Sharing

2013年7月24日 星期三

Puppet Server & Client Installation


先安裝 puppetlab repository

$ wget http://apt.puppetlabs.com/puppetlabs-release-precise.deb
$ sudo dpkg -i puppetlabs-release-precise.deb
$ sudo apt-get update

Puppet Master


安裝 package
$ sudo apt-get install puppetmaster

設定檔 /etc/puppet/puppet.conf
如果 server 的 hostname 不是 puppet 要記得多加 certname, 設定成和 hostname 相同
[main]
logdir=/var/log/puppet
vardir=/var/lib/puppet
ssldir=/var/lib/puppet/ssl
rundir=/var/run/puppet
factpath=$vardir/lib/facter
templatedir=$confdir/templates

[master]
# These are needed when the puppetmaster is run by passenger
# and can safely be removed if webrick is used.
ssl_client_header = SSL_CLIENT_S_DN
ssl_client_verify_header = SSL_CLIENT_VERIFY

certname=controller0

重啟 puppet
$ service puppetmaster restart

Puppet Client


安裝 package
$ sudo apt-get install puppet

設定檔 /etc/puppet/puppet.conf 基本上不需要改, 但要在 /etc/hosts 內新增 puppet
192.168.100.1   puppet    # your puppet server ip

重啟 puppet
$ service puppetmaster restart


Sign the certificate


接下來要讓 Server & Client 連結起來, 按照文件, 理論上 client 應該會主動發出認証 certificate
你列出所有的 certificate 應該會看到剛剛那台 client, 但前面沒有 + 號

controller0:~$ puppet cert list
  "dev-client1.client.tw.trendnet.org" (SHA256) 05:41:E3:29:FD:5E:88:77:9E:52:08:CC:45:29:B2:BC:D0:94:CE:98:F6:14:96:F3:1F:B2:92:9F:3D:61:DF:8A
  "controller0.client.tw.trendnet.org" (SHA256) 0B:B5:09:BF:C6:7C:42:D5:5C:61:8C:F0:FC:F9:23:2C:77:37:35:CB:74:CE:50:96:23:C0:6F:9F:31:B2:03:75

如果沒有看到 client, 可以在 client 下這個指令, 就應該會看到了

$  puppet agent -t
Info: Creating a new SSL certificate request for dev-client1.client.tw.trendnet.org
Info: Certificate Request fingerprint (SHA256): 05:41:E3:29:FD:5E:88:77:9E:52:08:CC:45:29:B2:BC:D0:94:CE:98:F6:14:96:F3:1F:B2:92:9F:3D:61:DF:8A

再來在 Server 把看到需要認証的 certificate 過一過

controller0:~$ puppet cert sign controller0.client.tw.trendnet.org
Notice: Signed certificate request for controller0.client.tw.trendnet.org
Notice: Removing file Puppet::SSL::CertificateRequest controller0.client.tw.trendnet.org at '/var/lib/puppet/ssl/ca/requests/controller0.client.tw.trendnet.org.pem'
controller0:~$ puppet cert sign dev-client1.client.tw.trendnet.org
Notice: Signed certificate request for dev-client1.client.tw.trendnet.org
Notice: Removing file Puppet::SSL::CertificateRequest dev-client1.client.tw.trendnet.org at '/var/lib/puppet/ssl/ca/requests/dev-client1.client.tw.trendnet.org.pem'


再看一下 certificate list, 前面都有加號囉!
root@controller0:~# puppet cert list --all
+ "controller0.client.tw.trendnet.org" (SHA256) F4:43:1D:7B:DD:63:BD:86:94:E1:61:32:66:2F:CE:B8:02:EF:AE:65:C6:52:84:B3:F6:5A:30:79:17:99:78:90
+ "dev-client1.client.tw.trendnet.org" (SHA256) F0:40:8F:95:32:26:7F:0A:F8:83:CA:49:C3:52:54:EE:46:08:A2:5E:7C:5B:9E:66:F9:6A:05:C0:F8:0B:B9:04

測試一下
$ puppet agent -t
Info: Caching certificate for controller0.client.tw.trendnet.org
Info: Retrieving plugin
Info: Caching catalog for controller0.client.tw.trendnet.org
Info: Applying configuration version '1374649756'
Notice: /Stage[main]/Hosts/File[/tmp/hosts]/ensure: defined content as '{md5}c6c50c6c77f3b358f3cfb122f537a94b'
Info: Creating state file /var/lib/puppet/state/state.yaml
Notice: Finished catalog run in 0.11 seconds

如果不小心把環境搞亂了, certificate 也爛掉了, 可以參考 trouble shooting 那篇, 還滿有用的


Reference:
http://docs.puppetlabs.com/guides/installation.html#debian-and-ubuntu
http://shapeshed.com/connecting-clients-to-a-puppet-master/
http://finninday.net/wiki/index.php/Zero_to_puppet_in_one_day

troubleshooting:
http://bitcube.co.uk/content/puppet-errors-explained

沒有留言: