我安装了一个 Puppetmaster如这里所述。现在我需要添加几个傀儡代理。我该怎么做?
答案1
请注意:这应该可以工作(并且已经在 Ubuntu 10.04 和 12.04 上测试过)。
现在,我们将使用官方的 Puppet repo,因为它拥有大部分内容的较新版本。
要做到这一点,
wget http://apt.puppetlabs.com/puppetlabs-release-precise.deb
sudo dpkg -i puppetlabs-release-precise.deb
现在我们已经添加了 puppet 存储库。
sudo apt-get update
现在我们已经更新了 sources.list,因此 apt-get 知道在哪里找到 puppet 包。
sudo apt-get install puppet
确保你可以在‘puppet’处 ping puppet master。
现在轮到你需要为此使用 root 用户。
跑步
sudo -i
既是代理人,也是操纵者。
现在,关于代理:
puppet agent --test
它应该返回一些像这样的输出:
root@puppetslave2:~# puppet agent --test
info: Creating a new SSL key for puppetslave2.home
warning: peer certificate won't be verified in this SSL session
info: Caching certificate for ca
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
info: Creating a new SSL certificate request for puppetslave2.home
info: Certificate Request fingerprint (md5): 04:8F:9A:99:0F:FF:26:7C:FC:2D:9C:8B:B8:B8:DF:17
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
Exiting; no certificate found and waitforcert is disabled
在 master 上:
puppet cert list
root@puppet:~# puppet cert list
puppetslave2.home (04:8F:9A:99:0F:FF:26:7C:FC:2D:9C:8B:B8:B8:DF:17)
puppet cert sign puppetslave2.home
然后输出应该是这样的:
root@puppet:~# puppet cert sign puppetslave2.home
notice: Signed certificate request for puppetslave2.home
notice: Removing file Puppet::SSL::CertificateRequest puppetslave2.home at '/var/lib/puppet/ssl/ca/requests/puppetslave2.home.pem'
现在去做
puppet agent --test
在代理上。如果您在 Puppetmaster 上有一份清单,它应该会成功。下面是示例一:
node 'puppetslave2.home' {
file { '/etc/motd':
content => "Welcome.
This machine is managed by Puppet
"
}
}