初始化 centos 服务器并配置 puppet

Posted on 2015-04-07 by york_gu

Agent 服务器

第一步:安装puppet

# 检查服务器版本 cat /etc/*-release

CentOS 5:

sudo rpm -ivh http://yum.puppetlabs.com/puppetlabs-release-el-5.noarch.rpm
sudo yum makecache
sudo yum install -y puppet
sudo puppet resource package puppet ensure=latest

CentOS 6:

sudo rpm -ivh http://yum.puppetlabs.com/puppetlabs-release-pc1-el-6.noarch.rpm
sudo yum makecache
sudo yum install -y puppet
sudo puppet resource package puppet ensure=latest

CentOS 7:

sudo rpm -ivh http://yum.puppetlabs.com/puppetlabs-release-pc1-el-7.noarch.rpm
sudo yum makecache
sudo yum install -y puppet
sudo puppet resource package puppet ensure=latest

第二步:修改/etc/hosts文件,添加puppet域设定

echo '222.66.37.26 puppet' >> /etc/hosts
echo '222.66.37.26 yumrepos.1kxun.mobi' >> /etc/hosts

echo '112.73.17.188 puppet' >> /etc/hosts
echo '103.29.71.30 yumrepos.1kxun.mobi' >> /etc/hosts

第三步:设置服务器

1. 修改文件 /etc/sysconfig/network 以及 hostname命令设置hostname
1.1. (centos7) hostnamectl set-hostname **; nmcli general hostname ** 命令设置hostname
2. 在服务器上使用命令 /opt/puppetlabs/bin/puppet agent -t --verbose 来向 puppet 申请证书
3. 在 puppet 服务器上使用 /opt/puppetlabs/bin/puppet cert list 来查看是否有收到证书
4. 在 puppet 服务器上使用 /opt/puppetlabs/bin/puppet cert sign ** 来通过证书

 epel源有时候可能会出现 warning: rpmts_HdrFromFdno: Header V3 RSA/SHA256 Signature, key ID 0608b895: NOKEY 这样的错误,手动导入一下key就可以

rpm --import http://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6

如果因为各种原因,需要在重新生成 agent 的证书,可以使用下面的命令删除旧的证书

rm -rf /etc/puppetlabs/puppet/ssl

如果执行时出现类似下面的错误,那么很可能的原因是服务器的时间设定错误

[root@hadoop5 ~]# /opt/puppetlabs/bin/puppet agent -t --verbose
Warning: Facter: getaddrinfo failed: Temporary failure in name resolution (-3): hostname may not be externally resolvable.
Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [CRL is not yet valid for /CN=Puppet CA: video-build]
Info: Retrieving pluginfacts
Error: /File[/opt/puppetlabs/puppet/cache/facts.d]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=error: certificate verify failed: [CRL is not yet valid for /CN=Puppet CA: video-build]
Error: /File[/opt/puppetlabs/puppet/cache/facts.d]: Could not evaluate: Could not retrieve file metadata for puppet:///pluginfacts: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [CRL is not yet valid for /CN=Puppet CA: video-build]
Info: Retrieving plugin
Error: /File[/opt/puppetlabs/puppet/cache/lib]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=error: certificate verify failed: [CRL is not yet valid for /CN=Puppet CA: video-build]
Error: /File[/opt/puppetlabs/puppet/cache/lib]: Could not evaluate: Could not retrieve file metadata for puppet:///plugins: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [CRL is not yet valid for /CN=Puppet CA: video-build]
Warning: Facter: getaddrinfo failed: Temporary failure in name resolution (-3): hostname may not be externally resolvable.
Error: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [CRL is not yet valid for /CN=Puppet CA: video-build]
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
Error: Could not send report: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [CRL is not yet valid for /CN=Puppet CA: video-build]
[root@hadoop5 ~]#

可以使用下面命令进行修复

yum install -y ntpdate; /usr/sbin/ntpdate 0.asia.pool.ntp.org
This entry was posted in 杂七杂八. Bookmark the permalink.

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>


Verify Code   If you cannot see the CheckCode image,please refresh the page again!