Puppet3.1 Master Client安装测试
Puppet3.1 Master Client安装测试
一, 测试环境
Master端
#uname -a
Linux master.inno.com 2.6.32-279.22.1.el6.centos.plus.x86_64 #1 SMP Wed Feb 6 05:16:56 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
#cat /etc/redhat-release
CentOS release 6.3 (Final)
]#cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.234.135 master master.inno.com
192.168.234.134 client client.inno.com
#cat /etc/resolv.conf
# Generated by NetworkManager
domain localdomain
search inno.com
nameserver 192.168.234.2
client端
# uname -a
Linux client.inno.com 2.6.18-308.el5 #1 SMP Tue Feb 21 20:06:06 EST 2012 x86_64 x86_64 x86_64 GNU/Linux
# cat /etc/redhat-release
CentOS release 5.8 (Final)
[root@client C]# cat /etc/hosts
127.0.0.1 localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6
192.168.234.134 client client.inno.com
192.168.234.135 master master.inno.com
# cat /etc/resolv.conf
; generated by /sbin/dhclient-script
search inno.com
nameserver 192.168.234.2
二, Master端安装
1,下载安装puppet.repo安装包
#wget http://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-7.noarch.rpm、#ls /etc/yum.repos.d/puppetlabs.repo
/etc/yum.repos.d/puppetlabs.repo
18:12:07 root@master (~) [335]#cat /etc/yum.repos.d/puppetlabs.repo
[puppetlabs-products]
name=Puppet Labs Products El 6 - $basearch
baseurl=http://yum.puppetlabs.com/el/6/products/$basearch
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-puppetlabs
enabled=1
gpgcheck=1
[puppetlabs-deps]
name=Puppet Labs Dependencies El 6 - $basearch
baseurl=http://yum.puppetlabs.com/el/6/dependencies/$basearch
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-puppetlabs
enabled=1
gpgcheck=1
[puppetlabs-devel]
name=Puppet Labs Devel El 6 - $basearch
baseurl=http://yum.puppetlabs.com/el/6/devel/$basearch
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-puppetlabs
enabled=0
gpgcheck=1
[puppetlabs-products-source]
name=Puppet Labs Products El 6 - $basearch - Source
baseurl=http://yum.puppetlabs.com/el/6/products/SRPMS
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-puppetlabs
failovermethod=priority
enabled=0
gpgcheck=1
[puppetlabs-deps-source]
name=Puppet Labs Source Dependencies El 6 - $basearch - Source
baseurl=http://yum.puppetlabs.com/el/6/dependencies/SRPMS
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-puppetlabs
enabled=0
gpgcheck=1
[puppetlabs-devel-source]
name=Puppet Labs Devel El 6 - $basearch - Source
baseurl=http://yum.puppetlabs.com/el/6/devel/SRPMS
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-puppetlabs
enabled=0
gpgcheck=1
2,在 master 上安装和启用 puppet 服务:由于软件自身依赖关系会自动安装ruby ,facter等软件
# yum install puppet-server
# chkconfig puppetmaster on
# service puppetmaster start
Starting puppetmaster: [ O K ]
三, Client端安装
由于clietn端是CentOS5.8所以puppet.repo源要改变下,改成5的
1,下载安装puppet.repo安装包
#wget http://yum.puppetlabs.com/el/5/products/x86_64/puppetlabs-release-5-7.noarch.rpm
#yum –y install puppetlabs-release-5.7.noarch.rpm
安装报错
error: rpmts_HdrFromFdno: Header V4 RSA/SHA1 signature: BAD, key ID 4bd6ec30
报错解决方法
# gpg --recv-key 4bd6ec30
gpg: requesting key 4BD6EC30 from hkp server subkeys.pgp.net
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key 4BD6EC30: public key "Puppet Labs Release Key (Puppet Labs Release Key) <info@puppetlabs.com>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
# gpg -a --export 4bd6ec30 >/opt/key.txt
# cat /opt/key.txt
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.5 (GNU/Linux)
mQINBEw3u0ABEAC1+aJQpU59fwZ4mxFjqNCgfZgDhONDSYQFMRnYC1dzBpJHzI6b
fUBQeaZ8rh6N4kZ+wq1eL86YDXkCt4sCvNTP0eF2XaOLbmxtV9bdpTIBep9bQiKg
5iZaz+brUZlFk/MyJ0Yz//VQ68N1uvXccmD6uxQsVO+gx7rnarg/BGuCNaVtGwy+
S98g8Begwxs9JmGa8pMCcSxtC7fAfAEZ02cYyrw5KfBvFI3cHDdBqrEJQKwKeLKY
GHK3+H1TM4ZMxPsLuR/XKCbvTyl+OCPxU2OxPjufAxLlr8BWUzgJv6ztPe9imqpH
Ppp3KuLFNorjPqWY5jSgKl94W/CO2x591e++a1PhwUn7iVUwVVe+mOEWnK5+Fd0v
VMQebYCXS+3dNf6gxSvhz8etpw20T9Ytg4EdhLvCJRV/pYlqhcq+E9le1jFOHOc0
Nc5FQweUtHGaNVyn8S1hvnvWJBMxpXq+Bezfk3X8PhPT/l9O2lLFOOO08jo0OYiI
wrjhMQQOOSZOb3vBRvBZNnnxPrcdjUUm/9cVB8VcgI5KFhG7hmMCwH70tpUWcZCN
NlI1wj/PJ7Tlxjy44f1o4CQ5FxuozkiITJvh9CTg+k3wEmiaGz65w9jRl9ny2gEl
f4CR5+ba+w2dpuDeMwiHJIs5JsGyJjmA5/0xytB7QvgMs2q25vWhygsmUQARAQAB
tEdQdXBwZXQgTGFicyBSZWxlYXNlIEtleSAoUHVwcGV0IExhYnMgUmVsZWFzZSBL
ZXkpIDxpbmZvQHB1cHBldGxhYnMuY29tPokBHAQQAQIABgUCTDfARgAKCRAhWv5Q
5BRwMq8TCACgG44+c+KgHBinygdU9Oj/r1wmfXbbmR+tpRgZ5sJytHC6gp3wjKFH
XrmddgmYPzKsAUGTxJxRUqxD+lKeo2sEKuXNAPo1C+4hZUV6Ah2N1qytZfpLOP43
U6WVvMgluQTl6jRaMIwQolUj8ZNjYCdNZQCbfo8tALkedIBPKSrDF5kOwn+zxFyR
3v5A3mwFXK0bepvjlDuMsmktwk7opgfivP1mA3svPLIZu70PKk+u6UAMb06svt6V
SewYMbgTUzw+SCT1e/0xEpqjUqNgsPnPE6hW116goRB2cz6VYwmKfVe+ioljsVMM
mTqj5xWqoeR0ov6yCyxwVVCWOAIR3QSAiQIcBBABCAAGBQJM+UDpAAoJEFwT1tuT
BS4DF1gP/jQXEB40JgHLGSv9dFPSAVP40KM+6o9YIzm1/Y0iFJqle1vb7fZZsB8P
NV+paMLQbRGdAG9769yOljj+sm7hUogMYhPwK2co4jIRxdM0U56GLrnE7jKlp6IE
9JveKnc/Sh/WJlkNCs0cxblVzIvVz49ZP/p7FdIax4+07/z21zqa6mpm0LTl/llc
biOzAwXRTpDmzdLS0btj6hCEo0UlLiwfisd7WjkLErA1FLOpxwDSGm0rLcwdRnb7
N4fO5F1FYaNvatSJXGci888EbEXYkeEHgRGEaBtPFFnrBlt1bToE4TyvukatSlR8
LD9ZFPeAZckekY87MUC+vdeXtVwNQpNWYhqOel3dKjIPW3Zey8mVJAE5ZtWK5wd2
8ThIgpDvu8EtGVkihddVvpa7tWr55CzXJuPAY6GecqPPyWVdwycvPM3zpJOmM3io
ZNdDL8T353JQ/WxefdFHBv5mR0jvubVhj3lBE2Ab+GqHvsi5ZaDUy1NKBCc/4Xbu
Z+jT/nbaE5uF0B7vdU7e20Q+KuJbLu3DdtL11o/ZMBVtjIWqS+m2QFvU5dFRLOpS
5aMGZnflSVeMpCwZ5QeU6ISHzhqid0X3QDuDHRf+S00g9Gt8IaQclwO74dWdHvEq
T4XSpv37+kYuJPeup5BOvx9ixvjEsdPu4SDWBUUHWDSR35FAfNXviQI+BBMBAgAo
AhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAUCT/Hk+gUJC0gyOgAKCRAQVLei
S9bsMAgpD/0e9nJ/4sdVKQKT3YpvqBySeKKff7mijPruFKvyaIYF8rh6hypDQftt
21aMAgvNH8gFjTGPo4cqFg/aTxMtztCFCO3R1Gk2Rf4i2ifYBmvJXu9QAOt5jPjg
HRs+aGIT4svjoRPkhOEsq78p+KHOQQQFr3+3Xvz5073MIzbGxdqIOEw7FUTfaBe9
Jko/eGa+cr8V3KVRjeda0952v6UekEugcZo8ftyMj4wQS6BTegAnSOmrdXyfjDSM
irZXvvB+ZsP1vIhXt1dzECnNyIr56TClA1AxJpx67EuVNkpx1KqjT+qZLYDzrdhl
DRkF75fJ/k4jff7L4yvL6+Xout7ZV8+be52BHXQTi1Zcn1DYKYb7M09a3vdTUUPv
EEjs8+86XLMJfhAmHLYWf9+/No2Menj8VKILDQe9fTV6lx6uzK6ffHE+REiPDBEz
2bkwnSjiGE99r3vOJtdKHxdcGeiwFDF6DqcSdvbp6itVBuobHSu679babn8mlR9E
SwWY04FRuLzGUo1LkJnKkfdmHzwRmJMWiU4wSH6FPqzSXrOcEAYZnib9SdpybnIM
eaDu6cKTgnJWilDYocyiobzzp6W76ubQBKSHKoECT2xYqm0yXc0eJhNET+b1UCS6
BUgHamL7y7zh/5qfgeaXjGXKKOBi7Tmmo2+ctHIkMt3rWG+IsLwZhYkCPgQTAQIA
KAUCTDe7QAIbAwUJA8JnAAYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQEFS3
okvW7DAZaw//aLmE/eobpXpIUVyCUWQxEvPtM/h/SAJsG3KoHN9u216ews+UHsL/
7F91ceVXQQdD2e8CtYWFeLNM0RSM9i/KM60g4CvIQlmNqdqhi1HsgGqInZ72/XLA
Xun0gabfC36rLww2kel+aMpRf58SrSuskY321NnMEJl4OsHV2hfNtAIgw2e/zm9R
hoMpGKxoHZCvFhnP7u2M2wMq7iNDDWb6dVsLpzdlVf242zCbubPCxxQXOpA56rzk
UPuJ85mdVw4i19oPIFIZVL5owit1SxCOxBg4b8oaMS36hEl3qtZG834rtLfcqAmq
jhx6aJuJLOAYN84QjDEU3NI5IfNRMvluIeTcD4Dt5FCYahN045tW1Rc6s5GAR8RW
45GYwQDzG+kkkeeGxwEhqCW7nOHuwZIoVJufNhd28UFn83KGJHCQt4NBBr3K5TcY
6bDQEIrpSplWSDBbd3p1IaoZY1WSDdP9OTVOSbsz0JiglWmUWGWCdd/CMSW/D7/3
VUOJOYRDwptvtSYcjJc81UV+1zB+rt5La/OWe4UOORD+jU1ATijQEaFYxBbqBBkF
boAEXq9btRQyegqk+eVpHhzacP5NYFTMThvHuTapNytcCso5au/cMywqCgY1DfcM
Jyjocu4bCtrAd6w4kGKNMUdwNDYQulHZDI+UjJInhramyngdzZLjdeE=
=i8vT
-----END PGP PUBLIC KEY BLOCK-----
# rpm --import /opt/key.txt
# yum -y install puppetlabs-release-5-7.noarch.rpm
Loaded plugins: aliases, allowdowngrade, changelog, downloadonly, fastestmirror, filter-
: data, kernel-module, keys, kmod, list-data, merge-conf, priorities,
: protect-packages, protectbase, refresh-updatesd, security, tmprepo,
: tsflags, upgrade-helper, verify, versionlock
Loading mirror speeds from cached hostfile
* Base: mirrors.neusoft.edu.cn
Skipping filters plugin, no data
0 packages excluded due to repository protections
Reading version lock configuration
Setting up Install Process
Examining puppetlabs-release-5-7.noarch.rpm: puppetlabs-release-5-7.noarch
Marking puppetlabs-release-5-7.noarch.rpm to be installed
Resolving Dependencies
Skipping filters plugin, no data
--> Running transaction check
---> Package puppetlabs-release.noarch 0:5-7 set to be updated
--> Finished Dependency Resolution
Dependencies Resolved
========================================================================================
Package Arch Version Repository Size
========================================================================================
Installing:
puppetlabs-release noarch 5-7 /puppetlabs-release-5-7.noarch 2.9 k
Transaction Summary
========================================================================================
Install 1 Package(s)
Upgrade 0 Package(s)
Total size: 2.9 k
Downloading Packages:
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : puppetlabs-release 1/1
Installed:
puppetlabs-release.noarch 0:5-7
Complete!
2,安装puppet
[root@client ~]# yum install puppet
Loaded plugins: aliases, allowdowngrade, changelog, downloadonly, fastestmirror, filter-
: data, kernel-module, keys, kmod, list-data, merge-conf, priorities,
: protect-packages, protectbase, refresh-updatesd, security, tmprepo,
: tsflags, upgrade-helper, verify, versionlock
Loading mirror speeds from cached hostfile
* Base: mirrors.neusoft.edu.cn
Skipping filters plugin, no data
0 packages excluded due to repository protections
Reading version lock configuration
Setting up Install Process
Resolving Dependencies
Skipping filters plugin, no data
--> Running transaction check
---> Package puppet.noarch 0:3.1.1-1.el5 set to be updated
--> Processing Dependency: ruby(abi) >= 1.8 for package: puppet
--> Processing Dependency: ruby >= 1.8.7 for package: puppet
--> Processing Dependency: facter >= 1.6.11 for package: puppet
--> Processing Dependency: hiera >= 1.0.0 for package: puppet
--> Processing Dependency: ruby-augeas for package: puppet
--> Processing Dependency: libselinux-ruby for package: puppet
--> Processing Dependency: ruby-shadow for package: puppet
--> Processing Dependency: /usr/bin/ruby for package: puppet
--> Running transaction check
---> Package facter.x86_64 1:1.7.0-1.el5 set to be updated
---> Package hiera.noarch 0:1.2.1-1.el5 set to be updated
--> Processing Dependency: rubygem-json for package: hiera
---> Package libselinux-ruby.x86_64 0:1.33.4-5.7.el5 set to be updated
---> Package ruby.x86_64 0:1.8.7.370-1.el5 set to be updated
---> Package ruby-augeas.x86_64 0:0.4.1-1 set to be updated
--> Processing Dependency: augeas-libs >= 0.8.0 for package: ruby-augeas
--> Processing Dependency: libaugeas.so.0(AUGEAS_0.8.0)(64bit) for package: ruby-augeas
--> Processing Dependency: libaugeas.so.0(AUGEAS_0.11.0)(64bit) for package: ruby-augeas
--> Processing Dependency: libaugeas.so.0(AUGEAS_0.10.0)(64bit) for package: ruby-augeas
--> Processing Dependency: libaugeas.so.0(AUGEAS_0.1.0)(64bit) for package: ruby-augeas
--> Processing Dependency: libaugeas.so.0(AUGEAS_0.12.0)(64bit) for package: ruby-augeas
--> Processing Dependency: libaugeas.so.0()(64bit) for package: ruby-augeas
---> Package ruby-libs.x86_64 0:1.8.7.370-1.el5 set to be updated
---> Package ruby-shadow.x86_64 0:1.4.1-7 set to be updated
--> Running transaction check
---> Package augeas-libs.x86_64 0:0.10.0-3 set to be updated
---> Package rubygem-json.x86_64 0:1.5.5-1.el5 set to be updated
--> Processing Dependency: rubygems for package: rubygem-json
--> Running transaction check
---> Package rubygems.noarch 0:1.3.7-1.el5 set to be updated
--> Processing Dependency: ruby-rdoc for package: rubygems
--> Running transaction check
---> Package ruby-rdoc.x86_64 0:1.8.7.370-1.el5 set to be updated
--> Processing Dependency: irb = 1.8.7.370-1.el5 for package: ruby-rdoc
--> Running transaction check
---> Package ruby-irb.x86_64 0:1.8.7.370-1.el5 set to be updated
--> Finished Dependency Resolution
Dependencies Resolved
========================================================================================
Package Arch Version Repository Size
========================================================================================
Installing:
puppet noarch 3.1.1-1.el5 puppetlabs-products 959 k
Installing for dependencies:
augeas-libs x86_64 0.10.0-3 puppetlabs-deps 376 k
facter x86_64 1:1.7.0-1.el5 puppetlabs-products 84 k
hiera noarch 1.2.1-1.el5 puppetlabs-products 20 k
libselinux-ruby x86_64 1.33.4-5.7.el5 Base 61 k
ruby x86_64 1.8.7.370-1.el5 puppetlabs-deps 378 k
ruby-augeas x86_64 0.4.1-1 puppetlabs-deps 22 k
ruby-irb x86_64 1.8.7.370-1.el5 puppetlabs-deps 343 k
ruby-libs x86_64 1.8.7.370-1.el5 puppetlabs-deps 2.2 M
ruby-rdoc x86_64 1.8.7.370-1.el5 puppetlabs-deps 410 k
ruby-shadow x86_64 1.4.1-7 puppetlabs-deps 10 k
rubygem-json x86_64 1.5.5-1.el5 puppetlabs-deps 773 k
rubygems noarch 1.3.7-1.el5 puppetlabs-deps 217 k
Transaction Summary
========================================================================================
Install 13 Package(s)
Upgrade 0 Package(s)
Total download size: 5.7 M
Is this ok [y/N]: y
Downloading Packages:
(1/13): ruby-shadow-1.4.1-7.x86_64.rpm | 10 kB 00:00
(2/13): hiera-1.2.1-1.el5.noarch.rpm | 20 kB 00:00
(3/13): ruby-augeas-0.4.1-1.x86_64.rpm | 22 kB 00:00
(4/13): libselinux-ruby-1.33.4-5.7.el5.x86_64.rpm | 61 kB 00:00
(5/13): facter-1.7.0-1.el5.x86_64.rpm | 84 kB 00:00
(6/13): rubygems-1.3.7-1.el5.noarch.rpm | 217 kB 00:02
(7/13): ruby-irb-1.8.7.370-1.el5.x86_64.rpm | 343 kB 00:05
(8/13): augeas-libs-0.10.0-3.x86_64.rpm | 376 kB 00:10
(9/13): ruby-1.8.7.370-1.el5.x86_64.rpm | 378 kB 00:04
(10/13): ruby-rdoc-1.8.7.370-1.el5.x86_64.rpm | 410 kB 00:04
(11/13): rubygem-json-1.5.5-1.el5.x86_64.rpm | 773 kB 00:13
(12/13): puppet-3.1.1-1.el5.noarch.rpm | 959 kB 00:12
(13/13): ruby-libs-1.8.7.370-1.el5.x86_64.rpm | 2.2 MB 00:31
-----------------------------------------------------------------------------------------------------------------------------
Total 57 kB/s | 5.7 MB 01:42
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : ruby-libs 1/13
Installing : ruby 2/13
Installing : ruby-shadow 3/13
Installing : augeas-libs 4/13
Installing : ruby-augeas 5/13
Installing : libselinux-ruby 6/13
Installing : ruby-irb 7/13
Installing : ruby-rdoc 8/13
Installing : rubygems 9/13
Installing : rubygem-json 10/13
Installing : hiera 11/13
Installing : facter 12/13
Installing : puppet 13/13
Installed:
puppet.noarch 0:3.1.1-1.el5
Dependency Installed:
augeas-libs.x86_64 0:0.10.0-3 facter.x86_64 1:1.7.0-1.el5 hiera.noarch 0:1.2.1-1.el5
libselinux-ruby.x86_64 0:1.33.4-5.7.el5 ruby.x86_64 0:1.8.7.370-1.el5 ruby-augeas.x86_64 0:0.4.1-1
ruby-irb.x86_64 0:1.8.7.370-1.el5 ruby-libs.x86_64 0:1.8.7.370-1.el5 ruby-rdoc.x86_64 0:1.8.7.370-1.el5
ruby-shadow.x86_64 0:1.4.1-7 rubygem-json.x86_64 0:1.5.5-1.el5 rubygems.noarch 0:1.3.7-1.el5
Complete!
#service puppet start
Starting puppet agent: [ OK ]
#chkconfig puppet on
四, Master,Client连接测试 ,我是一步步测试,根据出现问题再拍错然后解决
1, 客户端执行puppet agent -t --debug --server master.inno.com
其中-t 是—test 的缩写,--debug可以列出debug信息,--server接Master的FQDN名
其他参数都不明白,故没有写上,可以看到在结尾处有错误信息,后面有排错方法
# puppet agent -t --debug --server master.inno.com
Debug: Using settings: adding file resource 'client_datadir': 'File[/var/lib/puppet/client_data]{:backup=>false, :loglevel=>:debug, :links=>:follow,
:mode=>"750", :path=>"/var/lib/puppet/client_data", :ensure=>:directory}'
Debug: Puppet::Type::User::ProviderPw: file pw does not exist
Debug: Failed to load library 'ldap' for feature 'ldap'
Debug: Puppet::Type::User::ProviderLdap: feature ldap is missing
Debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/dsimport does not exist
Debug: Puppet::Type::User::ProviderUser_role_add: file rolemod does not exist
Debug: Using settings: adding file resource 'hostpubkey': 'File[/var/lib/puppet/ssl/public_keys/client.inno.com.pem]{:backup=>false, :loglevel=>:debug,
:owner=>"puppet", :links=>:follow, :mode=>"644", :path=>"/var/lib/puppet/ssl/public_keys/client.inno.com.pem", :ensure=>:file}'
Debug: Using settings: adding file resource 'statedir': 'File[/var/lib/puppet/state]{:backup=>false, :loglevel=>:debug, :links=>:follow, :mode=>"1755",
:path=>"/var/lib/puppet/state", :ensure=>:directory}'
Debug: Using settings: adding file resource 'confdir': 'File[/etc/puppet]{:backup=>false, :loglevel=>:debug, :links=>:follow, :path=>"/etc/puppet",
:ensure=>:directory}'
Debug: Using settings: adding file resource 'publickeydir': 'File[/var/lib/puppet/ssl/public_keys]{:backup=>false, :loglevel=>:debug, :owner=>"puppet",
:links=>:follow, :path=>"/var/lib/puppet/ssl/public_keys", :ensure=>:directory}'
Debug: Using settings: adding file resource 'privatedir': 'File[/var/lib/puppet/ssl/private]{:backup=>false, :loglevel=>:debug, :owner=>"puppet",
:links=>:follow, :mode=>"750", :path=>"/var/lib/puppet/ssl/private", :ensure=>:directory}'
Debug: Using settings: adding file resource 'plugindest': 'File[/var/lib/puppet/lib]{:backup=>false, :loglevel=>:debug, :links=>:follow,
:path=>"/var/lib/puppet/lib", :ensure=>:directory}'
Debug: Using settings: adding file resource 'clientbucketdir': 'File[/var/lib/puppet/clientbucket]{:backup=>false, :loglevel=>:debug, :links=>:follow,
:mode=>"750", :path=>"/var/lib/puppet/clientbucket", :ensure=>:directory}'
Debug: Using settings: adding file resource 'certdir': 'File[/var/lib/puppet/ssl/certs]{:backup=>false, :loglevel=>:debug, :owner=>"puppet", :links=>:follow,
:path=>"/var/lib/puppet/ssl/certs", :ensure=>:directory}'
Debug: Using settings: adding file resource 'graphdir': 'File[/var/lib/puppet/state/graphs]{:backup=>false, :loglevel=>:debug, :links=>:follow,
:path=>"/var/lib/puppet/state/graphs", :ensure=>:directory}'
Debug: Using settings: adding file resource 'vardir': 'File[/var/lib/puppet]{:backup=>false, :loglevel=>:debug, :links=>:follow, :path=>"/var/lib/puppet",
:ensure=>:directory}'
Debug: Using settings: adding file resource 'requestdir': 'File[/var/lib/puppet/ssl/certificate_requests]{:backup=>false, :loglevel=>:debug,
:owner=>"puppet", :links=>:follow, :path=>"/var/lib/puppet/ssl/certificate_requests", :ensure=>:directory}'
Debug: Using settings: adding file resource 'rundir': 'File[/var/run/puppet]{:backup=>false, :loglevel=>:debug, :links=>:follow, :mode=>"755",
:path=>"/var/run/puppet", :ensure=>:directory}'
Debug: Using settings: adding file resource 'clientyamldir': 'File[/var/lib/puppet/client_yaml]{:backup=>false, :loglevel=>:debug, :links=>:follow,
:mode=>"750", :path=>"/var/lib/puppet/client_yaml", :ensure=>:directory}'
Debug: Using settings: adding file resource 'hostprivkey': 'File[/var/lib/puppet/ssl/private_keys/client.inno.com.pem]{:backup=>false, :loglevel=>:debug,
:owner=>"puppet", :links=>:follow, :mode=>"600", :path=>"/var/lib/puppet/ssl/private_keys/client.inno.com.pem", :ensure=>:file}'
Debug: Puppet::Type::Group::ProviderPw: file pw does not exist
Debug: Failed to load library 'ldap' for feature 'ldap'
Debug: Puppet::Type::Group::ProviderLdap: feature ldap is missing
Debug: Puppet::Type::Group::ProviderDirectoryservice: file /usr/bin/dscl does not exist
Debug: Using settings: adding file resource 'logdir': 'File[/var/log/puppet]{:backup=>false, :group=>"puppet", :loglevel=>:debug, :owner=>"puppet",
:links=>:follow, :mode=>"750", :path=>"/var/log/puppet", :ensure=>:directory}'
Debug: Using settings: adding file resource 'ssldir': 'File[/var/lib/puppet/ssl]{:backup=>false, :loglevel=>:debug, :owner=>"puppet", :links=>:follow,
:mode=>"771", :path=>"/var/lib/puppet/ssl", :ensure=>:directory}'
Debug: Using settings: adding file resource 'privatekeydir': 'File[/var/lib/puppet/ssl/private_keys]{:backup=>false, :loglevel=>:debug, :owner=>"puppet",
:links=>:follow, :mode=>"750", :path=>"/var/lib/puppet/ssl/private_keys", :ensure=>:directory}'
Debug: /File[/var/lib/puppet/client_yaml]: Autorequiring File[/var/lib/puppet]
Debug: /File[/var/lib/puppet/ssl/private_keys]: Autorequiring File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet]
Debug: /File[/var/lib/puppet/state/graphs]: Autorequiring File[/var/lib/puppet/state]
Debug: /File[/var/lib/puppet/ssl/certificate_requests]: Autorequiring File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/ssl/private_keys/client.inno.com.pem]: Autorequiring File[/var/lib/puppet/ssl/private_keys]
Debug: /File[/var/lib/puppet/ssl/public_keys/client.inno.com.pem]: Autorequiring File[/var/lib/puppet/ssl/public_keys]
Debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/puppet]
Debug: /File[/var/lib/puppet/client_data]: Autorequiring File[/var/lib/puppet]
Debug: /File[/var/lib/puppet/ssl/public_keys]: Autorequiring File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/clientbucket]: Autorequiring File[/var/lib/puppet]
Debug: /File[/var/lib/puppet/ssl/certs]: Autorequiring File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/ssl/private]: Autorequiring File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/ssl]: Autorequiring File[/var/lib/puppet]
Debug: /File[/var/lib/puppet/ssl/private_keys/client.inno.com.pem]/mode: mode changed '0640' to '0600'
Debug: /File[/var/lib/puppet/ssl/public_keys/client.inno.com.pem]/mode: mode changed '0640' to '0644'
Debug: Finishing transaction 23872078632760
Debug: Using settings: adding file resource 'hostpubkey': 'File[/var/lib/puppet/ssl/public_keys/client.inno.com.pem]{:backup=>false, :loglevel=>:debug,
:owner=>"puppet", :links=>:follow, :mode=>"644", :path=>"/var/lib/puppet/ssl/public_keys/client.inno.com.pem", :ensure=>:file}'
Debug: Using settings: adding file resource 'statedir': 'File[/var/lib/puppet/state]{:backup=>false, :loglevel=>:debug, :links=>:follow, :mode=>"1755",
:path=>"/var/lib/puppet/state", :ensure=>:directory}'
Debug: Using settings: adding file resource 'confdir': 'File[/etc/puppet]{:backup=>false, :loglevel=>:debug, :links=>:follow, :path=>"/etc/puppet",
:ensure=>:directory}'
Debug: Using settings: adding file resource 'publickeydir': 'File[/var/lib/puppet/ssl/public_keys]{:backup=>false, :loglevel=>:debug, :owner=>"puppet",
:links=>:follow, :path=>"/var/lib/puppet/ssl/public_keys", :ensure=>:directory}'
Debug: Using settings: adding file resource 'privatedir': 'File[/var/lib/puppet/ssl/private]{:backup=>false, :loglevel=>:debug, :owner=>"puppet",
:links=>:follow, :mode=>"750", :path=>"/var/lib/puppet/ssl/private", :ensure=>:directory}'
Debug: Using settings: adding file resource 'plugindest': 'File[/var/lib/puppet/lib]{:backup=>false, :loglevel=>:debug, :links=>:follow,
:path=>"/var/lib/puppet/lib", :ensure=>:directory}'
Debug: Using settings: adding file resource 'certdir': 'File[/var/lib/puppet/ssl/certs]{:backup=>false, :loglevel=>:debug, :owner=>"puppet", :links=>:follow,
:path=>"/var/lib/puppet/ssl/certs", :ensure=>:directory}'
Debug: Using settings: adding file resource 'vardir': 'File[/var/lib/puppet]{:backup=>false, :loglevel=>:debug, :links=>:follow, :path=>"/var/lib/puppet",
:ensure=>:directory}'
Debug: Using settings: adding file resource 'requestdir': 'File[/var/lib/puppet/ssl/certificate_requests]{:backup=>false, :loglevel=>:debug,
:owner=>"puppet", :links=>:follow, :path=>"/var/lib/puppet/ssl/certificate_requests", :ensure=>:directory}'
Debug: Using settings: adding file resource 'rundir': 'File[/var/run/puppet]{:backup=>false, :loglevel=>:debug, :links=>:follow, :mode=>"755",
:path=>"/var/run/puppet", :ensure=>:directory}'
Debug: Using settings: adding file resource 'hostprivkey': 'File[/var/lib/puppet/ssl/private_keys/client.inno.com.pem]{:backup=>false, :loglevel=>:debug,
:owner=>"puppet", :links=>:follow, :mode=>"600", :path=>"/var/lib/puppet/ssl/private_keys/client.inno.com.pem", :ensure=>:file}'
Debug: Using settings: adding file resource 'logdir': 'File[/var/log/puppet]{:backup=>false, :group=>"puppet", :loglevel=>:debug, :owner=>"puppet",
:links=>:follow, :mode=>"750", :path=>"/var/log/puppet", :ensure=>:directory}'
Debug: Using settings: adding file resource 'ssldir': 'File[/var/lib/puppet/ssl]{:backup=>false, :loglevel=>:debug, :owner=>"puppet", :links=>:follow,
:mode=>"771", :path=>"/var/lib/puppet/ssl", :ensure=>:directory}'
Debug: Using settings: adding file resource 'privatekeydir': 'File[/var/lib/puppet/ssl/private_keys]{:backup=>false, :loglevel=>:debug, :owner=>"puppet",
:links=>:follow, :mode=>"750", :path=>"/var/lib/puppet/ssl/private_keys", :ensure=>:directory}'
Debug: /File[/var/lib/puppet/ssl/public_keys/client.inno.com.pem]: Autorequiring File[/var/lib/puppet/ssl/public_keys]
Debug: /File[/var/lib/puppet/ssl/private]: Autorequiring File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/ssl/certs]: Autorequiring File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/ssl/public_keys]: Autorequiring File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/puppet]
Debug: /File[/var/lib/puppet/ssl/private_keys]: Autorequiring File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/ssl/certificate_requests]: Autorequiring File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/ssl]: Autorequiring File[/var/lib/puppet]
Debug: /File[/var/lib/puppet/ssl/private_keys/client.inno.com.pem]: Autorequiring File[/var/lib/puppet/ssl/private_keys]
Debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet]
Debug: Finishing transaction 23872076821240
Info: Caching certificate for ca
Info: Creating a new SSL certificate request for client.inno.com
Info: Certificate Request fingerprint (SHA256): 04:48:C2:2C:8D:FC:71:E8:99:EA:50:45:B1:81:A0:68:D0:26:9D:82:58:D7:AC:CB:7B:72:19:EC:A0:40:F5:7F
Debug: Using cached certificate for ca
Debug: Using cached certificate for ca
Exiting; no certificate found and waitforcert is disabled
2,排错方法:
从上面提示貌似是Cert问题,后来查了下资料Client在test是就给Master提供有Cert请求,只要Master sign一下就可,具体方法如下:
首先看看帮助,我最先开始的事ca ,后来发现cert这个命令也可以,而且和ca 命令用法与参数差不多
#puppet help ca
USAGE: puppet ca <action>
This provides local management of the Puppet Certificate Authority.
OPTIONS:
--render-as FORMAT - The rendering format to use.
--verbose - Whether to log verbosely.
--debug - Whether to log debug information.
ACTIONS:
destroy undocumented action
fingerprint undocumented action
generate undocumented action
list List certificates and/or certificate requests.
print undocumented action
revoke undocumented action
sign undocumented action
verify undocumented action
See 'puppet man ca' or 'man puppet-ca' for full help.
查看Client端CERT请求
#puppet ca list
client.inno.com (SHA256) 04:48:C2:2C:8D:FC:71:E8:99:EA:50:45:B1:81:A0:68:D0:26:9D:82:58:D7:AC:CB:7B:72:19:EC:A0:40:F5:7F
看到上面有一个请求,sign
#puppet ca sign client.inno.com
Notice: Signed certificate request for client.inno.com
Notice: Removing file Puppet::SSL::CertificateRequest client.inno.com at '/var/lib/puppet/ssl/ca/requests/client.inno.com.pem'
"-----BEGIN CERTIFICATE-----\nMIIFVjCCAz6gAwIBAgIBAzANBgkqhkiG9w0BAQsFADAlMSMwIQYDVQQDDBpQdXBw
\nZXQgQ0E6IG1hc3Rlci5pbm5vLmNvbTAeFw0xMzA0MjEwOTE2MzlaFw0xODA0MjEw\nOTE2MzlaMBoxGDAWBgNVBAMMD2NsaWVudC5pbm5vLmNvbTCCAiIwDQYJKoZIhvcN
\nAQEBBQADggIPADCCAgoCggIBAOVyPq+ehcuQV8AGFr6ZyxplhtzH0iYH54ltASrg\n/H3k/JfFy4+bKno3Enee9bW/czyGS2n04Z7X+ipfhPQWEh0DVB1gDd1QipKzIY7i
\n7WFshnqPdNISlCwPsg5xKRdfFzixIacK0MLyXxfWrqKNYOMfo5BQg1cQVLK6nAQv\niZNrvhyIi85yfOs2D7oqOzaHYW4332rJtAlsxSN5RL9+hzTcT3QYqrixUac5dteX
\nOwfG0xHcJNthYR0VvP35zPhRWoh0tY5ayZ0axyo1bUpib52qvUGl2KvaZWPgKxjz\nKOz3RNaEeXM78jgiJSlMCOALOX9ck+d7FVT3UBzwyG9SSgovFuxsvKNe4m4twTKX
\nx6nilscXQXR0HWT9FCLiemd1y4RsD/wjBPHNZhWnKZcD6jEMbOfFI+6dHMWY95kd\nYbKoa7Q6mLofSdB1NPc+c0bEwVqsgo4KHavH+bvU/vq5pU6bE38BRT1Vab+lNpTY
\n0o9DDv374TyPWtn0ZKra5CL8g+6WDOS6HfBW0bmAmFIGSdgS0suA83Cllcpy6BXH\nnbpV1RWOgBo8BT2XYJ9f8mkiN7UbQG6mur0K1z/+8tEHWstn83VlgUN3e3ZvsFlH
\nY7UHG7OGgyzzQTyQfvoYj7tCehYo5jbJs67WdFqX3lb9JDokQShGaOxI9m7L4VOW\nnMY9AgMBAAGjgZswgZgwDgYDVR0PAQH/BAQDAgWgMDcGCWCGSAGG+EIBDQQqFihQ
\ndXBwZXQgUnVieS9PcGVuU1NMIEludGVybmFsIENlcnRpZmljYXRlMAwGA1UdEwEB\n/wQCMAAwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQW\nBBRbBYfe
+VaQ//KyxOmnbpMNyZQ0yjANBgkqhkiG9w0BAQsFAAOCAgEAGzvjLNM/\neW6eIXJMSRcpj/rr8fLFK9zsO8N0Yz5RXYztAfcvPgyKvsry94HW03gUb28O+TaA
\nyXYdWflgdnxsivXCLU8lPQGvn/PifRcA/bUebfitvIDpJp9mj1Z4JKUeRb3nI1Yk\nihWsPpvpR4bB1SB9THkQJAAj3OtWWJnCZ7cPylocjaPQ5bkk+PXiVwWrhIQjiCdm
\nxcA7cooAFLInv3yFQFJUfIlqFefBvIDo6oyqXlRM3ipDV5742ygSApd9VmX77JzK\nRd1JeNoDvQ8ps3gMktLLMUTaT
+N5sOavYtroCN5T7KzbVd5gd3ULSyctECBHep09\nvpqsBWS05X9j2x8HRq2hiysyZFl0X7NWClbigCDUYIvXPSw7Q+q6ODhq5yg5YKjd\n/vNVh1jPob1TvNRG0tSxSLre4XxLjSUpfZwV
+B0UFiGS8WHUcvk2Bpye+wyI6laG\ni3sztpM6N4LzmxPvM7I3jnrfgA/5G94yb6LUNgGuE0oUkvTHY3VZ2hqUT1thGZ01\nZAUPjURqnLrnsvG02ppY2tKbOY1zmSFabZ1PoUMJ
+W0fQeEi5h0EQzpfYEzM0gGa\nGc7An7gcSKm2dQU9cnt72klth52u6hfYHvnxVjQAIfSBDY3sWz+jZ/EovXiESC8/\nBk95erEr/XBnDV89MbT9WzLHoUHylrYpSnI=\n-----END CERTIFICATE-----
\n"
查看所有CERT, +号为正常,-为撤销,可以看到两个都是+
#puppet cert list -all
+ "client.inno.com" (SHA256) F5:58:3A:FE:0E:FF:75:69:52:C9:D3:30:18:49:DF:ED:1D:45:B5:7A:B4:40:72:ED:A1:93:14:FE:8E:47:8D:22
+ "master.inno.com" (SHA256) B6:9A:B1:9F:FE:9C:BB:D3:A7:6B:3B:37:8C:94:68:B4:A6:33:21:3D:A9:DC:69:B9:72:A0:F1:41:61:E6:D4:33 (alt names:
"DNS:master.inno.com", "DNS:puppet", "DNS:puppet.inno.com")
最后再debug测试一下,可以看到结果完成无异常
# puppet agent -t --debug --server master.inno.com
Debug: Using settings: adding file resource 'client_datadir': 'File[/var/lib/puppet/client_data]{:backup=>false, :loglevel=>:debug, :links=>:follow,
:mode=>"750", :path=>"/var/lib/puppet/client_data", :ensure=>:directory}'
Debug: Puppet::Type::User::ProviderPw: file pw does not exist
Debug: Failed to load library 'ldap' for feature 'ldap'
Debug: Puppet::Type::User::ProviderLdap: feature ldap is missing
Debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/dsimport does not exist
Debug: Puppet::Type::User::ProviderUser_role_add: file rolemod does not exist
Debug: Using settings: adding file resource 'hostpubkey': 'File[/var/lib/puppet/ssl/public_keys/client.inno.com.pem]{:backup=>false, :loglevel=>:debug,
:owner=>"puppet", :links=>:follow, :mode=>"644", :path=>"/var/lib/puppet/ssl/public_keys/client.inno.com.pem", :ensure=>:file}'
Debug: Using settings: adding file resource 'statedir': 'File[/var/lib/puppet/state]{:backup=>false, :loglevel=>:debug, :links=>:follow, :mode=>"1755",
:path=>"/var/lib/puppet/state", :ensure=>:directory}'
Debug: Using settings: adding file resource 'confdir': 'File[/etc/puppet]{:backup=>false, :loglevel=>:debug, :links=>:follow, :path=>"/etc/puppet",
:ensure=>:directory}'
Debug: Using settings: adding file resource 'publickeydir': 'File[/var/lib/puppet/ssl/public_keys]{:backup=>false, :loglevel=>:debug, :owner=>"puppet",
:links=>:follow, :path=>"/var/lib/puppet/ssl/public_keys", :ensure=>:directory}'
Debug: Using settings: adding file resource 'privatedir': 'File[/var/lib/puppet/ssl/private]{:backup=>false, :loglevel=>:debug, :owner=>"puppet",
:links=>:follow, :mode=>"750", :path=>"/var/lib/puppet/ssl/private", :ensure=>:directory}'
Debug: Using settings: adding file resource 'plugindest': 'File[/var/lib/puppet/lib]{:backup=>false, :loglevel=>:debug, :links=>:follow,
:path=>"/var/lib/puppet/lib", :ensure=>:directory}'
Debug: Using settings: adding file resource 'clientbucketdir': 'File[/var/lib/puppet/clientbucket]{:backup=>false, :loglevel=>:debug, :links=>:follow,
:mode=>"750", :path=>"/var/lib/puppet/clientbucket", :ensure=>:directory}'
Debug: Using settings: adding file resource 'certdir': 'File[/var/lib/puppet/ssl/certs]{:backup=>false, :loglevel=>:debug, :owner=>"puppet", :links=>:follow,
:path=>"/var/lib/puppet/ssl/certs", :ensure=>:directory}'
Debug: Using settings: adding file resource 'graphdir': 'File[/var/lib/puppet/state/graphs]{:backup=>false, :loglevel=>:debug, :links=>:follow,
:path=>"/var/lib/puppet/state/graphs", :ensure=>:directory}'
Debug: Using settings: adding file resource 'vardir': 'File[/var/lib/puppet]{:backup=>false, :loglevel=>:debug, :links=>:follow, :path=>"/var/lib/puppet",
:ensure=>:directory}'
Debug: Using settings: adding file resource 'requestdir': 'File[/var/lib/puppet/ssl/certificate_requests]{:backup=>false, :loglevel=>:debug,
:owner=>"puppet", :links=>:follow, :path=>"/var/lib/puppet/ssl/certificate_requests", :ensure=>:directory}'
Debug: Using settings: adding file resource 'rundir': 'File[/var/run/puppet]{:backup=>false, :loglevel=>:debug, :links=>:follow, :mode=>"755",
:path=>"/var/run/puppet", :ensure=>:directory}'
Debug: Using settings: adding file resource 'clientyamldir': 'File[/var/lib/puppet/client_yaml]{:backup=>false, :loglevel=>:debug, :links=>:follow,
:mode=>"750", :path=>"/var/lib/puppet/client_yaml", :ensure=>:directory}'
Debug: Using settings: adding file resource 'hostprivkey': 'File[/var/lib/puppet/ssl/private_keys/client.inno.com.pem]{:backup=>false, :loglevel=>:debug,
:owner=>"puppet", :links=>:follow, :mode=>"600", :path=>"/var/lib/puppet/ssl/private_keys/client.inno.com.pem", :ensure=>:file}'
Debug: Puppet::Type::Group::ProviderPw: file pw does not exist
Debug: Failed to load library 'ldap' for feature 'ldap'
Debug: Puppet::Type::Group::ProviderLdap: feature ldap is missing
Debug: Puppet::Type::Group::ProviderDirectoryservice: file /usr/bin/dscl does not exist
Debug: Using settings: adding file resource 'logdir': 'File[/var/log/puppet]{:backup=>false, :group=>"puppet", :loglevel=>:debug, :owner=>"puppet",
:links=>:follow, :mode=>"750", :path=>"/var/log/puppet", :ensure=>:directory}'
Debug: Using settings: adding file resource 'ssldir': 'File[/var/lib/puppet/ssl]{:backup=>false, :loglevel=>:debug, :owner=>"puppet", :links=>:follow,
:mode=>"771", :path=>"/var/lib/puppet/ssl", :ensure=>:directory}'
Debug: Using settings: adding file resource 'privatekeydir': 'File[/var/lib/puppet/ssl/private_keys]{:backup=>false, :loglevel=>:debug, :owner=>"puppet",
:links=>:follow, :mode=>"750", :path=>"/var/lib/puppet/ssl/private_keys", :ensure=>:directory}'
Debug: /File[/var/lib/puppet/client_yaml]: Autorequiring File[/var/lib/puppet]
Debug: /File[/var/lib/puppet/ssl/private_keys]: Autorequiring File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet]
Debug: /File[/var/lib/puppet/state/graphs]: Autorequiring File[/var/lib/puppet/state]
Debug: /File[/var/lib/puppet/ssl/certificate_requests]: Autorequiring File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/ssl/private_keys/client.inno.com.pem]: Autorequiring File[/var/lib/puppet/ssl/private_keys]
Debug: /File[/var/lib/puppet/ssl/public_keys/client.inno.com.pem]: Autorequiring File[/var/lib/puppet/ssl/public_keys]
Debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/puppet]
Debug: /File[/var/lib/puppet/client_data]: Autorequiring File[/var/lib/puppet]
Debug: /File[/var/lib/puppet/ssl/public_keys]: Autorequiring File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/clientbucket]: Autorequiring File[/var/lib/puppet]
Debug: /File[/var/lib/puppet/ssl/certs]: Autorequiring File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/ssl/private]: Autorequiring File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/ssl]: Autorequiring File[/var/lib/puppet]
Debug: /File[/var/lib/puppet/ssl/private_keys/client.inno.com.pem]/mode: mode changed '0640' to '0600'
Debug: /File[/var/lib/puppet/ssl/public_keys/client.inno.com.pem]/mode: mode changed '0640' to '0644'
Debug: Finishing transaction 23872078632760
Debug: Using settings: adding file resource 'hostpubkey': 'File[/var/lib/puppet/ssl/public_keys/client.inno.com.pem]{:backup=>false, :loglevel=>:debug,
:owner=>"puppet", :links=>:follow, :mode=>"644", :path=>"/var/lib/puppet/ssl/public_keys/client.inno.com.pem", :ensure=>:file}'
Debug: Using settings: adding file resource 'statedir': 'File[/var/lib/puppet/state]{:backup=>false, :loglevel=>:debug, :links=>:follow, :mode=>"1755",
:path=>"/var/lib/puppet/state", :ensure=>:directory}'
Debug: Using settings: adding file resource 'confdir': 'File[/etc/puppet]{:backup=>false, :loglevel=>:debug, :links=>:follow, :path=>"/etc/puppet",
:ensure=>:directory}'
Debug: Using settings: adding file resource 'publickeydir': 'File[/var/lib/puppet/ssl/public_keys]{:backup=>false, :loglevel=>:debug, :owner=>"puppet",
:links=>:follow, :path=>"/var/lib/puppet/ssl/public_keys", :ensure=>:directory}'
Debug: Using settings: adding file resource 'privatedir': 'File[/var/lib/puppet/ssl/private]{:backup=>false, :loglevel=>:debug, :owner=>"puppet",
:links=>:follow, :mode=>"750", :path=>"/var/lib/puppet/ssl/private", :ensure=>:directory}'
Debug: Using settings: adding file resource 'plugindest': 'File[/var/lib/puppet/lib]{:backup=>false, :loglevel=>:debug, :links=>:follow,
:path=>"/var/lib/puppet/lib", :ensure=>:directory}'
[root@client lib]# puppet agent -t --debug --server master.inno.com
Debug: Using settings: adding file resource 'client_datadir': 'File[/var/lib/puppet/client_data]{:backup=>false, :loglevel=>:debug, :links=>:follow,
:mode=>"750", :path=>"/var/lib/puppet/client_data", :ensure=>:directory}'
Debug: Puppet::Type::User::ProviderPw: file pw does not exist
Debug: Failed to load library 'ldap' for feature 'ldap'
Debug: Puppet::Type::User::ProviderLdap: feature ldap is missing
Debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/dsimport does not exist
Debug: Puppet::Type::User::ProviderUser_role_add: file rolemod does not exist
Debug: Using settings: adding file resource 'hostpubkey': 'File[/var/lib/puppet/ssl/public_keys/client.inno.com.pem]{:backup=>false, :loglevel=>:debug,
:owner=>"puppet", :links=>:follow, :mode=>"644", :path=>"/var/lib/puppet/ssl/public_keys/client.inno.com.pem", :ensure=>:file}'
Debug: Using settings: adding file resource 'statedir': 'File[/var/lib/puppet/state]{:backup=>false, :loglevel=>:debug, :links=>:follow, :mode=>"1755",
:path=>"/var/lib/puppet/state", :ensure=>:directory}'
Debug: Using settings: adding file resource 'confdir': 'File[/etc/puppet]{:backup=>false, :loglevel=>:debug, :links=>:follow, :path=>"/etc/puppet",
:ensure=>:directory}'
Debug: Using settings: adding file resource 'publickeydir': 'File[/var/lib/puppet/ssl/public_keys]{:backup=>false, :loglevel=>:debug, :owner=>"puppet",
:links=>:follow, :path=>"/var/lib/puppet/ssl/public_keys", :ensure=>:directory}'
Debug: Using settings: adding file resource 'privatedir': 'File[/var/lib/puppet/ssl/private]{:backup=>false, :loglevel=>:debug, :owner=>"puppet",
:links=>:follow, :mode=>"750", :path=>"/var/lib/puppet/ssl/private", :ensure=>:directory}'
Debug: Using settings: adding file resource 'plugindest': 'File[/var/lib/puppet/lib]{:backup=>false, :loglevel=>:debug, :links=>:follow,
:path=>"/var/lib/puppet/lib", :ensure=>:directory}'
Debug: Using settings: adding file resource 'clientbucketdir': 'File[/var/lib/puppet/clientbucket]{:backup=>false, :loglevel=>:debug, :links=>:follow,
:mode=>"750", :path=>"/var/lib/puppet/clientbucket", :ensure=>:directory}'
Debug: Using settings: adding file resource 'localcacert': 'File[/var/lib/puppet/ssl/certs/ca.pem]{:backup=>false, :loglevel=>:debug, :owner=>"puppet",
:links=>:follow, :mode=>"644", :path=>"/var/lib/puppet/ssl/certs/ca.pem", :ensure=>:file}'
Debug: Using settings: adding file resource 'certdir': 'File[/var/lib/puppet/ssl/certs]{:backup=>false, :loglevel=>:debug, :owner=>"puppet", :links=>:follow,
:path=>"/var/lib/puppet/ssl/certs", :ensure=>:directory}'
Debug: Using settings: adding file resource 'graphdir': 'File[/var/lib/puppet/state/graphs]{:backup=>false, :loglevel=>:debug, :links=>:follow,
:path=>"/var/lib/puppet/state/graphs", :ensure=>:directory}'
Debug: Using settings: adding file resource 'vardir': 'File[/var/lib/puppet]{:backup=>false, :loglevel=>:debug, :links=>:follow, :path=>"/var/lib/puppet",
:ensure=>:directory}'
Debug: Using settings: adding file resource 'requestdir': 'File[/var/lib/puppet/ssl/certificate_requests]{:backup=>false, :loglevel=>:debug,
:owner=>"puppet", :links=>:follow, :path=>"/var/lib/puppet/ssl/certificate_requests", :ensure=>:directory}'
Debug: Using settings: adding file resource 'rundir': 'File[/var/run/puppet]{:backup=>false, :loglevel=>:debug, :links=>:follow, :mode=>"755",
:path=>"/var/run/puppet", :ensure=>:directory}'
Debug: Using settings: adding file resource 'clientyamldir': 'File[/var/lib/puppet/client_yaml]{:backup=>false, :loglevel=>:debug, :links=>:follow,
:mode=>"750", :path=>"/var/lib/puppet/client_yaml", :ensure=>:directory}'
Debug: Using settings: adding file resource 'hostprivkey': 'File[/var/lib/puppet/ssl/private_keys/client.inno.com.pem]{:backup=>false, :loglevel=>:debug,
:owner=>"puppet", :links=>:follow, :mode=>"600", :path=>"/var/lib/puppet/ssl/private_keys/client.inno.com.pem", :ensure=>:file}'
Debug: Puppet::Type::Group::ProviderPw: file pw does not exist
Debug: Failed to load library 'ldap' for feature 'ldap'
Debug: Puppet::Type::Group::ProviderLdap: feature ldap is missing
Debug: Puppet::Type::Group::ProviderDirectoryservice: file /usr/bin/dscl does not exist
Debug: Using settings: adding file resource 'logdir': 'File[/var/log/puppet]{:backup=>false, :group=>"puppet", :loglevel=>:debug, :owner=>"puppet",
:links=>:follow, :mode=>"750", :path=>"/var/log/puppet", :ensure=>:directory}'
Debug: Using settings: adding file resource 'ssldir': 'File[/var/lib/puppet/ssl]{:backup=>false, :loglevel=>:debug, :owner=>"puppet", :links=>:follow,
:mode=>"771", :path=>"/var/lib/puppet/ssl", :ensure=>:directory}'
Debug: Using settings: adding file resource 'privatekeydir': 'File[/var/lib/puppet/ssl/private_keys]{:backup=>false, :loglevel=>:debug, :owner=>"puppet",
:links=>:follow, :mode=>"750", :path=>"/var/lib/puppet/ssl/private_keys", :ensure=>:directory}'
Debug: /File[/var/lib/puppet/ssl/public_keys/client.inno.com.pem]: Autorequiring File[/var/lib/puppet/ssl/public_keys]
Debug: /File[/var/lib/puppet/ssl]: Autorequiring File[/var/lib/puppet]
Debug: /File[/var/lib/puppet/ssl/private_keys]: Autorequiring File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/ssl/certs]: Autorequiring File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/clientbucket]: Autorequiring File[/var/lib/puppet]
Debug: /File[/var/lib/puppet/ssl/private]: Autorequiring File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/ssl/private_keys/client.inno.com.pem]: Autorequiring File[/var/lib/puppet/ssl/private_keys]
Debug: /File[/var/lib/puppet/client_yaml]: Autorequiring File[/var/lib/puppet]
Debug: /File[/var/lib/puppet/ssl/certs/ca.pem]: Autorequiring File[/var/lib/puppet/ssl/certs]
Debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet]
Debug: /File[/var/lib/puppet/ssl/public_keys]: Autorequiring File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/client_data]: Autorequiring File[/var/lib/puppet]
Debug: /File[/var/lib/puppet/state/graphs]: Autorequiring File[/var/lib/puppet/state]
Debug: /File[/var/lib/puppet/ssl/certificate_requests]: Autorequiring File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/puppet]
Debug: Finishing transaction 23576493640540
Debug: Using settings: adding file resource 'hostpubkey': 'File[/var/lib/puppet/ssl/public_keys/client.inno.com.pem]{:backup=>false, :loglevel=>:debug,
:owner=>"puppet", :links=>:follow, :mode=>"644", :path=>"/var/lib/puppet/ssl/public_keys/client.inno.com.pem", :ensure=>:file}'
Debug: Using settings: adding file resource 'statedir': 'File[/var/lib/puppet/state]{:backup=>false, :loglevel=>:debug, :links=>:follow, :mode=>"1755",
:path=>"/var/lib/puppet/state", :ensure=>:directory}'
Debug: Using settings: adding file resource 'confdir': 'File[/etc/puppet]{:backup=>false, :loglevel=>:debug, :links=>:follow, :path=>"/etc/puppet",
:ensure=>:directory}'
Debug: Using settings: adding file resource 'publickeydir': 'File[/var/lib/puppet/ssl/public_keys]{:backup=>false, :loglevel=>:debug, :owner=>"puppet",
:links=>:follow, :path=>"/var/lib/puppet/ssl/public_keys", :ensure=>:directory}'
Debug: Using settings: adding file resource 'privatedir': 'File[/var/lib/puppet/ssl/private]{:backup=>false, :loglevel=>:debug, :owner=>"puppet",
:links=>:follow, :mode=>"750", :path=>"/var/lib/puppet/ssl/private", :ensure=>:directory}'
Debug: Using settings: adding file resource 'plugindest': 'File[/var/lib/puppet/lib]{:backup=>false, :loglevel=>:debug, :links=>:follow,
:path=>"/var/lib/puppet/lib", :ensure=>:directory}'
Debug: Using settings: adding file resource 'localcacert': 'File[/var/lib/puppet/ssl/certs/ca.pem]{:backup=>false, :loglevel=>:debug, :owner=>"puppet",
:links=>:follow, :mode=>"644", :path=>"/var/lib/puppet/ssl/certs/ca.pem", :ensure=>:file}'
Debug: Using settings: adding file resource 'certdir': 'File[/var/lib/puppet/ssl/certs]{:backup=>false, :loglevel=>:debug, :owner=>"puppet", :links=>:follow,
:path=>"/var/lib/puppet/ssl/certs", :ensure=>:directory}'
Debug: Using settings: adding file resource 'vardir': 'File[/var/lib/puppet]{:backup=>false, :loglevel=>:debug, :links=>:follow, :path=>"/var/lib/puppet",
:ensure=>:directory}'
Debug: Using settings: adding file resource 'requestdir': 'File[/var/lib/puppet/ssl/certificate_requests]{:backup=>false, :loglevel=>:debug,
:owner=>"puppet", :links=>:follow, :path=>"/var/lib/puppet/ssl/certificate_requests", :ensure=>:directory}'
Debug: Using settings: adding file resource 'rundir': 'File[/var/run/puppet]{:backup=>false, :loglevel=>:debug, :links=>:follow, :mode=>"755",
:path=>"/var/run/puppet", :ensure=>:directory}'
Debug: Using settings: adding file resource 'hostprivkey': 'File[/var/lib/puppet/ssl/private_keys/client.inno.com.pem]{:backup=>false, :loglevel=>:debug,
:owner=>"puppet", :links=>:follow, :mode=>"600", :path=>"/var/lib/puppet/ssl/private_keys/client.inno.com.pem", :ensure=>:file}'
Debug: Using settings: adding file resource 'logdir': 'File[/var/log/puppet]{:backup=>false, :group=>"puppet", :loglevel=>:debug, :owner=>"puppet",
:links=>:follow, :mode=>"750", :path=>"/var/log/puppet", :ensure=>:directory}'
Debug: Using settings: adding file resource 'ssldir': 'File[/var/lib/puppet/ssl]{:backup=>false, :loglevel=>:debug, :owner=>"puppet", :links=>:follow,
:mode=>"771", :path=>"/var/lib/puppet/ssl", :ensure=>:directory}'
Debug: Using settings: adding file resource 'privatekeydir': 'File[/var/lib/puppet/ssl/private_keys]{:backup=>false, :loglevel=>:debug, :owner=>"puppet",
:links=>:follow, :mode=>"750", :path=>"/var/lib/puppet/ssl/private_keys", :ensure=>:directory}'
Debug: /File[/var/lib/puppet/ssl/private_keys/client.inno.com.pem]: Autorequiring File[/var/lib/puppet/ssl/private_keys]
Debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet]
Debug: /File[/var/lib/puppet/ssl/private]: Autorequiring File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/ssl/certs/ca.pem]: Autorequiring File[/var/lib/puppet/ssl/certs]
Debug: /File[/var/lib/puppet/ssl/public_keys/client.inno.com.pem]: Autorequiring File[/var/lib/puppet/ssl/public_keys]
Debug: /File[/var/lib/puppet/ssl/certs]: Autorequiring File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/ssl/public_keys]: Autorequiring File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/ssl/private_keys]: Autorequiring File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/ssl/certificate_requests]: Autorequiring File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/ssl]: Autorequiring File[/var/lib/puppet]
Debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/puppet]
Debug: Finishing transaction 23576491846840
Debug: Using cached certificate for ca
Info: Caching certificate for client.inno.com
Debug: Using settings: adding file resource 'client_datadir': 'File[/var/lib/puppet/client_data]{:backup=>false, :loglevel=>:debug, :links=>:follow,
:mode=>"750", :path=>"/var/lib/puppet/client_data", :ensure=>:directory}'
Debug: Using settings: adding file resource 'clientbucketdir': 'File[/var/lib/puppet/clientbucket]{:backup=>false, :loglevel=>:debug, :links=>:follow,
:mode=>"750", :path=>"/var/lib/puppet/clientbucket", :ensure=>:directory}'
Debug: Using settings: adding file resource 'graphdir': 'File[/var/lib/puppet/state/graphs]{:backup=>false, :loglevel=>:debug, :links=>:follow,
:path=>"/var/lib/puppet/state/graphs", :ensure=>:directory}'
Debug: Using settings: adding file resource 'clientyamldir': 'File[/var/lib/puppet/client_yaml]{:backup=>false, :loglevel=>:debug, :links=>:follow,
:mode=>"750", :path=>"/var/lib/puppet/client_yaml", :ensure=>:directory}'
Debug: Finishing transaction 23576491544760
Debug: node supports formats: b64_zlib_yaml pson raw yaml; using pson
Debug: Using cached certificate for ca
Debug: Using cached certificate for client.inno.com
Info: Caching certificate_revocation_list for ca
Info: Retrieving plugin
Debug: file_metadata supports formats: b64_zlib_yaml pson raw yaml; using pson
Debug: Finishing transaction 23576491432300
Debug: catalog supports formats: b64_zlib_yaml dot pson raw yaml; using pson
Info: Caching catalog for client.inno.com
Debug: Creating default schedules
Info: Applying configuration version '1366622207'
Debug: /Schedule[daily]: Skipping device resources because running on a host
Debug: /Schedule[monthly]: Skipping device resources because running on a host
Debug: /Schedule[hourly]: Skipping device resources because running on a host
Debug: /Schedule[never]: Skipping device resources because running on a host
Debug: /Schedule[weekly]: Skipping device resources because running on a host
Debug: /Schedule[puppet]: Skipping device resources because running on a host
Debug: Finishing transaction 23576491374800
Debug: Storing state
Info: Creating state file /var/lib/puppet/state/state.yaml
Debug: Stored state in 0.01 seconds
Notice: Finished catalog run in 0.03 seconds
Debug: Value of 'preferred_serialization_format' (pson) is invalid for report, using default (b64_zlib_yaml)
Debug: report supports formats: b64_zlib_yaml raw yaml; using b64_zlib_yaml
现在就可以测试Master,Client上的文件传输
Master修改如下,至于里面意思暂不理解,这里只是测试安装是否完成
#cat /etc/puppet/manifests/site.pp
node default{
file{
"/tmp/test.txt": content => "hello world,this is my first puppet test!\n";
}
}
Client端测试
# puppet agent -t --server master.inno.com
Info: Retrieving plugin
Info: Caching catalog for client.inno.com
Info: Applying configuration version '1366624745'
Notice: /Stage[main]//Node[default]/File[/tmp/test.txt]/content:
--- /tmp/test.txt 2013-04-22 17:57:38.000000000 +0800
+++ /tmp/puppet-file20130422-19149-6etqz1-0 2013-04-22 17:59:05.000000000 +0800
@@ -1 +1 @@
-hello world
\ No newline at end of file
+hello world,this is my first puppet test!
Info: FileBucket adding {md5}5eb63bbbe01eeed093cb22bb8f5acdc3
Info: /Stage[main]//Node[default]/File[/tmp/test.txt]: Filebucketed /tmp/test.txt to puppet with sum 5eb63bbbe01eeed093cb22bb8f5acdc3
Notice: /Stage[main]//Node[default]/File[/tmp/test.txt]/content: content changed '{md5}5eb63bbbe01eeed093cb22bb8f5acdc3' to '{md5}
4ca1ee5323b7eb7b4d9e6a8a577930c8'
Notice: Finished catalog run in 0.43 seconds
[root@client tmp]# cat /tmp/test.txt
hello world,this is my first puppet test!
五, 最后友情提示
由于Cert这里容易出问题,想你的hosts文件,DNS等都容易引起问题,当出现问题时
可以把以前证书清空,甚至把/var/lib/puppet这个目录整个删掉都可以,只要把puppet这个
服务重启一下那个目录及下面的内容会自动出现,这样清空证书方法更好用
# puppet cert clean all
Error: The certificate retrieved from the master does not match the agent's private key.
Certificate fingerprint: DD:65:E9:02:89:91:49:62:6E:6F:85:0D:9E:A5:F3:AA:01:6D:31:B1:CD:ED:34:9B:CC:57:5F:38:4B:FE:F6:9E
To fix this, remove the certificate from both the master and the agent and then start a puppet run, which will automatically regenerate a certficate.
On the master:
puppet cert clean client.localdomain
On the agent:
rm -f /var/lib/puppet/ssl/certs/client.localdomain.pem
puppet agent -t
16:45:14 root@master (/etc/puppet/modules) [145]#puppet cert clean client.localdomain
Notice: Revoked certificate with serial 4