面向云管理工具puppet的部署和测试
系统环境:
<a href="http://blog.51cto.com/attachment/201304/210309284.jpg" target="_blank"></a>
[root@rhel6u3-102 puppet]# uname -r
2.6.32-279.el6.x86_64
[root@rhel6u3-102 puppet]# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 6.3 (Santiago)
一、前期准备工作
1、主机名能够互相解析(DNS上或者hosts文件中能够相互解析)
puppet master(rhel6u3-102.rsyslog.org 192.168.100.102)
puppet agent节点(rhel6u3-207.rsyslog.org 192.168.100.207)
2、系统时间必须一致
注意:本地已经下载好了安装包,并且配置好了yum源
二、安装puppet
服务器端master
yum install ruby ruby-libs ruby-shadow compat-readline5 libselinux-ruby augeas-libs
rpm -ivh facter-1.6.6-1.el6.x86_64.rpm puppet-2.6.18-3.el6.noarch.rpm puppet-server-2.6.18-3.el6.noarch.rpm ruby-augeas-0.4.1-1.el6.x86_64.rpm ruby-mysql-2.8.2-1.el6.x86_64.rpm ruby-shadow-1.4.1-13.el6.x86_64.rpm
客户端节点slave(无需puttet-master)
rpm -ivh facter-1.6.6-1.el6.x86_64.rpm puppet-2.6.18-3.el6.noarch.rpm ruby-augeas-0.4.1-1.el6.x86_64.rpm ruby-mysql-2.8.2-1.el6.x86_64.rpm ruby-shadow-1.4.1-13.el6.x86_64.rpm
三、初始化puppet master(rhel6u3-102.rsyslog.org)
配置文件路径/etc/puppet/
查看配置文件方法:
sed -e '/#/d' -e '/^$/d' puppet.conf
可通过以下命令生成一个更为详细的配置文件
#puppetmasterd --genconfig >puppet.conf.out
[root@rhel6u3-102 puppet]# sed -e '/#/d' -e '/^$/d' puppet.conf.out
[master]
ssldir = /var/lib/puppet/ssl
factdest = /var/lib/puppet/facts/
privatekeydir = /var/lib/puppet/ssl/private_keys
rundir = /var/run/puppet
hostcsr = /var/lib/puppet/ssl/csr_rhel6u3-102.rsyslog.org.pem
hostpubkey = /var/lib/puppet/ssl/public_keys/rhel6u3-102.rsyslog.org.pem
plugindest = /var/lib/puppet/lib
inventory_terminus = yaml
publickeydir = /var/lib/puppet/ssl/public_keys
factsource = puppet://puppet/facts/
privatedir = /var/lib/puppet/ssl/private
logdir = /var/log/puppet
libdir = /var/lib/puppet/lib
statedir = /var/lib/puppet/state
hostcert = /var/lib/puppet/ssl/certs/rhel6u3-102.rsyslog.org.pem
localcacert = /var/lib/puppet/ssl/certs/ca.pem
pluginsource = puppet://puppet/plugins
certdir = /var/lib/puppet/ssl/certs
factpath = /var/lib/puppet/lib/facter:/var/lib/puppet/facts
httplog = /var/log/puppet/http.log
requestdir = /var/lib/puppet/ssl/certificate_requests
passfile = /var/lib/puppet/ssl/private/password
hostprivkey = /var/lib/puppet/ssl/private_keys/rhel6u3-102.rsyslog.org.pem
hostcrl = /var/lib/puppet/ssl/crl.pem
authconfig = /etc/puppet/namespaceauth.conf
localconfig = /var/lib/puppet/state/localconfig
client_datadir = /var/lib/puppet/client_data
reportserver = puppet
inventory_server = puppet
ca_server = puppet
lastrunreport = /var/lib/puppet/state/last_run_report.yaml
node_name_value = rhel6u3-102.rsyslog.org
statefile = /var/lib/puppet/state/state.yaml
clientbucketdir = /var/lib/puppet/clientbucket
classfile = /var/lib/puppet/state/classes.txt
report_server = puppet
inventory_port = 8140
ca_port = 8140
puppetdlockfile = /var/lib/puppet/state/puppetdlock
splaylimit = 1800
clientyamldir = /var/lib/puppet/client_yaml
puppetdlog = /var/log/puppet/puppetd.log
report_port = 8140
lastrunfile = /var/lib/puppet/state/last_run_summary.yaml
graphdir = /var/lib/puppet/state/graphs
capub = /var/lib/puppet/ssl/ca/ca_pub.pem
csrdir = /var/lib/puppet/ssl/ca/requests
autosign = /etc/puppet/autosign.conf
cert_inventory = /var/lib/puppet/ssl/ca/inventory.txt
cacert = /var/lib/puppet/ssl/ca/ca_crt.pem
cacrl = /var/lib/puppet/ssl/ca/ca_crl.pem
signeddir = /var/lib/puppet/ssl/ca/signed
serial = /var/lib/puppet/ssl/ca/serial
ca_name = Puppet CA: rhel6u3-102.rsyslog.org
cakey = /var/lib/puppet/ssl/ca/ca_key.pem
caprivatedir = /var/lib/puppet/ssl/ca/private
capass = /var/lib/puppet/ssl/ca/private/ca.pass
cadir = /var/lib/puppet/ssl/ca
railslog = /var/log/puppet/rails.log
dblocation = /var/lib/puppet/state/clientconfigs.sqlite3
rest_authconfig = /etc/puppet/auth.conf
modulepath = /etc/puppet/modules:/usr/share/puppet/modules
yamldir = /var/lib/puppet/yaml
reportdir = /var/lib/puppet/reports
masterlog = /var/log/puppet/puppetmaster.log
server_datadir = /var/lib/puppet/server_data
config = /etc/puppet/puppet.conf
pidfile = /var/run/puppet/master.pid
manifestdir = /etc/puppet/manifests
masterhttplog = /var/log/puppet/masterhttp.log
bucketdir = /var/lib/puppet/bucket
fileserverconfig = /etc/puppet/fileserver.conf
manifest = /etc/puppet/manifests/site.pp
templatedir = /var/lib/puppet/templates
tagmap = /etc/puppet/tagmail.conf
archive_file_server = puppet
rrddir = /var/lib/puppet/rrd
rrdinterval = 1800
1、修改主配置文件 puppet.conf 插入master字段
vim /etc/puppet/puppet.conf
certname=rhel6u3-102.rsyslog.org \\设置puppet认证服务器主机名
2、创建节点全局配置文件site.pp,文件存在,服务才能够启动
# touch /etc/puppet/manifests/site.pp
3、启动puppetmaster服务
# /etc/rc.d/init.d/puppetmaster start
第一次测试或者调试的时候可以考虑以下方法
#puppet master --verbose --no-daemonize --debug
四、配置agent节点(rhel6u3-207.rsyslog.org)
1、配置第一个agent节点,在main标签中添加master的主机名
[main]
server=rhel6u3-102.rsyslog.org
2、启动agent服务
# /etc/rc.d/init.d/puppet start
# puppet agent --verbose –no-daemonize
五、配置puppet master 将搜索到的新节点进行注册
#puppet cert --list \\查看等待注册的节点
#puppet cert --sign rhel6u3-207.rsyslog.org \\注册指定节点
# puppet cert --sign all \\注册所有等待注册的节点
六、在puppet master创建一个puppet配置
1、创建第一个puppet配置
1)定义全局配置 site.pp文件,并创建import的目录
# vim /etc/puppet/manifests/site.pp
$puppetserver = 'rhel6u3-102.rsyslog.org'
import 'nodes/*'
#mkdir /etc/puppet/manifests/nodes -p
2)配置节点nodes.pp
# vim /etc/puppet/manifests/nodes/nodes.pp
node 'rhel6u3-207.rsyslog.org'{
include myfile
package { 'vim-enhanced': ensure => present }
}
#node /^rhel6u3-\d+\.rsyslog.org'{
# include myfile
#}
2、创建第一个puppet模块
1)创建模块搜索路径
modulepath=/etc/puppet/modules:/var/lib/puppet/modules:/usr/local/lib/puppet/modules
2)创建模块目录结构
# mkdir /etc/puppet/modules -p
#mkdir -vp /etc/puppet/modules/myfile/{files,templates,manifests}
manifests目录存放模块配置文件,files目录存放模块包含的文件,templates目录存
放模块中的模板
3)创建模块核心配置文件init.pp
vim /etc/puppet/modules/myfile/manifests/init.pp
class myfile {
package{ setup:
ensure => present,
}
file{ "/etc/myfile":
owner => "root",
group => "root",
mode => 644,
source => "puppet://$puppetserver/modules/myfile/files/etc/myfile",
require => Package["setup"],
配置基本结束,实现的结果如下:
1. 检查setup软件包是否安装,如未安装将安装它
2. 下载“Puppet Master”上的myfile文件放置到/etc目录下
4)创建同步的测试文件
# mkdir /etc/puppet/modules/myfile/files/etc -p
#echo "Hello Puppet" >/etc/puppet/modules/myfile/files/etc/myfile
5)客户端测试
[root@rhel6u3-207 puppet]# cat /etc/myfile
Hello Puppet
**客户端通过以下方式启动,然后我们使用前台方式运行并监控它,我们在里使用一个puppet参数—noop, 它代表我们只测试,并不真的运行并修改节点上的文件,--onetime参数是只执行一次然后退出的意思。
#puppet agent --server=rhel6u3-102.rsyslog.org --no-daemonize --verbose
--noop --onetime
# puppet agent --server=rhel6u3-102.rsyslog.org --no-daemonize --verbose --noop --onetime
info: Caching catalog for rhel6u3-207.rsyslog.org
info: Applying configuration version '1366705990'
notice: Finished catalog run in 0.20 seconds
6)默认客户端同步时间为30分钟,可以设置为5秒测试效果
vim /etc/puppet/puppet.conf 添加以下字段
[agent]
runinterval=5
测试方法:
服务器端
# date >>/etc/puppet/modules/myfile/files/etc/myfile
客户端
cat /etc/myfile
2013年 04月 23日 星期二 16:52:58 CST
本文转自凌激冰51CTO博客,原文链接:http://blog.51cto.com/dreamfire/1184796,如需转载请自行联系原作者
![高防服务器、高防IP与高防CDN的区别[图]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)