puppet的授权服务器这里selinux和firewalld关闭yum install epel-release  （安装仓库）hostnamectl set-hostname master.localdomain（修改主机名）yum install puppet-server[root@localhost signed]# vim /etc/puppet/puppet.conf （添加字段）[master]certname=master.localdomain  （指定主服务器）[root@localhost signed]# vim /etc/hosts（添加本地解析）192.168.1.139   master.localdomain （主服务器）192.168.1.4     agent1.localdomain  （客户端）systemctl rstart puppetmaster（启动服务，一定要加master哦）[root@localhost signed]# lsagent1.pem  master.localdomain.pem[root@localhost signed]# pwd/var/lib/puppet/ssl/ca/signed   （这个目录下的机器都是授权过的） puppet cert --list（查看当前有那些客户端想要连接服务器）puppet cert --sign "agent1"（允许此机器连接服务器）puppet cert --sign - -all  （允许所有机器连接我）客户端selinux和firewalld关闭yum install epel-release  （安装仓库）hostnamectl set-hostname agent1.localdomain（修改主机名）yum install puppet（装包）[agent]    server = master.localdomain  （主服务器）    runinterval=10   （每10秒发起一次同步，拉取模式）[root@localhost certificate_requests]# systemctl restart puppetagent（重启，这里一定加上agent）[root@localhost certificate_requests]# lsagent1.localdomain.pem   （请求授权文件）[root@localhost certificate_requests]# pwd/var/lib/puppet/ssl/certificate_requests服务端[root@localhost requests]# ls （目录查询未授权文件）agent1.pem[root@localhost requests]# puppet cert list（命令查看未授权文件，agent1前面没有+号说明未授权）  "agent1" (SHA256) DB:9B:5B:25:D8:BF:B7:9F:7D:25:8E:89:02:F8:F0:4F:92:DB:17:CE:93:2D:47:84:EA:E6:B3:79:D1:9C:7A:B6[root@localhost requests]# pwd/var/lib/puppet/ssl/ca/requests[root@localhost requests]# puppet cert --sign "agent1"（授权）Notice: Signed certificate request for agent1Notice: Removing file Puppet::SSL::CertificateRequest agent1 at '/var/lib/puppet/ssl/ca/requests/agent1.pem'[root@localhost requests]# ls[root@localhost requests]# cd ..[root@localhost ca]# lsca_crl.pem  ca_crt.pem  ca_key.pem  ca_pub.pem  inventory.txt  private  requests  serial  signed[root@localhost ca]# cd signed/（在已授权目录下找到了agent1，现在可以互相通信了）[root@localhost signed]# lsagent1.pem  master.localdomain.pem来个问题：如果有好几十台机器请求认证授权，服务器怎么办？当然：puppet cert --sign - -all  （允许所有机器连接我）可以解决但是：我想要服务器通过了自定义的格式自动授权通过定义的节点怎么办？[root@localhost signed]# vim /etc/puppet/puppet.conf [master]       certname=master.localdomain       autosign=true  （添加参数，开启自动授权）       autosign=/etc/puppet/autosign.conf  （自定义格式文件存放位置）[root@localhost signed]# vim /etc/puppet/autosign.conf           *.1    （这里自定义，这个*.1的意思是必须以.1结尾的文件，我自动授权）[root@localhost signed]# systemctl restart puppetmaster（重启）如果非正常退出节点，再次启动客户端可能会出现一种进程锁的报错，删掉文件重启即可。配置文件/etc/puppet/manifests/site.pp （全局入口文件，每次同步最先查找的文件。）ansible安装服务端yum install -y ansible[root@localhost ansible]# ssh-keygen Generating public/private rsa key pair.Enter file in which to save the key (/root/.ssh/id_rsa): Created directory '/root/.ssh'.Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa.Your public key has been saved in /root/.ssh/id_rsa.pub.The key fingerprint is:ba:6c:15:b5:ec:54:11:7e:01:3f:8d:46:5f:9e:b3:6d root@master.localdomainThe key's randomart image is:+--[ RSA 2048]----+|            ++o .||          ...o *o||         o o. *o+||        . +  o .+||        S+     .E||       .. .    . ||      ..         ||     ...         ||     .o          |+-----------------+[root@localhost ansible]# cd /root/.ssh/[root@localhost .ssh]# lsid_rsa  id_rsa.pub   （生成公钥私钥）[root@localhost .ssh]# ssh-copy-id root@192.168.1.4（将公钥写入到1.4/root/.ssh/authorized_keys）[root@localhost ansible]# vim /etc/ansible/ansible.cfg private_key_file = /root/.ssh/id_rsa  (指定私钥存放路径）[root@localhost ansible]# vim /etc/ansible/hosts [servers]192.168.1.4 （定义主机组）[root@localhost ansible]# ansible servers -m ping （基本的ping测试）192.168.1.4 | SUCCESS => {    "changed": false,     "ping": "pong"}

ok。。