centos7上安装puppet

转载

mb5fe18fed96438 2021-07-26 11:07:00

这里在docker中的两个centos容器中安装puppet。因此不存在服务器时间问题，如果是虚拟机或者物理机安装，一定要注意两台服务器时间要同步。

如果时间不同步，会导致如下错误。

Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=error: certificate verify failed: [CRL is not yet valid for /CN=linux-node1.com]

客户端，服务端均需要安装epel-release，默认centos yum包管理器中没有puppet相关包，需要安装扩张包即epel-release。

yum install epel-release -y
一、服务端

安装puppet-server

yum install -y puppet-server
配置hosts

172.17.0.3 91c968c989ae client.com
172.17.0.2 67783e936e27 master.com
配置puppet.conf，在[main]段增加certname属性。

[main]
# The Puppet log directory.
# The default value is '$vardir/log'.
logdir = /var/log/puppet
# Where Puppet PID files are kept.
# The default value is '$vardir/run'.
rundir = /var/run/puppet
# Where SSL certificates are kept.
# The default value is '$confdir/ssl'.
ssldir = $vardir/ssl
certname = master.com
编辑/etc/puppet/manifest/site.pp，指定在tmp目录创建一个文件/tmp/helloworld

node default {
file {
"/tmp/helloworld.txt":
content => "hello,world!"
}
}
启动puppetmaster

systemctl start puppetmaster
二、客户端

客户端安装puppet

yum install -y puppet
配置hosts,同服务端

配置puppet.conf，在agent段增加certname,server,report属性，如下所示:

[agent]
# The file in which puppetd stores a list of the classes
# associated with the retrieved configuratiion. Can be loaded in
# the separate ``puppet`` executable using the ``--loadclasses``
# option.
# The default value is '$confdir/classes.txt'.
classfile = $vardir/classes.txt
# Where puppetd caches the local configuration. An
# extension indicating the cache format is added automatically.
# The default value is '$confdir/localconfig'.
localconfig = $vardir/localconfig
certname = client.com
server = master.com
report = true
证书默认没有签发，测试发现，需要证书。

[root@91c968c989ae /]# puppet agent --test
Info: Creating a new SSL key for client.com
Info: Caching certificate for ca
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for client.com
Info: Certificate Request fingerprint (SHA256): C1:5A:8F:F5:65:68:EC:7B:CD:A1:9B:94:7A:B1:AB:86:0C:2C:14:0E:A5:27:5E:9C:B4:88:70:8E:D4:62:E5:81
Info: Caching certificate for ca
Exiting; no certificate found and waitforcert is disabled
三、签发证书

刚开始，客户端证书没有被审核，前面没有+

[root@67783e936e27 puppet]# puppet cert list -a
"client.com" (SHA256) C1:5A:8F:F5:65:68:EC:7B:CD:A1:9B:94:7A:B1:AB:86:0C:2C:14:0E:A5:27:5E:9C:B4:88:70:8E:D4:62:E5:81
+ "67783e936e27" (SHA256) DB:A4:97:30:A6:71:0D:16:2A:2A:C6:13:8A:CD:2E:19:97:D9:0E:5B:56:ED:59:82:AB:DF:C1:DA:BD:02:84:63
签发证书：puppet cert sign client.com，签发完成，发现证书已经被审核通过。

[root@67783e936e27 puppet]# puppet cert sign client.com
Notice: Signed certificate request for client.com
Notice: Removing file Puppet::SSL::CertificateRequest client.com at '/var/lib/puppet/ssl/ca/requests/client.com.pem'
[root@67783e936e27 puppet]# puppet cert list -a
+ "67783e936e27" (SHA256) DB:A4:97:30:A6:71:0D:16:2A:2A:C6:13:8A:CD:2E:19:97:D9:0E:5B:56:ED:59:82:AB:DF:C1:DA:BD:02:84:63
+ "client.com" (SHA256) 26:EA:AA:4F:79:4D:B6:DE:93:D7:E2:04:A0:68:83:75:0A:73:D7:D7:87:0B:48:F3:8C:7B:80:60:1F:02:F1:30
签发证书之后，再次测试，已经从服务端获取到了文件。

[root@91c968c989ae /]# puppet agent --test
Info: Caching certificate_revocation_list for ca
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for client.com
Info: Applying configuration version '1521738889'
Notice: /Stage[main]/Main/Node[default]/File[/tmp/helloworld.txt]/ensure: defined content as '{md5}c0e84e870874dd37ed0d164c7986f03a'
Info: Creating state file /var/lib/puppet/state/state.yaml
Notice: Finished catalog run in 0.01 seconds
[root@91c968c989ae /]#
查看客户端上的目录/tmp，有了文件helloworld.txt,并且内容为[hello,world!]

[root@91c968c989ae /]# cd /tmp
[root@91c968c989ae tmp]# cat helloworld.txt
hello,world![root@91c968c989ae tmp]#
[root@91c968c989ae tmp]# ls
helloworld.txt
[root@91c968c989ae tmp]#
————————————————
版权声明：本文为「luffy5459」的原创文章，遵循CC 4.0 BY-SA版权协议，转载请附上原文出处链接及本声明。