|
|
puppet 是近年来崛起的运维神器,通俗的语法,简单的结构,利用puppet可以非常方便的进行批量部署,puppet是用ruby语言写的,可以跨平台,windows,linux,unix通吃,谓之"神器" 。
由于Linux是操作系统中的“明星”,Linux家族人丁旺盛,各种版本的Linux占据了相当份额的服务器市场,puppet在Linux上跑的非常顺畅。跟很多开源软件一样,尽管puppet也可以在windows上运行,实际上是个阉割版,属于二等公民。
又由于换了一份工作,我手头接管了一批windows机器,于是尝试在windows 2008 x64上部署puppet 客户端,减少装机时的重复劳动,服务端跑的仍然是Linux (centos 6)。
再者,puppet在windows上的资料目前还是很少的,官网资料也仅一页带过,希望本文对读者有所帮助。
由于puppetlabs上很少有现成windows模板可用,只得自己写规则啦。先写个简单的创建模板的脚本。
- #cat /etc/puppet/generate_module.sh
- #!/usr/bin/env bash
- #usage:generate_module.sh module-name
- mkdir -p /etc/puppet/modules/$1/{manifests,templates,files}
- touch /etc/puppet/modules/$1/manifests/init.pp
- echo ""
- echo -e module $1 has been generated
- echo -e see /etc/puppet/modules/$1 for detail.
- #chmod 755 /etc/puppet/generate_module.sh
要创建一个模板就运行 ./generate_module.sh xxx
下面仅列举几个实例来说明puppet在windows上的用法
需求一,安装nagios windows 客户端nsclient++
- #cat modules/windows-nscp/manifests/init.pp
- class windows-nscp {
- if $operatingsystem == "windows" {
- file { "c:\\NSCP-0.4.0.183-x64.msi":
- ensure => present,
- source => "puppet:///modules/windows-nscp/NSCP-0.4.0.183-x64.msi",
- notify => Package["nscp"],
- }
- package {"nscp":
- ensure => installed,
- provider => "msi",
- source => "c:\\NSCP-0.4.0.183-x64.msi",
- require => File["c:\\NSCP-0.4.0.183-x64.msi"],
- notify => File["c:\\progra~1\\NSClient++\\nsclient.ini"],
- }
- file { "c:\\progra~1\\NSClient++\\nsclient.ini":
- ensure => present,
- source => "puppet:///modules/windows-nscp/nsclient.ini",
- notify => Service["nscp"],
- }
- service {"nscp":
- ensure => 'running',
- enable => true,
- require => Package["nscp"],
- }
- # due to memory leak,nscp need a daily restart
- scheduled_task {'daily stop nscp':
- ensure => present,
- enabled => true,
- command => 'C:\\Windows\\System32\\net.exe',
- arguments => 'stop nscp',
- trigger => {
- schedule => daily,
- every => 7,
- start_date => '2012-12-21',
- start_time => '17:00',
- }
- }
- scheduled_task {'daily start nscp':
- ensure => present,
- enabled => true,
- command => 'C:\\Windows\\System32\\net.exe',
- arguments => 'start nscp',
- trigger => {
- schedule => daily,
- every => 7,
- start_date => '2012-12-21',
- start_time => '17:01',
- }
- }
- }
- }
nscp不好伺候,代码很多,大致解释如下
1,从服务器上下载nscp安装包到c盘根目录
2,从c盘安装nscp软件包
3,搞定nscp配置文件内容(nsclient.log日志大小要注意)
4,启动服务
5,制定任务计划,定期重启nscp服务(经观察,nscp有些内存泄漏,我的机器一周后,nscp占内存近1G)
需求二,服务器上安装7zip压缩软件
这个相对简单,没有过多的麻烦
- # cat modules/windows-7z/manifests/init.pp
- class windows-7z {
- if $operatingsystem == "windows" {
- file { "c:\\7z920-x64.msi":
- ensure => present,
- source => "puppet:///modules/windows-7z/7z920-x64.msi",
- notify => Package["7z"],
- }
- package {"7z":
- ensure => installed,
- provider => "msi",
- source => "c:\\7z920-x64.msi",
- require => File["c:\\7z920-x64.msi"],
- }
- }
- }
需求三,管理服务(以防火墙服务为例)
如果没有远程管理卡,对于windows防火墙的误操作很容易将远程弄死,puppet客户端通过定时与服务器通信,可以帮你解锁。除非windows脚本,暂时没有发现puppet可以直接操作防火墙规则。
- class windows-firewall {
- if $operatingsystem == "windows" {
- service {"MpsSvc" :
- ensure =>'running',
- enable => true,
- }
- }
- }
这样一来,关键时刻将running改为stopped,就可以关闭防火墙了。
其他服务
- # cat modules/windows-spooler/manifests/init.pp
- class windows-spooler {
- if $operatingsystem == "windows" {
- service {'Spooler':
- ensure => 'stopped',
- enable => true,
- }
- }
- }
spooler对于服务器是个没用的服务,停掉!
需求四,管理注册表(以时间同步为例)
下面这个示例是抄的,在puppet 模块中可以找到,名称winntp
- # cat modules/winntp/manifests/init.pp
- class winntp (
- $special_poll_interval = 900, # 15 minutes
- $ntp_server = '10.1.1.36,10.1.1.37',
- $max_pos_phase_correction = '0xFFFFFFFF', # unlimited
- $max_neg_phase_correction = '0xFFFFFFFF') {
- include 'registry'
- service { 'w32time':
- ensure => 'running',
- }
- # Info on these settings at http://technet.microsoft.com/en-us/library/cc773263(v=ws.10).aspx
- registry_value { 'HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\Type':
- ensure => present,
- type => 'string',
- data => 'NTP',
- notify => Service['w32time'],
- }
- registry_value { 'HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Config\AnnounceFlags':
- ensure => present,
- type => 'dword',
- data => '5',
- notify => Service['w32time'],
- }
- registry_value { 'HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient\SpecialPollInterval':
- ensure => present,
- type => 'dword',
- data => $special_poll_interval,
- notify => Service['w32time'],
- }
- registry_value { 'HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer\Enabled':
- ensure => present,
- type => 'dword',
- data => '1',
- notify => Service['w32time'],
- }
- registry_value { 'HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\NtpServer':
- ensure => present,
- type => 'string',
- data => $ntp_server,
- notify => Service['w32time'],
- }
- registry_value { 'HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Config\MaxPosPhaseCorrection':
- ensure => present,
- type => 'dword',
- data => $max_pos_phase_correction,
- notify => Service['w32time'],
- }
- registry_value { 'HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Config\MaxNegPhaseCorrection':
- ensure => present,
- type => 'dword',
- data => $max_neg_phase_correction,
- notify => Service['w32time'],
- }
- }
说明
1、linux和windows文件存在字符集不同的问题,如果你想让linux上的puppet管理windows上的文件内容,最好的办法是在windows上将示例文件上传,比如上文的nsclient.ini
2、文件/etc/puppet/modules/windows-7z/files/7z920-x64.msi 在puppet语法中的表示方法为puppet:///modules/windows-7z/7z920-x64.msi ,实际路径中的files被省略了,卖个关子,不解释。
3、puppet目前能安装的软件必须是msi格式的,且必须是本地安装,也不支持exe
4、路径问题,c:\test.txt 应该写成c:\\test.txt,因为\在Linux中是转义的意思。
5、如果是默认安装,puppet windows客户端配置文件在c:\programdata/puppetlabs/puppet/etc/puppet.conf,且内容要改,具体是pluginsync=false
6、暂时就这么多了
|
|
QQ群⑧:
窥视卡
雷达卡
发表于 2018-6-11 06:46:44
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡