- Puppet 5 Essentials(Third Edition)
- Martin Alfke Felix Frank
- 430字
- 2021-07-02 18:22:25
The agent's life cycle
In a Puppet-centric workflow, you typically want all changes to the configuration of servers (perhaps even workstations) to originate on the Puppet master and propagate to the agents automatically. Each new machine gets integrated into the Puppet infrastructure with the master at its center, and gets removed during the decommissioning, as shown in the following diagram:
The very first step, generating a key and a certificate signing request is always performed implicitly and automatically at the start of an agent run if no local SSL data exists yet. Puppet creates the required data if no appropriate files are found. There will be a short description on how to trigger this behavior manually later in this section.
The next step is usually the signing of the agent's certificate, which is performed on the master. It is good practice to monitor the pending requests by listing them on the console:
root@puppetmaster# puppet cert list
root@puppetmaster# puppet cert sign '<agent fqdn>'
From this point on, the agent will periodically check with the master to load updated catalogs. The default interval for this is 30 minutes. The agent will perform a run of a catalog each time and check the sync state of all the contained resources. The run is performed for unchanged catalogs as well, because the sync states can change between runs.
Launching this background process can be done manually through a simple command:
root@agent# puppet agent
However, it is preferable to do this through the puppet system service.
When an agent machine is taken out of active service, its certificate should be invalidated. As is customary with SSL, this is done through revocation and cleaning the certificate. The master adds the serial number of the certificate to its certificate revocation list. This list, too, is shared with each agent machine. Revocation is initiated on the master through the puppet cert command:
root@puppetmaster# puppet cert revoke agent
The agent can then no longer use its old certificate:
root@agent# puppet agent --test
Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: SSL_connect SYSCALL returned=5 errno=0 state=unknown state
[...]
Error: Could not retrieve catalog from remote server: SSL_connect SYSCALL returned=5 errno=0 state=unknown state
[...]
- Oracle WebLogic Server 12c:First Look
- Python快樂編程:人工智能深度學習基礎
- Web開發的貴族:ASP.NET 3.5+SQL Server 2008
- GitLab Repository Management
- Mastering Apache Spark 2.x(Second Edition)
- 零基礎學Python網絡爬蟲案例實戰全流程詳解(高級進階篇)
- 數據結構案例教程(C/C++版)
- 新一代SDN:VMware NSX 網絡原理與實踐
- 汽車人機交互界面整合設計
- Xcode 6 Essentials
- Learning iOS Security
- Instant Automapper
- 產品架構評估原理與方法
- 大話代碼架構:項目實戰版
- R語言與網站分析