zoukankan      html  css  js  c++  java

  • Puppet安装配置

    Puppet安装配置

    官方网站:


    环境:
    CentOS7.2
    puppet-3.8.7

    yum安装

    服务端node5.example.com
    yum -y install puppet-server
    systemctl start puppetmaster
    systemctl enable puppetmaster
    客户端node6.example.com
    yum -y install puppet
    systemctl start puppet
    systemctl enable puppet

    一.客户端注册
    1./etc/puppet/puppet.conf中指定puppet server
    在[agent]段添加

    server = node5.example.com

    2.重启puppet agent

    systemctl restart puppet

    3.生成证书请求文件csr,并发送给puppet server

    [root@node6 ~]# puppet agent -t

    Exiting; no certificate found and waitforcert is disabled

    4.puppet server签发(sign)

    [root@node5 ~]# puppet cert list --all

      "node6.example.com" (SHA256) DD:C7:16:3A:BE:C9:F1:44:C1:76:21:60:57:15:EF:ED:1E:97:BC:FE:43:A3:45:4D:32:D9:9A:E6:E0:CE:3E:A7

    + "node5.example.com" (SHA256) 4D:C2:73:E8:97:3D:11:1F:D5:43:D6:DA:91:DE:9D:2C:87:0B:39:E9:46:1F:23:B2:4E:0A:01:E7:44:DE:1A:8E (alt names: "DNS:node5.example.com", "DNS:puppet", "DNS:puppet.example.com")

    [root@node5 ~]# puppet cert sign node6.example.com

    Notice: Signed certificate request for node6.example.com

    Notice: Removing file Puppet::SSL::CertificateRequest node6.example.com at '/var/lib/puppet/ssl/ca/requests/node6.example.com.pem'

    5.从puppet server下载签发好的证书,注册完成

    [root@node6 ~]# puppet agent -t

    Exiting; no certificate found and waitforcert is disabled

    [root@node6 ~]# puppet agent -t

    Info: Caching certificate for node6.example.com

    Info: Caching certificate_revocation_list for ca

    Info: Caching certificate for node6.example.com

    Warning: Unable to fetch my node definition, but the agent run will continue:

    Warning: undefined method `include?' for nil:NilClass

    Info: Retrieving pluginfacts

    Info: Retrieving plugin

    Info: Caching catalog for node6.example.com

    Info: Applying configuration version '1477232225'

    Info: Creating state file /var/lib/puppet/state/state.yaml

    Notice: Finished catalog run in 0.01 seconds

    第一次run会出现Warning


    删除客户端证书

    puppet cert clean node6.example.com

    puppet cert clean --all #删除所有证书,包括puppet server本身


    二.配置管理

    http://puppet.wikidot.com

    说明:puppet默认会从site.pp开始执行,.pp配置定义完成后,客户端即时生效需要在客户端执行puppet agent -t

    1.创建根pp文件---site.pp

    touch /etc/puppet/manifests/site.pp

    2.用户组

    cat >>/etc/puppet/manifests/group.pp <<'EOF'

    group{'test':

            gid => 2000,

            ensure => present,

    }

    group{'testgroup1':

            gid => 2001,

            ensure => present,

    }

    group{'testgroup2':

            gid => 2002,

            ensure => present,

    }

    EOF

    cat >>/etc/puppet/manifests/site.pp <<'EOF'

    import 'group.pp'

    EOF

    3.用户

    cat >>/etc/puppet/manifests/user.pp <<'EOF'

    $testgroup=['testgroup1','testgroup2']

    user{'test':

            ensure => present,

            #ensure => absent,

            uid => 2000,

            gid => 2000,

            groups => $testgroup,

            comment => 'test user',             password => '$6$zY6UhOtQ$IcTmGUMZ/4okmiYjnYe0WmjZe74tlbR0a5uJhP5wI8JdE6Zh6busaePmRLKjC1ikS.oCOIQ2EEfg57uRuwttP.',

            shell => '/bin/bash',

            home => '/home/test',

            managehome => true,

    }

    EOF

    cat >>/etc/puppet/manifests/site.pp <<'EOF'

    import 'user.pp'

    EOF

    提示:password的值必需是hash过的,如/etc/shadow中的password段

    4.计划任务

    cat >>/etc/puppet/manifests/cron.pp <<'EOF'

    cron 'ntpdate':

            command=>'/usr/sbin/ntpdate pool.ntp.org',

            user => 'root',

            minute => '*/5',

    }

    EOF

    cat >>/etc/puppet/manifests/site.pp <<'EOF'

    import 'cron.pp'

    EOF

    5.exec & file(dir)

    http://puppet.wikidot.com/file

    cat >>/etc/puppet/manifests/exec.pp <<'EOF'

    $PATH=['/bin','/sbin','/usr/bin','/usr/sbin','/usr/local/bin','usr/local/sbin']

    file {'/root/test.sh':

            content => 'echo "hello word">/tmp/test_puppet.txt',

            mode => 0755,

    }

    file {'/var/www/html/dedemcs':

            source => 'puppet:///modules/lamp/dedecms',

            recurse => true,

            owner => 'apache',

            group => 'apache',

    }

    exec '/root/test.sh':

            cwd => '/root'       

            user => 'root',

            path => $PATH,

    }

    EOF

    cat >>/etc/puppet/manifests/site.pp <<'EOF'

    import 'exec.pp'

    EOF

    感觉puppet同步目录的效率不尽人意,可以考虑rsync

    [root@node6 ~]# ls -ld /var/www/html/dedemcs/

    drwxr-xr-x. 14 apache apache 4096 10月 23 20:46 /var/www/html/dedemcs/

    6.类和子类

    i.定义类

    mkdir -p /etc/puppet/modules/lamp/{manifests,files}

    cat >>/etc/puppet/modules/lamp/manifests/init.pp <<'EOF'

    class lamp::mariadb {

            $mariadb_packages = ['mariadb-server','mariadb']

            package {$mariadb_packages:ensure => installed}

            service {'mariadb'ensure => 'running',enable => true}

    }

    class lamp::php {

            $php_packages = ['php','php-mysql','php-gd','php-mbstring']

            package {$php_packages:ensure => installed}

    }

    class lamp::httpd {

            package {'httpd'ensure => installed}

            file {'/etc/httpd/conf/httpd.conf'source => 'puppet:///modules/lamp/httpd.conf',notify => Service[httpd]}

            file {'/var/www/html/index.html'source => 'puppet:///modules/lamp/index.html'}

            service {'httpd'ensure=>'running',enable => true}

            Package['httpd']->File['/etc/httpd/conf/httpd.conf']~>Service['httpd']

            Package['httpd']~>Service['httpd']

    }

    class lamp::mariadb-sub inherits lamp::mariadb {

            $PATH=['/bin','/sbin','/usr/bin','/usr/sbin','/usr/local/bin','usr/local/sbin']

            exec {'mariadb-test':

                    command => 'mysql -uroot -e "DROP DATABASE IF EXISTS test;"',

                    user => 'root',

                    path => $PATH,

            }

    }

    EOF

    ii.引用类

    cat >>/etc/puppet/manifests/node6.pp <<'EOF'

    node 'node6.example.com' {

            include lamp::mariadb-sub

            include lamp::php

            include lamp::httpd

    }

    EOF

    cat >>/etc/puppet/manifests/site.pp <<'EOF'

    import 'node6.pp'

    EOF

    说明:class名默认为/etc/puppet/modules下面的目录名,如上,我定义了一个叫lamp的class

    首先需要在/etc/puppet/modules下创建lamp/{maniffests,files}目录

    再定义class内容/etc/puppet/modules/lamp/manifests/init.pp, init.pp名字也是默认的,引用类时只需要include对应类的名字即可。这里定义了3个父类一个子类,是否有意义暂且不谈,这里只描述下子类继承的概念。

    notify => Service[httpd] 参数可以通知puppet agent,当服务配置发生变更时自动重载对应服务,非常实用。


    [root@node6 ~]# puppet agent -t

    Info: Retrieving pluginfacts

    Info: Retrieving plugin

    Info: Loading facts

    Info: Caching catalog for node6.example.com

    Info: Applying configuration version '1477223265'

    Notice: /Stage[main]/Main/Exec[/root/test.sh]/returns: executed successfully

    Notice: /Stage[main]/Lamp::Mariadb-sub/Exec[mariadb-test]/returns: executed successfully

    Notice: Finished catalog run in 0.37 seconds

    7.定义

    http://puppet.wikidot.com/intro



    补充

    安装模块

    puppet module install puppetlabs-apache

    [root@node5 manifests]# puppet module install puppetlabs-apache

    Notice: Preparing to install into /etc/puppet/modules ...

    Notice: Downloading from https://forgeapi.puppetlabs.com ...

    Notice: Installing -- do not interrupt ...

    /etc/puppet/modules

    └─┬ puppetlabs-apache (v1.10.0)

      ├── puppetlabs-concat (v2.2.0)

      └── puppetlabs-stdlib (v4.13.1)



    三.WebUI

    以foreman为例:

    请参看Foreman安装配置

    另puppetdashboard,见

    http://puppet.wikidot.com/puppetdashboard
  • 相关阅读:
    WebService基于SoapHeader实现安全认证
    js中SetInterval与setTimeout用法
    Fiddler 教程
    jQuery 的 serializeArray()、serialize() 方法
    Javascript中Array.prototype.map()详解
    MS DOS 命令大全
    Chrome的JS调试工具
    jquery插件之DataTables 参数介绍
    C#中的Params、ref、out的区别
    C#记录日志、获取枚举值 等通用函数列表
  • 原文地址:https://www.cnblogs.com/lixuebin/p/10814003.html
Copyright © 2011-2022 走看看