Puppet系統(tǒng)安裝運維手冊.doc

Puppet系統(tǒng)安裝運維手冊1安裝配置11.1版本信息11.2服務器安裝11.2.1鎖定YUM安裝版本(如果需要安裝舊版)11.2.2安裝配置Puppet-server11.2.3安裝Foreman21.3客戶端安裝52管理服務52.1Puppet-Server52.2Foreman52.3Foreman-Proxy53修改記錄61 安裝配置1.1 版本信息 操作系統(tǒng)： CentOS5.X 64bit1.2 服務器安裝1.2.1 鎖定YUM安裝版本(如果需要安裝舊版) 安裝yum-versionlockyum install yum-versionlock 編輯/etc/yum/pluginconf.d/versionlock.listpuppet 2.7.20puppet-server .2 安裝配置Puppet-server 安裝rpm Uvh /pub/epel/5/x86_64/epel-release-5-4.noarch.rpmrpm Uvh http:/ /el/5/products/x86_64/puppetlabs-release-5-6.noarch.rpmyum -y install gcc gcc-c+ libstdc+-develyum install puppet-server (舊版安裝yum install puppet-server-2.7.20) 編輯/etc/puppet/auth.confpath /runauth anymethod saveallow * 增加/etc/puppet/autosign.conf* 編輯/etc/puppet/fileserver.conffiles path /var/lib/puppet/files allow * 編輯/etc/puppet/puppet.confmain # The Puppet log directory. # The default value is $vardir/log. logdir = /var/log/puppet # Where Puppet PID files are kept. # The default value is $vardir/run. rundir = /var/run/puppet # Where SSL certificates are kept. # The default value is $confdir/ssl. ssldir = $vardir/ssl vardir=/var/lib/puppet ssldir=/var/lib/puppet/ssl factpath=/var/lib/puppet/lib/facter templatedir=/etc/puppet/templates hostcert = $vardir/ssl/certs/puppet.pem certdir = $vardir/ssl/certsmaster reports = log,foreman certname=puppet-test-02 #服務器名 autosign=true autosign = /etc/puppet/autosign.conf 修改/etc/hosts88 test-01 server #服務端ip地址，名稱172.17.30.xxx xxxx xxxx #客戶端ip地址，名稱1.2.3 安裝Foreman 安裝Mysql-Serveryum install mysql-server mysqlchkconfig -add mysqldchkconfig -level 235 mysqld onservice mysqld start 創(chuàng)建數(shù)據(jù)庫mysql uroot pCREATE DATABASE foreman CHARACTER SET utf8;CREATE USER foremanlocalhost IDENTIFIED BY foreman;GRANT ALL PRIVILEGES ON foreman.* TO foremanlocalhost; 安裝foremanrpm Uvh /releases/1.0/el5/foreman-release.rpmyuminstallpostgresql-develyuminstalllibvirt-develyum install foreman 修改/usr/share/foreman/config/ database.ymlproduction: adapter: mysql database: foreman username: foreman password: foreman encoding: utf8 將補丁復制到usr/share/foreman/并替換相應文件vi/usr/lib/ruby/site_ruby/1.8/puppet/reports/foreman.rb#copythisfiletoyourreportdir-e.g./usr/lib/ruby/1.8/puppet/reports/#addthisreportinyourpuppetmasterreports-e.g,inyourpuppet.confadd:#reports=log,foreman#(oranyotherreportsyouwant)#URLofyourForemaninstallation#$foreman_url=$foreman_url=:3000/requirepuppetrequirenet/httprequireuriPuppet:Reports.register_report(:foreman)doPuppet.settings.use(:reporting)descSendsreportsdirectlytoForemandefprocessbeginuri=URI.parse($foreman_url)http=Net:HTTP.new(uri.host,uri.port)ifuri.scheme=httpsthenhttp.use_ssl=truehttp.verify_mode=OpenSSL:SSL:VERIFY_NONEendreq=Net:HTTP:Post.new(/reports/create?format=yml)req.set_form_data(report=to_yaml)response=http.request(req)rescueException=eraisePuppet:Error,CouldnotsendreporttoForemanat#$foreman_url/reports/create?format=yml:#eendendendcd /usr/share/foreman/bundle installbundle install -without development test postgresql libvirt sqlitegem install activerecord-mysql2-adapterRAILS_ENV=productionrakedb:migratescript/rails s -p 3000 -e production -d 初始化admin口令cd /usr/share/foreman# RAILS_ENV=production rake permissions:reset編輯/usr/share/foreman/config/setting.yaml:puppet_server: #修改為你的puppetmaster:login: false #改為trueforeman web 打開setting那個頁面，重啟foreman，進入My account 修改密碼 安裝foreman-proxyyum install foreman-proxy編輯/etc/foreman-proxy/settings.yml:puppetca: true:puppet: true:puppet_conf: /etc/puppet/puppet.conf 修改 visudo 配置信息visudoDefaults:foreman-proxy !requirettyforeman-proxy ALL = NOPASSWD: /usr/bin/puppetforeman-proxy ALL = NOPASSWD: /usr/bin/puppet cert * 編輯/usr/share/foreman-proxy/lib/puppetca_api.rb第6行l(wèi)og_halt 406, Failed to list certificates: #e: #e.backtrace.join(n) 配置foreman-proxy到foreman登錄foreman，右側(cè)moreSmart-Proxies菜單中新增proxy，name：puppet-master主機名url：http:/ puppet-master:84431.3 客戶端安裝1.3.1 Puppet-clinet客戶端安裝l 說明，目前升級文件中不能有文件名不能有中文 客戶端系統(tǒng)為Windows Server 2003,雙擊puppet-3.0.1.msi進行安裝 雙擊ruby186-27_rc2.exe進行ruby的安裝l若運行期間，報此錯誤，安裝Microsoft .NET Framework 2.0 SP1 配置host文件9 client-020 puppet-test-02 添加文件auth.conf,fileserver.conf與namespaceauth.conf 配置puppet.conf，將里面的內(nèi)容替換為main # The Puppet log directory. # The default value is $vardir/log. #logdir = /var/log/puppet # Where Puppet PID files are kept. # The default value is $vardir/run. #rundir = /var/run/puppet # Where SSL certificates are kept. # The default value is $confdir/ssl. ssldir = $vardir/ssl pluginsync=trueagent # The file in which puppetd stores a list of the classes # associated with the retrieved configuratiion. Can be loaded in # the separate puppet executable using the -loadclasses # option. # The default value is $confdir/classes.txt. classfile = $vardir/classes.txt listen = true runinterval = 60 # Where puppetd caches the local configuration. An # extension indicating the cache format is added automatically. # The default value is $confdir/localconfig. localconfig = $vardir/localconfig server = puppet-test-02 如果是第一次進行ssl匹配，運行命令，此命令需要在C:Program FilesPuppet LabsPuppetbin目錄下。C:Program FilesPuppet LabsPuppetbinpuppet agent -test -server puppet-test-02 由于在master上面配置了自動簽名，見master配置標紅處，所以只需要運行上面的命令。 在運行鏈接時報下面的錯誤，這種情況是由于前面已經(jīng)簽名過，進行第二次的簽名。l 在master端，執(zhí)行命令puppet cert clenn client-02l 在client端，刪除文件client-02.pem Cmd-services.msc-停止 puppet agent服務，并將服務設置為手動 添加隨機啟動文件runpuppet.bat到：C:Program FilesPuppet LabsPuppetbin，并將該文件添加到系統(tǒng)計劃任務中，設置為隨系統(tǒng)啟動執(zhí)行。 Puppet client文件以及腳本列表l 在C:XspeedRunStop目錄下新建文件夾bakl 在C:XspeedRunStop目錄下新建文件夾TranFilel 將BatchStart.bat, BatchStop.bat,chmode.bat,ProVersion.bat, ProVersion.jar,StartStop.jar拷貝至文件C:XspeedRunStopl 將copy.bat拷貝至C:XspeedRunStopbak 將home.rb文件拷貝至C:Program Fi