安裝Foreman1.6架構（foreman與puppetmaster分離） · Puppet運維實戰

#### foreman架構的引入4-安裝Foreman1.6.3架構（foreman與puppetmaster分離） **注意：**本實驗是在離線情況下安裝的，所以需要在本地創建自己的yum倉庫，創建方法可參考《[如何根據版本制作屬于自己的puppet yum源](http://kisspuppet.com/2014/01/26/puppet_create_repo/)》，如何你實在是比較懶或者搞不定rpm包之間的依賴關系，那就去我的github上下載吧：[https://github.com/kisspuppet/foreman-repo](https://github.com/kisspuppet/foreman-repo) 更多安裝細節請參考官網：[http://theforeman.org/manuals/1.6/index.html](http://theforeman.org/manuals/1.6/index.html) 之前講的all-in-one方式建議只用于測試使用，如果要用于生產環境，建議將foreman和puppetmaster分離安裝，更有利于后期的維護和擴展。還有就是之前你已經部署過puppetmaster了，如何單獨部署foreman和puppetmaster通信也是值得考慮的問題。 ### 1、軟件包的選型如下： - **puppet-server 3.6.2** - **puppet 3.6.2** - **facter 2.0.2** - **mcollective 2.2.4** - **rabbitmq-server 3.2.4** - **foreman 1.6.3** - **foreman-proxy 1.6.3** ### 2、系統環境準備 | 角色 | 主機名 | 系統版本 | IP | |-----|-----|-----|-----| | foreman | foreman163.kisspuppet.com | rhel6.4-x86_64 | 192.168.20.11/24 | | puppetmaster | pupptmaster162.kisspuppet.com | rhel6.4-x86_64 | 192.168.20.12/24 | ### 3、安裝puppetmaster **3.1、安裝puppetmaster，并生成CA和證書** ~~~ [root@puppetmaster162 ~]# yum install puppet puppet-server facter [root@puppetmaster162 puppet]# vim /etc/puppet/puppet.conf [agent] server = puppetmaster162.kisspuppet.com pluginsync = false ... [master] certname = puppetmaster162.kisspuppet.com environmentpath = /etc/puppet/environments basemodulepath = /etc/puppet/modules:/usr/share/puppet/modules environment_timeout = 10 [root@puppetmaster162 ~]# /etc/init.d/puppetmaster start Starting puppetmaster: [ OK ] [root@puppetmaster162 ~]# puppet cert --list --all + "puppetmaster162.kisspuppet.com" (SHA256) 2E:B3:73:4F:CD:EE:0C:64:2C:DF:24:E6:D3:62:F3:1C:AC:A3:28:60:67:1D:0C:8C:C5:CA:68:5B:4B:2F:49:B9 (alt names: "DNS:puppet", "DNS:puppet.kisspuppet.com", "DNS:puppetmaster162.kisspuppet.com") ~~~ **3.2、測試puppetmaster是否能夠正常使用** ~~~ [root@puppetmaster162 ~]# puppet agent -t Info: Caching catalog for puppetmaster162.kisspuppet.com Info: Applying configuration version '1417749612' Notice: Finished catalog run in 0.04 seconds ~~~ **注：**以上安裝方式，puppetmaster工作在Webrick上，性能非常差，需要更換為性能好的web服務器上，如果更換，請參考 [http://kisspuppet.com/2014/10/18/puppet_learning_ext3/](http://kisspuppet.com/2014/10/18/puppet_learning_ext3/)[http://kisspuppet.com/2014/10/20/puppet_learning_ext4/](http://kisspuppet.com/2014/10/20/puppet_learning_ext4/) ### 4、安裝Foreman **4.1、安裝puppet客戶端并完成認證** ~~~ #安裝 [root@foreman163 ~]# yum install puppet facter [root@foreman163 ~]# vim /etc/puppet/puppet.conf [main] ... privatekeydir = $ssldir/private_keys { group = service } hostprivkey = $privatekeydir/$certname.pem { mode = 640 } [agent] server = puppetmaster162.kisspuppet.com pluginsync = false #申請認證 [root@foreman163 ~]# puppet agent -t Info: Creating a new SSL key for foreman163.kisspuppet.com Info: Caching certificate for ca Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml Info: Creating a new SSL certificate request for Info: Certificate Request fingerprint (SHA256): 35:5D:E5:74:71:E0:FD:D2:67:34:17:92:3D:60:F2:A1:34:26:BA:E5:2D:1F:3A:0E:07:6F:85:38:A8:39:8B:65 Info: Caching certificate for ca Exiting; no certificate found and waitforcert is disabled #授權證書 [root@puppetmaster162 ~]# puppet cert --sign foreman163.kisspuppet.com Notice: Signed certificate request for foreman163.kisspuppet.com Notice: Removing file Puppet::SSL::CertificateRequest foreman163.kisspuppet.com at '/var/lib/puppet/ssl/ca/requests/foreman163.kisspuppet.com.pem' #測試 [root@foreman163 ~]# puppet agent -t Info: Caching catalog for foreman163.kisspuppet.com Info: Applying configuration version '1417749612' Notice: Finished catalog run in 0.05 seconds ~~~ **4.2、通過foreman-installer安裝foreman** foreman默認安裝選擇的數據庫為postgresql，這里選用mysql進行安裝。 **注意：**openssl版本要升級到1.0.1e版本 ~~~ #先安裝包 [root@foreman163 ~]# yum install foreman-installer foreman mod_passenger mod_ssl ruby193-rubygem-passenger-native mysql mysql-server foreman-mysql2 openssl ... Updated: openssl.x86_64 0:1.0.1e-15.el6 Replaced: ruby193-v8.x86_64 1:3.14.5.10-2.el6 Complete! #然后通過foreman-installer調用puppet進行配置 [root@foreman163 ~]# foreman-installer --foreman-db-adapter mysql2 --foreman-db-type mysql --no-enable-puppet --no-enable-foreman-proxy --foreman-configure-epel-repo=false Installing Done [100%] [] Success! * Foreman is running at https://foreman163.kisspuppet.com Initial credentials are admin / 2kWcqJsW6cLDwo7m The full log is at /var/log/foreman-installer/foreman-installer.log ~~~ **注：**以上安裝完成之后，默認登錄密碼為隨機密碼，這跟之前版本有所不同。安裝完成之后，通過火狐或者谷歌瀏覽器訪問看是否安裝成功[https://192.168.20.11](https://192.168.20.11) 記得修改默認密碼，否則待會忘了又登錄不了了。 ### 5、安裝Foreman-proxy **注：**這里的foreman-proxy主要是代理puppet以及puppetca，所以要安裝在puppetmaster上。 **5.1、安裝foreman-proxy** ~~~ [root@puppetmaster162 ~]# yum install foreman-installer foreman-proxy tftp-server syslinux [root@puppetmaster162 yum.repos.d]# foreman-installer --no-enable-foreman --no-enable-foreman-cli --no-enable-foreman-plugin-bootdisk --no-enable-foreman-plugin-setup --no-enable-puppet --enable-foreman-proxy --foreman-proxy-puppetrun=true --foreman-proxy-puppetrun-provider=mcollective --foreman-proxy-puppetca=true --foreman-proxy-dhcp=false --foreman-proxy-tftp=false --foreman-proxy-dns=false --foreman-proxy-register-in-foreman=false --foreman-configure-epel-repo=false --foreman-configure-scl-repo=false Installing Done [100%] [] Success! * Foreman Proxy is running at https://puppetmaster162.kisspuppet.com:8443 The full log is at /var/log/foreman-installer/foreman-installer.log #檢測8443端口 [root@puppetmaster162 ~]# netstat -nlatp | grep 8443 tcp 0 0 0.0.0.0:8443 0.0.0.0:* LISTEN 4635/ruby ~~~ **5.2、設置ENC** ~~~ #從foreman-installer中獲取node.rb（貌似不能用，可以通過all-in-one方式安裝后獲取） [root@puppetmaster162 ~]# cp /usr/share/foreman-installer/modules/foreman/files/foreman-report_v2.rb /etc/puppet/node.rb [root@puppetmaster162 ~]# chown puppet. /etc/puppet/node.rb #設置屬組和屬主都為puppet [root@puppetmaster162 ~]# chmod 550 /etc/puppet/node.rb #設置執行權限 ~~~ **5.3、設置report** ~~~ #從foreman-installer中獲取foreman.rb [root@puppetmaster162 ~]# cp /usr/share/foreman-installer/modules/foreman/files/foreman-report_v2.rb /usr/lib/ruby/site_ruby/1.8/puppet/reports/foreman.rb ~~~ **5.4、設置連接foreman的信息** ~~~ #這里跟foreman1.5版本（包括1.5版本）不一樣，請注意 [root@puppetmaster162 puppet]# vim /etc/puppet/foreman.yaml --- :url: "https://foreman163.kisspuppet.com" :ssl_ca: "/var/lib/puppet/ssl/certs/ca.pem" :ssl_cert: "/var/lib/puppet/ssl/certs/puppetmaster162.kisspuppet.com.pem" :ssl_key: "/var/lib/puppet/ssl/private_keys/puppetmaster162.kisspuppet.com.pem" :user: "" :password: "" :puppetdir: "/var/lib/puppet" :puppetuser: "puppet" :facts: true :timeout: 10 :threads: null [root@puppetmaster162 ~]# /etc/init.d/foreman-proxy restart Stopping foreman-proxy: [ OK ] Starting foreman-proxy: [ OK ] ~~~ ### 6、注冊puppet和puppetca **6.1、在puppetmaster上添加ENC配置和foreman報告** ~~~ [root@puppetmaster162 ~]# vim /etc/puppet/puppet.conf [master] ... reports = foreman external_nodes = /etc/puppet/node.rb node_terminus = exec #重啟生效 [root@puppetmaster162 ~]# /etc/init.d/puppetmaster restart Stopping puppetmaster: [ OK ] Starting puppetmaster: [ OK ] ~~~ **6.2、登錄foreman注冊foreman-proxy** **6.3、節點測試** ~~~ [root@foreman163 ~]# puppet agent -t Info: Caching catalog for foreman163.kisspuppet.com Info: Applying configuration version '1417762929' Notice: Finished catalog run in 0.13 seconds [root@puppetmaster162 ~]# puppet agent -t Info: Caching catalog for puppetmaster162.kisspuppet.com Info: Applying configuration version '1417762858' Notice: Finished catalog run in 0.14 seconds ~~~ **注：**如果測試報錯，請將foreman中的puppet插件的enc_environment選項設置為false，具體如何使用后續講解關于如何設置和使用foreman，請關注后續文章....