Puppet简介
puppet是一种Linux、Unix、windows平台的集中配置管理系统,使用自有的puppet描述语言,可管理配置文件、用户、cron任务、软件包、系统服务等。puppet把这些系统实体称之为资源,puppet的设计目标是简化对这些资源的管理以及妥善处理资源间的依赖关系。puppet采用C/S星状的结构,所有的客户端和一个或几个服务器交互。每个客户端周期的(默认半个小时)向服务器发送请求,获得其最新的配置信息,保证和该配置信息同步。每个puppet客户端每半小时(可以设置)连接一次服务器端, 下载最新的配置文件,并且严格按照配置文件来配置服务器. 配置完成以后,puppet客户端可以反馈给服务器端一个消息. 如果出错,也会给服务器端反馈一个消息.
实验环境
一、 安装前准备(所有机器)
1. 设置主机名
2. 编辑/etc/hosts文件,将三台机器都加入进去,或者使用DNS
[root@daixijun ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.1.244 daixijun.verystar.cn daixijun 192.168.1.221 img.verystar.cn img 192.168.1.220 web.verystar.cn web
3. 时间同步
[root@daixijun ~]# yum install ntp -y [root@daixijun ~]# ntpdate pool.ntp.org [root@daixijun ~]# /etc/init.d/ntpd start
4. 安装puppet官方源。
[root@daixijun ~]# rpm -ivh http://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-7.noarch.rpm
二、Master端安装配置
1. 安装 puppet-server
[root@daixijun ~]# yum install puppet-server puppet -y
2. 添加自动签发证书(两种方法实现,第二种本人未试过)
方法1:编辑 /etc/puppet/puppet.conf 文件, 在[main]段内加入 autosign = true
[root@daixijun ~]# grep -v '#' /etc/puppet/puppet.conf | grep -v '^$'
[main]
logdir = /var/log/puppet
rundir = /var/run/puppet
ssldir = $vardir/ssl
autosign = true
server = daixijun.verystar.cn
[agent]
classfile = $vardir/classes.txt
localconfig = $vardir/localconfig方法2:在 /etc/puppet 目录下创建autosign.conf文件,可指定为匹配的域名自动签发
cat > /etc/puppet/autosign.conf <<EOF *.verystar.cn EOF
3. 启动puppetmaster服务
[root@daixijun ~]# /etc/init.d/puppetmaster start [root@daixijun ~]# netstat -tunlp | grep :8140 tcp 0 0 0.0.0.0:8140 0.0.0.0:* LISTEN 2047/ruby [root@daixijun ~]# chkconfig puppetmaster on
三、 客户端安装配置
1. puppet 安装
[root@web ~]# yum install puppet -y
2. 为客户端指定master服务器,并开启来自Master的推送功能
编辑 /etc/puppet/puppet.conf 文件,
[main]
logdir = /var/log/puppet
rundir = /var/run/puppet
ssldir = $vardir/ssl
[agent]
classfile = $vardir/classes.txt
localconfig = $vardir/localconfig
server = daixijun.verystar.cn
listen = true编辑 /etc/puppet/auth.conf 文件, 在 auth / 之前加入以下语句
path /run method save allow daixijun.verystar.cn
3. 启动客户端 agent
[root@web ~]# /etc/init.d/puppet start [root@web ~]# chkconfig puppet on [root@img ~]# puppet agent --test Info: Retrieving plugin Info: Caching catalog for img.verystar.cn Info: Applying configuration version '1379925955' Notice: Finished catalog run in 0.05 seconds
四、 在Master上查看签发的证书列表
如果有看到证书,则说明客户端与Master通信正常,由于之前配置了自动签发证书,所以客户端连接上来后都已经是签证过了
[root@daixijun ~]# puppet cert list --all + "daixijun.verystar.cn" (SHA256) B4:06:AE:C2:2D:44:FF:CA:36:4E:13:C4:F3:B5:C2:7F:1D:13:51:76:A3:93:5A:DD:11:DA:B7:AB:EF:07:C0:00 (alt names: "DNS:daixijun.verystar.cn", "DNS:puppet", "DNS:puppet.verystar.cn") + "img.verystar.cn" (SHA256) CD:9C:2E:CF:67:4B:6F:19:E4:76:94:A5:FF:FA:CB:B8:A0:76:9E:F7:1E:83:2F:00:19:ED:33:64:86:63:71:2E + "web.verystar.cn" (SHA256) BD:F2:AF:8F:4B:B0:73:4D:CB:21:DE:DB:5E:D1:91:18:DC:DA:2D:77:62:5A:A2:24:D3:C3:19:1F:B0:37:AC:29
+ 表示已经获得签名
- 表示证书被注销
表示未获得证书
五、 简单测试
Master:
1. 在客户端创建 /tmp/test.txt 文件, 内容为 "this is a test document!!"
[root@daixijun ~]# cat > /etc/puppet/manifests/site.pp <<EOF
file {"/tmp/test.txt":
content => "this is a test document!!\n";
}
EOF2. 进行主动推送
[root@daixijun ~]# puppet kick --host daixijun.verystar.cn web.verystar.cn img.verystar.cn Warning: Puppet kick is deprecated. See http://links.puppetlabs.com/puppet-kick-deprecation Warning: Failed to load ruby LDAP library. LDAP functionality will not be available Triggering daixijun.verystar.cn Getting status status is success daixijun.verystar.cn finished with exit code 0 Triggering web.verystar.cn Getting status status is success web.verystar.cn finished with exit code 0 Triggering img.verystar.cn Getting status status is success img.verystar.cn finished with exit code 0 Finished
或者在客户端去获取
[root@web ~]# puppet agent --test --server=daixijun.verystar.cn
3. 在客户端检查文件是否存在
[root@web ~]# cat /tmp/test.txt this is a test document!!
声明: 本文采用 BY-NC-SA 协议进行授权 | Linux运维网
转载请注明转自《Puppet系列之安装篇》