分享程序员开发的那些事...
更新时间:2022-09-15 17:27:45
master------------agent 证书加密
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
|
192.168.2.130 puppet.hequan.lol puppet192.168.2.131 station.hequan.lol station安装master: yum install puppet.noarch puppet-server.noarch
agent: yum install puppet.noarch
[root@puppet puppet]# ls
auth.conf fileserver.conf manifests modules puppet.confvim puppet.conf 1 [master]
2 certname=puppet.hequan.lol
[root@puppet puppet]# puppet master
[root@puppet puppet]# netstat -lntup | grep 8140
tcp 0 0 0.0.0.0:8140 0.0.0.0:* LISTEN 2580/ruby [root@station ~]# puppet agent --server=puppet.hequan.lol --no-daemonize --verbose --onetime ##默认去找puppet
[root@puppet puppet]# ll /var/lib/puppet/ssl/ca/requests/
-rw-r--r-- 1 puppet puppet 1598 8月 31 20:38 station.hequan.lol.pem[root@puppet puppet]# puppet cert --list
"station.hequan.lol" (SHA256) 35:BD:28:6C:18:5D:58:3F:EF:60:F6:2D:6E:5D:5A:B7:16:02:36:84:48:08:31:32:28:DF:C7:BD:A6:65:9F:E9
puppet cert --sign station.hequan.lol ##all 签发
[root@puppet puppet]# ll /var/lib/puppet/ssl/ca/signed/ ##签发完成,建立联系
总用量 8-rw-r--r-- 1 puppet puppet 2009 8月 31 20:34 puppet.hequan.lol.pem-rw-r--r-- 1 puppet puppet 1960 8月 31 20:41 station.hequan.lol.pem/etc/puppet/manifests ##管理服务器清单,这个目录里面需要一个文件, xxx.pp
[root@puppet manifests]# ll
-rw-r--r-- 1 root root 159 8月 31 20:58 node.pp-rw-r--r-- 1 root root 53 8月 31 20:48 site.pp[root@puppet manifests]# cat site.pp
$puppetserver="puppet.hequan.lol"
import 'node.pp'
[root@puppet manifests]# cat node.pp
node 'station.hequan.lol' {
#定义资源的方式:
#资源类型{'资源名':属性1=>'值1'}
package{"system-config-date":ensure=>'present'}
}package {'nginx':
ensure => present,
} file {"/root/aa1.txt":
ensure=>"present",
mode=>"0000"
}[root@station puppet]# ll /root
总用量 4---------- 1 root root 0 8月 31 21:26 aa1.txt |