[root@puppet-agent ~]# rpm -ivh https://yum.puppetlabs.com/el/6.5/products/x86_64/puppetlabs-release-6-10.noarch.rpm
Retrieving https://yum.puppetlabs.com/el/6.5/products/x86_64/puppetlabs-release-6-10.noarch.rpm
warning: /var/tmp/rpm-tmp.FD1UUR: Header V4 RSA/SHA1 Signature, key ID 4bd6ec30: NOKEY
Preparing... ########################################### [100%]
1:puppetlabs-release ########################################### [100%]
[root@puppet-agent ~]# yum install puppet
Loaded plugins: fastestmirror, refresh-packagekit, security
Loading mirror speeds from cached hostfile
* base: centos.gbeservers.com
* extras: mirrors.usinternet.com
* updates: centos-distro.cavecreek.net
puppetlabs-deps | 2.5 kB 00:00
puppetlabs-deps/primary_db | 27 kB 00:00
puppetlabs-products | 2.5 kB 00:00
puppetlabs-products/primary_db | 170 kB 00:00
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package puppet.noarch 0:3.8.7-1.el6 will be installed
--> Processing Dependency: ruby >= 1.8.7 for package: puppet-3.8.7-1.el6.noarch
--> Processing Dependency: ruby >= 1.8 for package: puppet-3.8.7-1.el6.noarch
Out put truncated .....
[root@puppet-agent ~]# puppet --version
3.8.7
Configuration:
1. In the main section of the puppet.conf
[root@puppet-agent ~]# vi /etc/puppet/puppet.conf
[main]
# The Puppet log directory.
# The default value is '$vardir/log'.
logdir = /var/log/puppet
server = skywalker.example.com
2. Allow the firewall on port 8140 or disable it if you are just testing the puppet
3. Generate the client cert
[root@puppet-agent ~]# puppet agent -t
Info: Creating a new SSL key for puppet-agent.example.com
Info: Caching certificate for ca
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for puppet-agent.example.com
Info: Certificate Request fingerprint (SHA256): 57:C0:26:83:1D:20:FB:46:03:91:50:47:12:CE:41:CE:D0:56:06:40:D8:E6:A7:67:D4:FD:E4:10:A0:AD:F8:E6
Info: Caching certificate for ca
Exiting; no certificate found and waitforcert is disabled
4. ignore the error for "waitforcecert" we yet have to sign the client from the puppet master
[root@puppet-agent ~]# puppet cert list
Notice: Signed certificate request for ca
5. Display the cert from master
[root@skywalker puppet]# puppet cert list -a
"puppet-agent.example.com" (SHA256) 57:C0:26:83:1D:20:FB:46:03:91:50:47:12:CE:41:CE:D0:56:06:40:D8:E6:A7:67:D4:FD:E4:10:A0:AD:F8:E6
6. Cert is signed now
[root@skywalker puppet]# puppet cert sign puppet-agent.example.com
Signing Certificate Request for:
"puppet-agent.example.com" (SHA256) 57:C0:26:83:1D:20:FB:46:03:91:50:47:12:CE:41:CE:D0:56:06:40:D8:E6:A7:67:D4:FD:E4:10:A0:AD:F8:E6
Notice: Signed certificate request for puppet-agent.example.com
Notice: Removing file Puppet::SSL::CertificateRequest puppet-agent.example.com at '/etc/puppetlabs/puppet/ssl/ca/requests/puppet-agent.example.com.pem'
7. now run - puppet agent -t
[root@puppet-agent ~]# puppet agent -t
Info: Caching certificate for puppet-agent.example.com
Info: Caching certificate_revocation_list for ca
Info: Caching certificate for puppet-agent.example.com
output truncated ....
puppet agent is seen in the inventory of the puppet master to manage.
Thanks.
No comments:
Post a Comment