一:Puppet是一个自动化配置管理工具,最常用在C/S架构中。
puppet的语法允许你创建一个单独脚本,用来在目标主机上建立一个用户,所有目标主机会依次使用适合本地系统的语法来解释和执行这个模块。如果是在redhat中执行,则使用的是useradd命令;若在FreeBSD中,则使用adduser命令。再者puppet有很好的灵活性。
二:安装准备:
两台centos5.5 32位机器
主机IP及主机名
172.16.100.10 server.tech10.com
172.16.100.11 slave.tech11.com
facter: http://puppetlabs.com/downloads/facter/facter-1.5.9.tar.g
puppet: http://puppetlabs.com/downloads/puppet/puppet-2.6.3.tar.gz
三:安装步骤
1:rpm -Uvh http://dl.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm
yum install mysql mysql-devel mysql-server ruby ruby-devel ruby-irb ruby-mysql ruby-rdoc ruby-ri
查看下ruby的版本,版本是1.8.5
安装facter及puppet
tar zxvf facter-1.5.9
cd facter-1.5.9
ruby install.rb
tar zxvf puppet-2.6.3.tar.gz
cd puppet-2.6.3
ruby install.rb
以上步骤均在两台机器上执行
2:server端配置
a.拷贝源文件
mkdir /etc/puppet
cp conf/auth.conf /etc/puppet
cp conf/redhat/fileserver.conf /etc/puppet
cp conf/redhat/puppet.conf /etc/puppet
cp conf/redhat/server.init /etc/init.d/puppetmaster
chmod +x /etc/init.d/puppetmaster
chkconfig puppetmaster on
mkdir -p /etc/puppet/manifests
b.创建puppet帐号
groupadd puppet
useradd -g puppet puppet
puppetmasterd --mkusers
c.建立相应的目录
mkdir /var/lib/puppet /rrd
chown puppet.puppet /var/lib/puppet/rrd
d.启动服务
/etc/init.d/puppetmaster restart
第一次启动时会创建所需文件,包括证书文件等
3:slave端配置
a.复制文件
mkdir /etc/puppet
cp conf/auth.conf /etc/puppet
cp conf/namespaceauth.conf /etc/puppet
cp conf/redhat/puppet.conf /etc/puppet
cp conf/redhat/client.init /etc/init.d/puppet
chmod +x /etc/init.d/puppet
chkconfig --add puppet
chkconfig puppet on
b.创建puppet帐号
groupadd puppet
useradd -g puppet puppet
puppetd --mkusers
c.建立puppet目录
mkdir -p /var/lib/puppet/rrd
chown puppet.puppet /var/lib/puppet/rrd
d.启动服务
/etc/init.d/puppet restart
e.向server端发送请求命令
puppetd --test --server server.tech10.com
我到这一步时,总是提示err: Could not retrieve catalog from remote server: certificate verify failed,后来在谷歌上找到解决方法。删除客户端/var/lib/puppet/ssl目录下的文件,再次执行正常
f.server端用如下命令接受请求
puppetca -s -a
g.slave端再次发认证请求
puppetd -test -server server.tech10.com
四.puppet的简单应用
在服务器端的/etc/puppet/manifests下建立site.pp文件,在文件/tmp/andrew.txt内容及权限推送过去
node default {
file {"/tmp/andrew.txt":
content => "hello,My Name is Jone!\n",
ensure => present,
mode => 644,
owner => root,
group => root,
}
}
present,意思是会检查该文件是否存在,如果不存在,就新建该文件
客户及执行如下
puppetd --test --server server.tech10.com
info: Caching catalog for tech1
info: Applying configuration version '1348711982'
--- /tmp/andrew.txt 2012-09-27 10:11:18.000000000 +0800
+++ /tmp/puppet-file.10084.0 2012-09-27 10:13:03.000000000 +0800
@@ -1 +1,2 @@
-hello,My Name is Jone!\n
\ No newline at end of file
+hello,My Name is Jone!
+hello
\ No newline at end of file
info: FileBucket adding /tmp/andrew.txt as {md5}0578dc72120af9d1ff2ccc6261516d6e
info: /Stage[main]//Node[default]/File[/tmp/andrew.txt]: Filebucketed /tmp/andrew.txt to puppet with sum 0578dc72120af9d1ff2ccc6261516d6e
notice: /Stage[main]//Node[default]/File[/tmp/andrew.txt]/content: content changed '{md5}0578dc72120af9d1ff2ccc6261516d6e' to '{md5}23d258c42f96b5af34aae4c959995798'
notice: Finished catalog run in 0.09 seconds
这是已存在的,在原有基础上发生了改动。
修改完site.pp文件,要执行/etc/init.d/puppetmaster重启服务