|
|
Puppet自动化管理—sudo和ssh
一.sudo自动化配置
模块化管理
管理员将类似的配置组合成模块,比如webserver里面就包含了web服务器的所有相关设置。使用模块可以将puppet代码重用和共享。
模块的目录路径
默认路径:/etc/puppet/modules 或者使用modulepath变量设置路径
检查默认的module路径
- [root@master ~]# puppet --genconfig|grep modulepath
- modulepath = /etc/puppet/modules:/usr/share/puppet/modules
创建sudo模块对应目录
- [root@master ~]# mkdir -p /etc/puppet/modules/sudo/{files,templates,manifests}
- [root@master ~]# touch /etc/puppet/modules/sudo/manifests/init.pp
模块目录中的manifests目录包含有init.pp和其他配置文件,init.pp文件是模块配置的核心文件,每个模块都必须包含init.pp文件。files目录包含有用于传输的文件,比如应用的默认配置文件。Templates目录包含有模块可能会用到的配置文件的模板。
编辑init.pp文件,内容如下
- [root@master ~]# vim /etc/puppet/modules/sudo/manifests/init.pp
- class sudo {
- package {sudo:
- ensure=>present,
- }
- if $operatingsystem == "Ubuntu" {
- package {"sudo-ldap":
- ensure=>present,
- require=>Package["sudo"],
- }
- }
- file {"/etc/sudoers":
- owner=>"root",
- group=>"root",
- mode=>0440,
- source=>"puppet://$puppetserver/modules/sudo/etc/sudoers",
- require=>Package["sudo"],
- }
- }
在files目录中创建etc目录,并复制一份sudoer文件到该目录下
- [root@master ~]# mkdir -p /etc/puppet/modules/sudo/files/etc
- [root@master ~]# cp /etc/sudoers /etc/puppet/modules/sudo/files/etc/
编辑nodes.pp文件,将sudo模块应用到相应的节点
- [root@master ~]# vim /etc/puppet/manifests/nodes.pp
- node 'client1.centos' {
- include sudo
- }
当然在site.pp文件中需要包含node.pp文件,并设置$puppetserver变量
- [root@master ~]# vim /etc/puppet/manifests/site.pp
- import 'nodes.pp'
- $puppetserver="master.puppet"
应该刚刚只针对了client1.centos应用了sudo模块,所以需要到该节点上验证是否成功
- [root@client1 ~]# puppetd --server master.puppet --test
- notice: Ignoring --listen on onetime run
- info: Caching catalog for client1.centos
- info: Applying configuration version '1330047901'
- notice: /Stage[main]/Sudo/Package[sudo]/ensure: created
- notice: Finished catalog run in 26.30 seconds
- You have new mail in /var/spool/mail/root
将master上files目录下的sudoers文件稍作修改后,在client1.centos节点上再次验证
- [root@client1 ~]# puppetd --server master.puppet --test
- notice: Ignoring --listen on onetime run
- info: Caching catalog for client1.centos
- info: Applying configuration version '1330047901'
- notice: /Stage[main]/Sudo/File[/etc/sudoers]/ensure: defined content as '{md5}4093e52552d97099d003c645f15f9372'
- notice: Finished catalog run in 0.37 seconds
配置客户端自动运行的时间,客户端增加配置runinterval
- [agent]
- # The file in which puppetd stores a list of the classes
- # associated with the retrieved configuratiion. Can be loaded in
- # the separate ``puppet`` executable using the ``--loadclasses``
- # option.
- # The default value is '$confdir/classes.txt'.
- classfile = $vardir/classes.txt
- # Where puppetd caches the local configuration. An
- # extension indicating the cache format is added automatically.
- # The default value is '$confdir/localconfig'.
- localconfig = $vardir/localconfig
- server=master.puppet
- report=true
- listen=true
- runinterval=3600
Node的定义
相同功能的node可以一起定义
- node 'web1.example.com', 'web2.example.com', 'web3.example.com' { }
定义node也支持正则表达式
- node /^web\d+\.example\.com$/ { }
Base node是基本的node,每个节点都会应用的设置可以放在base里面
Node的定义支持继承
- node webserver inherits base {
- …
- }
- node 'web.example.com' inherits webserver {
- …
- }
二.SSH自动化管理
创建ssh模块相应的目录和文件
- [root@master ~]# mkdir -p /etc/puppet/modules/ssh/{manifests,templetes,files}
前面sudo模块的时候,所有相关的设置都是在init.pp文件中,但再SSH模块中我们尝试着将配置分为init.pp,install.pp,config.pp,service.pp,params.pp。
创建配置相应文件
- [root@master ~]# touch /etc/puppet/modules/ssh/manifests/{install.pp,config.pp,service.pp}
配置params.pp文件,该文件主要是配置模块的参数
- [root@master ~]# vim /etc/puppet/modules/ssh/manifests/params.pp
- class ssh::params {
- case $operatingsystem {
- Solaris: {
- $ssh_package_name ='openssh'
- $ssh_service_config='/etc/ssh/sshd_config'
- $ssh_service_name='sshd'
- }
- /(Ubuntu|Debian)/: {
- $ssh_package_name='openssh-server'
- $ssh_service_config='/etc/ssh/sshd_config'
- $ssh_service_name='sshd'
- }
- /(RedHat|CentOS|Fedora)/: {
- $ssh_package_name='openssh-server'
- $ssh_service_config='/etc/ssh/sshd_config'
- $ssh_service_name='sshd'
- }
- }
- }
编辑ssh模块的init.pp文件
- [root@master ~]# vim /etc/puppet/modules/ssh/manifests/init.pp
- class ssh{
- include ssh::params,ssh::install,ssh::config,ssh::service
- }
编辑install.pp
- [root@master ~]# vim /etc/puppet/modules/ssh/manifests/install.pp
- class ssh::install {
- package {"$ssh::params::ssh_package_name":
- ensure=>installed,
- }
- }
编辑config.pp
- [root@master ~]# vim /etc/puppet/modules/ssh/manifests/config.pp
- class ssh::config{
- file { $ssh::params::ssh_service_config:
- ensure=>present,
- owner=>'root',
- group=>'root',
- mode=>0600,
- source=>"puppet://$puppetserver/modules/ssh/sshd_config",
- require=>Class["ssh::install"],
- notify=>Class["ssh::service"],
- }
- }
Notify在这里是发出通知到对应的类,即如果ssh:config改变了,就notify通知ssh::service类。
编辑service.pp
- [root@master ~]# vim /etc/puppet/modules/ssh/manifests/service.pp
- class ssh::service{
- service{ $ssh::params::ssh_service_name:
- ensure=>running,
- hasstatus=>true,
- hasrestart=>true,
- enable=>true,
- require=>Class["ssh::config"],
- }
- }
设置hasstatus告诉puppet该服务支持status命令,即类似service sshd status
设置hasrestart告诉puppet该服务支持restart命令,即类似service sshd restart
复制默认的sshd_config文件到模块的files目录下
- [root@master ~]# cp /etc/ssh/sshd_config /etc/puppet/modules/ssh/files/
Ssh模块设置完成,下面是将该模块应用到节点上
编辑nodes.pp
- [root@master ~]# vim /etc/puppet/manifests/nodes.pp
- class base {
- include sudo,ssh
- }
- node 'client1.centos' {
- include base
- }
- node 'client2.centos' {
- include base
- }
到节点上验证配置是否正确
- [root@client1 ~]# puppetd --server master.puppet --test
- notice: Ignoring --listen on onetime run
- info: Caching catalog for client1.centos
- info: Applying configuration version '1330052716'
- --- /etc/ssh/sshd_config 2011-12-08 04:25:10.000000000 +0800
- +++ /tmp/puppet-file20120224-27947-1eierk0-0 2012-02-24 11:06:15.203891553 +0800
- @@ -1,3 +1,4 @@
- +# puppet auto configuration
- # $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $
- # This is the sshd server system-wide configuration file. See
- info: FileBucket adding {md5}853a26a0f4b8a7fc8529e45ed57fe67b
- info: /Stage[main]/Ssh::Config/File[/etc/ssh/sshd_config]: Filebucketed /etc/ssh/sshd_config to puppet with sum 853a26a0f4b8a7fc8529e45ed57fe67b
- notice: /Stage[main]/Ssh::Config/File[/etc/ssh/sshd_config]/content: content changed '{md5}853a26a0f4b8a7fc8529e45ed57fe67b' to '{md5}4a860a0861932b44d8af13e64d953b39'
- info: /Stage[main]/Ssh::Config/File[/etc/ssh/sshd_config]: Scheduling refresh of Service[sshd]
- notice: /Stage[main]/Ssh::Service/Service[sshd]: Triggered 'refresh' from 1 events
- notice: Finished catalog run in 0.81 seconds
|
|
|
QQ群⑧:
窥视卡
雷达卡
发表于 2018-8-3 09:15:23
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡