puppet在自动化配置管理方面有很强大的优势,这里就不做过多介绍了,下面记录下几个简单的puppet管理配置:
一、首先在服务端和客户端安装puppet和facter
1)服务端 安装Puppet Labs # rpm -ivh http://yum.puppetlabs.com/el/6.5/products/x86_64/puppetlabs-release-6-12.noarch.rpm 安装Puppet和facter # yum install puppet puppet-server facter 2)客户端 安装Puppet Labs # rpm -ivh http://yum.puppetlabs.com/el/6.5/products/x86_64/puppetlabs-release-6-12.noarch.rpm 安装Puppet和facter # yum install puppet facter
二、puppet配置及证书签收
1)客户端和服务端分别做host主机映射(或者做内网DNS解析) 192.168.1.10 puppet01.wang.com #服务端 192.168.1.11 puppet02.wang.com #客户端 2)在客服端的puppet.conf配置文件里 [root@puppet02 ~]# cat /etc/puppet/puppet.conf [main] server=puppet01.wang.com ...... 3)分别启动puppet服务(注意服务端和客户端的iptables防火墙最好关闭,如果开启的话,要记得开放puppet端口8140的访问) 服务端 [root@puppet01 ~]# /etc/init.d/puppetmaster start 客服端 [root@puppet02 ~]# /etc/init.d/puppet start 4)自动注册证书配置 服务端 [root@puppet01 ~]# cat /etc/puppet/puppet.conf [main] ...... autosign = true autosign = /etc/puppet/autosign.conf [root@puppet01 ~]# cat /etc/puppet/autosign.conf #创建自动注册配置文件,下面表示对所有主机的注册进行签收 * [root@puppet01 ~]# /etc/init.d/puppetmaster restart 客户端进行注册 [root@puppet02 ~]# puppet agent --test --server=puppet01.wang.com Notice: Ignoring --listen on onetime run Info: Retrieving pluginfacts Info: Retrieving plugin Info: Caching catalog for puppet02.wang.com Info: Applying configuration version '1501320900' Notice: Finished catalog run in 0.42 seconds 服务端发现已经自动签收了证书 [root@puppet01 ~]# puppet cert --list --all + "puppet01.wang.com" (SHA256) 3E:99:64:73:14:D5:BA:01:62:2F:53:62:A6:07:55:AB:BA:BE:70:6E:7E:60:7A:81:41:10:63:78:C0:FD:E4:56 (alt names: "DNS:puppet", "DNS:puppet.wang.com", "DNS:puppet01.wang.com") + "puppet02.wang.com" (SHA256) A4:EF:73:62:3A:DD:F9:2E:E4:12:8F:2E:AE:90:96:43:95:7A:4C:9F:38:02:44:B7:81:C5:08:B5:16:95:42:0B
三、puppet自动化管理配置
在puppet master服务端进行puppet管理条目的配置,配置好之后,这些条目会被发送到puppet agent节点机器上,并被应用到agent节点机器上(即puppet master的"推"操作)。如果agent节点机器以守护进程方式运行, 它会默认每隔30分钟连接一次,并检查自己所在主机的配置是否发生了变化或者增加了新的配置。可以通过修改agent上/etc/puppet/puppet.conf文件中的runinterval项来修改这个时间间隔,比如修改时间间隔为1小时 "runinterval = 3600"。同时,agent节点机器也可以通过cron进行定时任务的主动连接(即puppet agent的"拉"操作), 结合master和agent的一"推"一"拉"的操作。 1)在puppet master端进行配置 [root@puppet01 puppet]# ll total 36 -rw-r--r-- 1 root root 4178 Jul 29 16:25 auth.conf -rw-r--r-- 1 root root 2 Jul 29 16:25 autosign.conf drwxr-xr-x 3 root root 4096 Jul 29 16:25 environments -rw-r--r-- 1 root root 1462 Jul 29 16:25 fileserver.conf drwxr-xr-x 2 root root 4096 Jul 29 17:22 manifests drwxr-xr-x 13 root root 4096 Jul 29 17:03 modules -rw-r--r-- 1 root root 915 Jul 29 16:25 puppet.conf 先创建模块可以手动创建,也可以通过命令创建,不过要修改模块名称。 [root@puppet01 puppet]# cd modules/ [root@puppet01 modules]# puppet module generate propupet-ssh #命令行创建模块的命令。模块名称格式"puppet-模块名"" [root@puppet01 modules]# mv propupet-ssh ssh #修改为ssh模块 或者手动创建模块 [root@puppet01 modules]# mkdir ssh #不过还要手动创建模块下的目录结构 [root@puppet01 modules]# mkdir ssh/files #保存模块需要用到的文件 [root@puppet01 modules]# mkdir ssh/manifests #puppet配置文件的存放目录 [root@puppet01 modules]# mkdir ssh/templates #保存模块中用到的模板 modules模块配置好之后,要在/etc/puppet/manifests/site.pp清单文件中进行引用(如下最后会提到)。 2)参考下面几个模块的配置: [root@puppet01 modules]# pwd /etc/puppet/modules --------------------ssh安装管理模块-------------------- [root@puppet01 manifests]# cd /etc/puppet/modules/ssh [root@puppet01 ssh]# cd manifests/ [root@puppet01 manifests]# ls config.pp init.pp install.pp service.pp [root@puppet01 manifests]# cat init.pp class ssh { class { '::ssh::install':} -> class { '::ssh::config':} -> class { '::ssh::service':} -> Class['ssh'] } [root@puppet01 manifests]# cat install.pp class ssh::install { package { "openssh": #安装包名为openssh ensure => present, #保证该包被安装 } } [root@puppet01 manifests]# cat config.pp class ssh::config { file { "/etc/ssh/sshd_config": #ssh诸如端口、用户名、密码登录的控制都可以事先放在模块的files下的sshd_config文件了,然后利用puppet同步到目标机器上。修改后会自动重启sshd(service类里会自动重启) ensure => present, owner => 'root', group => 'root', mode => 0600, source => "puppet:///modules/ssh/sshd_config", #即sshd_config文件存放在/etc/puppet/modules/ssh/files目录下。注意files目录不写在路径中。 require => Class["ssh::install"], #该文件资源存在的前提条件 notify => Class["ssh::service"], #该文件资源存在后通知ssh::service类 } } [root@puppet01 manifests]# cat service.pp class ssh::service { service { "sshd": ensure => running, hasstatus => true, hasrestart =>true, enable => true, require => Class["ssh::config"], } } [root@puppet01 manifests]# ls ../files/sshd_config ../files/sshd_config --------------------DNS配置管理-------------------- [root@puppet ~]# cd /etc/puppet/modules/dns/ [root@puppet dns]# ls files manifests [root@puppet dns]# cd manifests/ [root@puppet manifests]# ls config.pp init.pp restart.pp setup.pp [root@puppet manifests]# cat init.pp class dns { include dns::config include dns::setup include dns::restart } [root@puppet manifests]# cat config.pp class dns::config { file { "/etc/named": ensure => directory, source => "puppet:///modules/dns/pro-dns/DNS/etc/named", recurse => true, } file { "/var/named": ensure => directory, source =>"puppet:///modules/dns/pro-dns/DNS/var/named", recurse => true, } } [root@puppet manifests]# cat setup.pp class dns::setup { exec {"Set permissions of etc-named": cwd => "/etc", command => "/bin/chown -R root.named named", path =>["/usr/bin:/usr/sbin:/bin:/sbin"], require => Class["dns::config"], } exec {"Set permissions of var-named": cwd => "/var", command => "/bin/chown -R root.named named && /bin/chown -R named.named named/data/", path =>["/usr/bin:/usr/sbin:/bin:/sbin"], require => Class["dns::config"], } } [root@puppet manifests]# cat restart.pp class dns::restart { exec {"restart named service": command => "service named restart", path => ["/usr/bin:/usr/sbin:/bin:/sbin"], require => Class["dns::config"], } } files目录下存放的是DNS的配置文件和正反向解析文件(可以放到gitlab的pro-dns项目的DNS目录下,通过git clone下载) [root@puppet manifests]# cd ../files/ [root@puppet files]# ls pro-dns [root@puppet files]# ls pro-dns/DNS/ etc var [root@puppet files]# ls pro-dns/DNS/etc/named/ named.conf [root@puppet files]# ls pro-dns/DNS/var/named/ 192.168.10.zone 192.168.16.zone 192.168.32.zone 192.168.33.zone 192.168.34.zone 192.168.64.zone 192.168.8.zone wangshibo.cn --------------------java7安装管理模块-------------------- [root@puppet01 java7]# cd manifests/ [root@puppet01 manifests]# ls init.pp install.pp [root@puppet01 manifests]# cat init.pp class java7 { include java7::install } [root@puppet01 manifests]# cat install.pp class java7::install { file { "/data/software/java-jdk7_install.sh": #文件资源 source => "puppet:///modules/java7/java-jdk7_install.sh", owner => root, group => root, mode => 0755 } exec { "install jdk": #命令资源 cwd => "/data/software", command => "/bin/bash java-jdk7_install.sh", user => "root", group => "root", path =>["/usr/bin:/usr/sbin:/bin:/sbin"], creates =>"/usr/java/jdk1.7.0_80", #当/usr/java/jdk1.7.0_80文件存在时,不执行该命令。只有当不存在时执行! require =>File["/data/software/java-jdk7_install.sh"] #该命令资源执行的前提条件 } } [root@puppet01 manifests]# cd ../files/ [root@puppet01 files]# ll total 4 -rwxr-xr-x 1 root root 756 Jul 29 16:25 java-jdk7_install.sh [root@puppet01 files]# cat java-jdk7_install.sh #!/bin/bash /bin/rpm -qa|grep jdk|xargs rpm -e # install jdk7 /bin/rpm -ivh http://yum.wang.com/software/jdk-7u80-linux-x64.rpm # set env NUM=`cat /etc/profile|grep "JAVA_HOME"|wc -l` JDK=`cat /etc/profile|grep "JAVA_HOME="|cut -d"=" -f2|awk -F"/" '{print $4}'` if [ $NUM -ne 0 ];then /bin/sed -i 's#'$JDK'#jdk1.7.0_80#g' /etc/profile else echo "JAVA_HOME=/usr/java/jdk1.7.0_80" >> /etc/profile echo "JAVA_BIN=/usr/java/jdk1.7.0_80/bin" >> /etc/profile echo "PATH=/usr/lib64/qt-3.3/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin:/bin" >> /etc/profile echo "CLASSPATH=.:/lib/dt.jar:/lib/tools.jar" >> /etc/profile echo "export JAVA_HOME JAVA_BIN PATH CLASSPATH" >> /etc/profile fi source /etc/profile --------------------java8安装管理模块-------------------- [root@puppet01 files]# cd /etc/puppet/modules/java8 [root@puppet01 java8]# ls files manifests [root@puppet01 java8]# cd manifests/ [root@puppet01 manifests]# ls init.pp install.pp [root@puppet01 manifests]# cat init.pp class java8 { include java8::install } [root@puppet01 manifests]# cat install.pp class java8::install { file { "/data/software/java-jdk8_install.sh": source => "puppet:///modules/java8/java-jdk8_install.sh", owner => root, group => root, mode => 0755 } exec { "install jdk": cwd => "/data/software", command => "/bin/bash java-jdk8_install.sh", user => "root", group => "root", path =>["/usr/bin:/usr/sbin:/bin:/sbin"], creates =>"/usr/java/jdk1.8.0_131", require =>File["/data/software/java-jdk8_install.sh"] } } [root@puppet01 manifests]# cat ../files/java-jdk8_install.sh #!/bin/bash /bin/rpm -qa|grep jdk|xargs rpm -e # install jdk8 jdk7 /bin/rpm -ivh http://yum.wang.com/software/jdk-8u131-linux-x64.rpm # set env NUM=`cat /etc/profile|grep "JAVA_HOME"|wc -l` JDK=`cat /etc/profile|grep "JAVA_HOME="|cut -d"=" -f2|awk -F"/" '{print $4}'` if [ $NUM -ne 0 ];then /bin/sed -i 's#'$JDK'#jdk1.8.0_131#g' /etc/profile else echo "JAVA_HOME=/usr/java/jdk1.8.0_131" >> /etc/profile echo "JAVA_BIN=/usr/java/jdk1.8.0_131/bin" >> /etc/profile echo "PATH=/usr/lib64/qt-3.3/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin:/bin" >> /etc/profile echo "CLASSPATH=.:/lib/dt.jar:/lib/tools.jar" >> /etc/profile echo "export JAVA_HOME JAVA_BIN PATH CLASSPATH" >> /etc/profile fi source /etc/profile --------------------tomcat8安装管理模块-------------------- [root@puppet01 manifests]# cd /etc/puppet/modules/tomcat8/ [root@puppet01 tomcat8]# ls files manifests [root@puppet01 tomcat8]# cd manifests/ [root@puppet01 manifests]# ls init.pp install.pp [root@puppet01 manifests]# cat init.pp class tomcat8 { include tomcat8::install } [root@puppet01 manifests]# cat install.pp class tomcat8::install { file { "/data/software/apache-tomcat-8.5.15.tar.gz": source =>"puppet:///modules/tomcat8/apache-tomcat-8.5.15.tar.gz", owner => "root", group => "root", mode => 755 } exec {"install tomcat": cwd => "/data/software", command => "/bin/tar -zvxf apache-tomcat-8.5.15.tar.gz && mv apache-tomcat-8.5.15 /data/tomcat", user => "root", group => "root", path =>["/usr/bin:/usr/sbin:/bin:/sbin"], creates => "/data/tomcat", require => File["/data/software/apache-tomcat-8.5.15.tar.gz"] } } [root@puppet01 manifests]# ls ../files/ apache-tomcat-8.5.15.tar.gz --------------------nginx安装管理模块-------------------- [root@puppet01 manifests]# cd /etc/puppet/modules/nginx/ [root@puppet01 nginx]# ls files manifests [root@puppet01 nginx]# cd manifests/ [root@puppet01 manifests]# ls init.pp install.pp [root@puppet01 manifests]# cat init.pp class nginx { include nginx::install } [root@puppet01 manifests]# cat install.pp class nginx::install { file { "/data/software/nginx1.10_install.sh": source =>"puppet:///modules/nginx/nginx1.10_install.sh", owner => "root", group => "root", mode => 755 } exec {"install nginx": cwd => "/data/software", command => "/bin/bash -x nginx1.10_install.sh", user => "root", group => "root", path =>["/usr/bin:/usr/sbin:/bin:/sbin"], creates => "/data/nginx/conf/nginx.conf", require => File["/data/software/nginx1.10_install.sh"] } } [root@puppet01 manifests]# cat ../files/nginx1.10_install.sh #!/bin/bash #基础环境准备 /usr/sbin/groupadd -r nginx /usr/sbin/useradd -r -g nginx -s /bin/false -M nginx /usr/bin/yum install -y pcre pcre-devel openssl openssl-devel gcc #编译安装nginx1.10 cd /data/software/ /usr/bin/wget http://yum.wang.com/software/nginx-1.10.3.tar.gz /bin/tar -zvxf nginx-1.10.3.tar.gz cd nginx-1.10.3 ./configure --prefix=/data/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_flv_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre make && make install #配置nginx cp /data/nginx/conf/nginx.conf /data/nginx/conf/nginx.conf.bak > /data/nginx/conf/nginx.conf cat > /data/nginx/conf/nginx.conf << EOF user nobody; worker_processes 8; #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; events { worker_connections 65535; } http { server_tokens off; include mime.types; default_type application/octet-stream; charset utf-8; log_format main '$http_x_forwarded_for $remote_addr $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_cookie" $host $request_time'; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; fastcgi_connect_timeout 3000; fastcgi_send_timeout 3000; fastcgi_read_timeout 3000; fastcgi_buffer_size 256k; fastcgi_buffers 8 256k; fastcgi_busy_buffers_size 256k; fastcgi_temp_file_write_size 256k; fastcgi_intercept_errors on; client_header_timeout 600s; client_body_timeout 600s; client_max_body_size 100m; client_body_buffer_size 256k; ## support more than 15 test environments server_names_hash_max_size 512; server_names_hash_bucket_size 128; gzip on; gzip_min_length 1k; gzip_buffers 4 16k; gzip_http_version 1.1; gzip_comp_level 9; gzip_types text/plain application/x-javascript text/css application/xml text/javascript application/x-httpd-php; gzip_vary on; include vhosts/*.conf; } EOF /bin/mkdir /data/nginx/conf/vhosts cat > /data/nginx/conf/vhosts/test.conf << EOF server { listen 80; server_name localhost; access_log logs/access.log; error_log logs/error.log; location / { root html; index index.php index.html index.htm; } } EOF /data/nginx/sbin/nginx --------------------motd文件管理模块-------------------- [root@puppet01 manifests]# cd /etc/puppet/modules/motd/ [root@puppet01 motd]# ls files manifests [root@puppet01 motd]# cd manifests/ [root@puppet01 manifests]# ls config.pp init.pp install.pp [root@puppet01 manifests]# cat init.pp class motd { include motd::config include motd::install } [root@puppet01 manifests]# cat install.pp class motd::install { package{'setup': ensure => present, } } [root@puppet01 manifests]# cat config.pp class motd::config { file { "/etc/motd": ensure => present, owner => "root", group => "root", mode => 0644, source => "puppet:///modules/motd/motd", require => Class["motd::install"], } } [root@puppet01 manifests]# ls ../files/motd ../files/motd --------------------dns文件管理模块-------------------- [root@puppet01 manifests]# cd /etc/puppet/modules/dns/ [root@puppet01 dns]# ls files manifests [root@puppet01 dns]# cd manifests/ [root@puppet01 manifests]# ls config.pp init.pp [root@puppet01 manifests]# cat init.pp class dns { include dns::config } [root@puppet01 manifests]# cat config.pp class dns::config { file { "/etc/resolv.conf": ensure => present, owner => "root", group => "root", mode => 0644, source => "puppet:///modules/dns/resolv.conf", } } [root@puppet01 manifests]# cat ../files/resolv.conf search wang.com nameserver 192.168.1.27 nameserver 192.168.1.28 --------------------chrony时间同步文件管理模块-------------------- [root@puppet01 manifests]# cd /etc/puppet/modules/chrony/ [root@puppet01 chrony]# ls files manifests [root@puppet01 chrony]# cd manifests/ [root@puppet01 manifests]# ls init.pp install.pp [root@puppet01 manifests]# cat init.pp class chrony { include chrony::install } [root@puppet01 manifests]# cat install.pp class chrony::install { file { "/data/software/chrony.sh": source =>"puppet:///modules/chrony/chrony.sh", owner => "root", group => "root", mode => 755 } exec {"install chrony": cwd => "/data/software", command => "/bin/bash -x chrony.sh", user => "root", group => "root", path =>["/usr/bin:/usr/sbin:/bin:/sbin"], creates => "/etc/chrony.conf", require => File["/data/software/chrony.sh"] } } [root@puppet01 manifests]# cat ../files/chrony.sh #!/bin/bash /etc/init.d/ntpd stop /usr/bin/yum install chrony -y cp /etc/chrony.conf /etc/chrony.conf.bak rm -f /etc/chrony.conf wget http://yum.wang.com/software/chrony.conf cp -f chrony.conf /etc/ /etc/init.d/chronyd start /usr/bin/chronyc sources -v --------------------yum文件管理模块-------------------- [root@puppet01 manifests]# cd /etc/puppet/modules/yum/ [root@puppet01 yum]# ls files manifests [root@puppet01 yum]# cd manifests/ [root@puppet01 manifests]# ls config.pp init.pp [root@puppet01 manifests]# cat init.pp class yum { include yum::config } [root@puppet01 manifests]# cat config.pp class yum::config { file { "/data/software/yum.sh": source => "puppet:///modules/yum/yum.sh", owner => "root", group => "root", mode => 0755, } exec { "set yum": cwd => "/data/software", command => "/bin/bash yum.sh", user => "root", group => "root", path =>["/usr/bin:/usr/sbin:/bin:/sbin"], unless => "grep mirrors.wang.com /etc/yum.repos.d/CentOS-Base.repo", #当这个结果为假的时候才执行这个命令。如果结果为真,就停止执行这个命令。 require =>File["/data/software/yum.sh"] } } [root@puppet01 manifests]# cat ../files/yum.sh #!/bin/bash rm -f /etc/yum.repos.d/*.repo wget http://yum.wang.com/software/CentOS-Base.repo -O /etc/yum.repos.d/CentOS-Base.repo wget http://yum.wang.com/software/epel.repo -O /etc/yum.repos.d/epel.repo #wget http://yum.wang.com/software/mongodb.repo yum clean all yum makecache --------------------resolv文件管理模块-------------------- [root@puppet ~]# ls /etc/puppet/modules/ chrony dns java7 java8 motd nginx postfix resolv ssh sudo tomcat8 yum [root@puppet ~]# cd /etc/puppet/modules/resolv/manifests/ [root@puppet manifests]# ls config.pp init.pp [root@puppet manifests]# cat init.pp class resolv { include resolv::config } class resolv01 { include resolv::dns01 } class resolv02 { include resolv::dns02 } [root@puppet manifests]# cat config.pp class resolv::config { file { "/etc/resolv.conf": source => "puppet:///modules/resolv/resolv.conf", ensure => "present", owner => "root", group => "root", mode => 0644, } } [root@puppet manifests]# cat ../files/resolv.conf search wang.com nameserver 192.168.1.27 nameserver 192.168.1.28 options timeout:1 options attempts:1 --------------------postfix安装管理模块-------------------- [root@puppet01 manifests]# cd /etc/puppet/modules/postfix/ [root@puppet01 postfix]# ls manifests/ config.pp init.pp install.pp service.pp [root@puppet01 postfix]# ls files/ master.cf [root@puppet01 postfix]# ls templates/ main.cf.erb [root@puppet01 postfix]# cat manifests/init.pp class postfix { include postfix::install include postfix::config include postfix::service } [root@puppet01 postfix]# cat manifests/install.pp class postfix::install { package { ["postfix","mailx" ]: ensure => present, } } [root@puppet01 postfix]# cat manifests/config.pp class postfix::config { File { owner => 'postfix', group => 'postfix', mode => 0644, } file {'/etc/postfix/master.cf': ensure => present, source => 'puppet:///modules/postfix/master.cf', require => Class['postfix::install'], notify => Class['postfix::service'], } file {'/etc/postfix/main.cf': ensure => present, content => template('postfix/main.cf.erb'), require => Class['postfix::install'], notify => Class['postfix::service'], } } [root@puppet01 postfix]# cat manifests/service.pp class postfix::service { service { 'postfix': ensure => running, hasstatus => true, hasrestart => true, enable => true, require => Class['postfix::config'], } } [root@puppet01 postfix]# cat templates/main.cf.erb soft_bounce = no command_directory = /usr/sbin daemon_directory = /usr/libexec/postfix mail_owner = postfix myhostname = <%= @hostname %> mydomain = <%= @domain %> myorigin = $mydomain mydestination = $myhostname,localhost.$mydomain,localhost,$mydomain unknown_local_recipient_reject_code = 550 relay_domains = $mydestination smtpd_reject_unlisted_recipient = yes unverified_recipient_reject_code = 500 smtpd_banner = $myhostname ESMTP setgid_group = postdrop [root@puppet01 postfix]# ls files/master.cf files/master.cf #注意:模板里的变量通过ERB语法从Facter的fact中获取值。fact的名称放在有<%=和%>组成的ERB括号里,在Puppet运行时,它们将被替代为Fact的实际值(即agent端的实际值)。 -------------------------------------------------------------------------------------------------- 然后在/etc/puppet/manifests/site.pp清单文件中引用这些类: [root@puppet manifests]# cat /etc/puppet/manifests/site.pp class base { include chrony include java8 include tomcat8 include nginx include yum include resolv } node 'puppet02.bkjk.cn' { include dns include yum } node 'dns01' { #include dns include yum include ssh include resolv } node 'dns02' { #include dns include yum include ssh include resolv } node 'mirrors' { include yum include ssh include resolv } 上面的dns01、dns02、mirrors都是通过内网DNS解析的。 [root@puppet manifests]# ping mirrors PING mirrors.wang.com (192.168.1.240) 56(84) bytes of data. 64 bytes from yum.wang.com (192.168.1.240): icmp_seq=1 ttl=64 time=0.889 ms ...... -------------------------------------------------------------------------------------------------- 最后在puppet agent端连接puppet master,进行应用同步管理。 [root@puppet02 ~]# puppet agent --test --server=puppet01.wang.com Notice: Ignoring --listen on onetime run Info: Retrieving pluginfacts Info: Retrieving plugin Info: Caching catalog for puppet02.wang.com Info: Applying configuration version '1501429243' Notice: /Stage[main]/Chrony::Install/File[/data/software/chrony.sh]/ensure: defined content as '{md5}fe7f9787a7cae33ed0e00c26f880b145' Notice: /Stage[main]/Chrony::Install/Exec[install chrony]/returns: executed successfully ........ 执行成功后,在puppet agent节点机器上进行验证。后续再对这些应用配置进行管理时,只需在puppet master进行维护操作,puppet agent端会自动进行同步管理的。 ------------------------------------------------------------------------------------------------------ [root@puppet dns]# puppet agent -t #puppet服务端测试连接 [root@puppet dns]# puppet agent --help 配置说明: class source::exec2{ exec { "install nginx": cwd =>"/tmp/rhel5/nginx", #目录存在的情况下执行command command =>"tar -zxvf nginx-0.8.42.tar.gz && cd nginx-0.8.42 &&./configure --user=nginx --group=nginx --prefix=/usr/local/nginx --without-http-cache && make&&make install", path => ["/usr/bin","/usr/sbin","/bin","/sbin"], logoutput => on_failure, unless => "/bin/ls /usr/local/nginx/conf", #命令返回值不为0的情况下执行commond require => Class[source::file1,source::user] notify => Class["source::exec3"], } [root@puppet dns]# /bin/ls /data/nginx/conf/nginx.conf /data/nginx/conf/nginx.conf [root@puppet dns]# echo $? 0