puppet等手动操作工具最大的不同就是puppet的配置是稳定的,所以你可以多次执行puppet,一旦你更新你的配置文件,puppet就会改变你的机器根据配置文件配置,一般每30分钟配置一次。Puppet会让你的系统状态与配置文件要求的状态一致。比如你的配置文件要求必须开启ssh服务。如果不小心关闭了ssh服务,那么下次执行puppet时,puppet会发现这个异常,然后开启ssh服务,保持系统状态和配置文件一致。Puppet就像一个魔术师,它会让你的系统迷惑收敛到puppet配置文件想要的状态。您可以使用puppet来管理服务器的整个生命周期,从初始化到退役。与sun的Jumpstart或redhat的Kickstart等传统方法不同,puppet可以使服务器多年保持最佳状态。只要一开始正确配置它们,然后就再也不用管它们了。通常puppet用户只需要在机器上安装puppet并让它们运行,然后puppet会完成剩下的工作。 实验环境 硬件:两台服务器,虚拟服务器或者物理机都可以,ip地址分别为192.168.10.133(服务器)和192.168.10.207(客户端);下面将两台服务器分别替换为server和client。 软件:安装Centos5X64(server),Ubuntu12.04(client)系统 网络:两台机器可以互相访问服务器端的配置:1.设置主机名:[root@server~]#uname-aLinuxserver.puppet.com2.6.18-238.el5#1SMPThuJan1315:51:15EST2011x86_64x86_64x86_64GNU/Linux[root@server~]#hostnameserver.puppet.com[root@server~]#cat/etc/hosts#Donotremovethefollowingline,orvariousprograms#thatrequirenetworkfunctionalitywillfail.127.0.0.1redminelocalhost.localdomainlocalhost::1localhost6.localdomain6localhost6192.168.10.133server2.puppet.comserver在服务器端配置yum源(因为centos默认没有puppet源,所以先配置puppet源,下面链接是无效,请参考:https://fedoraproject.org/wiki/EPEL/zh-cn。)[root@server~]#rpm-Uvhhttp://dl.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm3。开始安装puppetserver[root@server~]#yum-yinstallpuppet-serverfacterrubyruby-libsruby-shadow4.yum成功安装puppet,先启动服务,查看是否安装成功[root@server~]#servicepuppetmasterstartStartingpuppetmaster:[OK][root@server~]#ps-ef|greppuppetpuppet29371011:47?00:00:00/usr/bin/ruby/usr/sbin/puppetmasterdroot29432751011:47pts/100:00:00greppuppet个人喜欢用[root@秒erver~]#puppetmaster--verbose--no-daemonizenotice:StartingPuppetmasterversion2.6.17因为这样可以看到输出。跟下面的测试有关系,调试完毕。建议从守护进程开始。现在服务器启动没有问题了。现在您可以安装ubuntu客户端1.设置客户端的主机名liming@client:~$hostnameclient.puppet.com2。设置服务器hosts(添加如下)liming@client:~$sudovim/etc/hosts192.168.10.133server.puppet.com3.setubuntuaptsourceliming@client:~$sudosu-liming@client:~$echo-e"debhttp://apt.puppetlabs.com/lucidmain\ndeb-srchttp://apt.puppetlabs.com/lucidmain">/etc/apt/sources.list.d/puppet.listliming@client:~$sudoapt-keyadv--keyserverkeyserver.ubuntu.com--recv4BD6EC30liming@client:~$sudoapt-getupdate4。安装人偶客户端sudoapt-getinstallpuppet5.testliming@client:~$sudopuppeagent--server=server.puppet.com--no-daemonize--verbose--onetimeinfo:CreatinganewSSLkeyforclient.puppet.comwarning:peercertificatewon'tbeverifiedinthisSSLsessioninfo:Cachingcertificateforcawarning:peercertificatewon'tbeverifiedinthisSSLsessionwarning:peercertificatewon'tbeverifiedinthisSSLsessioninfo:CreatinganewSSLcertificaterequestforclient.puppet.cominfo:CertificateRequestfingerprint(md5):54:CC:33:85:ED:4E:97:05:5F:6D:CE:D9:1F:1F:E9:BC警告:peercertificatewon'tbeverifiedinthisSSLsessionwarning:peercertificatewon'tbeverifiedinthisSSLsessionwarning:peercertificatewon'tbeverifiedinthisSSLsession服务器端视图客户端等待请求证书连接[root@server~]#puppetcert--list"client.puppet.com"(54:CC:33:85:ED:4E:97:05:5F:6D:CE:D9:1F:1F:E9:BC)现在服务器和客户端都很好。如果你想换client为Centos或者RHEL,重复server2.配置puppet源的yum。直接yuminstallpuppet即可!出现的问题:liming@client:~$puppetd--serverserver.puppet.com--testerr:Couldnotretrievecatalogfromremoteserver:SSL_connectreturned=1errno=0state=SSLv3readservercertificateB:certificateverifyfailed.Thisisoftenbecausethetimeisoutofsyncontheserverorclientwarning:Nousingcacheonfailedcatalog错误:无法检索目录;跳过运行错误:无法发送报告:SSL_connectreturned=1errno=0state=SSLv3读取服务器证书B:证书验证失败。这通常是因为服务器或客户端的时间不同步
