How to install and configure puppet

Time:2019-12-21

Puppet is a centralized configuration management system for Linux, UNIX and windows platforms. It uses its own puppet description language to manage configuration files, users, cron tasks, software packages, system services, etc. These system entities are called resources by puppet. The design goal of puppet is to simplify the management of these resources and properly handle the dependency between resources.
Puppet adopts the C / s star structure, all clients interact with one or several servers. Each client cycle (default half an hour) sends a request to the server to obtain its latest configuration information and ensure synchronization with the configuration information. Every puppet client connects to the server every half an hour (can be set), downloads the latest configuration file, and configures the client strictly according to the configuration file. After configuration, the puppet client can feed back a message to the server. If there is an error, it will also feed back a message to the server

Environmental description:

OS:CentOS 5.4 i386
puppetmaster 192.168.0.12 hostname: puppetmaster.info.com
client 192.168.0.64 hostname: client1.info.com

Schematic diagram:

1) The client collects the client information through the factor and sends it to the server
2) Connect to the server and request the catalog log
3) Request node information
4) Receive an instance of a node from the server
5) Compile code (including syntax check, etc.)
6) Query whether there are exported virtual resources
7) If yes, receive virtual resources from the database
8) Receive complete catalog log
9) Store catalog logs to database
10) Client receives complete catalog log

1、 Time synchronization and write crontab

15 1 * * * /usr/sbin/ntpdate pool.ntp.org; hwclock -w >/dev/null 2>&1

2、 Modify the hostname and write to the / etc / hosts file

Puppet requires that all machines have a complete domain name (FQDN). If no DNS server provides the domain name, you can set the host name on both machines
(note that it is recommended to set the host name before installing the puppet, because the host name will be written into the certificate when installing the puppet, which is required for communication between the client and the server.)

Copy code

The code is as follows:

192.168.0.12 puppetmaster.info.com
192.168.0.64 client1.info.com

3、 Install Ruby

Copy code

The code is as follows:

[[email protected] ~]# yum install ruby ruby-libs ruby-rdoc -y
[[email protected] ~]# ruby –version
ruby 1.8.5 (2006-08-25) [i386-linux]

I installed 1.8.5. Do not install 1.8.7 puppet, which is not supported yet. (I have not tried. If it is not supported, please pay attention here. )

4、 Install factor

You must install factor before installing puppet
Factor is a system inventory tool, which collects some main data, such as CPU, host IP, etc., and sends the collected values to the puppet server, which can generate different puppet configuration files for different node machines according to different conditions

Puppet resource download point http://downloads.puppetlabs.com/

Copy code

The code is as follows:

[[email protected] src]# wget http://downloads.puppetlabs.com/facter/facter-1.6.8.tar.gz
[[email protected] src]# tar xzvf facter-1.6.8.tar.gz
[[email protected] src]# cd facter-1.6.8
[[email protected] facter-1.6.8]# ruby install.rb
[[email protected] puppet-2.7.14]# ruby install.rb

5、 Install puppet

Copy code

The code is as follows:

[[email protected] src]# wget http://downloads.puppetlabs.com/puppet/puppet-2.7.14.tar.gz
[[email protected] src]# tar xzvf puppet-2.7.14.tar.gz
[[email protected] src]# cd puppet-2.7.14

6、 Copy profile

Copy code

The code is as follows:

[[email protected] puppet-2.7.14]# cp conf/redhat/fileserver.conf /etc/puppet/
[[email protected] puppet-2.7.14]# cp conf/redhat/puppet.conf /etc/puppet/
[[email protected] puppet-2.7.14]# cp conf/redhat/server.init /etc/init.d/puppetmaster

7、 Set the startup of the puppetmaster service

Copy code

The code is as follows:

[[email protected] puppet-2.7.14]# ls -l /etc/init.d/puppetmaster
-rwxr-xr-x 1 root root 3936 Sep 3 12:13 /etc/init.d/puppetmaster
[[email protected] puppet-2.7.14]#
[[email protected] puppet-2.7.14]# chkconfig –add puppetmaster
[[email protected] puppet-2.7.14]# chkconfig –level 35 puppetmaster on

8、 Create a puppet account

Copy code

The code is as follows:

[[email protected] puppet-2.7.14]# puppetmasterd –mkusers

1) Confirm whether to generate inventory folder

Copy code

The code is as follows:

[[email protected] puppet-2.7.14]# ls -l /etc/puppet/
total 16
-rw-r–r– 1 root root 2552 Sep 3 12:11 auth.conf
-rwxr-xr-x 1 root root 381 Sep 3 12:13 fileserver.conf
drwxr-xr-x 2 root root 4096 Sep 3 12:17 manifests
-rwxr-xr-x 1 root root 853 Sep 3 12:13 puppet.conf

2) Confirm that the system generates a puppet user

Copy code

The code is as follows:

[[email protected] puppet-2.7.14]# id puppet
uid=1002(puppet) gid=1002(puppet) groups=1002(puppet)</p>
<p>[[email protected] puppet]# cat /etc/passwd |grep puppet
puppet:x:1002:1002::/home/puppet:/bin/bash

3) Ensure that the directory / var / lib / puppet / RRD exists and the owner is puppet

Copy code

The code is as follows:

[[email protected] puppet]# ls -l /var/lib/puppet/
total 36
drwxr-x— 2 puppet puppet 4096 Sep 3 12:17 bucket
drwxr-xr-x 2 root root 4096 Sep 3 12:17 facts
drwxr-xr-x 2 root root 4096 Sep 3 12:17 lib
drwxr-x— 2 puppet puppet 4096 Sep 3 12:17 reports
drwxr-x— 2 puppet puppet 4096 Sep 3 12:17 rrd
drwxr-x— 2 puppet puppet 4096 Sep 3 12:17 server_data
drwxrwx–x 8 puppet root 4096 Sep 3 12:26 ssl
drwxr-xr-t 2 root root 4096 Sep 3 12:17 state
drwxr-x— 2 puppet puppet 4096 Sep 3 12:17 yaml

4) View port

Copy code

The code is as follows:

[[email protected] puppet]# netstat -Tanlp | grep 8140
tcp 0 0 0.0.0.0:8140 0.0.0.0:* LISTEN 4556/ruby

Client:

Install the factor. The puppet is the same as the puppetmaster. But the copied files are as follows

Copy code

The code is as follows:

[[email protected] puppet-2.7.14]# cp conf/redhat/client.init /etc/init.d/puppet
[[email protected] puppet-2.7.14]# chkconfig –level 35 puppet on

Copy code

The code is as follows:

[[email protected] puppet-2.7.14]# puppetd –mkusers
Could not prepare for execution: Got 1 failure(s) while initializing: change from absent to present failed: Could not create user puppet: Execution of ‘/usr/sbin/useradd -g puppet -M puppet’ returned 3: useradd: invalid numeric argument ‘puppet'</p>
<p>[[email protected] puppet-2.7.14]# groupadd puppet;useradd -g puppet -M puppet
[[email protected] puppet-2.7.14]# service puppet start
Starting puppet: [ OK ]

Test whether parsing and puppetmaster port are unblocked

Copy code

The code is as follows:

[[email protected] puppet-2.7.14]# telnet puppetmaster.info.com 8140
Trying 192.168.0.12…
Connected to puppetmaster.info.com (192.168.0.12).
Escape character is ‘^]’.</p>
<p>[[email protected] puppet-2.7.14]# puppetd –test –server puppetmaster.info.com
warning: peer certificate won’t be verified in this SSL session
info: Caching certificate for ca
warning: peer certificate won’t be verified in this SSL session
warning: peer certificate won’t be verified in this SSL session
info: Creating a new SSL certificate request for client1.info.com
info: Certificate Request fingerprint (md5): 07:C9:D4:43:3C:3E:D6:D1:0A:B1:8B:71:DB:6B:9D:FE
warning: peer certificate won’t be verified in this SSL session
warning: peer certificate won’t be verified in this SSL session
warning: peer certificate won’t be verified in this SSL session
Exiting; no certificate found and waitforcert is disabled
#The command puppetd — Test — server puppetmaster.info.com means that puppetd reads from puppetmaster.info.com

For the first connection, both parties will verify the SSL certificate. This is a new client, which has not yet been authenticated on the server side. Therefore, certificate authentication is required on the server side

The following approval certificate is operated on the server

View the current list of certificates to be approved

Copy code

The code is as follows:

[[email protected] ~]# puppetca -l
client1.info.com (07:C9:D4:43:3C:3E:D6:D1:0A:B1:8B:71:DB:6B:9D:FE)

Approve current certificate

Copy code

The code is as follows:

[[email protected] ~]# puppetca -s client1.info.com
notice: Signed certificate request for client1.info.com
notice: Removing file Puppet::SSL::CertificateRequest client1.info.com at ‘/var/lib/puppet/ssl/ca/requests/client1.info.com.pem’

Check the verification signature, pay attention to the preceding + sign, indicating that it has been signed

Copy code

The code is as follows:

[[email protected] ~]# puppetca -a –list
+ client1.info.com (03:BE:50:AE:72:1A:39:79:17:F4:E5:74:FD:CC:BC:8C)
+ puppetmaster.info.com (97:34:BF:26:A6:0E:E9:9C:DB:76:D3:53:D0:56:60:83) (alt names: DNS:puppet, DNS:puppet.info.com, DNS:puppetmaster.info.com)

If you want to approve all certificates

Copy code

The code is as follows:

puppetca -s -a
You can also add this line to puppet.conf on the puppetmaster side:
autosign = true
Automatic visa on the server

Go back to the client operation and retrieve the approved certificate from the server

Copy code

The code is as follows:

[[email protected] puppet-2.7.14]# puppetd –test –server puppetmaster.info.com
warning: peer certificate won’t be verified in this SSL session
info: Caching certificate for client1.info.com
info: Caching certificate_revocation_list for ca
info: Caching catalog for client1.info.com
info: Applying configuration version ‘1378188531

Verify that the certificate is correct

Copy code

The code is as follows:

Server:
[[email protected] ~]# md5sum /var/lib/puppet/ssl/ca/signed/client1.info.com.pem
27a295f39a6b4a6c7ceb74c9c3a5084c /var/lib/puppet/ssl/ca/signed/client1.info.com.pem</p>
[[email protected] puppet-2.7.14]# md5sum /etc/puppet/ssl/certs/client1.info.com.pem
27a295f39a6b4a6c7ceb74c9c3a5084c /etc/puppet/ssl/certs/client1.info.com.pem</p>
<p>
Unable to authenticate due to modification of the host name. You need to re apply for the certificate. The following two steps are as follows:
Server:
[[email protected] ~]# rm /var/lib/puppet/ssl/ca/signed/client1.info.com.pem -rf</p>
[[email protected] puppet-2.7.14]# rm /etc/puppet/ssl/certs/ -rf

functional testing

Server:
Build PP file test
The first code executed by puppet is in / etc / puppet / manifest / site.pp, so this file must exist, and other code should also be called through code

Copy code

The code is as follows:

[[email protected] ~]# vim /etc/puppet/manifests/site.pp
node default {
file {“/tmp/viong.txt”:
content=>”good,test pass!\nHello World!\n”;}
}

The above code performs an operation on the default connected puppet client, and generates a viong.txt file in the / tmp directory. The content of the file is good, test pass! Carriage return and line feed Hello world! Carriage return and line feed

To create a PP file for the first time, you need to restart the puppetmaster

Copy code

The code is as follows:

[[email protected] ~]# service puppetmaster restart
Stopping puppetmaster: [ OK ]
Starting puppetmaster: [ OK ]

Client:

Copy code

The code is as follows:

[[email protected] puppet-2.7.14]# puppetd –test –server puppetmaster.info.com
info: Caching catalog for client1.info.com
info: Applying configuration version ‘1378190404’
notice: /Stage[main]//Node[default]/File[/tmp/viong.txt]/ensure: defined content as ‘{md5}4750aa5be82dae5db286a5859700dd51’
notice: Finished catalog run in 0.03 seconds

If you make a mistake
[[email protected] puppet-2.7.14]# puppetd –test –server puppetmaster.info.com
err: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not parse for environment production: Syntax error at end of file; expected ‘}’ at /etc/puppet/manifests/site.pp:4 on node client1.info.com
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run

Maybe there is a problem with the writing format of / etc / puppet / manifest / site.pp.

View on client:

Copy code

The code is as follows:

[[email protected] puppet-2.7.14]# ls -l /tmp/viong.txt
-rw-r–r– 1 root root 29 Sep 3 14:50 /tmp/viong.txt
[[email protected] puppet-2.7.14]# cat /tmp/viong.txt
good,test pass!
Hello World!