centos에서 puppet 설치하기
구성정보
- Master machine
- ip : 192.168.10.10 / master.localdomain / Centos6
- Agent machine
- ip : 192.168.10.100 / agent.localdomain / Centos6
공통작업
- 리포지터리 추가
$> rpm -Uvh http://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm Retrieving http://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm warning: /var/tmp/rpm-tmp.Ze6mXg: Header V4 RSA/SHA1 Signature, key ID 4bd6ec30: NOKEY Preparing... ########################################### [100%] package puppetlabs-release-6-11.noarch is already installed
서버 구성하기
-
마스터서버 작업하기1. 패키지 설치
[root@master ~]# yum install puppet-server -y =============================================================================================== Package Arch Version Repository Size =============================================================================================== Installing: puppet-server noarch 3.8.2-1.el6 puppetlabs-products 24 k Installing for dependencies: augeas-libs x86_64 1.0.0-10.el6 base 314 k compat-readline5 x86_64 5.2-17.1.el6 base 130 k facter x86_64 1:2.4.4-1.el6 puppetlabs-products 99 k hiera noarch 1.3.4-1.el6 puppetlabs-products 23 k libselinux-ruby x86_64 2.0.94-5.8.el6 base 100 k puppet noarch 3.8.2-1.el6 puppetlabs-products 1.6 M ruby x86_64 1.8.7.374-4.el6_6 base 538 k ruby-augeas x86_64 0.4.1-3.el6 puppetlabs-deps 21 k ruby-irb x86_64 1.8.7.374-4.el6_6 base 317 k ruby-libs x86_64 1.8.7.374-4.el6_6 base 1.7 M ruby-rdoc x86_64 1.8.7.374-4.el6_6 base 381 k ruby-shadow x86_64 1:2.2.0-2.el6 puppetlabs-deps 13 k rubygem-json x86_64 1.5.5-3.el6 puppetlabs-deps 763 k rubygems noarch 1.3.7-5.el6 base 207 k Transaction Summary =============================================================================================== Install 15 Package(s)
- config 수정하기
[root@master ~]# vi /etc/puppet/puppet.conf [main] # The Puppet log directory. # The default value is '$vardir/log'. logdir = /var/log/puppet # Where Puppet PID files are kept. # The default value is '$vardir/run'. rundir = /var/run/puppet # Where SSL certificates are kept. # The default value is '$confdir/ssl'. ssldir = $vardir/ssl moduledir = /etc/puppet/modules [agent] # The file in which puppetd stores a list of the classes # associated with the retrieved configuratiion. Can be loaded in # the separate ``puppet`` executable using the ``--loadclasses`` # option. # The default value is '$confdir/classes.txt'. classfile = $vardir/classes.txt # Where puppetd caches the local configuration. An # extension indicating the cache format is added automatically. # The default value is '$confdir/localconfig'. localconfig = $vardir/localconfig [master] certname = master.localdomain moduledir 경로추가, certname = master.localdomain에 master호스트네임 기재
- 패키지 업그레이드
[root@master ~]# puppet resource package puppet-server ensure=latest package { 'puppet-server': ensure => '3.8.2-1.el6', }
- 서비스 시작
[root@master ~]# /etc/init.d/puppetmaster start Starting puppetmaster: [ OK ]
- 포트상태 확인
[root@master ~]# netstat -antp | grep LISTEN tcp 0 0 0.0.0.0:8140 0.0.0.0:* LISTEN 1127/ruby tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 878/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 897/sendmail tcp 0 0 :::22 :::* LISTEN 878/sshd * tcp/8140번 포트가 오픈되어 있는지 확인.
- config 수정하기
-
Agent 작업하기1. 패키지 설치
[root@agent ~]# yum install puppet -y =============================================================================================== Package Arch Version Repository Size =============================================================================================== Installing: puppet noarch 3.8.2-1.el6 puppetlabs-products 1.6 M Installing for dependencies: augeas-libs x86_64 1.0.0-10.el6 base 314 k compat-readline5 x86_64 5.2-17.1.el6 base 130 k facter x86_64 1:2.4.4-1.el6 puppetlabs-products 99 k hiera noarch 1.3.4-1.el6 puppetlabs-products 23 k libselinux-ruby x86_64 2.0.94-5.8.el6 base 100 k ruby x86_64 1.8.7.374-4.el6_6 base 538 k ruby-augeas x86_64 0.4.1-3.el6 puppetlabs-deps 21 k ruby-irb x86_64 1.8.7.374-4.el6_6 base 317 k ruby-libs x86_64 1.8.7.374-4.el6_6 base 1.7 M ruby-rdoc x86_64 1.8.7.374-4.el6_6 base 381 k ruby-shadow x86_64 1:2.2.0-2.el6 puppetlabs-deps 13 k rubygem-json x86_64 1.5.5-3.el6 puppetlabs-deps 763 k rubygems noarch 1.3.7-5.el6 base 207 k Transaction Summary =============================================================================================== Install 14 Package(s)
- 설정파일 수정
[root@agent ~]# vi /etc/puppet/puppet.conf [main] # The Puppet log directory. # The default value is '$vardir/log'. logdir = /var/log/puppet # Where Puppet PID files are kept. # The default value is '$vardir/run'. rundir = /var/run/puppet # Where SSL certificates are kept. # The default value is '$confdir/ssl'. ssldir = $vardir/ssl [agent] # The file in which puppetd stores a list of the classes # associated with the retrieved configuratiion. Can be loaded in # the separate ``puppet`` executable using the ``--loadclasses`` # option. # The default value is '$confdir/classes.txt'. classfile = $vardir/classes.txt # Where puppetd caches the local configuration. An # extension indicating the cache format is added automatically. # The default value is '$confdir/localconfig'. localconfig = $vardir/localconfig certname=agent.localdomain runinterval = 60 certname = 에이전트 호스트네임 추가, runinterval은 업데이트 주기(초단위)로 설정하면 됨. [root@agent ~]# vi /etc/sysconfig/puppet # The puppetmaster server PUPPET_SERVER=master.localdomain # If you wish to specify the port to connect to do so here #PUPPET_PORT=8140 # Where to log to. Specify syslog to send log messages to the system log. PUPPET_LOG=/var/log/puppet/puppet.log # You may specify other parameters to the puppet client here #PUPPET_EXTRA_OPTS=--waitforcert=500 PUPPET_SERVER에 마스터 서버 호스트네임 입력 PUPPET_LOG에 에이전트 로그파일 파일명 입력
- 서비스 시작
[root@agent ~]# /etc/init.d/puppet start Starting puppet agent: [ OK ] [root@agent ~]# ps -ef | grep puppet root 1072 1 3 16:03 ? 00:00:00 /usr/bin/ruby /usr/bin/puppet agent --server=master.localdomain --logdest=/var/log/puppet/puppet.log * 프로세스 실핵확인하면 됨
- 설정파일 수정
서버 연동하기
-
마스터서버에서 인증작업하기
- 인증이 필요한 클라이언트 확인
[root@master ~]# puppet cert --sign --list "agent.localdomain" (SHA256) 52:0D:EF:51:BB:50:99:FE:BC:6D:2F:33:CC:A9:43:73:3B:1C:C6:A1:D6:4C:D2:13:DE:AA:75:E9:7E:D2:2A:E5 * 도메인 옆에 +기호가 붙어있으면 인증이 완료된 에이전트 입니다.
- 에이전트 인증작업 수행
[root@master ~]# puppet cert --sign agent.localdomain Notice: Signed certificate request for agent.localdomain Notice: Removing file Puppet::SSL::CertificateRequest agent.localdomain at '/var/lib/puppet/ssl/ca/requests/agent.localdomain.pem'
- 인증완료여부 확인
[root@master ~]# puppet cert --sign --all --list + "agent.localdomain" (SHA256) 9C:18:CA:26:73:CA:65:96:85:07:B1:F4:B7:A3:2C:43:FA:EE:63:3C:A7:A3:6C:CD:A2:51:5B:81:D2:E5:2D:3F 도메인 옆에 +기호가 생기면 완료.
연동이 잘 되었는지 테스트. - 아래 경로에서 파일생성
[root@master ~]# cat /etc/puppet/manifests/site.pp file { '/tmp/hello' : owner => root, group => root, mode => 444, content => "Hello Pupplet by Machine\n"; }
* /tmp/hello 파일이 생성되는데, 생성시 root의 사용자와 그룹으로 지정하여 생성하고
퍼미션은 444(read)생성하되, 텍스트 데이터는 Hello Pupplet라는 데이터로 저장 - pupplet 적용하기
[root@master ~]# puppet apply /etc/puppet/manifests/site.pp Notice: Compiled catalog for master in environment production in 0.17 seconds Notice: /Stage[main]/Main/File[/tmp/hello]/content: content changed '{md5}723c9d4525cebf11f4e6171740b15abd' to '{md5}7b1d27a85c9ebf03075ee2150fb4d770' Notice: Finished catalog run in 0.09 seconds 에이전트) /tmp/hello파일이 생성되었는지 확인
- 인증이 필요한 클라이언트 확인
- Agent 작업하기
[root@agent ~]# ls -l /tmp/hello -r--r--r-- 1 root root 25 Sep 14 16:11 /tmp/hello [root@agent ~]# cat /tmp/hello Hello Pupplet by Machine
- /tmp/hello파일이 생성되었는지 확인
Reference
No Comments