|
Size: 2070
Comment:
|
← Revision 7 as of 2017-10-19 23:28:42 ⇥
Size: 2867
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 10: | Line 10: |
| Following are example configures: | Following are example configures: |
| Line 15: | Line 15: |
| # The default value is '$vardir/log'. | |
| Line 18: | Line 16: |
| logdir = /var/log/puppet | # The default value is '$vardir/log'. |
| Line 20: | Line 18: |
| # Where Puppet PID files are kept. | logdir = /var/log/puppet |
| Line 22: | Line 20: |
| # The default value is '$vardir/run'. | # Where Puppet PID files are kept. |
| Line 24: | Line 22: |
| rundir = /var/run/puppet | # The default value is '$vardir/run'. |
| Line 26: | Line 24: |
| # Where SSL certificates are kept. | rundir = /var/run/puppet |
| Line 28: | Line 26: |
| # The default value is '$confdir/ssl'. | # Where SSL certificates are kept. |
| Line 30: | Line 28: |
| ssldir = $vardir/ssl | # The default value is '$confdir/ssl'. |
| Line 32: | Line 30: |
| #puppet server westcoast dns name | ssldir = $vardir/ssl |
| Line 34: | Line 32: |
| server = li823-33.members.linode.com | #puppet server westcoast dns name server = li823-33.members.linode.com |
| Line 38: | Line 38: |
| certname = <YOUR CLIENT SERVER HOSTNAME> | certname = <YOUR CLIENT SERVER HOSTNAME> |
| Line 44: | Line 44: |
| # The file in which puppetd stores a list of the classes | # The file in which puppetd stores a list of the classes |
| Line 48: | Line 48: |
| # the separate puppet executable using the --loadclasses | # the separate puppet executable using the --loadclasses |
| Line 50: | Line 50: |
| # option. | # option. |
| Line 52: | Line 52: |
| # The default value is '$confdir/classes.txt'. | # The default value is '$confdir/classes.txt'. |
| Line 56: | Line 56: |
| #runinterval = 8h | #runinterval = 8h |
| Line 58: | Line 58: |
| onetime = true | onetime = true |
| Line 60: | Line 60: |
| # Where puppetd caches the local configuration. An | # Where puppetd caches the local configuration. An |
| Line 62: | Line 62: |
| # extension indicating the cache format is added automatically. | # extension indicating the cache format is added automatically. |
| Line 64: | Line 64: |
| # The default value is '$confdir/localconfig'. | # The default value is '$confdir/localconfig'. |
| Line 78: | Line 78: |
| docker ps The result will be: CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 554b5ba9c2b4 7a52905b3674 "/bin/bash" 2 weeks ago Up 2 weeks jovial_shockley e2f8ce9e076e registry "/entrypoint.sh /etc 2 weeks ago Up 2 weeks 0.0.0.0:5000->5000/tcp registry }}} {{{ docker attach 554b5ba9c2b4 (go into the puppet server container) }}} {{{ service puppetserver status (make sure the puppet server is running) puppetserver (pid 109) is running... Then list the certificates: |
|
| Line 93: | Line 110: |
| Then Type '''Ctrl+p, Ctrl+q''' will help you to detach from the puppet server container and back to the westcoast bash shell. |
Following are steps on how to install and configure a puppet client:
rpm -ivh https://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm yum -y install puppet vim /etc/puppet/puppet.conf
Following are example configures:
[main]
# The Puppet log directory.
# The default value is '$vardir/log'.
logdir = /var/log/puppet
# Where Puppet PID files are kept.
# The default value is '$vardir/run'.
rundir = /var/run/puppet
# Where SSL certificates are kept.
# The default value is '$confdir/ssl'.
ssldir = $vardir/ssl
#puppet server westcoast dns name
server = li823-33.members.linode.com
#your client server dns name
certname = <YOUR CLIENT SERVER HOSTNAME>
environment = production
[agent]
# The file in which puppetd stores a list of the classes
# associated with the retrieved configuratiion. Can be loaded in
# the separate puppet executable using the --loadclasses
# option.
# The default value is '$confdir/classes.txt'.
classfile = $vardir/classes.txt
#runinterval = 8h
onetime = true
# Where puppetd caches the local configuration. An
# extension indicating the cache format is added automatically.
# The default value is '$confdir/localconfig'.
localconfig = $vardir/localconfig
After editing the puppet.conf, run:
puppet agent --test --debug
Then
Ssh to puppet master server (westcoast server: li823-33.members.linode.com), run:
docker ps The result will be: CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 554b5ba9c2b4 7a52905b3674 "/bin/bash" 2 weeks ago Up 2 weeks jovial_shockley e2f8ce9e076e registry "/entrypoint.sh /etc 2 weeks ago Up 2 weeks 0.0.0.0:5000->5000/tcp registry
docker attach 554b5ba9c2b4 (go into the puppet server container)
service puppetserver status (make sure the puppet server is running) puppetserver (pid 109) is running... Then list the certificates: puppet cert list -all
we will see the client's certificate has not been signed yet (no “+” in front):
"<YOUR CLIENT HOSTNAME>" (SHA256) FA:42:85:8A:27:C8:DE:39:AC:20:6A:D5:F5:C7:B2:64:12:B5:FB:93:31:9B:27:DC:28:61:45:0A:F9:8E:C0:57
Then we run:
puppet cert sign <YOUR CLIENT HOSTNAME>
to authorize the client certificate.
List the certificates again to see the client's certificate is authorized.
Then Type Ctrl+p, Ctrl+q will help you to detach from the puppet server container and back to the westcoast bash shell.
In the client you can run:
puppet agent --test --debug
again to see the client could communicate with the server.