更新时间:2022-09-15 17:27:45
master------------agent 证书加密
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
|
192.168.2.130 puppet.hequan.lol puppet 192.168.2.131 station.hequan.lol station 安装 master: yum install puppet.noarch puppet-server.noarch
agent: yum install puppet.noarch
[root@puppet puppet] # ls
auth.conf fileserver.conf manifests modules puppet.conf vim puppet.conf 1 [master]
2 certname=puppet.hequan.lol
[root@puppet puppet] # puppet master
[root@puppet puppet] # netstat -lntup | grep 8140
tcp 0 0 0.0.0.0:8140 0.0.0.0:* LISTEN 2580 /ruby [root@station ~] # puppet agent --server=puppet.hequan.lol --no-daemonize --verbose --onetime ##默认去找puppet
[root@puppet puppet] # ll /var/lib/puppet/ssl/ca/requests/
-rw-r--r-- 1 puppet puppet 1598 8月 31 20:38 station.hequan.lol.pem [root@puppet puppet] # puppet cert --list
"station.hequan.lol" (SHA256) 35:BD:28:6C:18:5D:58:3F:EF:60:F6:2D:6E:5D:5A:B7:16:02:36:84:48:08:31:32:28:DF:C7:BD:A6:65:9F:E9
puppet cert --sign station.hequan.lol ##all 签发
[root@puppet puppet] # ll /var/lib/puppet/ssl/ca/signed/ ##签发完成,建立联系
总用量 8 -rw-r--r-- 1 puppet puppet 2009 8月 31 20:34 puppet.hequan.lol.pem -rw-r--r-- 1 puppet puppet 1960 8月 31 20:41 station.hequan.lol.pem /etc/puppet/manifests ##管理服务器清单,这个目录里面需要一个文件, xxx.pp
[root@puppet manifests] # ll
-rw-r--r-- 1 root root 159 8月 31 20:58 node.pp -rw-r--r-- 1 root root 53 8月 31 20:48 site.pp [root@puppet manifests] # cat site.pp
$puppetserver= "puppet.hequan.lol"
import 'node.pp'
[root@puppet manifests] # cat node.pp
node 'station.hequan.lol' {
#定义资源的方式:
#资源类型{'资源名':属性1=>'值1'}
package{ "system-config-date" :ensure=> 'present' }
} package { 'nginx' :
ensure => present,
} file { "/root/aa1.txt" :
ensure=> "present" ,
mode=> "0000"
} [root@station puppet] # ll /root
总用量 4 ---------- 1 root root 0 8月 31 21:26 aa1.txt |