CentOS6.5+puppet3.7.3 安装、配置及测试
OS:CentOS-6.5-x86_64
Puppet 3.7.3
Puppet master: master.fisteam2.com
Puppet clients:node1-5.fisteam2.com
Puppet 要求所有機器有完整的域名(FQDN),如果沒有 DNS 服務器提供域名的話,可以在兩臺機器上設置主機名(注意要先設置主機名再安裝 Puppet,因為安裝 Puppet 時會把主機名寫入證書,客戶端和服務端通信需要這個證書),因為我配置了DNS,所以就不用改hosts了,如果沒有就需要改hosts文件指定。
1.關閉selinux,iptables,并設置ntp?? ?
采用CentOS-6.5-x86_64.iso進行minimal最小化安裝
關閉selinux
[root@master?~]#?cat?/etc/selinux/config?#?This?file?controls?the?state?of?SELinux?on?the?system.?#?SELINUX=?can?take?one?of?these?three?values:?#?enforcing?-?SELinux?security?policy?is?enforced.?#?permissive?-?SELinux?prints?warnings?instead?of?enforcing.?#?disabled?-?No?SELinux?policy?is?loaded.?SELINUX=enforcing?#?SELINUXTYPE=?can?take?one?of?these?two?values:?#?targeted?-?Targeted?processes?are?protected,?#?mls?-?Multi?Level?Security?protection.?SELINUXTYPE=targeted?[root@master?~]#?sed?-i?'/SELINUX/?s/enforcing/disabled/g'?/etc/selinux/config?[root@master?~]#?cat?/etc/selinux/config?#?This?file?controls?the?state?of?SELinux?on?the?system.?#?SELINUX=?can?take?one?of?these?three?values:?#?enforcing?-?SELinux?security?policy?is?enforced.?#?permissive?-?SELinux?prints?warnings?instead?of?enforcing.?#?disabled?-?No?SELinux?policy?is?loaded.?SELINUX=disabled?#?SELINUXTYPE=?can?take?one?of?these?two?values:?#?targeted?-?Targeted?processes?are?protected,?#?mls?-?Multi?Level?Security?protection.?SELINUXTYPE=targeted?[root@master?~]#?setenforce?0停止iptables
[root@node1?~]#?chkconfig?--list?|grep?tables?ip6tables?0:off?1:off?2:on?3:on?4:on?5:on?6:off?iptables?0:off?1:off?2:on?3:on?4:on?5:on?6:off?[root@node1?~]#?chkconfig?ip6tables?off?[root@node1?~]#?chkconfig?iptables?off?[root@node1?~]#?service?ip6tables?stop?ip6tables:?Setting?chains?to?policy?ACCEPT:?filter?[?OK?]?ip6tables:?Flushing?firewall?rules:?[?OK?]?ip6tables:?Unloading?modules:?[?OK?]?[root@node1?~]#?service?iptables?stop?iptables:?Setting?chains?to?policy?ACCEPT:?filter?[?OK?]?iptables:?Flushing?firewall?rules:?[?OK?]?iptables:?Unloading?modules:?[?OK?]?[root@node1?~]#設置ntp
[root@master?~]#?ntpdate?pool.ntp.org[root@master?~]#?chkconfig?--list|grep?ntp?ntpd?0:off?1:off?2:off?3:off?4:off?5:off?6:off?ntpdate?0:off?1:off?2:off?3:off?4:off?5:off?6:off?[root@master?~]#?chkconfig?ntpd?on?[root@master?~]#?service?ntpd?start?Starting?ntpd:?[?OK?]?[root@master?~]#2.安裝puppet服務??
puppet不在CentOS的基本源中,需要加入 PuppetLabs 提供的官方源:
在 master上安裝和啟用 puppet 服務:
[root@master?~]#?yum?install?puppet-server?[root@master?~]#?chkconfig?--list?|grep?puppet?puppet?0:off?1:off?2:off?3:off?4:off?5:off?6:off?puppetmaster?0:off?1:off?2:off?3:off?4:off?5:off?6:off?[root@master?~]#?chkconfig?puppet?on?[root@master?~]#?service?puppetmaster?start?Starting?puppetmaster:?[?OK?]?[root@master?~]#在clients上安裝puppet客戶端
3.配置puppet
對于puppet 客戶端,修改/etc/puppet/puppet.conf,指定master服務器
[main]#?The?Puppet?log?directory.#?The?default?value?is?'$vardir/log'.logdir?=?/var/log/puppet#?Where?Puppet?PID?files?are?kept.#?The?default?value?is?'$vardir/run'.rundir?=?/var/run/puppet#?Where?SSL?certificates?are?kept.#?The?default?value?is?'$confdir/ssl'.ssldir?=?$vardir/ssl[agent]#?The?file?in?which?puppetd?stores?a?list?of?the?classes#?associated?with?the?retrieved?configuratiion.?Can?be?loaded?in#?the?separate?``puppet``?executable?using?the?``--loadclasses``#?option.#?The?default?value?is?'$confdir/classes.txt'.classfile?=?$vardir/classes.txt#?Where?puppetd?caches?the?local?configuration.?An#?extension?indicating?the?cache?format?is?added?automatically.#?The?default?value?is?'$confdir/localconfig'.localconfig?=?$vardir/localconfigserver?=?master.fisteam2.com并重啟puppet服務
[root@node1?~]#?service?puppet?restart?Stopping?puppet?agent:?[?OK?]?Starting?puppet?agent:?[?OK?]?[root@node1?~]#4.Client申請證書??
服務端自動簽發證書設置 ?
設置master自動簽發所有的證書,我們只需要在/etc/puppet 目錄下創建 autosign.conf 文件。(不需要修改 /etc/puppet/puppet.conf文件,因為我默認的autosign.conf 文件的位置沒有修改)
這樣就會對所有來自fisteam2.com的機器的請求,都自動簽名。 ?
client需要向服務器端發出請求, 讓服務器對客戶端進行管理. 這其實是一個證書簽發的過程. 第一次運行puppet 客戶端的時候會生成一個 SSL 證書并指定發給 Puppet 服務端, 服務器端如果同意管理客戶端,就會對這個證書進行簽發,可以用這個命令來簽發證書,由于我們已經在客戶端設置了server地址,因此不需要跟服務端地址
為了詳細了解注冊的過程和日后排錯,可以增加參數,因為配置文件里 ?
–no-daemonize 前臺輸出日志 ?
–verbose 輸入更加詳細的日志 ?
–debug 更加詳細的日志,排錯的時候使用 ?
–test 表示測試,就帶一個–test參數就可以
就可以申請證書了,由于我配置的自動簽發證書,所以直接就簽發了,在服務端執行
[root@master?~]#?puppet?cert?list?--all就可以看到所有客戶端已經都已簽發證書,前面帶”+”號的就是簽發成功的,如果沒有簽名的,可以用
[root@master?~]#?puppet?cert?--sign?node1.localdomain即可看到證書已經簽發 ?
5.在服務端安裝puppet的dashboard??
安裝mysql
優化mysql設置
編輯 /etc/my.cnf, 在[mysqld]字段,增加最后一行
[root@master?~]#?vim?/etc/my.cnf啟動Mysql服務
[root@master?~]#?service?mysqld?start[root@master?~]#?chkconfig?mysqld?on?[root@master?~]#?chkconfig?--list?|grep?mysqld?mysqld?0:off?1:off?2:on?3:on?4:on?5:on?6:off?
設置mysql密碼,我這里使用是密碼是123456
[root@master?~]#?mysqladmin?-u?root?password?'123456'創建一個dashboard數據庫
[root@master?~]#?mysql?-uroot?-p123456?<<EOF >?CREATE?DATABASE?dashboard?CHARACTER?SET?utf8; >?CREATE?USER?'dashboard'@'localhost'?IDENTIFIED?BY?'123456'; >?GRANT?ALL?PRIVILEGES?ON?dashboard.*?TO?'dashboard'@'localhost'; >?FLUSH?PRIVILEGES; >?EOF[root@master?~]#Passenger+Apache+Dashboard
這是讓Apache支持ruby,由于Passenger不在centos官方源里,因此要添加epel的源
[root@master?~]#?wget?http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm?[root@master?~]#?rpm?-ivh?epel-release-6-8.noarch.rpm?[root@master?~]#?yum?install?mod_passenger?puppet-dashboard配置Dashboard
[root@master?~]#?vim?/usr/share/puppet-dashboard/config/database.yml修改時區
[root@master?~]#?vim?/usr/share/puppet-dashboard/config/environment.rb初始化數據庫
[root@master?~]#?cd?/usr/share/puppet-dashboard/ [root@master?puppet-dashboard]#?rake?RAILS_ENV=production?db:migrate?
配置Apache ?
我們需要整合Passenger和apache
啟動服務
[root@master?~]#?service?httpd?startStarting?httpd:?httpd:?Could?not?reliably?determine?the?server's?fully?qualified?domain?name,?using?master.fisteam2.com?for?ServerName[?OK?][root@master?~]#?chkconfig?httpd?on[root@master?~]#?chkconfig?--list?|?grep?httpdhttpd?0:off?1:off?2:on?3:on?4:on?5:on?6:off配置puppet ?
讓Dashboard使用Reports,現在默認agent是已經啟用Report的功能,所以你就不需要設置agent,你只需要設置Server端就可以
重啟puppetmaster 服務
[root@master?~]#?service?puppetmaster?restart這時候就可以直接用 http://ip 訪問puppet Dashboard
導入報告
[root@master?puppet-dashboard]#?cd?/usr/share/puppet-dashboard/ [root@master?puppet-dashboard]#?rake?RAILS_ENV=production?reports:import這時候你訪問Dashboard,可以看到導入的任務.
4. 執行導入的reports
[root@master?puppet-dashboard]#?cd?/usr/share/puppet-dashboard/ [root@master?puppet-dashboard]#?rake?jobs:work?RAILS_ENV="production"?
一個Master,五個node測試效果
文件同步測試
Puppet master:
[root@master?~]#?vim?/etc/puppet/fileserver.conf[fisteam2filesync]path?/etc/puppetallow?*在下面加一個配置域,名字叫做fisteam2filesync,路徑是/etc/puppet
[root@master?~]#?vim?/etc/puppet/manifests/site.ppnode?default?{ file?{ "/tmp/fisteam2_puppet_testfile.txt":content=>"good,test?pass!\nfisteam2_puppet_testing\n";} }?
上面的代碼對默認連入的puppet客戶端執行一個操作,在/tmp目錄生成一個fisteam2_puppet_testfile.txt文件,內容是good,test pass! 回車換行fisteam2_puppet_testing回車換行. ?
初次創建pp文件,需要重啟puppetmaster
NODE1~5測試
node1:
node2:
node3:
node4:
node5:
地址下載:http://down.51cto.com/data/1968796
===================================================END====================================
總結
以上是生活随笔為你收集整理的CentOS6.5+puppet3.7.3 安装、配置及测试的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: Spring官网改版后下载方式
- 下一篇: Ubuntu下apt-get命令详解