如题所示,本文配置Puppet的客户端。

这里,我选择的客户端是本地的一台MySQL服务器:
IP:192.168.40.11

[root@mysql1 ~]# hostname
mysql1.adamhuan.com
[root@mysql1 ~]# 
[root@mysql1 ~]# cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 7.6 (Maipo)
[root@mysql1 ~]# 
[root@mysql1 ~]# ifconfig ens32
ens32: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.40.11  netmask 255.255.255.0  broadcast 192.168.40.255
        inet6 fe80::3d39:79ab:a10b:aef5  prefixlen 64  scopeid 0x20<link>
        inet6 fe80::7ef2:690:e2e4:dc55  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:98:ef:22  txqueuelen 1000  (Ethernet)
        RX packets 651507  bytes 898183838 (856.5 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 65571  bytes 9592627 (9.1 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@mysql1 ~]# 

在服务端的文件【/etc/hosts】中登记该客户端主机的记录:

[root@puppet ~]# vi /etc/hosts
[root@puppet ~]# 
[root@puppet ~]# cat /etc/hosts
#127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
#::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

# Local
127.0.0.1       localhost

# Pub
# --> eg.
#192.168.40.254 linux

# --> Puppet: server side
192.168.40.252  puppet puppet.adamhuan.com

# --> Puppet: client side
192.168.40.11   mysql1 mysql1.adamhuan.com

# =====================
# Finished.
[root@puppet ~]# 

客户端的(MySQL服务器)配置NTP服务:
与NTP服务端(PUPPET)同步时间。

安装:NTP服务

[root@mysql1 ~]# yum list | grep ntp
fontpackages-filesystem.noarch          1.44-8.el7                 @anaconda/7.6
ntpdate.x86_64                          4.2.6p5-28.el7             @anaconda/7.6
ntp.x86_64                              4.2.6p5-28.el7             iso          
python-ntplib.noarch                    0.3.2-1.el7                iso          
[root@mysql1 ~]# 
[root@mysql1 ~]# yum install -y ntp
Loaded plugins: langpacks, product-id, search-disabled-repos, subscription-manager
This system is not registered with an entitlement server. You can use subscription-manager to register.
iso                                                                                                                                           | 4.3 kB  00:00:00     
mysql                                                                                                                                         | 2.9 kB  00:00:00     
Resolving Dependencies
--> Running transaction check
---> Package ntp.x86_64 0:4.2.6p5-28.el7 will be installed
--> Processing Dependency: libopts.so.25()(64bit) for package: ntp-4.2.6p5-28.el7.x86_64
--> Running transaction check
---> Package autogen-libopts.x86_64 0:5.18-5.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

=====================================================================================================================================================================
 Package                                      Arch                                Version                                     Repository                        Size
=====================================================================================================================================================================
Installing:
 ntp                                          x86_64                              4.2.6p5-28.el7                              iso                              549 k
Installing for dependencies:
 autogen-libopts                              x86_64                              5.18-5.el7                                  iso                               66 k

Transaction Summary
=====================================================================================================================================================================
Install  1 Package (+1 Dependent package)

Total download size: 615 k
Installed size: 1.5 M
Downloading packages:
---------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                                 19 MB/s | 615 kB  00:00:00     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : autogen-libopts-5.18-5.el7.x86_64                                                                                                                 1/2 
  Installing : ntp-4.2.6p5-28.el7.x86_64                                                                                                                         2/2 
  Verifying  : autogen-libopts-5.18-5.el7.x86_64                                                                                                                 1/2 
  Verifying  : ntp-4.2.6p5-28.el7.x86_64                                                                                                                         2/2 

Installed:
  ntp.x86_64 0:4.2.6p5-28.el7                                                                                                                                        

Dependency Installed:
  autogen-libopts.x86_64 0:5.18-5.el7                                                                                                                                

Complete!
[root@mysql1 ~]# 

配置:NTP服务

[root@mysql1 ~]# cat /etc/ntp.conf 
# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).

driftfile /var/lib/ntp/drift

# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default nomodify notrap nopeer noquery

# Permit all access over the loopback interface.  This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1 
restrict ::1

# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.rhel.pool.ntp.org iburst
#server 1.rhel.pool.ntp.org iburst
#server 2.rhel.pool.ntp.org iburst
#server 3.rhel.pool.ntp.org iburst

server 192.168.40.252 iburst

#broadcast 192.168.1.255 autokey        # broadcast server
#broadcastclient                        # broadcast client
#broadcast 224.0.1.1 autokey            # multicast server
#multicastclient 224.0.1.1              # multicast client
#manycastserver 239.255.254.254         # manycast server
#manycastclient 239.255.254.254 autokey # manycast client

# Enable public key cryptography.
#crypto

includefile /etc/ntp/crypto/pw

# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography. 
keys /etc/ntp/keys

# Specify the key identifiers which are trusted.
#trustedkey 4 8 42

# Specify the key identifier to use with the ntpdc utility.
#requestkey 8

# Specify the key identifier to use with the ntpq utility.
#controlkey 8

# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats

# Disable the monitoring facility to prevent amplification attacks using ntpdc
# monlist command when default restrict does not include the noquery flag. See
# CVE-2013-5211 for more details.
# Note: Monitoring will not be disabled with the limited restriction flag.
disable monitor
[root@mysql1 ~]# 

启动:NTP服务

[root@mysql1 ~]# chkconfig ntpd on
Note: Forwarding request to 'systemctl enable ntpd.service'.
Created symlink from /etc/systemd/system/multi-user.target.wants/ntpd.service to /usr/lib/systemd/system/ntpd.service.
[root@mysql1 ~]# 
[root@mysql1 ~]# service ntpd start
Redirecting to /bin/systemctl start ntpd.service
[root@mysql1 ~]# 
[root@mysql1 ~]# service ntpd status
Redirecting to /bin/systemctl status ntpd.service
● ntpd.service - Network Time Service
   Loaded: loaded (/usr/lib/systemd/system/ntpd.service; enabled; vendor preset: disabled)
   Active: active (running) since Mon 2019-08-05 19:19:10 PDT; 4s ago
  Process: 39887 ExecStart=/usr/sbin/ntpd -u ntp:ntp $OPTIONS (code=exited, status=0/SUCCESS)
 Main PID: 39888 (ntpd)
   CGroup: /system.slice/ntpd.service
           └─39888 /usr/sbin/ntpd -u ntp:ntp -g

Aug 05 19:19:10 mysql1.adamhuan.com ntpd[39888]: Listen and drop on 0 v4wildcard 0.0.0.0 UDP 123
Aug 05 19:19:10 mysql1.adamhuan.com ntpd[39888]: Listen and drop on 1 v6wildcard :: UDP 123
Aug 05 19:19:10 mysql1.adamhuan.com ntpd[39888]: Listen normally on 2 lo 127.0.0.1 UDP 123
Aug 05 19:19:10 mysql1.adamhuan.com ntpd[39888]: Listen normally on 3 ens32 192.168.40.11 UDP 123
Aug 05 19:19:10 mysql1.adamhuan.com ntpd[39888]: Listen normally on 4 lo ::1 UDP 123
Aug 05 19:19:10 mysql1.adamhuan.com ntpd[39888]: Listen normally on 5 ens32 fe80::7ef2:690:e2e4:dc55 UDP 123
Aug 05 19:19:10 mysql1.adamhuan.com ntpd[39888]: Listening on routing socket on fd #22 for interface updates
Aug 05 19:19:10 mysql1.adamhuan.com ntpd[39888]: 0.0.0.0 c016 06 restart
Aug 05 19:19:10 mysql1.adamhuan.com ntpd[39888]: 0.0.0.0 c012 02 freq_set kernel 0.000 PPM
Aug 05 19:19:10 mysql1.adamhuan.com ntpd[39888]: 0.0.0.0 c011 01 freq_not_set
[root@mysql1 ~]# 

服务启动后,查看:

[root@mysql1 ~]# ntpstat 
synchronised to NTP server (192.168.40.252) at stratum 5 
   time correct to within 953 ms
   polling server every 64 s
[root@mysql1 ~]# 

配置EPEL:

[root@mysql1 ~]# yum install -y epel-release                  
Loaded plugins: langpacks, product-id, search-disabled-repos, subscription-manager
This system is not registered with an entitlement server. You can use subscription-manager to register.
Repository base is listed more than once in the configuration
Repository updates is listed more than once in the configuration
Repository extras is listed more than once in the configuration
Repository centosplus is listed more than once in the configuration
Repository updates is listed more than once in the configuration
Repository centosplus is listed more than once in the configuration
Repository extras is listed more than once in the configuration
ISO-ADDONS-HighAvailability                                                                                                                   | 4.3 kB  00:00:00     
ISO-ADDONS-ResilientStorage                                                                                                                   | 4.3 kB  00:00:00     
ISO-BASE                                                                                                                                      | 4.3 kB  00:00:00     
base                                                                                                                                          | 3.6 kB  00:00:00     
epel/x86_64/metalink                                                                                                                          | 8.6 kB  00:00:00     
extras                                                                                                                                        | 3.4 kB  00:00:00     
iso                                                                                                                                           | 4.3 kB  00:00:00     
mysql                                                                                                                                         | 2.9 kB  00:00:00     
os                                                                                                                                            | 3.6 kB  00:00:00     
updates                                                                                                                                       | 3.4 kB  00:00:00     
Resolving Dependencies
--> Running transaction check
---> Package epel-release.noarch 0:7-11 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

=====================================================================================================================================================================
 Package                                      Arch                                   Version                              Repository                            Size
=====================================================================================================================================================================
Installing:
 epel-release                                 noarch                                 7-11                                 epel                                  15 k

Transaction Summary
=====================================================================================================================================================================
Install  1 Package

Total size: 15 k
Installed size: 24 k
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : epel-release-7-11.noarch                                                                                                                          1/1 
warning: /etc/yum.repos.d/epel-testing.repo created as /etc/yum.repos.d/epel-testing.repo.rpmnew
warning: /etc/yum.repos.d/epel.repo created as /etc/yum.repos.d/epel.repo.rpmnew
ISO-ADDONS-HighAvailability/productid                                                                                                         | 1.6 kB  00:00:00     
ISO-ADDONS-ResilientStorage/productid                                                                                                         | 1.6 kB  00:00:00     
ISO-BASE/productid                                                                                                                            | 1.6 kB  00:00:00     
  Verifying  : epel-release-7-11.noarch                                                                                                                          1/1 

Installed:
  epel-release.noarch 0:7-11                                                                                                                                         

Complete!
[root@mysql1 ~]# 

安装Puppet的Agent端:

[root@mysql1 ~]# yum list | grep puppet
Repository base is listed more than once in the configuration
Repository updates is listed more than once in the configuration
Repository extras is listed more than once in the configuration
Repository centosplus is listed more than once in the configuration
Repository updates is listed more than once in the configuration
Repository centosplus is listed more than once in the configuration
Repository extras is listed more than once in the configuration
dmlite-puppet-dpm.noarch                1.12.1-1.el7                    epel    
puppet.noarch                           3.6.2-3.el7                     epel    
puppet-firewalld.noarch                 0.1.3-1.el7                     epel    
puppet-server.noarch                    3.6.2-3.el7                     epel    
puppetlabs-stdlib.noarch                4.25.1-1.el7                    epel    
rubygem-puppet-lint.noarch              1.1.0-2.el7                     epel    
rubygem-puppet-lint-doc.noarch          1.1.0-2.el7                     epel    
[root@mysql1 ~]# 
[root@mysql1 ~]# yum install -y puppet
Loaded plugins: langpacks, product-id, search-disabled-repos, subscription-manager
This system is not registered with an entitlement server. You can use subscription-manager to register.
Repository base is listed more than once in the configuration
Repository updates is listed more than once in the configuration
Repository extras is listed more than once in the configuration
Repository centosplus is listed more than once in the configuration
Repository updates is listed more than once in the configuration
Repository centosplus is listed more than once in the configuration
Repository extras is listed more than once in the configuration
Resolving Dependencies
--> Running transaction check
---> Package puppet.noarch 0:3.6.2-3.el7 will be installed
--> Processing Dependency: facter >= 1.6.6 for package: puppet-3.6.2-3.el7.noarch
--> Processing Dependency: hiera >= 1.0.0 for package: puppet-3.6.2-3.el7.noarch
--> Processing Dependency: /usr/bin/ruby for package: puppet-3.6.2-3.el7.noarch
--> Processing Dependency: ruby for package: puppet-3.6.2-3.el7.noarch
--> Processing Dependency: ruby(augeas) for package: puppet-3.6.2-3.el7.noarch
--> Processing Dependency: ruby(release) for package: puppet-3.6.2-3.el7.noarch
--> Processing Dependency: ruby(selinux) for package: puppet-3.6.2-3.el7.noarch
--> Processing Dependency: ruby(shadow) for package: puppet-3.6.2-3.el7.noarch
--> Processing Dependency: rubygem(rgen) for package: puppet-3.6.2-3.el7.noarch
--> Running transaction check
---> Package facter.x86_64 0:2.4.1-1.el7 will be installed
---> Package hiera.noarch 1:1.3.4-5.el7 will be installed
---> Package libselinux-ruby.x86_64 0:2.5-14.1.el7 will be installed
---> Package ruby.x86_64 0:2.0.0.648-35.el7_6 will be installed
--> Processing Dependency: rubygem(bigdecimal) >= 1.2.0 for package: ruby-2.0.0.648-35.el7_6.x86_64
--> Processing Dependency: ruby(rubygems) >= 2.0.14.1 for package: ruby-2.0.0.648-35.el7_6.x86_64
---> Package ruby-augeas.x86_64 0:0.5.0-1.el7 will be installed
---> Package ruby-libs.x86_64 0:2.0.0.648-35.el7_6 will be installed
---> Package ruby-shadow.x86_64 0:1.4.1-23.el7 will be installed
---> Package rubygem-rgen.noarch 0:0.6.6-2.el7 will be installed
--> Running transaction check
---> Package rubygem-bigdecimal.x86_64 0:1.2.0-35.el7_6 will be installed
---> Package rubygems.noarch 0:2.0.14.1-35.el7_6 will be installed
--> Processing Dependency: rubygem(rdoc) >= 4.0.0 for package: rubygems-2.0.14.1-35.el7_6.noarch
--> Processing Dependency: rubygem(psych) >= 2.0.0 for package: rubygems-2.0.14.1-35.el7_6.noarch
--> Processing Dependency: rubygem(io-console) >= 0.4.2 for package: rubygems-2.0.14.1-35.el7_6.noarch
--> Running transaction check
---> Package rubygem-io-console.x86_64 0:0.4.2-35.el7_6 will be installed
---> Package rubygem-psych.x86_64 0:2.0.0-35.el7_6 will be installed
---> Package rubygem-rdoc.noarch 0:4.0.0-35.el7_6 will be installed
--> Processing Dependency: ruby(irb) = 2.0.0.648 for package: rubygem-rdoc-4.0.0-35.el7_6.noarch
--> Processing Dependency: rubygem(json) >= 1.7.7 for package: rubygem-rdoc-4.0.0-35.el7_6.noarch
--> Running transaction check
---> Package ruby-irb.noarch 0:2.0.0.648-35.el7_6 will be installed
---> Package rubygem-json.x86_64 0:1.7.7-35.el7_6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

=====================================================================================================================================================================
 Package                                      Arch                             Version                                      Repository                          Size
=====================================================================================================================================================================
Installing:
 puppet                                       noarch                           3.6.2-3.el7                                  epel                               1.2 M
Installing for dependencies:
 facter                                       x86_64                           2.4.1-1.el7                                  epel                               101 k
 hiera                                        noarch                           1:1.3.4-5.el7                                epel                                25 k
 libselinux-ruby                              x86_64                           2.5-14.1.el7                                 ISO-BASE                           121 k
 ruby                                         x86_64                           2.0.0.648-35.el7_6                           updates                             72 k
 ruby-augeas                                  x86_64                           0.5.0-1.el7                                  epel                                23 k
 ruby-irb                                     noarch                           2.0.0.648-35.el7_6                           updates                             93 k
 ruby-libs                                    x86_64                           2.0.0.648-35.el7_6                           updates                            2.8 M
 ruby-shadow                                  x86_64                           1.4.1-23.el7                                 epel                                14 k
 rubygem-bigdecimal                           x86_64                           1.2.0-35.el7_6                               updates                             84 k
 rubygem-io-console                           x86_64                           0.4.2-35.el7_6                               updates                             55 k
 rubygem-json                                 x86_64                           1.7.7-35.el7_6                               updates                             80 k
 rubygem-psych                                x86_64                           2.0.0-35.el7_6                               updates                             83 k
 rubygem-rdoc                                 noarch                           4.0.0-35.el7_6                               updates                            322 k
 rubygem-rgen                                 noarch                           0.6.6-2.el7                                  epel                                84 k
 rubygems                                     noarch                           2.0.14.1-35.el7_6                            updates                            220 k

Transaction Summary
=====================================================================================================================================================================
Install  1 Package (+15 Dependent packages)

Total download size: 5.4 M
Installed size: 18 M
Downloading packages:
(1/15): ruby-2.0.0.648-35.el7_6.x86_64.rpm                                                                                                    |  72 kB  00:00:00     
(2/15): ruby-irb-2.0.0.648-35.el7_6.noarch.rpm                                                                                                |  93 kB  00:00:00     
(3/15): facter-2.4.1-1.el7.x86_64.rpm                                                                                                         | 101 kB  00:00:00     
(4/15): hiera-1.3.4-5.el7.noarch.rpm                                                                                                          |  25 kB  00:00:00     
(5/15): ruby-shadow-1.4.1-23.el7.x86_64.rpm                                                                                                   |  14 kB  00:00:00     
rubygem-bigdecimal-1.2.0-35.el FAILED                                          
http://mirrors.cloud.aliyuncs.com/centos/7/updates/x86_64/Packages/rubygem-bigdecimal-1.2.0-35.el7_6.x86_64.rpm: [Errno 14] curl#6 - "Could not resolve host: mirrors.cloud.aliyuncs.com; Unknown error"
Trying other mirror.
(6/15): rubygem-io-console-0.4.2-35.el7_6.x86_64.rpm                                                                                          |  55 kB  00:00:00     
(7/15): ruby-augeas-0.5.0-1.el7.x86_64.rpm                                                                                                    |  23 kB  00:00:01     
(8/15): rubygem-json-1.7.7-35.el7_6.x86_64.rpm                                                                                                |  80 kB  00:00:00     
(9/15): rubygem-psych-2.0.0-35.el7_6.x86_64.rpm                                                                                               |  83 kB  00:00:00     
(10/15): ruby-libs-2.0.0.648-35.el7_6.x86_64.rpm                                                                                              | 2.8 MB  00:00:01     
(11/15): rubygem-rgen-0.6.6-2.el7.noarch.rpm                                                                                                  |  84 kB  00:00:00     
(12/15): rubygem-rdoc-4.0.0-35.el7_6.noarch.rpm                                                                                               | 322 kB  00:00:00     
(13/15): rubygems-2.0.14.1-35.el7_6.noarch.rpm                                                                                                | 220 kB  00:00:00     
(14/15): rubygem-bigdecimal-1.2.0-35.el7_6.x86_64.rpm                                                                                         |  84 kB  00:00:00     
(15/15): puppet-3.6.2-3.el7.noarch.rpm                                                                                                        | 1.2 MB  00:00:06     
---------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                                831 kB/s | 5.4 MB  00:00:06     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : ruby-libs-2.0.0.648-35.el7_6.x86_64                                                                                                              1/16 
  Installing : ruby-irb-2.0.0.648-35.el7_6.noarch                                                                                                               2/16 
  Installing : rubygem-bigdecimal-1.2.0-35.el7_6.x86_64                                                                                                         3/16 
  Installing : rubygem-rdoc-4.0.0-35.el7_6.noarch                                                                                                               4/16 
  Installing : rubygem-json-1.7.7-35.el7_6.x86_64                                                                                                               5/16 
  Installing : rubygem-io-console-0.4.2-35.el7_6.x86_64                                                                                                         6/16 
  Installing : rubygem-psych-2.0.0-35.el7_6.x86_64                                                                                                              7/16 
  Installing : rubygems-2.0.14.1-35.el7_6.noarch                                                                                                                8/16 
  Installing : ruby-2.0.0.648-35.el7_6.x86_64                                                                                                                   9/16 
  Installing : facter-2.4.1-1.el7.x86_64                                                                                                                       10/16 
  Installing : rubygem-rgen-0.6.6-2.el7.noarch                                                                                                                 11/16 
  Installing : ruby-augeas-0.5.0-1.el7.x86_64                                                                                                                  12/16 
  Installing : 1:hiera-1.3.4-5.el7.noarch                                                                                                                      13/16 
  Installing : ruby-shadow-1.4.1-23.el7.x86_64                                                                                                                 14/16 
  Installing : libselinux-ruby-2.5-14.1.el7.x86_64                                                                                                             15/16 
  Installing : puppet-3.6.2-3.el7.noarch                                                                                                                       16/16 
  Verifying  : ruby-2.0.0.648-35.el7_6.x86_64                                                                                                                   1/16 
  Verifying  : ruby-irb-2.0.0.648-35.el7_6.noarch                                                                                                               2/16 
  Verifying  : ruby-libs-2.0.0.648-35.el7_6.x86_64                                                                                                              3/16 
  Verifying  : ruby-augeas-0.5.0-1.el7.x86_64                                                                                                                   4/16 
  Verifying  : facter-2.4.1-1.el7.x86_64                                                                                                                        5/16 
  Verifying  : rubygem-bigdecimal-1.2.0-35.el7_6.x86_64                                                                                                         6/16 
  Verifying  : rubygem-rdoc-4.0.0-35.el7_6.noarch                                                                                                               7/16 
  Verifying  : rubygem-json-1.7.7-35.el7_6.x86_64                                                                                                               8/16 
  Verifying  : puppet-3.6.2-3.el7.noarch                                                                                                                        9/16 
  Verifying  : rubygem-io-console-0.4.2-35.el7_6.x86_64                                                                                                        10/16 
  Verifying  : 1:hiera-1.3.4-5.el7.noarch                                                                                                                      11/16 
  Verifying  : libselinux-ruby-2.5-14.1.el7.x86_64                                                                                                             12/16 
  Verifying  : rubygem-rgen-0.6.6-2.el7.noarch                                                                                                                 13/16 
  Verifying  : rubygem-psych-2.0.0-35.el7_6.x86_64                                                                                                             14/16 
  Verifying  : rubygems-2.0.14.1-35.el7_6.noarch                                                                                                               15/16 
  Verifying  : ruby-shadow-1.4.1-23.el7.x86_64                                                                                                                 16/16 

Installed:
  puppet.noarch 0:3.6.2-3.el7                                                                                                                                        

Dependency Installed:
  facter.x86_64 0:2.4.1-1.el7                hiera.noarch 1:1.3.4-5.el7                 libselinux-ruby.x86_64 0:2.5-14.1.el7 ruby.x86_64 0:2.0.0.648-35.el7_6     
  ruby-augeas.x86_64 0:0.5.0-1.el7           ruby-irb.noarch 0:2.0.0.648-35.el7_6       ruby-libs.x86_64 0:2.0.0.648-35.el7_6 ruby-shadow.x86_64 0:1.4.1-23.el7    
  rubygem-bigdecimal.x86_64 0:1.2.0-35.el7_6 rubygem-io-console.x86_64 0:0.4.2-35.el7_6 rubygem-json.x86_64 0:1.7.7-35.el7_6  rubygem-psych.x86_64 0:2.0.0-35.el7_6
  rubygem-rdoc.noarch 0:4.0.0-35.el7_6       rubygem-rgen.noarch 0:0.6.6-2.el7          rubygems.noarch 0:2.0.14.1-35.el7_6  

Complete!
[root@mysql1 ~]# 

客户端配置Puppet:

文件:/etc/puppet/puppet.conf

[root@mysql1 ~]# ls -ltr /etc/puppet/
total 12
-rw-r--r-- 1 root root  853 Jun  9  2014 puppet.conf
-rw-r--r-- 1 root root 4178 Jun  9  2014 auth.conf
drwxr-xr-x 2 root root    6 Aug 19  2014 modules
[root@mysql1 ~]# 
[root@mysql1 ~]# vi /etc/puppet/puppet.conf 
[root@mysql1 ~]# 
[root@mysql1 ~]# cat /etc/puppet/puppet.conf 
[main]
    server = puppet.adamhuan.com
    # The Puppet log directory.
    # The default value is '$vardir/log'.
    logdir = /var/log/puppet

    # Where Puppet PID files are kept.
    # The default value is '$vardir/run'.
    rundir = /var/run/puppet

    # Where SSL certificates are kept.
    # The default value is '$confdir/ssl'.
    ssldir = $vardir/ssl

[agent]
    # The file in which puppetd stores a list of the classes
    # associated with the retrieved configuratiion.  Can be loaded in
    # the separate ``puppet`` executable using the ``--loadclasses``
    # option.
    # The default value is '$confdir/classes.txt'.
    classfile = $vardir/classes.txt

    # Where puppetd caches the local configuration.  An
    # extension indicating the cache format is added automatically.
    # The default value is '$confdir/localconfig'.
    localconfig = $vardir/localconfig
[root@mysql1 ~]# 

在【main】组中,增加了一个配置【server】

客户端的【HOSTS】表:

[root@mysql1 ~]# vi /etc/hosts
[root@mysql1 ~]# 
[root@mysql1 ~]# cat /etc/hosts
#127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
#::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

# Local
127.0.0.1       localhost

# Pub
#192.168.40.254 linux

# Puppet Server side
192.168.40.252  puppet puppet.adamhuan.com
[root@mysql1 ~]# 

Puppet的客户端向服务端申请证书:

[root@mysql1 ~]# puppet agent --server=puppet.adamhuan.com --no-daemonize --verbose
Info: Creating a new SSL key for mysql1.adamhuan.com
Info: Caching certificate for ca
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for mysql1.adamhuan.com
Info: Certificate Request fingerprint (SHA256): 5E:D9:DB:AF:20:65:F6:49:52:9A:1A:BA:AC:D3:AA:7C:14:32:38:61:CD:2C:84:85:58:E5:FE:22:E2:F7:63:22
Info: Caching certificate for ca
[root@mysql1 ~]# 

看到【Info: Caching certificate for ca】信息后,等待一段时间,大概30秒左右,就可以通过【CTRL + c】去停止了。

然后,上面客户端获取证书的信息,也会出现在Puppet的服务端的日志上:

[root@puppet ~]# tail -f /var/log/puppet/masterhttp.log 
[2019-08-05 19:32:57] 192.168.40.11 - - [05/Aug/2019:19:32:57 PDT] "GET /production/certificate/mysql1.adamhuan.com? HTTP/1.1" 404 57
[2019-08-05 19:32:57] - -> /production/certificate/mysql1.adamhuan.com?
[2019-08-05 19:32:57] 192.168.40.11 - - [05/Aug/2019:19:32:57 PDT] "GET /production/certificate/mysql1.adamhuan.com? HTTP/1.1" 404 57
[2019-08-05 19:32:57] - -> /production/certificate/mysql1.adamhuan.com?
[2019-08-05 19:32:57] 192.168.40.11 - - [05/Aug/2019:19:32:57 PDT] "GET /production/certificate/mysql1.adamhuan.com? HTTP/1.1" 404 57
[2019-08-05 19:32:57] - -> /production/certificate/mysql1.adamhuan.com?
[2019-08-05 19:32:57] 192.168.40.11 - - [05/Aug/2019:19:32:57 PDT] "GET /production/certificate/mysql1.adamhuan.com? HTTP/1.1" 404 57
[2019-08-05 19:32:57] - -> /production/certificate/mysql1.adamhuan.com?
[2019-08-05 19:32:57] 192.168.40.11 - - [05/Aug/2019:19:32:57 PDT] "GET /production/certificate/mysql1.adamhuan.com? HTTP/1.1" 404 57
[2019-08-05 19:32:57] - -> /production/certificate/mysql1.adamhuan.com?

服务端可以查看到,申请了证书的客户端:

[root@puppet ~]# puppet cert list
  "mysql1.adamhuan.com" (SHA256) 5E:D9:DB:AF:20:65:F6:49:52:9A:1A:BA:AC:D3:AA:7C:14:32:38:61:CD:2C:84:85:58:E5:FE:22:E2:F7:63:22
[root@puppet ~]# 

授权:

[root@puppet ~]# puppet cert sign --all
Notice: Signed certificate request for mysql1.adamhuan.com
Notice: Removing file Puppet::SSL::CertificateRequest mysql1.adamhuan.com at '/var/lib/puppet/ssl/ca/requests/mysql1.adamhuan.com.pem'
[root@puppet ~]# 

授权完成后,就可以在目录中看到了:

[root@puppet ~]# ls -ltr /var/lib/puppet/ssl/ca/signed/
total 8
-rw-r--r-- 1 puppet puppet 2017 Aug  5 19:06 puppet.adamhuan.com.pem
-rw-r--r-- 1 puppet puppet 1964 Aug  5 19:36 mysql1.adamhuan.com.pem
[root@puppet ~]# 

这样,客户端加入服务端就完成了。

然后,你可以在客户端测试:

[root@mysql1 ~]# puppet agent -t
Info: Caching certificate for mysql1.adamhuan.com
Info: Caching certificate_revocation_list for ca
Info: Caching certificate for mysql1.adamhuan.com
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for mysql1.adamhuan.com
Info: Applying configuration version '1565071692'
Info: Creating state file /var/lib/puppet/state/state.yaml
Notice: Finished catalog run in 0.02 seconds
[root@mysql1 ~]# 

终了,…

2
说点什么

avatar
2 Comment threads
0 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
1 Comment authors
Adamhuan Recent comment authors

此站点使用Akismet来减少垃圾评论。了解我们如何处理您的评论数据

  Subscribe  
提醒
隐藏
变装