Puppet is a centralized configuration management system for Linux, Unix, and Windows platforms. It uses its own puppet description language to manage configuration files, users, cron tasks, software packages, and system services. Puppet refers to these system entities as resources. The design goal of puppet is to simplify the management of these resources and properly handle the dependencies between resources.
Puppet adopts C / S star structure, all clients interact with one or several servers. Every client cycle (default half an hour) sends a request to the server to obtain its latest configuration information and ensure synchronization with the configuration information. Each puppet client connects to the server once every half hour (can be set), download the latest configuration file, and configure the client strictly according to the configuration file. After the configuration is completed, the puppet client can feedback a message to the server. If an error occurs , Will also send a message back to the server.
lab environment:
Puppet Server: 192.168.2.130 host name 130-node1 (as long as the Server and Client are different)
Puppet Client: 192.168.2.129 host name bp-vm
Server:
[root@130-node1 ~]#yum install epel-release -y
[root @ 130-node1 ~] # cat / etc / hostname #Get the host name, the following hosts file needs to use
130-node1
[root @ 130-node1 ~] # vi / etc / hosts #Configure the corresponding ip and host name
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
:: 1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.2.130 130-node1
192.168.2.129 bp-vm
[root @ 130-node1 ~] #yum install puppet-server -y
[root @ 130-node1 ~] #puppet master --no-daemonize --debug #Run puppet in the foreground to facilitate troubleshooting. Then open another window to perform subsequent operations
[root @ 130-node1 ~] #vi /etc/puppet/manifests/site.pp #Configuration. The meaning here is to modify the content of /tmp/helloworld.txt on the Client to Hello World!
node default {
file {"/ tmp / helloworld.txt ":
content =>" Hello World! ",
}
}
[root @ 130-node1 ~] #
node default {
file {"/ tmp / helloworld.txt ":
content =>" Hello World! ",
}
}
[root @ 130-node1 ~] #
Client:
[root@bp-vm ~]#yum install epel-release -y
[root@bp-vm ~]#yum install puppet -y
[root @ bp-vm ~] # cat / etc / hostname #Get the host name, the following hosts file needs to use
bp-vm
[root @ bp-vm ~] # vi / etc / hosts #Configure the corresponding ip and host name
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
:: 1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.2.130 130-node1
192.168.2.129 bp-vm
bp-vm
[root @ bp-vm ~] # vi / etc / hosts #Configure the corresponding ip and host name
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
:: 1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.2.130 130-node1
192.168.2.129 bp-vm
[root @ bp-vm ~] # cat /etc/puppet/puppet.conf|grep -v '#' | grep -v ^ $
[main]
logdir = / var / log / puppet
rundir = / var / run / puppet
ssldir = $ vardir / ssl
[agent]
classfile = $ vardir / classes.txt
localconfig = $ vardir / localconfig
server = 130-node1 #Just modify it here. Specify the address of Puppet
[root @ bp-vm ~] # puppet agent --test #Start testing, puppet involves authentication and authorization issues, because the Client is not officially authorized, so here is only to initiate an authentication application to the Server, so it will return an error, don't worry
[main]
logdir = / var / log / puppet
rundir = / var / run / puppet
ssldir = $ vardir / ssl
[agent]
classfile = $ vardir / classes.txt
localconfig = $ vardir / localconfig
server = 130-node1 #Just modify it here. Specify the address of Puppet
[root @ bp-vm ~] # puppet agent --test #Start testing, puppet involves authentication and authorization issues, because the Client is not officially authorized, so here is only to initiate an authentication application to the Server, so it will return an error, don't worry
Server:
[root @ 130-node1 ~] # puppet cert list --all #View the authorization information of the Server, there is a + sign in front is authorized, you can see that our Client (bp-vm) is not authorized
"bp-vm "(SHA256) 3C: 97: 3B: C7: EB: 5D: D2: 67: 77: D6: 9C: 6D: 50: 90: 1E: 49: D8: DA: 14: 40: 4D: 18: 6B: 5B: 7F: F2: 0E: 8C: 02: 98: 91: F2
+ "130-node1" (SHA256) 6A: C2: ED: 5C: B4: E6: CE: AC: 0B: 48: CB: 48: 46: 10: 10: 5D: 13: C1: 0F: 78: D8: 86: 62: 00: 98: B8: 52: C4: 60: 46: 34: FD
[root @ 130-node1 ~] # puppet cert sign bp-vm #Confirm to bp-vm
Notice: Signed certificate request for bp-vm
Notice: Removing file Puppet :: SSL :: CertificateRequest bp-vm at '/ var / lib / puppet / ssl / ca / requests / bp -vm.pem '
[root @ 130-node1 ~] # puppet cert list --all # bp-vm is authorized with + sign
+ "130-node1" (SHA256) 6A: C2: ED: 5C: B4: E6 : CE: AC: 0B: 48: CB: 48: 46: 10: 10: 5D: 13: C1: 0F: 78: D8: 86: 62: 00: 98: B8: 52: C4: 60: 46: 34 : FD
+ "bp-vm" (SHA256) B7:EE:85:62:BE:C8:BD:46:54:A4:BC:09:D4:F5:94:0A:E0:CC:8B:0E:D9:E2:68:3E:93:56:CD:1D:6B:9E:A7:04
[root@130-node1 ~]#
"bp-vm "(SHA256) 3C: 97: 3B: C7: EB: 5D: D2: 67: 77: D6: 9C: 6D: 50: 90: 1E: 49: D8: DA: 14: 40: 4D: 18: 6B: 5B: 7F: F2: 0E: 8C: 02: 98: 91: F2
+ "130-node1" (SHA256) 6A: C2: ED: 5C: B4: E6: CE: AC: 0B: 48: CB: 48: 46: 10: 10: 5D: 13: C1: 0F: 78: D8: 86: 62: 00: 98: B8: 52: C4: 60: 46: 34: FD
[root @ 130-node1 ~] # puppet cert sign bp-vm #Confirm to bp-vm
Notice: Signed certificate request for bp-vm
Notice: Removing file Puppet :: SSL :: CertificateRequest bp-vm at '/ var / lib / puppet / ssl / ca / requests / bp -vm.pem '
[root @ 130-node1 ~] # puppet cert list --all # bp-vm is authorized with + sign
+ "130-node1" (SHA256) 6A: C2: ED: 5C: B4: E6 : CE: AC: 0B: 48: CB: 48: 46: 10: 10: 5D: 13: C1: 0F: 78: D8: 86: 62: 00: 98: B8: 52: C4: 60: 46: 34 : FD
+ "bp-vm" (SHA256) B7:EE:85:62:BE:C8:BD:46:54:A4:BC:09:D4:F5:94:0A:E0:CC:8B:0E:D9:E2:68:3E:93:56:CD:1D:6B:9E:A7:04
[root@130-node1 ~]#
Client:
[root @ bp-vm ~] # cat /tmp/helloworld.txt
cat: /tmp/helloworld.txt: Without that file or directory
[root @ bp-vm ~] # puppet agent --test # Report an error without authorization After the authorization, execute the newly added /tmp/helloworld.txt file
Info: Caching certificate for bp-vm
Info: Caching certificate_revocation_list for ca
Info: Caching certificate for bp-vm
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for bp -vm
Info: Applying configuration version '1587394106'
Notice: /Stage[main]/Main/Node[default]/File[/tmp/helloworld.txt]/ensure: defined content as '{md5} ed076287532e86365e841e92bfc50d8c'
Info: Creating state file /var/lib/puppet/state/state.yaml
Notice: Finished catalog run in 0.01 seconds
[root@bp-vm ~]# cat /tmp/helloworld.txt
Hello World![root@bp-vm ~]#
cat: /tmp/helloworld.txt: Without that file or directory
[root @ bp-vm ~] # puppet agent --test # Report an error without authorization After the authorization, execute the newly added /tmp/helloworld.txt file
Info: Caching certificate for bp-vm
Info: Caching certificate_revocation_list for ca
Info: Caching certificate for bp-vm
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for bp -vm
Info: Applying configuration version '1587394106'
Notice: /Stage[main]/Main/Node[default]/File[/tmp/helloworld.txt]/ensure: defined content as '{md5} ed076287532e86365e841e92bfc50d8c'
Info: Creating state file /var/lib/puppet/state/state.yaml
Notice: Finished catalog run in 0.01 seconds
[root@bp-vm ~]# cat /tmp/helloworld.txt
Hello World![root@bp-vm ~]#
Reference link:
https://www.cnblogs.com/eastson/p/6056456.html