运维自动化之Puppet学习

1、说明

1.1常用实现功能

可管理配置文件进行用户管理实现文件分发(建议小文件)、实现cron任务管理、实现分类管理客户端、软件安装、服务管理、定时脚本、执行命令、实现目标客户端执行脚本(前提是客户端已经存在该脚本)

1.2软件说明

操作系统:

debian wheezy 7.2_64bit

Linux localhost 3.2.0-4-amd64 #1 SMP  Debian 3.2.51-1 x86_64 GNU/Linux

在线安装版本

ruby  1.9.3 \ facter 1.6.10 \ puppet2.7.23

源码安装版本

ruby-1.8.7-p374.tar.gz  \  facter-1.7.4.tar.gz  \

2、安装

2.1安装使用软件

# apt-get install build-essential vim unzipntpdate

2.2在线安装

1)服务器端

# vim /etc/hostname      //灰色标记的内容均为文件内容

puppet.master.com

# vim /etc/hosts    //没有DNS

192.168.24.8   puppet.master.com

192.168.24.14 web.agent1.com

192.168.24.15  dydg100.agent2.com

# apt-getinstall puppetmaster

2)客户端

# vim /etc/hostname

web.agent1.com

# vim /etc/hosts    //没有DNS

192.168.24.8   puppet.master.com

192.168.24.14 web.agent1.com

# apt-getinstall puppet

# vim /etc/default/puppet  

START=yes


3)版本信息

# ruby -v

ruby 1.9.3p194 (2012-04-20 revision 35410)[x86_64-linux]

# whereis ruby

ruby: /usr/bin/ruby1.8 /usr/bin/ruby/usr/lib/ruby /usr/share/man/man1/ruby.1.gz

# facter -v

1.6.10

# whereis facter

facter: /usr/bin/facter/usr/share/man/man8/facter.8.gz

# puppet -V

2.7.23

# whereis puppet

puppet: /usr/bin/puppet /etc/puppet/usr/share/man/man8/puppet.8.gz

2.3源码安装(没有测试完,仅供查考)

1安装openssl

# tarzxvf openssl-1.0.1.tar.gz

# cdopenssl-1.0.1

#./config -fPIC --prefix=/usr/local/openssl enable-shared

# make&& make install

2安装Ruby

### 下载页面:http://cache.ruby-lang.org/pub/ruby/

# wget http://cache.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-p374.tar.gz

# tarzxvf ruby-1.8.7-p374.tar.gz

# cd ruby-1.8.7-p374

#./configure

# make&& make install

# cd ruby-1.8.7-p374/ext/openssl

# rubyextconf.rb �Cwith-openssl-dir=/usr/local/openssl \

--with-openssl-include=/usr/local/openssl/include\

--with-openssl-lib=/usr/local/openssl/lib

# make&& make install  //否则安装puppet时报错:Could not load openssl; cannotinstall

# whereisruby     // ruby: /usr/local/bin/ruby/usr/local/lib/ruby

# ruby -v         // ruby 1.8.7 (2013-06-27 patchlevel374) [x86_64-linux]

# ruby-ropenssl -e "puts :yep"  //输出 yep 说明Ruby所依赖的OpenSSL 库无问题

### 备注:ruby中文网址:https://www.ruby-lang.org/zh_cn/downloads/

3安装Facter

### 下载页面:http://puppetlabs.com/misc/download-options

# wgethttp://downloads.puppetlabs.com/facter/facter-1.7.4.tar.gz

# tarzxvf facter-1.7.4.tar.gz

# cdfacter-1.7.4

# rubyinstall.rb

# whereisfacter    // facter:/usr/local/bin/facter

# facter -v        // 1.7.4

4安装Puppet

### 下载页面:http://puppetlabs.com/misc/download-options

# wget http://downloads.puppetlabs.com/puppet/puppet-3.4.2.tar.gz

# tarzxvf puppet-3.4.2.tar.gz

# cdpuppet-3.4.2

# rubyinstall.rb


3、配置

3.1服务器端

1puppet.conf

# vim /etc/puppet/puppet.conf

# 默认配置暂时没有做修改

2、启动

# /etc/init.d/puppetmaster start


3.2客户端

1puppet.conf

# vim /etc/puppet/puppet.conf

[main]

logdir=/var/log/puppet

vardir=/var/lib/puppet

ssldir=/var/lib/puppet/ssl

rundir=/var/run/puppet

factpath=$vardir/lib/facter

templatedir=$confdir/templates

prerun_command=/etc/puppet/etckeeper-commit-pre

postrun_command=/etc/puppet/etckeeper-commit-post


[master]

# These are needed when the puppetmaster is run bypassenger

# and can safely be removed if webrick is used.

ssl_client_header = SSL_CLIENT_S_DN

ssl_client_verify_header = SSL_CLIENT_VERIFY


[agent]

server = puppet.master.com   //配置服务器端主机名

2puppet

//以下解决启动报: puppet notconfigured to start, please edit /etc/default/puppet to enable

# vim /etc/default/puppet  

START=yes

3、启动客户端

# /etc/init.d/puppet start

3.3证书

3.3.1证书注册

1)客户端注册请求

# puppet agent --test

2)服务端查看注册请求

# puppet cert list --all  

3)服务端受理注册请求

# puppet cert sign web.agent1.com

4)客户端确认注册是否成功

# puppet agent --test

info: Caching catalog for web.agent1.com

info: Applying configuration version '1392266761'

notice: Finished catalog run in 0.03 seconds

5)启动服务器端和客户端

3.3.2证书变更

###客户端

# /etc/init.d/puppet stop

# rm -rf /var/lib/puppet

### 服务器端

# puppet cert clean web.agent1.com    //删除客户端认证

# puppet cert list --all     //服务端查看注册请求

### 客户端

# puppetd --server puppet.master.com --test    //重新生成认证

info: Caching catalog for web.agent1.com

info: Applying configuration version '1392265820'

notice: Finished catalog run in 0.03 seconds

### 服务器端

# puppet cert list --all     //查看所有客户端的请求(+号的代表已经签好证书可以通信,没有加号的代表尚未签好证书。

"web.agent1.com"  //若没有加号,没有签好证书,需要重新认证

# puppet cert sign web.agent1.com   //受理注册请求,完成认证

### 客户端

//测试是否正常

# puppet agent --test --noop --server puppet.master.com

info: Caching catalog for web.agent1.com

info: Applying configuration version '1392266401'

notice: Finished catalog run in 0.03 seconds


3.2.3服务器端自动受理注册

1)在服务端

#vim /etc/puppet/puppet.conf

[master]

autosign = /etc/puppet/autosign.com

#vim /etc/puppet/autosign.conf

web.agent1.com

game.agent2.com

3.4客户端测试

#puppet agent --test --noop --server puppet.master.com


4、用户组资源

# puppet -V     2.7.23

4.1目录结构

#tree puppet

puppet

├── auth.conf

├── etckeeper-commit-post

├── etckeeper-commit-pre

├── fileserver.conf

├── manifests

│   ├── modules.pp

│   ├── nodes

│   │   ├── gameapp

│   │   │   └── agent2.pp

│   │   ├── gamedb

│   │   │   └── agent1.pp

│   │   └── site.pp

│   └── site.pp

├── modules

│   └── users

│       ├── file

│       ├── manifests

│       │   ├── addgroup.pp

│       │   ├── adduser.pp

│       │   └── init.pp

│       └── templates

│           ├── laowafang_authorized_keys.erb

│           ├── dada_authorized_keys.erb

│           ├── zhiban1_authorized_keys.erb

│           └── zw_authorized_keys.erb

├── puppet.conf

└── templates


4.2操作过程

4.2.1创建模版目录

# cd /etc/puppet/modules

# mkdir -p user/{manifests,templates,files}

# touch user/manifests/init.pp

# touch user/manifests/addgroup.pp

# touch user/manifests/adduser.pp

4.2.2 users模块清单

1init.pp内容,入口程序,必须创建

# cat /etc/puppet/modules/users/manifests/init.pp

class users {

   include users

}

2addgroup.pp创建用户组用“定义”资源容器

# cat /etc/puppet/modules/users/manifests/addgroup.pp

define users::addgroup ($groupname='')

{

   includeusers

       group

       {   $groupname:

          ensure => present,

       }

}

3adduser.pp创建用户

# cat # cat /etc/puppet/modules/users/manifests/adduser.pp

define users::adduser ($username='', $useruid='',$userhome='', $usershell='/bin/bash', $groupid)

{

   includeusers

   user

   {   $username:

      ensure  => present,

      uid   => $useruid,

       shell=> $usershell,

       gid=> $groupid,

      home  =>"/home/$userhome",

   }

   file

   {   "/home/$userhome":

      owner   => $useruid,

      group   => $useruid,

      mode    => 700,

      ensure  => directory;

   }

   file

   {   "/home/$userhome/.ssh":

      owner   => $useruid,

      group   => $useruid,

      mode    => 700,

      ensure  => directory,

       require=> File["/home/$userhome"];

   }

   file

   {   "/home/$userhome/.ssh/authorized_keys":

      owner   => $useruid,

      group   => $useruid,

      mode    => 600,

      ensure  => present,

       content=> template("users/${userhome}_authorized_keys.erb"),

       require=> File["/home/$userhome/.ssh"];

   }

}

4templates*.erb文件为sshKey文件

4.2.3节点实现创建用户及其组

1创建对应节点所需文件

# mkdir -p /etc/puppet/manifests/nodes/gamedb

# mkdir -p /etc/puppet/manifests/nodes/gameapp

# touch /etc/puppet/manifests/modules.pp

# touch /etc/puppet/manifests/site.pp

# touch /etc/puppet/manifests/nodes/site.pp

# touch /etc/puppet/manifests/nodes/gamedb/agent1.pp

# touch /etc/puppet/manifests/nodes/gameapp/agent2.pp

2文件内容清单

1modules.pp

# cat /etc/puppet/manifests/modules.pp

import "users"

2site.pp

# cat /etc/puppet/manifests/site.pp

import "nodes/site.pp"

import "modules.pp"


#user { 'zw':          //注释的是测试删除所有节点用户用的

#       ensure=> absent,

#}

#user { 'laowafang':

#       ensure=> absent,

#}

3site.pp

# cat /etc/puppet/manifests/nodes/site.pp

import "gamedb/agent1.pp"

import "gameapp/agent2.pp"

4agent1.pp

# cat /etc/puppet/manifests/nodes/gamedb/agent1.pp

node "web.agent1.com" {

   includeusers


  users::addgroup { 'allgroup':

      groupname => [ 'yanfa', 'ywsa', 'ywdba', 'zhiban' ]

   }

  users::adduser { 'zw':

      username => 'zw',

       useruid=> 1000,

      userhome => 'zw',

       groupid=> 'ywsa',

   }

  users::adduser { 'laowafang':

      username => 'laowafang',

       useruid=> 1001,

       userhome=> 'laowafang',

       groupid=> 'ywdba',

   }

}

5agent2.pp

# cat /etc/puppet/manifests/nodes/gameapp/agent2.pp

node "dydg100.agent2.com" {

   includeusers


  users::addgroup { 'allgroup':

      groupname => [ 'ywsa', 'ywdba', 'yanfa', 'zhiban' ]

   }

  users::adduser { 'zw':

      username => 'zw',

       useruid=> 1000,

      userhome => 'zw',

       groupid=> 'ywsa',

   }

  users::adduser { 'dada':

      username => 'dada',

       useruid => 1001,

      userhome => 'dada',

       groupid=> 'yanfa',

   }

  users::adduser { 'zhiban1':

      username => 'zhiban1',

       useruid=> 1002,

      userhome => 'zhiban1',

       groupid=> 'zhiban',

   }

}


4.2.4客户端测试

### 两个客户端分别测试

# puppetagent --test --noop --server puppet.master.com  //进行检查

info: Caching catalog for web.agent1.com

info: Applying configuration version'1393300345'

……省略

notice: Finished catalog run in 0.10seconds

#puppet agent --test --server puppet.master.com    //真正创建


5、常用操作

# puppet parser validate adduser.pp    //检查语法

# puppet master --genconfig |grepmodulepath  //检查对应配置文件路径

# puppet module list    //查看已安装的模块



### 刚学习到此,主要是摸清楚了软件目录结构和运行流程,其中没有详细的解释说明,基本都是实际操作,大家可以另行查看其他说明,推荐图书:刘宇的《puppet实战》,高永超翻译的《精通puppet配置管理工具》。有时间继续补上其他的……


你可能感兴趣的:(Debian,puppet,运维自动化)