http://www.puppetlabs.com
Puppet is the leading open source platform for IT systems management
Choose a Package Source http://yum.puppetlabs.com/
# rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-7.noarch.rpm # lokkit --disabled --selinux=disabled
Install the Puppet Master
yum install puppet-server -y service puppetmaster start chkconfig puppetmaster on
Install Puppet on Agent Nodes
yum install puppet -y service puppet start chkconfig puppet on
cat >> /etc/hosts <<EOD 172.16.0.1 puppet.mydomain.com puppet 172.16.0.20 www.mydomain.com www 172.16.0.21 images.mydomain.com images EOD
Node: 服务端进行认证
puppetd --test --server puppet
认证所有的客户端
puppetca -s -a
或者认证某一台客户端
puppetca -l puppetca -sign www.mydomain.com
vim /etc/puppet/manifests/site.pp node default { file { "/tmp/puppettest1.txt": content => "hello,first puppet manifest"; } }
# puppetd --test --server puppet info: Caching catalog for www.mydomain.com info: Applying configuration version '1351280410' notice: /Stage[main]//Node[default]/File[/tmp/puppettest1.txt]/ensure: defined content as '{md5}886609dedc5c8a0c58f3aa8d566175cc' info: Creating state file /var/lib/puppet/state/state.yaml notice: Finished catalog run in 0.06 seconds
# cat /tmp/puppettest1.txt hello,first puppet manifest
# The puppetmaster server #PUPPET_SERVER=puppet # If you wish to specify the port to connect to do so here #PUPPET_PORT=8140 # Where to log to. Specify syslog to send log messages to the system log. #PUPPET_LOG=/var/log/puppet/puppet.log # You may specify other parameters to the puppet client here #PUPPET_EXTRA_OPTS=--waitforcert=500
# cat /etc/puppet/fileserver.conf # This file consists of arbitrarily named sections/modules # defining where files are served from and to whom # Define a section 'files' # Adapt the allow/deny settings to your needs. Order # for allow/deny does not matter, allow always takes precedence # over deny # [files] # path /var/lib/puppet/files # allow *.example.com # deny *.evil.example.com # allow 192.168.0.0/24 # [files] path /var/lib/puppet/files allow *
http://docs.puppetlabs.com/learning/
default 针对所有节点
node default { file { "/tmp/helloworld.txt": content => "hello, world"; } }
# cat /etc/puppet/manifests/site.pp node default { file { "/tmp/puppettest1.txt": content => "hello,first puppet manifest"; } }
指定节点
# cat /etc/puppet/manifests/test.pp node www { file { "/var/www/index.html": source => "/tmp/something", mode => 666; } }
多个节点
node 'www','images' { ... ... }
file { "/var/www/my/file": source => "/path/in/nfs/or/something", mode => 666 }
ensure => absent; #absent是检测文件是否存在,如果存在则删除 ensure => present; #present正好相反,如果不存在则创建 ensure => directory; #创建一个目录的方法 force = > true; 删除一个目录必须加上这个参数 source => "PATH"; 指定数据来源 backup => ".bak_$uptime_seconds"; 覆盖前备份文件
source 表示 agent节点上的目录
node www { file { "/var/www": owner => "nginx", group => "nginx", mode => 700, ensure => directory; } file { "/var/www/index.html": source => "/tmp/something", mode => 666; } }
从master上获取文件
fileserver.conf 配置如下
[files] path /var/lib/puppet/files allow *
site.pp配置如下
file { "/tmp/test.txt": source => "puppet://puppet.example.com/files/test.txt", }
此处的files为fileserver.conf中定义模块
present, installed 安装包 absent,pureged 卸载包
# start package { "dnsmasq": ensure => installed; } file { "/etc/resolv.conf": require => Service["dnsmasq"], content => "nameserver 127.0.0.1\n"; } service { "dnsmasq": ensure => running, pattern => "dnsmasq" , require => Package["dnsmasq"]; } # end
package { "httpd": ensure => installed; 安装httpd,或用present也表示安装 ["vim","vsftpd"]: ensure=>absent; 删除vim 和vsftpd软件,使用pureged表示彻底删除软件 }
exec { "creates file": cwd => "/tmp", #指定命令执行的目录。如果目录不存在,则命令执行失败。 command => "/bin/echo helloworld > /tmp/hello.txt", user => "root", path => "/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin"; #命令执行的搜索路径。如果path没有被定义,命令需要使用绝对路径。 }
exec { “/srv/puppet/shell/test.sh”: cwd => “/srv/puppet”, timeout => 7200, logoutput => on_failure, user => root, path => ["/sbin", "/usr/sbin", "/usr/local/sbin", "/usr/local/bin", "/usr/bin", "/bin", "/usr/local/java/jre/bin"], require => File["/srv/puppet/shell/test.sh"] }
$ git clone http://github.com/example42/puppet-modules.git mv puppet-modules /etc/puppet/modules # vi /etc/puppet/puppet.conf ... [master] modulepath = /etc/puppet/modules # /etc/init.d/puppetmaster restart
vi /etc/puppet/manifests/node.pp node 'web.example.com' { include apache include php include php::pear include php::apc php::module { mysql: } php::module { curl: } php::module { gd: } php::module { idn: } php::module { imagick: } php::module { imap: } php::module { mcrypt: } php::module { ming: } php::module { ps: } php::module { pspell: } php::module { recode: } php::module { snmp: } php::module { tidy: } php::module { xmlrpc: } php::module { xsl: } php::module { ldap: } include mysql }
puppet agent --test --server=puppet.example.com
-A INPUT -p tcp -m state --state NEW --dport 8140 -j ACCEPT
puppetmasterd --debug --daemonize --verbose
puppetd --test --trace --debug
# puppetd --test --trace --debug debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/dscl does not exist debug: Puppet::Type::User::ProviderUser_role_add: file roledel does not exist debug: Puppet::Type::User::ProviderPw: file pw does not exist debug: Puppet::Type::User::ProviderLdap: true value when expecting false debug: Failed to load library 'rubygems' for feature 'rubygems' debug: Puppet::Type::File::ProviderMicrosoft_windows: feature microsoft_windows is missing debug: Failed to load library 'ldap' for feature 'ldap' debug: /File[/var/lib/puppet/state/state.yaml]: Autorequiring File[/var/lib/puppet/state] debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/ssl/public_keys/info.com.pem]: Autorequiring File[/var/lib/puppet/ssl/public_keys] debug: /File[/var/lib/puppet/ssl]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/ssl/certificate_requests]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/etc/puppet/puppet.conf]: Autorequiring File[/etc/puppet] debug: /File[/var/lib/puppet/ssl/certs]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/clientbucket]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/ssl/certs/ca.pem]: Autorequiring File[/var/lib/puppet/ssl/certs] debug: /File[/var/lib/puppet/ssl/private]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/ssl/private_keys/info.com.pem]: Autorequiring File[/var/lib/puppet/ssl/private_keys] debug: /File[/var/lib/puppet/ssl/crl.pem]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/client_yaml]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/state/last_run_summary.yaml]: Autorequiring File[/var/lib/puppet/state] debug: /File[/var/lib/puppet/ssl/certs/info.com.pem]: Autorequiring File[/var/lib/puppet/ssl/certs] debug: /File[/var/lib/puppet/client_data]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/ssl/public_keys]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/ssl/private_keys]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/state/graphs]: Autorequiring File[/var/lib/puppet/state] debug: /File[/var/run/puppet/agent.pid]: Autorequiring File[/var/run/puppet] debug: /File[/var/lib/puppet/classes.txt]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/state/state.yaml]/mode: mode changed '640' to '660' debug: Finishing transaction 70258153162980 debug: /File[/var/lib/puppet/ssl/certs]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/ssl/private_keys]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/ssl/private]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/ssl/crl.pem]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/ssl/certs/info.com.pem]: Autorequiring File[/var/lib/puppet/ssl/certs] debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/ssl/certificate_requests]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/ssl/public_keys]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/ssl/private_keys/info.com.pem]: Autorequiring File[/var/lib/puppet/ssl/private_keys] debug: /File[/var/lib/puppet/ssl/certs/ca.pem]: Autorequiring File[/var/lib/puppet/ssl/certs] debug: /File[/var/lib/puppet/ssl]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/ssl/public_keys/info.com.pem]: Autorequiring File[/var/lib/puppet/ssl/public_keys] debug: Finishing transaction 70258153219940 debug: Using cached certificate for ca debug: Using cached certificate for info.com debug: Finishing transaction 70258152746740 debug: Loaded state in 0.00 seconds debug: Using cached certificate for ca debug: Using cached certificate for info.com debug: Using cached certificate_revocation_list for ca debug: catalog supports formats: b64_zlib_yaml dot pson raw yaml; using pson info: Caching catalog for info.com debug: Creating default schedules debug: Loaded state in 0.00 seconds info: Applying configuration version '1351280410' debug: Finishing transaction 70258154614200 debug: Storing state debug: Stored state in 0.00 seconds notice: Finished catalog run in 0.02 seconds
err: Could not request certificate: Connection refused - connect(2) Exiting; failed to retrieve certificate and waitforcert is disabled
关闭防火墙可以解决
# puppetmasterd --help No help available unless you have RDoc::usage installed
# yum install ruby-rdoc
本文出自 “Netkiller 手札” 博客,转载请与作者联系!