签署Puppet代理证书
返回到服务器节点,查看服务器上的所有可用证书。
sudo /opt/puppetlabs/bin/puppetserver ca list --all
运行以下命令以签署列出的所有证书。
sudo /opt/puppetlabs/bin/puppetserver ca sign --all
返回Puppet客户端节点,执行下面的命令,测试客户端和服务器节点之间的通信。
sudo /opt/puppetlabs/bin/puppet agent --test
Puppet是一种开源、跨平台的企业自动化工具,它允许IT管理员自动化基础架构和复杂的工作流
安装Puppet代理
切换到客户端节点并在节点上安装Puppet客户端版本。
Puppet代理通过加密的隧道(HTTPS)和主服务器进行通信。
使用以下命令下载并安装Puppet客户端存储库:
cd /tmp/ wget https://apt.puppetlabs.com/puppet7-release-focal.deb sudo apt install ./puppet7-release-focal.deb
安装Puppet代理。
sudo apt update sudo apt install puppet-agent
在客户端上,打开Puppet配置文件。
sudo nano /etc/puppetlabs/puppet/puppet.conf
添加Puppet主服务器。
确保这些主机名在客户端上的/etc/hosts文件中定义。
# This file can be used to override the default puppet settings. # See the following links for more details on what settings are available: # - https://puppet.com/docs/puppet/latest/config_important_settings.html # - https://puppet.com/docs/puppet/latest/config_about_settings.html # - https://puppet.com/docs/puppet/latest/config_file_main.html # - https://puppet.com/docs/puppet/latest/configuration.html [main] certname = puppetclient server = puppetmaster
安装后,下面的命令可用于停止,启动和启用Puppet代理服务。
sudo systemctl stop puppet sudo systemctl start puppet sudo systemctl enable puppet
查看Puppet Agent的状态
sudo systemctl status puppet
输出示例:
● puppet.service - Puppet agent
Loaded: loaded (/lib/systemd/system/puppet.service; enabled; vendor preset>
Active: active (running) since Mon 2021-04-12 08:41:39 CDT; 1min 22s ago
Main PID: 2562 (puppet)
Tasks: 1 (limit: 4648)
Memory: 78.2M
CGroup: /system.slice/puppet.service
└─2562 /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/>
Apr 12 08:41:39 Ubuntu2010 systemd[1]: Started Puppet agent.
准备Ubuntu.
对于本教程,我们将使用Ubuntu作为Puppet master或者Puppet服务器。
打开Ubuntu主机文件。
sudo nano /etc/hosts
然后在文件中添加Puppet Server和客户端IP。
对于本教程,我们的Puppet服务器的 IP为192.168.1.1,而Puppet客户端IP是192.168.1.2.
192.168.1.1 puppetmaster puppet 192.168.1.2 puppetclient
保存文件并退出。
添加Puppet存储库
添加Puppet 7版本存储库。
cd /tmp wget https://apt.puppetlabs.com/puppet7-release-focal.deb
安装存储库。
sudo apt install ./puppet7-release-focal.deb
安装Puppet服务器
安装Puppet 服务器。
sudo apt update sudo apt install puppetserver
安装后,下面的命令可用于停止,启动和启用服务。
sudo systemctl stop puppetserver sudo systemctl start puppetserver sudo systemctl enable puppetserver
要验证Puppet 是否已安装并查看状态:
sudo systemctl status puppetserver
输出示例
● puppetserver.service - puppetserver Service
Loaded: loaded (/lib/systemd/system/puppetserver.service; enabled; vendor >
Active: active (running) since Sun 2021-04-11 20:03:05 CDT; 21s ago
Main PID: 5746 (java)
Tasks: 44 (limit: 4915)
Memory: 980.8M
CGroup: /system.slice/puppetserver.service
└─5746 /usr/bin/java -Xms2g -Xmx2g -Djruby.logger.class=com.puppet>
Apr 11 20:02:19 ubuntu2004 systemd[1]: Starting puppetserver Service.
Apr 11 20:03:05 ubuntu2004 systemd[1]: Started puppetserver Service.
如果Ubuntu启用了防火墙,确保允许此端口通过防火墙。
sudo ufw allow 8140/tcp
日期:2020-07-07 20:57:26 来源:oir作者:oir