puppet3.3.1-(二)-puppet3.3.1源码安装配置
操作系统环境:CentOS5.4
一、Puppet介绍
Puppet是一个C/S架构的配置管理工具,在中央服务器上安装puppet-server软件包(被称作Puppetmaster)。在需要管理的目标主机上安装puppet客户端软件(被称作PuppetClient)。当客户端连接上Puppetmaster后,定义在 Puppetmaster上的配置文件会被编译,然后在客户端上运行。每个客户端默认每半个小时和服务器进行一次通信,确认配置信息的更新情况。如果有新的配置信息或者配置信息已经改变,配置将会被重新编译并发布到各客户端执行。也可以在服务器上主动触发一个配置信息的更新,强制各客户端进行配置。如果客户端的配置信息被改变了,它可以从服务器获得原始配置进行校正。
二、参考资料
puppet官网手册:
http://docs.puppetlabs.com/puppet/3/reference/index.html
安装:http://docs.puppetlabs.com/guides/installation.html
语法:http://docs.puppetlabs.com/puppet/3/reference/lang_visual_index.html
配置:http://docs.puppetlabs.com/guides/configuring.html
Dashboard安装文档:
http://docs.puppetlabs.com/dashboard/manual/1.2/bootstrapping.html#installing-dependencies
专题:puppet运维自动化那些事儿:
http://os.iyunv.com/art/201306/398025.htm
puppet运维自动化之Exec资源管理:
http://os.iyunv.com/art/201205/334242.htm
软件包版本:
puppet-3.3.1.tar.gz
facter-1.7.3.tar.gz
ruby-1.8.7-p374.tar.gz
本资料中,服务端hostname为puppetmaster.com,客户端hostname为puppetclient1.com及puppetclient2.com
1、下载地址
Ruby下载:
https://www.ruby-lang.org/en/news/2013/06/27/ruby-1-8-7-p374-is-released/
http://cache.ruby-lang.org/pub/ruby/2.0/ruby-2.0.0-p247.tar.gz
Puppet下载:
https://downloads.puppetlabs.com/puppet/
http://puppetlabs.com/misc/download-options
Facter下载:
https://downloads.puppetlabs.com/facter/
2、安装前提
1)配置好puppet master及agent的hostname
2)并在/etc/hosts配置,使其可以相互解析
192.168.148.24 puppetmaster.com
192.168.146.239 puppetclient1.com
192.168.146.101 puppetclient2.com
3)同步puppet服务端及客户端时间;
3、安装ruby
# ruby-1.8.7-p374.tar.gz
# cd ruby-1.8.7-p374
# ./configure
# make
# make install
# tar xzvf ruby-2.0.0-p247.tar.gz
# cd ruby-2.0.0-p247
# ./configure
# make
# make install
安装Puppet3.x,要求Ruby1.8.7版本及以上,如果要安装puppet-dashboard推荐使用1.8.7;
如果不安装puppet-dashboard,只安装puppet,推荐使用2.0.0;
Puppet客户端使用1.8.7的ruby,会生成lock文件(/var/lib/puppet/state/agent_catalog_run.lock),使用puppet kick或puppet agent -t时,会出错;具体见问题记录14;
注意:系统中如果自带低版本ruby,需要卸载,以免安装facter和puppet时,识别不到新版本;
# rpm -qa | grep ruby
ruby-devel-1.8.5-5.el5_3.7
ruby-1.8.5-5.el5_3.7
ruby-rdoc-1.8.5-5.el5_3.7
ruby-libs-1.8.5-5.el5_3.7
ruby-irb-1.8.5-5.el5_3.7
ruby-ri-1.8.5-5.el5_3.7
# rpm -e ruby-ri
# rpm -e ruby-rdoc
# rpm -e ruby-irb
# rpm -e ruby-devel
# rpm -e ruby
# rpm -e ruby-libs
# rpm -qa | grep ruby
4、安装facter
# tar xzvf facter-1.7.3.tar.gz
# cd facter-1.7.3
# ruby install.rb
5、安装puppet
# tar xzvf puppet-3.3.1.tar.gz
# cd puppet-3.3.1
# ruby install.rb
6、配置puppet并启动服务
创建puppet用户组:
# sudo puppet resource group puppet ensure=present
创建puppet用户:
# sudo puppet resource user puppet ensure=present gid=puppet shell='/sbin/nologin'
# cp -af ext/redhat/puppet.conf /etc/puppet/
服务端在中增加:
server = puppetmaster的hostname
certname = puppetmaster的hostname
客户端在中增加:
server = puppetmaster的hostname
创建puppetmaster启动脚本:
# cp -af puppet-3.3.1/ext/redhat/server.init /etc/init.d/puppetmaster
# chmod +x /etc/init.d/puppetmaster
可以使用puppet启动并永久启用puppetmaster:
# puppet resource service puppetmaster ensure=running enable=true
或:
# service puppetmaster start/stop
创建puppet启动脚本:
# cp -afext/redhat/client.init/etc/init.d/puppet
# chmod +x /etc/init.d/puppet
可以使用puppet启动并永久启用puppet:
# puppet resource service puppet ensure=running enable=true
或:
# service puppet start/stop
7、注册操作
客户端创建注册请求:
puppet agent -t同puppet agent --test
# puppet agent --test
Info: Caching certificate for ca
Info: Creating a new SSL certificate request for puppetclient1.com
Info: Certificate Request fingerprint (SHA256): 8C:66:ED:74:BC:A4:8A:94:F4:8A:9D:CE:B6:04:2A:8B:61:13:BE:D7:F7:71:19:7D:11:DA:49:AC:E5:C1:7A:13
Exiting; no certificate found and waitforcert is disabled
服务端查看注册请求:
# puppet cert list
"puppetclient1.com" (SHA256) 8C:66:ED:74:BC:A4:8A:94:F4:8A:9D:CE:B6:04:2A:8B:61:13:BE:D7:F7:71:19:7D:11:DA:49:AC:E5:C1:7A:13
# puppet cert list --all
查看所有客户端的请求(有+号的代表已经签好证书可以通信,没有加号的代表尚未签好证书)
服务端受理注册请求:
# puppet cert sign puppetclient1.com
Notice: Signed certificate request for puppetclient1.com
Notice: Removing file Puppet::SSL::CertificateRequest puppetclient1.com at '/var/puppet/vardir/ssl/ca/requests/puppetclient1.com.pem'
# puppet cert sign --all
受理所有注册请求
客户端确认注册是否成功:
# puppet agent --test
Info: Retrieving plugin
Info: Caching catalog for puppetclient1.com
Info: Applying configuration version '1382687178'
Notice: Finished catalog run in 0.03 seconds
至此,客户端已经在服务端注册成功;
服务端清理证书:
# puppet cert clean puppetclient1.com
8、配置服务端自动受理注册
在服务端:
/etc/puppet/puppet.conf
master中增加:autosign = ture
autosign = true
/etc/puppet/autosign.conf
配置客户端的certname,(可直接使用hostname),一个一行,例:
# cat /etc/puppet/autosign.conf
puppetclient1.com
puppetclient2.com
9、测试是否正常
在服务端编写执行代码:
# vim /etc/puppet/manifests/site.pp
-----------------添加如下内容-----------------------
file { "/tmp/temp1.txt":
content => "Hello World\n"; }
-----------------添加内容结束------------------------
在客户端执行命令:
# puppet agent --test
Info: Retrieving plugin
Info: Caching catalog for puppetclient1.com
Info: Applying configuration version '1382687704'
Notice: /Stage//File/ensure: defined content as '{md5}e59ff97941044f85df5297e1c302d260'
Notice: Finished catalog run in 0.03 seconds
在客户端查看是否成功创建:
# cat /tmp/temp1.txt
Hello World
页:
[1]