手动编写的几个简单的puppet管理配置
puppet在自动化配置管理方面有很强大的优势,这里就不做过多介绍了,下面记录下几个简单的puppet管理配置:
一、首先在服务端和客户端安装puppet和facter
1)服务端
安装Puppet Labs
# rpm -ivh http://yum.puppetlabs.com/el/6.5/products/x86_64/puppetlabs-release-6-12.noarch.rpm 安装Puppet和facter
# yum install puppet puppet-server facter 2)客户端
安装Puppet Labs
# rpm -ivh http://yum.puppetlabs.com/el/6.5/products/x86_64/puppetlabs-release-6-12.noarch.rpm 安装Puppet和facter
# yum install puppet facter
二、puppet配置及证书签收
1)客户端和服务端分别做host主机映射(或者做内网DNS解析)
192.168.1.10 puppet01.wang.com #服务端
192.168.1.11 puppet02.wang.com #客户端 2)在客服端的puppet.conf配置文件里
[root@puppet02 ~]# cat /etc/puppet/puppet.conf
[main]
server=puppet01.wang.com
...... 3)分别启动puppet服务(注意服务端和客户端的iptables防火墙最好关闭,如果开启的话,要记得开放puppet端口8140的访问)
服务端
[root@puppet01 ~]# /etc/init.d/puppetmaster start 客服端
[root@puppet02 ~]# /etc/init.d/puppet start 4)自动注册证书配置
服务端
[root@puppet01 ~]# cat /etc/puppet/puppet.conf
[main]
......
autosign = true
autosign = /etc/puppet/autosign.conf [root@puppet01 ~]# cat /etc/puppet/autosign.conf #创建自动注册配置文件,下面表示对所有主机的注册进行签收
* [root@puppet01 ~]# /etc/init.d/puppetmaster restart 客户端进行注册
[root@puppet02 ~]# puppet agent --test --server=puppet01.wang.com
Notice: Ignoring --listen on onetime run
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for puppet02.wang.com
Info: Applying configuration version '1501320900'
Notice: Finished catalog run in 0.42 seconds 服务端发现已经自动签收了证书
[root@puppet01 ~]# puppet cert --list --all
+ "puppet01.wang.com" (SHA256) 3E:99:64:73:14:D5:BA:01:62:2F:53:62:A6:07:55:AB:BA:BE:70:6E:7E:60:7A:81:41:10:63:78:C0:FD:E4:56 (alt names: "DNS:puppet", "DNS:puppet.wang.com", "DNS:puppet01.wang.com")
+ "puppet02.wang.com" (SHA256) A4:EF:73:62:3A:DD:F9:2E:E4:12:8F:2E:AE:90:96:43:95:7A:4C:9F:38:02:44:B7:81:C5:08:B5:16:95:42:0B
三、puppet自动化管理配置
在puppet master服务端进行puppet管理条目的配置,配置好之后,这些条目会被发送到puppet agent节点机器上,并被应用到agent节点机器上(即puppet master的"推"操作)。如果agent节点机器以守护进程方式运行,
它会默认每隔30分钟连接一次,并检查自己所在主机的配置是否发生了变化或者增加了新的配置。可以通过修改agent上/etc/puppet/puppet.conf文件中的runinterval项来修改这个时间间隔,比如修改时间间隔为1小时
"runinterval = 3600"。同时,agent节点机器也可以通过cron进行定时任务的主动连接(即puppet agent的"拉"操作),
结合master和agent的一"推"一"拉"的操作。 1)在puppet master端进行配置
[root@puppet01 puppet]# ll
total 36
-rw-r--r-- 1 root root 4178 Jul 29 16:25 auth.conf
-rw-r--r-- 1 root root 2 Jul 29 16:25 autosign.conf
drwxr-xr-x 3 root root 4096 Jul 29 16:25 environments
-rw-r--r-- 1 root root 1462 Jul 29 16:25 fileserver.conf
drwxr-xr-x 2 root root 4096 Jul 29 17:22 manifests
drwxr-xr-x 13 root root 4096 Jul 29 17:03 modules
-rw-r--r-- 1 root root 915 Jul 29 16:25 puppet.conf 先创建模块可以手动创建,也可以通过命令创建,不过要修改模块名称。
[root@puppet01 puppet]# cd modules/
[root@puppet01 modules]# puppet module generate propupet-ssh #命令行创建模块的命令。模块名称格式"puppet-模块名""
[root@puppet01 modules]# mv propupet-ssh ssh #修改为ssh模块 或者手动创建模块
[root@puppet01 modules]# mkdir ssh #不过还要手动创建模块下的目录结构
[root@puppet01 modules]# mkdir ssh/files #保存模块需要用到的文件
[root@puppet01 modules]# mkdir ssh/manifests #puppet配置文件的存放目录
[root@puppet01 modules]# mkdir ssh/templates #保存模块中用到的模板 modules模块配置好之后,要在/etc/puppet/manifests/site.pp清单文件中进行引用(如下最后会提到)。 2)参考下面几个模块的配置:
[root@puppet01 modules]# pwd
/etc/puppet/modules --------------------ssh安装管理模块--------------------
[root@puppet01 manifests]# cd /etc/puppet/modules/ssh
[root@puppet01 ssh]# cd manifests/
[root@puppet01 manifests]# ls
config.pp init.pp install.pp service.pp
[root@puppet01 manifests]# cat init.pp
class ssh {
class { '::ssh::install':} ->
class { '::ssh::config':} ->
class { '::ssh::service':} ->
Class['ssh']
}
[root@puppet01 manifests]# cat install.pp
class ssh::install {
package { "openssh": #安装包名为openssh
ensure => present, #保证该包被安装
}
}
[root@puppet01 manifests]# cat config.pp
class ssh::config {
file { "/etc/ssh/sshd_config": #ssh诸如端口、用户名、密码登录的控制都可以事先放在模块的files下的sshd_config文件了,然后利用puppet同步到目标机器上。修改后会自动重启sshd(service类里会自动重启)
ensure => present,
owner => 'root',
group => 'root',
mode => 0600,
source => "puppet:///modules/ssh/sshd_config", #即sshd_config文件存放在/etc/puppet/modules/ssh/files目录下。注意files目录不写在路径中。
require => Class["ssh::install"], #该文件资源存在的前提条件
notify => Class["ssh::service"], #该文件资源存在后通知ssh::service类
}
}
[root@puppet01 manifests]# cat service.pp
class ssh::service {
service { "sshd":
ensure => running,
hasstatus => true,
hasrestart =>true,
enable => true,
require => Class["ssh::config"],
}
} [root@puppet01 manifests]# ls ../files/sshd_config
../files/sshd_config --------------------DNS配置管理--------------------
[root@puppet ~]# cd /etc/puppet/modules/dns/
[root@puppet dns]# ls
files manifests
[root@puppet dns]# cd manifests/
[root@puppet manifests]# ls
config.pp init.pp restart.pp setup.pp
[root@puppet manifests]# cat init.pp
class dns {
include dns::config
include dns::setup
include dns::restart
}
[root@puppet manifests]# cat config.pp
class dns::config {
file { "/etc/named":
ensure => directory,
source => "puppet:///modules/dns/pro-dns/DNS/etc/named",
recurse => true,
} file { "/var/named":
ensure => directory,
source =>"puppet:///modules/dns/pro-dns/DNS/var/named",
recurse => true,
}
} [root@puppet manifests]# cat setup.pp
class dns::setup {
exec {"Set permissions of etc-named":
cwd => "/etc",
command => "/bin/chown -R root.named named",
path =>["/usr/bin:/usr/sbin:/bin:/sbin"],
require => Class["dns::config"],
} exec {"Set permissions of var-named":
cwd => "/var",
command => "/bin/chown -R root.named named && /bin/chown -R named.named named/data/",
path =>["/usr/bin:/usr/sbin:/bin:/sbin"],
require => Class["dns::config"],
} }
[root@puppet manifests]# cat restart.pp
class dns::restart {
exec {"restart named service":
command => "service named restart",
path => ["/usr/bin:/usr/sbin:/bin:/sbin"],
require => Class["dns::config"],
}
} files目录下存放的是DNS的配置文件和正反向解析文件(可以放到gitlab的pro-dns项目的DNS目录下,通过git clone下载)
[root@puppet manifests]# cd ../files/
[root@puppet files]# ls
pro-dns
[root@puppet files]# ls pro-dns/DNS/
etc var
[root@puppet files]# ls pro-dns/DNS/etc/named/
named.conf
[root@puppet files]# ls pro-dns/DNS/var/named/
192.168.10.zone 192.168.16.zone 192.168.32.zone 192.168.33.zone 192.168.34.zone 192.168.64.zone 192.168.8.zone wangshibo.cn --------------------java7安装管理模块--------------------
[root@puppet01 java7]# cd manifests/
[root@puppet01 manifests]# ls
init.pp install.pp
[root@puppet01 manifests]# cat init.pp
class java7 {
include java7::install
}
[root@puppet01 manifests]# cat install.pp
class java7::install {
file { "/data/software/java-jdk7_install.sh": #文件资源
source => "puppet:///modules/java7/java-jdk7_install.sh",
owner => root,
group => root,
mode => 0755
} exec { "install jdk": #命令资源
cwd => "/data/software",
command => "/bin/bash java-jdk7_install.sh",
user => "root",
group => "root",
path =>["/usr/bin:/usr/sbin:/bin:/sbin"],
creates =>"/usr/java/jdk1.7.0_80", #当/usr/java/jdk1.7.0_80文件存在时,不执行该命令。只有当不存在时执行!
require =>File["/data/software/java-jdk7_install.sh"] #该命令资源执行的前提条件
}
}
[root@puppet01 manifests]# cd ../files/
[root@puppet01 files]# ll
total 4
-rwxr-xr-x 1 root root 756 Jul 29 16:25 java-jdk7_install.sh
[root@puppet01 files]# cat java-jdk7_install.sh
#!/bin/bash /bin/rpm -qa|grep jdk|xargs rpm -e # install jdk7
/bin/rpm -ivh http://yum.wang.com/software/jdk-7u80-linux-x64.rpm # set env
NUM=`cat /etc/profile|grep "JAVA_HOME"|wc -l`
JDK=`cat /etc/profile|grep "JAVA_HOME="|cut -d"=" -f2|awk -F"/" '{print $4}'`
if [ $NUM -ne 0 ];then
/bin/sed -i 's#'$JDK'#jdk1.7.0_80#g' /etc/profile
else
echo "JAVA_HOME=/usr/java/jdk1.7.0_80" >> /etc/profile
echo "JAVA_BIN=/usr/java/jdk1.7.0_80/bin" >> /etc/profile
echo "PATH=/usr/lib64/qt-3.3/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin:/bin" >> /etc/profile
echo "CLASSPATH=.:/lib/dt.jar:/lib/tools.jar" >> /etc/profile
echo "export JAVA_HOME JAVA_BIN PATH CLASSPATH" >> /etc/profile
fi source /etc/profile --------------------java8安装管理模块--------------------
[root@puppet01 files]# cd /etc/puppet/modules/java8
[root@puppet01 java8]# ls
files manifests
[root@puppet01 java8]# cd manifests/
[root@puppet01 manifests]# ls
init.pp install.pp
[root@puppet01 manifests]# cat init.pp
class java8 {
include java8::install
}
[root@puppet01 manifests]# cat install.pp
class java8::install {
file { "/data/software/java-jdk8_install.sh":
source => "puppet:///modules/java8/java-jdk8_install.sh",
owner => root,
group => root,
mode => 0755
} exec { "install jdk":
cwd => "/data/software",
command => "/bin/bash java-jdk8_install.sh",
user => "root",
group => "root",
path =>["/usr/bin:/usr/sbin:/bin:/sbin"],
creates =>"/usr/java/jdk1.8.0_131",
require =>File["/data/software/java-jdk8_install.sh"]
}
}
[root@puppet01 manifests]# cat ../files/java-jdk8_install.sh
#!/bin/bash /bin/rpm -qa|grep jdk|xargs rpm -e # install jdk8 jdk7
/bin/rpm -ivh http://yum.wang.com/software/jdk-8u131-linux-x64.rpm # set env
NUM=`cat /etc/profile|grep "JAVA_HOME"|wc -l`
JDK=`cat /etc/profile|grep "JAVA_HOME="|cut -d"=" -f2|awk -F"/" '{print $4}'`
if [ $NUM -ne 0 ];then
/bin/sed -i 's#'$JDK'#jdk1.8.0_131#g' /etc/profile
else
echo "JAVA_HOME=/usr/java/jdk1.8.0_131" >> /etc/profile
echo "JAVA_BIN=/usr/java/jdk1.8.0_131/bin" >> /etc/profile
echo "PATH=/usr/lib64/qt-3.3/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin:/bin" >> /etc/profile
echo "CLASSPATH=.:/lib/dt.jar:/lib/tools.jar" >> /etc/profile
echo "export JAVA_HOME JAVA_BIN PATH CLASSPATH" >> /etc/profile
fi source /etc/profile --------------------tomcat8安装管理模块--------------------
[root@puppet01 manifests]# cd /etc/puppet/modules/tomcat8/
[root@puppet01 tomcat8]# ls
files manifests
[root@puppet01 tomcat8]# cd manifests/
[root@puppet01 manifests]# ls
init.pp install.pp
[root@puppet01 manifests]# cat init.pp
class tomcat8 {
include tomcat8::install
} [root@puppet01 manifests]# cat install.pp
class tomcat8::install {
file { "/data/software/apache-tomcat-8.5.15.tar.gz":
source =>"puppet:///modules/tomcat8/apache-tomcat-8.5.15.tar.gz",
owner => "root",
group => "root",
mode => 755
} exec {"install tomcat":
cwd => "/data/software",
command => "/bin/tar -zvxf apache-tomcat-8.5.15.tar.gz && mv apache-tomcat-8.5.15 /data/tomcat",
user => "root",
group => "root",
path =>["/usr/bin:/usr/sbin:/bin:/sbin"],
creates => "/data/tomcat",
require => File["/data/software/apache-tomcat-8.5.15.tar.gz"]
}
}
[root@puppet01 manifests]# ls ../files/
apache-tomcat-8.5.15.tar.gz --------------------nginx安装管理模块--------------------
[root@puppet01 manifests]# cd /etc/puppet/modules/nginx/
[root@puppet01 nginx]# ls
files manifests
[root@puppet01 nginx]# cd manifests/
[root@puppet01 manifests]# ls
init.pp install.pp
[root@puppet01 manifests]# cat init.pp
class nginx {
include nginx::install
}
[root@puppet01 manifests]# cat install.pp
class nginx::install {
file { "/data/software/nginx1.10_install.sh":
source =>"puppet:///modules/nginx/nginx1.10_install.sh",
owner => "root",
group => "root",
mode => 755
} exec {"install nginx":
cwd => "/data/software",
command => "/bin/bash -x nginx1.10_install.sh",
user => "root",
group => "root",
path =>["/usr/bin:/usr/sbin:/bin:/sbin"],
creates => "/data/nginx/conf/nginx.conf",
require => File["/data/software/nginx1.10_install.sh"]
}
}
[root@puppet01 manifests]# cat ../files/nginx1.10_install.sh
#!/bin/bash
#基础环境准备
/usr/sbin/groupadd -r nginx
/usr/sbin/useradd -r -g nginx -s /bin/false -M nginx
/usr/bin/yum install -y pcre pcre-devel openssl openssl-devel gcc #编译安装nginx1.10
cd /data/software/
/usr/bin/wget http://yum.wang.com/software/nginx-1.10.3.tar.gz
/bin/tar -zvxf nginx-1.10.3.tar.gz
cd nginx-1.10.3
./configure --prefix=/data/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_flv_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre
make && make install #配置nginx
cp /data/nginx/conf/nginx.conf /data/nginx/conf/nginx.conf.bak
> /data/nginx/conf/nginx.conf cat > /data/nginx/conf/nginx.conf << EOF
user nobody;
worker_processes 8; #error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info; events {
worker_connections 65535;
} http {
server_tokens off;
include mime.types;
default_type application/octet-stream;
charset utf-8; log_format main '$http_x_forwarded_for $remote_addr $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_cookie" $host $request_time';
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65; fastcgi_connect_timeout 3000;
fastcgi_send_timeout 3000;
fastcgi_read_timeout 3000;
fastcgi_buffer_size 256k;
fastcgi_buffers 8 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_intercept_errors on; client_header_timeout 600s;
client_body_timeout 600s; client_max_body_size 100m;
client_body_buffer_size 256k;
## support more than 15 test environments server_names_hash_max_size 512; server_names_hash_bucket_size 128;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_comp_level 9;
gzip_types text/plain application/x-javascript text/css application/xml text/javascript application/x-httpd-php;
gzip_vary on; include vhosts/*.conf;
}
EOF /bin/mkdir /data/nginx/conf/vhosts cat > /data/nginx/conf/vhosts/test.conf << EOF
server {
listen 80;
server_name localhost;
access_log logs/access.log;
error_log logs/error.log; location / {
root html;
index index.php index.html index.htm;
}
}
EOF /data/nginx/sbin/nginx --------------------motd文件管理模块--------------------
[root@puppet01 manifests]# cd /etc/puppet/modules/motd/
[root@puppet01 motd]# ls
files manifests
[root@puppet01 motd]# cd manifests/
[root@puppet01 manifests]# ls
config.pp init.pp install.pp
[root@puppet01 manifests]# cat init.pp
class motd {
include motd::config
include motd::install
}
[root@puppet01 manifests]# cat install.pp
class motd::install {
package{'setup':
ensure => present,
}
}
[root@puppet01 manifests]# cat config.pp
class motd::config {
file { "/etc/motd":
ensure => present,
owner => "root",
group => "root",
mode => 0644,
source => "puppet:///modules/motd/motd",
require => Class["motd::install"],
}
}
[root@puppet01 manifests]# ls ../files/motd
../files/motd --------------------dns文件管理模块--------------------
[root@puppet01 manifests]# cd /etc/puppet/modules/dns/
[root@puppet01 dns]# ls
files manifests
[root@puppet01 dns]# cd manifests/
[root@puppet01 manifests]# ls
config.pp init.pp
[root@puppet01 manifests]# cat init.pp
class dns {
include dns::config
}
[root@puppet01 manifests]# cat config.pp
class dns::config {
file { "/etc/resolv.conf":
ensure => present,
owner => "root",
group => "root",
mode => 0644,
source => "puppet:///modules/dns/resolv.conf",
}
}
[root@puppet01 manifests]# cat ../files/resolv.conf
search wang.com
nameserver 192.168.1.27
nameserver 192.168.1.28 --------------------chrony时间同步文件管理模块--------------------
[root@puppet01 manifests]# cd /etc/puppet/modules/chrony/
[root@puppet01 chrony]# ls
files manifests
[root@puppet01 chrony]# cd manifests/
[root@puppet01 manifests]# ls
init.pp install.pp
[root@puppet01 manifests]# cat init.pp
class chrony {
include chrony::install
}
[root@puppet01 manifests]# cat install.pp
class chrony::install {
file { "/data/software/chrony.sh":
source =>"puppet:///modules/chrony/chrony.sh",
owner => "root",
group => "root",
mode => 755
} exec {"install chrony":
cwd => "/data/software",
command => "/bin/bash -x chrony.sh",
user => "root",
group => "root",
path =>["/usr/bin:/usr/sbin:/bin:/sbin"],
creates => "/etc/chrony.conf",
require => File["/data/software/chrony.sh"]
}
}
[root@puppet01 manifests]# cat ../files/chrony.sh
#!/bin/bash
/etc/init.d/ntpd stop
/usr/bin/yum install chrony -y
cp /etc/chrony.conf /etc/chrony.conf.bak
rm -f /etc/chrony.conf
wget http://yum.wang.com/software/chrony.conf
cp -f chrony.conf /etc/
/etc/init.d/chronyd start
/usr/bin/chronyc sources -v --------------------yum文件管理模块--------------------
[root@puppet01 manifests]# cd /etc/puppet/modules/yum/
[root@puppet01 yum]# ls
files manifests
[root@puppet01 yum]# cd manifests/
[root@puppet01 manifests]# ls
config.pp init.pp
[root@puppet01 manifests]# cat init.pp
class yum {
include yum::config
}
[root@puppet01 manifests]# cat config.pp
class yum::config {
file { "/data/software/yum.sh":
source => "puppet:///modules/yum/yum.sh",
owner => "root",
group => "root",
mode => 0755,
} exec { "set yum":
cwd => "/data/software",
command => "/bin/bash yum.sh",
user => "root",
group => "root",
path =>["/usr/bin:/usr/sbin:/bin:/sbin"],
unless => "grep mirrors.wang.com /etc/yum.repos.d/CentOS-Base.repo", #当这个结果为假的时候才执行这个命令。如果结果为真,就停止执行这个命令。
require =>File["/data/software/yum.sh"]
}
} [root@puppet01 manifests]# cat ../files/yum.sh
#!/bin/bash rm -f /etc/yum.repos.d/*.repo wget http://yum.wang.com/software/CentOS-Base.repo -O /etc/yum.repos.d/CentOS-Base.repo
wget http://yum.wang.com/software/epel.repo -O /etc/yum.repos.d/epel.repo
#wget http://yum.wang.com/software/mongodb.repo yum clean all
yum makecache --------------------resolv文件管理模块--------------------
[root@puppet ~]# ls /etc/puppet/modules/
chrony dns java7 java8 motd nginx postfix resolv ssh sudo tomcat8 yum
[root@puppet ~]# cd /etc/puppet/modules/resolv/manifests/
[root@puppet manifests]# ls
config.pp init.pp
[root@puppet manifests]# cat init.pp
class resolv {
include resolv::config
}
class resolv01 {
include resolv::dns01
}
class resolv02 {
include resolv::dns02
}
[root@puppet manifests]# cat config.pp
class resolv::config {
file { "/etc/resolv.conf":
source => "puppet:///modules/resolv/resolv.conf",
ensure => "present",
owner => "root",
group => "root",
mode => 0644,
}
} [root@puppet manifests]# cat ../files/resolv.conf
search wang.com
nameserver 192.168.1.27
nameserver 192.168.1.28
options timeout:1
options attempts:1 --------------------postfix安装管理模块--------------------
[root@puppet01 manifests]# cd /etc/puppet/modules/postfix/
[root@puppet01 postfix]# ls manifests/
config.pp init.pp install.pp service.pp
[root@puppet01 postfix]# ls files/
master.cf
[root@puppet01 postfix]# ls templates/
main.cf.erb
[root@puppet01 postfix]# cat manifests/init.pp
class postfix {
include postfix::install
include postfix::config
include postfix::service
}
[root@puppet01 postfix]# cat manifests/install.pp
class postfix::install {
package { ["postfix","mailx" ]:
ensure => present,
}
}
[root@puppet01 postfix]# cat manifests/config.pp
class postfix::config {
File {
owner => 'postfix',
group => 'postfix',
mode => 0644,
} file {'/etc/postfix/master.cf':
ensure => present,
source => 'puppet:///modules/postfix/master.cf',
require => Class['postfix::install'],
notify => Class['postfix::service'],
} file {'/etc/postfix/main.cf':
ensure => present,
content => template('postfix/main.cf.erb'),
require => Class['postfix::install'],
notify => Class['postfix::service'],
}
}
[root@puppet01 postfix]# cat manifests/service.pp
class postfix::service {
service { 'postfix':
ensure => running,
hasstatus => true,
hasrestart => true,
enable => true,
require => Class['postfix::config'],
}
} [root@puppet01 postfix]# cat templates/main.cf.erb
soft_bounce = no
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
myhostname = <%= @hostname %>
mydomain = <%= @domain %>
myorigin = $mydomain
mydestination = $myhostname,localhost.$mydomain,localhost,$mydomain
unknown_local_recipient_reject_code = 550
relay_domains = $mydestination
smtpd_reject_unlisted_recipient = yes
unverified_recipient_reject_code = 500
smtpd_banner = $myhostname ESMTP
setgid_group = postdrop [root@puppet01 postfix]# ls files/master.cf
files/master.cf #注意:模板里的变量通过ERB语法从Facter的fact中获取值。fact的名称放在有<%=和%>组成的ERB括号里,在Puppet运行时,它们将被替代为Fact的实际值(即agent端的实际值)。 -------------------------------------------------------------------------------------------------- 然后在/etc/puppet/manifests/site.pp清单文件中引用这些类:
[root@puppet manifests]# cat /etc/puppet/manifests/site.pp
class base {
include chrony
include java8
include tomcat8
include nginx
include yum
include resolv
} node 'puppet02.bkjk.cn' {
include dns
include yum
} node 'dns01' {
#include dns
include yum
include ssh
include resolv
} node 'dns02' {
#include dns
include yum
include ssh
include resolv
} node 'mirrors' {
include yum
include ssh
include resolv
} 上面的dns01、dns02、mirrors都是通过内网DNS解析的。
[root@puppet manifests]# ping mirrors
PING mirrors.wang.com (192.168.1.240) 56(84) bytes of data.
64 bytes from yum.wang.com (192.168.1.240): icmp_seq=1 ttl=64 time=0.889 ms
...... -------------------------------------------------------------------------------------------------- 最后在puppet agent端连接puppet master,进行应用同步管理。
[root@puppet02 ~]# puppet agent --test --server=puppet01.wang.com
Notice: Ignoring --listen on onetime run
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for puppet02.wang.com
Info: Applying configuration version '1501429243'
Notice: /Stage[main]/Chrony::Install/File[/data/software/chrony.sh]/ensure: defined content as '{md5}fe7f9787a7cae33ed0e00c26f880b145'
Notice: /Stage[main]/Chrony::Install/Exec[install chrony]/returns: executed successfully
........ 执行成功后,在puppet agent节点机器上进行验证。后续再对这些应用配置进行管理时,只需在puppet master进行维护操作,puppet agent端会自动进行同步管理的。 ------------------------------------------------------------------------------------------------------
[root@puppet dns]# puppet agent -t #puppet服务端测试连接
[root@puppet dns]# puppet agent --help 配置说明:
class source::exec2{
exec { "install nginx":
cwd =>"/tmp/rhel5/nginx", #目录存在的情况下执行command
command =>"tar -zxvf nginx-0.8.42.tar.gz && cd nginx-0.8.42 &&./configure --user=nginx --group=nginx --prefix=/usr/local/nginx --without-http-cache && make&&make install",
path => ["/usr/bin","/usr/sbin","/bin","/sbin"],
logoutput => on_failure,
unless => "/bin/ls /usr/local/nginx/conf", #命令返回值不为0的情况下执行commond
require => Class[source::file1,source::user]
notify => Class["source::exec3"],
} [root@puppet dns]# /bin/ls /data/nginx/conf/nginx.conf
/data/nginx/conf/nginx.conf
[root@puppet dns]# echo $?
0
手动编写的几个简单的puppet管理配置的更多相关文章
- 手动编写一个简单的loadrunner脚本
loadrunner除了自动录制脚本外,还可以手动编写脚本,通过右键+inset step添加步骤,还可以手动添加事务,集合点等 下面是一个简单的Action脚本,服务是运行在本机的flask服务: ...
- NATS_08:NATS客户端Go语言手动编写
NATS客户端 一个NATS客户端是基于NATS服务端来说既可以是一个生产数据的也可以是消费数据的.生产数据的叫生产者英文为 publishers,消费数据的叫消费者英文为 subscriber ...
- katalon系列五:使用Katalon Studio手动编写WEB自动化脚本
上一篇主要讲了怎么录制脚本,这次我们看看怎么手动编写脚本,接下来就编写一个简单的用百度搜索的脚本. 1.我们先抓取页面上的元素,点击工具栏上的Spy Web按钮(地球上有个绿点),URL输入百度地址, ...
- C# 手动编写 DataSet,DataTable 及遍历DataSet中的数据
一.手动编写DataSet: 有时候不想从数据库导出 DataSet,或者有其他的需要,要将数据库里的DataSet包装成另一个样子,这个时候,了解DataSet的内部结构就非常必要.DataS ...
- 性能测试总结工作总结-基于WebService协议脚本 内置函数手动编写
LoadRunner基于WebService协议脚本 WebService协议脚本有三种生成方式,一种是直接通过LoadRunner导入URL自动解析生成:一种是使用LoadRunner内置函数手动编 ...
- 学习LSM(Linux security module)之二:编写并运行一个简单的demo
各种折腾,经过了一个蛋疼的周末,终于在Ubuntu14.04上运行了一个基于LSM的简单demo程序. 一:程序编写 先简单的看一下这个demo: //demo_lsm.c#include <l ...
- 深入浅出 Cocoa 之 Core Data(2)- 手动编写代码
深入浅出 Cocoa 之 Core Data(2)- 代码示例 罗朝辉(http://blog.csdn.net/kesalin) CC 许可,转载请注明出处 前面详细讲解了 Core Data 的框 ...
- puppet的配置
1时间问题 agent与master端务必要保持时间的一致性,最好使用ntp服务 检查ntp服务是否安装 [root@master-elk ~]# rpm -qa|grep ntp ntpdate-. ...
- puppet的配置清单书写
puppet的配置清单书写 1使用数组,合并同类的 例如你想安装很多软件,如果分开来写的话,很麻烦,不简洁,这时我们可以使用数组来完成 以前我们这样来写 class packages{ package ...
随机推荐
- fedora输入法
fedora自带输入法,另外如果自己鼓捣的话很可能身心俱疲. 打开设置(在桌面右击也能打开) 区域和语言 在输入源中添加 汉语(中国) 快捷键 输入源切换:win+space 中英文切换:shift
- 创建随机的9x9数独游戏终盘并打印
创建随机的9x9数独游戏终盘并打印 项目github地址 1. 项目相关要求 1.1 要求 利用程序随机构造出N个已解答的9x9数独棋盘 . 输入 数独棋盘题目个数N(0<N<=10000 ...
- Alpha冲刺!Day13 - 小结
Alpha冲刺!Day13 - 小结 各个成员今日完成的任务 今天团队极限编程12小时,从早上九点要求每个人给出一张电脑全屏截图以示开始干活,每两小时汇报进度确认已经做了什么.现在在做什么. 各节点列 ...
- bootstrap table使用及遇到的问题
本人前端菜鸟一枚,最近使用bootstrap table实现表格,记录一下以便日后翻阅,废话不多说,先看效果图: 1.首先说下要实现该效果需要添加的css样式及所需的js文件,具体下载地址就不粘贴了( ...
- IO流_文件切割与合并(带配置信息)
在切割文件的时候应该生成一个记录文件信息的文件,以便在以后合并文件的时候知道这个文件原来的文件名和记录文件切割完后生成了多少个切割文件 import java.io.File; import java ...
- Android开发学习笔记(二)——编译和运行原理(1)
http://www.cnblogs.com/Pickuper/archive/2011/06/14/2078969.html 接着上一篇的内容,继续从全局了解Android.在清楚了Android的 ...
- exec dbms_stats.gather_schema_stats 手动优化统计
Oracle10g或以上版本.exec dbms_stats.gather_schema_stats(ownname => 'DFMS', options => 'GATHER AUTO' ...
- CNAME记录和A记录
主机名:host.abcd.com 别名:一台主机可以提供多种服务,比如http服务和mail服务. 访问http服务就可以使用域名:www.abcd.com 访问mail服务就可以使用域名:mail ...
- .Net修改网站项目调试时的虚拟目录(未验证)
有些项目需要在IIS发布的时候,将网站发布到虚拟目录,为了保持调试和发布的路径同一,一般会修改VS调试的虚拟目录 一.Web应用程序 Web应用程序的修改方式非常简单,在解决方案资源管理器->项 ...
- StringRedisTemplate操作redis数据
StringRedisTemplate与RedisTemplate区别点 两者的关系是StringRedisTemplate继承RedisTemplate. 两者的数据是不共通的:也就是说String ...