Shulou(Shulou.com)06/03 Report--

1 modify the hostname and hosts file of each host

192.168.0.13 master

192.168.0.14 slave

Vim / etc/hostname # modify hostname

Slave

Vim / etc/hosts # adds DNS parsing

127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4

:: 1 localhost localhost.localdomain localhost6 localhost6.localdomain6

192.168.0.13 master

192.168.0.14 slave

192.168.0.16 web1.yang.com # servers that provide static resources

192.168.0.19 proxy1.yang.com # reverse server

two。 Install masterside, agent side

Yum install epel-release.noarch-y

Yum install puppet-server.noarch

# remember to start systemctl restart pupetmaster

Install the agent side

Yum install puppet-y

Vim / etc/puppet/puppet.conf # modify the configuration on the agent side to add the following configuration

Server = master # specify the hostname of the server. Remember whether the test under ping can resolve to the server IP normally.

Runinterval = 10 # refresh every 10s

3. Certificate authentication server runs puppet agent-test-server master # sends certificate request to master host puppet cert list-all # View all certificates puppet cert list # only look at unissued puppet cert sign-- all # issue all unsigned puppet cert sign slave # only issue certificate named "slave" puppet cert clean slave # revoke the certificate of the specified client And delete all the related files rm-rf / var/lib/puppet/ssl/ # this folder stores the certificate on the server side. The server side revokes the certificate first, and the client side here is deleting the folder where the certificate is stored. After reapplying, it has achieved the effect of re-application and automatically issued the new configuration file autosign.conf under / etc/puppet. Write the domain name to be automatically signed into the file vim / etc/puppet/autosign.conf*.xxx.com method II vim / etc/puppet/puppet.confautosign = true Supplementary ll / var/lib/puppet/ssl/ca/requests# Server side View request Certificate (this folder is an unsigned certificate) ll / var/lib/puppet/ssl/ca/signed/# server side view signed certificate (this folder is signed Certificate) / var/lib/puppet/ssl/# Agent side certificate location If you need to change the certificate, delete all the contents and re-think server to send the application, you can explain the 4.pp file.

Manifests-- size.pp: this file is a navigation file, which is used to match the vim / etc/puppet/manifests/site.ppnode default {# default match of the user's calling class, indicating that whenever the certificate is issued, the following class include nginx # calls the class named nginx} node / web [0-9] +\ .yang\ .com / {# regular match The following class is issued after the hostname begins with web and is followed by .yang.com. The following class I use to match the include web} node / proxy [0-9] +\ .yang\ .com / {# regular match of "web1.yang.com" means that the hostname begins with proxy followed by a number and the following class include proxy} is issued only after .yang.com.

Modules: this folder stores modules. I set up three modules. Nginx proxy web,nginx is called by default "node default" to install the vim / etc/puppet/modules/nginx/manifests/init.ppclass nginx {# of the nginx package. Note, the class name should be the same as the folder name. Otherwise, it cannot be called by size.pp file package {"nginx": ensure= > present,}} web is called by "node / web [0-9] +\ .yang\ .com /" Class web used to modify the nginx configuration file ($nginx_port= "8080") {# first define a variable file {'/ etc/nginx/nginx.conf': # the path to the replication client:: wq ensure = > file, content = > template ('/ etc/puppet/modules/web/files/nginx.conf'), # location of the template file The files folder inside the module is the owner = > 'root', group = >' root', mode = > '0644 files,}} used to store the template files.

The focus of the configuration file is the default port 80, which will be replaced in the process of copying. The 8080proxy defined earlier is called by "node / proxy [0-9] +\ .yang\ .com /". It is also used to modify the nginx configuration file, but the reverse template copied here is almost the same as the above web. test

The default time for agent to request resources is 30 minutes. You can use puppet agent-t to request resources manually.

# you can see that nginx has been installed, and this is the first module, "nginx", installed

# opening the configuration file of nginx, you can see that the port here has been replaced with 8080. This is the effect of the second module "web".

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.