centos_6.5 64位 安装配置puppet

作者: print("") 分类: linux 发布时间: 2017-08-12 23:30


centos_6.5 64位 安装配置puppet

(一)我们先准备两台centos 6.5 x86_64机器,

做好安装前的工作。

 OS: Centos 6.5 x86_64
Puppet 

master: master(192.168.0.112)
Puppet

clients: client (192.168.0.111) 

1.1设置本地hosts 和时间
[root@client ~]# cat /etc/hosts
192.168.0.112 master
192.168.0.111 client
[root@client ~]#
1.2设置时间同步
[root@master manifests]# ntpdate pool.ntp.org
6 Aug 16:44:50 ntpdate[7759]: adjust time server 61.216.153.104 offset 0.048551 sec
[root@master manifests]#
1.3 关闭防火墙和selinux
[root@master manifests]# service iptables stop
[root@master manifests]# setenforce 0
1.4 添加阿里云源和prel 源(注:这两个源可以随便添加,用默认的源也可以的)
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo rpm -Uvh http://mirrors.ustc.edu.cn/fedora/epel/6/x86_64/epel-release-6-8.noarch.rpm 安装puppt源 对于 CentOS/RHEL 6.5:

  1. # rpm -ivh https://yum.puppetlabs.com/el/6.5/products/x86_64/puppetlabs-release-6-10.noarch.rpm

对于 CentOS/RHEL 7:

  1. # rpm -ivh https://yum.puppetlabs.com/el/7/products/x86_64/puppetlabs-release-7-10.noarch.rpm

安装服务器端

在你打算用作 master 的服务器上安装 “puppet-server” 包。

  1. # yum install puppet-server

安装完成后,设置 Puppet 服务器开机自动启动,然后启动它。

  1. # chkconfig puppetmaster on # service puppetmaster start

现在服务器已经运行起来了,我们试试看我们的网络能不能访问到它。
对于使用 iptables 当做防火墙的 CentOS/RHEL 6,在 /etc/sysconfig/iptables 文件的 OUTPUT ACCEPT 小节里添加下面这一行。
-A INPUT -m state –state NEW -m tcp -p tcp –dport 8140 -j ACCEPT
重新启动 iptables 服务让刚才的修改生效。

  1. # service iptables restart

在安装了防火墙的 CentOS/RHEL 7 上,我们这么做:

  1. # firewall-cmd –permanent –zone=public –add-port=8140/tcp # firewall-cmd –reload3.
  2. 添加自动签发证书

编辑 /etc/puppet/puppet.conf 文件, 在[main]段内加入 autosign = true,server = master.com [root@master ~]# vim /etc/puppet/puppet.conf
[main]
# The Puppet log directory.
# The default value is ‘$vardir/log’.
logdir = /var/log/puppet
# Where Puppet PID files are kept.
# The default value is ‘$vardir/run’.
rundir = /var/run/puppet
# Where SSL certificates are kept.
# The default value is ‘$confdir/ssl’.
ssldir = $vardir/ssl
autosign = true
server = master

  1. 启动Puppetmaster

[root@master ~]# service puppetmaster start
启动 puppetmaster:                                        [确定] [root@master ~]# netstat -tunlp | grep :8140
tcp        0      0 0.0.0.0:8140                0.0.0.0:*                   LISTEN      9148/ruby

  1. 开机启动

[root@master ~]# chkconfig –list |grep puppet
puppet             0:关闭    1:关闭    2:关闭    3:关闭    4:关闭    5:关闭    6:关闭
puppetmaster       0:关闭    1:关闭    2:关闭    3:关闭    4:关闭    5:关闭    6:关闭 [root@master ~]# chkconfig puppetmaster on [root@master ~]# chkconfig –list |grep puppet
puppet             0:关闭    1:关闭    2:关闭    3:关闭    4:关闭    5:关闭    6:关闭
puppetmaster       0:关闭    1:关闭    2:启用    3:启用    4:启用    5:启用    6:关闭
 
 

安装客户端

执行下面的命令,在客户端节点安装 Puppet 客户端。

  1. # yum install puppet

安装完成后,确保 Puppet 会随开机自动启动。

  1. # chkconfig puppet on
  2. 为客户端指定puppet服务器,并开启Master的推送功能

编辑 /etc/puppet/puppet.conf 文件,在[agent]段内加入 listen = true,server = master.com
[root@client1 ~]# vim /etc/puppet/puppet.conf
[agent]
# The file in which puppetd stores a list of the classes
# associated with the retrieved configuratiion.  Can be loaded in
# the separate “puppet“ executable using the “–loadclasses“
# option.
# The default value is ‘$confdir/classes.txt’.
classfile = $vardir/classes.txt
# Where puppetd caches the local configuration.  An
# extension indicating the cache format is added automatically.
# The default value is ‘$confdir/localconfig’.
localconfig = $vardir/localconfig
listen = true
server = master 编辑 /etc/puppet/auth.conf 文件, 在 auth / 最下面加入以下语句 [root@client1 ~]# vim /etc/puppet/auth.conf
path /run
method save
allow master

  1. 启动client

[root@client1 ~]# service puppet start
Starting puppet agent:                                     [确定] [root@client1 ~]# netstat -tunlp | grep :8139
tcp        0      0 0.0.0.0:8139                0.0.0.0:*                   LISTEN      15038/ruby 开机启动 [root@client1 ~]# chkconfig puppet on [root@client1 ~]# chkconfig –list |grep puppet
puppet             0:关闭    1:关闭    2:启用    3:启用    4:启用    5:启用    6:关闭 四、证书申请

  1. client需要向服务器端发出请求, 让服务器对客户端进行管理. 这其实是一个证书签发的过程. 第一次运行puppet 客户端的时候会生成一个 SSL 证书并指定发给 Puppet 服务端, 服务器端如果同意管理客户端,就会对这个证书进行签发,可以用这个命令来签发证书,由于我们已经在客户端设置了server地址,因此不需要跟服务端地址。

[root@client ~]# puppet agent –test
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for client1.com
Info: Applying configuration version ‘1440636623’
Notice: Finished catalog run in 0.20 seconds

  1. 在Master上查看签发的证书列表

如果有看到证书,则说明客户端与Master通信正常,由于之前配置了自动签发证书,所以客户端连接上来后都已经是签证过了
[root@master ~]#  puppet cert list –all
[root@master manifests]# puppet cert list –all
+ “client”    (SHA256) E4:12:D8:42:ED:13:46:1E:8C:E8:8B:E8:EB:9A:B0:99:C9:B5:03:A0:98:F2:4E:10:A0:ED:7E:F2:5B:9C:96:F6
+ “lserver-1” (SHA256) EE:AD:9C:1E:99:82:80:FE:2D:97:D3:5D:FD:38:2E:66:99:E7:99:6E:08:5A:74:E2:6D:8F:3F:4C:8F:7D:AB:E0
+ “master”    (SHA256) 77:BB:34:68:F0:D5:00:A6:C0:60:8F:C1:23:16:E9:BA:B4:42:21:AF:67:86:44:2B:4E:30:39:31:0B:0B:4A:D3
+ “rclient-1” (SHA256) 09:1B:01:7E:22:1D:D1:A6:F7:F9:0D:A1:91:61:01:C0:87:F9:47:18:02:7A:89:D6:65:7A:65:D5:0E:A6:B1:F4
+ 表示已经获得签名
– 表示证书被注销
表示未获得证书 五、 简单测试

  1. 我们在/etc/puppet/manifests/下建立文件pp,此文件可以将/tmp/andrew.txt的内容和权限都推送过去.
  2. Master

在clinets端创建 /tmp/test.txt 文件, 内容为 “this is a test document!!”
[root@master]# cd /etc/puppet/manifests
[root@master manifests]# vim site.pp
node default{
file {“/tmp/andrewy.txt”:
content => “this is a test document!!!\n”,
ensure => present,
owner =>root,
group => root,
mode =>644,
}
}

  1. clients

[root@client1 ~]# puppet agent –test –server=master.com
Notice: Ignoring –listen on onetime run
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for client1.com
Info: Applying configuration version ‘1440641613’
Notice: /Stage[main]/Main/Node[default]/File[/tmp/andrewy.txt]/ensure: created
Notice: Finished catalog run in 0.03 seconds
通过对notice返回可以确定执行成功,时间为0.03秒。 在客户端检查文件是否存在 [root@client1 ~]# cat /tmp/andrewy.txt
this is a test document!!!
 

######puppet 管理配置

例子一 :文件配置
master端:
vim /etc/puppet/manifests/site.pp
node default{
file {“/tmp/andrewy.txt”:
content => “this is a test document!!!\n”,
}
}
### client端
[root@client1 certs]# puppetd –test –server master
Notice: Finished catalog run in 0.03 seconds
[root@client1 certs]# cat /tmp/andrewy.txt
this is a test document!!!
[root@client1 certs]#
例子二 : 创建文件并改变用户和授权
node default{
file {“/tmp/andrewy.txt”:
content => “this is a test document!!!\n”,
ensure => present,
owner =>root,
group => root,
mode =>644,
}
}
例子三:管理组和用户:
file {“/tmp/andrewy.txt”:
content => “this is a test document!!!\n”,
ensure => present,
owner =>root,
group => root,
mode =>777,
}
group { “test”:
gid=>999,
ensure=>present,
}
user { “test1″:
name=>”test”,
uid=>999,
gid=>test,
ensure=>present,
}
}
客户端
[root@client1 tmp]# puppet agent –test –server=master
Info: Caching catalog for client1
Info: Applying configuration version ‘1502381247’
Notice: /Stage[main]/Main/Node[default]/Group[test]/ensure: created
Notice: /Stage[main]/Main/Node[default]/User[test1]/ensure: created
Notice: Finished catalog run in 0.20 seconds
[root@client1 tmp]# id test
uid=999(test) gid=999(test) 组=999(test)
[root@client1 tmp]#
########删除用户
[root@master manifests]# vim site.pp
node default{
file {“/tmp/andrewy.txt”:
content => “this is a test document!!!\n”,
ensure => present,
owner =>root,
group => root,
mode =>777,
}
group { “test”:
gid=>999,
ensure=>present,
}
user { “test1″:
name=>”test”,
uid=>999,
gid=>test,
ensure=>absent,
}
}
##客户端
Info: Caching catalog for client1
Info: Applying configuration version ‘1502381495’
Notice: /Stage[main]/Main/Node[default]/User[test1]/ensure: removed
Notice: Finished catalog run in 0.21 seconds
[root@client1 tmp]# id test
id: test:无此用户
[root@client1 tmp]#
例子四: 管理crontab任务
例子综合:
master端sitp.pp
cron { “ntp time”:
command => “/usr/sbin/ntpdata pool.ntp.org >/dev/null 2>&1″,
minute=> ‘*/10’,
hour=>[‘2-4’],
monthday=>[2,4],
ensure=>present,
environment=>”PATH=/bin:/usr/bin:/usr/sbin”
}
例子五、同步master端/etc/puppet/system_conf/script下的文件到agent
a)修改master配置文件fileserver.conf
[system_conf]
path /etc/puppet/system_conf/
allow *
b)重启master
/etc/init.d/puppetmaster restart
c)把需要同步的文件放到master/etc/puppet/system_conf/下
d)修改master端site.pp
file {“/etc/resolv.conf”:
mode=>644,
source=>”puppet://master/system_conf/resolv.conf”
}
###客户端测试
[root@client1 ~]# puppet agent –test –server=master
Info: Caching catalog for client1
Info: Applying configuration version ‘1502547865’
Notice: Finished catalog run in 0.08 seconds
[root@client1 ~]# cat /etc/
Display all 260 possibilities? (y or n)
[root@client1 ~]# cat /etc/resolv.conf
##########2017 # Generated by NetworkManager
nameserver 61.153.81.74
nameserver 202.96.104.27
[root@client1 ~]#
##可以配置:
系统文件 hosts, resolv.conf li8n ,yum配置文件
脚本文件 /script/service_all_clear.sh
例子六、根据业务配置不同的机器
node ‘client1′{
file { “/var/log/snmp.log”:
content=>”test”,
}
}
例如加多台
node ‘client1’,’apache-001′{
file { “/var/log/snmp.log”:
content=>”test”,
}
}
 

如果觉得我的文章对您有用,请随意打赏。您的支持将鼓励我继续创作!

1
说点什么

avatar
1 Comment threads
0 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
1 Comment authors
Wordpress Voice Comments Recent comment authors
  Subscribe  
最新 最旧 得票最多
提醒
Wordpress Voice Comments
游客

Grow your online community with voice comments. Let your readers voice their opinions in a fun, fast and easy way. Improve your user retention, website SEO, and get more conversions. Get the Free Plugin here,