puppet 学习文档

192.168.6.226 为服务端

192.168.6.223 为客户端

1,puppet 安装

服务端

关闭selinux iptables

添加hosts

Vim /etc/hosts

127.0.0.1   localhost localhost.localdomain localhost4localhost4.localdomain4 web10

::1         localhost localhost.localdomainlocalhost6 localhost6.localdomain6 web10

127.0.0.1  www.test1.com www.aaa.com www.test.com

192.168.6.223 web9.aming.com

192.168.6.226 web10.aming.com

Vim /etc/sysconfig/network

Hostname web10.aming.com

Yum install puppetmaster �y

启动puppetmaster

提示错误需要在hosts里加入主机名

Starting puppetmaster:dnsdomainname: Unknown host

dnsdomainname: Unknown host

ps aux|grep puppet

puppet  31418  3.9  8.4 142812 42328 ?        Ssl 17:07   0:01 /usr/bin/ruby/usr/sbin/puppetmasterd

端口号8140

客户端

Vim /etc/hosts

192.168.6.226 web10.aming.com

192.168.6.223 web9.aming.com

Vim /etc/sysconfig/network

Hostname web9.aming.com

按装puppet

Yum install puppet �y

/etc/init.d/puppet start

客户端上添加配置

Vim /etc/puppet/puppet.conf

Listen = true

Server = web9.aming.com

runinterval = 30

 

puppet 应用

注册ca

Puppet agent �test �server web10.aming.com(注册命令)

 

Info: csr_attributes file loading from/etc/puppet/csr_attributes.yaml

Info: Creating a new SSL certificaterequest for web10.aming.com

Info: Certificate Request fingerprint(SHA256):DD:17:9F:11:4B:01:77:32:8F:38:22:9C:48:51:35:57:8D:EB:F3:94:1B:52:8F:CA:CA:53:53:FE:A6:EC:B9:4C

Exiting; no certificate found andwaitforcert is disabled

提示以上内容注册成功

Puppet cert list �all 查看ca

+ "web10.aming.com" (SHA256)6A:2E:1D:77:8F:64:BA:39:63:B9:5A:1F:B0:60:66:8E:27:68:60:52:D5:53:FE:D2:9F:68:41:05:A7:64:16:16

+ "web9.aming.com"  (SHA256) BD:8F:D1:6E:52:ED:D2:08:DC:4D:DE:A2:D1:23:21:08:1A:69:FA:15:39:4F:8A:37:10:65:5D:ED:00:B5:59:C6(alt names: "DNS:puppet", "DNS:puppet.aming.com","DNS:web9.aming.com")

看到+号的情况,提示已经加入到服务器的ca列表

如果没有出现+号则使用

puppet cert --sign web10.aming.com

测试

在服务端建立新文件site.pp

vim /etc/puppet/manifests/site.pp

 

node default {

file {

"/tmp/123.txt": content =>"test,test";

}

}

保存后

在客户端输入

Puppet �test �server web9.aming.com

后再/tmp下出现123.txt

Info: Caching certificate forweb10.aming.com

Info: Caching certificate_revocation_listfor ca

Info: Caching certificate forweb10.aming.com

Notice: Ignoring --listen on onetime run

Warning: Unable to fetch my nodedefinition, but the agent run will continue:

Warning: undefined method `include?' fornil:NilClass

Info: Retrieving pluginfacts

Info: Retrieving plugin

Info: Loading facts

Info: Caching catalog for web10.aming.com

Info: Applying configuration version'1456399416'

Notice:/Stage[main]/Main/Node[default]/File[/tmp/123.txt]/ensure: defined content as'{md5}c175a2c7aefdba02f99b8a5b019b18cb'

Info: Creating state file/var/lib/puppet/state/state.yaml

自动认证

客户端

/etc/init.d/puppet stop

Rm �rf /var/lib/puppet/ssl/*

服务端

Puppet cert clean �all

Vim /etc/puppet/puppet.conf

加入一条

Autosign = true

Vim /etc/puppet/autosign.conf

*.aming.com

启动puppetmaster

/etc/init.d/puppetmaster start

启动puppet 客户端

/etc/init.d/puppet start

模块示例

首先编辑在/etc/puppet/modules/创建一个自定义模块testm

在创建cd testm

mkdir -pv {files,manifests,templates}

cd files

echo sdfasfaasfaming.com>aming.txt

vim manifests/init.pp

class testm{

       file {"/tmp/aming.txt":

       owner => "root",

       group => "root",

       mode => 0400,

       source => "puppet://$puppetserver/modules/testm/aming.txt"

} }

Vim manifests/site.pp

 

$puppet='web9.aming.com'

node 'web10' {

include testm

}

Web10 为通过查看puppet cert list�all 里的文件得出的

Tail �F /var/log/message

Feb 26 02:03:06 localhostpuppet-agent[59793]: (/Stage[main]/Testm/File[/tmp/aming.txt]/ensure) definedcontent as '{md5}a3a6d94ec56c9a449377625873340f10'

Feb 26 02:03:06 localhostpuppet-agent[59793]: Finished catalog run in 0.37 seconds

提示以上内容成功

 

做目录资源

cd testm/files

vim manifests/init.pp

class testm{

       file {"/tmp/aming.txt":

       owner => "root",

       group => "root",

       mode => 0400,

       source => "puppet://$puppetserver/modules/testm/aming.txt"

} }

class nginx {

       file {"/usr/local/nginx":

       owner => "root",

       group => "root",

       source => "puppet://$puppetserver/modules/testm/nginx",

       recurse => true,

       purge => true #支持删除操作

       }

}

~    Vimmanifests/site.pp

 

$puppet='web9.aming.com'

node 'web10' {

include testm

include nginx

}

查看日志

Tail �F /var/log/message

Feb 26 02:29:31 localhostpuppet-agent[23849]:(/Stage[main]/Nginx/File[/usr/local/nginx/sbin/nginx.old]/ensure) definedcontent as '{md5}347341e105e668ea6220cbaa09dd6e7d'

Feb 26 02:29:31 localhostpuppet-agent[23849]: (/Stage[main]/Nginx/File[/usr/local/nginx/conf/win-utf]/ensure)defined content as '{md5}3749ffe19bedd842eb87e83d544e5ce6'

Feb 26 02:29:31 localhostpuppet-agent[23849]:(/Stage[main]/Nginx/File[/usr/local/nginx/conf/mime.types.default]/ensure)defined content as '{md5}bd837e7b34f5c9b8d89957d0527f0d44'

Feb 26 02:29:31 localhostpuppet-agent[23849]:(/Stage[main]/Nginx/File[/usr/local/nginx/conf/uwsgi_params]/ensure) definedcontent as '{md5}2aaaf1e3535752e74d2942db8b3632cb'

Feb 26 02:29:31 localhostpuppet-agent[23849]: (/Stage[main]/Nginx/File[/usr/local/nginx/conf/fastcgi.conf]/ensure)defined content as '{md5}c53b8ddf4250e742594d24c55e73c0df'

Feb 26 02:29:31 localhostpuppet-agent[23849]:(/Stage[main]/Nginx/File[/usr/local/nginx/conf/nginx.conf]/ensure) definedcontent as '{md5}a79bb7bb340a80057bce4772935548f0'

Feb 26 02:29:31 localhostpuppet-agent[23849]:(/Stage[main]/Nginx/File[/usr/local/nginx/conf/scgi_params]/ensure) definedcontent as '{md5}e9fd19c7d1f0cecbd46b3cb041ae19c7'

Feb 26 02:29:31 localhostpuppet-agent[23849]:(/Stage[main]/Nginx/File[/usr/local/nginx/html/50x.html]/ensure) definedcontent as '{md5}d74f9cdd604653c22c6752c46fffd587'

Feb 26 02:29:31 localhostpuppet-agent[23849]: (/Stage[main]/Nginx/File[/usr/local/nginx/uwsgi_temp]/ensure)created

Feb 26 02:29:32 localhostpuppet-agent[23849]:(/Stage[main]/Nginx/File[/usr/local/nginx/logs/access.log]/ensure) definedcontent as '{md5}68a546f08e828ad73f7a37860fe977fd'

提示以上内容成功

远程执行命令

cd testm/files

vim manifests/init.pp

class nginx {

       file {"/usr/local/nginx":

        owner => "root",

       group => "root",

       source => "puppet://$puppetserver/modules/testm/nginx",

       recurse => true,

       purge => true

       }

       exec {"123":

       unless => "test -f/tmp/aminglinux.txt",

       path => ["/bin","/sbin","/usr/bin","/usr/sbin"],

       command => "touch /tmp/aminglinux.txt"

}

}

unless => "test -f/tmp/aminglinux.txt" 当文件不存在时可以创建

onlyif => "test -f/tmp/aminglinux.txt" 当问及存在是创建

cron模块

cd testm/files

vim manifests/init.pp

class nginx {

       file{"/usr/local/nginx":

       owner => "root",

       group => "root",

       source => "puppet://$puppetserver/modules/testm/nginx",

       recurse => true,

       purge => true

       }

       exec {"123":

       unless => "test -f /tmp/aminglinux.txt",

       path =>["/bin","/sbin","/usr/bin","/usr/sbin"],

       command => "touch /tmp/aminglinux.txt"

}

       cron{"aming1":

       command => "/sbin/ntpdate time.windows.com",

       user => "root",

       minute => "*/10",

       #ensure => "absent" 是否清除命令

}

}

说明:分时日月周分别对应Puppet里面的minute,hour,monthday,month,weekday,ensure设置为absent为删除该任务,如果不设置改行则为建立


你可能感兴趣的:(puppet,学习文档)