1、定义通用目的节点
node 'base' {
include ntp
include iptables
include zabbix_agent
}
node 'node1.shamereedwine.com' inhertits base {
include nginx
}
2、节点名称支持使用正则表达式
node /^node[1234]\.magedu\.com$/ {
}
3、关于节点的定义:
/etc/puppet/manifests/
site.pp
base.pp
import "nginx/*.pp"
import "tomcat/*.pp"
import "varnish/*.pp"
nginx/
node1.shamereedwine.pp
nginx.pp
tomcat/
varnish/
4、使用外部节点分类器ENC
使用yaml语法,PyYAML
ldap:
如何检查清单文件中的语法错误?
# puppet parser validate /path/to/some/manifest_file.pp
puppet的配置文件:
puppet.conf:主配置文件
[main]
[agent]
[master]
manifests/site.pp:站点清单
namespaceauth.conf:名称空间认证,实现名称空间访问控制
kick模式依赖于此配置文件
[puppetmaster]
allow *.shamereedwine.com
[resource]
allow *.shamereedwine.com
auth.conf: 实现了Puppet的ACL功能:
RESTful风格的API:根据{environment}/{resource}/{key}路径,做访问控制
path /
auth any
environment production
allow *.shamereedwine.com
autosign.conf:客户端自动认证的配置文件
fileserver.conf:文件系统配置文件
puppet命令总结:
apply,agent,master,cert,describe,
puppet module list #显示安装的模块
agent:客户端进程
master:服务端进程
apply:应用本地清单文件
cert:证书管理
describe:资源帮助信息
module:模块管理
kick: master触发模式
帮助类命令:
describe
doc:生成puppet文档
help:查看帮助
resource:查看资源帮助
status:查看puppet状态
master命令的选项:
--no-deamonize
--daemonize,-D
--debug,-d
--verbose,-v
--genconfig
agent命令的常用选项:
--daemonize,-D
--no-daemonize
--debug,-d
--verbose,-v
--noop: no opeation模式,不真正应用catalog
--test:测试
--waitforcert:等待证书签署成功
apply命令常用选项:
--debug,-d
--verbose,-v
--execute,-e
--modulepath
cert命令的常用操作:
list:
sign:签署
clean:清除证书
revoke:吊销证书
verify:验证本地指定的证书
genreate:为客户端生成证书
puppet的模块管理:
puppet运行环境定制:
开发:development
测试:testing
线上:production
puppet.conf
[master]
environment = production,testing,development
[production]
manifest = /etc/puppet/manifests/production/site.pp
modulepath = /etc/puppet/modules/production
fileserverconfig = /etc/puppet/fileserver.conf.production
[testing]
manifest = /etc/puppet/manifests/testing/site.pp
modulepath = /etc/puppet/modules/testing
fileserverconfig = /etc/puppet/fileserver.conf.testing
[development]
manifest = /etc/puppet/manifests/development/site.pp
modulepath = /etc/puppet/modules/development
fileserverconfig = /etc/puppet/fileserver.conf.development
auth.conf定制其访问控制机制:
path /
auth any
envionment production
allow localhost,*.magedu.com
path /
auth any
environment testing
allow localhost,test*.magedu.com
客户端配置:puppet.conf文件中
[agent]
enviroment = production
手动测试:
# puppet agent --test -d -v --noop --environment testing
git版本管理系统:
puppet-dashboard:
1、安装配置puppet-dashboard:
yum puppet-dashboard
gem install rake
[root@www ~]# yum install puppet-dashboard
阅读(887) | 评论(0) | 转发(0) |
