テスト、勉強の為、出来るだけ簡単にPuppetのMaster/Agent構成を作る方法をまとめました。
前提条件
- RHEL 7.2
- Puppet 4.4.2
- Masterのhostname rhel7, rhel7.localで見つかる
- Agentのhostname rhel7agent, rhel7agent.localで見つかる
Master設定
rpm -Uvh https://yum.puppetlabs.com/puppetlabs-release-pc1-el-7.noarch.rpm
yum install -y puppet
yum install -y puppetserver
export PATH=/opt/puppetlabs/bin:$PATH
/opt/puppetlabs/bin/puppet resource service puppet ensure=running enable=true
puppet apply -e "user { 'jargyle': ensure => present, }"
puppet apply -e "group { 'web': ensure => present, }"
puppet resource group web > /etc/puppetlabs/code/environments/production/manifests/site.pp
puppet resource user jargyle | sed -e 's/gid.*/comment => '\''Judy Argyle'\'',\n groups => '\''web'\'',/' >> /etc/puppetlabs/code/environments/production/manifests/site.pp
echo "" >> /etc/puppetlabs/puppet/puppet.conf
echo "[main]" >> /etc/puppetlabs/puppet/puppet.conf
echo "dns_alt_names = rhel7,rhel7.local" >> /etc/puppetlabs/puppet/puppet.conf
echo "certname = rhel7.local" >> /etc/puppetlabs/puppet/puppet.conf
firewall-cmd --zone=public --add-port=8140/tcp --permanent
systemctl restart firewalld
puppet master --verbose # This command daemonize puppet
Agent設定
-
インストール
rpm -Uvh https://yum.puppetlabs.com/puppetlabs-release-pc1-el-7.noarch.rpm yum install -y puppet export PATH=/opt/puppetlabs/bin:$PATH echo "" >> /etc/puppetlabs/puppet/puppet.conf echo "[agent]" >> /etc/puppetlabs/puppet/puppet.conf echo "server = rhel7.local" >> /etc/puppetlabs/puppet/puppet.conf
-
テスト
CertificateがMasterに登録されていないので必ず失敗します。# puppet agent -t Info: Caching certificate for ca Info: csr_attributes file loading from /etc/puppetlabs/puppet/csr_attributes.yaml Info: Creating a new SSL certificate request for rhel7agent Info: Certificate Request fingerprint (SHA256): 92:91:97:A5:2B:9D:C8:3C:51:20:2F:66:11:01:70:46:8F:70:C9:E6:3F:E7:E6:96:57:31:93:A3:1A:1A:85:8B Info: Caching certificate for ca Exiting; no certificate found and waitforcert is disabled
MaterでAgentをサイン
-
申請を確認
# puppet cert list "rhel7agent" (SHA256) 92:91:97:A5:2B:9D:C8:3C:51:20:2F:66:11:01:70:46:8F:70:C9:E6:3F:E7:E6:96:57:31:93:A3:1A:1A:85:8B
-
サイン
# puppet cert sign rhel7agent Notice: Signed certificate request for rhel7agent Notice: Removing file Puppet::SSL::CertificateRequest rhel7agent at '/etc/puppetlabs/puppet/ssl/ca/requests/rhel7agent.pem'
MaterにAgentの定義(manifests)登録
-
apacheのインストール
/etc/puppetlabs/code/environments/production/manifests/site.ppgroup { 'web': ensure => 'present', gid => '1002', } user { 'jargyle': ensure => 'present', comment => 'Judy Argyle', groups => 'web', home => '/home/jargyle', password => '!!', password_max_age => '99999', password_min_age => '0', shell => '/bin/bash', uid => '1001', } node 'rhel7agent' { package { 'httpd' : ensure => installed, } }
Agentで取り込む
-
適用
# puppet agent --onetime --no-daemonize --verbose Info: Using configured environment 'production' Info: Retrieving pluginfacts Info: Retrieving plugin Info: Caching catalog for rhel7agent Info: Applying configuration version '1462547748' Notice: /Stage[main]/Main/Group[web]/ensure: created Notice: /Stage[main]/Main/User[jargyle]/ensure: created Notice: /Stage[main]/Main/Node[rhel7agent]/Package[httpd]/ensure: created Info: Creating state file /opt/puppetlabs/puppet/cache/state/state.yaml Notice: Applied catalog in 32.74 seconds
この後
Puppetを使ったLinuxシステムの設定自動管理を読んでいけば上手く行く筈、、、