“循环调用ssh命令不是一个我能接受的解决方案。”
--Luke Kanies,Puppet开发者
Puppet是一个开源自动化配置与部署工具,采用C/S架构模式,基于Ruby,它既能以客户端-服务端的方式运行,也能独立运行,Puppet通常用来管理一台主机的整个生命周期,从初始化安装、升级、维护以及最后将服务器迁移下架,它可以进行多平台管理,UXINX、LINUX及WINDOWS平台,客户端默认为每半个小时连接一次服务器(master),用于同步最新配置文件。并将执行结果反馈给Master。
Puppet模型
puppet官方网站:http://www.puppetlabs.com/
Puppet Logo
实验架构图:
环境介绍:
Puppet Master 192.168.112.128 puppet.xiaolu.com Centos 5.4 64位系统
Puppet agent 192.168.112.129 client.xiaolu.com Centos 5.4 64位系统
Ntp服务器 10.172.172.13Centos 5.4 64 位系统
软件:
puppet-2.7.21.tar.gz
facter-1.7.1.tar.gz
安装PUppet
一、配置NTP时间同步服务器
服务端及客户端需配置时间同步服务器来保证时间同步。NTP地址为:10.172.172.13
[root@puppet ~]# crontab -e 0 5 * * * /usr/sbin/ntpdate 10.172.172.13
二、配置完整的域名(FQDN)
由于是实验环境,我这里搭建DNS,所以这里采用修改hosts文件来实现域名解析。
1)首先配置master主机名为(puppet.xiaolu.com)
[root@puppet ~]# vi /etc/sysconfig/network HOSTNAME=puppet.xiaolu.com
2)配置agent主机名为(Client)
[root@client ~]# vi /etc/sysconfig/network HOSTNAME=client.xiaolu.com
3)分别再两台机器/etc/hosts文件中加入ip对应master域名的解析,目的为了使用client可以解析到master
192.168.112.130 puppet.xiaolu.com #主备都写一样
三、安装依赖环境
这里采用yum方式直接安装ruby、ruby-libs、ruby-rdoc
[root@puppet ~]# yum install ruby ruby-libs ruby-rdoc
四、安装facter
puppet资源下载点 http://downloads.puppetlabs.com/
大家可以在这里面进行puppet资源下载
[root@puppet lib]# tar -zxvf facter-1.7.1.tar.gz [root@puppet lib]# cd facter-1.7.1 [root@puppet facter-1.7.1]# ruby install.rb
五、安装puppet
[root@puppet lib]# tar -zxvf puppet-2.7.21.tar.gz [root@puppet lib]# cd puppet-2.7.21 [root@puppet puppet-2.7.21]# ruby install.rb [root@puppet puppet-2.7.21]# cp conf/redhat/fileserver.conf /etc/puppet/ [root@puppet puppet-2.7.21]# cp conf/redhat/puppet.conf /etc/puppet/ [root@puppet puppet-2.7.21]# cp conf/redhat/server.init /etc/init.d/puppetmaster [root@puppet puppet-2.7.21]# chmod +x /etc/init.d/puppetmaster [root@puppet puppet-2.7.21]# chkconfig --add puppetmaster [root@puppet puppet-2.7.21]# chkconfig --level 35 puppetmaster on [root@puppet /]# groupadd puppet #创建组 [root@puppet /]# useradd -g puppet -s /bin/false -M puppet #创建用户并加入组中,puppet用户不需要登录
查看清单列表
[root@puppet /]# ll /etc/puppet/ 总计 16 -rw-r--r-- 1 root root 2569 07-14 03:23 auth.conf -rw-r--r-- 1 root root 381 07-14 03:23 fileserver.conf drwxr-xr-x 2 root root 4096 07-18 01:59 manifests -rw-r--r-- 1 root root 853 07-14 03:23 puppet.conf [root@puppet /]#
如果没有manifests文件夹,可手动创建,并再里面创建site.pp
[root@puppet /]# mkdir -p /etc/puppet/manifests [root@puppet /]# touch /etc/puppet/manifests/site.pp
配置防火墙
Puppet运行在tcp的8140端口,所以需要再防火墙中开放8140的监听端口,防火墙规则如下:
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 8140 -j ACCEPT
启动Puppet Master
[root@puppet /]# service puppetmaster restart 停止 puppetmaster:[确定] 启动 puppetmaster:[确定] [root@puppet /]#
客户端安装
一、配置NTP时间同步服务器
二、配置完整的域名(FQDN)
三、安装依赖环境
四、安装facter
----------------------------------------------------------------以上操作请参考Master步骤----------------
五、安装puppet
tar -zxvf puppet-2.7.21.tar.gz cd puppet-2.7.21/ ruby install.rb cp conf/redhat/client.init /etc/init.d/puppet chkconfig --level 35 puppet on puppetd --mkusers groupadd puppet useradd -g puppet -s /bin/false -M puppet chmod +x /etc/init.d/puppet service puppet start
建立第一次连接
一、测试端口是否可以连通
[root@client ~]# telnet puppet.xiaolu.com 8140 Trying 192.168.112.130... Connected to puppet.xiaolu.com. Escape character is '^]'. ^] Connection closed by foreign host. [root@client ~]#
二、建立第一次连接,申请证书
[root@client ~]# puppetd --test --server puppet.xiaolu.com info: Caching certificate for ca info: Creating a new SSL certificate request for client.xiaolu.com info: Certificate Request fingerprint (md5): 1C:A9:E2:58:4C:1D:B9:46:F9:BC:31:81:C3:E4:DD:85 Exiting; no certificate found and waitforcert is disabled [root@client ~]#
三、登陆服务器确认证书
此步骤需要在master上进行查看,
[root@puppet ~]# puppetca -l "client.xiaolu.com" (1C:A9:E2:58:4C:1D:B9:46:F9:BC:31:81:C3:E4:DD:85)
查看到由client的证书请求
[root@puppet ~]# puppetca -s client.xiaolu.com notice: Signed certificate request for client.xiaolu.com notice: Removing file Puppet::SSL::CertificateRequest client.xiaolu.com at '/var/lib/puppet/ssl/ca/requests/client.xiaolu.com.pem' [root@puppet ~]#
以上步骤为批准client证书请求,并颁发证书
[root@puppet ~]# puppetca -a --list + "client.xiaolu.com" (C9:E6:7B:7F:85:4D:83:DD:C8:1C:E8:BB:C6:1E:D0:7D) + "puppet.xiaolu.com" (C8:FE:32:EB:D2:DF:CE:A2:06:77:D4:61:62:3E:C8:DF) (alt names: "DNS:puppet", "DNS:puppet.xiaolu.com") [root@puppet ~]#
查看验证签名,“+”号代表审核通过的。
四、登陆客户端服务器
重新建立与master的连接
[root@client ~]# puppetd --test --server puppet.xiaolu.com info: Caching certificate for client.xiaolu.com info: Caching certificate_revocation_list for ca info: Caching catalog for client.xiaolu.com info: Applying configuration version '1374595755' info: Creating state file /var/lib/puppet/state/state.yaml notice: Finished catalog run in 0.05 seconds [root@client ~]#
功能性测试:
服务器端:
[root@puppet /]# vi /etc/puppet/manifests/site.pp
node default {
file {
"/tmp/xiaolu.test":
content => "xiaoluQQ3619352",
mode => 0644;
}
}
客户端:
[root@client ~]# puppetd --test --server puppet.xiaolu.com
info: Caching catalog for client.xiaolu.com
info: Applying configuration version '1374597226'
notice: /Stage[main]//Node[default]/File[/tmp/xiaolu.test]/ensure: defined content as '{md5}d4b887dd1544e2a7f4bd781a3e2b52a3'
notice: Finished catalog run in 0.07 seconds
[root@client ~]#
查看同步结果:
[root@client ~]# ll /tmp/xiaolu.test -rw-r--r-- 1 root root 15 07-24 00:33 /tmp/xiaolu.test [root@client ~]# cat /tmp/xiaolu.test xiaoluQQ3619352[root@client ~]# [root@client ~]#
自动部署脚本:
测试平台为centos 5.4中
软件可再本文章进行下载
#!/bin/bash
#======================================
# NAME: Puppet Master
# DESCRIPTION:
# PARAMETER 0:
#======================================
Currently_dir=`pwd`
#配置时间同步服务器
NtpServer=10.172.172.13
CronTab=/var/spool/cron/root
if [ -f $CronTab ]
then
CronNtp=`cat $CronTab | grep ntpdate |awk -Fntpdate '{print $2}' | awk '{print $1}'`
r=${CronNtp:-'flase'}
if [ $r == flase ]
then
echo "0 5 * * * /usr/sbin/ntpdate $NtpServer" >>$CronTab
else
echo "Ntp Server is OK"
fi
#if [ $CronNtp == $NtpServer ]
# then
# echo "Ntp Server is OK"
# else
# echo "0 5 * * * /usr/sbin/ntpdate $NtpServer" >>$CronTab
#fi
else
echo "0 5 * * * /usr/sbin/ntpdate $NtpServer" >$CronTab
fi
#安装ruby软件包
#检查yum
CD_HOME="/media/cdrom"
YUMREPO_HOME="/etc/yum.repos.d"
REPO_NAME="cdrom.repo"
SOFT_HOME="/usr/local/src"
_error(){
echo "$1"
exit -1;
}
#mount cdrom
mkdir -p $CD_HOME
mount /dev/cdrom $CD_HOME
if ! grep '/media/cdrom' /etc/mtab > /dev/null
then
_error "mount cdrom is error,please check cdrom"
exit
fi
#remove other Yumrepo
cd $YUMREPO_HOME
for i in *; do
if [ $i != ${i/\.repo/} ]
then
mv $i ${i/\.repo/}
fi
done
#create yum repo
cat>${REPO_NAME}<<'EOF'
[c5-media]
name=CentOS
baseurl=file:///media/cdrom/
gpgcheck=0
enabled=1
#gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
EOF
#compile env
yum -y install ruby ruby-libs ruby-rdoc
#安装facter
Currently_dir=`pwd`
src="/usr/local/src"
cd $src
Software_Path="./lib/facter-1.7.1.tar.gz"
Software=`basename $Software_Path`
tar -zxvf $Software_Path -C $src
cd $src/${Software/.tar.gz/}
ruby install.rb || LOG "emer" "ruby install $Software faile"
#安装puppet
cd -
Software_PP="./lib/puppet-2.7.21.tar.gz"
Software_BB=`basename $Software_PP`
tar -zxvf $Software_PP -C $src
cd $src/${Software_BB/.tar.gz/}
ruby install.rb || LOG "emer" "ruby install $Software_BBe faile"
cp conf/redhat/fileserver.conf /etc/puppet/
cp conf/redhat/puppet.conf /etc/puppet/
cp conf/redhat/server.init /etc/init.d/puppetmaster
groupadd puppet
useradd -g puppet -s /bin/false -M puppet
puppetmasterd --mkusers
chmod +x /etc/init.d/puppetmaster
chkconfig --add puppetmaster
chkconfig --level 35 puppetmaster on
安装还是比较简单的!!!此脚本为master安装方式,有兴趣的朋友可以自己尝试写client的安装方式!脚本安装需要在/usr/local/src目录下进行,因为脚本里面定义了src的目录,可以修改成自己脚本的位置。
软件包及自动部署脚本:http://down.51cto.com/data/882344
转载于:https://blog.51cto.com/haolulu/1256489
155
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
