

   Exiting; failed to retrieve certificate and waitforcert is disabled

解决办法:按照以上实例设置好hosts文件,同时要启动puppetmaster(service puppetmaster start)

第四个问题:

err: Could not call puppetca.getcert: #<Errno::ENETENREACH: Network is

unreachable --connect(2)>

err: Could not request certificate: Certificate retrieval failed:

Network is unreachable --connect(2)

解决办法,配置主机信息和安装puppet按照正确的顺序

先配置主机信息,保证可以双方ping XXXXXX(主机名)可以联通

然后配置服务器端的puppetmster,最后配置客户端的puppet

 

总结:初步接触puppet,学习实践待工作时使用,过程中遇到了很多的困难,在以上列出来,希望给求学者有所帮助。

(责任编辑:IT)
------分隔线----------------------------