前面了解了puppet的一些资源、变量、条件语句、类等基本元素,现在开始学习使用puppet软件来做到让软件、配置自动化。
测试环境:
主机名 | Fqdn | IP地址 |
Puppet service | Puppet.onepc.com | 192.168.198.252 |
Pclient agent | Pclient.onepc.com | 192.168.198.144 |
由于没有用dns,所以直接在二台机器的/etc/hosts文件添加以下内容:
192.168.198.252 puppet.onepc.com puppet
192.168.198.144 pclient.onepc.com pclient
Puppet:cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=puppet.onepc.com
Pclient:cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=pclient.onepc.com
另外还需要搭建一个ntp时间服务器,因为master与agent之间的时间差不能超过多少,所以最好建一个时间服务器。
环境参考:http://kisspuppet.com/2014/03/06/puppet_learning_base3/
使用yum来安装puppet软件:
两台机都设置官方yum源
wgethttp://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-7.noarch.rpm
rpm -ivh puppetlabs-release-6-7.noarch.rpm
puppet主机:
yum install puppet-server chkconfig puppetmaster on service puppetmaster start
pclient主机:
yum install puppet chkconfig puppet on service puppet start
配置puppet主机(服务器)的puppet.conf文件:
在原来的基础上添加以下内容
[agent]
server = puppet.onepc.com
certname = puppet.onepc.com
[master]
certname = puppet.onepc.com
更改后如下:
[root@puppet puppet]# vi puppet.conf [main] # The Puppet log directory. # The default value is '$vardir/log'. logdir = /var/log/puppet # Where Puppet PID files are kept. # The default value is '$vardir/run'. rundir = /var/run/puppet # Where SSL certificates are kept. # The default value is '$confdir/ssl'. ssldir = $vardir/ssl [agent] # The file in which puppetd stores a list of the classes # associated with the retrieved configuratiion. Can be loaded in # the separate ``puppet`` executable using the ``--loadclasses`` # option. # The default value is '$confdir/classes.txt'. classfile = $vardir/classes.txt # Where puppetd caches the local configuration. An # extension indicating the cache format is added automatically. # The default value is '$confdir/localconfig'. localconfig = $vardir/localconfig server = puppet.onepc.com certname = puppet.onepc.com [master] certname = puppet.onepc.com
配置pclient主机的puppet.conf文件:
注:这里没有配置certname,默认是以主机名为certname。
[root@pclient puppet]# cat puppet.conf [main] # The Puppet log directory. # The default value is '$vardir/log'. logdir = /var/log/puppet # Where Puppet PID files are kept. # The default value is '$vardir/run'. rundir = /var/run/puppet # Where SSL certificates are kept. # The default value is '$confdir/ssl'. ssldir = $vardir/ssl [agent] # The file in which puppetd stores a list of the classes # associated with the retrieved configuratiion. Can be loaded in # the separate ``puppet`` executable using the ``--loadclasses`` # option. # The default value is '$confdir/classes.txt'. classfile = $vardir/classes.txt # Where puppetd caches the local configuration. An # extension indicating the cache format is added automatically. # The default value is '$confdir/localconfig'. localconfig = $vardir/localconfig server = puppet.onepc.comyg
参考:http://kisspuppet.com/2014/03/08/puppet_learning_base4/
目的:ntp软件自动安装,并且配置好ntp.conf文件
先把pclient主机上的ntp软件删除
[root@pclient puppet]# rpm -e --nodeps ntp-4.2.4p8-2.el6.centos.i686 warning: /etc/ntp.conf saved as /etc/ntp.conf.rpmsave
puppet主机上创建安装ntp模块:
[root@puppet /]# mkdir /etc/puppet/modules/ntp [root@puppet /]# mkdir /etc/puppet/modules/ntp/{files,manifests,templates} [root@puppet /]# touch /etc/puppet/modules/ntp/manifests/init.pp
/etc/puppet/modules/ntp/manifests/init.pp 内容如下:
[root@puppet manifests]# cat init.pp class ntp::install { package { "ntp": ensure => installed, } } class ntp::config { file { "/etc/ntp.conf": content => template("ntp/ntp.conf"), mode => 644, owner => root, group => root, } } class ntp::server { service { "ntpd": ensure => running, enable => true, } } class ntp { include ntp::install,ntp::config,ntp::server } [root@puppet manifests]#
把配置好的/etc/ntp.conf文件复制到 /etc/puppet/modules/ntp/templates目录下
修改 /etc/puppet/manifests/site.pp 文件
[root@puppet manifests]# pwd /etc/puppet/manifests [root@puppet manifests]# cat site.pp $puppetserver = 'puppet.onepc.com' #设置全局变量 node 'pclient.onepc.com'{ include ntp,motd } node 'puppet.onepc.com'{ include motd } [root@puppet manifests]#
文件结构如下:
[root@puppet modules]# tree ntp ntp ├── files ├── manifests │ └── init.pp └── templates └── ntp.conf 3 directories, 2 files
关于file资源里面的content中的template说明:
content => template(
"ntp/ntp.conf"
)
上面的文件路径ntp/ntp.conf,实际上是要把ntp.conf文件放到
modules --- ntp ---templates 目录下面
在pclient主机执行:puppet agent --test
[root@pclient ~]# ps -ef | grep yum root 4689 4465 13 14:32 ? 00:00:02 /usr/bin/python /usr/bin/yum -d 0 -e 0 -y install ntp
[root@pclient ~]# /etc/init.d/ntpd status ntpd (pid 4758) 正在运行... [root@pclient ~]# chkconfig | grep ntpd ntpd 0:关闭 1:关闭 2:启用 3:启用 4:启用 5:启用 6:关闭
[root@pclient puppet]# puppet agent --test Info: Retrieving pluginfacts Info: Retrieving plugin Info: Caching catalog for pclient.onepc.com Info: Applying configuration version '1397801029' Notice: /Stage[main]/Ntp::Install/Package[ntp]/ensure: created Notice: /Stage[main]/Ntp::Config/File[/etc/ntp.conf]/content: --- /etc/ntp.conf 2013-07-15 17:18:47.000000000 +0800 +++ /tmp/puppet-file20140418-4465-bp12nr-0 2014-04-18 14:33:25.023023769 +0800 @@ -15,14 +15,16 @@ restrict -6 ::1 # Hosts on local network are less restricted. -#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap +restrict 192.168.198.0 mask 255.255.255.0 nomodify notrap # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). -server 0.centos.pool.ntp.org iburst -server 1.centos.pool.ntp.org iburst -server 2.centos.pool.ntp.org iburst -server 3.centos.pool.ntp.org iburst +#server 0.centos.pool.ntp.org iburst +#server 1.centos.pool.ntp.org iburst +#server 2.centos.pool.ntp.org iburst +#server 3.centos.pool.ntp.org iburst +server 127.127.1.0 +fudge 127.127.1.0 stratum 10 #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client Info: /Stage[main]/Ntp::Config/File[/etc/ntp.conf]: Filebucketed /etc/ntp.conf to puppet with sum 7fda24f62b1c7ae951db0f746dc6e0cc Notice: /Stage[main]/Ntp::Config/File[/etc/ntp.conf]/content: content changed '{md5}7fda24f62b1c7ae951db0f746dc6e0cc' to '{md5}ba7148ba27bc50aba58d36f537f0dafe' Notice: /Stage[main]/Ntp::Server/Service[ntpd]/ensure: ensure changed 'stopped' to 'running' Info: /Stage[main]/Ntp::Server/Service[ntpd]: Unscheduling refresh on Service[ntpd] Notice: Finished catalog run in 74.10 seconds [root@pclient puppet]#