![nixsky[www.nixsky.com]](/templets/images/toplogo.gif)
3. 软件需求
在准备安装Puppet当中, 我们需要在服务器和客户机上安装几个库文件和软件包. 另外, 如果这一步在后面执行, 请确认软件包的依赖性问题.
puppet:# apt-get install libopenssl-ruby rdoc irb1.8 libopenssl-ruby1.8 libreadline-ruby1.8 libruby1.8 rdoc1.8 ruby1.8
pclient:# apt-get install libopenssl-ruby rdoc irb1.8 libopenssl-ruby1.8 libreadline-ruby1.8 libruby1.8 rdoc1.8 ruby1.8
4. 客户机端安装
从Feisty安装Puppet和Facter.
pclient:# apt-get -t feisty install facter puppet
5. 服务器端安装
安装Puppet, Facter和Puppetmaster. 后续安装脚本将尝试启动服务器, 如果发生错误, 屏幕将来打印出来. 请不要担心, 我们将会在第六步骤创建一个清单.
puppet:# apt-get -t feisty install facter puppet puppetmaster
…..
Starting puppet configuration management tool master server
Manifest /etc/puppet/manifests/site.pp must exist [fail]
6. 服务器端准备
在运行puppetmasterd之前, 服务器端(运行puppetmasterd守护进程)需要一个清单(manifest). 下面我写了一个清单告诉puppet程序在客户端上创建一个”/tmp/testfile”文件.
puppet:# vim /etc/puppet/manifests/site.pp
# Create “/tmp/testfile” if it doesn’t exist.
class test_class {
file { “/tmp/testfile”:
ensure => present,
mode => 644,
owner => root,
group => root
}
}
# tell puppet on which client to run the class
node pclient {
include test_class
}
现在启动puppet服务程序.
puppet:# /etc/init.d/puppetmaster start
7. 客户端准备
默认情况, 客户机将通过你的网络连接主机名叫做”puppet”的服务器. 如果您服务器的主机名不是”puppet”, 这样你需要添加一个指令到puppetd的配置文件”puppetd.conf”. 为了更好的演示, 我们配置了该选项.
请使用你熟悉的文本编辑器打开”/etc/puppet/puppetd.conf”文件, 然后按下面提示添加”server=puppet.example.com”.
pclient:# vim /etc/puppet/puppetd.conf
[puppetd]
server = puppet.example.com
# Make sure all log messages are sent to the right directory
# This directory must be writable by the puppet user
logdir=/var/log/puppet
vardir=/var/lib/puppet
rundir=/var/run
8. 签名秘钥
为了使两个系统安全的通信, 我们需要创建签名的SSL证书. 你将需要登陆到客户和服务器端执行下面的步骤.
在客户端上运行.
pclient:# puppetd –server puppet.example.com –waitforcert 60 –test
你将看到下面的消息.
err: No certificate; running with reduced functionality.
info: Creating a new certificate request for pclient.example.con
info: Requesting certificate
warning: peer certificate won’t be verified in this SSL session
notice: Did not receive certificate
(注:
err: 无证书; 简化运行. [错误]
info: 为pclient.example.com创建新的证书请求 [信息]
info: 正在请求证书 [信息]
warning: 点证书将不会在此SSL会话中被验证 [警告]
notice: 不接受证书 [注意])
接下来, 在服务器端运行下面的命令来确认客户端正在得等待证书被签名.
puppet:# puppetca –list
pclient.example.con
Power by nixsky Copyright 2004-2008