当前位置: 澳门新濠3559 > 服务器运维 > 正文

Epel是企业版Linux附加软件包(Extra,下面让我们一

时间:2019-11-08 03:17来源:服务器运维
配置管理工具Puppet入门介绍:1 :安装与设定,配置管理puppet Puppet是配置管理工具的一种,这篇文章主要介绍一下Puppet的安装与设定。 Puppet学习之puppet的安装和配置 一、Puppet概念 Lin

配置管理工具Puppet入门介绍:1 :安装与设定,配置管理puppet

Puppet是配置管理工具的一种,这篇文章主要介绍一下Puppet的安装与设定。

Puppet学习之puppet的安装和配置

一、Puppet概念

Linux下安装Puppet

一、准备环境
1、设置主机名和hosts文件
Master
澳门新濠3559 1
Agent
澳门新濠3559 2
2、启动节点ntpd服务
3、制作本地yum仓库 

见这个链接

4、搭建FTP服务器,提供自定义yum仓库访问接口

[[email protected] ~]# cat /etc/vsftpd/vsftpd.conf
listen=YES
anonymous_enable=YES
local_enable=YES
write_enable=YES
local_umask=022
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
dirmessage_enable=YES
xferlog_enable=YES
xferlog_file=/etc/vsftpd/vsftpd.log
xferlog_std_format=YES
ftpd_banner=Welcome to Ftp(installed by DQ)
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES

5、将生成好的yum源copy到FTP共享目录中

[root@master ~]# cp -arv /home/puppet /var/ftp/pub/

6、agent上配置远程yum仓库

[[email protected] ~]# cat /etc/yum.repos.d/puppet.repo 
[CentOS-puppet]
name=puppetlabs epel gems for centos
baseurl=ftp://master.puppet.com/pub/puppet/
enabled=1
gpgcheck=0
priority=1 

测试puppet yum是否可用
澳门新濠3559 3

  • 说明puppet安装依赖ruby-shadow和ruby-augeas,ruby相关的软件包通过EPEL源获取,但是需要设置Master和Agent上EPEL源的优先级比自行制作的puppet低,否则puppet会获取EPEL中高版本安装
  • 可参照步骤3,制作本地yum仓库中的设置,这里不再赘述

二、Master端yum安装配置puppet
1、安装Puppet-server、puppet和facter

[root@master ~]# yum install puppet puppet-server facter -y

澳门新濠3559 4
2、配置puppet.conf 注意:配置文件中有两个certname,[master]中配置的certname是为所有节点认证用的master名称,[agent]中配置的certname是其本身agent的名称,当然不配置默认是和master的名称是一样的。

[[email protected] ~]# cp /etc/puppet/puppet.conf{,.bak}
[[email protected] ~]# cat /etc/puppet/puppet.conf |grep "^s*[^# t].*$"
[main]
    logdir = /var/log/puppet
    rundir = /var/run/puppet
    ssldir = $vardir/ssl #证书存放目录,默认$vardir为/var/lib/puppet
[agent]
    classfile = $vardir/classes.txt
    server = master.puppet.com #设置agent认证连接master端的服务器名称,注意这个名字必须能够被节点解析
    certname = agent.puppet.com #设置agent端certname名称
    localconfig = $vardir/localconfig
[master]
    certname = master.puppet.com #设置puppetmaster认证服务器名

3、创建site.pp文件 site.pp文件是puppet读取所有模块pp文件的开始,在3.0版本以前必须设置,否则服务无法启动。

[root@master ~]# touch /etc/puppet/manifests/site.pp

4、启动puppetmaster服务

[root@master ~]# /etc/init.d/puppetmaster start
Starting puppetmaster:                                     [  OK  ]

5、查看本地证书情况 puppetmaster第一次启动会自动生成证书自动注册自己

[[email protected] ~]#  tree /var/lib/puppet/ssl/
/var/lib/puppet/ssl/
├── ca
│   ├── ca_crl.pem
│   ├── ca_crt.pem
│   ├── ca_key.pem
│   ├── ca_pub.pem
│   ├── inventory.txt
│   ├── private
│   │   └── ca.pass
│   ├── requests
│   ├── serial
│   └── signed
│       └── master.puppet.com.pem  #已注册
├── certificate_requests
├── certs
│   ├── ca.pem
│   └── master.puppet.com.pem
├── crl.pem
├── private
├── private_keys
│   └── master.puppet.com.pem
└── public_keys
    └── master.puppet.com.pem

9 directories, 13 files
[[email protected] ~]# puppet cert --list --all
+ "master.puppet.com" #带+标示已经注册成功(CF:74:C7:C7:91:DB:F5:82:3A:5E:01:93:E8:23:64:C4) 
+ (alt names: "DNS:master.puppet.com", "DNS:puppet", "DNS:puppet.puppet.com")

6、查看监听状态 puppetmaster服务开启后,默认监听TCP 8140端口
澳门新濠3559 5
二、Agent端yum安装配置puppet
1、安装puppet和facter

[root@agent ~]# yum install puppet facter -y

澳门新濠3559 6
2、配置puppet.conf
澳门新濠3559 7
3、agent通过调试模式启动节点向master端发起认证
澳门新濠3559 8
4、master端确定认证

[root@master ~]# puppet cert --list --all
[root@master ~]# puppet cert --sign agent.puppet.com
[root@master ~]# tree /var/lib/puppet/ssl/ 

查看认证情况,agent未认证
澳门新濠3559 9
注册agent
澳门新濠3559 10
再次查看认证情况,agent已认证
澳门新濠3559 11
澳门新濠3559 12 

Puppet 学习系列:

Puppet 学习一:安装及简单实例应用

Puppet学习二:简单模块配置和应用

有关Puppet agent端三种备份恢复方案探讨研究
选择更安全的方式注册你的Puppet节点
通过配置SSH深刻理解Puppet的语法及工作机制
Puppet利用Nginx多端口实现负载均衡
CentOS(5和6)下Puppet的C/S模式实例

Puppet 的详细介绍:请点这里
Puppet 的下载地址:请点这里

本文永久更新链接地址:

一、准备环境 1、设置主机名和hosts文件 Master Agent 2、启动节点ntpd服务 3、制作本地yum仓库 见这个链接 4、搭建FTP服务器,提...

什么是Puppet

Puppet是puppetlabs出品的配置管理工具,每年的DORA的DevOps报告就是有puppetlabs牵头做的,puppet作为出色的管理工具,也是可圈可点。通过可读性很好的设定描述信息,可以完成很多复杂的功能,比如如下确保软件wget被安装,用户admin被创建,而不用关系太多具体细节,剩余的交给Agent/Master构成的Puppet来做。

package { 'wget':
  ensure => installed,
}

user { 'admin':
ensure => present,
}

一、Puppet简介

简介

Agent/Master VS Stand-alone

Puppet可以作为Agent/Master的模式也可以用于Stand-alone的模式,后者则仅仅作为单机版本工具的使用,可根据情况进行选择。

Puppet基于ruby语言开发的自动化系统配置工具,可以C/S模式或独立运行,支持对所有UNIX及类UNIX系统的配置管理,最新版本也开始支持对Windows操作系统有限的一些管理。Puppet适用于服务器管的整个过程 ,比如初始安装、配置更新以及系统下线。

当服务器数量达到一定的规模时,仅依靠人为完成批量部署服务器个资源的配置,运维工作将变得繁琐且容易出错,为了解决这一问题,我们应该怎么办呢?我们可以引入一批工具,这批工具可编写相应的manifests代码,运行它便可以自动完成所有的工作,目前比较流行的运维工具主要有:puppet,ansible, slackstack等,在这我们主要以puppet来展开话题。在一些大型互联网企业中,运维自动化管理着几百甚至上千台服务器,它可以针对多台服务器进行统一操作,例如部署统一软件、进行统一上线维护等,而且能够快速完成上线部署,减少人力及人力误操作风险。

安装准备

本文的安装与设定信息如下

IP Hostname OS Puppet软件
192.169.31.131 host131 CentOS7.4 Puppet-server 5.4
192.169.31.133 host133 CentOS7.4 Puppet-agent 5.4

二、Puppet的安装

   

安装Master

安装Puppet Master需要如下步骤:

  • Step 1: rpm -Uvh
  • Step 2: yum install puppetserver

版本确认

[root@host131 ~]# puppet --version
5.4.0
[root@host131 ~]#

Puppet的安装方式支持源码安装、yum安装以及ruby的gem安装。官网推荐使用yum来安装puppet,方面以后的升级、管理、维护。Centos可以采用yum来安装,但是Centos的默认源中没有puppet包,因此需要先安装epel包。Epel是企业版Linux附加软件包(Extra Packages for Enterprise Linux)的缩写,是一个由特别兴趣小组创建、维护并管理的,针对红帽企业版Linux(RHEL)及其衍生发行版(比如CentOS、Scientific Linux)的一个高质量附加软件包项目。

工作原理   

安装Agent

安装Puppet Agent需要如下步骤:

  • Step 1:rpm -Uvh
  • Step 2:yum install puppet-agent

版本确认

[root@host133 ~]# puppet --version
5.4.0
[root@host133 ~]#
  1. Master的安装

澳门新濠3559,puppet的目的是让系统管理员只集中于要管理的目标服务器,而忽略实现的细节。puppet既可以在单机上使用,也可以C/S结构使用,在大规模部署puppet的情况下,通常我们会使用C/S结构,在这种结构下,服务端运行puppet-master程序客户端运行puppet-client服务程序

初始化设定

yum -y install ruby ruby-libs ruby-shadow

具体的工作流程图如下所示:

启动Puppet master

在master所在节点host131,使用如下命令启动master,其中–debug为输出调试信息

[[email protected] ~]# puppet master --no-daemonize --debug
Debug: Applying settings catalog for sections main, master, ssl, metrics
Debug: Evicting cache entry for environment 'production'
Debug: Caching environment 'production' (ttl = 0 sec)
...

wget ftp://ftp.sunet.se/pub/Linux/distributions/yellowdog/yum/6.2/extras/RPMS/epel-release-5-3.noarch.rpm

对于puppet的的掌握,理解puppet的工作原理是一个必要的的阶段,只有在了解了puppet的工作原理后才能更好应用puppet,下面让我们一起了解学习puppet的工作原理:

启动Agent

在agent所在节点host133,尝试连接host133,因为非缺省设定,可通过server=host131传入设定

[[email protected] ~]# puppet agent --server=host131 --test --debug
Debug: Applying settings catalog for sections main, agent, ssl
Debug: Caching environment 'production' (ttl = 0 sec)
Debug: Evicting cache entry for environment 'production'
Debug: Caching environment 'production' (ttl = 0 sec)
...
Debug: Dynamically-bound port lookup failed; falling back to ca_port setting
Debug: Creating new connection for https://host131:8140
Exiting; no certificate found and waitforcert is disabled
[[email protected] ~]# 

根据提示发现证书设定不正确,所以接下来需要设定服务器侧证书信息

rpm -Uvh epel-release-5-3.noarch.rpm

说到puppet的工作原理,不得不从以下四个方面来说到,如下所示:

缺省证书信息

列出当前证书信息,发现有两张证书,其中当前机器host131的和host133,host133前不带+表明此证书未通过审核。

[[email protected] ~]# puppet cert list -all
  "host133" (SHA256) 52:2A:AE:C0:58:47:B1:C3:8E:BC:80:F5:51:71:6C:46:77:58:00:4C:96:61:6D:FA:4E:AD:59:4B:F6:71:78:4E
+ "host131" (SHA256) 0E:2E:2B:22:61:E8:F1:59:3A:E4:92:F9:99:2E:3F:D4:7F:D6:E6:83:21:E0:96:4B:1F:4E:7A:A3:D4:EE:FA:78
[[email protected] ~]#

因为证书host133未通过审核,所以从客户端host133发过来的测试信息未能通过,使用命令对此证书进行审核和确认

[root@host131 ~]# puppet cert sign host133
Signing Certificate Request for:
  "host133" (SHA256) 52:2A:AE:C0:58:47:B1:C3:8E:BC:80:F5:51:71:6C:46:77:58:00:4C:96:61:6D:FA:4E:AD:59:4B:F6:71:78:4E
Notice: Signed certificate request for host133
Notice: Removing file Puppet::SSL::CertificateRequest host133 at '/etc/puppetlabs/puppet/ssl/ca/requests/host133.pem'
[root@host131 ~]# 
[root@host131 ~]# puppet cert list -all
+ "host131" (SHA256) 0E:2E:2B:22:61:E8:F1:59:3A:E4:92:F9:99:2E:3F:D4:7F:D6:E6:83:21:E0:96:4B:1F:4E:7A:A3:D4:EE:FA:78
+ "host133" (SHA256) 68:4B:45:DD:99:C7:F7:ED:25:BB:DC:BD:18:3A:81:8C:EF:9F:1D:3E:FB:1E:2D:73:B3:77:31:DE:46:E4:E1:E5
[root@host131 ~]# 

yum -y install puppet puppet-server facter

(1)定义:使用Puppet特定的语言定义基础配置信息。通常我们把这些信息写在Modules中。

重新进行Agent连接

再次进行Agent连接,则发现Agent已经能够正常与Master进行通信了。

[root@host133 ~]# puppet agent --server=host131 --test
Info: Caching certificate for host133
Info: Caching certificate_revocation_list for ca
Info: Caching certificate for host133
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Retrieving locales
Info: Caching catalog for host133
Info: Applying configuration version '1519038659'
Info: Creating state file /opt/puppetlabs/puppet/cache/state/state.yaml
Notice: Applied catalog in 0.01 seconds
[root@host133 ~]# 
  1. Agent的安装

(2)模板:在配置执行之前检测代码,但并不真正执行。

yum install ruby ruby-libs ruby-shadow

(3)执行:定义的配置自动部署。检测并记录下所发生变化的部分。

wget ftp://ftp.sunet.se/pub/Linux/distributions/yellowdog/yum/6.2/extras/RPMS/epel-release-5-3.noarch.rpm

(4)报告:将期待的变化、实际发生的变化及任何修改发送给报告系统。

rpm -Uvh epel-release-5-3.noarch.rpm

如下所示为puppet的工作数据流示意图

yum -y install puppet facter

澳门新濠3559 13

 

数据流说明:

         至此如果安装过程不报错的话,puppet已经安装成功了。

1.首先所有的节点(Node)Node节点将Facts和本机信息发送给Master

三、Puppet的简单配置

2.Master告诉Node节点应该如何配置,将这些信息写入Catalog后传给Node。

  1. Master的配置

3.Node节点在本机进行代码解析验证并执行,将结果反馈给Master。

先来看看puppet主目录下都有什么文件已经每个文件是做什么用的:

4.Master通过API将数据发给分析工具。报告完全可以通过开放API或与其他系统集成。

ls -1 /etc/puppet/

整个数据流的走向是基于SSL安全协议的,如下图所示:

auth.conf       #定义puppet master的acl文件

澳门新濠3559 14

fileserver.conf   #定义puppet master文件服务器的配置文件

模板文件处理过程说明如下:

manifests        #puppet脚本主文件目录,site.pp文件必须存在

Puppet通过编译Manifest中的内容 (即模板中内容),将编译好的代码存入Catalog。在执行前先进行代码的验证,再执行,完成最开始所定义好的状态。代码编译过程如图所示:

modules            #puppet模块目录

澳门新濠3559 15

puppet.conf     #puppet主配置文件

如下所示为整个puppet自动部署过程中agent和master的详细的交互过程:

ssl                     #存放ssl证书的目录

澳门新濠3559 16

刚开始的话, puppet.conf不需要配置就可以满足。

过程说明:

需要更改hosts文件,注意hosts要和主机名对应。

1. Puppet客户端Agent将节点名与facts信息发送给Master。

vim  /etc/hosts添加如下内容:

2. Puppet服务端Master通过分类判断请求的客户端是谁,它将要做什么。这个判断是通过site.pp中包含的Node.pp配置文件定义的。

10.1.4.218 puppet.zhang.com puppet

3. Puppet服务端Master将所需要的Class类信息进行编译后存入Catalog并发送给Puppet客户端Agent,到此完成第一次交互。

10.1.4.213 node1.zhang.com node1

4. Puppet客户端Agent对Catalog进行代码验证(语法检查及错误检查)并执行。主要是代码的验证,并将执行过程的信息及结果写入日志。

10.1.4.214 node2.zhang.com node2

5. Puppet客户端Agent最终达到最开始所定义的状态,并且将结果及任何执行数据通过开放API的形式发送给Puppet服务端Master。

大家要根据实际情况加,我这里是一个master,两个agent。

以上就是puppet的工作原理需要注意是:因为整个过程中都是基于ssl实现的,所以首要的是保证agent和master间可以基于ssl通讯!

  1. Agent的配置

   

Agent的配置主要是更改agent上的/etc/puppet/puppet.conf文件的[agent]部分。

Hardware

在agent上vim /etc/puppet/puppet.conf 添加如下配置

The Puppet agent service has no particular hardware requirements and can run on nearly anything.

server = puppet.zhang.com        #master服务器的地址

However, the Puppet master service is fairly resource intensive, and should be installed on a robust dedicated server.

runinterval = 3600                       #每隔多久的时间进行自动更新,时间单位为秒

  • At a minimum, your Puppet master server should have two processor cores and at least 1 GB of RAM.
  • To comfortably serve at least 1,000 nodes, it should have 2-4 processor cores and at least 4 GB of RAM.

listen = true                         #客户端作为一个服务进行监听,允许其它的机器触发puppet运行允许远程触发puppet的节点配置

The demands on the Puppet master vary widely between deployments. The total needs are affected by the number of agents being served, how frequently those agents check in, how many resources are being managed on each agent, and the complexity of the manifests and modules in use.

 

来自 <>

四、puppet的启动和停止

   

  1. Master的启动和停止

Puppet consists of:

Master的启动

  • A puppet-agent "All-in-One" package that installs Puppet, Ruby, Facter, Hiera, and supporting code.
  • A puppetserver package that installs Puppet Server.
  • A puppetdb package that installs PuppetDB.

/etc/rc.d/init.d/puppetmaster start

To install these, read the pre-install instructions, then see the Puppet installation guides for Linux, Windows, and macOS.

也可以以采用 service puppetmaster start启动

   

第一次启动建议采用puppet master --verbose --no-daemonize方式启动,有助于测试和调试错误,如果采用后面这种方式,你可以看到启动的整个过程,启动过程会做一些初始化的工作,为master创建本地证书认证中心,证书和key。并打开socket等待client的连接。你可以在/etc/puppet/ssl目录看到相关的文件和目录。

Puppet 5 Platform contents

Master的停止

Puppet 5 Platform contains the following components:

/etc/rc.d/init.d/puppetmaster stop

Package

Contents

puppet-agent

Puppet, Facter, Hiera, MCollective, pxp-agent, root certificates, and prerequisites like Ruby and Augeas

puppetserver

Puppet Server; depends on puppet-agent 5 or greater

puppetdb

PuppetDB

puppetdb-termini

Plugins to let Puppet Server talk to PuppetDB

也可以以采用 service puppetmaster stop停止

   

更改多选项可以使用/etc/rc.d/init.d/puppetmaster –h查看

What puppet-agent and Puppet Server are

  1. Agent的启动和停止

We distribute Puppet as two core packages.

Agent的启动

  • puppet-agent — This package contains Puppet's main code and all of the dependencies needed to run it, including Facter, Hiera, and bundled versions of Ruby and OpenSSL. It also includes MCollective. Once it's installed, you have everything you need to run the Puppet agent service and the puppet apply command.

  • puppetserver — This package depends on puppet-agent, and adds the JVM-based Puppet Server application. Once it's installed, Puppet Server can serve catalogs to nodes running the Puppet agent service.

/etc/rc.d/init.d/puppet start

   

也可以采用service puppet start来启动

   

调试的时候可以采用

Settings for agents (all nodes)

puppet agent --server=puppet.zhang.com --no-daemonize –verbose

Roughly in order of importance. Most of these can go in either [main] or [agent], or be specified on the command line.

的方式来启动,这样启动我们可以看到agent是如何和master建立连接的。

Basics

Agent的停止

  • server — The Puppet master server to request configurations from. Defaults to puppet; change it if that's not your server's name.

    • ca_server and report_server — If you're using multiple masters, you'll need to centralize the CA; one of the ways to do this is by configuring ca_server on all agents. See the multiple masters guide for more details. The report_server setting works about the same way, although whether you need to use it depends on how you're processing reports.
  • certname — The node's certificate name, and the unique identifier it uses when requesting catalogs; defaults to the fully qualified domain name.

    • For best compatibility, you should limit the value of certname to only use letters, numbers, periods, underscores, and dashes. (That is, it should match /A[a-z0-9._-]+Z/.)
    • The special value ca is reserved, and can't be used as the certname for a normal node.
  • environment — The environment to request when contacting the Puppet master. It's only a request, though; the master's ENC can override this if it chooses. Defaults to production.

    Note on Non-Certname Node Names

    Although it's possible to set something other than the certname as the node name (using either the node_name_fact or node_name_value setting), we don't generally recommend it. It allows you to re-use one node certificate for many nodes, but it reduces security, makes it harder to reliably identify nodes, and can interfere with other features.

    Setting a non-certname node name is not officially supported in Puppet Enterprise.

/etc/rc.d/init.d/puppet stop

来自 <>

也可以采用service puppet stop来停止。

   

 

二、环境准备

五、FAQ

CentOS7.3.1611

1.  连接master的时候出现如下报错:

NTP/chroynd

dnsdomainname: Unknown host

DNS

解决办法:检查机器主机名的设置,以及是否添加进hosts。

Sudo users

2.   连接master的时候出现如下报错:

SELinux/Firewalld

err: Could not request certificate: getaddrinfo: Name or service not known

   

解决办法:服务器端没有配置hosts域名绑定,在hosts中添加。

/etc/hosts

3.  连接master的时候出现如下报错:

puppet master: puppet-master.gw.local

warning: peer certificate won't be verified in this SSL session

puppet client: lux-vm32.gw.local

解决办法:服务端还没有返回签发证书,使用puppet cert --list查看

   

4.  连接master的时候出现如下报错:

三、软件安装

err: Could not retrieve catalog from remote server: certificate verify failed

  1. 软件下载

解决办法:客户端和服务器端时间不同步,SSL连接需要依赖主机上的时间是否正确。执行更新时间的命令:/sbin/ntpdate asia.pool.ntp.org

rpm repo

 

rpm -Uvh

 

   

 

rpm pacakge

puppetserver

wget

puppet-agent

wget

   

2、安装

puppet master

yum -y install puppetserver (同时会安装puppet-agent)

   

puppet agent

yum -y install puppet-agent

   

3、配置

Config files

  • puppet.conf — Puppet's main config file. (Any node.)
  • auth.conf — access control rules for the Puppet master's network services. (Master only.)
  • autosign.conf — a list of pre-approved certificate requests. (CA master only.)
  • csr_attributes.yaml — optional data to be inserted into new certificate requests. (Any node.)
  • device.conf — configuration for network devices managed by the puppet device command. (Any node acting as an intermediary to configure network devices.)
  • fileserver.conf — configuration for additional fileserver mount points. (Master only.)
  • hiera.yaml — global configuration for the Hiera data lookup system. Note that environments and modules can have their own hiera.yaml files. (Master, or standalone nodes running Puppet apply.)
  • routes.yaml — advanced configuration of indirector behavior. (Master only.)

Location

The puppet.conf file is always located at $confdir/puppet.conf.

Although its location is configurable with the config setting, it can only be set on the command line (e.g. puppet agent -t --config ./temporary_config.conf).

The location of the confdir depends on your OS. See the confdir documentation for details.

Examples

Example agent config

[main]
certname = agent01.example.com
server = puppet
environment = production
runinterval = 1h

splay = true

Example master config

[main]
certname = puppetmaster01.example.com
server = puppet
environment = production
runinterval = 1h

strict_variables = true

[master]
dns_alt_names = puppetmaster01,puppetmaster01.example.com,puppet,puppet.example.com
reports = puppetdb
storeconfigs_backend = puppetdb
storeconfigs = true
environment_timeout = unlimited

Puppet uses four config sections:

  • main is the global section used by all commands and services. It can be overridden by the other sections.
  • master is used by the Puppet master service and the Puppet cert command.
  • agent is used by the Puppet agent service.
  • user is used by the Puppet apply command, as well as many of the less common Puppet subcommands.

Puppet prefers to use settings from one of the three application-specific sections (master, agent, or user). If it doesn't find a setting in the application section, it will use the value from main. (If main doesn't set one, it will fall back to the default value.)

来自 <>

   

puppet master

澳门新濠3559 17

   

puppet client

澳门新濠3559 18

   

/etc/puppetlabs/puppet/puppet.conf

澳门新濠3559 19

   

Q:碰到的问题

Reason: puppet master 内存不够,默认JVM需要2G

A: 更改java vm内存设置

/etc/sysconfig/puppetserver

  1. Update the line:
    # Modify this if you'd like to change the memory allocation, enable JMX, etc
    JAVA_ARGS="-Xms2g -Xmx2g"
    Replace 2g with the amount of memory you want to allocate to Puppet Server. For example, to allocate 1GB of memory, use JAVA_ARGS="-Xms1g -Xmx1g"; for 512MB, use JAVA_ARGS="-Xms512m -Xmx512m".
    For more information about the recommended settings for the JVM, see Oracle's docs on JVM tuning.

  2. Restart the puppetserver service after making any changes to this file.

   

澳门新濠3559 20

   

#查询证书

puppet cert list --all

证书列表中有cs_agnet1的申请,目前是未审核状态(最前面没有+)。审核证书

#生成证书

puppet cert genarate <client DNS name>

#分配证书

puppet cert sign lux-vm32.gw.local

   

澳门新濠3559 21

   

#启动 puppet agent

puppet agent --test

澳门新濠3559 22

   

puppet agent -test --debug

澳门新濠3559 23

   

puppet master

puppet module search <search_string>

puppet module search apaches

puppet module install <module name>

   

# puppet master --genconfig  #就会将master的所有配置选项都列出来,我们可以>到一个文件中,可以去查看其它的参数选项和介绍,但是实际情况我们并不需要如此全面的配置文件,只会用到很少的一部分,大部分的选项还是使用默认的。

编辑:服务器运维 本文来源:Epel是企业版Linux附加软件包(Extra,下面让我们一

关键词: