什么是puppet

puppet批量管理工具,目前乐视,安居都是在用puppet,采用的是C/S模式的结构的linuxunix的集中配置

管理系统,puppet拥有自己的语言,可以管理文件用户,cron任务,软件包等,系统服务。

 

puppet工作原理:

采用httpsXML协议,master去管理client,客户通过httpsxmlrpc协议发给服务器端,服务器通过分析客户主机名,找到该主机配置代码

当客户端操作完成后向服务器返回消息,看看是否执行成功。

puppet

应用于公司有大量上百台服务器进行管理

 

 

puppet安装

注意时间要同步

ntpdate time.nist.gov

 

环境:

系统redhat6.5

master 192.168.2.1

client1  192.168.2.3

client2  192.168.2.4

 

首先时间同步,防火墙关掉

/etc/init.d/iptables  stop

需要ruby环境,装ruby

[root@agent ~]# yum -y install ruby

 

创建用户puppet

[root@localhost ~]# groupadd puppet

[root@localhost ~]# useradd -g puppet -s /bin/false  -M puppet

 

设置hosts puppet同步是通过域名同步

echo "192.168.1.102 master.test.com" >> /etc/hosts

echo "192.168.1.60 agent.test.com" >> /etc/hosts

echo "192.168.1.106 client02" >> /etc/hosts

 

机器名字改成域名形式

vim /etc/sysconfig/network

 

master必须改主机名,client不用改

把所有域名加到hosts里面,能通信

[root@localhost ~]# cat /etc/hosts

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4

::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

192.168.2.1 master.test.com

192.168.2.3 agent1.test.com

192.168.2.4 client02

 

确定域名通信

 

 

安装puppet软件包

[root@localhost ~]# tar zxf facter-1.6.4.tar.gz

[root@localhost ~]# cd facter-1.6.4    

[root@localhost facter-1.6.4]# ruby  install.rb

 

 

[root@agent ~]# tar zxf puppet-2.7.14.tar.gz

[root@agent ~]# cd puppet-2.7.14

[root@agent puppet-2.7.14]# ruby  install.rb

 

 

[root@localhost puppet-2.7.9]# mkdir -p /etc/puppet

[root@localhost puppet-2.7.9]# cp conf/redhat/* /etc/puppet/

[root@localhost puppet-2.7.9]# cp conf/auth.conf  /etc/puppet/

 

 

MASTER

建立配置文件目录

[root@localhost ~]# mkdir  /etc/puppet/manifests -p

[root@localhost puppet]# pwd

/etc/puppet

[root@localhost puppet]# cp server.init  /etc/init.d/puppetmaster 复制启动文件

[root@localhost puppet]# chmod  755 /etc/init.d/puppetmaster 给权限

 

 

启动puppet

[root@localhost puppet]# /etc/init.d/puppetmaster  start

启动 puppetmaster:                                        [确定]

[root@localhost puppet]# ps -ef |grep puppet

puppet    48544      1  0 00:33 ?        00:00:00 /usr/bin/ruby /usr/sbin/puppetmasterd

root      48558  47222  0 00:33 pts/2    00:00:00 grep puppet

 

 

Agent操作:

[root@agent puppet-2.7.14]# puppetd --test --server master.test.com   请求证书

info: Creating a new SSL key for agent.test.com

warning: peer certificate won't be verified in this SSL session

info: Caching certificate for ca

warning: peer certificate won't be verified in this SSL session

warning: peer certificate won't be verified in this SSL session

info: Creating a new SSL certificate request for agent.test.com

info: Certificate Request fingerprint (md5): 2B:25:B8:D5:53:7D:0C:35:6C:F0:C2:01:3F:56:E9:CB

warning: peer certificate won't be verified in this SSL session

warning: peer certificate won't be verified in this SSL session

warning: peer certificate won't be verified in this SSL session

Exiting; no certificate found and waitforcert is disabled

 

Master查看

[root@localhost puppet]# puppetca -l  发现有一个请求证书

agent.test.com (2B:25:B8:D5:53:7D:0C:35:6C:F0:C2:01:3F:56:E9:CB)

 

Master授权证书

[root@localhost puppet]# puppetca -s agent.test.com

notice: Signed certificate request for agent.test.com

notice: Removing file Puppet::SSL::CertificateRequest agent.test.com at '/var/lib/puppet/ssl/ca/requests/agent.test.com.pem'

 

 

 

[root@localhost puppet]# ll /var/lib/puppet/ssl/ca/signed/  Server端证书目录

总用量 8

-rw-r-----. 1 puppet puppet 1387  327 11:46 agent.test.com.pem

-rw-r-----. 1 puppet puppet  936  327 11:28 master.test.com.pem

 

 

 

Agent查看证书

[root@agent puppet-2.7.14]# puppetd --test --server master.test.com

warning: peer certificate won't be verified in this SSL session

info: Caching certificate for agent.test.com

info: Caching certificate_revocation_list for ca

info: Caching catalog for agent.test.com

info: Applying configuration version '1459050414'

info: Creating state file /var/lib/puppet/state/state.yaml

notice: Finished catalog run in 0.02 seconds

 

 

OK 证书请求完成

 

 

 

puppet配置管理

 

Master配置

创建编写配置文件

[root@localhost puppet]# cd /etc/puppet/manifests/

[root@localhost manifests]# vim site.pp

[root@localhost manifests]# cat site.pp

node default{                  在客户端下

file {"/tmp/test.txt":    创建testtxt文件

content=>"I'm test puppet\n";   文件内容

}

}

 

重启puppet  第一服务次创建需要重启puppet

[root@localhost manifests]# /etc/init.d/puppetmaster  restart

停止 puppetmaster:                                        [确定]

启动 puppetmaster:                                        [确定]

 

Agent运行查看

[root@agent puppet-2.7.14]# puppetd --test --server master.test.com

info: Caching catalog for agent.test.com

info: Applying configuration version '1459051322'

notice: /Stage[main]//Node[default]/File[/tmp/test.txt]/ensure: defined content as '{md5}126809c793cb00f34616532d90ab1e85'

notice: Finished catalog run in 0.03 seconds

提示有文件

那么查看下

[root@agent tmp]# ls

orbit-gdm  pulse-yllwWiOizWaB  test.txt  yum.log

[root@agent tmp]# cat test.txt

I'm test puppet

 

ok同步成功

 

 

加入要创建一个用户并改变用户和授权怎么做?

[root@localhost manifests]# cat site.pp   这个脚本是将大于100kblog日志的脚本

node default{

file {"/tmp/test.txt":

content=>"find /log/ -type f -size +100KB |xargs rm -rf\n",

mode=>"0777",

}

}

[root@agent tmp]# ll test.sh   agent查看是root用户

-rwxrwxrwx. 1 root root 46  327 12:17 test.sh

 

 

[root@localhost manifests]# cat site.pp   配置属组用户

node default{

file {"/tmp/test.sh":

content=>"find /log/ -type f -size +100KB |xargs rm -rf\n",

mode=>"0777",

group=>"puppet",

owner=>"puppet",

}

}

 

agent运行

 

[root@agent tmp]# ll test.sh   变成puppet

-rwxrwxrwx. 1 puppet puppet 46  327 12:17 test.sh

 

 

 

设置计划任务

cron { "ntp time ":  这个是名字  在agent里面是注释

command => "/usr/sbin/ntpdate pool.ntp.org >/dev/null 2>&1",

minute => '*/10',

hour => ['2-4'],

monthday => [2,4],

ensure => present,

environment => "PATH=/bin:/usr/bin:/usr/sbin"

}

}

 

Agent查看计划任务

[root@agent tmp]# puppetd --test --server master.test.com

info: Caching catalog for agent.test.com

info: Applying configuration version '1459053791'

notice: /Stage[main]//Node[default]/Cron[ntp time ]/ensure: created

notice: Finished catalog run in 0.11 seconds

[root@agent tmp]# crontab  -l

# HEADER: This file was autogenerated at Sun Mar 27 12:43:12 +0800 2016 by puppet.

# HEADER: While it can still be managed manually, it is definitely not recommended.

# HEADER: Note particularly that the comments starting with 'Puppet Name' should

# HEADER: not be deleted, as doing so could cause duplicate cron jobs.

# Puppet Name: ntp time

PATH=/bin:/usr/bin:/usr/sbin

*/10 2-4 2,4 * * /usr/sbin/ntpdate pool.ntp.org >/dev/null 2>&1

 

 

 

假如在puppet用户执行这任务

那么直接加user=puppet就可以

 

假如我想把master端一个文件同步到agent上,怎么写?

创建同步的文件

[root@localhost puppet]# mkdir /etc/puppet/system_conf

[root@localhost puppet]# cd /etc/puppet/system_conf/

[root@localhost system_conf]# vim a.log

[root@localhost system_conf]# cat a.log

test

[root@localhost system_conf]# ll a.log

-rw-r--r--. 1 root root 5  327 12:55 a.log

 

修改master端配置 四部曲:

第一步:配置共享目录

[root@localhost puppet]# cat fileserver.conf   在文件里添加内容,代表将这个目录共享出去

[system_conf]

path /etc/puppet/system_conf/

allow *

 

第二步:重启puppet

[root@localhost puppet]# /etc/init.d/puppetmaster  restart

停止 puppetmaster:                                        [确定]

启动 puppetmaster:                                        [确定

第三步:需要将同步的文件放到system.conf文件中,前面已经做了

第四步:修改mastersite.pp

file {"a.log":

mode=>644,

source => "puppet://master.test.com/system_conf/a.log"; 制定来源

}

}

agent查看

[root@agent etc]# cat a.log

test

 

根据不同业务配置不同的服务器:

 

配置node节点

node 'client02' {        client02主机名,代表在client02下同步

        file{ "/var/log/snmp.log":

                content=>"test/n".

}

添加如下参数

 

 

 

 

puppet主要配置文件puppet.conf  server.sysconfig

 

 

那么咱们之前都是手动同步,怎么设置成自动同步呢?、

agent

[root@agent etc]# cd /etc/puppet/

[root@agent puppet]# cp client.init  /etc/init.d/puppetagent

[root@agent puppet]# chmod  777 /etc/init.d/puppetagent

 

 

[root@agent puppet]# cp client.sysconfig  /etc/sysconfig/puppet

[root@agent puppet]# vim /etc/sysconfig/puppet   编辑文件

[root@agent puppet]# cat /etc/sysconfig/puppet

# The puppetmaster server

PUPPET_SERVER=master.test.com

 

# If you wish to specify the port to connect to do so here

#PUPPET_PORT=8140

 

# Where to log to. Specify syslog to send log messages to the system log.

PUPPET_LOG=/var/log/puppet/puppet.log

 

# You may specify other parameters to the puppet client here

PUPPET_EXTRA_OPTS=--waitforcert=500

 

[root@agent puppet]# /etc/init.d/puppetagent  start 启动服务,这样默认就从puppet

启动 puppet:                                              [确定]

 

 

这样咱们puppet完成了!!!