什么是puppet？

puppet批量管理工具，目前樂視，安居都是在用puppet，采用的是C/S模式的結構的linux，unix的集中配置

管理系統，puppet擁有自己的語言，可以管理文件用戶，cron任務，軟件包等，系統服務。

?

puppet工作原理：

采用https和XML協議，master去管理client，客戶通過https的xmlrpc協議發給服務器端，服務器通過分析客戶主機名，找到該主機配置代碼

當客戶端操作完成后向服務器返回消息，看看是否執行成功。

puppet

應用于公司有大量上百臺服務器進行管理

?

?

puppet安裝

注意時間要同步

ntpdate time.nist.gov

?

環境：

系統redhat6.5

master 192.168.2.1

client1 ?192.168.2.3

client2 ?192.168.2.4

?

首先時間同步，防火墻關掉

/etc/init.d/iptables ?stop

需要ruby環境，裝ruby

[root@agent ~]# yum -y install ruby

?

創建用戶puppet

[root@localhost ~]# groupadd puppet

[root@localhost ~]# useradd -g puppet -s /bin/false ?-M puppet

?

設置hosts puppet同步是通過域名同步

echo "192.168.1.102 master.test.com" >> /etc/hosts

echo "192.168.1.60 agent.test.com" >> /etc/hosts

echo "192.168.1.106 client02" >> /etc/hosts

?

機器名字改成域名形式

vim /etc/sysconfig/network

?

master必須改主機名，client不用改

把所有域名加到hosts里面，能通信

[root@localhost ~]# cat /etc/hosts

127.0.0.1 ??localhost localhost.localdomain localhost4 localhost4.localdomain4

::1 ????????localhost localhost.localdomain localhost6 localhost6.localdomain6

192.168.2.1 master.test.com

192.168.2.3 agent1.test.com

192.168.2.4 client02

?

確定域名通信

?

?

安裝puppet軟件包

[root@localhost ~]# tar zxf facter-1.6.4.tar.gz

[root@localhost ~]# cd facter-1.6.4 ???

[root@localhost facter-1.6.4]# ruby ?install.rb

?

?

[root@agent ~]# tar zxf puppet-2.7.14.tar.gz

[root@agent ~]# cd puppet-2.7.14

[root@agent puppet-2.7.14]# ruby ?install.rb

?

?

[root@localhost puppet-2.7.9]# mkdir -p /etc/puppet

[root@localhost puppet-2.7.9]# cp conf/redhat/* /etc/puppet/

[root@localhost puppet-2.7.9]# cp conf/auth.conf ?/etc/puppet/

?

?

MASTER

建立配置文件目錄

[root@localhost ~]# mkdir ?/etc/puppet/manifests -p

[root@localhost puppet]# pwd

/etc/puppet

[root@localhost puppet]# cp server.init ?/etc/init.d/puppetmaster 復制啟動文件

[root@localhost puppet]# chmod ?755 /etc/init.d/puppetmaster 給權限

?

?

啟動puppet

[root@localhost puppet]# /etc/init.d/puppetmaster ?start

啟動 puppetmaster： ???????????????????????????????????????[確定]

[root@localhost puppet]# ps -ef |grep puppet

puppet ???48544 ?????1 ?0 00:33 ? ???????00:00:00 /usr/bin/ruby /usr/sbin/puppetmasterd

root ?????48558 ?47222 ?0 00:33 pts/2 ???00:00:00 grep puppet

?

?

Agent操作：

[root@agent puppet-2.7.14]# puppetd --test --server master.test.com ??請求證書

info: Creating a new SSL key for agent.test.com

warning: peer certificate won't be verified in this SSL session

info: Caching certificate for ca

warning: peer certificate won't be verified in this SSL session

warning: peer certificate won't be verified in this SSL session

info: Creating a new SSL certificate request for agent.test.com

info: Certificate Request fingerprint (md5): 2B:25:B8:D5:53:7D:0C:35:6C:F0:C2:01:3F:56:E9:CB

warning: peer certificate won't be verified in this SSL session

warning: peer certificate won't be verified in this SSL session

warning: peer certificate won't be verified in this SSL session

Exiting; no certificate found and waitforcert is disabled

?

Master查看

[root@localhost puppet]# puppetca -l ?發現有一個請求證書

agent.test.com (2B:25:B8:D5:53:7D:0C:35:6C:F0:C2:01:3F:56:E9:CB)

?

Master授權證書

[root@localhost puppet]# puppetca -s agent.test.com

notice: Signed certificate request for agent.test.com

notice: Removing file Puppet::SSL::CertificateRequest agent.test.com at '/var/lib/puppet/ssl/ca/requests/agent.test.com.pem'

?

?

?

[root@localhost puppet]# ll /var/lib/puppet/ssl/ca/signed/ ?Server端證書目錄

總用量 8

-rw-r-----. 1 puppet puppet 1387 ?3月 27 11:46 agent.test.com.pem

-rw-r-----. 1 puppet puppet ?936 ?3月 27 11:28 master.test.com.pem

?

?

?

Agent查看證書

[root@agent puppet-2.7.14]# puppetd --test --server master.test.com

warning: peer certificate won't be verified in this SSL session

info: Caching certificate for agent.test.com

info: Caching certificate_revocation_list for ca

info: Caching catalog for agent.test.com

info: Applying configuration version '1459050414'

info: Creating state file /var/lib/puppet/state/state.yaml

notice: Finished catalog run in 0.02 seconds

?

?

OK 證書請求完成

?

?

?

puppet配置管理

?

Master配置

創建編寫配置文件

[root@localhost puppet]# cd /etc/puppet/manifests/

[root@localhost manifests]# vim site.pp

[root@localhost manifests]# cat site.pp

node default{ ?????????????????在客戶端下

file {"/tmp/test.txt": ???創建test。txt文件

content=>"I'm test puppet\n"; ??文件內容

}

}

?

重啟puppet ?第一服務次創建需要重啟puppet

[root@localhost manifests]# /etc/init.d/puppetmaster ?restart

停止 puppetmaster： ???????????????????????????????????????[確定]

啟動 puppetmaster： ???????????????????????????????????????[確定]

?

Agent運行查看

[root@agent puppet-2.7.14]# puppetd --test --server master.test.com

info: Caching catalog for agent.test.com

info: Applying configuration version '1459051322'

notice: /Stage[main]//Node[default]/File[/tmp/test.txt]/ensure: defined content as '{md5}126809c793cb00f34616532d90ab1e85'

notice: Finished catalog run in 0.03 seconds

提示有文件

那么查看下

[root@agent tmp]# ls

orbit-gdm ?pulse-yllwWiOizWaB ?test.txt ?yum.log

[root@agent tmp]# cat test.txt

I'm test puppet

?

ok同步成功

?

?

加入要創建一個用戶并改變用戶和授權怎么做？

[root@localhost manifests]# cat site.pp ??這個腳本是將大于100kb的log日志的腳本

node default{

file {"/tmp/test.txt":

content=>"find /log/ -type f -size +100KB |xargs rm -rf\n",

mode=>"0777",

}

}

[root@agent tmp]# ll test.sh ??agent查看是root用戶

-rwxrwxrwx. 1 root root 46 ?3月 27 12:17 test.sh

?

?

[root@localhost manifests]# cat site.pp ??配置屬組用戶

node default{

file {"/tmp/test.sh":

content=>"find /log/ -type f -size +100KB |xargs rm -rf\n",

mode=>"0777",

group=>"puppet",

owner=>"puppet",

}

}

?

agent運行

?

[root@agent tmp]# ll test.sh ??變成puppet

-rwxrwxrwx. 1 puppet puppet 46 ?3月 27 12:17 test.sh

?

?

?

設置計劃任務

cron { "ntp time ": ?這個是名字 ?在agent里面是注釋

command => "/usr/sbin/ntpdate pool.ntp.org >/dev/null 2>&1",

minute => '*/10',

hour => ['2-4'],

monthday => [2,4],

ensure => present,

environment => "PATH=/bin:/usr/bin:/usr/sbin"

}

}

?

在Agent查看計劃任務

[root@agent tmp]# puppetd --test --server master.test.com

info: Caching catalog for agent.test.com

info: Applying configuration version '1459053791'

notice: /Stage[main]//Node[default]/Cron[ntp time ]/ensure: created

notice: Finished catalog run in 0.11 seconds

[root@agent tmp]# crontab ?-l

# HEADER: This file was autogenerated at Sun Mar 27 12:43:12 +0800 2016 by puppet.

# HEADER: While it can still be managed manually, it is definitely not recommended.

# HEADER: Note particularly that the comments starting with 'Puppet Name' should

# HEADER: not be deleted, as doing so could cause duplicate cron jobs.

# Puppet Name: ntp time

PATH=/bin:/usr/bin:/usr/sbin

*/10 2-4 2,4 * * /usr/sbin/ntpdate pool.ntp.org >/dev/null 2>&1

?

?

?

假如在puppet用戶執行這任務

那么直接加user=puppet就可以

?

假如我想把master端一個文件同步到agent上，怎么寫？

創建同步的文件

[root@localhost puppet]# mkdir /etc/puppet/system_conf

[root@localhost puppet]# cd /etc/puppet/system_conf/

[root@localhost system_conf]# vim a.log

[root@localhost system_conf]# cat a.log

test

[root@localhost system_conf]# ll a.log

-rw-r--r--. 1 root root 5 ?3月 27 12:55 a.log

?

修改master端配置 四部曲：

第一步：配置共享目錄

[root@localhost puppet]# cat fileserver.conf ??在文件里添加內容，代表將這個目錄共享出去

[system_conf]

path /etc/puppet/system_conf/

allow *

?

第二步：重啟puppet

[root@localhost puppet]# /etc/init.d/puppetmaster ?restart

停止 puppetmaster： ???????????????????????????????????????[確定]

啟動 puppetmaster： ???????????????????????????????????????[確定

第三步：需要將同步的文件放到system.conf文件中，前面已經做了

第四步：修改master端site.pp

file {"a.log":

mode=>644,

source => "puppet://master.test.com/system_conf/a.log"; 制定來源

}

}

agent查看

[root@agent etc]# cat a.log

test

?

根據不同業務配置不同的服務器：

?

配置node節點

node 'client02' { ???????client02主機名，代表在client02下同步

????????file{ "/var/log/snmp.log":

????????????????content=>"test/n".

}

添加如下參數

?

?

?

?

puppet主要配置文件puppet.conf ?server.sysconfig

?

?

那么咱們之前都是手動同步，怎么設置成自動同步呢？、

agent

[root@agent etc]# cd /etc/puppet/

[root@agent puppet]# cp client.init ?/etc/init.d/puppetagent

[root@agent puppet]# chmod ?777 /etc/init.d/puppetagent

?

?

[root@agent puppet]# cp client.sysconfig ?/etc/sysconfig/puppet

[root@agent puppet]# vim /etc/sysconfig/puppet ??編輯文件

[root@agent puppet]# cat /etc/sysconfig/puppet

# The puppetmaster server

PUPPET_SERVER=master.test.com

?

# If you wish to specify the port to connect to do so here

#PUPPET_PORT=8140

?

# Where to log to. Specify syslog to send log messages to the system log.

PUPPET_LOG=/var/log/puppet/puppet.log

?

# You may specify other parameters to the puppet client here

PUPPET_EXTRA_OPTS=--waitforcert=500

?

[root@agent puppet]# /etc/init.d/puppetagent ?start 啟動服務，這樣默認就從puppet取

啟動 puppet： ?????????????????????????????????????????????[確定]

?

?

這樣咱們puppet完成了！！！

轉載于:https://blog.51cto.com/10966380/1767312

總結

以上是生活随笔為你收集整理的Puppet实战笔记的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。