1、說明
可管理配置檔案、進行使用者管理、實作檔案分發(建議小檔案)、實作cron任務管理、實作分類管理用戶端、軟體安裝、服務管理、定時腳本、執行指令、實作目标用戶端執行腳本(前提是用戶端已經存在該腳本)
作業系統:
debian wheezy 7.2_64bit
Linux localhost 3.2.0-4-amd64 #1 SMP Debian 3.2.51-1 x86_64 GNU/Linux
線上安裝版本
ruby 1.9.3 \ facter 1.6.10 \ puppet2.7.23
源碼安裝版本
ruby-1.8.7-p374.tar.gz \ facter-1.7.4.tar.gz \
2、安裝
# apt-get install build-essential vim unzipntpdate
(1)伺服器端
# vim /etc/hostname //灰色标記的内容均為檔案内容
puppet.master.com
# vim /etc/hosts //沒有DNS時
192.168.24.8 puppet.master.com
192.168.24.14 web.agent1.com
192.168.24.15 dydg100.agent2.com
# apt-getinstall puppetmaster
(2)用戶端
# vim /etc/hostname
web.agent1.com
# apt-getinstall puppet
# vim /etc/default/puppet
START=yes
(3)版本資訊
# ruby -v
ruby 1.9.3p194 (2012-04-20 revision 35410)[x86_64-linux]
# whereis ruby
ruby: /usr/bin/ruby1.8 /usr/bin/ruby/usr/lib/ruby /usr/share/man/man1/ruby.1.gz
# facter -v
1.6.10
# whereis facter
facter: /usr/bin/facter/usr/share/man/man8/facter.8.gz
# puppet -V
2.7.23
# whereis puppet
puppet: /usr/bin/puppet /etc/puppet/usr/share/man/man8/puppet.8.gz
(1)安裝openssl
# tarzxvf openssl-1.0.1.tar.gz
# cdopenssl-1.0.1
#./config -fPIC --prefix=/usr/local/openssl enable-shared
# make&& make install
(2)安裝Ruby
### 下載下傳頁面:http://cache.ruby-lang.org/pub/ruby/
# wget http://cache.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-p374.tar.gz
# tarzxvf ruby-1.8.7-p374.tar.gz
# cd ruby-1.8.7-p374
#./configure
# cd ruby-1.8.7-p374/ext/openssl
# rubyextconf.rb –with-openssl-dir=/usr/local/openssl \
--with-openssl-include=/usr/local/openssl/include\
--with-openssl-lib=/usr/local/openssl/lib
# make&& make install //否則安裝puppet時報錯:Could not load openssl; cannotinstall
# whereisruby // ruby: /usr/local/bin/ruby/usr/local/lib/ruby
# ruby -v // ruby 1.8.7 (2013-06-27 patchlevel374) [x86_64-linux]
# ruby-ropenssl -e "puts :yep" //輸出 yep 說明Ruby所依賴的OpenSSL 庫無問題
### 備注:ruby中文網址:https://www.ruby-lang.org/zh_cn/downloads/
(3)安裝Facter
### 下載下傳頁面:http://puppetlabs.com/misc/download-options
# wgethttp://downloads.puppetlabs.com/facter/facter-1.7.4.tar.gz
# tarzxvf facter-1.7.4.tar.gz
# cdfacter-1.7.4
# rubyinstall.rb
# whereisfacter // facter:/usr/local/bin/facter
# facter -v // 1.7.4
(4)安裝Puppet
# wget http://downloads.puppetlabs.com/puppet/puppet-3.4.2.tar.gz
# tarzxvf puppet-3.4.2.tar.gz
# cdpuppet-3.4.2
3、配置
1、puppet.conf
# vim /etc/puppet/puppet.conf
# 預設配置暫時沒有做修改
2、啟動
# /etc/init.d/puppetmaster start
[main]
logdir=/var/log/puppet
vardir=/var/lib/puppet
ssldir=/var/lib/puppet/ssl
rundir=/var/run/puppet
factpath=$vardir/lib/facter
templatedir=$confdir/templates
prerun_command=/etc/puppet/etckeeper-commit-pre
postrun_command=/etc/puppet/etckeeper-commit-post
[master]
# These are needed when the puppetmaster is run bypassenger
# and can safely be removed if webrick is used.
ssl_client_header = SSL_CLIENT_S_DN
ssl_client_verify_header = SSL_CLIENT_VERIFY
[agent]
server = puppet.master.com //配置伺服器端主機名
2、puppet
//以下解決啟動報: puppet notconfigured to start, please edit /etc/default/puppet to enable
3、啟動用戶端
# /etc/init.d/puppet start
(1)用戶端注冊請求
# puppet agent --test
(2)服務端檢視注冊請求
# puppet cert list --all
(3)服務端受理注冊請求
# puppet cert sign web.agent1.com
(4)用戶端确認注冊是否成功
info: Caching catalog for web.agent1.com
info: Applying configuration version '1392266761'
notice: Finished catalog run in 0.03 seconds
(5)啟動伺服器端和用戶端
###用戶端
# /etc/init.d/puppet stop
# rm -rf /var/lib/puppet
### 伺服器端
# puppet cert clean web.agent1.com //删除用戶端認證
# puppet cert list --all //服務端檢視注冊請求
### 用戶端
# puppetd --server puppet.master.com --test //重新生成認證
info: Applying configuration version '1392265820'
# puppet cert list --all //檢視所有用戶端的請求(有+号的代表已經簽好證書可以通信,沒有加号的代表尚未簽好證書。
"web.agent1.com" //若沒有加号,沒有簽好證書,需要重新認證
# puppet cert sign web.agent1.com //受理注冊請求,完成認證
//測試是否正常
# puppet agent --test --noop --server puppet.master.com
info: Applying configuration version '1392266401'
(1)在服務端
#vim /etc/puppet/puppet.conf
autosign = /etc/puppet/autosign.com
#vim /etc/puppet/autosign.conf
game.agent2.com
#puppet agent --test --noop --server puppet.master.com
4、使用者組資源
# puppet -V 2.7.23
#tree puppet
puppet
├── auth.conf
├── etckeeper-commit-post
├── etckeeper-commit-pre
├── fileserver.conf
├── manifests
│ ├── modules.pp
│ ├── nodes
│ │ ├── gameapp
│ │ │ └── agent2.pp
│ │ ├── gamedb
│ │ │ └── agent1.pp
│ │ └── site.pp
│ └── site.pp
├── modules
│ └── users
│ ├── file
│ ├── manifests
│ │ ├── addgroup.pp
│ │ ├── adduser.pp
│ │ └── init.pp
│ └── templates
│ ├── laowafang_authorized_keys.erb
│ ├── dada_authorized_keys.erb
│ ├── zhiban1_authorized_keys.erb
│ └── zw_authorized_keys.erb
├── puppet.conf
└── templates
# cd /etc/puppet/modules
# mkdir -p user/{manifests,templates,files}
# touch user/manifests/init.pp
# touch user/manifests/addgroup.pp
# touch user/manifests/adduser.pp
(1)init.pp内容,入口程式,必須建立
# cat /etc/puppet/modules/users/manifests/init.pp
class users {
include users
}
(2)addgroup.pp建立使用者組用“定義”資源容器
# cat /etc/puppet/modules/users/manifests/addgroup.pp
define users::addgroup ($groupname='')
{
includeusers
group
{ $groupname:
ensure => present,
}
(3)adduser.pp建立使用者
# cat # cat /etc/puppet/modules/users/manifests/adduser.pp
define users::adduser ($username='', $useruid='',$userhome='', $usershell='/bin/bash', $groupid)
user
{ $username:
ensure => present,
uid => $useruid,
shell=> $usershell,
gid=> $groupid,
home =>"/home/$userhome",
}
file
{ "/home/$userhome":
owner => $useruid,
group => $useruid,
mode => 700,
ensure => directory;
{ "/home/$userhome/.ssh":
ensure => directory,
require=> File["/home/$userhome"];
{ "/home/$userhome/.ssh/authorized_keys":
mode => 600,
content=> template("users/${userhome}_authorized_keys.erb"),
require=> File["/home/$userhome/.ssh"];
(4)templates下*.erb檔案為sshKey檔案
1、建立對應節點所需檔案
# mkdir -p /etc/puppet/manifests/nodes/gamedb
# mkdir -p /etc/puppet/manifests/nodes/gameapp
# touch /etc/puppet/manifests/modules.pp
# touch /etc/puppet/manifests/site.pp
# touch /etc/puppet/manifests/nodes/site.pp
# touch /etc/puppet/manifests/nodes/gamedb/agent1.pp
# touch /etc/puppet/manifests/nodes/gameapp/agent2.pp
2、檔案内容清單
(1)modules.pp
# cat /etc/puppet/manifests/modules.pp
import "users"
(2)site.pp
# cat /etc/puppet/manifests/site.pp
import "nodes/site.pp"
import "modules.pp"
#user { 'zw': //注釋的是測試删除所有節點使用者用的
# ensure=> absent,
#}
#user { 'laowafang':
(3)site.pp
# cat /etc/puppet/manifests/nodes/site.pp
import "gamedb/agent1.pp"
import "gameapp/agent2.pp"
(4)agent1.pp
# cat /etc/puppet/manifests/nodes/gamedb/agent1.pp
node "web.agent1.com" {
users::addgroup { 'allgroup':
groupname => [ 'yanfa', 'ywsa', 'ywdba', 'zhiban' ]
users::adduser { 'zw':
username => 'zw',
useruid=> 1000,
userhome => 'zw',
groupid=> 'ywsa',
users::adduser { 'laowafang':
username => 'laowafang',
useruid=> 1001,
userhome=> 'laowafang',
groupid=> 'ywdba',
(5)agent2.pp
# cat /etc/puppet/manifests/nodes/gameapp/agent2.pp
node "dydg100.agent2.com" {
groupname => [ 'ywsa', 'ywdba', 'yanfa', 'zhiban' ]
users::adduser { 'dada':
username => 'dada',
useruid => 1001,
userhome => 'dada',
groupid=> 'yanfa',
users::adduser { 'zhiban1':
username => 'zhiban1',
useruid=> 1002,
userhome => 'zhiban1',
groupid=> 'zhiban',
### 兩個用戶端分别測試
# puppetagent --test --noop --server puppet.master.com //進行檢查
info: Applying configuration version'1393300345'
……省略
notice: Finished catalog run in 0.10seconds
#puppet agent --test --server puppet.master.com //真正建立
5、常用操作
# puppet parser validate adduser.pp //檢查文法
# puppet master --genconfig |grepmodulepath //檢查對應配置檔案路徑
# puppet module list //檢視已安裝的子產品
### 剛學習到此,主要是摸清楚了軟體目錄結構和運作流程,其中沒有詳細的解釋說明,基本都是實際操作,大家可以另行檢視其他說明,推薦圖書:劉宇的《puppet實戰》,高永超翻譯的《精通puppet配置管理工具》。有時間繼續補上其他的……
![htop - Linux下的程序檢視器[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)