1. Puppet Server Host
master# hostnamectl set-hostname puppetmaster.kobic.kr
master# vi /etc/hosts
192.168.56.102 puppetmaster.kobic.kr puppetmaster
192.168.56.103 puppetnode01.kobic.kr puppetnode01
master# rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
master# yum -y install https://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm
master# sed -i -e "s/enabled=1/enabled=0/g" /etc/yum.repos.d/puppetlabs.repo
master# yum --enablerepo=puppetlabs-products,puppetlabs-deps -y install puppet-server
master# vi /etc/puppet/puppet.conf
[main]
master# systemctl start puppetmaster
master# systemctl enable puppetmaster
dns_alt_names = puppetmaster.kobic.kr
# puppet master --verbose --no-daemonize
Info: Creating a new SSL key for ca
Info: Creating a new SSL certificate request for ca
Info: Certificate Request fingerprint (SHA256): A5:F4:CF:38:F5:CF:5D:A2:2E:E4:0B:57:DF:C6:C1:05:FC:F4:EF:43:2D:0C:06:A8:44:76:88:AF:39:B3:5F:6A
Notice: Signed certificate request for ca
Info: Creating a new certificate revocation list
Info: Creating a new SSL key for puppetmaster.kobic.kr
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for puppetmaster.kobic.kr
Info: Certificate Request fingerprint (SHA256): 33:89:4D:AA:BA:AE:7F:AB:29:3A:1C:DD:BA:FD:9C:A9:D7:79:FE:8B:04:DD:2E:1F:BF:2A:22:1C:05:00:50:FD
Notice: puppetmaster.kobic.kr has a waiting certificate request
Notice: Signed certificate request for puppetmaster.kobic.kr
Notice: Removing file Puppet::SSL::CertificateRequest puppetmaster.kobic.kr at '/var/lib/puppet/ssl/ca/requests/puppetmaster.kobic.kr.pem'
Notice: Removing file Puppet::SSL::CertificateRequest puppetmaster.kobic.kr at '/var/lib/puppet/ssl/certificate_requests/puppetmaster.kobic.kr.pem'
Notice: Starting Puppet master version 3.8.7
Ctrl + C
# systemctl start puppetmaster
# systemctl enable puppetmaster
2. Puppet Client Host
node# hostnamectl set-hostname puppetnode01.kobic.kr
node# vi /etc/hosts
192.168.56.102 puppetmaster.kobic.kr puppetmaster
192.168.56.103 puppetnode01.kobic.kr puppetnode01
node# rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
node# yum -y install https://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm
node# sed -i -e "s/enabled=1/enabled=0/g" /etc/yum.repos.d/puppetlabs.repo
node# yum --enablerepo=puppetlabs-products,puppetlabs-deps -y install puppet
node# vi /etc/puppet/puppet.conf
[agent]
server = puppetmaster.kobic.kr
node# puppet agent --test --ca_server=puppetmaster.kobic.kr
Info: Creating a new SSL key for puppetnode01.kobic.kr
Info: Caching certificate for ca
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for puppetnode01.kobic.kr
Info: Certificate Request fingerprint (SHA256): D8:C5:00:42:7F:C4:C8:FC:53:6A:1D:04:FD:73:06:25:A8:A4:20:91:23:1C:E7:D3:F4:42:BE:87:06:E1:8E:FE
Info: Caching certificate for ca
Exiting; no certificate found and waitforcert is disabled
node# systemctl start puppet
node# systemctl enable puppet
3. Enable certificate
master# puppet cert list
"puppetnode01.kobic.kr" (SHA256) D8:C5:00:42:7F:C4:C8:FC:53:6A:1D:04:FD:73:06:25:A8:A4:20:91:23:1C:E7:D3:F4:42:BE:87:06:E1:8E:FE
master# puppet cert --allow-dns-alt-names sign puppetnode01.kobic.kr
Notice: Signed certificate request for puppetnode01.kobic.kr
Notice: Removing file Puppet::SSL::CertificateRequest puppetnode01.kobic.kr at '/var/lib/puppet/ssl/ca/requests/puppetnode01.kobic.kr.pem'
4. Test
master# vi /etc/puppet/manifests/site.pp
group { 'testgroup':
ensure => present,
gid => 2000,
}
node01# systemctl restart puppet
node01# grep testgroup /etc/group
testgroup:x:2000:
master# puppet apply /etc/puppet/manifests/site.pp
Notice: Compiled catalog for puppetmaster.kobic.kr in environment production in 0.09 seconds
Notice: /Stage[main]/Main/Group[testgroup]/ensure: created
Notice: Finished catalog run in 0.02 seconds
# cat /etc/group | grep test
testgroup:x:2000:
최근댓글