<b>一. </b><b>Puppet</b><b>介紹</b><b></b>
<b></b>
<b></b><b></b>
Puppet是開源的自動化配置和部署工具,與cfengine相比,Puppet的文法更簡單;對管理者屏蔽了底層的具體操作步驟,可以支援多種系統Linux,freebsd等等,并且Puppet的代碼是可以分享和重用的,避免了重複勞動同時彌補了腳本無法重用的缺陷。
<b>二. </b><b>Puppet</b><b>工作原理</b>
<a href="http://blog.51cto.com/attachment/201204/120502557.jpg" target="_blank"></a>
<b>工作原理如下:</b>
1. 用戶端puppetd調用facter,facter探測出主機的變量資訊并且将這些資訊通過ssl連接配接發送到伺服器端
2. 伺服器端puppetmaster檢測用戶端的主機名,然後找到manifest中對應的node配置,進行解析生成僞代碼,并将僞代碼發送給用戶端
3. 用戶端接受到僞代碼并執行,将執行結果傳回給伺服器
4. 伺服器把用戶端的執行結果寫入日志
Puppet使用的端口:8140,443,61613 防火牆需要開放這幾個端口
<b>三. </b><b>測試環境搭建</b>
<b></b><b>測試環境清單:</b>
Client1.centos
192.168.2.101
Client2.centos
192.168.2.102
Client3.freebsd
192.168.2.99
Master.puppet
192.168.2.98
Puppet需要和DNS結合,這裡測試是寫hosts檔案
伺服器端安裝puppet-server,可以使用yum安裝或者源碼包編譯安裝
[root@localhost ~]# yum install puppet-server
啟動puppetmaster服務:
[root@localhost puppet]# /usr/sbin/puppetmasterd start
[root@localhost puppet]# netstat -antup
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:57771 0.0.0.0:* LISTEN 1699/rpc.statd
tcp 0 0 0.0.0.0:8140 0.0.0.0:* LISTEN 15415/ruby
重新開機puppetmaster服務和将puppetmaster設定為自動啟動
[root@localhost puppet]# service puppetmaster restart
[root@master ~]# chkconfig --level 345 puppetmaster on
Centos用戶端安裝,使用EPEL源,直接yum安裝puppet用戶端
[root@client1~]#rpm -ivh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-5.noarch.rpm
[root@localhost ~]# yum install puppet
FreeBSD用戶端的安裝
[root@nagios ~]# whereis puppet
puppet: /usr/ports/sysutils/puppet
[root@nagios ~]# cd /usr/ports/sysutils/puppet
[root@nagios /usr/ports/sysutils/puppet]# make install clean
[root@nagios ~]# vim /etc/rc.conf
puppet_enable="YES"
[root@nagios ~]# cd /usr/local/etc/puppet/
[root@nagios /usr/local/etc/puppet]# cp auth.conf-dist auth.conf
[root@nagios /usr/local/etc/puppet]# cp puppet.conf-dist puppet.conf
[root@nagios ~]# vi puppet.conf
[root@nagios ~]# /usr/local/etc/rc.d/puppet start
用戶端的設定
[root@client1 ~]# vim /etc/sysconfig/puppet
# The puppetmaster server
PUPPET_SERVER=Master.puppet
# If you wish to specify the port to connect to do so here
PUPPET_PORT=8140
# Where to log to. Specify syslog to send log messages to the system log.
PUPPET_LOG=/var/log/puppet/puppet.log
# You may specify other parameters to the puppet client here
PUPPET_EXTRA_OPTS=--waitforcert=500
重新開機用戶端服務并加入自動啟動
[root@master ~]# service puppet start
[root@client1 ~]# chkconfig --level 345 puppet on
檢視需要認證的用戶端
[root@master ~]# puppetca --list
client1.centos (CD:3E:E5:F0:6A:0B:8B:52:B2:54:C7:AB:09:E7:E3:A1)
client2.centos (F3:DF:25:77:7F:DF:37:5B:2B:18:EE:DC:7A:A6:F5:CA)
client3.freebsd (C4:93:76:65:49:34:18:FC:C7:68:9B:FD:02:D3:5F:CF)
認證所有的用戶端
[root@master ~]# puppetca -s -a
認證某一台用戶端
[root@master ~]# puppetca --sign client1.centos
notice: Signed certificate request for client1.centos
notice: Removing file Puppet::SSL::CertificateRequest client1.centos at '/var/lib/puppet/ssl/ca/requests/client1.centos.pem'
用戶端連接配接測試
[root@client1 ~]# puppetd --test --server master.puppet
info: Caching catalog for client1.centos
info: Applying configuration version '1329891537'
notice: Finished catalog run in 0.01 seconds
解決RDoc::usage問題
[root@master ~]# puppetca --help
No help available unless you have RDoc::usage installed
[root@master ~]# yum install ruby-rdoc
安裝ruby-rdoc後恢複
本文轉自 waydee 51CTO部落格,原文連結:http://blog.51cto.com/waydee/847112,如需轉載請自行聯系原作者