Puppet 

Puppet.wikidot.com 上网看介绍puppet

找到Puppet目前能管理的全部资源类型及其属性。

 

 

服务器端：puppetmaster

客户端：puppet

 

1.     rpm 依赖关系

2.     配置文件

a)       /etc/puppet/puppet.conf(全局参数)比如：日志、pid，不定义节点

b)       /etc/puppet/manifests/site.pp 节点(被puppet管理的资源)

import节点nodes.pp(定义节点主机名、同步资源)

       c)    /etc/puppet/modules/<模块名>/2个目录

                     manifests目录(配置文件init.pp、server.pp)

                     files目录(真实的文件)

步骤：

1.       master端装包，修改/etc/puppet/puppet.conf

2.       agent端装包，修改配置文件。

3.       master签名秘钥，创建资源同步到agent端

master、agent-------hosts主机名需同步。

 

Master端

vi puppet.conf

[master]

certname=主机名

 

touch site.pp 一定要创建再启动服务

vi site.pp(全部写在该文件会导致数据多长，import方式)

import “nodes.pp”       需创建nodes.pp

$puppetserver = 'puppet-master.uplooking.com'

 

补充一点如下：如果要检查pp文件语法格式，请使用如下命令：
puppet --parseonly  site.pp

 

agent端

vi puppet.conf

[main]

server=master主机名

启动服务

 

签名秘钥：

puppet cert –list          //发现

puppet cert –sign 端主机名>      //签名后可通信

/var/lib/puppet/ssl       //秘钥存放目录  用find找到相关证书文件

find . -name "*example.com*"

 

如何清理puppet?

1.卸了重装就行啊。
2.或者重新配置证书、签名。
master端 删除未签名或已签名的证书  路径分别为
/var/lib/puppet/ssl/ca/requests/
/var/lib/puppet/ssl/ca/signed/
rm -r /var/lib/puppet/ssl/*
agent端 删除无论是已签名或未签名证书

agent端同步文件时间周期

vi /etc/puppet/puppet.conf

[agent]

runinterval=5              //添加一行，5秒同步

 

实验：

1台matst 82  1台agent83

iptables -F

setenforce 0

service iptables stop

chkconfig iptables off

 

装包：

yum install ruby libselinux-ruby compat-readline5 -y

[root@desktop82 rpms]# ls

facter-1.6.18-3.el6.x86_64.rpm         ruby-augeas-0.4.1-1.el6.x86_64.rpm

puppet-2.6.18-3.el6.noarch.rpm         ruby-shadow-1.4.1-13.el6.x86_64.rpm

puppet-server-2.6.18-3.el6.noarch.rpm

mater安装server，agent安装puppet

 

[root@desktop82 rpms]# rpm -ivh *

warning: facter-1.6.18-3.el6.x86_64.rpm: Header V3RSA/SHA256 Signature, key ID 0608b895: NOKEY

error: Failed dependencies:

         ruby(selinux) is needed by puppet-2.6.18-3.el6.noarch

[root@desktop82 rpms]# yum list | grep ruby |grep selinux

Unable to read consumer identity

libselinux-ruby.x86_64                 2.0.94-5.3.el6              base

[root@desktop82 rpms]# yum install libselinux-ruby –y

 

配置：

vim /etc/hosts

192.168.0.82 desktop82.example.com

192.168.0.83 desktop83.example.com

 

master

vim /etc/puppet/puppet.conf

[master]

       certname=desktop82.example.com       //添加master

 

agent

[agent]

runinterval=5              //添加一行，5秒同步

 

 

[root@desktop82 puppet]# ls /etc/puppet/manifests/

[root@desktop82 puppet]# touch /etc/puppet/manifests/site.pp     

site.pp文件，它告诉”Puppet Master”到哪里找并载入指定的节点配置。site.pp文件存放在/etc/puppet/manifests目录中，如果没有请创建一个空文件，因为如果没有site.pp文件，“Puppet Master”将拒绝启动。 Manifest（清单）是Puppet的术语，指包含配置信息的文件，清单文件的后缀都是.pp。

puppet --parseonly  site.pp

检查文件语法格式

service puppetmaster start

 

建议你第一次运行“Puppet Master”测试其初始化并启动服务(服务需stop)：

service puppetmaster stop

puppet master --verbose --no-daemonize –debug

--verbose 参数使“Puppet Master”输出详细的日志，--no-daemoinze 参数是

“Puppet Master” 进程运行在前台，--debug会产生更加详细的日志。

 

agent

vim /etc/puppet/puppet.conf

[main]

server=desktop82.example.com

service puppet start

 

master

puppet master --verbose --no-daemonize

 

/var/lib/puppet/ssl       //秘钥存放目录  用find找到相关证书文件

find . -name "*example.com*"

 

签名授权：

[root@desktop82 puppet]# puppet cert –list // cert 子命令参数—list 查看等待注册的节点

  "desktop83.example.com" (00:6E:52:7E:D4:64:6C:66:24:E9:7B:66:84:0D:ED:96)

 

[root@desktop82 puppet]# puppet cert --sign desktop83.example.com //sign注册新某节点的或所有待注册节点

notice: Signed certificate request for desktop83.example.com

notice: Removing file Puppet::SSL::CertificateRequest desktop83.example.com at '/var/lib/puppet/ssl/ca/requests/desktop83.example.com.pem'

 

如果你是使用--verbose 和—no-daemonize参数启动puppet master

puppet master --verbose --no-daemonize

….....

notice: Compiled catalog for node1.uplooking.com in environment production in 0.02 seconds

 

资源同步

[root@desktop82 requests]# vim /etc/puppet/manifests/site.pp

import 'nodes.pp'

$puppetserver = 'puppet-desktop82.example.com'

 

[root@desktop82 requests]# vim /etc/puppet/manifests/nodes.pp

node 'desktop83.example.com'{

        include motd

      }

 

创建第一个Puppet模块motd

[root@desktop82 ~]# vim /etc/puppet/puppet.conf

[main]

modulepath = /etc/puppet/modules:/var/lib/puppet/modules:/usr/local/lib/puppet/modules

 

[root@desktop82 ~]# mkdir /etc/puppet/modules

[root@desktop82 ~]# mkdir -vp /etc/puppet/modules/motd/{files,templates,manifests}

mkdir: created directory `/etc/puppet/modules/motd'

mkdir: created directory `/etc/puppet/modules/motd/files'

mkdir: created directory `/etc/puppet/modules/motd/templates'

mkdir: created directory `/etc/puppet/modules/motd/manifests'

 

[root@desktop82 ~]# vim /etc/puppet/modules/motd/manifests/init.pp

class motd {

      package { setup:

             ensure => present,

      }

      file { "/etc/motd":

              owner => "root",

              group => "root",

              mode => 644,

              source => "puppet://$puppetserver/modules/motd/etc/motd",

              require => Package["setup"],

      }

}

source => "puppet://$puppetserver/modules/motd/etc/motd",

同步的资源文件路径：desktop148.example.com/etc/puppet/modules/motd/files/etc/motd，files不用写系统会自动找。

motd模块的init.pp文件中包含一个独立的类motd，类中包含两个资源：一个软件包package和一个文件资源file。

 

[root@desktop82 ~]# mkdir /etc/puppet/modules/motd/files/etc -p

[root@desktop82 ~]# echo "Hello Puppet" > /etc/puppet/modules/motd/files/etc/motd

 

master启动

[root@ desktop82 ~]# puppet master --verbose --no-daemonize

 

agent

服务停止，用前台方式运行并监控它，—noop, 代表测试，并不真的运行并修改节点上的文件，--onetime参数是只执行一次然后退出的意思。

[root@ desktop83 ~]# puppet agent --server=desktop82.example.com  --no-daemonize –verbose --noop --onetime

运行测试是正确的。然后真的执行

puppet agent --server=desktop82.example.com --no-daemonize --verbose –onetime

[root@desktop83 ~]# cat /etc/motd

HelloPuppet

 

在master写入数据，anget检测同步的文件是否每5秒更新

while true;do echo `date` >> /etc/puppet/modules/motd/files/etc/motd; sleep 4;done

cat /etc/motd

 

Httpd

定义httpd 5个资源

1.       主配置文件

a)       /etc/httpd/conf/httpd.conf

b)       /etc/httpd/conf.d/*.conf

2.       网站页面

a)       /var/www/xxx.com

3.       包 httpd

4.       exec

5.       service running   chkconfig on

 

先创建文件，再修改配置文件

 

class httpd

{

       $packagelist = ["httpd"]

       package {

       $packagelist:

       ensure => present,

       }

 

       exec { "reload-apache2":

       command => "/etc/init.d/httpd reload",

       require => package["httpd"],

       }

 

       file {

       "/etc/httpd/conf/httpd.conf":

       owner => root,

       group => root,

       mode => 644,

       require => Package["httpd"],

       source => "puppet://$puppetserver/modules/httpd/etc/httpd/conf/httpd.conf",

       notify => Exec["reload-apache2"];

 

      

       "/etc/httpd/conf.d":

        notify => Exec["reload-apache2"],

       source => "puppet://$puppetserver/modules/httpd/etc/httpd/conf.d",

       owner => root,

        group => root,

       recurse => true;

      

       "/var/www":

       source => "puppet://$puppetserver/modules/httpd/var/www",

       recurse => true;

       }

 

       service {

       "httpd":

       ensure => running,

       enable => true,

       require => Package["httpd"]

       }

}

 

把相关配置文件复制到modules/file/httpd中

创建虚拟机或网页

cd /etc/puppet/modules/httpd/files

mkdir -vp /etc/httpd/conf

mkdir -vp /etc/httpd/conf.d

mkdir -vp /var/www

cp /etc/httpd/conf/httpd.conf /etc/puppet/modules/httpd/files/etc/httpd/conf/ -rp

cp /etc/httpd/conf.d/ /etc/puppet/modules/httpd/files/etc/httpd/conf.d/ -rp

cp /var/www/html /etc/puppet/modules/httpd/files/var/www/ -rp

 

Puppet Dashboard控制台

Puppet Dashboard是一个Ruby on Rails程序，可以在WEB上显示“PuppetMaster”和“Puppet Agent”的相关信息，并且可以配置、创建”Puppet Agent”节点，并且修改定义”Puppet Agent”的类和参数。

 

安装所需软件包：mysql和ruby

master

yum install mysql mysql-devel mysql-server ruby ruby-devel ruby-irb ruby-mysql ruby-rdoc ruby-ri -y

No package ruby-mysql available.

No package ruby-ri available.

 

光盘外的包：

Cd /common/epel rpms                                                                         

rpm -ivh ruby-mysql-2.8.2-1.el6.x86_64.rpm

 

安装文档一步步做

 

我的nginx.pp的配置如下。
class nginx {
        $path="/usr/local/nginx/conf"
        File { owner => "root", group => "root", mode => "644" }
        Exec { path => "/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin" }
        file {"nginx.conf":
                name => "$path/nginx.conf",
                content => template("/etc/puppet/manifests/nginx/default/nginx.conf"),
                notify  => Exec["nginx_reload"]; }
        exec {
                "nginx_reload":
                command =>  "killall -9 nginx && sleep 2 && /usr/local/nginx/sbin/nginx  -c /usr/local/nginx/conf/nginx.conf ",
                unless => "/usr/local/nginx/sbin/nginx -t -c /usr/local/nginx/conf/nginx.conf",
                refreshonly => true; }
}

客户端部署了nginx
但是执行后发现，如果修改主控端nginx配置，则客户端能正常修改。但是却无法重启服务。
报错如下：

[root@jx_yc03 ~]#  puppetd --server *  --test
notice: Ignoring --listen on onetime run
info: Caching catalog for jx_yc03.ysten.org
info: Applying configuration version '1377003105'
wrong number of arguments (2 for 1)
notice: /Stage[main]/Nginx/File[nginx.conf]/content: 

info: FileBucket got a duplicate file {md5}495328e195e6030aa9b58ed778750213
info: /Stage[main]/Nginx/File[nginx.conf]: Filebucketed /usr/local/nginx/conf/nginx.conf to puppet with sum 495328e195e6030aa9b58ed778750213
notice: /Stage[main]/Nginx/File[nginx.conf]/content: content changed '{md5}495328e195e6030aa9b58ed778750213' to '{md5}328571e41dbf307bff28a17b7624211e'
info: /Stage[main]/Nginx/File[nginx.conf]: Scheduling refresh of Exec[nginx_reload]
wrong number of arguments (2 for 1)
wrong number of arguments (2 for 1)
err: /Stage[main]/Nginx/Exec[nginx_reload]: Failed to call refresh: killall -9 nginx && sleep 2 && /usr/local/nginx/sbin/nginx  -c /usr/local/nginx/conf/nginx.conf  returned 1 instead of one of [0] at /etc/puppet/manifests/nginx.pp:13
notice: Finished catalog run in 0.18 seconds