
作者: 王奥OX | 来源:发表于2016-03-25 16:39 被阅读493次
  1. 客户端Puppetd向Master发起认证请求,或使用带签名的证书。
  2. Master告诉Client你是合法的。
  3. 客户端Puppetd调用Facter,Facter探测出主机的一些变量,例如主机名、内存大小、IP地址等。Puppetd将这些信息通过SSL连接发送到服务器端。
  4. 服务器端的Puppet Master检测客户端的主机名,然后找到manifest对应的node配置,并对该部分内容进行解析。Facter送过来的信息可以作为变量处 理,node牵涉到的代码才解析,其他没牵涉的代码不解析。解析分为几个阶段,首先是语法检查,如果语法错误就报错;如果语法没错,就继续解析,解析的结 果生成一个中间的“伪代码”(catelog),然后把伪代码发给客户端。
  5. 客户端接收到“伪代码”,并且执行。
  6. 客户端在执行时判断有没有File文件,如果有,则向fileserver发起请求。
  7. 客户端判断有没有配置Report,如果已配置,则把执行结果发送给服务器。
  8. 服务器端把客户端的执行结果写入日志,并发送给报告系统。




RHEL(Red Hat Enterprise Linux)配置yum源 - http://wsgzao.github.io/post/yum/

/etc/init.d/iptables stop
chkconfig iptables off

setenforce 0
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config  

ntpdate 0.rhel.pool.ntp.org
crontab -e
0 0 * * * /usr/sbin/ntpdate 0.rhel.pool.ntp.org;/usr/sbin/hwclock -w

vi /etc/hosts master client


#配置CentOS YUM源

cd /etc/yum.repos.d/
cp rhel-source.repo rhel-source.repo.bak
vi rhel-source.repo





yum clean all
yum makecache
yum repolist

Puppet Server

如果可以访问外网并配置repos,直接yum install puppetserver简单粗暴

#Enable the Puppet Labs Package Repository
rpm -ivh https://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm

yum install -y yum-plugin-downloadonly

#yum install puppetserver
yum install --downloadonly --downloaddir=/tmp/puppetserver puppetserver

Total download size: 73 M
Is this ok [y/N]: y
Downloading Packages:
(1/22): augeas-libs-1.0.0-10.el6.x86_64.rpm          
(2/22): compat-readline5-5.2-17.1.el6.x86_64.rpm     
(3/22): facter-2.4.6-1.el6.x86_64.rpm                
(4/22): hiera-1.3.4-1.el6.noarch.rpm                 
(5/22): java-1.7.0-openjdk-
(6/22): libjpeg-turbo-1.2.1-3.el6_5.x86_64.rpm       
(7/22): libselinux-2.0.94-5.8.el6.i686.rpm           
(8/22): libselinux-2.0.94-5.8.el6.x86_64.rpm         
(9/22): libselinux-devel-2.0.94-5.8.el6.x86_64.rpm   
(10/22): libselinux-python-2.0.94-5.8.el6.x86_64.rpm 
(11/22): libselinux-ruby-2.0.94-5.8.el6.x86_64.rpm   
(12/22): libselinux-utils-2.0.94-5.8.el6.x86_64.rpm  
(13/22): puppet-3.8.6-1.el6.noarch.rpm               
(14/22): puppetserver-1.1.3-1.el6.noarch.rpm         
(15/22): ruby-           
(16/22): ruby-augeas-0.4.1-3.el6.x86_64.rpm          
(17/22): ruby-irb-       
(18/22): ruby-libs-      
(19/22): ruby-rdoc-      
(20/22): ruby-shadow-2.2.0-2.el6.x86_64.rpm          
(21/22): rubygem-json-1.5.5-3.el6.x86_64.rpm         
(22/22): rubygems-1.3.7-5.el6.noarch.rpm             

master@/tmp/puppetserver#rpm -Uvh *
warning: augeas-libs-1.0.0-10.el6.x86_64.rpm: Header V3 RSA/SHA1 Signature, key ID c105b9de: NOKEY
warning: facter-2.4.6-1.el6.x86_64.rpm: Header V4 RSA/SHA1 Signature, key ID 4bd6ec30: NOKEY
Preparing...                ########################################### [100%]
   1:libselinux             ########################################### [  5%]
   2:augeas-libs            ########################################### [  9%]
   3:libselinux-ruby        ########################################### [ 14%]
   4:libselinux-utils       ########################################### [ 18%]
   5:libjpeg-turbo          ########################################### [ 23%]
   6:java-1.7.0-openjdk     ########################################### [ 27%]
   7:compat-readline5       ########################################### [ 32%]
   8:ruby-libs              ########################################### [ 36%]
   9:ruby                   ########################################### [ 41%]
  10:facter                 ########################################### [ 45%]
  11:ruby-irb               ########################################### [ 50%]
  12:ruby-rdoc              ########################################### [ 55%]
  13:rubygems               ########################################### [ 59%]
  14:rubygem-json           ########################################### [ 64%]
  15:hiera                  ########################################### [ 68%]
  16:ruby-shadow            ########################################### [ 73%]
  17:ruby-augeas            ########################################### [ 77%]
  18:puppet                 ########################################### [ 82%]
  19:puppetserver           ########################################### [ 86%]
  20:libselinux-devel       ########################################### [ 91%]
  21:libselinux-python      ########################################### [ 95%]
  22:libselinux             ########################################### [100%]

master@/tmp/puppetserver#yum install puppetserver
Loaded plugins: downloadonly, product-id, refresh-packagekit, security, subscription-manager
Updating certificate-based repositories.
Unable to read consumer identity
Setting up Install Process
Package puppetserver-1.1.3-1.el6.noarch already installed and latest version
Nothing to do

#增加puppet master配置信息
vi /etc/puppet/puppet.conf

    # master的主机名
    server = master
    # master的主机名
    certname = master
    pluginsync = false
    # The Puppet log directory.
    # The default value is '$vardir/log'.
    logdir = /var/log/puppet

    # Where Puppet PID files are kept.
    # The default value is '$vardir/run'.
    rundir = /var/run/puppet

    # Where SSL certificates are kept.
    # The default value is '$confdir/ssl'.
    ssldir = $vardir/ssl

    # The file in which puppetd stores a list of the classes
    # associated with the retrieved configuratiion.  Can be loaded in
    # the separate ``puppet`` executable using the ``--loadclasses``
    # option.
    # The default value is '$confdir/classes.txt'.
    classfile = $vardir/classes.txt

    # Where puppetd caches the local configuration.  An
    # extension indicating the cache format is added automatically.
    # The default value is '$confdir/localconfig'.
    localconfig = $vardir/localconfig

puppet master
ps -ef |grep master

puppet    3077     1  0 10:09 ?        00:00:00 /usr/bin/ruby /usr/bin/puppet master
root      3081  3015  0 10:09 pts/0    00:00:00 grep master

Puppet Client

如果可以访问外网并配置repos,直接yum install puppet简单粗暴

#Enable the Puppet Labs Package Repository
rpm -ivh https://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm

yum install -y yum-plugin-downloadonly

#yum install puppet
yum install --downloadonly --downloaddir=/tmp/puppet puppet

Downloading Packages:
(1/19): augeas-libs-1.0.0-10.el6.x86_64.rpm          
(2/19): compat-readline5-5.2-17.1.el6.x86_64.rpm     
(3/19): facter-2.4.6-1.el6.x86_64.rpm                
(4/19): hiera-1.3.4-1.el6.noarch.rpm                 
(5/19): libselinux-2.0.94-5.8.el6.i686.rpm           
(6/19): libselinux-2.0.94-5.8.el6.x86_64.rpm         
(7/19): libselinux-devel-2.0.94-5.8.el6.x86_64.rpm   
(8/19): libselinux-python-2.0.94-5.8.el6.x86_64.rpm  
(9/19): libselinux-ruby-2.0.94-5.8.el6.x86_64.rpm    
(10/19): libselinux-utils-2.0.94-5.8.el6.x86_64.rpm  
(11/19): puppet-3.8.6-1.el6.noarch.rpm               
(12/19): ruby-           
(13/19): ruby-augeas-0.4.1-3.el6.x86_64.rpm          
(14/19): ruby-irb-       
(15/19): ruby-libs-      
(16/19): ruby-rdoc-      
(17/19): ruby-shadow-2.2.0-2.el6.x86_64.rpm          
(18/19): rubygem-json-1.5.5-3.el6.x86_64.rpm         
(19/19): rubygems-1.3.7-5.el6.noarch.rpm             

client@/tmp/puppet#rpm -Uvh *
warning: facter-2.4.6-1.el6.x86_64.rpm: Header V4 RSA/SHA1 Signature, key ID 4bd6ec30: NOKEY
Preparing...                ########################################### [100%]
   1:libselinux             ########################################### [  5%]
   2:augeas-libs            ########################################### [ 11%]
   3:libselinux-ruby        ########################################### [ 16%]
   4:libselinux-utils       ########################################### [ 21%]
   5:compat-readline5       ########################################### [ 26%]
   6:ruby-libs              ########################################### [ 32%]
   7:ruby                   ########################################### [ 37%]
   8:facter                 ########################################### [ 42%]
   9:ruby-irb               ########################################### [ 47%]
  10:ruby-rdoc              ########################################### [ 53%]
  11:rubygems               ########################################### [ 58%]
  12:rubygem-json           ########################################### [ 63%]
  13:hiera                  ########################################### [ 68%]
  14:ruby-shadow            ########################################### [ 74%]
  15:ruby-augeas            ########################################### [ 79%]
  16:puppet                 ########################################### [ 84%]
  17:libselinux-devel       ########################################### [ 89%]
  18:libselinux-python      ########################################### [ 95%]
  19:libselinux             ########################################### [100%]

client@/tmp/puppet#yum install puppet
Loaded plugins: fastestmirror, product-id, refresh-packagekit, security, subscription-manager
Updating certificate-based repositories.
Unable to read consumer identity
Setting up Install Process
Loading mirror speeds from cached hostfile
Package puppet-3.8.6-1.el6.noarch already installed and latest version
Nothing to do

#增加puppet client配置信息
vi /etc/puppet/puppet.conf

    # master的主机名
    server = master
    # 禁用插件同步
    pluginsync = false
    # The Puppet log directory.
    # The default value is '$vardir/log'.
    logdir = /var/log/puppet

    # Where Puppet PID files are kept.
    # The default value is '$vardir/run'.
    rundir = /var/run/puppet

    # Where SSL certificates are kept.
    # The default value is '$confdir/ssl'.
    ssldir = $vardir/ssl

    # The file in which puppetd stores a list of the classes
    # associated with the retrieved configuratiion.  Can be loaded in
    # the separate ``puppet`` executable using the ``--loadclasses``
    # option.
    # The default value is '$confdir/classes.txt'.
    classfile = $vardir/classes.txt

    # Where puppetd caches the local configuration.  An
    # extension indicating the cache format is added automatically.
    # The default value is '$confdir/localconfig'.
    localconfig = $vardir/localconfig



#client agent连接server
puppet agent --server=master

puppet cert --list

"client" (SHA256) BC:1B:42:88:B0:A4:F0:F2:81:56:5D:0E:7A:49:90:83:79:F2:41:A5:E3:12:FC:E2:F2:DB:DE:30:8E:DB:0D:D0

#puppet cert sign --all
puppet cert --sign client

Notice: Signed certificate request for client
Notice: Removing file Puppet::SSL::CertificateRequest client at '/var/lib/puppet/ssl/ca/requests/client.pem'

puppet cert -all

+ "client" (SHA256) BC:1B:42:88:B0:A4:F0:F2:81:56:5D:0E:7A:49:90:83:79:F2:41:A5:E3:12:FC:E2:F2:DB:DE:30:8E:DB:0D:D0
+ "master" (SHA256) 04:45:21:0B:B5:5E:41:AE:9C:F4:B4:6B:EC:2F:AA:D2:BE:46:33:3E:B1:0E:85:2E:3C:B7:6B:98:95:A8:CE:4D


vi /etc/puppet/manifests/site.pp

node default { file { "/tmp/test.txt": content => "Hello, First puppet test!"} }

puppet agent --test

Info: Caching catalog for client
Info: Applying configuration version '1458888162'
Notice: /Stage[main]/Main/Node[default]/File[/tmp/test.txt]/ensure: defined content as '{md5}390b4c389233b9ae38a84ff8c731a8a1'
Info: Creating state file /var/lib/puppet/state/state.yaml
Notice: Finished catalog run in 0.03 seconds




#Error: Could not find certificate request for client

#execute on your puppet master.
puppet cert clean "yourhostnamehere"

#execute on your puppet agent.
rm -f /etc/puppetlabs/puppet/ssl/certs/yourhostnamehere
find /var/lib/puppet -name *yourhostnamehere* -delete
puppet agent -t

#back for your puppet master
puppet cert --list

#check your name certificate and sign.
puppet cert --sign "yourhostnamehere"

#come back to your puppet agent and be happy :D
puppet agent -t

Error: Could not request certificate: The certificate retrieved from the master does not match the agent's private key.
To fix this, remove the certificate from both the master and the agent and then start a puppet run, which will automatically regenerate a certficate.
On the master:
  puppet cert clean "client"
On the agent:
  1a. On most platforms: find /var/lib/puppet/ssl -name client.pem -delete
  1b. On Windows: del "/var/lib/puppet/ssl/client.pem" /f
  2. puppet agent -t

#Error: Could not run: Could not create PID file: /var/run/puppet/master.pid
killall puppet
puppet master --verbose --no-daemonize

#puppet agent --test
Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not parse for environment production: Permission denied - /etc/puppet/manifests/site.pp on node client.cffex.com.cn
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run



  • Puppet安装配置小结

    前言 Puppet这个词实际上包括了两层含义:它既代表编写这种代码的语言,也代表对基础设施进行管理的平台。做运维总...

  • 【Puppet】安装配置Puppet

    一、参考链接 阿里巴巴开源镜像站-OPSX镜像站-阿里云开发者社区[https://developer.aliyu...

  • 20171204 Puppet(二)

    Puppet模块Puppet部署master/agent模式Puppet多环境配置Puppet kick机制 一、...

  • [Linux-Tool] puppet

    一、安装 下载 puppet 的 rpm 包 安装Masteryum install -y puppet-serv...

  • CentOS6.9安装Foreman1.10+Puppet

    CentOS6.9安装Foreman1.10+Puppet 安装puppet yum源: yum -y insta...

  • puppet master-agent 3.8安装

    一、背景拓扑图 二、配置puppet-master主机 1、编辑/etc/hosts/ 文件 因为puppet之间...

  • puppet入门

    1.puppet 是什么 puppet是一个开源的软件自动化配置和部署工具,很多大型IT公司均在使用puppet对...

  • puppet基本原理,并用puppet分段配置nginx反向代理

    一、puppet概念 1、puppet是一种Linux、Unix、windows平台的集中配置管理系统,使用自有的...

  • puppet

    Puppet理论定义: Puppet 是一个跨平台的集中化配置管理系统,它使用自有的描述语言,可管理配置文件、用户...

  • Puppet系列一 安装与基础配置

    Puppet 简介: Puppet是基于Ruby语言(早期的版本,4及之后的Server端采用Clojure语言)...


