一．  服务器端和客户端都需要做的操作。

1. 下载软件 wget    wget 2. 安装ruby  puppet是ruby开发的，所以需要安装。 Yum   -y install ruby 3. 安装facter  Ruby  install.rb 4. 安装puppet   安装都非常快。不到1分钟。 Ruby  install.rb 5. 同步时间  cp /usr/share/zoneinfo/Asia/Shanghai  /etc/localtime /usr/sbin/ntpdate time.nist.gov 二． 服务器端的操作。 1. 创建目录，拷贝文件等。 mkdir /etc/puppet cp conf/auth.conf /etc/puppet/ cp conf/redhat/fileserver.conf /etc/puppet/ cp conf/redhat/puppet.conf /etc/puppet/ cp conf/redhat/server.init /etc/init.d/puppetmaster chmod 755 /etc/init.d/puppetmaster chkconfig --add puppetmaster chkconfig puppetmaster on mkdir -p /etc/puppet/manifests 2. 创建puppet帐户 puppetmasterd --mkusers 3. 建立相应的目录 mkdir /var/lib/puppet/rrd/ chown puppet.puppet /var/lib/puppet/rrd/ 4. 启动服务 /etc/init.d/puppetmaster start 三． 客户端端的操作 1. 创建目录，拷贝文件等 mkdir /etc/puppet cp conf/auth.conf /etc/puppet/ cp conf/namespaceauth.conf /etc/puppet/ cp conf/redhat/puppet.conf /etc/puppet/ cp conf/redhat/client.init /etc/init.d/puppet chmod 755 /etc/init.d/puppet chkconfig --add puppet chkconfig puppet on 2. 创建puppet用户和组 puppetd –mkusers ；如果报错，则手工建立puppet用户和组(puppet放到puppet组) 3. 创建目录 mkdir /var/lib/puppet/rrd     chown puppet.puppet /var/lib/puppet/rrd 四． 测试 1. 客户端执行puppetd --test --server server.puppet.com发送认证请求 [root@localhost puppet-2.7.9]# puppetd --test --server server.puppet.com warning: peer certificate won't be verified in this SSL session info: Caching certificate for ca warning: peer certificate won't be verified in this SSL session warning: peer certificate won't be verified in this SSL session info: Creating a new SSL certificate request for localhost.localdomain info: Certificate Request fingerprint (md5): C5:76:BF:68:12:82:BD:42:86:0F:28:16:1B:6A:75:DD warning: peer certificate won't be verified in this SSL session warning: peer certificate won't be verified in this SSL session warning: peer certificate won't be verified in this SSL session Exiting; no certificate found and waitforcert is disabled 2. 服务器端执行puppetca -s -a [root@biansongshan-d1 soft]# puppetca -s –a发送接受请求。 notice: Signed certificate request for localhost.localdomain notice: Removing file Puppet::SSL::CertificateRequest localhost.localdomain at '/var/lib/puppet/ssl/ca/requests/localhost.localdomain.pem' 3. 客户端再次发送请求puppetd --test --server server.puppet.com [root@localhost puppet-2.7.9]# puppetd --test --server server.puppet.com info: Caching certificate_revocation_list for ca info: Caching catalog for localhost.localdomain info: Applying configuration version '1325218033' info: Creating state file /var/lib/puppet/state/state.yaml notice: Finished catalog run in 0.04 seconds 出现上面信息表示server端已接受请求，连接成功。如果报下面错误 [root@localhost puppet-2.7.9]# puppetd --test --server server.puppet.com err: Could not retrieve catalog from remote server: hostname not match with the server certificate warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run err: Could not send report: hostname not match with the server certificate 则需要修改服务器的主机名和本机的hosts解析。 五． 实际举例子 到这里证明puppet的基本设置已经没有问题了；下面举一个例子： 1. 现在在服务器的/etc/puppet/manifests/建立site.pp里面放置如下内容 node default { file{"/tmp/a.txt": content => "helo,I am abc.bbb!abc.aaa \n bbbbbb \n cccc \n dddd \n", ensure  => present, mode => 644, owner => root, group => root, } } 2. 在客户端上执行puppetd --test --server server.puppet.com可以发现/tmp/会生成a.txt文件，内容是content里面的内容。  [root@localhost ~]# cat /tmp/a.txt helo,I am abc.bbb!abc.aaa  bbbbbb  cccc  dddd 到这里就已经完全ok了。