CentOS6.5 64位下安装配置puppet服务器

分类:CentOS教程 阅读:50377 次

我们先准备三台centos 6.5 x86_64机器,做好安装前的工作。

OS: Centos 6.5 x86_64

Puppet master: master.com (192.168.37.72)

Puppet clients: client1.com(192.168.37.83)

Puppet clients: client2.com (192.168.37.82)

一、先做好安装的准备工作:

  1. 在master和client均关闭selinux,iptables:

    停止iptables

    [root@master ~]# service iptables stop
    iptables:清除防火墙规则: [确定]
    iptables:正在卸载模块: [确定]
    [root@master ~]# chkconfig --list |grep iptables

    iptables 0:关闭 1:关闭 2:启用 3:启用 4:启用 5:启用 6:关闭

    [root@master ~]#chkconfig ptables off

    关闭selinux

    [root@master ~]#vim /etc/selinux/config


    # This file controls the state of SELinux on the system.
    # SELINUX= can take one of these three values:
    # enforcing - SELinux security policy is enforced.
    # permissive - SELinux prints warnings instead of enforcing.
    # disabled - No SELinux policy is loaded.
    SELINUX=enforcing改成SELINUX=disabled
    # SELINUXTYPE= can take one of these two values:
    # targeted - Targeted processes are protected,
    # mls - Multi Level Security protection.
    SELINUXTYPE=targeted

  2. 为了保证能向master主机申请到正确的有效证书,建议master和client设置ntp:

    [root@master ~]#yum -y install ntp

    [root@master ~]#ntpdate pool.ntp.org

    [root@master ~]#chkconfig ntpd on

    [root@master ~]#chkconfig --list|grep ntp

    ntpd 0:关闭 1:关闭 2:启用 3:启用 4:启用 5:启用 6:关闭
    ntpdate 0:关闭 1:关闭 2:关闭 3:关闭 4:关闭 5:关闭 6:关闭

    [root@master ~]#service ntpd start
    正在启动 ntpd: [确定]

  3. 在master和client端设置hosts

    Puppet 要求所有机器有完整的域名,如果没有 DNS 服务器提供域名的话,可以在机器上设置主机名(注意:要先安装 Puppet之前设置主机名,因为安装 Puppet 时会把主机名写入证书,客户端和服务端通信需要这个证书),为了简化安装过程我配置了/etc/hosts。

    [root@master ~]#vim /etc/hosts

    127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
    ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
    192.168.37.72 master.com
    192.168.37.83 client1.com
    192.168.37.82 client2.com

  4. 安装puppet官方源

    [root@master ~]#wgethttp://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-7.noarch.rpm

    [root@master ~]#rpm -ivh puppetlabs-release-6-7.noarch.rpm

    [root@master ~]#yum update

二、Master端安装配置

  1. 安装 puppet-server

    [root@master ~]#yum -y install puppet-server

  2. 添加自动签发证书

    编辑 /etc/puppet/puppet.conf 文件, 在[main]段内加入 autosign = true,server = master.com

    [root@master ~]# vim /etc/puppet/puppet.conf

    [main]
    # The Puppet log directory.
    # The default value is '$vardir/log'.
    logdir = /var/log/puppet

    # Where Puppet PID files are kept.
    # The default value is '$vardir/run'.
    rundir = /var/run/puppet

    # Where SSL certificates are kept.
    # The default value is '$confdir/ssl'.
    ssldir = $vardir/ssl
    autosign = true
    server = master.com

  3. 启动Puppetmaster

    [root@master ~]#service puppetmaster start

    启动 puppetmaster: [确定]

    [root@master ~]#netstat -tunlp | grep :8140

    tcp 0 0 0.0.0.0:8140 0.0.0.0:* LISTEN 9148/ruby

  4. 开机启动

    [root@master ~]#chkconfig --list |grep puppet
    puppet 0:关闭 1:关闭 2:关闭 3:关闭 4:关闭 5:关闭 6:关闭
    puppetmaster 0:关闭 1:关闭 2:关闭 3:关闭 4:关闭 5:关闭 6:关闭

    [root@master ~]#chkconfig puppetmaster on

    [root@master ~]#chkconfig --list |grep puppet
    puppet 0:关闭 1:关闭 2:关闭 3:关闭 4:关闭 5:关闭 6:关闭
    puppetmaster 0:关闭 1:关闭 2:启用 3:启用 4:启用 5:启用 6:关闭

三、客户端安装配置

  1. puppet 安装

    [root@client1 ~]#yum -y install puppet

  2. 为客户端指定puppet服务器,并开启Master的推送功能

    编辑 /etc/puppet/puppet.conf 文件,在[agent]段内加入 listen = true,server = master.com

    [root@client1 ~]#vim /etc/puppet/puppet.conf

    [agent]
    # The file in which puppetd stores a list of the classes
    # associated with the retrieved configuratiion. Can be loaded in
    # the separate ``puppet`` executable using the ``--loadclasses``
    # option.
    # The default value is '$confdir/classes.txt'.
    classfile = $vardir/classes.txt

    # Where puppetd caches the local configuration. An
    # extension indicating the cache format is added automatically.
    # The default value is '$confdir/localconfig'.
    localconfig = $vardir/localconfig
    listen = true
    server = master.com

    编辑 /etc/puppet/auth.conf 文件, 在 auth / 最下面加入以下语句

    [root@client1 ~]# vim /etc/puppet/auth.conf

    path /run
    method save
    allow master.com

  3. 启动client

    [root@client1 ~]#service puppet start
    Starting puppet agent: [确定]

    [root@client1 ~]# netstat -tunlp | grep :8139
    tcp 0 0 0.0.0.0:8139 0.0.0.0:* LISTEN 15038/ruby

  4. 开机启动

    [root@client1 ~]#chkconfig puppet on

    [root@client1 ~]#chkconfig --list |grep puppet

    puppet 0:关闭 1:关闭 2:启用 3:启用 4:启用 5:启用 6:关闭