先安裝 puppetlab repository
$ wget http://apt.puppetlabs.com/puppetlabs-release-precise.deb $ sudo dpkg -i puppetlabs-release-precise.deb $ sudo apt-get update
Puppet Master
安裝 package
$ sudo apt-get install puppetmaster
設定檔 /etc/puppet/puppet.conf
如果 server 的 hostname 不是 puppet 要記得多加 certname, 設定成和 hostname 相同
[main] logdir=/var/log/puppet vardir=/var/lib/puppet ssldir=/var/lib/puppet/ssl rundir=/var/run/puppet factpath=$vardir/lib/facter templatedir=$confdir/templates [master] # These are needed when the puppetmaster is run by passenger # and can safely be removed if webrick is used. ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY certname=controller0
重啟 puppet
$ service puppetmaster restart
Puppet Client
安裝 package
$ sudo apt-get install puppet
設定檔 /etc/puppet/puppet.conf 基本上不需要改, 但要在 /etc/hosts 內新增 puppet
192.168.100.1 puppet # your puppet server ip
重啟 puppet
$ service puppetmaster restart
Sign the certificate
接下來要讓 Server & Client 連結起來, 按照文件, 理論上 client 應該會主動發出認証 certificate
你列出所有的 certificate 應該會看到剛剛那台 client, 但前面沒有 + 號
controller0:~$ puppet cert list "dev-client1.client.tw.trendnet.org" (SHA256) 05:41:E3:29:FD:5E:88:77:9E:52:08:CC:45:29:B2:BC:D0:94:CE:98:F6:14:96:F3:1F:B2:92:9F:3D:61:DF:8A "controller0.client.tw.trendnet.org" (SHA256) 0B:B5:09:BF:C6:7C:42:D5:5C:61:8C:F0:FC:F9:23:2C:77:37:35:CB:74:CE:50:96:23:C0:6F:9F:31:B2:03:75
如果沒有看到 client, 可以在 client 下這個指令, 就應該會看到了
$ puppet agent -t Info: Creating a new SSL certificate request for dev-client1.client.tw.trendnet.org Info: Certificate Request fingerprint (SHA256): 05:41:E3:29:FD:5E:88:77:9E:52:08:CC:45:29:B2:BC:D0:94:CE:98:F6:14:96:F3:1F:B2:92:9F:3D:61:DF:8A
再來在 Server 把看到需要認証的 certificate 過一過
controller0:~$ puppet cert sign controller0.client.tw.trendnet.org Notice: Signed certificate request for controller0.client.tw.trendnet.org Notice: Removing file Puppet::SSL::CertificateRequest controller0.client.tw.trendnet.org at '/var/lib/puppet/ssl/ca/requests/controller0.client.tw.trendnet.org.pem' controller0:~$ puppet cert sign dev-client1.client.tw.trendnet.org Notice: Signed certificate request for dev-client1.client.tw.trendnet.org Notice: Removing file Puppet::SSL::CertificateRequest dev-client1.client.tw.trendnet.org at '/var/lib/puppet/ssl/ca/requests/dev-client1.client.tw.trendnet.org.pem'
再看一下 certificate list, 前面都有加號囉!
root@controller0:~# puppet cert list --all + "controller0.client.tw.trendnet.org" (SHA256) F4:43:1D:7B:DD:63:BD:86:94:E1:61:32:66:2F:CE:B8:02:EF:AE:65:C6:52:84:B3:F6:5A:30:79:17:99:78:90 + "dev-client1.client.tw.trendnet.org" (SHA256) F0:40:8F:95:32:26:7F:0A:F8:83:CA:49:C3:52:54:EE:46:08:A2:5E:7C:5B:9E:66:F9:6A:05:C0:F8:0B:B9:04
測試一下
$ puppet agent -t Info: Caching certificate for controller0.client.tw.trendnet.org Info: Retrieving plugin Info: Caching catalog for controller0.client.tw.trendnet.org Info: Applying configuration version '1374649756' Notice: /Stage[main]/Hosts/File[/tmp/hosts]/ensure: defined content as '{md5}c6c50c6c77f3b358f3cfb122f537a94b' Info: Creating state file /var/lib/puppet/state/state.yaml Notice: Finished catalog run in 0.11 seconds
如果不小心把環境搞亂了, certificate 也爛掉了, 可以參考 trouble shooting 那篇, 還滿有用的
Reference:
http://docs.puppetlabs.com/guides/installation.html#debian-and-ubuntu
http://finninday.net/wiki/index.php/Zero_to_puppet_in_one_day
troubleshooting:
http://bitcube.co.uk/content/puppet-errors-explained
沒有留言:
張貼留言