2.5.2 wazuh管理端安装

在wazuh管理端这台服务器上面导入puppet仓库源，使用yum命令直接就可以安装puppet的客户端。

[root@wazuh-manager ~]# rpm -ivh https://yum.puppetlabs.com/puppet5/puppet5-release-el-7.noarch.rpm
Retrieving https://yum.puppetlabs.com/puppet5/puppet5-release-el-7.noarch.rpm
warning: /var/tmp/rpm-tmp.InT3hA: Header V4 RSA/SHA256 Signature, key ID ef8d349f: NOKEY
Preparing...                          ################################# [100%]
Updating / installing...
   1:puppet5-release-5.0.0-11.el7     ################################# [100%]
   
[root@wazuh-manager ~]# yum -y install puppet-agent
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirrors.163.com
 * epel: hkg.mirror.rackspace.com
 * extras: mirrors.163.com
 * updates: mirrors.163.com
Package puppet-agent-5.5.22-1.el7.x86_64 already installed and latest version
Nothing to do

需要在本地修改hosts文件，将域名指向到自动部署服务器上面。

[root@wazuh-manager ~]# cat /etc/hosts
192.168.1.110 www.autodeploy.com

然后在配置文件上面，添加puppet服务端的域名记录，用于告诉客户端请求服务端的信息。

[root@wazuh-manager ~]# cat /etc/puppetlabs/puppet/puppet.conf 
[main]
server = www.autodeploy.com

puppet服务端默认安装是没有软连接，所以需要设置一个软链接进行快速操作。

[root@wazuh-manager ~]# ln -s /opt/puppetlabs/bin/puppet /bin/

使用以下的命令，将puppet客户端启动起来。

[root@wazuh-manager ~]# puppet resource service puppet ensure=running enable=true
Notice: /Service[puppet]/ensure: ensure changed 'stopped' to 'running'
service { 'puppet':
  ensure => 'running',
  enable => 'true',
}

由于puppet服务端下发任务是周期30分钟，为了看到演示效果，直接在puppet客户端向puppet服务端拖取任务下来，发现没有SSL证书，所以无法进行通信。

[root@wazuh-manager ~]#puppet agent -t
Info: Caching certificate for ca
Info: csr_attributes file loading from /etc/puppetlabs/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for wazuh-manager
Info: Certificate Request fingerprint (SHA256): 2D:EA:DC:6C:9D:30:65:E8:9E:B4:C2:8D:90:DC:EE:13:C3:37:A8:AA:C7:E3:E0:AF:1B:E1:D0:AA:89:E3:DE:0A
Info: Caching certificate for ca
Exiting; no certificate found and waitforcert is disabled

所以需要到自动部署服务器上面批准客户端证书，使用puppet cert list查看客户端证书列表，可以看到有wazuh-manager的证书。

[root@autodeploy manifests]# puppet cert list
Warning: `puppet cert` is deprecated and will be removed in a future release.
   (location: /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application.rb:370:in `run')
  "wazuh-manager" (SHA256) 2D:EA:DC:6C:9D:30:65:E8:9E:B4:C2:8D:90:DC:EE:13:C3:37:A8:AA:C7:E3:E0:AF:1B:E1:D0:AA:89:E3:DE:0A

使用puppet cert sign 主机名称就可以批准（确认）证书的安全性和有效性。

[root@autodeploy manifests]# puppet cert sign wazuh-manager
Warning: `puppet cert` is deprecated and will be removed in a future release.
   (location: /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application.rb:370:in `run')
Signing Certificate Request for:
  "wazuh-manager" (SHA256) 2D:EA:DC:6C:9D:30:65:E8:9E:B4:C2:8D:90:DC:EE:13:C3:37:A8:AA:C7:E3:E0:AF:1B:E1:D0:AA:89:E3:DE:0A
Notice: Signed certificate request for wazuh-manager
Notice: Removing file Puppet::SSL::CertificateRequest wazuh-manager at '/etc/puppetlabs/puppet/ssl/ca/requests/wazuh-manager.pem'

再次在wazuh管理端服务器上面使用命令，就可以看到安装任务正在运行。

[root@wazuh-manager ~]# puppet agent -t
Info: Caching certificate for wazuh-manager
Info: Caching certificate_revocation_list for ca
Info: Caching certificate for wazuh-manager
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
...........................