云计算时代系统管理员会经常陷入一系列的重复任务中,如安装或重装系统,升级软件包,管理配置文件,添加、管理和配置系统服务等等,成百上千台服务器,够让我们抓狂的,因此自动化就非常有必要了。
Puppet 是一个客户端/服务器(C/S)架构的配置管理工具,在中央服务器上安装 puppet-server 服务器(puppet master),在需要被管理的目标服务器上安装 puppet 客户端软件(puppet client)。当客户端连接上服务器后,定义在服务器上的配置文件会被编译,然后在客户端上运行。客户端每隔半小时主动会和服务器通信一次,确认配置信息的更新情况,如果有新的配置信息(或者配置有变化),配置文件将会被重新编译并分发到客户端执行。当然,也可以在服务器上主动触发更新指令来强制各客户端进行配置更新。
以下步骤除非有标明,都是在server端设置
一、sudo管理
1、主资源配置文件:/etc/puppet/mainfests/site.pp
[root@vmclient63 manifests]# cat /etc/puppet/manifests/site.pp
import 'nodes.pp'
$puppetserver = 'vmserver62'
1
2
3
[root@vmclient63manifests]# cat /etc/puppet/manifests/site.pp
import'nodes.pp'
$puppetserver='vmserver62'
注意:加载在/etc/puppet/mainfests/nodes目录中的所有文件都是以.pp结尾
2、设置节点:
[root@vmclient63 manifests]# cat /etc/puppet/manifests/noded.pp
node 'vmclient63' { ---说明在哪一个节点生效
include sudo --读取sudo模块
}
1
2
3
4
[root@vmclient63manifests]# cat /etc/puppet/manifests/noded.pp
node'vmclient63'{ ---说明在哪一个节点生效
includesudo --读取sudo模块
}
3、定义模块
a、创建模块目录:
# mkdir /etc/puppet/modules
1
# mkdir /etc/puppet/modules
b、在模块目录中创建sudo模块:
# mkdir /etc/puppet/modules/sudo
1
# mkdir /etc/puppet/modules/sudo
c、在sudo模块中创建需要的基本目录:
# mkdir -p /etc/puppet/modules/sudo/{files,manifests,templates}
1
# mkdir -p /etc/puppet/modules/sudo/{files,manifests,templates}
d、在sudo模块的manifests目录中必须创建模块的具体资源定义文件:
[root@vmserver62 manifests]# vi /etc/puppet/modules/sudo/manifests/init.pp
class sudo {
package { sudo: ensure => present } ---判断sudo是否安装,没有就安装
file { "/etc/sudoers": ---文件资源
owner => "root", ---文件所属人员
group => "root",
mode => 0440, ---文件的权限
source => "puppet:///modules/sudo/etc/sudoers", ---定义配置文件sudoers从puppet服务器读取,从:/etc/puppet/modules/sudo/files/etc/sudoers 读取文件,模块目录files为文件类型资源的根目录
require => Package["sudo"] } ---定义依赖,需要执行package,才能执行这一步
}
1
2
3
4
5
6
7
8
9
10
[root@vmserver62manifests]# vi /etc/puppet/modules/sudo/manifests/init.pp
classsudo{
package{sudo:ensure=>present}---判断sudo是否安装,没有就安装
file{"/etc/sudoers":---文件资源
owner=>"root",---文件所属人员
group=>"root",
mode=>0440,---文件的权限
source=>"puppet:///modules/sudo/etc/sudoers",---定义配置文件sudoers从puppet服务器读取,从:/etc/puppet/modules/sudo/files/etc/sudoers读取文件,模块目录files为文件类型资源的根目录
require=>Package["sudo"]}---定义依赖,需要执行package,才能执行这一步
}
4、文件夹权限设置
# mkdir /etc/puppet/modules/sudo/files/etc
# cp /etc/sudoers /etc/puppet/modules/sudo/files/etc/sudoers
# chown -R puppet.puppet /etc/puppet
1
2
3
# mkdir /etc/puppet/modules/sudo/files/etc
# cp /etc/sudoers /etc/puppet/modules/sudo/files/etc/sudoers
# chown -R puppet.puppet /etc/puppet
二、mysql安装
1、创建mysql模块目录
# mkdir -p /etc/puppet/modules/mysql/{files,manifests,templates}
1
# mkdir -p /etc/puppet/modules/mysql/{files,manifests,templates}
2、创建mysql::install类
[root@vmserver62 manifests]# vi /etc/puppet/modules/mysql/manifests/install.pp
class mysql::install {
package { "mysql-server": ---yum安装mysql-server包
ensure => present,
require => User["mysql"] ---定义mysql用户为mysql
}
user { "mysql":
ensure => present, ---判断是否有mysql用户,没有就创建
comment => "MySQL user", ---用户的描述信息
gid => "mysql",
shell => "/sbin/nologin", ---mysql用户的shell信息
require => Group["mysql"] ---定义依赖的group资源中的mysql组
}
group { "mysql":
ensure => present
}
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
[root@vmserver62manifests]# vi /etc/puppet/modules/mysql/manifests/install.pp
classmysql::install{
package{"mysql-server":---yum安装mysql-server包
ensure=>present,
require=>User["mysql"]---定义mysql用户为mysql
}
user{"mysql":
ensure=>present,---判断是否有mysql用户,没有就创建
comment=>"MySQL user",---用户的描述信息
gid=>"mysql",
shell=>"/sbin/nologin",---mysql用户的shell信息
require=>Group["mysql"]---定义依赖的group资源中的mysql组
}
group{"mysql":
ensure=>present
}
}
3、创建mysql::config子类
[root@vmserver62 manifests]#cp /etc/my.cnf /etc/puppet/modules/mysql/files/my.cnf
[root@vmserver62 manifests]# vi /etc/puppet/modules/mysql/manifests/config.pp
class mysql::config {
file { "/etc/my.cnf":
ensure => present,
source => "puppet:///modules/mysql/my.cnf", ---从puppet服务端下载my.cnf文件,下载的实际路径为:/etc/puppet/modules/mysql/files/my.cnf,所以这一步一开始就要拷贝文件
require => Class["mysql::install"], ---调用依赖子类mysql::install
notify => Class["mysql::service"] ---依赖mysql:service重启服务重新加载配置文件
}
}
1
2
3
4
5
6
7
8
9
10
[root@vmserver62manifests]#cp /etc/my.cnf /etc/puppet/modules/mysql/files/my.cnf
[root@vmserver62manifests]# vi /etc/puppet/modules/mysql/manifests/config.pp
classmysql::config{
file{"/etc/my.cnf":
ensure=>present,
source=>"puppet:///modules/mysql/my.cnf",---从puppet服务端下载my.cnf文件,下载的实际路径为:/etc/puppet/modules/mysql/files/my.cnf,所以这一步一开始就要拷贝文件
require=>Class["mysql::install"],---调用依赖子类mysql::install
notify=>Class["mysql::service"]---依赖mysql:service重启服务重新加载配置文件
}
}
4、创建mysql::service子类
[root@vmserver62 manifests]# vi /etc/puppet/modules/mysql/manifests/service.pp
class mysql::service {
service { "mysqld":
ensure => running, ---确定mysql服务是启动状态
require => Class["mysql::install","mysql::config"]
}
}
1
2
3
4
5
6
7
8
[root@vmserver62manifests]# vi /etc/puppet/modules/mysql/manifests/service.pp
classmysql::service{
service{"mysqld":
ensure=>running,---确定mysql服务是启动状态
require=>Class["mysql::install","mysql::config"]
}
}
5、在manifests目录中创建mysql类
[root@vmserver62 manifests]# vi /etc/puppet/modules/mysql/manifests/init.pp
class mysql {
include mysql::install,mysql::config,mysql::service
}
1
2
3
4
[root@vmserver62manifests]# vi /etc/puppet/modules/mysql/manifests/init.pp
classmysql{
includemysql::install,mysql::config,mysql::service
}
6、在/etc/puppet/manifests/nodes/node1.pp中加载mysql类
[root@vmserver62 manifests]# cat /etc/puppet/manifests/nodes/node1.pp
node 'vmclient63' ---指定节点
{include sudo,mysql}
1
2
3
[root@vmserver62manifests]# cat /etc/puppet/manifests/nodes/node1.pp
node'vmclient63'---指定节点
{includesudo,mysql}
7、重启puppetmaster
#/etc/init.d/puppetmaster restart
1
#/etc/init.d/puppetmaster restart
客户端设置:
1、在/etc/puppet/puppet.conf 文件中的[agent]下面添加两行
authconfig = /etc/puppet/namespaceauth.conf
listen = true
1
2
authconfig=/etc/puppet/namespaceauth.conf
listen=true
2、在文件/etc/puppet/namespaceauth.conf中修改
3、/etc/puppet/auth.conf 文件最后添加三行
path /
auth any
allow *
1
2
3
path/
authany
allow *
4、重启客户端
[root@vmclient63 ~]# /etc/init.d/puppet restart
Stopping puppet: [ OK ]
Starting puppet: [ OK ]
1
2
3
[root@vmclient63~]# /etc/init.d/puppet restart
Stoppingpuppet: [ OK ]
Startingpuppet: [ OK ]
服务端开始通知客户端更新
[root@vmserver62 mysql]# puppetrun -p 10 --host vmclient63
Triggering vmclient63
Getting status
status is running
Host vmclient63 is already running
vmclient63 finished with exit code 3
Failed: vmclient63 ---这个是由于本人hostname不规范
1
2
3
4
5
6
7
[root@vmserver62mysql]# puppetrun -p 10 --host vmclient63
Triggeringvmclient63
Gettingstatus
statusisrunning
Hostvmclient63isalreadyrunning
vmclient63finishedwithexitcode3
Failed:vmclient63 ---这个是由于本人hostname不规范
查看服务端日志/var/log/message
查看客户端日志/var/log/message
可以查看客户端信息
如需转载请注明出处: http://www.ttlsa.com/html/2755.html