puppet自动化搭建
一:基础讲解Ntp,DNS需要
源码先安装ruby,facter,puppet
Cd puppet-XXX
Ruby install.rb
二:环境搭建
1、服务端master
A、yum配置
环境自带源
rpm -ivh https://yum.puppetlabs.com/el/7/products/x86_64/puppetlabs-release-7-10.noarch.rpm
yum install puppet-server -y
B、 hosts配置
vi /etc/hosts
172.17.0.2 master.domain.com master
172.17.0.3 slave.domain.com slave
C、puppet文件配置
rm -rf/etc/puppet/puppet.conf
puppet master --genconfig>> /etc/puppet/puppet.conf
grep -v "^$\|#" /etc/puppet/puppet.conf
62 # manifestdir = /etc/puppet/manifests
63 # manifest = /etc/puppet/manifests/site.pp
64 # masterlog = /var/lib/puppet/log/puppetmaster.log
69 # modulepath = /etc/puppet/modules:/usr/share/puppet/modules
107 # templatedir = /var/lib/puppet/templates
注释掉
vi /etc/puppet/puppet.conf
certname=master.domain.com//服务端的名字
D、启动服务
systemctl start puppetmaster.service
systemctl enable puppetmaster.service
F、暂时不用
##puppet master --verbose --no-daemonize
--verbose 显示更多的输出项目
--no-daemonize 前台运行,并将输出重定向至标准输出
2、客户端配置
A、yum配置
rpm -ivh https://yum.puppetlabs.com/el/7/products/x86_64/puppetlabs-release-7-10.noarch.rpm
yum install puppet -y
B、hosts配置
vi /etc/hosts
172.17.0.2 master.domain.com master
172.17.0.3 slave.domain.com slave
C、puppet文件配置
certname = slave.domain.com
server = master.domain.com#服务器设置
report = true
listen = true#增加监听
runinterval = 10 #设置同步的间隔时间,单位为秒
D、启动服务
systemctl start puppet.service
systemctl enable puppet.service
puppet agent --server master.domain.com --noop --test -d -v # 模拟测试执行,但不做任何操作实际的操作; 可看到创建证书请求文件。
3、在master上通过验证:
A、手动授权
puppet cert --list //列出请求列表
puppet cert --list --all //查看所有签发过的证书
puppet cert --sign slave.domain.com //签名证书
puppet cert --sign --all //对所有证书进行签名
puppet cert --revoke slave.puppet.com//证书过期
puppet cert --clean slave.puppet.com//删除证书
rm-rf /var/lib/puppet/ssl///客户端删除证书
B、自动授权
cat /etc/puppet/autosign.conf <<EOF
> *.domain.com
> EOF
4、测试效果
A、服务端
一定要关闭防火墙和selinux
vim /etc/puppet/manifests/site.pp
file{
"/tmp/test.txt":
content=>"Hello, puppet test!\n",
ensure => present,
mode => 644,
owner => root,
group => root,
}
B、客户端
puppet agent --test
puppet agent -vt
三:同步
1、同步文件
A、推送/media/hosts 文件,
# cat /media/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.0.102 master.jun.com master
192.168.0.101 client.jun.com client
192.168.0.104 client2.jun.com client2
192.168.0.105 client3.jun.com client3
192.168.0.106 client4.jun.com client4
B、在服务器端做以下操作
# vim /etc/puppet/fileserver.conf
path /media/#同步的目录
allow *
C、site.pp
# vim /etc/puppet/mainfests/site.pp
file
{"/media/hosts":#客户端的目录及文件名
source => "puppet://master.puppet.com/files/hosts",#同步的文件
group => root,#用户组修改
owner => root,#用户修改
mode => "644"#文件权限
}
D、客户端
puppet agent --test
2、同步安装包,启停服务
vim /etc/puppet/manifests/site.pp
A、装包
package {
["ntp","squid","postfix"]:
ensure => "installed";
}
B、服务启停
service {
"httpd":
ensure => running;
"vsftpd":
ensure => stopped;
}
3、执行脚本
先同步文件,再执行
A、cat ../fileserver.conf
path /media/
allow *
B、cat site.pp
file
{"/tmp/nodes1.sh":
source => "puppet://master.puppet.com/files/nodes1.sh",
group => puppet,
owner => puppet,
mode => "777"
}
exec
{"exec-mkdir":
cwd => "/tmp",
command => "sh /tmp/nodes1.sh",#执行文件
user=> puppet,#执行用户
path => "/usr/loal/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin",
}
4、cron计划任务
A、脚本
cron { "cron-shell":
command => "sh /tmp/test.sh",
user => "puppet",
minute => "27",
hour => "10"
}
cron { ntpdate:
command => "/usr/sbin/ntpdate 192.168.0.1 && /sbin/clock -w",
user => root,
minute => '*/5'
}
puppetdagent -vt
5、创建,删除用户
A、创建不带家目录
user {"wang":
uid => 2000,
gid => 2000,#用户组需要单独创立
home => "/home/wang",#不会生成家目录
shell => "/bin/bash"
}
B、删除用户(不删家目录)
user{"test":
ensure=>"absent",
}
C、创建带家目录用户,自定组
创建组
group{"sa":
ensure=>"present",
gid=>3000,
}
创建用户
user{"test":
ensure=>"present",
managehome=>true,
groups=>sa,
}
6、模块的应用
basemodulepath = /etc/puppet/modules:/usr/share/puppet/modules
如果不在默认文件路径,
方法一修改上面路径
方法二绝对路径导入
A、基础目录
cd /etc/puppet/manifests
cat site.pp
import "nodes.pp"#倒入模块
cat nodes.pp
node "slave.puppet.com" {
include test::test
}
cd /etc/puppet/modules/
mkdir -p test/{manifests,files,templates}
cd test/manifests/
vi init.pp
class test::test {
file {"/tmp/sky":
owner => root,
group => root,
ensure => present,
content => "www.baidu.com test by sky",
mode => 644,
}
}
7、密钥对的应用
A、基础讲解
【puppetsshkey参数】
alias:别名,通俗的可以理解为小名,主机可能具有多个别名。如果有多个话可以用数组表示。
ensure:sshkey的基础属性,指定key是否生成,可以设置的值为present,absent。
key:生成的密钥值,一般是十六进制数字的长字符串。
name:名称,主机名。
provider:经常不需要指定,puppet根据相应的操作系统选择相应的provider.
parsed:为ssh解析和生成已知的host文件。
target:存储的SSH密钥文件的路径。
type:key生成的加密类型,通过是ssh-dsa,或者ssh-rsa,备注,dsa也可以用dss来表示。
user:指定是哪个用户的key。
B、实验
ssh_authorized_key{“hostname”:
ensure=>present,
type=>“ssh-rsa”,
key=>“/root/.ssh/id_rsa.pub生成的密钥值”,
name=>“hostname随意”,
target=>“/home/sky/.ssh/authorized_keys”,
user=>‘sky’,
}
页:
[1]