Puppet

From wiki.habital.lv
Revision as of 06:55, 13 June 2016 by Eugene (talk | contribs)
Jump to navigation Jump to search

Инсталляция программного обеспечения на сервере и на агенте

rpm -ivh https://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm

На сервере: 

# yum install puppet-server
# chkconfig puppetmaster on

Файл /etc/puppet/puppet.conf: 

# vi /etc/puppet/puppet.conf
[main]certname = puppet.mybox.lv
   server = puppet.mybox.lv
   environment = production
   runinterval = 1h

[master]
   dns_alt_names = puppet.mybox.lv,puppet

На агенте: 

# yum install puppet

Установка сертификатов на сервере и на агенте

На сервере: 

# rm -rf /var/lib/puppet/ssl/*
# puppet master --verbose --no-daemonize
Info: Creating a new SSL key for ca
Info: Creating a new SSL certificate request for ca
Info: Certificate Request fingerprint (SHA256): 3F:CD:FD:CF:5B:1A:72:C1:D2:BA:ED:0A:C8:AF:AE:E0:B3:66:AC:78:9B:03:53:01:2E:47:36:6A:21:41:80:76
Notice: Signed certificate request for ca
Info: Creating a new certificate revocation list
Info: Creating a new SSL key for puppet.mybox.lv
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for puppet.mybox.lv
Info: Certificate Request fingerprint (SHA256): 80:D0:E6:43:66:54:85:85:59:2A:3E:40:C1:A4:5F:93:82:89:35:07:84:6C:DF:0F:B8:A0:EC:CB:A1:63:24:D1
Notice: puppet.mybox.lv has a waiting certificate request
Notice: Signed certificate request for puppet.mybox.lv
Notice: Removing file Puppet::SSL::CertificateRequest puppet.mybox.lv at '/var/lib/puppet/ssl/ca/requests/puppet.mybox.lv.pem'
Notice: Removing file Puppet::SSL::CertificateRequest puppet.mybox.lv at '/var/lib/puppet/ssl/certificate_requests/puppet.mybox.lv.pem'
Notice: Starting Puppet master version 3.8.7
<Ctrl-C>

# puppet cert list --all
+ "puppet.mybox.lv" (SHA256) 2B:52:7C:52:1E:E9:44:7A:02:BE:1B:8E:9F:84:8D:BF:EC:1E:59:F3:10:18:B9:16:53:C7:22:BB:B6:40:28:00 (alt names:
"DNS:puppet.mybox.lv","DNS:puppet", "DNS:puppet.mybox.lv")

# service puppetmaster start

На агенте: 

# vim /etc/puppet/puppet.conf
[main]certname = proxy.mybox.lv
   server = puppet.mybox.lv
   environment = production
   runinterval = 1h

# puppet agent –test

На сервере: 

# puppet cert list
 "proxy.mybox.lv" (SHA256) CF:68:EF:63:98:BD:9A:FA:9F:6B:11:F5:BA:36:E1:AE:38:63:B3:82:FF:CB:73:B7:3E:F3:AB:2A:44:9B:5E:08

# puppet cert sign proxy.mybox.lv

Примеры настроек

Retrieved from "https://wiki.habital.lv/index.php?title=Puppet&oldid=53"