CentOS6.5+puppet3.7.3 安装、配置及测试
OS:CentOS-6.5-x86_64
Puppet 3.7.3
Puppet master: master.fisteam2.com
Puppet clients:node1-5.fisteam2.com
Puppet 要求所有機器有完整的域名(FQDN),如果沒有 DNS 服務(wù)器提供域名的話,可以在兩臺機器上設(shè)置主機名(注意要先設(shè)置主機名再安裝 Puppet,因為安裝 Puppet 時會把主機名寫入證書,客戶端和服務(wù)端通信需要這個證書),因為我配置了DNS,所以就不用改hosts了,如果沒有就需要改hosts文件指定。
1.關(guān)閉selinux,iptables,并設(shè)置ntp?? ?
采用CentOS-6.5-x86_64.iso進行minimal最小化安裝
關(guān)閉selinux
[root@master?~]#?cat?/etc/selinux/config?#?This?file?controls?the?state?of?SELinux?on?the?system.?#?SELINUX=?can?take?one?of?these?three?values:?#?enforcing?-?SELinux?security?policy?is?enforced.?#?permissive?-?SELinux?prints?warnings?instead?of?enforcing.?#?disabled?-?No?SELinux?policy?is?loaded.?SELINUX=enforcing?#?SELINUXTYPE=?can?take?one?of?these?two?values:?#?targeted?-?Targeted?processes?are?protected,?#?mls?-?Multi?Level?Security?protection.?SELINUXTYPE=targeted?[root@master?~]#?sed?-i?'/SELINUX/?s/enforcing/disabled/g'?/etc/selinux/config?[root@master?~]#?cat?/etc/selinux/config?#?This?file?controls?the?state?of?SELinux?on?the?system.?#?SELINUX=?can?take?one?of?these?three?values:?#?enforcing?-?SELinux?security?policy?is?enforced.?#?permissive?-?SELinux?prints?warnings?instead?of?enforcing.?#?disabled?-?No?SELinux?policy?is?loaded.?SELINUX=disabled?#?SELINUXTYPE=?can?take?one?of?these?two?values:?#?targeted?-?Targeted?processes?are?protected,?#?mls?-?Multi?Level?Security?protection.?SELINUXTYPE=targeted?[root@master?~]#?setenforce?0停止iptables
[root@node1?~]#?chkconfig?--list?|grep?tables?ip6tables?0:off?1:off?2:on?3:on?4:on?5:on?6:off?iptables?0:off?1:off?2:on?3:on?4:on?5:on?6:off?[root@node1?~]#?chkconfig?ip6tables?off?[root@node1?~]#?chkconfig?iptables?off?[root@node1?~]#?service?ip6tables?stop?ip6tables:?Setting?chains?to?policy?ACCEPT:?filter?[?OK?]?ip6tables:?Flushing?firewall?rules:?[?OK?]?ip6tables:?Unloading?modules:?[?OK?]?[root@node1?~]#?service?iptables?stop?iptables:?Setting?chains?to?policy?ACCEPT:?filter?[?OK?]?iptables:?Flushing?firewall?rules:?[?OK?]?iptables:?Unloading?modules:?[?OK?]?[root@node1?~]#設(shè)置ntp
[root@master?~]#?ntpdate?pool.ntp.org[root@master?~]#?chkconfig?--list|grep?ntp?ntpd?0:off?1:off?2:off?3:off?4:off?5:off?6:off?ntpdate?0:off?1:off?2:off?3:off?4:off?5:off?6:off?[root@master?~]#?chkconfig?ntpd?on?[root@master?~]#?service?ntpd?start?Starting?ntpd:?[?OK?]?[root@master?~]#2.安裝puppet服務(wù)??
puppet不在CentOS的基本源中,需要加入 PuppetLabs 提供的官方源:
在 master上安裝和啟用 puppet 服務(wù):
[root@master?~]#?yum?install?puppet-server?[root@master?~]#?chkconfig?--list?|grep?puppet?puppet?0:off?1:off?2:off?3:off?4:off?5:off?6:off?puppetmaster?0:off?1:off?2:off?3:off?4:off?5:off?6:off?[root@master?~]#?chkconfig?puppet?on?[root@master?~]#?service?puppetmaster?start?Starting?puppetmaster:?[?OK?]?[root@master?~]#在clients上安裝puppet客戶端
3.配置puppet
對于puppet 客戶端,修改/etc/puppet/puppet.conf,指定master服務(wù)器
[main]#?The?Puppet?log?directory.#?The?default?value?is?'$vardir/log'.logdir?=?/var/log/puppet#?Where?Puppet?PID?files?are?kept.#?The?default?value?is?'$vardir/run'.rundir?=?/var/run/puppet#?Where?SSL?certificates?are?kept.#?The?default?value?is?'$confdir/ssl'.ssldir?=?$vardir/ssl[agent]#?The?file?in?which?puppetd?stores?a?list?of?the?classes#?associated?with?the?retrieved?configuratiion.?Can?be?loaded?in#?the?separate?``puppet``?executable?using?the?``--loadclasses``#?option.#?The?default?value?is?'$confdir/classes.txt'.classfile?=?$vardir/classes.txt#?Where?puppetd?caches?the?local?configuration.?An#?extension?indicating?the?cache?format?is?added?automatically.#?The?default?value?is?'$confdir/localconfig'.localconfig?=?$vardir/localconfigserver?=?master.fisteam2.com并重啟puppet服務(wù)
[root@node1?~]#?service?puppet?restart?Stopping?puppet?agent:?[?OK?]?Starting?puppet?agent:?[?OK?]?[root@node1?~]#4.Client申請證書??
服務(wù)端自動簽發(fā)證書設(shè)置 ?
設(shè)置master自動簽發(fā)所有的證書,我們只需要在/etc/puppet 目錄下創(chuàng)建 autosign.conf 文件。(不需要修改 /etc/puppet/puppet.conf文件,因為我默認(rèn)的autosign.conf 文件的位置沒有修改)
這樣就會對所有來自fisteam2.com的機器的請求,都自動簽名。 ?
client需要向服務(wù)器端發(fā)出請求, 讓服務(wù)器對客戶端進行管理. 這其實是一個證書簽發(fā)的過程. 第一次運行puppet 客戶端的時候會生成一個 SSL 證書并指定發(fā)給 Puppet 服務(wù)端, 服務(wù)器端如果同意管理客戶端,就會對這個證書進行簽發(fā),可以用這個命令來簽發(fā)證書,由于我們已經(jīng)在客戶端設(shè)置了server地址,因此不需要跟服務(wù)端地址
為了詳細(xì)了解注冊的過程和日后排錯,可以增加參數(shù),因為配置文件里 ?
–no-daemonize 前臺輸出日志 ?
–verbose 輸入更加詳細(xì)的日志 ?
–debug 更加詳細(xì)的日志,排錯的時候使用 ?
–test 表示測試,就帶一個–test參數(shù)就可以
就可以申請證書了,由于我配置的自動簽發(fā)證書,所以直接就簽發(fā)了,在服務(wù)端執(zhí)行
[root@master?~]#?puppet?cert?list?--all就可以看到所有客戶端已經(jīng)都已簽發(fā)證書,前面帶”+”號的就是簽發(fā)成功的,如果沒有簽名的,可以用
[root@master?~]#?puppet?cert?--sign?node1.localdomain即可看到證書已經(jīng)簽發(fā) ?
5.在服務(wù)端安裝puppet的dashboard??
安裝mysql
優(yōu)化mysql設(shè)置
編輯 /etc/my.cnf, 在[mysqld]字段,增加最后一行
[root@master?~]#?vim?/etc/my.cnf啟動Mysql服務(wù)
[root@master?~]#?service?mysqld?start[root@master?~]#?chkconfig?mysqld?on?[root@master?~]#?chkconfig?--list?|grep?mysqld?mysqld?0:off?1:off?2:on?3:on?4:on?5:on?6:off?
設(shè)置mysql密碼,我這里使用是密碼是123456
[root@master?~]#?mysqladmin?-u?root?password?'123456'創(chuàng)建一個dashboard數(shù)據(jù)庫
[root@master?~]#?mysql?-uroot?-p123456?<<EOF >?CREATE?DATABASE?dashboard?CHARACTER?SET?utf8; >?CREATE?USER?'dashboard'@'localhost'?IDENTIFIED?BY?'123456'; >?GRANT?ALL?PRIVILEGES?ON?dashboard.*?TO?'dashboard'@'localhost'; >?FLUSH?PRIVILEGES; >?EOF[root@master?~]#Passenger+Apache+Dashboard
這是讓Apache支持ruby,由于Passenger不在centos官方源里,因此要添加epel的源
[root@master?~]#?wget?http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm?[root@master?~]#?rpm?-ivh?epel-release-6-8.noarch.rpm?[root@master?~]#?yum?install?mod_passenger?puppet-dashboard配置Dashboard
[root@master?~]#?vim?/usr/share/puppet-dashboard/config/database.yml修改時區(qū)
[root@master?~]#?vim?/usr/share/puppet-dashboard/config/environment.rb初始化數(shù)據(jù)庫
[root@master?~]#?cd?/usr/share/puppet-dashboard/ [root@master?puppet-dashboard]#?rake?RAILS_ENV=production?db:migrate?
配置Apache ?
我們需要整合Passenger和apache
啟動服務(wù)
[root@master?~]#?service?httpd?startStarting?httpd:?httpd:?Could?not?reliably?determine?the?server's?fully?qualified?domain?name,?using?master.fisteam2.com?for?ServerName[?OK?][root@master?~]#?chkconfig?httpd?on[root@master?~]#?chkconfig?--list?|?grep?httpdhttpd?0:off?1:off?2:on?3:on?4:on?5:on?6:off配置puppet ?
讓Dashboard使用Reports,現(xiàn)在默認(rèn)agent是已經(jīng)啟用Report的功能,所以你就不需要設(shè)置agent,你只需要設(shè)置Server端就可以
重啟puppetmaster 服務(wù)
[root@master?~]#?service?puppetmaster?restart這時候就可以直接用 http://ip 訪問puppet Dashboard
導(dǎo)入報告
[root@master?puppet-dashboard]#?cd?/usr/share/puppet-dashboard/ [root@master?puppet-dashboard]#?rake?RAILS_ENV=production?reports:import這時候你訪問Dashboard,可以看到導(dǎo)入的任務(wù).
4. 執(zhí)行導(dǎo)入的reports
[root@master?puppet-dashboard]#?cd?/usr/share/puppet-dashboard/ [root@master?puppet-dashboard]#?rake?jobs:work?RAILS_ENV="production"?
一個Master,五個node測試效果
文件同步測試
Puppet master:
[root@master?~]#?vim?/etc/puppet/fileserver.conf[fisteam2filesync]path?/etc/puppetallow?*在下面加一個配置域,名字叫做fisteam2filesync,路徑是/etc/puppet
[root@master?~]#?vim?/etc/puppet/manifests/site.ppnode?default?{ file?{ "/tmp/fisteam2_puppet_testfile.txt":content=>"good,test?pass!\nfisteam2_puppet_testing\n";} }?
上面的代碼對默認(rèn)連入的puppet客戶端執(zhí)行一個操作,在/tmp目錄生成一個fisteam2_puppet_testfile.txt文件,內(nèi)容是good,test pass! 回車換行fisteam2_puppet_testing回車換行. ?
初次創(chuàng)建pp文件,需要重啟puppetmaster
NODE1~5測試
node1:
node2:
node3:
node4:
node5:
地址下載:http://down.51cto.com/data/1968796
===================================================END====================================
總結(jié)
以上是生活随笔為你收集整理的CentOS6.5+puppet3.7.3 安装、配置及测试的全部內(nèi)容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: Spring官网改版后下载方式
- 下一篇: Ubuntu下apt-get命令详解