puppet初探
需要软件包:ruby,facter,puppet
前提要求客户端能解析到服务端的hostname
puppet服务端配置:
tar zxvf facter-1.6.5.tar.gzcd facter-1.6.5ruby install.rbcd ..tar zxvf puppet-2.6.13.tar.gzcd puppet-2.6.13ruby install.rbcp conf/auth.conf /etc/puppet/cp conf/redhat/fileserver.conf /etc/puppet/cp conf/redhat/puppet.conf /etc/puppet/cp conf/redhat/server.init /etc/init.d/puppetmasterchmod +x /etc/init.d/puppetmasterchkconfig --add puppetmasterchkconfig puppetmaster onmkdir -p /etc/puppet/manifests生成pupput用户[root@testsns opt]# puppetmasterd --mkusers启动[root@testsns opt]# /etc/init.d/puppetmaster startfileserver.conf文件的配置:
[files]
path /opt/
allow *
[yum]
path /etc/yum/
allow *
site.pp文件的配置:
node default { #m所有客户端都同步,单独客户端同步:node hostname
file {
"test":
name => "/tmp/1.txt",
content => template("/etc/passwd"),
}
file {
"/opt/install.log":
content => "test,my first puppetmaster",
ensure => present,
mode => 666,
owner => puppet,
group => puppet,
}
file {
"/tmp/install.log":
source => "puppet://node3.wanghaihao.cn/files/install.log",
ensure => present,
owner => puppet,
group => puppet,
mode => 666,
}
file {
"/tmp/puppet-2.6.17.tar.gz":
source => "puppet://node3.wanghaihao.cn/files/puppet-2.6.17.tar.gz",
}
# tian jia group
group {
"haihao":
gid=>1000,
ensure => present,
}
#tian jia user
user {
"haihao":
uid => 1000,
gid => 1000,
home => "/home/haihao",
shell => "/bin/bash",
password => "123456",
ensure => present,
}
#yum an zhuang ruan jian
package {
"httpd":
ensure => installed,
}
#yum xie zai ruan jian
package {
"ftpd":
ensure => absent,
}
service {
"httpd":
ensure => running, #kai qi fu wu
enable => false, #kai ji bu zi qi dong
}
service {
"atd":
ensure => stopped, #guan bi fu wu
enable => true, #kai ji zi qi dong
}
cron { "ntpdate":
command => "/usr/sbin/ntpdate 192.168.1.103",
user => root,
minute => 0,
hour => 1,
}
exec { "build-Nagios Plugins":
cwd => "/root",
command => "/bin/tar xzf nagios-plugins-1.4.15.tar.gz && cd nagios-plugins-1.4.15 && sh configure && make && make install",
creates => "/usr/local/nagios",
logoutput => on_failure,
timeout => 0,
}
exec { "exec-mkdir":
cwd => "/opt",
command => "sh /opt/hh.sh",
user => "root",
path => "/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin",
}
#tong bu mu lu
file { "/tmp/test":
owner => puppet,
group => puppet,
purge => true,
recurse => true,
force => true,
source => "puppet://node3.wanghaihao.cn/yum/",
}
}
客户端的配置:
tar zxvf facter-1.6.5.tar.gzcd facter-1.6.5ruby install.rbcd ..tar zxvf puppet-2.6.13.tar.gzcd puppet-2.6.13ruby install.rbcp conf/auth.conf /etc/puppet/cp conf/namespaceauth.conf /etc/puppet/cp conf/redhat/puppet.conf /etc/puppet/cp conf/redhat/client.init /etc/init.d/puppetchmod +x /etc/init.d/puppetvi /etc/puppet/puppet.conf---[agent] Listen = trueServer = testsnspuppetmasterd --mkusers/etc/init.d/puppet start
namespaceauth.conf文件的配置:
[fileserver]
allow *
[puppetmaster]
allow *
[puppetrunner]
allow *
[puppetbucket]
allow *
[puppetreports]
allow *
[resource]
allow *
测试:
认证:
客户端发送请求Puppeted --test –server testsns服务器查看Puppetca –list服务器端签名Puppetca –s –a //对所有客户端全部签名Puppetca –s nfstest//只签名某个客户端认证报错:时间问题,处理办法:
客户端:pppet --genconfig | grep certdir
rm -rf /var/lib/puppet/ssl
puppetd --test -server $hostname
服务端:
puppetca -l
puppetca -s $hostname
声明:本站所有文章资源内容,如无特殊说明或标注,均为采集网络资源。如若本站内容侵犯了原著者的合法权益,可联系本站删除。
