在centos7环境部署自动部署工具–puppet
ruby语言
功能:
集中配置管理系统。
puppet采用C/S星状的结构
C client
S server
每个客户端周期的(默认半个小时)向服务器发送请求,获得其最新的配置信息,保证和该配置信息同步。
在同步配置文件方面是比较强悍的。
puppet的工作过程:
- 节点和server之间进行通信时,在第一次,节点会向server发送证书签名请求以及自己的信息;
- server对节点的证书进行签署,完成后,节点和server之间可以建立连接,该连接是使用SSL加密的;
- server查找节点的定义信息,将节点的相关配置收集起来,解析成伪代码,传给节点;
- 节点检查自己当前的配置,如果和伪代码不一致,就会同步server的数据或配置;
- 节点将执行的结果通知server。
开始配置:
主机名,这个一定要写
/etc/hosts
[root@puppet ~]# tail -3 /etc/hosts
172.16.0.60 puppet.up.com puppet
172.16.0.61 node1.up.com node1
172.16.0.62 node2.up.com node2
[root@puppet ~]# scp /etc/hosts 172.16.0.61:/etc
[root@puppet ~]# scp /etc/hosts 172.16.0.62:/etc
1. server
puppet-master
安装epel源 在阿里云上有
[root@puppet ~]# yum install -y ruby ruby-libs puppet puppet-server facter
ruby 安装ruby环境
facter 系统盘点工具,负责采集系统信息
[root@puppet /etc/puppet]# ls
auth.conf fileserver.conf manifests modules puppet.conf
2. node1
[root@node1 ~]# yum install -y ruby ruby-libs puppet facter
3. 配置server
[root@puppet /etc/puppet]# touch manifests/site.pp
通知server到哪里找并载入指定的节点
[root@puppet ~]# systemctl start puppetmaster
[root@puppet ~]# systemctl enable puppetmaster
[root@puppet ~]# cd /var/lib/puppet/ssl/ca/signed/
[root@puppet /var/lib/puppet/ssl/ca/signed]# ls
puppet.pem
给自己签署的证书
4. node1
[root@node1 /etc/puppet]# vim puppet.conf
[main]
......
server = puppet.up.com
[root@node1 /etc/puppet]# ping puppet.up.com
PING puppet.up.com (172.16.0.60) 56(84) bytes of data.
64 bytes from puppet.up.com (172.16.0.60): icmp_seq=1 ttl=64 time=0.497 ms
[root@node1 ~]# systemctl start puppet
[root@node1 ~]# systemctl enable puppet
5. server
[root@puppet ~]# puppet cert -l
"node1.up.com" (SHA256) 31:34:6A:AA:98:97:0E:01:96:44:31:D2:7D:37:0F:85:13:0E:80:A4:1E:36:84:4D:D8:6A:45:C2:2C:E8:31:61
查看节点的签名请求信息
[root@puppet ~]# puppet cert -s node1.up.com
给节点1 签发证书
[root@puppet /var/lib/puppet/ssl/ca/signed]# ls
node1.up.com.pem puppet.pem
这个
---------------------------------------------
如果签发失败:
1. 检查主机名解析
2. 检查时间,是不是一致的
解决:
节点删除 /var/lib/puppet/ssl
server删除
[root@puppet /var/lib/puppet/ssl/ca/signed]# ls
node1.up.com.pem
节点重启puppet
重新请求签发
---------------------------------------------
开始同步配置:
[root@puppet /etc/puppet]# vim manifests/site.pp
import "nodes.pp"
##指定节点清单文件
$puppetserver="puppet.up.com"
##指定puppetserver
[root@puppet /etc/puppet]# vim manifests/nodes.pp
node 'node1.up.com' {
##定义节点信息
include hosts
##准备同步的文件
}
[root@puppet /etc/puppet/modules]# mkdir -p hosts/{manifests,files}
[root@puppet /etc/puppet/modules/hosts/manifests]# vim init.pp
class hosts {
package {"setup":
ensure => present,
allow_virtual => true
}
package类,定义了 hosts文件是哪个包安装的
如果已经安装,就不安装
如果没有安装,就安装
file {"/etc/hosts":
owner => root,
group => root,
mode => 0644,
source => "puppet://$puppetserver/modules/hosts/etc/hosts",
require => Package["setup"],
}
file类,定义同步文件的属性--所有者 所属组 权限
source 来源,从puppet的xx位置给节点同步
require 依赖安装package类里面的包
}
准备操作:
/etc/hosts --> node1
[root@puppet ~]# rpm -qf /etc/hosts
setup-2.8.71-7.el7.noarch
[root@puppet ~]# ll /etc/hosts
-rw-r--r-- 1 root root 253 Dec 5 10:00 /etc/hosts
拷贝准备同步的文件:
[root@puppet /etc/puppet/modules/hosts]# mkdir files/etc
[root@puppet /etc/puppet/modules/hosts]# cp /etc/hosts files/etc/
[root@puppet /etc/puppet/modules/hosts]# vim files/etc/hosts
修改,让它和节点上的不一样
[root@puppet /etc/puppet/modules]# tree .
.
└── hosts
├── files
│ └── etc
│ └── hosts
└── manifests
└── init.pp
[root@puppet ~]# systemctl restart puppetmaster
节点同步:手动
[root@node1 ~]# puppet agent --test
[root@node1 ~]# cat /etc/hosts
同步apache的配置文件
[root@puppet /etc/puppet]# vim manifests/nodes.pp
node 'node1.up.com' {
include hosts
include httpd <--
}
[root@puppet ~]# yum install -y httpd
[root@puppet /etc/puppet/modules]# cp -r hosts/ httpd
[root@puppet /etc/puppet/modules/httpd]# vim manifests/init.pp
class httpd {
package {"httpd":
ensure => present,
allow_virtual => true
}
file {"/etc/httpd/conf/httpd.conf":
owner => root,
group => root,
mode => 0644,
source => "puppet://$puppetserver/modules/httpd/etc/httpd.conf",
require => Package["httpd"],
}
}
[root@puppet /etc/puppet/modules/httpd/files/etc]# cp /etc/httpd/conf/httpd.conf .
[root@puppet /etc/puppet/modules/httpd]# vim files/etc/httpd.conf
[root@puppet ~]# systemctl restart puppetmaster
[root@puppet /etc/puppet/modules]# tree httpd/
httpd/
├── files
│ └── etc
│ └── httpd.conf
└── manifests
└── init
同步/etc/motd
[root@puppet /etc/puppet]# vim manifests/nodes.pp
node 'node1.up.com' {
include hosts
include httpd
include motd
}
[root@puppet /etc/puppet/modules]# cp -r hosts/ motd
[root@puppet /etc/puppet/modules/motd]# vim manifests/init.pp
class motd {
file {"/etc/motd":
owner => root,
group => root,
mode => 0644,
source => "puppet://$puppetserver/modules/motd/etc/motd",
}
}
[root@puppet /etc/puppet/modules/motd/files/etc]# cp /etc/motd .
[root@puppet /etc/puppet/modules/motd/files/etc]# cat motd
hello all
[root@node1 ~]# puppet agent --test
[root@node1 ~]# cat /etc/motd
hello all
增加节点node2
[root@node2 ~]# yum install -y ruby ruby-libs puppet facter
[root@node2 /etc/puppet]# scp 172.16.0.61:/etc/puppet/puppet.conf .
[root@node2 ~]# systemctl start puppet
[root@node2 ~]# systemctl enable puppet
server
[root@puppet ~]# puppet cert -l
"node2.up.com" (SHA256) 78:46:02:C6:7D:BC:82:E7:AA:98:88:EE:51:55:B1:B3:A2:98:0F:07:5A:22:A1:20:E3:89:25:AA:AF:C3:00:98
[root@puppet ~]# puppet cert -s node2.up.com
[root@puppet ~]# cd /var/lib/puppet/ssl/ca/signed/
[root@puppet /var/lib/puppet/ssl/ca/signed]# ls
node1.up.com.pem node2.up.com.pem <--
给node1同步的文件,给node2同步一份:
[root@puppet /etc/puppet]# vim manifests/nodes.pp
node 'node1.up.com' {
include hosts
include httpd
include motd
}
node 'node2.up.com' {
include hosts
include httpd
include motd
}
[root@puppet ~]# systemctl restart puppetmaster
node
[root@node2 ~]# puppet agent --test
配置自动同步:
[root@node1 ~]# vim /etc/puppet/puppet.conf
[agent]
......
report = true
runinterval = 5
[root@node2 ~]# vim /etc/puppet/puppet.conf
[agent]
......
report = true
runinterval = 5
配置agent每间隔5秒钟,与server同步一次数据文件。
[root@node1 ~]# systemctl restart puppet
[root@node2 ~]# systemctl restart puppet
[root@puppet ~]# vim test-puppet.sh
#!/bin/bash
# 每个3秒,向/etc/motd写入一行内容
file="/etc/puppet/modules/motd/files/etc/motd"
for i in `seq 1 10`
do
echo `date` >> $file
sleep 3
done
[root@puppet ~]# chmod +x test-puppet.sh
[root@puppet ~]# ./test-puppet.sh
[root@node1 ~]# watch -n 1 cat /etc/motd
[root@node2 ~]# watch -n 1 cat /etc/motd
给节点同步一条计划任务
每隔1小时,与时间服务器同步一次时间
0 * * * * ntpdate ntp1.aliyun.com
server
[root@puppet /etc/puppet]# vim manifests/nodes.pp
node 'node1.up.com' {
include hosts
include httpd
include motd
include crontab
}
node 'node2.up.com' {
include hosts
include httpd
include motd
include crontab
}
[root@puppet /etc/puppet/modules]# cp -r hosts/ crontab
[root@puppet /etc/puppet/modules/crontab]# vim manifests/init.pp
class crontab {
package {"ntpdate":
ensure => present,
allow_virtual => true
}
##软件包的需求
service {"crond":
ensure => running,
enable => true,
require => Package["ntpdate"],
}
##服务的需求,服务是不是启动了
cron {"ntpdate":
command => "/usr/sbin/ntpdate ntp1.aliyun.com",
user => root,
hour => "*",
minute => "1",
require => Service["crond"]
}
##计划任务的具体内容
命令
时间
因为小时后面都是* ,只写到 hour
}
[root@puppet /etc/puppet/modules/crontab]# tree .
.
└── manifests
└── init.pp
[root@puppet ~]# systemctl restart puppetmaster
node
[root@node1 ~]# crontab -l
[root@node2 ~]# crontab -l
自动签发证书:
[root@puppet /etc/puppet]# vim puppet.conf
[main]
......
autosign = true
autosign = /etc/puppet/autosign.conf
[root@puppet /etc/puppet]# vim autosign.conf
*.up.com
[root@puppet ~]# systemctl restart puppetmaster
[root@puppet ~]# vim /etc/hosts
172.16.0.60 puppet.up.com puppet
172.16.0.61 node1.up.com node1
172.16.0.62 node2.up.com node2
172.16.0.63 node3.up.com node3
加入节点node3:
[root@puppet ~]# scp /etc/hosts 172.16.0.63:/etc/
[root@node3 ~]# yum install -y ruby ruby-libs puppet facter
[root@node3 ~]# cd /etc/puppet/
[root@node3 /etc/puppet]# scp 172.16.0.61:/etc/puppet/puppet.conf .
[root@node3 ~]# systemctl start puppet
[root@node3 ~]# systemctl enable puppet
[root@puppet /var/lib/puppet/ssl/ca/signed]# ls
node1.up.com.pem node2.up.com.pem node3.up.com.pem <--puppet自动签发的证书
同步
[root@puppet /etc/puppet]# vim manifests/nodes.pp
node "node1.up.com" {
include hosts
include httpd
include motd
include crontab
}
node "node2.up.com" {
include hosts
include httpd
include motd
include crontab
}
node "node3.up.com" {
include hosts
include httpd
include motd
include crontab
}
[root@puppet /etc/puppet]# systemctl restart puppetmaster