主机配置:
主机名 IP(Static) 系统 配置 角色
puppetserver 192.168.20.20 CentOS-6.5-x86_64-minimal 2CPU,2G,50G,1网卡 server
puppetclient 192.168.20.21 CentOS-6.5-x86_64-minimal 2CPU,2G,50G,1网卡 agent
puppetserver:
1.puppet安装:
(1).配置hosts文件:
[root@puppetserver ~]# vi /etc/hosts
1 2 3 4 | 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4::1 localhost localhost.localdomain localhost6 localhost6.localdomain6192.168.20.20 puppetserver.chensh.net192.168.20.21 puppetclient.chensh.net |
(2).添加yum源:
添加epel源:
[root@puppetserver ~]# rpm -Uvh http://mirrors.sohu.com/fedora-epel/6/x86_64/epel-release-6-8.noarch.rpm
添加puppet源:
[root@puppetserver ~]# rpm -Uvh http://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-11.noarch.rpm
(3).安装puppet-server:
[root@puppetserver ~]# yum -y install puppet-server
(4).开启puppet服务:
[root@puppetserver ~]# chkconfig puppetmaster on
[root@puppetserver ~]# service puppetmaster start
(5).打开防火墙puppet端口:
[root@puppetserver ~]# iptables -I INPUT -p tcp --dport 8140 -j ACCEPT
(6).编辑puppet.conf文件:
[root@puppetserver ~]# vi /etc/puppet/puppet.conf
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 | [main] # The Puppet log directory. # The default value is '$vardir/log'. logdir = /var/log/puppet # Where Puppet PID files are kept. # The default value is '$vardir/run'. rundir = /var/run/puppet # Where SSL certificates are kept. # The default value is '$confdir/ssl'. ssldir = $vardir/ssl server = puppetserver.chensh.net [agent] # The file in which puppetd stores a list of the classes # associated with the retrieved configuratiion. Can be loaded in # the separate ``puppet`` executable using the ``--loadclasses`` # option. # The default value is '$confdir/classes.txt'. classfile = $vardir/classes.txt # Where puppetd caches the local configuration. An # extension indicating the cache format is added automatically. # The default value is '$confdir/localconfig'. localconfig = $vardir/localconfig |
2.Unicron安装:
(1).安装ruby、gcc....2.安装Unicron:
[root@puppetserver ~]# yum install make gcc ruby-devel
(2).安装unicron gem:
[root@puppetserver ~]# gem install unicorn rack
(3).安装拷贝config.ru:
[root@puppetserver ~]# cp -a /usr/share/puppet/ext/rack/config.ru /etc/puppet/
(4).配置unicron:
[root@puppetserver ~]# vi /etc/puppet/unicorn.conf
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 | worker_processes 8 working_directory "/etc/puppet" listen '/var/run/puppet/puppetmaster_unicorn.sock', :backlog => 512 timeout 120 pid "/var/run/puppet/puppetmaster_unicorn.pid" preload_app true if GC.respond_to?(:copy_on_write_friendly=) GC.copy_on_write_friendly = true end before_fork do |server, worker| old_pid = "#{server.config[:pid]}.oldbin" if File.exists?(old_pid) && server.pid != old_pid begin Process.kill("QUIT", File.read(old_pid).to_i) rescue Errno::ENOENT, Errno::ESRCH # someone else did our job for us end end end |
[root@puppetserver ~]# cd /etc/puppet ; unicorn -c unicorn.conf
(5).测试unicron运行:
|
(6).添加Unicron启停脚本:
[root@puppetserver ~]# vi /etc/init.d/puppets-unicron
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 | #!/bin/bash# unicorn-puppetlockfile=/var/lock/puppetmaster-unicornpidfile=/var/run/puppet/puppetmaster_unicorn.pid RETVAL=0DAEMON=/usr/bin/unicornDAEMON_OPTS="-D -c /etc/puppet/unicorn.conf" start() { sudo -u $USER $DAEMON $DAEMON_OPTS RETVAL=$? [ $RETVAL -eq 0 ] && touch "$lockfile" echo return $RETVAL} stop() { sudo -u $USER kill `cat $pidfile` RETVAL=$? echo [ $RETVAL -eq 0 ] && rm -f "$lockfile" return $RETVAL} restart() { stop sleep 1 start RETVAL=$? echo [ $RETVAL -ne 0 ] && rm -f "$lockfile" return $RETVAL} condrestart() { status RETVAL=$? [ $RETVAL -eq 0 ] && restart} status() { ps ax | egrep -q "unicorn (worker|master)" RETVAL=$? return $RETVAL} usage() { echo "Usage: $0 {start|stop|restart|status|condrestart}" >&2 return 3} case "$1" in start) start ;; stop) stop ;; restart) restart ;; condrestart) condrestart ;; status) status ;; *) usage ;;esac exit $RETVAL |
(7).修改puppets-unicron执行权限:
[root@puppetserver ~]# chmod 755 /etc/init.d/puppets-unicron
(8).启动puppets-unicron服务:
[root@puppetserver ~]# /etc/init.d/puppets-unicron start
(9).确认puppets-unicron运行状态:
[root@puppetserver ~]# ps -ef | grep unicron
1 2 3 4 5 6 7 8 9 10 | puppet 2628 1 0 15:06 ? 00:00:01 unicorn master -D -c /etc/puppet/unicorn.conf puppet 2636 2628 0 15:06 ? 00:00:00 unicorn worker[0] -D -c /etc/puppet/unicorn.conf puppet 2637 2628 0 15:06 ? 00:00:00 unicorn worker[1] -D -c /etc/puppet/unicorn.conf puppet 2638 2628 0 15:06 ? 00:00:00 unicorn worker[2] -D -c /etc/puppet/unicorn.conf puppet 2639 2628 0 15:06 ? 00:00:00 unicorn worker[3] -D -c /etc/puppet/unicorn.conf puppet 2640 2628 0 15:06 ? 00:00:00 unicorn worker[4] -D -c /etc/puppet/unicorn.conf puppet 2641 2628 0 15:06 ? 00:00:00 unicorn worker[5] -D -c /etc/puppet/unicorn.conf puppet 2642 2628 0 15:06 ? 00:00:00 unicorn worker[6] -D -c /etc/puppet/unicorn.conf puppet 2643 2628 0 15:06 ? 00:00:00 unicorn worker[7] -D -c /etc/puppet/unicorn.conf root 2767 1492 0 15:28 pts/1 00:00:00 grep unicron |
3.Nginx安装:
(1).yum nginx:
[root@puppetserver ~]# yum -y install nginx
(2).配置nginx:
[root@puppetserver ~]# vi /etc/nginx/nginx.conf
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 | # For more information on configuration, see:# * Official English Documentation: http://nginx.org/en/docs/# * Official Russian Documentation: http://nginx.org/ru/docs/ user nginx;worker_processes 8; error_log /var/log/nginx/error.log;#error_log /var/log/nginx/error.log notice;#error_log /var/log/nginx/error.log info; pid /var/run/nginx.pid; events { worker_connections 1024;} http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; #gzip on; # Load config files from the /etc/nginx/conf.d directory # The default server is in conf.d/default.conf include /etc/nginx/conf.d/*.conf; } |
[root@puppetserver ~]# vi /etc/nginx/conf.d/puppets-unicorn.conf
[root@puppetserver ~]# mv /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf_bak
|
(3).启动nginx服务:
[root@puppetserver ~]# service nginx start
Puppetclient:
1.puppet安装:
(1).配置hosts文件:
[root@puppetserver ~]# vi /etc/hosts
1 2 3 4 | 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4::1 localhost localhost.localdomain localhost6 localhost6.localdomain6192.168.20.20 puppetserver.chensh.net192.168.20.21 puppetclient.chensh.net |
(2).添加yum源:
添加epel源:
[root@puppetclient ~]# rpm -Uvh http://mirrors.sohu.com/fedora-epel/6/x86_64/epel-release-6-8.noarch.rpm
添加puppet源:
[root@puppetclient ~]# rpm -Uvh http://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-11.noarch.rpm
(3).安装puppet-server:
[root@puppetclient ~]# yum -y install puppet
(4).配置puppet.conf
[root@puppetclient ~]# vi /etc/puppet/puppet.conf
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 | [main] # The Puppet log directory. # The default value is '$vardir/log'. logdir = /var/log/puppet # Where Puppet PID files are kept. # The default value is '$vardir/run'. rundir = /var/run/puppet # Where SSL certificates are kept. # The default value is '$confdir/ssl'. ssldir = $vardir/ssl [agent] # The file in which puppetd stores a list of the classes # associated with the retrieved configuratiion. Can be loaded in # the separate ``puppet`` executable using the ``--loadclasses`` # option. # The default value is '$confdir/classes.txt'. classfile = $vardir/classes.txt # Where puppetd caches the local configuration. An # extension indicating the cache format is added automatically. # The default value is '$confdir/localconfig'. localconfig = $vardir/localconfig server = puppetserver.chensh.net |
[root@puppetclient ~]# chkconfig puppet on
(5).开启puppet服务:
[root@puppetclient ~]# service puppet start
测试:
[root@puppetclient ~]# puppet agent --test
[root@puppetserver ~]# puppet cert --list
[root@puppetserver ~]# puppet cert sign all
其他:
puppet配置项说明:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 | [main] #指定了puppet服务端的地址 server = master.puppet.lightcloud.cn #是否实时刷新日志到磁盘 autoflush = false #日志目录 logdir = /var/log/puppet #puppet进程pid文件存放目录,使用守护进程运行时,需要这个文件 rundir = /var/run/puppet [master] #保存客户端上传自身信息的文件存储目录,每个节点会有一个单独的目录,客户端的每次执行会生成一个以日期+时间命名yaml文件 reportdir = /var/lib/puppet/reports #在客户第一次链接服务端的时候,需要服务端签名(相当于确认),服务端对客户端的识别是通过名字来确 #认的,在这个文件中的名字,可以被服务端自动签名(确认),支持正则匹配,内容类似这样: #test.lightcloud.cn #*.puppet.lightcloud.cn autosign = /etc/puppet/autosign.conf #puppetmaster服务端监听地址 bindaddress = 0.0.0.0 #puppetmaster服务端监听端口 masterport = 8140 #是否记录客户端对 evaltrace = true [agent] #客户端的名字 certname = client.puppet.lightcloud.cn #是否后台运行 daemonize = true #是否允许证书自动覆盖,默认是不允许的,每个证书的有效期为5年 allow_duplicate_certs = true #是否上传客户端对resouces的执行结果 report = true #上传的方式,在有puppet的dashboard时需要这个 reports = store, http #store上传是的地址 report_server = master.puppet.lightcloud.cn #store上传是的端口 report_port = 8140 #http上传时的地址,按照puppet的dashboard时需要这个 reporturl = http://172.58.0.68:3000/reports/upload #客户端执行间隔(20分钟) runinterval = 20m #是否在执行时间上另加一个随机时间(0到最大随机时间之间的一个整数值) splay = true #加的随之时间的最大长度 splaylimit = 10m #客户端获取配置超时时间 configtimeout = 2m #日志记录是是否加颜色 color = ansi #是否忽略本地缓存 ignorecache = true |