实验环境
一、各节点配置
1、因为基于主机名称通信所以第一步所以主从节点添加主机名本地解析
安装部署puppet服务端和客户端,并简述配置文件
[root@master63 ~]# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.61 agent61.localdomain agent61
192.168.1.62 agent62.localdomain agent62
192.168.1.63 master63.localdomain master63
#修改主机名
[root@master63 ~]# hostnamectl set-hostname master63
2、各节点同步时间
二、master63主节点配置
1、下载rpm包,下载地址https://yum.puppetlabs.com/el/7Server/products/x86_64/
[root@master63 ~]# wget https://yum.puppetlabs.com/el/7Server/products/x86_64/facter-2.4.6-1.el7.x86_64.rpm
[root@master63 ~]# wget https://yum.puppetlabs.com/el/7Server/products/x86_64/puppet-3.8.7-1.el7.noarch.rpm
[root@master63 ~]# wget https://yum.puppetlabs.com/el/7Server/products/x86_64/puppet-server-3.8.7-1.el7.noarch.rpm
2、把rpm包拷贝到agent节点
[root@master63 ~]# scp facter-2.4.6-1.el7.x86_64.rpm puppet-3.8.7-1.el7.noarch.rpm node-61:/root/
[root@master63 ~]# scp facter-2.4.6-1.el7.x86_64.rpm puppet-3.8.7-1.el7.noarch.rpm node-62:/root/
3、各节点都安装epel仓库
[root@master63 ~]# yum install epel-release -y
4、安装rpm包
[root@master63 ~]# ls
anaconda-ks.cfg puppet-3.8.7-1.el7.noarch.rpm
facter-2.4.6-1.el7.x86_64.rpm puppet-server-3.8.7-1.el7.noarch.rpm
[root@master63 ~]# yum install ./*.rpm -y
5、查看生成文件目录
[root@master63 ~]# rpm -ql puppet-server
/etc/puppet/environments
/etc/puppet/environments/example_env
/etc/puppet/environments/example_env/README.environment
/etc/puppet/environments/example_env/manifests
/etc/puppet/environments/example_env/modules
/etc/puppet/fileserver.conf #文件服务模块路径
/etc/puppet/manifests #主机清单目录,必须叫做site.pp
/usr/lib/systemd/system/puppetmaster.service #启动文件路径
/usr/share/man/man8/puppet-ca.8.gz #手册目录
/usr/share/man/man8/puppet-master.8.gz
6、master-server节点初始化
[root@master63 ~]# puppet master --no-daemonize -v
#自动生成ca证书、自动签署
Info: Creating a new SSL key for ca
Info: Creating a new SSL certificate request for ca
Info: Certificate Request fingerprint (SHA256): ED:D3:78:C0:5B:29:93:6D:45:7F:67:65:24:45:2E:C7:CB:5E:70:CD:78:15:16:4A:B2:D2:79:89:9C:BA:78:74
Notice: Signed certificate request for ca
Info: Creating a new certificate revocation list
Info: Creating a new SSL key for node-63
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for node-63
Info: Certificate Request fingerprint (SHA256): D7:AB:73:0C:44:78:65:34:40:FE:1A:F5:A4:B5:FE:27:11:88:7D:49:36:8A:4B:BF:29:4F:AA:B8:29:01:FD:6E
Notice: node-63 has a waiting certificate request
Notice: Signed certificate request for node-63
Notice: Removing file Puppet::SSL::CertificateRequest node-63 at '/var/lib/puppet/ssl/ca/requests/node-63.pem'
Notice: Removing file Puppet::SSL::CertificateRequest node-63 at '/var/lib/puppet/ssl/certificate_requests/node-63.pem'
Notice: Starting Puppet master version 3.8.7
#初始化后,监听在8140端口
#以守护进程方式启动puppetmaster服务
[root@master63 ~]# systemctl start puppetmaster
[root@master63 ~]# systemctl enable puppetmaster
如果启动报错,kill进程puppet再启动
[root@master63 ~]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:8140 *:*
7、签署两个agent节点证书
#查询等待签署的证书
[root@master63 ~]# puppet cert list
"agent61.localdomain" (SHA256) D5:BA:D6:2A:46:44:EF:11:FC:AD:79:B4:8A:9D:D8:E0:0B:C3:1F:AC:B0:58:AA:F8:99:E3:99:0C:CB:D3:1B:5E
"agent62.localdomain" (SHA256) 84:F8:C1:23:0D:62:68:BD:68:BC:72:C1:9D:C5:48:D5:3E:29:A6:B3:CA:8E:4E:61:57:97:68:6B:95:7F:63:B0
#签署所有证书
[root@master63 ~]# puppet cert sign --all
Notice: Signed certificate request for agent61.localdomain
Notice: Removing file Puppet::SSL::CertificateRequest agent61.localdomain at '/var/lib/puppet/ssl/ca/requests/agent61.localdomain.pem'
Notice: Signed certificate request for agent62.localdomain
Notice: Removing file Puppet::SSL::CertificateRequest agent62.localdomain at '/var/lib/puppet/ssl/ca/requests/agent62.localdomain.pem'
#列出所有证书,+号代表已签证书
[root@master63 ~]# puppet cert list --all
+ "agent61.localdomain" (SHA256) E6:53:54:59:3B:AA:AB:1B:7A:E6:66:5F:9A:91:EC:7B:C7:46:9D:0F:0C:42:1B:7B:47:BC:C4:45:C4:3E:8C:A9
+ "agent62.localdomain" (SHA256) F2:D1:11:F0:1B:33:5D:BC:38:7B:16:07:8C:5E:15:67:8B:C9:4E:17:EA:53:C7:AA:F9:8F:E9:45:C4:CB:87:D8
+ "master63.localdomain" (SHA256) C1:BF:B9:7D:15:FB:D9:0B:8F:97:BB:BA:E3:48:D5:B6:2D:C7:AC:53:3F:12:B2:71:DF:53:74:FC:DE:4F:9B:A1 (alt names: "DNS:master63.localdomain", "DNS:puppet", "DNS:puppet.localdomain")
三、agent61从节点配置
1、添加主机名本地解析
[root@agent61 ~]# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.61 agent61.localdomain agent61
192.168.1.62 agent62.localdomain agent62
192.168.1.63 master63.localdomain master63
#修改主机名
[root@agent61~]# hostnamectl set-hostname agent61
2、安装puppet的agent
#安装epel仓库、安装puppet的agent包
[root@agent61 ~]# yum install epel-release -y
[root@agent61 ~]# ls
anaconda-ks.cfg puppet-3.8.7-1.el7.noarch.rpm
facter-2.4.6-1.el7.x86_64.rpm
[root@agent61 ~]# yum install ./*.rpm -y
3、ca证书请求签发,此处使用master完整名称,否则报错
- 格式: puppet agent --server <master完整名称> --no-daemonize -v
[root@agent61 ~]# puppet agent --server master63.localdomain --no-daemonize -v
Notice: Starting Puppet client version 3.8.7
Info: Caching certificate_revocation_list for ca
Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: undefined method `include?' for nil:NilClass
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for agent61.localdomain
Info: Applying configuration version '1543131708'
Info: Creating state file /var/lib/puppet/state/state.yaml
Notice: Finished catalog run in 0.01 seconds
4、在配置文件中的agent配置端添加server参数,puppet-agent将以守护进程运行
[root@agent61 ~]# vim /etc/puppet/puppet.conf
.........
#添加指定master主机名称
[agent]
server = master63.localdomain
5、puppet-agent将以守护进程运行,此时同步配置可用systemctl restart命令即可
#结束puppet-agent进程
[root@agent61 ~]# ps aux | grep puppet
[root@agent61~]# kill -9 1487
root 1982 0.0 0.0 112660 972 pts/2 R+ 15:42 0:00 grep --color=auto puppet
[1]+ Killed puppet agent --server master63.localdomain --no-daemonize -v
#使用systemctl启动
[root@agent61 ~]# systemctl start puppetagent
四、agent62从节点配置
1、添加主机名本地解析
[root@agent62~]# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.61 agent61.localdomain agent61
192.168.1.62 agent62.localdomain agent62
192.168.1.63 master63.localdomain master63
#修改主机名
[root@agent62~]# hostnamectl set-hostname agent62
2、安装puppet的agent
#安装epel仓库、安装puppet的agent包
[root@agent62 ~]# yum install epel-release -y
[root@agent62 ~]# ls
anaconda-ks.cfg puppet-3.8.7-1.el7.noarch.rpm
facter-2.4.6-1.el7.x86_64.rpm
[root@agent62 ~]# yum install ./*.rpm -y
3、ca证书请求签发,此处使用master完整名称,否则报错
[root@agent62 ~]# puppet agent --server master63.localdomain --no-daemonize -v
Notice: Starting Puppet client version 3.8.7
Info: Caching certificate_revocation_list for ca
Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: undefined method `include?' for nil:NilClass
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for agent61.localdomain
Info: Applying configuration version '1543131708'
Info: Creating state file /var/lib/puppet/state/state.yaml
Notice: Finished catalog run in 0.01 seconds
4、在配置文件中的agent配置端添加server参数,puppet-agent将以守护进程运行
[root@agent62 ~]# vim /etc/puppet/puppet.conf
.........
#添加指定master主机名称
[agent]
server = master63.localdomain
5、puppet-agent将以守护进程运行,此时同步配置可用systemctl restart命令即可
#结束puppet-agent进程
[root@agent62 ~]# ps aux | grep puppet
[root@agent62~]# kill -9 1487
root 1982 0.0 0.0 112660 972 pts/2 R+ 15:42 0:00 grep --color=auto puppet
[1]+ Killed puppet agent --server master63.localdomain --no-daemonize -v
#使用systemctl启动
[root@agent62 ~]# systemctl start puppetagent
五、应用测试
在master主节点上:
1、自定义chrony模块
#chrony模块目录
[root@master63 ~]# ls /etc/puppet/modules/chrony/
files lib manifests spec templates tests
[root@master63 ~]# vim /etc/puppet/modules/chrony/manifests/init.pp
class chrony { #定义chrony类
package{'chrony':
} ->
file{'chrony.conf':
path => '/etc/chrony.conf',
source => 'puppet:///modules/chrony/chrony.conf',
} ~>
service{'chronyd':
ensure => running,
enable => true,
}
#添加配置文件,可从其他主机拷贝
[root@master63 ~]# vim /etc/puppet/modules/chrony/files/chrony.conf
server time1.aliyun.com iburst #添加时间服务器地址
2、自定义nginx模块
#nginx模块目录
[root@master63 ~]# ls /etc/puppet/modules/nginx/
files lib manifests spec templates tests
#定义nginx父类
[root@master63 ~]# vim /etc/puppet/modules/nginx/manifests/init.pp
class nginx{
package{'nginx':
ensure => latest,
} ->
service{'nginx':
ensure => running,
enable => true,
}
}
#定义nginx的web子类
[root@master63 ~]# vim /etc/puppet/modules/nginx/manifests/web.pp
class nginx::web inherits nginx {
file{'nginx.conf':
path => '/etc/nginx/nginx.conf',
content =>template('nginx/nginx.conf.erb'),
}
Package['nginx'] -> File['nginx.conf'] ~> Service['nginx']
}
#定义nginx的proxy子类
[root@master63 ~]# vim /etc/puppet/modules/nginx/manifests/webproxy.pp
class nginx::webproxy inherits nginx {
file{ 'nginx.conf':
path => '/etc/nginx/nginx.conf',
source => 'puppet:///modules/nginx/nginx-webproxy.conf',
}
Package['nginx'] -> File['nginx.conf'] ~> Service['nginx']
}
#定义模板配置文件,可以拷贝其他nginx节点配置,修改文件以.erb结尾
[root@master63 ~]# vim /etc/puppet/modules/nginx/templates/nginx.conf.erb
#编辑nginx-webproxy配置文件,可以拷贝其他nginx节点配置并修改
[root@master63 ~]# vim /etc/puppet/modules/nginx/files/nginx-webproxy.conf
.........
stream {
server{
listen 80;
proxy_pass 192.168.1.62:8080;#http反代到agent62服务器的8080端口
}
}
.......
3、自定义jdk模块
[root@master63 ~]# mkdir modules/{jdk8,tomcat}/{manifests,files,templates,lib,spec,tests} -pv
[root@master63 modules]# cd modules/jdk8
[root@master63 jdk8]# vim manifests/init.pp
class jdk8{
package{'jdk8'
name => 'java-1.8.0-openjdk-devel',
ensure => latest,
}
file{'java.sh'
path =>'/etc/profile.d/java.sh',
source => 'puppet:///modules/jdk8/java.sh',
}
}
#提供配置文件
[root@master63 jdk8]# vim files/java.sh
export JAVA_HOME=/usr
4、自定义tomcat模块
#tomcat模块
[root@master63 tomcat]# ls
files lib manifests spec templates tests
[root@master63 tomcat]# vim manifests/init.pp
class tomcat {
package{['tomcat','tomcat-webapps','tomcat-admin-webapps','tomcat-docs-webapp']:
ensure=> latest,
}
file{'server.xml':
path => '/etc/tomcat/server.xml',
source => 'puppet:///modules/tomcat/server.xml',
}
service{'tomcat':
ensure=> running,
enable => true,
}
}
#从其他tomcat主机拷贝配置文件到此目录下
[root@master63 ~]# ls modules/tomcat/files/
server.xml
#把制作好的模块拷贝到etc下
[root@master63 ~]# cp modules/* /etc/puppet/modules/ -a
[root@master63 ~]# cd /etc/puppet/modules/
[root@master63 modules]# puppet module list
/etc/puppet/modules
├── chrony (???)
├── jdk8 (???)
├── nginx (???)
├── puppetlabs-apt (v6.2.1)
├── puppetlabs-stdlib (v5.1.0)
├── puppetlabs-translate (v1.2.0)
└── tomcat (???)
5、编辑主机清单
[root@master63 ~]# vim /etc/puppet/manifests/site.pp
#agent61节点执行的配置
node 'agent61.localdomain'{
include chrony
include nginx::webproxy
}
#agent62节点执行的配置
node 'agent62.localdomain'{
include jdk8
include tomcat
}
在agent61节点上:
[root@agent61 ~]# systemctl restart puppetagent
[root@agent61 ~]# systemctl status puppetagent
● puppet.service - Puppet agent
Loaded: loaded (/usr/lib/systemd/system/puppet.service; disabled; vendor preset: disabled)
Active: active (running) since Wed 2018-11-28 16:30:26 CST; 2s ago
Main PID: 2957 (puppet)
CGroup: /system.slice/puppet.service
├─2957 /usr/bin/ruby /usr/bin/puppet agent --no-daemonize
└─2964 puppet agent: applying configuration
Nov 28 16:30:26 agent61 systemd[1]: Started Puppet agent.
Nov 28 16:30:26 agent61 systemd[1]: Starting Puppet agent...
Nov 28 16:30:27 agent61 puppet-agent[2957]: Starting Puppet client version 3.8.7
#chrony已启动
[root@agent61 ~]# ps aux | grep chrony
chrony 1922 0.0 0.1 100436 1508 ? S 15:09 0:00 /usr/sbin/chronyd
#nginx已启动
[root@agent61 ~]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:80 *:*
在agent62节点上:
#重启agent服务
[root@agent62 ~]# systemctl restart puppetagent
#查询agent服务
[root@agent62 ~]# systemctl status puppetagent
● puppet.service - Puppet agent
Loaded: loaded (/usr/lib/systemd/system/puppet.service; disabled; vendor preset: disabled)
Active: active (running) since Wed 2018-11-28 13:12:22 CST; 1min 3s ago
Main PID: 5904 (puppet)
CGroup: /system.slice/puppet.service
└─5904 /usr/bin/ruby /usr/bin/puppet agent --no-daemonize
Nov 28 13:12:41 agent62 yum[6182]: Installed: tomcat-docs-webapp-7.0.76-8.el7_5.noarch #正在安装tomcat-docs-webapp
Nov 28 13:12:41 agent62 puppet-agent[5911]: (/Stage[main]/Tomcat/Package[tomcat-docs-webapp]/ensure) created
Nov 28 13:12:46 agent62 yum[6229]: Installed: jakarta-taglibs-standard-1.1.2-14.el7_1.noarch
Nov 28 13:12:47 agent62 yum[6229]: Installed: tomcat-webapps-7.0.76-8.el7_5.noarch #正在安装tomcat-webapps
Nov 28 13:12:47 agent62 puppet-agent[5911]: (/Stage[main]/Tomcat/Package[tomcat-webapps]/ensure) created
Nov 28 13:12:52 agent62 yum[6279]: Installed: tomcat-admin-webapps-7.0.76-8.el7_5.noarch #正在安装tomcat-admin-webapps
Nov 28 13:12:53 agent62 puppet-agent[5911]: (/Stage[main]/Tomcat/Package[tomcat-admin-webapps]/ensure) created
Nov 28 13:12:53 agent62 puppet-agent[5911]: (/Stage[main]/Tomcat/File[server.xml]/group) group changed 'tomcat' to 'root'
Nov 28 13:12:53 agent62 puppet-agent[5911]: (/Stage[main]/Tomcat/Service[tomcat]/ensure) ensure changed 'stopped' to 'running'
Nov 28 13:12:57 agent62 puppet-agent[5911]: Finished catalog run in 31.42 seconds
#查询tomcat是否启动
[root@agent62 ~]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 100 :::8080 :::*
浏览agent62节点
报错1:
- 使用puppet agent命令再次请求时候报错agent.pid不可创建。
Error: Could not run: Could not create PID file: /var/run/puppet/agent.pid
解决方法:移走现有agent.pid,使用完整主机名再次请求
#结束puppet-agent进程
ps aux | grep puppet
kill -9 xxxx
#或者编辑配置/etc/puppet/puppet.conf
[agent]
server = master63.localdomain #添加
#使用systemctl启动、停止
systemctl start puppetagent.service
报错:2
(/File[/var/lib/puppet/facts.d]) Could not evaluate: Could not retrieve file metadata for puppet://agent63.localdomain/pluginfacts: Connection refused - connect(2)
Nov 28 14:58:27 agent61 puppet-agent[4533]: (/File[/var/lib/puppet/lib]) Failed to generate additional resources using 'eval_generate': Connection refused - connect(2)
解决方法:到master节点删除,此主机的ssl认证, 然后agent节点请求重新生成ca认证
#master节点,删除问题认证
puppet cert clean agent61.localdomain
#agent节点,提交申请认证
puppet agent --server master63.localdomain --no-daemonize -v
#master节点,签发认证
puppet cert sign --all
报错3:
..............nofind400
解决方法:检查/etc/puppet/modules/各个模块路径名称是否拼错
[root@master63 ~]# ls /etc/puppet/modules/jdk8/
files lib manifests spec templates tests
网友评论