Puppet基础
why
一切按官方文档是最好的哦 虽然英文Oct 27 2021
salt 老是0day问题 ,为了安全 于是上puppet 现在文档真的很少,以前在dovo时,流行得很呢 于是有了本文
install
https://puppet.com/docs/puppet/7/install_agents.html#configure_server_setting
https://puppet.com/docs/puppetserver/5.3/intermediate_ca_configuration.html
https://puppet.com/docs/puppet/7/ssl_regenerate_certificates.html
aliyun mirrors
https://developer.aliyun.com/mirror/puppet https://mirrors.aliyun.com/puppet/
* Enable the Puppet platform repository
RH
可以用aliyun mirrors 会更加快
wget -c https://mirrors.aliyun.com/puppet/yum/puppet7/el/7/x86_64/puppet7-release-7.0.0-1.el7.noarch.rpm && rpm -Uvh puppet7-release-7.0.0-1.el7.noarch.rpm
rpm -Uvh https://yum.puppet.com/puppet6-release-el-7.noarch.rpm
debian 10 or kali 2021 只能是 buster 注意
记得要改为google dns 8.8.4.4 or alidns #wget -c https://apt.puppetlabs.com/puppet6-release-buster.deb && dpkg -i puppet6-release-buster.deb #on my kali wget -c https://mirrors.aliyun.com/puppet/apt/puppet7-release-buster.deb && dpkg -i puppet7-release-buster.deb #https://mirrors.aliyun.com/puppet/apt/puppet6-release-buster.deb && wget -c https://mirrors.aliyun.com/puppet/apt/puppet7-release-bullseye.deb && dpkg -i puppet7-release-bullseye.deb #debian 11 #wget https://apt.puppet.com/puppet7-release-buster.deb && dpkg -i dpkg -i puppet7-release-buster.deb apt update
Installing Puppet Server
apt update apt-get install puppetserver sudo systemctl start puppetserver /opt/puppetlabs/server/apps/puppetserver/bin/puppetserver -v puppetserver version: 6.14.1 cp /etc/profile /etc/profileevanbak echo 'export PATH=/opt/puppetlabs/server/apps/puppetserver/bin/:$PATH' >> /etc/profile apt-get install default-jdk
如何在 Debian 10 上安装 OpenJDK11/OpenJDK8 Installing JDK on Debian 10 https://puppet.com/docs/puppet/6.19/server/install_from_packages.html
* 3. Install Puppet agent
** rpm -Uvh https://yum.puppet.com/puppet7-release-el-7.noarch.rpm https://yum.puppet.com/puppet7-release-el-8.noarch.rpm https://yum.puppet.com/puppet6-release-el-7.noarch.rpm ** yum install puppet-agent echo 'export PATH=/opt/puppetlabs/bin:$PATH' >> /etc/profile && source /etc/profile https://puppet.com/docs/puppet/6.19/install_agents.html Start the Puppet service: sudo /opt/puppetlabs/bin/puppet resource service puppet ensure=running enable=true ** deb apt-get install puppet-agent source /etc/profile.d/puppet-agent.sh
https://puppet.com/docs/puppet/7/install_agents.html
* 4. Install PuppetDB (optional)
configure
#On the agent node, run: puppet config set server puppetserver.example.com --section main #3. Connect the agent to the primary server and sign the certificate # on agent node puppet ssl bootstrap You will see a message that looks like: Info: Creating a new RSA SSL key for <agent node> #On the primary server node, sign the certificate: #puppetsrver sudo puppetserver ca sign --certname <name> #On the agent node, run the agent again: puppet ssl bootstrap
相关配置文件
puppet server
cat /etc/hosts 127.0.0.1 puppetserver.example.com 192.168.10.32 puppetserver.example.com 192.168.10.39 puppetagent 192.168.10.33 puppetagent2 cat /etc/puppetlabs/puppet/puppet.conf # This file can be used to override the default puppet settings. # See the following links for more details on what settings are available: # - https://puppet.com/docs/puppet/latest/config_important_settings.html # - https://puppet.com/docs/puppet/latest/config_about_settings.html # - https://puppet.com/docs/puppet/latest/config_file_main.html # - https://puppet.com/docs/puppet/latest/configuration.html [server] vardir = /opt/puppetlabs/server/data/puppetserver logdir = /var/log/puppetlabs/puppetserver rundir = /var/run/puppetlabs/puppetserver pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid codedir = /etc/puppetlabs/code [master] certname = puppetserver.example.com
agent
cat /etc/hosts 127.0.0.1 localhost #127.0.1.1 puppetserver.example.com puppetserver 192.168.10.32 puppetserver.example.com puppetserver 127.0.1.1 puppetagent cat /etc/puppetlabs/puppet/puppet.conf [main] server = puppetserver.example.com # This file can be used to override the default puppet settings. # See the following links for more details on what settings are available: # - https://puppet.com/docs/puppet/latest/config_important_settings.html # - https://puppet.com/docs/puppet/latest/config_about_settings.html # - https://puppet.com/docs/puppet/latest/config_file_main.html # - https://puppet.com/docs/puppet/latest/configuration.html [agent] runinterval=30
agent2
这里的明天再补上 Sep 26
默认30分钟太久
#on agent 120 秒 ,2 分钟 vi /etc/puppetlabs/puppet/puppet.conf [agent] server = master.test.cn runinterval=120
video
see also
references
https://en.wikipedia.org/wiki/Puppet_(software)
Usage