puppet原理及配置
系统环境RHEL6.5
server 192.168.63.110 ty1.com
client 192.168.63.111 ty2.com
安装
server端 安装puppet-server
client端 安装 puppet
安装时需要解决ruby的依赖性
还有 facter 和 hiera
启动
[root@ty1 ~]# touch /etc/puppet/manifests/site.pp
#site.pp 文件 启动需要 如果没有则无法启动
[root@ty1 ~]# /etc/init.d/puppetmaster start
[root@ty2 ~]# puppet agent --server=ty1.com --no-daemonize --verbose
Info: Creating a new SSL key for ty2.com
Info: Caching certificate for ca
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for ty2.com
Info: Certificate Request fingerprint (SHA256): 5C:C7:94:A9:37:36:D7:42:4A:D8:A9:48:13:5E:C6:A8:64:D0:1B:C6:CC:F0:E0:A3:67:57:C8:A0:75:0B:B3:3D
Info: Caching certificate for ca
#client 向 master 发出证书验证请求,然后等待 master 签名并返回证书
[root@ty1 ~]# puppet cert list
"ty2.com" (SHA256) 5C:C7:94:A9:37:36:D7:42:4A:D8:A9:48:13:5E:C6:A8:64:D0:1B:C6:CC:F0:E0:A3:67:57:C8:A0:75:0B:B3:3D
[root@ty1 ~]# puppet cert sign ty2.com
Notice: Signed certificate request for ty2.com
Notice: Removing file Puppet::SSL::CertificateRequest ty2.com at '/var/lib/puppet/ssl/ca/requests/ty2.com.pem'
#master端签名证书
Info: Caching certificate_revocation_list for ca
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for ty2.com
Info: Applying configuration version '1470755654'
Info: Creating state file /var/lib/puppet/state/state.yaml
Notice: Finished catalog run in 0.02 seconds
#完成验证
自动验证
[root@ty1 ~]# vim /etc/puppet/puppet.conf
[main]
autosign = true
[root@ty1 ~]# vim /etc/puppet/autosign.conf
*.com #表示允许所有 com 域的主机
[root@ty1 ~]# /etc/init.d/puppetmaster reload
Stopping puppetmaster: [ OK ]
Starting puppetmaster:
资源定义
[root@server1 ~]# mkdir /etc/puppet/files
[root@server1 ~]# cd /etc/puppet/files
[root@server1 ~]# echo "hello world" > /etc/puppet/files/index.html
[root@server1 ~]# vim /etc/puppet/fileserver.conf
@@@@@
43 [files]
44 path /etc/puppet/files
45 allow *
@@@@@
1、 定义创建文件的资源
[root@server1 ~]# cd /etc/puppet/manifests/
[root@server1 manifests]# vim site.pp
@@@@@
1 file {
2 "/var/www/html/index.html":
3 source => "puppet:///files/index.html",
4 mode => 777,
5 owner => puppet
6 }
##新建/etc/puppet/manifest/site.pp 文件来定义 puppet 相关的变量和默认配置, 在没有指定节
点的情况下,对所有已经经过验证的 client 都生效。
@@@@@
[root@server1 ~]# /etc/init.d/puppetmaster reload
客户端检测:
[root@ty2 ~]# puppet agent --server=ty1.com --test
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for ty2.com
Info: Applying configuration version '1470768678'
Notice: /Stage[main]/Main/File[/var/www/html/index.html]/ensure: defined content as '{md5}44e5a24c74a1072f39360d8f75919f96'
Notice: Finished catalog run in 0.12 seconds
2、定义软件包和服务的资源
[root@ty1 manifests]# cat site.pp
package {
"vsftpd":
ensure=>preset #定义安装服务
}
service {
"vsftpd":
ensure=>running #定义运行服务
}
客户端检测:
[root@ty2 ~]# puppet agent --server=ty1.com --test
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for ty2.com
Info: Applying configuration version '1470769575'
Notice: /Stage[main]/Main/Package[vsftpd]/ensure: created
Notice: /Stage[main]/Main/Service[vsftpd]/ensure: ensure changed 'stopped' to 'running'
Info: /Stage[main]/Main/Service[vsftpd]: Unscheduling refresh on Service[vsftpd]
Notice: Finished catalog run in 1.94 seconds
[root@ty2 ~]# /etc/init.d/vsftpd status
vsftpd (pid 2631) is running...
#注:此前这台服务器并没有安装过vsftpd
3、定义创建用户资源
user {
"tyzz": uid => 900,
home => "/home/tyzz",
shell => "/bin/bash",
provider => useradd,
managehome => true,
ensure => present
}
#注意: 如果不加下面的代码, 该用户密码在/etc/shadow 文件中为明文
exec {
"echo 123456 | passwd --stdin tyzz":
path => "/usr/bin:/usr/sbin:/bin",
onlyif => "id tyzz"
}
4、定义 crontab 任务
[root@ty1 manifests]# cat site.pp
cron {
echo:
command => "/bin/echo `/bin/date` >> /tmp/echo",
user => root,
hour => ['2-4'],
minute => '*/10'
}