|
马上注册,结交更多好友,享用更多功能,让你轻松玩转社区。
您需要 登录 才可以下载或查看,没有帐号?立即注册
x
如果您觉得本篇CentOSLinux教程讲得好,请记得点击右边漂浮的分享程序,把好文章分享给你的小伙伴们!CentOS6.4体系上装置puppet3.1.1版本,本文参考chenshake的文章
OS:centso6.4X64
Puppet3.1.1
Puppetmaster:master.canghai.com
Puppetclients:node1-5.canghai.com
Puppet请求一切呆板有完全的域名(FQDN),假如没有DNS办事器供应域名的话,能够在两台呆板上设置主机名(注重要先设置主机名再装置Puppet,由于装置Puppet时会把主机名写进证书,客户端和办事端通讯必要这个证书),由于我设置了DNS,以是就不必改hosts了,假如没有就必要改hosts文件指定。
1.封闭selinux,iptables,并设置ntp
接纳CentOS-6.4-x86_64-minimal.iso最小化装置,因而先要装置ntp、wget等经常使用工具
装置ntpwget
yuminstallwgetntp-y
封闭selinux
sed-i/SELINUX/s/enforcing/disabled/g/etc/selinux/config
setenforce0
中断iptables
chkconfigip6tablesoff
chkconfigiptablesoff
/etc/init.d/ip6tablesstop
/etc/init.d/iptablesstop
设置ntp
ntpdatepool.ntp.org
chkconfigntpon
servicentpdstart
2.装置puppet办事
puppet不在CentOS的基础源中,必要到场PuppetLabs供应的官方源:
wgethttp://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-7.noarch.rpm
rpm-ivhpuppetlabs-release-6-7.noarch.rpm
yumupdate
在master上装置和启用puppet办事:
yuminstallpuppet-server
chkconfigpuppeton
servicepuppetmasterstart
在clients上装置puppet客户端
yuminstallpuppet
chkconfigpuppeton
servicepuppetstart
3.设置puppet
关于puppet客户端,修正/etc/puppet/puppet.conf,指定master办事器
vi/etc/puppet/puppet.conf
[main]
#ThePuppetlogdirectory.
#Thedefaultvalueis$vardir/log.
logdir=/var/log/puppet
#WherePuppetPIDfilesarekept.
#Thedefaultvalueis$vardir/run.
rundir=/var/run/puppet
#WhereSSLcertificatesarekept.
#Thedefaultvalueis$confdir/ssl.
ssldir=$vardir/ssl
[agent]
#Thefileinwhichpuppetdstoresalistoftheclasses
#associatedwiththeretrievedconfiguratiion.Canbeloadedin
#theseparate``puppet``executableusingthe``--loadclasses``
#option.
#Thedefaultvalueis$confdir/classes.txt.
classfile=$vardir/classes.txt
#Wherepuppetdcachesthelocalconfiguration.An
#extensionindicatingthecacheformatisaddedautomatically.
#Thedefaultvalueis$confdir/localconfig.
localconfig=$vardir/localconfig
server=master.canghai.com
偏重启puppet办事
servicepuppetrestart
4.Client请求证书
办事端主动签发证书设置
设置master主动签发一切的证书,我们只必要在/etc/puppet目次下创立autosign.conf文件。(不必要修正/etc/puppet/puppet.conf文件,由于我默许的autosign.conf文件的地位没有修正)
cat>/etc/puppet/autosign.conf<<EOF
*.canghai.com
EOF
servicepuppetmasterrestart
如许就会对一切来自canghai.com的呆板的哀求,都主动署名。
client必要向办事器端收回哀求,让办事器对客户端举行办理.这实际上是一个证书签发的历程.第一次运转puppet客户真个时分会天生一个SSL证书并指定发给Puppet办事端,办事器端假如批准办理客户端,就会对这个证书举行签发,能够用这个下令来签发证书,因为我们已在客户端设置了server地点,因而不必要跟办事端地点
puppetagent
为了具体懂得注册的历程和往后排错,能够增添参数,由于设置文件里
–no-daemonize前台输入日记
–verbose输出加倍具体的日记
–debug加倍具体的日记,排错的时分利用
–test暗示测试,就带一个–test参数就能够
puppetagent--no-daemonize--onetime--verbose--debug
就能够请求证书了,因为我设置的主动签发证书,以是间接就签发了,在办事端实行
puppetcertlist--all
+"master.canghai.com"(SHA256)CA:50:6A:51:D5:AD:F0:73:BF:83:A0:4A:BF:1F:4E:F0:56:C9:4B:D8:4D:BB:62:10:EE:14:16:D5:96:D0:B6:F7(altnames:"DNS:master.canghai.com","DNS:puppet","DNS:puppet.canghai.com")
+"node1.canghai.com"(SHA256)B8:95:69:2B:7B:3E:F4:38:CA:63:BE:A0:ED:3C:E7:05:1F:93:53:2D:1C:60:67:E9:D8:20:99:90:B8:9B:D6:40
+"node2.canghai.com"(SHA256)6C:65:34:9D:B1:82:35:24:EF:3F:10:2B:10:F0:0B:44:42:AB:84:42:29:B5:73:1A:A0:1D:D5:1E:9E:24:BC:E3
+"node3.canghai.com"(SHA256)57:54:33:37:23:A7:CD:BE:F6:25:BD:6F:E3:DA:F9:57:48:50:C7:5E:36:8F:F4:BA:C8:27:DF:B0:A2:84:5F:AF
+"node4.canghai.com"(SHA256)65:2F:0E:E7:98:F5:05:40:31:2F:FF:36:A5:3E:DE:C1:91:E8:45:16:55:60:A1:82:74:BC:84:EC:BA:C0:62:F0
+"node5.canghai.com"(SHA256)8C:1B:31:B6:C0:9C:A5:AF:89:6C:85:1B:BA:D0:03:63:07:4C:B1:89:D4:E6:B7:4E:CA:4A:23:C7:3C:5F:CA:3D
就能够看到一切客户端已都已签发证书,后面带”+”号的就是签发乐成的,撸过没有署名的,能够用
puppetcert--signnode1.canghai.com
举行签发证书,签发后在master,实行
puppetcertlist--all
便可看到证书已签发
5.在办事端装置puppet的dashboard
装置mysql
yuminstall-ymysqlmysql-develmysql-server
优化mysql设置
编纂/etc/my.cnf,在[mysqld]字段,增添最初一行
cat/etc/my.cnf
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
user=mysql
#Disablingsymbolic-linksisrecommendedtopreventassortedsecurityrisks
symbolic-links=0
max_allowed_packet=32M
[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
启动办事
/etc/init.d/mysqldstart
chkconfigmysqldon
设置mysql暗码,我这里利用是暗码是123456
mysqladmin-urootpassword123456
创立一个dashboard数据库
mysql-uroot-p123456<<EOF
CREATEDATABASEdashboardCHARACTERSETutf8;
CREATEUSERdashboard@localhostIDENTIFIEDBY123456;
GRANTALLPRIVILEGESONdashboard.*TOdashboard@localhost;
FLUSHPRIVILEGES;
EOF
Passenger+Apache+Dashboard
这是让Apache撑持ruby,因为Passenger不在centos官方源里,因而要增加epel的源
wgethttp://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
rpm-ivhepel-release-6-8.noarch.rpm
yuminstallmod_passengerpuppet-dashboard
设置Dashboard
vi/usr/share/puppet-dashboard/config/database.yml
production:
database:dashboard
username:dashboard
password:123456
encoding:utf8
adapter:mysql
修正时区
vi/usr/share/puppet-dashboard/config/environment.rb
#config.time_zone=UTC
config.time_zone=Beijing
初始化数据库
cd/usr/share/puppet-dashboard/
rakeRAILS_ENV=productiondb:migrate
设置Apache
我们必要整合Passenger和apache
cat>/etc/httpd/conf.d/passenger.conf<<EOF
LoadModulepassenger_modulemodules/mod_passenger.so
PassengerRoot/usr/share/rubygems/gems/passenger-3.0.17
PassengerRuby/usr/bin/ruby
PassengerHighPerformanceon
PassengerMaxPoolSize12
PassengerPoolIdleTime1500
PassengerStatThrottleRate120
RailsAutoDetectOn
ServerNamemaster.canghai.com
DocumentRoot"/usr/share/puppet-dashboard/public/"
<Directory"/usr/share/puppet-dashboard/public/">
OptionsNone
AllowOverrideAuthConfig
Orderallow,deny
allowfromall
ErrorLog/var/log/httpd/master.canghai.com_error.log
LogLevelwarn
CustomLog/var/log/httpd/master.canghai.com_access.logcombined
ServerSignatureOn
EOF
启动办事
/etc/init.d/httpdstart
chkconfighttpdon
设置puppet
让Dashboard利用Reports,如今默许agent是已启用Report的功效,以是你就不必要设置agent,你只必要设置Server端就能够
vi/etc/puppet/puppet.conf
[master]
reports=store,http
reporturl=http://master.canghai.com:80/reports/upload
重启puppetmaster办事
/etc/init.d/puppetmasterrestart
这时候候就能够间接用http://ip会见puppetDashboard
导进呈报
cd/usr/share/puppet-dashboard
rakeRAILS_ENV=productionreports:import
这时候候你会见Dashboard,能够看到导进的义务.
4.实行导进的reports
cd/usr/share/puppet-dashboard
rakejobs:workRAILS_ENV="production"
如果您觉得本篇CentOSLinux教程讲得好,请记得点击右边漂浮的分享程序,把好文章分享给你的小伙伴们! |
|