puppet 学习文档

wlyyb521

　　192.168.6.226 为服务端
　　192.168.6.223 为客户端
　　1,puppet 安装
　　服务端
　　关闭selinux iptables
　　添加hosts
　　Vim /etc/hosts
　　127.0.0.1   localhost localhost.localdomain localhost4localhost4.localdomain4 web10
　　::1         localhost localhost.localdomainlocalhost6 localhost6.localdomain6 web10
　　127.0.0.1  www.test1.com www.aaa.com www.test.com
　　192.168.6.223 web9.aming.com
　　192.168.6.226 web10.aming.com
　　Vim /etc/sysconfig/network
　　Hostname web10.aming.com
　　Yum install puppetmaster –y
　　启动puppetmaster
　　提示错误需要在hosts里加入主机名
　　Starting puppetmaster:dnsdomainname: Unknown host
　　dnsdomainname: Unknown host
　　ps aux|grep puppet
　　puppet  31418  3.9  8.4 142812 42328 ?        Ssl 17:07   0:01 /usr/bin/ruby/usr/sbin/puppetmasterd
　　端口号8140
　　客户端
　　Vim /etc/hosts
　　192.168.6.226 web10.aming.com
　　192.168.6.223 web9.aming.com
　　Vim /etc/sysconfig/network
　　Hostname web9.aming.com
　　按装puppet
　　Yum install puppet –y
　　/etc/init.d/puppet start
　　在客户端上添加配置
　　Vim /etc/puppet/puppet.conf
　　Listen = true
　　Server = web9.aming.com
　　runinterval = 30
　　puppet 应用
　　注册ca
　　Puppet agent –test –server web10.aming.com(注册命令)
　　Info: csr_attributes file loading from/etc/puppet/csr_attributes.yaml
　　Info: Creating a new SSL certificaterequest for web10.aming.com
　　Info: Certificate Request fingerprint(SHA256):DD:17:9F:11:4B:01:77:32:8F:38:22:9C:48:51:35:57:8D:EB:F3:94:1B:52:8F:CA:CA:53:53:FE:A6:EC:B9:4C
　　Exiting; no certificate found andwaitforcert is disabled
　　提示以上内容注册成功
　　Puppet cert list –all 查看ca
　　+ "web10.aming.com" (SHA256)6A:2E:1D:77:8F:64:BA:39:63:B9:5A:1F:B0:60:66:8E:27:68:60:52:D5:53:FE:D2:9F:68:41:05:A7:64:16:16
　　+ "web9.aming.com"  (SHA256) BD:8F:D1:6E:52:ED:D2:08:DC:4D:DE:A2:D1:23:21:08:1A:69:FA:15:39:4F:8A:37:10:65:5D:ED:00:B5:59:C6(alt names: "DNS:puppet", "DNS:puppet.aming.com","DNS:web9.aming.com")
　　看到有+号的情况，提示已经加入到服务器的ca列表
　　如果没有出现+号则使用
　　puppet cert --sign web10.aming.com
　　测试
　　在服务端建立新文件site.pp
　　vim /etc/puppet/manifests/site.pp
　　node default {
　　file {
　　"/tmp/123.txt": content =>"test,test";
　　}
　　}
　　保存后
　　在客户端输入
　　Puppet –test –server web9.aming.com
　　后再/tmp下出现123.txt
　　Info: Caching certificate forweb10.aming.com
　　Info: Caching certificate_revocation_listfor ca
　　Info: Caching certificate forweb10.aming.com
　　Notice: Ignoring --listen on onetime run
　　Warning: Unable to fetch my nodedefinition, but the agent run will continue:
　　Warning: undefined method `include?' fornil:NilClass
　　Info: Retrieving pluginfacts
　　Info: Retrieving plugin
　　Info: Loading facts
　　Info: Caching catalog for web10.aming.com
　　Info: Applying configuration version'1456399416'
　　Notice:/Stage[main]/Main/Node[default]/File[/tmp/123.txt]/ensure: defined content as'{md5}c175a2c7aefdba02f99b8a5b019b18cb'
　　Info: Creating state file/var/lib/puppet/state/state.yaml
　　自动认证
　　客户端
　　/etc/init.d/puppet stop
　　Rm –rf /var/lib/puppet/ssl/*
　　服务端
　　Puppet cert clean –all
　　Vim /etc/puppet/puppet.conf
　　加入一条
　　Autosign = true
　　Vim /etc/puppet/autosign.conf
　　*.aming.com
　　启动puppetmaster
　　/etc/init.d/puppetmaster start
　　启动puppet 客户端
　　/etc/init.d/puppet start
　　模块示例
　　首先编辑在/etc/puppet/modules/创建一个自定义模块testm
　　在创建cd testm
　　mkdir -pv {files,manifests,templates}
　　cd files
　　echo sdfasfaasfaming.com>aming.txt
　　vim manifests/init.pp
　　class testm{
　　file {"/tmp/aming.txt":
　　owner => "root",
　　group => "root",
　　mode => 0400,
　　source => "puppet://$puppetserver/modules/testm/aming.txt"
　　} }
　　Vim manifests/site.pp
　　$puppet='web9.aming.com'
　　node 'web10' {
　　include testm
　　}
　　Web10 为通过查看puppet cert list–all 里的文件得出的
　　Tail –F /var/log/message
　　Feb 26 02:03:06 localhostpuppet-agent[59793]: (/Stage[main]/Testm/File[/tmp/aming.txt]/ensure) definedcontent as '{md5}a3a6d94ec56c9a449377625873340f10'
　　Feb 26 02:03:06 localhostpuppet-agent[59793]: Finished catalog run in 0.37 seconds
　　提示以上内容成功
　　做目录资源
　　cd testm/files
　　vim manifests/init.pp
　　class testm{
　　file {"/tmp/aming.txt":
　　owner => "root",
　　group => "root",
　　mode => 0400,
　　source => "puppet://$puppetserver/modules/testm/aming.txt"
　　} }
　　class nginx {
　　file {"/usr/local/nginx":
　　owner => "root",
　　group => "root",
　　source => "puppet://$puppetserver/modules/testm/nginx",
　　recurse => true,
　　purge => true #支持删除操作
　　}
　　}
　　~    Vimmanifests/site.pp
　　$puppet='web9.aming.com'
　　node 'web10' {
　　include testm
　　include nginx
　　}
　　查看日志
　　Tail –F /var/log/message
　　Feb 26 02:29:31 localhostpuppet-agent[23849]:(/Stage[main]/Nginx/File[/usr/local/nginx/sbin/nginx.old]/ensure) definedcontent as '{md5}347341e105e668ea6220cbaa09dd6e7d'
　　Feb 26 02:29:31 localhostpuppet-agent[23849]: (/Stage[main]/Nginx/File[/usr/local/nginx/conf/win-utf]/ensure)defined content as '{md5}3749ffe19bedd842eb87e83d544e5ce6'
　　Feb 26 02:29:31 localhostpuppet-agent[23849]:(/Stage[main]/Nginx/File[/usr/local/nginx/conf/mime.types.default]/ensure)defined content as '{md5}bd837e7b34f5c9b8d89957d0527f0d44'
　　Feb 26 02:29:31 localhostpuppet-agent[23849]:(/Stage[main]/Nginx/File[/usr/local/nginx/conf/uwsgi_params]/ensure) definedcontent as '{md5}2aaaf1e3535752e74d2942db8b3632cb'
　　Feb 26 02:29:31 localhostpuppet-agent[23849]: (/Stage[main]/Nginx/File[/usr/local/nginx/conf/fastcgi.conf]/ensure)defined content as '{md5}c53b8ddf4250e742594d24c55e73c0df'
　　Feb 26 02:29:31 localhostpuppet-agent[23849]:(/Stage[main]/Nginx/File[/usr/local/nginx/conf/nginx.conf]/ensure) definedcontent as '{md5}a79bb7bb340a80057bce4772935548f0'
　　Feb 26 02:29:31 localhostpuppet-agent[23849]:(/Stage[main]/Nginx/File[/usr/local/nginx/conf/scgi_params]/ensure) definedcontent as '{md5}e9fd19c7d1f0cecbd46b3cb041ae19c7'
　　Feb 26 02:29:31 localhostpuppet-agent[23849]:(/Stage[main]/Nginx/File[/usr/local/nginx/html/50x.html]/ensure) definedcontent as '{md5}d74f9cdd604653c22c6752c46fffd587'
　　Feb 26 02:29:31 localhostpuppet-agent[23849]: (/Stage[main]/Nginx/File[/usr/local/nginx/uwsgi_temp]/ensure)created
　　Feb 26 02:29:32 localhostpuppet-agent[23849]:(/Stage[main]/Nginx/File[/usr/local/nginx/logs/access.log]/ensure) definedcontent as '{md5}68a546f08e828ad73f7a37860fe977fd'
　　提示以上内容成功
　　远程执行命令
　　cd testm/files
　　vim manifests/init.pp
　　class nginx {
　　file {"/usr/local/nginx":
　　owner => "root",
　　group => "root",
　　source => "puppet://$puppetserver/modules/testm/nginx",
　　recurse => true,
　　purge => true
　　}
　　exec {"123":
　　unless => "test -f/tmp/aminglinux.txt",
　　path => ["/bin","/sbin","/usr/bin","/usr/sbin"],
　　command => "touch /tmp/aminglinux.txt"
　　}
　　}
　　unless => "test -f/tmp/aminglinux.txt" 当文件不存在时可以创建
　　onlyif => "test -f/tmp/aminglinux.txt" 当问及存在是创建
　　cron模块
　　cd testm/files
　　vim manifests/init.pp
　　class nginx {
　　file{"/usr/local/nginx":
　　owner => "root",
　　group => "root",
　　source => "puppet://$puppetserver/modules/testm/nginx",
　　recurse => true,
　　purge => true
　　}
　　exec {"123":
　　unless => "test -f /tmp/aminglinux.txt",
　　path =>["/bin","/sbin","/usr/bin","/usr/sbin"],
　　command => "touch /tmp/aminglinux.txt"
　　}
　　cron{"aming1":
　　command => "/sbin/ntpdate time.windows.com",
　　user => "root",
　　minute => "*/10",
　　#ensure => "absent" 是否清除命令
　　}
　　}
　　说明：分时日月周分别对应Puppet里面的minute,hour,monthday,month,weekday,ensure设置为absent为删除该任务，如果不设置改行则为建立