|
|
什么是puppet?
puppet批量管理工具,目前乐视,安居都是在用puppet,采用的是C/S模式的结构的linux,unix的集中配置
管理系统,puppet拥有自己的语言,可以管理文件用户,cron任务,软件包等,系统服务。
puppet工作原理:
采用https和XML协议,master去管理client,客户通过https的xmlrpc协议发给服务器端,服务器通过分析客户主机名,找到该主机配置代码
当客户端操作完成后向服务器返回消息,看看是否执行成功。
puppet
应用于公司有大量上百台服务器进行管理
puppet安装
注意时间要同步
ntpdate time.nist.gov
环境:
系统redhat6.5
master 192.168.2.1
client1 192.168.2.3
client2 192.168.2.4
首先时间同步,防火墙关掉
/etc/init.d/iptables stop
需要ruby环境,装ruby
[root@agent ~]# yum -y install ruby
创建用户puppet
[root@localhost ~]# groupadd puppet
[root@localhost ~]# useradd -g puppet -s /bin/false -M puppet
设置hosts puppet同步是通过域名同步
echo "192.168.1.102 master.test.com" >> /etc/hosts
echo "192.168.1.60 agent.test.com" >> /etc/hosts
echo "192.168.1.106 client02" >> /etc/hosts
机器名字改成域名形式
vim /etc/sysconfig/network
master必须改主机名,client不用改
把所有域名加到hosts里面,能通信
[root@localhost ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.2.1 master.test.com
192.168.2.3 agent1.test.com
192.168.2.4 client02
确定域名通信
安装puppet软件包
[root@localhost ~]# tar zxf facter-1.6.4.tar.gz
[root@localhost ~]# cd facter-1.6.4
[root@localhost facter-1.6.4]# ruby install.rb
[root@agent ~]# tar zxf puppet-2.7.14.tar.gz
[root@agent ~]# cd puppet-2.7.14
[root@agent puppet-2.7.14]# ruby install.rb
[root@localhost puppet-2.7.9]# mkdir -p /etc/puppet
[root@localhost puppet-2.7.9]# cp conf/redhat/* /etc/puppet/
[root@localhost puppet-2.7.9]# cp conf/auth.conf /etc/puppet/
MASTER
建立配置文件目录
[root@localhost ~]# mkdir /etc/puppet/manifests -p
[root@localhost puppet]# pwd
/etc/puppet
[root@localhost puppet]# cp server.init /etc/init.d/puppetmaster 复制启动文件
[root@localhost puppet]# chmod 755 /etc/init.d/puppetmaster 给权限
启动puppet
[root@localhost puppet]# /etc/init.d/puppetmaster start
启动 puppetmaster: [确定]
[root@localhost puppet]# ps -ef |grep puppet
puppet 48544 1 0 00:33 ? 00:00:00 /usr/bin/ruby /usr/sbin/puppetmasterd
root 48558 47222 0 00:33 pts/2 00:00:00 grep puppet
Agent操作:
[root@agent puppet-2.7.14]# puppetd --test --server master.test.com 请求证书
info: Creating a new SSL key for agent.test.com
warning: peer certificate won't be verified in this SSL session
info: Caching certificate for ca
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
info: Creating a new SSL certificate request for agent.test.com
info: Certificate Request fingerprint (md5): 2B:25:B8:D5:53:7D:0C:35:6C:F0:C2:01:3F:56:E9:CB
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
Exiting; no certificate found and waitforcert is disabled
Master查看
[root@localhost puppet]# puppetca -l 发现有一个请求证书
agent.test.com (2B:25:B8:D5:53:7D:0C:35:6C:F0:C2:01:3F:56:E9:CB)
Master授权证书
[root@localhost puppet]# puppetca -s agent.test.com
notice: Signed certificate request for agent.test.com
notice: Removing file Puppet::SSL::CertificateRequest agent.test.com at '/var/lib/puppet/ssl/ca/requests/agent.test.com.pem'
[root@localhost puppet]# ll /var/lib/puppet/ssl/ca/signed/ Server端证书目录
总用量 8
-rw-r-----. 1 puppet puppet 1387 3月 27 11:46 agent.test.com.pem
-rw-r-----. 1 puppet puppet 936 3月 27 11:28 master.test.com.pem
Agent查看证书
[root@agent puppet-2.7.14]# puppetd --test --server master.test.com
warning: peer certificate won't be verified in this SSL session
info: Caching certificate for agent.test.com
info: Caching certificate_revocation_list for ca
info: Caching catalog for agent.test.com
info: Applying configuration version '1459050414'
info: Creating state file /var/lib/puppet/state/state.yaml
notice: Finished catalog run in 0.02 seconds
OK 证书请求完成
puppet配置管理
Master配置
创建编写配置文件
[root@localhost puppet]# cd /etc/puppet/manifests/
[root@localhost manifests]# vim site.pp
[root@localhost manifests]# cat site.pp
node default{ 在客户端下
file {"/tmp/test.txt": 创建test。txt文件
content=>"I'm test puppet\n"; 文件内容
}
}
重启puppet 第一服务次创建需要重启puppet
[root@localhost manifests]# /etc/init.d/puppetmaster restart
停止 puppetmaster: [确定]
启动 puppetmaster: [确定]
Agent运行查看
[root@agent puppet-2.7.14]# puppetd --test --server master.test.com
info: Caching catalog for agent.test.com
info: Applying configuration version '1459051322'
notice: /Stage[main]//Node[default]/File[/tmp/test.txt]/ensure: defined content as '{md5}126809c793cb00f34616532d90ab1e85'
notice: Finished catalog run in 0.03 seconds
提示有文件
那么查看下
[root@agent tmp]# ls
orbit-gdm pulse-yllwWiOizWaB test.txt yum.log
[root@agent tmp]# cat test.txt
I'm test puppet
ok同步成功
加入要创建一个用户并改变用户和授权怎么做?
[root@localhost manifests]# cat site.pp 这个脚本是将大于100kb的log日志的脚本
node default{
file {"/tmp/test.txt":
content=>"find /log/ -type f -size +100KB |xargs rm -rf\n",
mode=>"0777",
}
}
[root@agent tmp]# ll test.sh agent查看是root用户
-rwxrwxrwx. 1 root root 46 3月 27 12:17 test.sh
[root@localhost manifests]# cat site.pp 配置属组用户
node default{
file {"/tmp/test.sh":
content=>"find /log/ -type f -size +100KB |xargs rm -rf\n",
mode=>"0777",
group=>"puppet",
owner=>"puppet",
}
}
agent运行
[root@agent tmp]# ll test.sh 变成puppet
-rwxrwxrwx. 1 puppet puppet 46 3月 27 12:17 test.sh
设置计划任务
cron { "ntp time ": 这个是名字 在agent里面是注释
command => "/usr/sbin/ntpdate pool.ntp.org >/dev/null 2>&1",
minute => '*/10',
hour => ['2-4'],
monthday => [2,4],
ensure => present,
environment => "PATH=/bin:/usr/bin:/usr/sbin"
}
}
在Agent查看计划任务
[root@agent tmp]# puppetd --test --server master.test.com
info: Caching catalog for agent.test.com
info: Applying configuration version '1459053791'
notice: /Stage[main]//Node[default]/Cron[ntp time ]/ensure: created
notice: Finished catalog run in 0.11 seconds
[root@agent tmp]# crontab -l
# HEADER: This file was autogenerated at Sun Mar 27 12:43:12 +0800 2016 by puppet.
# HEADER: While it can still be managed manually, it is definitely not recommended.
# HEADER: Note particularly that the comments starting with 'Puppet Name' should
# HEADER: not be deleted, as doing so could cause duplicate cron jobs.
# Puppet Name: ntp time
PATH=/bin:/usr/bin:/usr/sbin
*/10 2-4 2,4 * * /usr/sbin/ntpdate pool.ntp.org >/dev/null 2>&1
假如在puppet用户执行这任务
那么直接加user=puppet就可以
假如我想把master端一个文件同步到agent上,怎么写?
创建同步的文件
[root@localhost puppet]# mkdir /etc/puppet/system_conf
[root@localhost puppet]# cd /etc/puppet/system_conf/
[root@localhost system_conf]# vim a.log
[root@localhost system_conf]# cat a.log
test
[root@localhost system_conf]# ll a.log
-rw-r--r--. 1 root root 5 3月 27 12:55 a.log
修改master端配置 四部曲:
第一步:配置共享目录
[root@localhost puppet]# cat fileserver.conf 在文件里添加内容,代表将这个目录共享出去
[system_conf]
path /etc/puppet/system_conf/
allow *
第二步:重启puppet
[root@localhost puppet]# /etc/init.d/puppetmaster restart
停止 puppetmaster: [确定]
启动 puppetmaster: [确定
第三步:需要将同步的文件放到system.conf文件中,前面已经做了
第四步:修改master端site.pp
file {"a.log":
mode=>644,
source => "puppet://master.test.com/system_conf/a.log"; 制定来源
}
}
agent查看
[root@agent etc]# cat a.log
test
根据不同业务配置不同的服务器:
配置node节点
node 'client02' { client02主机名,代表在client02下同步
file{ "/var/log/snmp.log":
content=>"test/n".
}
添加如下参数
puppet主要配置文件puppet.conf server.sysconfig
那么咱们之前都是手动同步,怎么设置成自动同步呢?、
agent
[root@agent etc]# cd /etc/puppet/
[root@agent puppet]# cp client.init /etc/init.d/puppetagent
[root@agent puppet]# chmod 777 /etc/init.d/puppetagent
[root@agent puppet]# cp client.sysconfig /etc/sysconfig/puppet
[root@agent puppet]# vim /etc/sysconfig/puppet 编辑文件
[root@agent puppet]# cat /etc/sysconfig/puppet
# The puppetmaster server
PUPPET_SERVER=master.test.com
# If you wish to specify the port to connect to do so here
#PUPPET_PORT=8140
# Where to log to. Specify syslog to send log messages to the system log.
PUPPET_LOG=/var/log/puppet/puppet.log
# You may specify other parameters to the puppet client here
PUPPET_EXTRA_OPTS=--waitforcert=500
[root@agent puppet]# /etc/init.d/puppetagent start 启动服务,这样默认就从puppet取
启动 puppet: [确定]
这样咱们puppet完成了!!! |
|
|
QQ群⑧:
窥视卡
雷达卡
发表于 2018-8-2 07:50:09
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡