Puppet安装以及遇到的问题主机名需要能够解析，相互之间能够解析。

1、puppet master的安装puppet1)通过源代码安装2)通过二进制的安装（yum apt-get...）# wget -r ftp://192.168.0.254/notes/softwares/puppet# tar xf puppet-2.7.23.tar.bz2# cd puppet-2.7.23# yum -y localinstall puppet-server-2.7.23-1.el6.noarch.rpmpuppet-2.7.23-1.el6.noarch.rpm facter-1.6.18-3.el6.x86_64.rpmruby-augeas-0.4.1-1.el6.x86_64.rpm ruby-shadow-1.4.1-13.el6.x86_64.rpm2、在两个agnet上安装agent# cd /root/puppet-2.7.23/# yum -y localinstall puppet-2.7.23-1.el6.noarch.rpm facter-1.6.18-3.el6.x86_64.rpm ruby-augeas-0.4.1-1.el6.x86_64.rpm ruby-shadow-1.4.1-13.el6.x86_64.rpm3、配置puppet master端# rpm -ql puppet-server/etc/puppet/fileserver.conf －－puppet内置的文件服务器/etc/puppet/manifests －－全局的资源清单所在的目录/etc/puppet/puppetmasterd.conf －－主配置文件/etc/rc.d/init.d/puppetmaster －－启动脚本/etc/sysconfig/puppetmaster/usr/sbin/puppetmasterd/usr/sbin/puppetqd/usr/sbin/puppetrun/usr/share/man/man8/filebucket.8.gz/usr/share/man/man8/puppet-master.8.gz/usr/share/man/man8/puppetmasterd.8.gz/usr/share/man/man8/puppetqd.8.gz/usr/share/man/man8/puppetrun.8.gz获取帮助# puppet help# puppet xxx --help获取master的配置文件列表# puppet master --genconfig |grep -vE '(#)|^$' [master]fileserverconfig = /etc/puppet/fileserver.conf manifest = /etc/puppet/manifests/site.ppconfig = /etc/puppet/puppet.confrest_authconfig = /etc/puppet/auth.confyamldir = /var/lib/puppet/yamlreportdir = /var/lib/puppet/reportsmasterlog = /var/log/puppet/puppetmaster.logmodulepath = /etc/puppet/modules:/usr/share/puppet/modules server_datadir = /var/lib/puppet/server_datapidfile = /var/run/puppet/master.pidmanifestdir = /etc/puppet/manifestsmasterhttplog = /var/log/puppet/masterhttp.logbucketdir = /var/lib/puppet/buckethostpubkey = /var/lib/puppet/ssl/public_keys/.pem inventory_terminus = yamlpublickeydir = /var/lib/puppet/ssl/public_keysprivatedir = /var/lib/puppet/ssl/privatestatedir = /var/lib/puppet/statefactdest = /var/lib/puppet/facts/hostcert = /var/lib/puppet/ssl/certs/.pemroute_file = /etc/puppet/routes.yamllocalcacert = /var/lib/puppet/ssl/certs/ca.pemhttplog = /var/log/puppet/http.logcertdir = /var/lib/puppet/ssl/certsplugindest = /var/lib/puppet/librequestdir = /var/lib/puppet/ssl/certificate_requestsrundir = /var/run/puppetpassfile = /var/lib/puppet/ssl/private/passwordfactsource = puppet://puppet/facts/hostprivkey = /var/lib/puppet/ssl/private_keys/.pem authconfig = /etc/puppet/namespaceauth.confhostcrl = /var/lib/puppet/ssl/crl.pemssldir = /var/lib/puppet/sslpluginsource = puppet://puppet/pluginslogdir = /var/log/puppetprivatekeydir = /var/lib/puppet/ssl/private_keysfactpath = /var/lib/puppet/lib/facter:/var/lib/puppet/factslibdir = /var/lib/puppet/libhostcsr = /var/lib/puppet/ssl/csr_.pem resourcefile = /var/lib/puppet/state/resources.txtreport_port = 8140lastrunfile = /var/lib/puppet/state/last_run_summary.yamlgraphdir = /var/lib/puppet/state/graphslocalconfig = /var/lib/puppet/state/localconfigclient_datadir = /var/lib/puppet/client_datareportserver = puppetinventory_server = puppetca_server = puppetlastrunreport = /var/lib/puppet/state/last_run_report.yaml node_name_value = statefile = /var/lib/puppet/state/state.yaml puppetdlog = /var/log/puppet/puppetd.log clientbucketdir = /var/lib/puppet/clientbucketclassfile = /var/lib/puppet/state/classes.txtreport_server = puppetinventory_port = 8140ca_port = 8140puppetdlockfile = /var/lib/puppet/state/puppetdlock splaylimit = 1800clientyamldir = /var/lib/puppet/client_yamlcacert = /var/lib/puppet/ssl/ca/ca_crt.pemcacrl = /var/lib/puppet/ssl/ca/ca_crl.pemserial = /var/lib/puppet/ssl/ca/serialsigneddir = /var/lib/puppet/ssl/ca/signedcert_inventory = /var/lib/puppet/ssl/ca/inventory.txtca_name = Puppet CA: cakey = /var/lib/puppet/ssl/ca/ca_key.pem caprivatedir = /var/lib/puppet/ssl/ca/privatecapass = /var/lib/puppet/ssl/ca/private/ca.passcadir = /var/lib/puppet/ssl/cacapub = /var/lib/puppet/ssl/ca/ca_pub.pemcsrdir = /var/lib/puppet/ssl/ca/requestsautosign = /etc/puppet/autosign.conftemplatedir = /var/lib/puppet/templatestagmap = /etc/puppet/tagmail.confrrdinterval = 1800rrddir = /var/lib/puppet/rrdrailslog = /var/log/puppet/rails.logdblocation = /var/lib/puppet/state/clientconfigs.sqlite3archive_file_server = puppetdeviceconfig = /etc/puppet/device.confdevicedir = /var/lib/puppet/devicesmodule_working_dir = /var/lib/puppet/puppet-module4、一个简单的文件应用做好域名的解析工作，保证master和agent之间的域名解析是正常的，所以保证你3台机器的hosts文件都是以下的状态:# vim /etc/hosts127.0.0.1 localhost.localdomainlocalhost.localdomain localhost4localhost4.localdomain4 localhost::1localhost.localdomainlocalhost.localdomain localhost6 localhost6.localdomain6 localhost192.168.5.245 master192.168.5.225 agent1192.168.5.226 agent2服务端的配置：# vim /etc/puppet/manifests/site.pp －－创建一个全局的资源清单file { "/var/tmp/abc.txt":ensure => present,owner =>youboy,group =>youboy,mode => 0600,content => "hello puppet agent";}有两种启动方式# /etc/init.d/puppetmasterd start －－正常模式# puppet master --verbose --debug --no-daemonize& －－调试模式两个客户端的配置：1）指定master是谁# vim /etc/puppet/puppet.conf[main]logdir = /var/log/puppetrundir = /var/run/puppetssldir = $vardir/sslserver = master －－修改此行[agent]classfile = $vardir/classes.txtlocalconfig = $vardir/localconfig2）以调试模式启动agnet# /etc/init.d/puppet start －－正常模式# puppet agent --server=master --verbose --no-daemonize --onetime －－调试模式（此时agent会向master申请证书）3)在master上颁发证书给两个agnet# puppet cert --list －－查看当前master是否已经接受到两个agent的证书请求"agent1" (2B:C3:05:08:39:C7:7F:2D:68:9E:4F:73:D6:86:27:97)"agent2" (86:26:3B:93:EC:F9:DD:ED:31:A0:76:F1:27:F6:81:99)颁发证书# puppet cert --sign agent1notice: Signed certificate request for agent1notice: Removing file Puppet::SSL::CertificateRequest agent1 at'/var/lib/puppet/ssl/ca/requests/agent1.pem'# puppet cert --sign agent2notice: Signed certificate request for agent2notice: Removing file Puppet::SSL::CertificateRequest agent2 at'/var/lib/puppet/ssl/ca/requests/agent2.pem'4)以调试模式在agent上执行puppet agent的服务# puppet agent --server=master --verbose --no-daemonize --onetime info: Caching certificate for agent2info: Caching certificate_revocation_list for cainfo: Caching catalog for agent2info: Applying configuration version '1387097919'notice: /Stage[main]//File[/var/tmp/abc.txt]/ensure: createdinfo: Creating state file /var/lib/puppet/state/state.yamlnotice: Finished catalog run in 0.04 seconds5）查看结果是否是你定义的结果# ll /var/tmp/总用量4-rw------- 1 u01 group 19 12月15 16:58 abc.txt# cat /var/tmp/abc.txthello puppet agent6）测试agent和master之间的同步（默认是30分钟）为了测试把间隔改成5秒（在两个agenet上改，不需要到master上改）# vim /etc/puppet/puppet.conf[main]logdir = /var/log/puppetrundir = /var/run/puppetssldir = $vardir/sslserver = runinterval = 5[agent]classfile = $vardir/classes.txtlocalconfig = $vardir/localconfig7）在master上配置文件服务器# vim /etc/puppet/fileserver.conf[share]path /var/tmp/fileserverallow 192.168.5.0/24# mkdir /var/tmp/fileserver# touch /var/tmp/fileserver/abc.txt8）使用共享服务器发布配置文件# vim /etc/puppet/manifests/site.pp file {"/var/tmp/abc.txt":ensure => present,owner =>youboy,group =>youboy,mode => 0600,source => "puppet:///share/abc.txt";}9)如何让不同的客户加载不同资源（在服务的资源清单上写如下内容：）# vim /etc/puppet/manifests/site.ppnode 'agent1' {file { "/var/tmp/abc.txt":ensure => present,owner =>youboy,group =>youboy,mode => 0600,content => "hello puppet agent1\nhaha\nhehe\n";}}node 'agent2' {file { "/var/tmp/bcd.txt":ensure => present,owner =>youboy,group =>youboy,mode => 0600,content => "hello puppet agent2\n";}}1、客户端想服务端发出证书申请无效，报错：# puppet agent --server=master --verbose --no-daemonize --onetime Exiting; no certificate found and waitforcert is disabled处理方法：在agent端：mv /var/lib/puppet /tmp/2、自己指定的hosts是无效的，解析不了err: Could not retrieve catalog from remote server: Server hostname 'master' did not match server certificate; expected one of 132.bogon, DNS:132.bogon, DNS:puppet, DNS:puppet.bogonnotice: Using cached catalogerr: Could not retrieve catalog; skipping runerr: Could not send report: Server hostname 'master' did not match server certificate; expected one of 132.bogon, DNS:132.bogon, DNS:puppet,DNS:puppet.bogon处理方法：删掉/var/lib/puppet/重新来过。