“循环调用ssh命令不是一个我能接受的解决方案。”
--Luke Kanies,Puppet开发者
Puppet是一个开源自动化配置与部署工具,采用C/S架构模式,基于Ruby,它既能以客户端-服务端的方式运行,也能独立运行,Puppet通常用来管理一台主机的整个生命周期,从初始化安装、升级、维护以及最后将服务器迁移下架,它可以进行多平台管理,UXINX、LINUX及WINDOWS平台,客户端默认为每半个小时连接一次服务器(master),用于同步最新配置文件。并将执行结果反馈给Master。
Puppet模型
puppet官方网站:http://www.puppetlabs.com/
Puppet Logo
实验架构图:
环境介绍:
Puppet Master 192.168.112.128 puppet.xiaolu.com Centos 5.4 64位系统
Puppet agent 192.168.112.129 client.xiaolu.com Centos 5.4 64位系统
Ntp服务器 10.172.172.13Centos 5.4 64 位系统
软件:
puppet-2.7.21.tar.gz
facter-1.7.1.tar.gz
安装PUppet
一、配置NTP时间同步服务器
服务端及客户端需配置时间同步服务器来保证时间同步。NTP地址为:10.172.172.13
[root@puppet ~]# crontab -e 0 5 * * * /usr/sbin/ntpdate 10.172.172.13
二、配置完整的域名(FQDN)
由于是实验环境,我这里搭建DNS,所以这里采用修改hosts文件来实现域名解析。
1)首先配置master主机名为(puppet.xiaolu.com)
[root@puppet ~]# vi /etc/sysconfig/network HOSTNAME=puppet.xiaolu.com
2)配置agent主机名为(Client)
[root@client ~]# vi /etc/sysconfig/network HOSTNAME=client.xiaolu.com
3)分别再两台机器/etc/hosts文件中加入ip对应master域名的解析,目的为了使用client可以解析到master
192.168.112.130 puppet.xiaolu.com #主备都写一样
三、安装依赖环境
这里采用yum方式直接安装ruby、ruby-libs、ruby-rdoc
[root@puppet ~]# yum install ruby ruby-libs ruby-rdoc
四、安装facter
puppet资源下载点 http://downloads.puppetlabs.com/
大家可以在这里面进行puppet资源下载
[root@puppet lib]# tar -zxvf facter-1.7.1.tar.gz [root@puppet lib]# cd facter-1.7.1 [root@puppet facter-1.7.1]# ruby install.rb
五、安装puppet
[root@puppet lib]# tar -zxvf puppet-2.7.21.tar.gz [root@puppet lib]# cd puppet-2.7.21 [root@puppet puppet-2.7.21]# ruby install.rb [root@puppet puppet-2.7.21]# cp conf/redhat/fileserver.conf /etc/puppet/ [root@puppet puppet-2.7.21]# cp conf/redhat/puppet.conf /etc/puppet/ [root@puppet puppet-2.7.21]# cp conf/redhat/server.init /etc/init.d/puppetmaster [root@puppet puppet-2.7.21]# chmod +x /etc/init.d/puppetmaster [root@puppet puppet-2.7.21]# chkconfig --add puppetmaster [root@puppet puppet-2.7.21]# chkconfig --level 35 puppetmaster on [root@puppet /]# groupadd puppet #创建组 [root@puppet /]# useradd -g puppet -s /bin/false -M puppet #创建用户并加入组中,puppet用户不需要登录
查看清单列表
[root@puppet /]# ll /etc/puppet/ 总计 16 -rw-r--r-- 1 root root 2569 07-14 03:23 auth.conf -rw-r--r-- 1 root root 381 07-14 03:23 fileserver.conf drwxr-xr-x 2 root root 4096 07-18 01:59 manifests -rw-r--r-- 1 root root 853 07-14 03:23 puppet.conf [root@puppet /]#
如果没有manifests文件夹,可手动创建,并再里面创建site.pp
[root@puppet /]# mkdir -p /etc/puppet/manifests [root@puppet /]# touch /etc/puppet/manifests/site.pp
配置防火墙
Puppet运行在tcp的8140端口,所以需要再防火墙中开放8140的监听端口,防火墙规则如下:
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 8140 -j ACCEPT
启动Puppet Master
[root@puppet /]# service puppetmaster restart 停止 puppetmaster:[确定] 启动 puppetmaster:[确定] [root@puppet /]#
客户端安装
一、配置NTP时间同步服务器
二、配置完整的域名(FQDN)
三、安装依赖环境
四、安装facter
----------------------------------------------------------------以上操作请参考Master步骤----------------
五、安装puppet
tar -zxvf puppet-2.7.21.tar.gz cd puppet-2.7.21/ ruby install.rb cp conf/redhat/client.init /etc/init.d/puppet chkconfig --level 35 puppet on puppetd --mkusers groupadd puppet useradd -g puppet -s /bin/false -M puppet chmod +x /etc/init.d/puppet service puppet start
建立第一次连接
一、测试端口是否可以连通
[root@client ~]# telnet puppet.xiaolu.com 8140 Trying 192.168.112.130... Connected to puppet.xiaolu.com. Escape character is '^]'. ^] Connection closed by foreign host. [root@client ~]#
二、建立第一次连接,申请证书
[root@client ~]# puppetd --test --server puppet.xiaolu.com info: Caching certificate for ca info: Creating a new SSL certificate request for client.xiaolu.com info: Certificate Request fingerprint (md5): 1C:A9:E2:58:4C:1D:B9:46:F9:BC:31:81:C3:E4:DD:85 Exiting; no certificate found and waitforcert is disabled [root@client ~]#
三、登陆服务器确认证书
此步骤需要在master上进行查看,
[root@puppet ~]# puppetca -l "client.xiaolu.com" (1C:A9:E2:58:4C:1D:B9:46:F9:BC:31:81:C3:E4:DD:85)
查看到由client的证书请求
[root@puppet ~]# puppetca -s client.xiaolu.com notice: Signed certificate request for client.xiaolu.com notice: Removing file Puppet::SSL::CertificateRequest client.xiaolu.com at '/var/lib/puppet/ssl/ca/requests/client.xiaolu.com.pem' [root@puppet ~]#
以上步骤为批准client证书请求,并颁发证书
[root@puppet ~]# puppetca -a --list + "client.xiaolu.com" (C9:E6:7B:7F:85:4D:83:DD:C8:1C:E8:BB:C6:1E:D0:7D) + "puppet.xiaolu.com" (C8:FE:32:EB:D2:DF:CE:A2:06:77:D4:61:62:3E:C8:DF) (alt names: "DNS:puppet", "DNS:puppet.xiaolu.com") [root@puppet ~]#
查看验证签名,“+”号代表审核通过的。
四、登陆客户端服务器
重新建立与master的连接
[root@client ~]# puppetd --test --server puppet.xiaolu.com info: Caching certificate for client.xiaolu.com info: Caching certificate_revocation_list for ca info: Caching catalog for client.xiaolu.com info: Applying configuration version '1374595755' info: Creating state file /var/lib/puppet/state/state.yaml notice: Finished catalog run in 0.05 seconds [root@client ~]#
功能性测试:
服务器端:
[root@puppet /]# vi /etc/puppet/manifests/site.pp node default { file { "/tmp/xiaolu.test": content => "xiaoluQQ3619352", mode => 0644; } }
客户端:
[root@client ~]# puppetd --test --server puppet.xiaolu.com info: Caching catalog for client.xiaolu.com info: Applying configuration version '1374597226' notice: /Stage[main]//Node[default]/File[/tmp/xiaolu.test]/ensure: defined content as '{md5}d4b887dd1544e2a7f4bd781a3e2b52a3' notice: Finished catalog run in 0.07 seconds [root@client ~]#
查看同步结果:
[root@client ~]# ll /tmp/xiaolu.test -rw-r--r-- 1 root root 15 07-24 00:33 /tmp/xiaolu.test [root@client ~]# cat /tmp/xiaolu.test xiaoluQQ3619352[root@client ~]# [root@client ~]#
自动部署脚本:
测试平台为centos 5.4中
软件可再本文章进行下载
#!/bin/bash #====================================== # NAME: Puppet Master # DESCRIPTION: # PARAMETER 0: #====================================== Currently_dir=`pwd` #配置时间同步服务器 NtpServer=10.172.172.13 CronTab=/var/spool/cron/root if [ -f $CronTab ] then CronNtp=`cat $CronTab | grep ntpdate |awk -Fntpdate '{print $2}' | awk '{print $1}'` r=${CronNtp:-'flase'} if [ $r == flase ] then echo "0 5 * * * /usr/sbin/ntpdate $NtpServer" >>$CronTab else echo "Ntp Server is OK" fi #if [ $CronNtp == $NtpServer ] # then # echo "Ntp Server is OK" # else # echo "0 5 * * * /usr/sbin/ntpdate $NtpServer" >>$CronTab #fi else echo "0 5 * * * /usr/sbin/ntpdate $NtpServer" >$CronTab fi #安装ruby软件包 #检查yum CD_HOME="/media/cdrom" YUMREPO_HOME="/etc/yum.repos.d" REPO_NAME="cdrom.repo" SOFT_HOME="/usr/local/src" _error(){ echo "$1" exit -1; } #mount cdrom mkdir -p $CD_HOME mount /dev/cdrom $CD_HOME if ! grep '/media/cdrom' /etc/mtab > /dev/null then _error "mount cdrom is error,please check cdrom" exit fi #remove other Yumrepo cd $YUMREPO_HOME for i in *; do if [ $i != ${i/\.repo/} ] then mv $i ${i/\.repo/} fi done #create yum repo cat>${REPO_NAME}<<'EOF' [c5-media] name=CentOS baseurl=file:///media/cdrom/ gpgcheck=0 enabled=1 #gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5 EOF #compile env yum -y install ruby ruby-libs ruby-rdoc #安装facter Currently_dir=`pwd` src="/usr/local/src" cd $src Software_Path="./lib/facter-1.7.1.tar.gz" Software=`basename $Software_Path` tar -zxvf $Software_Path -C $src cd $src/${Software/.tar.gz/} ruby install.rb || LOG "emer" "ruby install $Software faile" #安装puppet cd - Software_PP="./lib/puppet-2.7.21.tar.gz" Software_BB=`basename $Software_PP` tar -zxvf $Software_PP -C $src cd $src/${Software_BB/.tar.gz/} ruby install.rb || LOG "emer" "ruby install $Software_BBe faile" cp conf/redhat/fileserver.conf /etc/puppet/ cp conf/redhat/puppet.conf /etc/puppet/ cp conf/redhat/server.init /etc/init.d/puppetmaster groupadd puppet useradd -g puppet -s /bin/false -M puppet puppetmasterd --mkusers chmod +x /etc/init.d/puppetmaster chkconfig --add puppetmaster chkconfig --level 35 puppetmaster on
安装还是比较简单的!!!此脚本为master安装方式,有兴趣的朋友可以自己尝试写client的安装方式!脚本安装需要在/usr/local/src目录下进行,因为脚本里面定义了src的目录,可以修改成自己脚本的位置。
软件包及自动部署脚本:http://down.51cto.com/data/882344
转载于:https://blog.51cto.com/haolulu/1256489