puppet on windows
puppet 是近年来崛起的运维神器,通俗的语法,简单的结构,利用puppet可以非常方便的进行批量部署,puppet是用ruby语言写的,可以跨平台,windows,linux,unix通吃,谓之"神器" 。由于Linux是操作系统中的“明星”,Linux家族人丁旺盛,各种版本的Linux占据了相当份额的服务器市场,puppet在Linux上跑的非常顺畅。跟很多开源软件一样,尽管puppet也可以在windows上运行,实际上是个阉割版,属于二等公民。
又由于换了一份工作,我手头接管了一批windows机器,于是尝试在windows 2008 x64上部署puppet 客户端,减少装机时的重复劳动,服务端跑的仍然是Linux (centos 6)。
再者,puppet在windows上的资料目前还是很少的,官网资料也仅一页带过,希望本文对读者有所帮助。
由于puppetlabs上很少有现成windows模板可用,只得自己写规则啦。先写个简单的创建模板的脚本。
[*] #cat /etc/puppet/generate_module.sh
[*] #!/usr/bin/env bash
[*] #usage:generate_module.sh module-name
[*] mkdir -p /etc/puppet/modules/$1/{manifests,templates,files}
[*] touch /etc/puppet/modules/$1/manifests/init.pp
[*] echo ""
[*] echo -emodule $1 has beengenerated
[*] echo -esee /etc/puppet/modules/$1 for detail.
[*] #chmod 755 /etc/puppet/generate_module.sh
要创建一个模板就运行 ./generate_module.sh xxx
下面仅列举几个实例来说明puppet在windows上的用法
需求一,安装nagios windows 客户端nsclient++
[*] #cat modules/windows-nscp/manifests/init.pp
[*] class windows-nscp {
[*] if $operatingsystem == "windows" {
[*] file { "c:\\NSCP-0.4.0.183-x64.msi":
[*] ensure => present,
[*] source => "puppet:///modules/windows-nscp/NSCP-0.4.0.183-x64.msi",
[*] notify => Package["nscp"],
[*] }
[*] package {"nscp":
[*] ensure => installed,
[*] provider => "msi",
[*] source => "c:\\NSCP-0.4.0.183-x64.msi",
[*] require => File["c:\\NSCP-0.4.0.183-x64.msi"],
[*] notify => File["c:\\progra~1\\NSClient++\\nsclient.ini"],
[*] }
[*] file { "c:\\progra~1\\NSClient++\\nsclient.ini":
[*] ensure => present,
[*] source => "puppet:///modules/windows-nscp/nsclient.ini",
[*] notify => Service["nscp"],
[*] }
[*] service {"nscp":
[*] ensure => 'running',
[*] enable => true,
[*] require => Package["nscp"],
[*] }
[*] # due to memory leak,nscp need a daily restart
[*] scheduled_task {'daily stop nscp':
[*] ensure => present,
[*] enabled => true,
[*] command => 'C:\\Windows\\System32\\net.exe',
[*] arguments => 'stop nscp',
[*] trigger => {
[*] schedule => daily,
[*] every => 7,
[*] start_date => '2012-12-21',
[*] start_time => '17:00',
[*] }
[*] }
[*] scheduled_task {'daily start nscp':
[*] ensure => present,
[*] enabled => true,
[*] command => 'C:\\Windows\\System32\\net.exe',
[*] arguments => 'start nscp',
[*] trigger => {
[*] schedule => daily,
[*] every => 7,
[*] start_date => '2012-12-21',
[*] start_time => '17:01',
[*] }
[*] }
[*] }
[*] }
nscp不好伺候,代码很多,大致解释如下
1,从服务器上下载nscp安装包到c盘根目录
2,从c盘安装nscp软件包
3,搞定nscp配置文件内容(nsclient.log日志大小要注意)
4,启动服务
5,制定任务计划,定期重启nscp服务(经观察,nscp有些内存泄漏,我的机器一周后,nscp占内存近1G)
需求二,服务器上安装7zip压缩软件
这个相对简单,没有过多的麻烦
[*] # cat modules/windows-7z/manifests/init.pp
[*] class windows-7z {
[*] if $operatingsystem == "windows" {
[*] file { "c:\\7z920-x64.msi":
[*] ensure => present,
[*] source => "puppet:///modules/windows-7z/7z920-x64.msi",
[*] notify => Package["7z"],
[*] }
[*] package {"7z":
[*] ensure => installed,
[*] provider => "msi",
[*] source => "c:\\7z920-x64.msi",
[*] require => File["c:\\7z920-x64.msi"],
[*] }
[*] }
[*] }
需求三,管理服务(以防火墙服务为例)
如果没有远程管理卡,对于windows防火墙的误操作很容易将远程弄死,puppet客户端通过定时与服务器通信,可以帮你解锁。除非windows脚本,暂时没有发现puppet可以直接操作防火墙规则。
[*] class windows-firewall {
[*] if $operatingsystem == "windows" {
[*] service {"MpsSvc" :
[*] ensure =>'running',
[*] enable => true,
[*] }
[*] }
[*] }
这样一来,关键时刻将running改为stopped,就可以关闭防火墙了。
其他服务
[*] # cat modules/windows-spooler/manifests/init.pp
[*] class windows-spooler {
[*] if $operatingsystem == "windows" {
[*] service {'Spooler':
[*] ensure => 'stopped',
[*] enable => true,
[*] }
[*] }
[*] }
spooler对于服务器是个没用的服务,停掉!
需求四,管理注册表(以时间同步为例)
下面这个示例是抄的,在puppet 模块中可以找到,名称winntp
[*] # cat modules/winntp/manifests/init.pp
[*] class winntp (
[*] $special_poll_interval = 900, # 15 minutes
[*] $ntp_server = '10.1.1.36,10.1.1.37',
[*] $max_pos_phase_correction = '0xFFFFFFFF', # unlimited
[*] $max_neg_phase_correction = '0xFFFFFFFF') {
[*] include 'registry'
[*] service { 'w32time':
[*] ensure => 'running',
[*] }
[*] # Info on these settings at http://technet.microsoft.com/en-us/library/cc773263(v=ws.10).aspx
[*] registry_value { 'HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\Type':
[*] ensure => present,
[*] type => 'string',
[*] data => 'NTP',
[*] notify => Service['w32time'],
[*] }
[*] registry_value { 'HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Config\AnnounceFlags':
[*] ensure => present,
[*] type => 'dword',
[*] data => '5',
[*] notify => Service['w32time'],
[*] }
[*] registry_value { 'HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient\SpecialPollInterval':
[*] ensure => present,
[*] type => 'dword',
[*] data => $special_poll_interval,
[*] notify => Service['w32time'],
[*] }
[*] registry_value { 'HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer\Enabled':
[*] ensure => present,
[*] type => 'dword',
[*] data => '1',
[*] notify => Service['w32time'],
[*] }
[*] registry_value { 'HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\NtpServer':
[*] ensure => present,
[*] type => 'string',
[*] data => $ntp_server,
[*] notify => Service['w32time'],
[*] }
[*] registry_value { 'HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Config\MaxPosPhaseCorrection':
[*] ensure => present,
[*] type => 'dword',
[*] data => $max_pos_phase_correction,
[*] notify => Service['w32time'],
[*] }
[*] registry_value { 'HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Config\MaxNegPhaseCorrection':
[*] ensure => present,
[*] type => 'dword',
[*] data => $max_neg_phase_correction,
[*] notify => Service['w32time'],
[*] }
[*] }
说明
1、linux和windows文件存在字符集不同的问题,如果你想让linux上的puppet管理windows上的文件内容,最好的办法是在windows上将示例文件上传,比如上文的nsclient.ini
2、文件/etc/puppet/modules/windows-7z/files/7z920-x64.msi 在puppet语法中的表示方法为puppet:///modules/windows-7z/7z920-x64.msi ,实际路径中的files被省略了,卖个关子,不解释。
3、puppet目前能安装的软件必须是msi格式的,且必须是本地安装,也不支持exe
4、路径问题,c:\test.txt 应该写成c:\\test.txt,因为\在Linux中是转义的意思。
5、如果是默认安装,puppet windows客户端配置文件在c:\programdata/puppetlabs/puppet/etc/puppet.conf,且内容要改,具体是pluginsync=false
6、暂时就这么多了
页:
[1]