小心 在master和agent上保證系統時間的準确是非常重要的。SSL連接配接依賴主機上的正确時間。如果時間不正确,連接配接可能會失敗,得到的錯誤資訊是證書不被信任。你應該使用諸如NTP(網絡時間協定)等服務來保證主機上的時間是準确的。
1、證書服務需要時間的一緻,不然會出現錯誤!
建立檔案/puppet/shij.sh 内容如下
#!/bin/bash
rdate -s rdate.darkorb.net
賦予rdate.sh可執行權限,并添加計劃任務crontab –e
* * * * * /root/shij.sh
注意:當提示rdate指令不存在請按下面操作,運作yum install rdate
2、修改主機名
vi /etc/sysconfig/network
HOSTNAME=ptmaster.idccenter.net
修改/etc/sysconfig/network,在裡面指定主機名稱HOSTNAME=
然後執行指令
hostname 主機名
這個時候可以登出一下系統,再重登入之後就行了
iptables -I INPUT 1 -p tcp -m state --state NEW --dport 8140 -j ACCEPT //puppetmaster服務端口
iptables-save > /etc/sysconfig/iptables
yum install ruby ruby-libs ruby-shadow -y
yum install puppet puppet-server facter -y
在/etc/puppet/puppet.conf添加主機名和子產品的路徑
vi /etc/puppet/puppet.conf
[main]
certname = ptmaster.idccenter.net
modulepath = /etc/puppet/modules/
vi /etc/puppet/fileserver.conf
[files]
path /vm/templates //存放下發檔案的路徑
allow * //設定可以通路的用戶端的位址、域名、*
建立puppetmaster資源配置檔案
vi /etc/puppet/manifests/site.pp
node default {
include vps
}
建立vps子產品
mkdir -p /etc/puppet/modules/vps/{files,manifests,templates}
vi /etc/puppet/modules/vps/manifests/init.pp
class vps {
include vps::centos
}
vi /etc/puppet/modules/vps/manifests/centos.pp
class vps::centos {
File {
owner => "root",
group => "root",
mode => 0644,
}
file { "/template/":
source => "puppet://${fileserver}/files/",
file { "/template/centos5.5":
source => "puppet://${fileserver}/files/centos5.5",
file { "/template/centos5.5/disk.img":
source => "puppet://${fileverver}/files/centos5.5/disk.img",
file { "/template/centos5.5/os.img":
source => "puppet://${fileverver}/files/centos5.5/os.img",
用戶端安裝
HOSTNAME=node.idccenter.net
3、在/etc/hosts添加伺服器的解析
101.226.179.232 ptmaster.idccenter.net ptmaster
yum install ruby ruby-libs ruby-shadow –y
yum install puppet facter -y
添加用戶端連接配接的伺服器位址和自動更新的資源的時間間隔
server=ptmaster.idccenter.net //預設puppet更新資源配置檔案的時候會連接配接puppet别名的伺服器 自動更新的時候需要制定伺服器的域名。如果不想添加此行配置,那就需要在/etc/hosts裡面添加一行别名配置,把伺服器的域名别名到puppet的名字,因為用戶端更新的時候預設是連接配接puppet的伺服器,是以在hosts裡面把伺服器别名到puppet也是可以的。
[agent]
runinterval=3600 //時間機關是秒
向ptmaster.idccenter.net伺服器申請證書,以便以後的更新資源配置。
[root@node ~]# puppet agent --server=ptmaster.idccenter.net --no-daemonize --verbose
warning: peer certificate won't be verified in this SSL session
info: Caching certificate for ca
info: Creating a new SSL certificate request for node.idccenter.net
info:CertificateRequestfingerprint(md5): DD:1C:AD:56:01:73:77:83:F3:9E:EE:A0:61:C5:4A:37
info: Caching certificate for node.idccenter.net
notice: Starting Puppet client version 2.6.17
info: Caching certificate_revocation_list for ca
info: Caching catalog for node.idccenter.net
info: Applying configuration version '1352262069'
info: Creating state file /var/lib/puppet/state/state.yaml
notice: Finished catalog run in 0.02 seconds
在服務端檢視申請證書的用戶端并發送連接配接證書
[root@ptmaster templates]# puppet cert --list
"node.idccenter.net" (DD:1C:AD:56:01:73:77:83:F3:9E:EE:A0:61:C5:4A:37)
[root@ptmaster templates]# puppet cert --sign node.idccenter.net
notice: Signed certificate request for node.idccenter.net
notice: Removing file Puppet::SSL::CertificateRequest node.idccenter.net at '/var/lib/puppet/ssl/ca/requests/node.idccenter.net.pem'
over
本文轉自 freeterman 51CTO部落格,原文連結:http://blog.51cto.com/myunix/1094771,如需轉載請自行聯系原作者