|
⇤ ← Revision 1 as of 2017-09-28 05:18:04
Size: 2717
Comment:
|
Size: 2779
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 28: | Line 28: |
| rpm -ivh | rpm -ivh https://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm |
We can use Puppet to automatically deploy the control server:
There is a puppet server running on our westcoast server (li823-33.members.linode.com).
ssh to the westcoast server, su - to root.
cd /etc/puppet/environments/production/manifests/
vim client.pp
then put the new control server's full qualified hostname in the .pp file e.g.
node 'virtual.crecom.com.au' {...}
Save and exit.
ssh to your new control server, su - to root. And install the puppet agent. Do following steps:
rpm -ivh https://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm yum -y install puppet vim /etc/puppet/puppet.conf
Then put following configures in:
[main]
# The Puppet log directory.
# The default value is '$vardir/log'.
logdir = /var/log/puppet
# Where Puppet PID files are kept.
# The default value is '$vardir/run'.
rundir = /var/run/puppet
# Where SSL certificates are kept.
# The default value is '$confdir/ssl'.
ssldir = $vardir/ssl
#puppet server dns name
server = li823-33.members.linode.com
#your client server dns name
certname = <YOUR CLIENT DNS NAME HERE>
environment = production
[agent]
# The file in which puppetd stores a list of the classes
# associated with the retrieved configuratiion. Can be loaded in
# the separate ``puppet`` executable using the ``--loadclasses``
# option.
# The default value is '$confdir/classes.txt'.
classfile = $vardir/classes.txt
#runinterval = 8h
onetime = true
# Where puppetd caches the local configuration. An
# extension indicating the cache format is added automatically.
# The default value is '$confdir/localconfig'.
localconfig = $vardir/localconfigAfter editing the puppet.conf, run:
puppet agent --test --debug
in the log you will see the puppet client creates the client certificate and the puppet master have not signed the certificate yet.
Ssh to puppet master server (westcoast server: li823-33.members.linode.com), run:
puppet cert list -all
we will see the client's certificate has not been signed yet (no “+” in front):
"<YOUR CLIENT HOSTNAME>" (SHA256) FA:42:85:8A:27:C8:DE:39:AC:20:6A:D5:F5:C7:B2:64:12:B5:FB:93:31:9B:27:DC:28:61:45:0A:F9:8E:C0:57
Then we run:
puppet cert sign <YOUR CLIENT HOSTNAME>
to authorize the client certificate.
List the certificates again to see the client's certificate is authorized.
In the client you can run.
puppet agent --test --debug &>debug
again so the client could communicate with the server and start to deploy the control server automatically.