# centos에서 puppet 설치하기 ### 구성정보 1. Master machine 1. ip : 192.168.10.10 / master.localdomain / Centos6 2. Agent machine 1. ip : 192.168.10.100 / agent.localdomain / Centos6 ### 공통작업 1. 리포지터리 추가 ```shell $> rpm -Uvh http://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm Retrieving http://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm warning: /var/tmp/rpm-tmp.Ze6mXg: Header V4 RSA/SHA1 Signature, key ID 4bd6ec30: NOKEY Preparing...                ########################################### [100%]        package puppetlabs-release-6-11.noarch is already installed ``` ### 서버 구성하기 1. 마스터서버 작업하기1. 패키지 설치 ```shell [root@master ~]# yum install puppet-server -y ===============================================================================================  Package                Arch         Version                   Repository                 Size =============================================================================================== Installing:  puppet-server          noarch       3.8.2-1.el6               puppetlabs-products        24 k Installing for dependencies:  augeas-libs            x86_64       1.0.0-10.el6              base                      314 k  compat-readline5       x86_64       5.2-17.1.el6              base                      130 k  facter                 x86_64       1:2.4.4-1.el6             puppetlabs-products        99 k  hiera                  noarch       1.3.4-1.el6               puppetlabs-products        23 k  libselinux-ruby        x86_64       2.0.94-5.8.el6            base                      100 k  puppet                 noarch       3.8.2-1.el6               puppetlabs-products       1.6 M  ruby                   x86_64       1.8.7.374-4.el6_6         base                      538 k  ruby-augeas            x86_64       0.4.1-3.el6               puppetlabs-deps            21 k  ruby-irb               x86_64       1.8.7.374-4.el6_6         base                      317 k  ruby-libs              x86_64       1.8.7.374-4.el6_6         base                      1.7 M  ruby-rdoc              x86_64       1.8.7.374-4.el6_6         base                      381 k  ruby-shadow            x86_64       1:2.2.0-2.el6             puppetlabs-deps            13 k  rubygem-json           x86_64       1.5.5-3.el6               puppetlabs-deps           763 k  rubygems               noarch       1.3.7-5.el6               base                      207 k   Transaction Summary =============================================================================================== Install      15 Package(s) ```
1. config 수정하기 ```shell [root@master ~]# vi /etc/puppet/puppet.conf [main]    # The Puppet log directory.    # The default value is '$vardir/log'.    logdir = /var/log/puppet      # Where Puppet PID files are kept.    # The default value is '$vardir/run'.    rundir = /var/run/puppet      # Where SSL certificates are kept.    # The default value is '$confdir/ssl'.    ssldir = $vardir/ssl    moduledir = /etc/puppet/modules   [agent]    # The file in which puppetd stores a list of the classes    # associated with the retrieved configuratiion.  Can be loaded in    # the separate ``puppet`` executable using the ``--loadclasses``    # option.    # The default value is '$confdir/classes.txt'.    classfile = $vardir/classes.txt      # Where puppetd caches the local configuration.  An    # extension indicating the cache format is added automatically.    # The default value is '$confdir/localconfig'.    localconfig = $vardir/localconfig   [master]   certname = master.localdomain moduledir 경로추가, certname = master.localdomain에 master호스트네임 기재 ``` 2. 패키지 업그레이드 ```shell [root@master ~]# puppet resource package puppet-server ensure=latest package { 'puppet-server':  ensure => '3.8.2-1.el6', } ``` 3. 서비스 시작 ```shell [root@master ~]# /etc/init.d/puppetmaster start Starting puppetmaster:                                     [  OK  ] ``` 4. 포트상태 확인 ```shell [root@master ~]# netstat -antp | grep LISTEN tcp        0      0 0.0.0.0:8140                0.0.0.0:*                   LISTEN      1127/ruby tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      878/sshd tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      897/sendmail tcp        0      0 :::22                       :::*                        LISTEN      878/sshd * tcp/8140번 포트가 오픈되어 있는지 확인. ```
2. Agent 작업하기1. 패키지 설치 ```shell [root@agent ~]# yum install puppet -y   ===============================================================================================  Package                Arch         Version                   Repository                 Size =============================================================================================== Installing:  puppet                 noarch       3.8.2-1.el6               puppetlabs-products       1.6 M Installing for dependencies:  augeas-libs            x86_64       1.0.0-10.el6              base                      314 k  compat-readline5       x86_64       5.2-17.1.el6              base                      130 k  facter                 x86_64       1:2.4.4-1.el6             puppetlabs-products        99 k  hiera                  noarch       1.3.4-1.el6               puppetlabs-products        23 k  libselinux-ruby        x86_64       2.0.94-5.8.el6            base                      100 k  ruby                   x86_64       1.8.7.374-4.el6_6         base                      538 k  ruby-augeas            x86_64       0.4.1-3.el6               puppetlabs-deps            21 k  ruby-irb               x86_64       1.8.7.374-4.el6_6         base                      317 k  ruby-libs              x86_64       1.8.7.374-4.el6_6         base                      1.7 M  ruby-rdoc              x86_64       1.8.7.374-4.el6_6         base                      381 k  ruby-shadow            x86_64       1:2.2.0-2.el6             puppetlabs-deps            13 k  rubygem-json           x86_64       1.5.5-3.el6               puppetlabs-deps           763 k  rubygems               noarch       1.3.7-5.el6               base                      207 k   Transaction Summary =============================================================================================== Install      14 Package(s) ```
1. 설정파일 수정 ```shell [root@agent ~]# vi /etc/puppet/puppet.conf [main]    # The Puppet log directory.    # The default value is '$vardir/log'.    logdir = /var/log/puppet      # Where Puppet PID files are kept.    # The default value is '$vardir/run'.    rundir = /var/run/puppet      # Where SSL certificates are kept.    # The default value is '$confdir/ssl'.    ssldir = $vardir/ssl   [agent]    # The file in which puppetd stores a list of the classes    # associated with the retrieved configuratiion.  Can be loaded in    # the separate ``puppet`` executable using the ``--loadclasses``    # option.    # The default value is '$confdir/classes.txt'.    classfile = $vardir/classes.txt      # Where puppetd caches the local configuration.  An    # extension indicating the cache format is added automatically.    # The default value is '$confdir/localconfig'.    localconfig = $vardir/localconfig    certname=agent.localdomain    runinterval = 60 certname = 에이전트 호스트네임 추가, runinterval은 업데이트 주기(초단위)로 설정하면 됨. [root@agent ~]# vi /etc/sysconfig/puppet   # The puppetmaster server PUPPET_SERVER=master.localdomain   # If you wish to specify the port to connect to do so here #PUPPET_PORT=8140   # Where to log to. Specify syslog to send log messages to the system log. PUPPET_LOG=/var/log/puppet/puppet.log   # You may specify other parameters to the puppet client here #PUPPET_EXTRA_OPTS=--waitforcert=500 PUPPET_SERVER에 마스터 서버 호스트네임 입력 PUPPET_LOG에 에이전트 로그파일 파일명 입력 ``` 2. 서비스 시작 ```shell [root@agent ~]# /etc/init.d/puppet start Starting puppet agent:                                     [  OK  ] [root@agent ~]# ps -ef | grep puppet root      1072     1  3 16:03 ?        00:00:00 /usr/bin/ruby /usr/bin/puppet agent --server=master.localdomain --logdest=/var/log/puppet/puppet.log * 프로세스 실핵확인하면 됨 ```
### 서버 연동하기 1. 마스터서버에서 인증작업하기
1. 인증이 필요한 클라이언트 확인 ```shell [root@master ~]# puppet cert --sign --list  "agent.localdomain" (SHA256) 52:0D:EF:51:BB:50:99:FE:BC:6D:2F:33:CC:A9:43:73:3B:1C:C6:A1:D6:4C:D2:13:DE:AA:75:E9:7E:D2:2A:E5 * 도메인 옆에 +기호가 붙어있으면 인증이 완료된 에이전트 입니다. ``` 2. 에이전트 인증작업 수행 ```shell [root@master ~]# puppet cert --sign agent.localdomain Notice: Signed certificate request for agent.localdomain Notice: Removing file Puppet::SSL::CertificateRequest agent.localdomain at '/var/lib/puppet/ssl/ca/requests/agent.localdomain.pem' ``` 3. 인증완료여부 확인 ```shell [root@master ~]# puppet cert --sign --all --list + "agent.localdomain"  (SHA256) 9C:18:CA:26:73:CA:65:96:85:07:B1:F4:B7:A3:2C:43:FA:EE:63:3C:A7:A3:6C:CD:A2:51:5B:81:D2:E5:2D:3F 도메인 옆에 +기호가 생기면 완료. ```
연동이 잘 되었는지 테스트.
4. 아래 경로에서 파일생성 ```shell [root@master ~]# cat /etc/puppet/manifests/site.pp file { '/tmp/hello' :  owner => root,  group => root,  mode => 444,  content => "Hello Pupplet by Machine\n"; } ```
* /tmp/hello 파일이 생성되는데, 생성시 root의 사용자와 그룹으로 지정하여 생성하고 퍼미션은 444(read)생성하되, 텍스트 데이터는 Hello Pupplet라는 데이터로 저장
5. pupplet 적용하기 ```shell [root@master ~]# puppet apply  /etc/puppet/manifests/site.pp Notice: Compiled catalog for master in environment production in 0.17 seconds Notice: /Stage[main]/Main/File[/tmp/hello]/content: content changed '{md5}723c9d4525cebf11f4e6171740b15abd' to '{md5}7b1d27a85c9ebf03075ee2150fb4d770' Notice: Finished catalog run in 0.09 seconds 에이전트) /tmp/hello파일이 생성되었는지 확인 ```
2. Agent 작업하기 ```shell [root@agent ~]# ls -l /tmp/hello -r--r--r-- 1 root root 25 Sep 14 16:11 /tmp/hello [root@agent ~]# cat /tmp/hello Hello Pupplet by Machine ``` - /tmp/hello파일이 생성되었는지 확인
*Reference* - *[https://docs.puppetlabs.com/guides/install\_puppet/install\_el.html?\_ga=1.81661140.2146970350.1440482857//](https://docs.puppetlabs.com/guides/install_puppet/install_el.html?_ga=1.81661140.2146970350.1440482857//)* - *[http://ora-sysdba.tistory.com/entry/Infra-%EC%84%9C%EB%B2%84%EA%B4%80%EB%A6%AC%EC%9D%98-%ED%9A%A8%EC%9C%A8%ED%99%94-Puppet-%EC%84%A4%EC%B9%98//](http://ora-sysdba.tistory.com/entry/Infra-%EC%84%9C%EB%B2%84%EA%B4%80%EB%A6%AC%EC%9D%98-%ED%9A%A8%EC%9C%A8%ED%99%94-Puppet-%EC%84%A4%EC%B9%98//)*