192.168.6.226 为服务端
192.168.6.223 为客户端
1,puppet 安装
服务端
关闭selinux iptables
添加hosts
Vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4localhost4.localdomain4 web10
::1 localhost localhost.localdomainlocalhost6 localhost6.localdomain6 web10
127.0.0.1 www.test1.com www.aaa.com www.test.com
192.168.6.223 web9.aming.com
192.168.6.226 web10.aming.com
Vim /etc/sysconfig/network
Hostname web10.aming.com
Yum install puppetmaster –y
启动puppetmaster
提示错误需要在hosts里加入主机名
Starting puppetmaster:dnsdomainname: Unknown host
dnsdomainname: Unknown host
ps aux|grep puppet
puppet 31418 3.9 8.4 142812 42328 ? Ssl 17:07 0:01 /usr/bin/ruby/usr/sbin/puppetmasterd
端口号8140
客户端
Vim /etc/hosts
192.168.6.226 web10.aming.com
192.168.6.223 web9.aming.com
Vim /etc/sysconfig/network
Hostname web9.aming.com
按装puppet
Yum install puppet –y
/etc/init.d/puppet start
在客户端上添加配置
Vim /etc/puppet/puppet.conf
Listen = true
Server = web9.aming.com
runinterval = 30
puppet 应用
注册ca
Puppet agent –test –server web10.aming.com(注册命令)
Info: csr_attributes file loading from/etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificaterequest for web10.aming.com
Info: Certificate Request fingerprint(SHA256):DD:17:9F:11:4B:01:77:32:8F:38:22:9C:48:51:35:57:8D:EB:F3:94:1B:52:8F:CA:CA:53:53:FE:A6:EC:B9:4C
Exiting; no certificate found andwaitforcert is disabled
提示以上内容注册成功
Puppet cert list –all 查看ca
+ "web10.aming.com" (SHA256)6A:2E:1D:77:8F:64:BA:39:63:B9:5A:1F:B0:60:66:8E:27:68:60:52:D5:53:FE:D2:9F:68:41:05:A7:64:16:16
+ "web9.aming.com" (SHA256) BD:8F:D1:6E:52:ED:D2:08:DC:4D:DE:A2:D1:23:21:08:1A:69:FA:15:39:4F:8A:37:10:65:5D:ED:00:B5:59:C6(alt names: "DNS:puppet", "DNS:puppet.aming.com","DNS:web9.aming.com")
看到有+号的情况,提示已经加入到服务器的ca列表
如果没有出现+号则使用
puppet cert --sign web10.aming.com
测试
在服务端建立新文件site.pp
vim /etc/puppet/manifests/site.pp
node default {
file {
"/tmp/123.txt": content =>"test,test";
}
}
保存后
在客户端输入
Puppet –test –server web9.aming.com
后再/tmp下出现123.txt
Info: Caching certificate forweb10.aming.com
Info: Caching certificate_revocation_listfor ca
Info: Caching certificate forweb10.aming.com
Notice: Ignoring --listen on onetime run
Warning: Unable to fetch my nodedefinition, but the agent run will continue:
Warning: undefined method `include?' fornil:NilClass
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Info: Caching catalog for web10.aming.com
Info: Applying configuration version'1456399416'
Notice:/Stage[main]/Main/Node[default]/File[/tmp/123.txt]/ensure: defined content as'{md5}c175a2c7aefdba02f99b8a5b019b18cb'
Info: Creating state file/var/lib/puppet/state/state.yaml
自动认证
客户端
/etc/init.d/puppet stop
Rm –rf /var/lib/puppet/ssl/*
服务端
Puppet cert clean –all
Vim /etc/puppet/puppet.conf
加入一条
Autosign = true
Vim /etc/puppet/autosign.conf
*.aming.com
启动puppetmaster
/etc/init.d/puppetmaster start
启动puppet 客户端
/etc/init.d/puppet start
模块示例
首先编辑在/etc/puppet/modules/创建一个自定义模块testm
在创建cd testm
mkdir -pv {files,manifests,templates}
cd files
echo sdfasfaasfaming.com>aming.txt
vim manifests/init.pp
class testm{
file {"/tmp/aming.txt":
owner => "root",
group => "root",
mode => 0400,
source => "puppet://$puppetserver/modules/testm/aming.txt"
} }
Vim manifests/site.pp
$puppet='web9.aming.com'
node 'web10' {
include testm
}
Web10 为通过查看puppet cert list–all 里的文件得出的
Tail –F /var/log/message
Feb 26 02:03:06 localhostpuppet-agent[59793]: (/Stage[main]/Testm/File[/tmp/aming.txt]/ensure) definedcontent as '{md5}a3a6d94ec56c9a449377625873340f10'
Feb 26 02:03:06 localhostpuppet-agent[59793]: Finished catalog run in 0.37 seconds
提示以上内容成功
做目录资源
cd testm/files
vim manifests/init.pp
class testm{
file {"/tmp/aming.txt":
owner => "root",
group => "root",
mode => 0400,
source => "puppet://$puppetserver/modules/testm/aming.txt"
} }
class nginx {
file {"/usr/local/nginx":
owner => "root",
group => "root",
source => "puppet://$puppetserver/modules/testm/nginx",
recurse => true,
purge => true #支持删除操作
}
}
~ Vimmanifests/site.pp
$puppet='web9.aming.com'
node 'web10' {
include testm
include nginx
}
查看日志
Tail –F /var/log/message
Feb 26 02:29:31 localhostpuppet-agent[23849]:(/Stage[main]/Nginx/File[/usr/local/nginx/sbin/nginx.old]/ensure) definedcontent as '{md5}347341e105e668ea6220cbaa09dd6e7d'
Feb 26 02:29:31 localhostpuppet-agent[23849]: (/Stage[main]/Nginx/File[/usr/local/nginx/conf/win-utf]/ensure)defined content as '{md5}3749ffe19bedd842eb87e83d544e5ce6'
Feb 26 02:29:31 localhostpuppet-agent[23849]:(/Stage[main]/Nginx/File[/usr/local/nginx/conf/mime.types.default]/ensure)defined content as '{md5}bd837e7b34f5c9b8d89957d0527f0d44'
Feb 26 02:29:31 localhostpuppet-agent[23849]:(/Stage[main]/Nginx/File[/usr/local/nginx/conf/uwsgi_params]/ensure) definedcontent as '{md5}2aaaf1e3535752e74d2942db8b3632cb'
Feb 26 02:29:31 localhostpuppet-agent[23849]: (/Stage[main]/Nginx/File[/usr/local/nginx/conf/fastcgi.conf]/ensure)defined content as '{md5}c53b8ddf4250e742594d24c55e73c0df'
Feb 26 02:29:31 localhostpuppet-agent[23849]:(/Stage[main]/Nginx/File[/usr/local/nginx/conf/nginx.conf]/ensure) definedcontent as '{md5}a79bb7bb340a80057bce4772935548f0'
Feb 26 02:29:31 localhostpuppet-agent[23849]:(/Stage[main]/Nginx/File[/usr/local/nginx/conf/scgi_params]/ensure) definedcontent as '{md5}e9fd19c7d1f0cecbd46b3cb041ae19c7'
Feb 26 02:29:31 localhostpuppet-agent[23849]:(/Stage[main]/Nginx/File[/usr/local/nginx/html/50x.html]/ensure) definedcontent as '{md5}d74f9cdd604653c22c6752c46fffd587'
Feb 26 02:29:31 localhostpuppet-agent[23849]: (/Stage[main]/Nginx/File[/usr/local/nginx/uwsgi_temp]/ensure)created
Feb 26 02:29:32 localhostpuppet-agent[23849]:(/Stage[main]/Nginx/File[/usr/local/nginx/logs/access.log]/ensure) definedcontent as '{md5}68a546f08e828ad73f7a37860fe977fd'
提示以上内容成功
远程执行命令
cd testm/files
vim manifests/init.pp
class nginx {
file {"/usr/local/nginx":
owner => "root",
group => "root",
source => "puppet://$puppetserver/modules/testm/nginx",
recurse => true,
purge => true
}
exec {"123":
unless => "test -f/tmp/aminglinux.txt",
path => ["/bin","/sbin","/usr/bin","/usr/sbin"],
command => "touch /tmp/aminglinux.txt"
}
}
unless => "test -f/tmp/aminglinux.txt" 当文件不存在时可以创建
onlyif => "test -f/tmp/aminglinux.txt" 当问及存在是创建
cron模块
cd testm/files
vim manifests/init.pp
class nginx {
file{"/usr/local/nginx":
owner => "root",
group => "root",
source => "puppet://$puppetserver/modules/testm/nginx",
recurse => true,
purge => true
}
exec {"123":
unless => "test -f /tmp/aminglinux.txt",
path =>["/bin","/sbin","/usr/bin","/usr/sbin"],
command => "touch /tmp/aminglinux.txt"
}
cron{"aming1":
command => "/sbin/ntpdate time.windows.com",
user => "root",
minute => "*/10",
#ensure => "absent" 是否清除命令
}
}
说明:分时日月周分别对应Puppet里面的minute,hour,monthday,month,weekday,ensure设置为absent为删除该任务,如果不设置改行则为建立