安装和客户端证书颁发—puppet系列
<p>puppet简介</p><p>Puppet基于ruby语言开发的自动化系统配置工具,可以C/S模式或独立运行,支持对所有UNIX及类UNIX系统的配置管理,最新版本也开始支持对Windows操作系统有限的一些管理。Puppet适用于服务器管的整个过程 ,比如初始安装、配置更新以及系统下线。</p>
<p>Puppet的安装方式支持源码安装、yum安装以及ruby的gem安装。官网推荐使用yum来安装puppet,方面以后的升级、管理、维护。Centos可以采用yum来安装,但是Centos的默认源中没有puppet包,因此需要先安装epel包。Epel是企业版Linux附加软件包(Extra Packages for Enterprise Linux)的缩写,是一个由特别兴趣小组创建、维护并管理的,针对红帽企业版Linux(RHEL)及其衍生发行版(比如CentOS、Scientific Linux)的一个高质量附加软件包项目。</p>
<p>一、安装</p>
<p>1、安装puppet源,(server端和client端都得要安装)</p><pre class="brush:bash;toolbar:false">#rpm -Uvh http://yum.puppetlabs.com/el/6/products/i386/puppetlabs-release-6-6.noarch.rpm</pre><p>2、安装puppet</p>
<p>Server:</p><pre class="brush:bash;toolbar:false"># yum install -y puppet-server
# /etc/init.d/puppetmaster start</pre><p>Client:</p><pre class="brush:bash;toolbar:false"># yum install -y puppet
# /etc/init.d/puppet start</pre><p>安装注意:</p>
<p>也许很多人都会忘记安装puppet源,直接yum</p>
<p>亲们,实践告诉我们不装源,很悲催,会遇到各种问题。</p>
<p>问题一:</p>
<p>Error: Package: ruby-libs-1.8.7.374-1.el5.x86_64 (puppetlabs-deps)</p>
<p>Requires: libtk8.4.so()(64bit)</p>
<p>Error: Package: ruby-libs-1.8.7.374-1.el5.x86_64 (puppetlabs-deps)</p>
<p>Requires: libtcl8.4.so()(64bit)</p>
<p>You could try using --skip-broken to work around the problem</p>
<p>You could try running: rpm -Va --nofiles –nodigest</p>
<p>问题二:</p>
<p>Error: Package: puppet-2.7.20-1.el6.rf.noarch (rpmforge)</p>
<p>Requires: ruby-augeas</p>
<p>You could try using --skip-broken to work around the problem</p>
<p>You could try running: rpm -Va --nofiles –nodigest</p>
<p>二、证书颁发</p>
<p>1、配置主机名</p>
<p><img src="https://zhuji.jb51.net/uploads/img/20230519/0190d5d3c40089b2c1881863d4be4057.jpg" width="572" height="153"></p>
<p>2、client申请证书</p>
<p># puppetd --server vmserver62 –test</p>
<p><img src="https://zhuji.jb51.net/uploads/img/20230519/a820b6309ba64d912568880513966b41.jpg" width="669" height="80"></p>
<p>3、server颁发证书</p>
<p>#puppetca -s vmclient63</p>
<p><img src="https://zhuji.jb51.net/uploads/img/20230519/6e890dcac64e1090de12f2ac12328a68.jpg" width="775" height="63"></p>
<p>注意经常会出现颁发证书失败</p>
<p>第一种:# puppetca -s vmclient63</p>
<p>err: Could not call sign: Could not find certificate request for vmclient63</p>
<p> </p>
<p>第二种:</p>
<p># puppetd --server vmserver62 --test</p>
<p>info: Caching certificate for ca</p>
<p>info: Creating a new SSL certificate request for vmclient63</p>
<p>info: Certificate Request fingerprint (md5): 99:32:9E:78:69:55:0D:AD:1A:E5:25:60:FB:95:8A:22</p>
<p>Exiting; no certificate found and waitforcert is disabled</p>
<p>解决办法:</p><pre class="brush:bash;toolbar:false">#puppetca --clean vmclient63(服务端)或者 #puppetca -c -a
#/etc/init.d/puppetmaster restart (服务端)
#rm -rf /var/lib/puppet (客户端)
#/etc/init.d/puppet restart(客户端)
# puppetd --server vmserver62 --test (客户端)
#puppetca --list ?(服务端)</pre><p>如需转载请注明出处: http://www.ttlsa.com/html/2734.html</p>
頁:
[1]