puppet在自动化配置管理方面有很强大的优势,这里就不做过多介绍了,下面记录下几个简单的puppet管理配置:
一、首先在服务端和客户端安装puppet和facter
1)服务端 安装Puppet Labs # rpm -ivh http://yum.puppetlabs.com/el/6.5/products/x86_64/puppetlabs-release-6-12.noarch.rpm 安装Puppet和facter # yum install puppet puppet-server facter 2)客户端 安装Puppet Labs # rpm -ivh http://yum.puppetlabs.com/el/6.5/products/x86_64/puppetlabs-release-6-12.noarch.rpm 安装Puppet和facter # yum install puppet facter
二、puppet配置及证书签收
1)客户端和服务端分别做host主机映射(或者做内网DNS解析)
192.168.1.10 puppet01.wang.com #服务端
192.168.1.11 puppet02.wang.com #客户端
2)在客服端的puppet.conf配置文件里
[root@puppet02 ~]# cat /etc/puppet/puppet.conf
[main]
server=puppet01.wang.com
......
3)分别启动puppet服务(注意服务端和客户端的iptables防火墙最好关闭,如果开启的话,要记得开放puppet端口8140的访问)
服务端
[root@puppet01 ~]# /etc/init.d/puppetmaster start
客服端
[root@puppet02 ~]# /etc/init.d/puppet start
4)自动注册证书配置
服务端
[root@puppet01 ~]# cat /etc/puppet/puppet.conf
[main]
......
autosign = true
autosign = /etc/puppet/autosign.conf
[root@puppet01 ~]# cat /etc/puppet/autosign.conf #创建自动注册配置文件,下面表示对所有主机的注册进行签收
*
[root@puppet01 ~]# /etc/init.d/puppetmaster restart
客户端进行注册
[root@puppet02 ~]# puppet agent --test --server=puppet01.wang.com
Notice: Ignoring --listen on onetime run
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for puppet02.wang.com
Info: Applying configuration version '1501320900'
Notice: Finished catalog run in 0.42 seconds
服务端发现已经自动签收了证书
[root@puppet01 ~]# puppet cert --list --all
+ "puppet01.wang.com" (SHA256) 3E:99:64:73:14:D5:BA:01:62:2F:53:62:A6:07:55:AB:BA:BE:70:6E:7E:60:7A:81:41:10:63:78:C0:FD:E4:56 (alt names: "DNS:puppet", "DNS:puppet.wang.com", "DNS:puppet01.wang.com")
+ "puppet02.wang.com" (SHA256) A4:EF:73:62:3A:DD:F9:2E:E4:12:8F:2E:AE:90:96:43:95:7A:4C:9F:38:02:44:B7:81:C5:08:B5:16:95:42:0B
三、puppet自动化管理配置
在puppet master服务端进行puppet管理条目的配置,配置好之后,这些条目会被发送到puppet agent节点机器上,并被应用到agent节点机器上(即puppet master的"推"操作)。如果agent节点机器以守护进程方式运行,
它会默认每隔30分钟连接一次,并检查自己所在主机的配置是否发生了变化或者增加了新的配置。可以通过修改agent上/etc/puppet/puppet.conf文件中的runinterval项来修改这个时间间隔,比如修改时间间隔为1小时
"runinterval = 3600"。同时,agent节点机器也可以通过cron进行定时任务的主动连接(即puppet agent的"拉"操作),
结合master和agent的一"推"一"拉"的操作。
1)在puppet master端进行配置
[root@puppet01 puppet]# ll
total 36
-rw-r--r-- 1 root root 4178 Jul 29 16:25 auth.conf
-rw-r--r-- 1 root root 2 Jul 29 16:25 autosign.conf
drwxr-xr-x 3 root root 4096 Jul 29 16:25 environments
-rw-r--r-- 1 root root 1462 Jul 29 16:25 fileserver.conf
drwxr-xr-x 2 root root 4096 Jul 29 17:22 manifests
drwxr-xr-x 13 root root 4096 Jul 29 17:03 modules
-rw-r--r-- 1 root root 915 Jul 29 16:25 puppet.conf
先创建模块可以手动创建,也可以通过命令创建,不过要修改模块名称。
[root@puppet01 puppet]# cd modules/
[root@puppet01 modules]# puppet module generate propupet-ssh #命令行创建模块的命令。模块名称格式"puppet-模块名""
[root@puppet01 modules]# mv propupet-ssh ssh #修改为ssh模块
或者手动创建模块
[root@puppet01 modules]# mkdir ssh #不过还要手动创建模块下的目录结构
[root@puppet01 modules]# mkdir ssh/files #保存模块需要用到的文件
[root@puppet01 modules]# mkdir ssh/manifests #puppet配置文件的存放目录
[root@puppet01 modules]# mkdir ssh/templates #保存模块中用到的模板
modules模块配置好之后,要在/etc/puppet/manifests/site.pp清单文件中进行引用(如下最后会提到)。
2)参考下面几个模块的配置:
[root@puppet01 modules]# pwd
/etc/puppet/modules
--------------------ssh安装管理模块--------------------
[root@puppet01 manifests]# cd /etc/puppet/modules/ssh
[root@puppet01 ssh]# cd manifests/
[root@puppet01 manifests]# ls
config.pp init.pp install.pp service.pp
[root@puppet01 manifests]# cat init.pp
class ssh {
class { '::ssh::install':} ->
class { '::ssh::config':} ->
class { '::ssh::service':} ->
Class['ssh']
}
[root@puppet01 manifests]# cat install.pp
class ssh::install {
package { "openssh": #安装包名为openssh
ensure => present, #保证该包被安装
}
}
[root@puppet01 manifests]# cat config.pp
class ssh::config {
file { "/etc/ssh/sshd_config": #ssh诸如端口、用户名、密码登录的控制都可以事先放在模块的files下的sshd_config文件了,然后利用puppet同步到目标机器上。修改后会自动重启sshd(service类里会自动重启)
ensure => present,
owner => 'root',
group => 'root',
mode => 0600,
source => "puppet:///modules/ssh/sshd_config", #即sshd_config文件存放在/etc/puppet/modules/ssh/files目录下。注意files目录不写在路径中。
require => Class["ssh::install"], #该文件资源存在的前提条件
notify => Class["ssh::service"], #该文件资源存在后通知ssh::service类
}
}
[root@puppet01 manifests]# cat service.pp
class ssh::service {
service { "sshd":
ensure => running,
hasstatus => true,
hasrestart =>true,
enable => true,
require => Class["ssh::config"],
}
}
[root@puppet01 manifests]# ls ../files/sshd_config
../files/sshd_config
--------------------DNS配置管理--------------------
[root@puppet ~]# cd /etc/puppet/modules/dns/
[root@puppet dns]# ls
files manifests
[root@puppet dns]# cd manifests/
[root@puppet manifests]# ls
config.pp init.pp restart.pp setup.pp
[root@puppet manifests]# cat init.pp
class dns {
include dns::config
include dns::setup
include dns::restart
}
[root@puppet manifests]# cat config.pp
class dns::config {
file { "/etc/named":
ensure => directory,
source => "puppet:///modules/dns/pro-dns/DNS/etc/named",
recurse => true,
}
file { "/var/named":
ensure => directory,
source =>"puppet:///modules/dns/pro-dns/DNS/var/named",
recurse => true,
}
}
[root@puppet manifests]# cat setup.pp
class dns::setup {
exec {"Set permissions of etc-named":
cwd => "/etc",
command => "/bin/chown -R root.named named",
path =>["/usr/bin:/usr/sbin:/bin:/sbin"],
require => Class["dns::config"],
}
exec {"Set permissions of var-named":
cwd => "/var",
command => "/bin/chown -R root.named named && /bin/chown -R named.named named/data/",
path =>["/usr/bin:/usr/sbin:/bin:/sbin"],
require => Class["dns::config"],
}
}
[root@puppet manifests]# cat restart.pp
class dns::restart {
exec {"restart named service":
command => "service named restart",
path => ["/usr/bin:/usr/sbin:/bin:/sbin"],
require => Class["dns::config"],
}
}
files目录下存放的是DNS的配置文件和正反向解析文件(可以放到gitlab的pro-dns项目的DNS目录下,通过git clone下载)
[root@puppet manifests]# cd ../files/
[root@puppet files]# ls
pro-dns
[root@puppet files]# ls pro-dns/DNS/
etc var
[root@puppet files]# ls pro-dns/DNS/etc/named/
named.conf
[root@puppet files]# ls pro-dns/DNS/var/named/
192.168.10.zone 192.168.16.zone 192.168.32.zone 192.168.33.zone 192.168.34.zone 192.168.64.zone 192.168.8.zone wangshibo.cn
--------------------java7安装管理模块--------------------
[root@puppet01 java7]# cd manifests/
[root@puppet01 manifests]# ls
init.pp install.pp
[root@puppet01 manifests]# cat init.pp
class java7 {
include java7::install
}
[root@puppet01 manifests]# cat install.pp
class java7::install {
file { "/data/software/java-jdk7_install.sh": #文件资源
source => "puppet:///modules/java7/java-jdk7_install.sh",
owner => root,
group => root,
mode => 0755
}
exec { "install jdk": #命令资源
cwd => "/data/software",
command => "/bin/bash java-jdk7_install.sh",
user => "root",
group => "root",
path =>["/usr/bin:/usr/sbin:/bin:/sbin"],
creates =>"/usr/java/jdk1.7.0_80", #当/usr/java/jdk1.7.0_80文件存在时,不执行该命令。只有当不存在时执行!
require =>File["/data/software/java-jdk7_install.sh"] #该命令资源执行的前提条件
}
}
[root@puppet01 manifests]# cd ../files/
[root@puppet01 files]# ll
total 4
-rwxr-xr-x 1 root root 756 Jul 29 16:25 java-jdk7_install.sh
[root@puppet01 files]# cat java-jdk7_install.sh
#!/bin/bash
/bin/rpm -qa|grep jdk|xargs rpm -e
# install jdk7
/bin/rpm -ivh http://yum.wang.com/software/jdk-7u80-linux-x64.rpm
# set env
NUM=`cat /etc/profile|grep "JAVA_HOME"|wc -l`
JDK=`cat /etc/profile|grep "JAVA_HOME="|cut -d"=" -f2|awk -F"/" '{print $4}'`
if [ $NUM -ne 0 ];then
/bin/sed -i 's#'$JDK'#jdk1.7.0_80#g' /etc/profile
else
echo "JAVA_HOME=/usr/java/jdk1.7.0_80" >> /etc/profile
echo "JAVA_BIN=/usr/java/jdk1.7.0_80/bin" >> /etc/profile
echo "PATH=/usr/lib64/qt-3.3/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin:/bin" >> /etc/profile
echo "CLASSPATH=.:/lib/dt.jar:/lib/tools.jar" >> /etc/profile
echo "export JAVA_HOME JAVA_BIN PATH CLASSPATH" >> /etc/profile
fi
source /etc/profile
--------------------java8安装管理模块--------------------
[root@puppet01 files]# cd /etc/puppet/modules/java8
[root@puppet01 java8]# ls
files manifests
[root@puppet01 java8]# cd manifests/
[root@puppet01 manifests]# ls
init.pp install.pp
[root@puppet01 manifests]# cat init.pp
class java8 {
include java8::install
}
[root@puppet01 manifests]# cat install.pp
class java8::install {
file { "/data/software/java-jdk8_install.sh":
source => "puppet:///modules/java8/java-jdk8_install.sh",
owner => root,
group => root,
mode => 0755
}
exec { "install jdk":
cwd => "/data/software",
command => "/bin/bash java-jdk8_install.sh",
user => "root",
group => "root",
path =>["/usr/bin:/usr/sbin:/bin:/sbin"],
creates =>"/usr/java/jdk1.8.0_131",
require =>File["/data/software/java-jdk8_install.sh"]
}
}
[root@puppet01 manifests]# cat ../files/java-jdk8_install.sh
#!/bin/bash
/bin/rpm -qa|grep jdk|xargs rpm -e
# install jdk8 jdk7
/bin/rpm -ivh http://yum.wang.com/software/jdk-8u131-linux-x64.rpm
# set env
NUM=`cat /etc/profile|grep "JAVA_HOME"|wc -l`
JDK=`cat /etc/profile|grep "JAVA_HOME="|cut -d"=" -f2|awk -F"/" '{print $4}'`
if [ $NUM -ne 0 ];then
/bin/sed -i 's#'$JDK'#jdk1.8.0_131#g' /etc/profile
else
echo "JAVA_HOME=/usr/java/jdk1.8.0_131" >> /etc/profile
echo "JAVA_BIN=/usr/java/jdk1.8.0_131/bin" >> /etc/profile
echo "PATH=/usr/lib64/qt-3.3/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin:/bin" >> /etc/profile
echo "CLASSPATH=.:/lib/dt.jar:/lib/tools.jar" >> /etc/profile
echo "export JAVA_HOME JAVA_BIN PATH CLASSPATH" >> /etc/profile
fi
source /etc/profile
--------------------tomcat8安装管理模块--------------------
[root@puppet01 manifests]# cd /etc/puppet/modules/tomcat8/
[root@puppet01 tomcat8]# ls
files manifests
[root@puppet01 tomcat8]# cd manifests/
[root@puppet01 manifests]# ls
init.pp install.pp
[root@puppet01 manifests]# cat init.pp
class tomcat8 {
include tomcat8::install
}
[root@puppet01 manifests]# cat install.pp
class tomcat8::install {
file { "/data/software/apache-tomcat-8.5.15.tar.gz":
source =>"puppet:///modules/tomcat8/apache-tomcat-8.5.15.tar.gz",
owner => "root",
group => "root",
mode => 755
}
exec {"install tomcat":
cwd => "/data/software",
command => "/bin/tar -zvxf apache-tomcat-8.5.15.tar.gz && mv apache-tomcat-8.5.15 /data/tomcat",
user => "root",
group => "root",
path =>["/usr/bin:/usr/sbin:/bin:/sbin"],
creates => "/data/tomcat",
require => File["/data/software/apache-tomcat-8.5.15.tar.gz"]
}
}
[root@puppet01 manifests]# ls ../files/
apache-tomcat-8.5.15.tar.gz
--------------------nginx安装管理模块--------------------
[root@puppet01 manifests]# cd /etc/puppet/modules/nginx/
[root@puppet01 nginx]# ls
files manifests
[root@puppet01 nginx]# cd manifests/
[root@puppet01 manifests]# ls
init.pp install.pp
[root@puppet01 manifests]# cat init.pp
class nginx {
include nginx::install
}
[root@puppet01 manifests]# cat install.pp
class nginx::install {
file { "/data/software/nginx1.10_install.sh":
source =>"puppet:///modules/nginx/nginx1.10_install.sh",
owner => "root",
group => "root",
mode => 755
}
exec {"install nginx":
cwd => "/data/software",
command => "/bin/bash -x nginx1.10_install.sh",
user => "root",
group => "root",
path =>["/usr/bin:/usr/sbin:/bin:/sbin"],
creates => "/data/nginx/conf/nginx.conf",
require => File["/data/software/nginx1.10_install.sh"]
}
}
[root@puppet01 manifests]# cat ../files/nginx1.10_install.sh
#!/bin/bash
#基础环境准备
/usr/sbin/groupadd -r nginx
/usr/sbin/useradd -r -g nginx -s /bin/false -M nginx
/usr/bin/yum install -y pcre pcre-devel openssl openssl-devel gcc
#编译安装nginx1.10
cd /data/software/
/usr/bin/wget http://yum.wang.com/software/nginx-1.10.3.tar.gz
/bin/tar -zvxf nginx-1.10.3.tar.gz
cd nginx-1.10.3
./configure --prefix=/data/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_flv_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre
make && make install
#配置nginx
cp /data/nginx/conf/nginx.conf /data/nginx/conf/nginx.conf.bak
> /data/nginx/conf/nginx.conf
cat > /data/nginx/conf/nginx.conf << EOF
user nobody;
worker_processes 8;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
events {
worker_connections 65535;
}
http {
server_tokens off;
include mime.types;
default_type application/octet-stream;
charset utf-8;
log_format main '$http_x_forwarded_for $remote_addr $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_cookie" $host $request_time';
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
fastcgi_connect_timeout 3000;
fastcgi_send_timeout 3000;
fastcgi_read_timeout 3000;
fastcgi_buffer_size 256k;
fastcgi_buffers 8 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_intercept_errors on;
client_header_timeout 600s;
client_body_timeout 600s;
client_max_body_size 100m;
client_body_buffer_size 256k;
## support more than 15 test environments server_names_hash_max_size 512; server_names_hash_bucket_size 128;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_comp_level 9;
gzip_types text/plain application/x-javascript text/css application/xml text/javascript application/x-httpd-php;
gzip_vary on;
include vhosts/*.conf;
}
EOF
/bin/mkdir /data/nginx/conf/vhosts
cat > /data/nginx/conf/vhosts/test.conf << EOF
server {
listen 80;
server_name localhost;
access_log logs/access.log;
error_log logs/error.log;
location / {
root html;
index index.php index.html index.htm;
}
}
EOF
/data/nginx/sbin/nginx
--------------------motd文件管理模块--------------------
[root@puppet01 manifests]# cd /etc/puppet/modules/motd/
[root@puppet01 motd]# ls
files manifests
[root@puppet01 motd]# cd manifests/
[root@puppet01 manifests]# ls
config.pp init.pp install.pp
[root@puppet01 manifests]# cat init.pp
class motd {
include motd::config
include motd::install
}
[root@puppet01 manifests]# cat install.pp
class motd::install {
package{'setup':
ensure => present,
}
}
[root@puppet01 manifests]# cat config.pp
class motd::config {
file { "/etc/motd":
ensure => present,
owner => "root",
group => "root",
mode => 0644,
source => "puppet:///modules/motd/motd",
require => Class["motd::install"],
}
}
[root@puppet01 manifests]# ls ../files/motd
../files/motd
--------------------dns文件管理模块--------------------
[root@puppet01 manifests]# cd /etc/puppet/modules/dns/
[root@puppet01 dns]# ls
files manifests
[root@puppet01 dns]# cd manifests/
[root@puppet01 manifests]# ls
config.pp init.pp
[root@puppet01 manifests]# cat init.pp
class dns {
include dns::config
}
[root@puppet01 manifests]# cat config.pp
class dns::config {
file { "/etc/resolv.conf":
ensure => present,
owner => "root",
group => "root",
mode => 0644,
source => "puppet:///modules/dns/resolv.conf",
}
}
[root@puppet01 manifests]# cat ../files/resolv.conf
search wang.com
nameserver 192.168.1.27
nameserver 192.168.1.28
--------------------chrony时间同步文件管理模块--------------------
[root@puppet01 manifests]# cd /etc/puppet/modules/chrony/
[root@puppet01 chrony]# ls
files manifests
[root@puppet01 chrony]# cd manifests/
[root@puppet01 manifests]# ls
init.pp install.pp
[root@puppet01 manifests]# cat init.pp
class chrony {
include chrony::install
}
[root@puppet01 manifests]# cat install.pp
class chrony::install {
file { "/data/software/chrony.sh":
source =>"puppet:///modules/chrony/chrony.sh",
owner => "root",
group => "root",
mode => 755
}
exec {"install chrony":
cwd => "/data/software",
command => "/bin/bash -x chrony.sh",
user => "root",
group => "root",
path =>["/usr/bin:/usr/sbin:/bin:/sbin"],
creates => "/etc/chrony.conf",
require => File["/data/software/chrony.sh"]
}
}
[root@puppet01 manifests]# cat ../files/chrony.sh
#!/bin/bash
/etc/init.d/ntpd stop
/usr/bin/yum install chrony -y
cp /etc/chrony.conf /etc/chrony.conf.bak
rm -f /etc/chrony.conf
wget http://yum.wang.com/software/chrony.conf
cp -f chrony.conf /etc/
/etc/init.d/chronyd start
/usr/bin/chronyc sources -v
--------------------yum文件管理模块--------------------
[root@puppet01 manifests]# cd /etc/puppet/modules/yum/
[root@puppet01 yum]# ls
files manifests
[root@puppet01 yum]# cd manifests/
[root@puppet01 manifests]# ls
config.pp init.pp
[root@puppet01 manifests]# cat init.pp
class yum {
include yum::config
}
[root@puppet01 manifests]# cat config.pp
class yum::config {
file { "/data/software/yum.sh":
source => "puppet:///modules/yum/yum.sh",
owner => "root",
group => "root",
mode => 0755,
}
exec { "set yum":
cwd => "/data/software",
command => "/bin/bash yum.sh",
user => "root",
group => "root",
path =>["/usr/bin:/usr/sbin:/bin:/sbin"],
unless => "grep mirrors.wang.com /etc/yum.repos.d/CentOS-Base.repo", #当这个结果为假的时候才执行这个命令。如果结果为真,就停止执行这个命令。
require =>File["/data/software/yum.sh"]
}
}
[root@puppet01 manifests]# cat ../files/yum.sh
#!/bin/bash
rm -f /etc/yum.repos.d/*.repo
wget http://yum.wang.com/software/CentOS-Base.repo -O /etc/yum.repos.d/CentOS-Base.repo
wget http://yum.wang.com/software/epel.repo -O /etc/yum.repos.d/epel.repo
#wget http://yum.wang.com/software/mongodb.repo
yum clean all
yum makecache
--------------------resolv文件管理模块--------------------
[root@puppet ~]# ls /etc/puppet/modules/
chrony dns java7 java8 motd nginx postfix resolv ssh sudo tomcat8 yum
[root@puppet ~]# cd /etc/puppet/modules/resolv/manifests/
[root@puppet manifests]# ls
config.pp init.pp
[root@puppet manifests]# cat init.pp
class resolv {
include resolv::config
}
class resolv01 {
include resolv::dns01
}
class resolv02 {
include resolv::dns02
}
[root@puppet manifests]# cat config.pp
class resolv::config {
file { "/etc/resolv.conf":
source => "puppet:///modules/resolv/resolv.conf",
ensure => "present",
owner => "root",
group => "root",
mode => 0644,
}
}
[root@puppet manifests]# cat ../files/resolv.conf
search wang.com
nameserver 192.168.1.27
nameserver 192.168.1.28
options timeout:1
options attempts:1
--------------------postfix安装管理模块--------------------
[root@puppet01 manifests]# cd /etc/puppet/modules/postfix/
[root@puppet01 postfix]# ls manifests/
config.pp init.pp install.pp service.pp
[root@puppet01 postfix]# ls files/
master.cf
[root@puppet01 postfix]# ls templates/
main.cf.erb
[root@puppet01 postfix]# cat manifests/init.pp
class postfix {
include postfix::install
include postfix::config
include postfix::service
}
[root@puppet01 postfix]# cat manifests/install.pp
class postfix::install {
package { ["postfix","mailx" ]:
ensure => present,
}
}
[root@puppet01 postfix]# cat manifests/config.pp
class postfix::config {
File {
owner => 'postfix',
group => 'postfix',
mode => 0644,
}
file {'/etc/postfix/master.cf':
ensure => present,
source => 'puppet:///modules/postfix/master.cf',
require => Class['postfix::install'],
notify => Class['postfix::service'],
}
file {'/etc/postfix/main.cf':
ensure => present,
content => template('postfix/main.cf.erb'),
require => Class['postfix::install'],
notify => Class['postfix::service'],
}
}
[root@puppet01 postfix]# cat manifests/service.pp
class postfix::service {
service { 'postfix':
ensure => running,
hasstatus => true,
hasrestart => true,
enable => true,
require => Class['postfix::config'],
}
}
[root@puppet01 postfix]# cat templates/main.cf.erb
soft_bounce = no
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
myhostname = <%= @hostname %>
mydomain = <%= @domain %>
myorigin = $mydomain
mydestination = $myhostname,localhost.$mydomain,localhost,$mydomain
unknown_local_recipient_reject_code = 550
relay_domains = $mydestination
smtpd_reject_unlisted_recipient = yes
unverified_recipient_reject_code = 500
smtpd_banner = $myhostname ESMTP
setgid_group = postdrop
[root@puppet01 postfix]# ls files/master.cf
files/master.cf
#注意:模板里的变量通过ERB语法从Facter的fact中获取值。fact的名称放在有<%=和%>组成的ERB括号里,在Puppet运行时,它们将被替代为Fact的实际值(即agent端的实际值)。
--------------------------------------------------------------------------------------------------
然后在/etc/puppet/manifests/site.pp清单文件中引用这些类:
[root@puppet manifests]# cat /etc/puppet/manifests/site.pp
class base {
include chrony
include java8
include tomcat8
include nginx
include yum
include resolv
}
node 'puppet02.bkjk.cn' {
include dns
include yum
}
node 'dns01' {
#include dns
include yum
include ssh
include resolv
}
node 'dns02' {
#include dns
include yum
include ssh
include resolv
}
node 'mirrors' {
include yum
include ssh
include resolv
}
上面的dns01、dns02、mirrors都是通过内网DNS解析的。
[root@puppet manifests]# ping mirrors
PING mirrors.wang.com (192.168.1.240) 56(84) bytes of data.
64 bytes from yum.wang.com (192.168.1.240): icmp_seq=1 ttl=64 time=0.889 ms
......
--------------------------------------------------------------------------------------------------
最后在puppet agent端连接puppet master,进行应用同步管理。
[root@puppet02 ~]# puppet agent --test --server=puppet01.wang.com
Notice: Ignoring --listen on onetime run
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for puppet02.wang.com
Info: Applying configuration version '1501429243'
Notice: /Stage[main]/Chrony::Install/File[/data/software/chrony.sh]/ensure: defined content as '{md5}fe7f9787a7cae33ed0e00c26f880b145'
Notice: /Stage[main]/Chrony::Install/Exec[install chrony]/returns: executed successfully
........
执行成功后,在puppet agent节点机器上进行验证。后续再对这些应用配置进行管理时,只需在puppet master进行维护操作,puppet agent端会自动进行同步管理的。
------------------------------------------------------------------------------------------------------
[root@puppet dns]# puppet agent -t #puppet服务端测试连接
[root@puppet dns]# puppet agent --help
配置说明:
class source::exec2{
exec { "install nginx":
cwd =>"/tmp/rhel5/nginx", #目录存在的情况下执行command
command =>"tar -zxvf nginx-0.8.42.tar.gz && cd nginx-0.8.42 &&./configure --user=nginx --group=nginx --prefix=/usr/local/nginx --without-http-cache && make&&make install",
path => ["/usr/bin","/usr/sbin","/bin","/sbin"],
logoutput => on_failure,
unless => "/bin/ls /usr/local/nginx/conf", #命令返回值不为0的情况下执行commond
require => Class[source::file1,source::user]
notify => Class["source::exec3"],
}
[root@puppet dns]# /bin/ls /data/nginx/conf/nginx.conf
/data/nginx/conf/nginx.conf
[root@puppet dns]# echo $?
0