puppet-agent

agent

1、查看agent环境

[root@master2 ~]# puppet config print environment
production
[root@master2 ~]# 

[root@master2 ~]# puppet agent --configprint environment
production

2、自动签署证书

[root@master1 puppet]# vim autosign.conf

*.com



重启服务:[root@master1 puppet]# systemctl restart puppetmaster
清除证书:
[root@master1 puppet]# puppet cert clean master2.com

客户端删除证书:
[root@master2 ~]# rm -rf /var/lib/puppet/ssl/*

客户端连接:
[root@master2 ~]# puppet agent --server=master1.com --no-daemonize --verbose
Info: Creating a new SSL key for master2.com
Info: Caching certificate for ca
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for master2.com
Info: Certificate Request fingerprint (SHA256): 0C:E7:25:E3:C3:62:26:F3:A7:35:65:10:9E:53:0F:F0:A1:18:22:AC:D7:AE:EF:6D:C0:78:DE:B1:FB:77:93:5D
Info: Caching certificate for master2.com
Info: Caching certificate_revocation_list for ca
Info: Caching certificate for ca
Notice: Starting Puppet client version 3.8.4
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for master2.com
Info: Applying configuration version '1514001433'
Notice: Finished catalog run in 2.33 seconds

3、puppet kick模式

3.1 agent拉取数据默认是关闭的
[root@master2 ~]# puppet config print | grep listen
listen = false

开启:
[root@master2 ~]# vim /etc/puppet/puppet.conf 

[agent]
listen = true

重启服务:
[root@master2 ~]# systemctl restart puppetagent

[root@master2 ~]# ss -tnl
State      Recv-Q Send-Q       Local Address:Port                      Peer Address:Port              
LISTEN     0      128                      *:8139                                 *:* 
3.2 agent端设置允许master触发列表
[root@master2 ~]# vim /etc/puppet/namespaceauth.conf

[root@master2 ~]# vim /etc/puppet/namespaceauth.conf

[puppetrunner]
allow master1.com


[root@master2 ~]# vim /etc/puppet/auth.conf
path /run
method save
allow master1.com


# deny everything else; this ACL is not strictly necessary, but
# illustrates the default policy.
path /
auth any



[root@master2 ~]# systemctl restart puppetagent
3.3 mastere重新定义模块
[root@master1 puppet]# mkdir -pv /etc/puppet/modules/varnish/{manifests,files,templates,lib,tests,spec}
mkdir: created directory ‘/etc/puppet/modules/varnish’
mkdir: created directory ‘/etc/puppet/modules/varnish/manifests’
mkdir: created directory ‘/etc/puppet/modules/varnish/files’
mkdir: created directory ‘/etc/puppet/modules/varnish/templates’
mkdir: created directory ‘/etc/puppet/modules/varnish/lib’
mkdir: created directory ‘/etc/puppet/modules/varnish/tests’
mkdir: created directory ‘/etc/puppet/modules/varnish/spec’

[root@master1 puppet]# vim /etc/puppet/modules/varnish/manifests/init.pp

class varnish {
    package{'varnish':
        ensure => latest,
    }
}


在master端的站点清单申明新定义的类:
[root@master1 puppet]# vim /etc/puppet/manifests/site.pp 

node "master2.com" {
    include varnish
    include nginx::proxy
}

重启服务:
[root@master1 puppet]# systemctl restart puppetmaster
3.4 mastere端推送
[root@master1 puppet]# puppet kick master2.com
Warning: Puppet kick is deprecated. See http://links.puppetlabs.com/puppet-kick-deprecation
Warning: Failed to load ruby LDAP library. LDAP functionality will not be available
Triggering master2.com
Getting status
status is success
master2.com finished with exit code 0
Finished
3.5 agent日志查看
[root@master2 ~]# tail /var/log/puppet/http.log 
         20:07:ab:88:68:a9:cd:ba:86:c2:70:d9:22:5d:e8:3a:ad:1e:
         d4:ab:f2:f1:a5:04:43:a7:29:75:24:f0:56:84:dc:e0:77:1c:
         43:a3:5f:2e:37:28:d4:90:9f:14:3c:30:c1:e0:cf:72:68:a3:
         ba:2a:c8:c6:db:68:b9:67:9d:de:63:f1:89:50:b9:07:d7:93:
         85:e7:84:29:cb:fa:61:31:52:05:5d:e0:ca:36:2d:eb:f0:3e:
         03:72:7d:03:8f:a4:e5:2e:b3:c3:ee:5c:f0:4d:7d:ce:e2:65:
         86:4d:f6:cb:e4:49:bc:f2
[2017-12-23 12:28:21] INFO  WEBrick::HTTPServer#start: pid=3737 port=8139
[2017-12-23 12:30:08] 10.201.106.131 - - [23/Dec/2017:12:30:08 CST] "PUT /production/run/master2.com HTTP/1.1" 200 84
[2017-12-23 12:30:08] - -> /production/run/master2.com
[root@master2 ~]#