手动编写的几个简单的puppet管理配置
puppet在自动化配置管理方面有很强大的优势,这里就不做过多介绍了,下面记录下几个简单的puppet管理配置:
一、首先在服务端和客户端安装puppet和facter
1)服务端
安装Puppet Labs
# rpm -ivh http://yum.puppetlabs.com/el/6.5/products/x86_64/puppetlabs-release-6-12.noarch.rpm 安装Puppet和facter
# yum install puppet puppet-server facter 2)客户端
安装Puppet Labs
# rpm -ivh http://yum.puppetlabs.com/el/6.5/products/x86_64/puppetlabs-release-6-12.noarch.rpm 安装Puppet和facter
# yum install puppet facter
二、puppet配置及证书签收
1)客户端和服务端分别做host主机映射(或者做内网DNS解析)
192.168.1.10 puppet01.wang.com #服务端
192.168.1.11 puppet02.wang.com #客户端 2)在客服端的puppet.conf配置文件里
[root@puppet02 ~]# cat /etc/puppet/puppet.conf
[main]
server=puppet01.wang.com
...... 3)分别启动puppet服务(注意服务端和客户端的iptables防火墙最好关闭,如果开启的话,要记得开放puppet端口8140的访问)
服务端
[root@puppet01 ~]# /etc/init.d/puppetmaster start 客服端
[root@puppet02 ~]# /etc/init.d/puppet start 4)自动注册证书配置
服务端
[root@puppet01 ~]# cat /etc/puppet/puppet.conf
[main]
......
autosign = true
autosign = /etc/puppet/autosign.conf [root@puppet01 ~]# cat /etc/puppet/autosign.conf #创建自动注册配置文件,下面表示对所有主机的注册进行签收
* [root@puppet01 ~]# /etc/init.d/puppetmaster restart 客户端进行注册
[root@puppet02 ~]# puppet agent --test --server=puppet01.wang.com
Notice: Ignoring --listen on onetime run
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for puppet02.wang.com
Info: Applying configuration version '1501320900'
Notice: Finished catalog run in 0.42 seconds 服务端发现已经自动签收了证书
[root@puppet01 ~]# puppet cert --list --all
+ "puppet01.wang.com" (SHA256) 3E:99:64:73:14:D5:BA:01:62:2F:53:62:A6:07:55:AB:BA:BE:70:6E:7E:60:7A:81:41:10:63:78:C0:FD:E4:56 (alt names: "DNS:puppet", "DNS:puppet.wang.com", "DNS:puppet01.wang.com")
+ "puppet02.wang.com" (SHA256) A4:EF:73:62:3A:DD:F9:2E:E4:12:8F:2E:AE:90:96:43:95:7A:4C:9F:38:02:44:B7:81:C5:08:B5:16:95:42:0B
三、puppet自动化管理配置
在puppet master服务端进行puppet管理条目的配置,配置好之后,这些条目会被发送到puppet agent节点机器上,并被应用到agent节点机器上(即puppet master的"推"操作)。如果agent节点机器以守护进程方式运行,
它会默认每隔30分钟连接一次,并检查自己所在主机的配置是否发生了变化或者增加了新的配置。可以通过修改agent上/etc/puppet/puppet.conf文件中的runinterval项来修改这个时间间隔,比如修改时间间隔为1小时
"runinterval = 3600"。同时,agent节点机器也可以通过cron进行定时任务的主动连接(即puppet agent的"拉"操作),
结合master和agent的一"推"一"拉"的操作。 1)在puppet master端进行配置
[root@puppet01 puppet]# ll
total 36
-rw-r--r-- 1 root root 4178 Jul 29 16:25 auth.conf
-rw-r--r-- 1 root root 2 Jul 29 16:25 autosign.conf
drwxr-xr-x 3 root root 4096 Jul 29 16:25 environments
-rw-r--r-- 1 root root 1462 Jul 29 16:25 fileserver.conf
drwxr-xr-x 2 root root 4096 Jul 29 17:22 manifests
drwxr-xr-x 13 root root 4096 Jul 29 17:03 modules
-rw-r--r-- 1 root root 915 Jul 29 16:25 puppet.conf 先创建模块可以手动创建,也可以通过命令创建,不过要修改模块名称。
[root@puppet01 puppet]# cd modules/
[root@puppet01 modules]# puppet module generate propupet-ssh #命令行创建模块的命令。模块名称格式"puppet-模块名""
[root@puppet01 modules]# mv propupet-ssh ssh #修改为ssh模块 或者手动创建模块
[root@puppet01 modules]# mkdir ssh #不过还要手动创建模块下的目录结构
[root@puppet01 modules]# mkdir ssh/files #保存模块需要用到的文件
[root@puppet01 modules]# mkdir ssh/manifests #puppet配置文件的存放目录
[root@puppet01 modules]# mkdir ssh/templates #保存模块中用到的模板 modules模块配置好之后,要在/etc/puppet/manifests/site.pp清单文件中进行引用(如下最后会提到)。 2)参考下面几个模块的配置:
[root@puppet01 modules]# pwd
/etc/puppet/modules --------------------ssh安装管理模块--------------------
[root@puppet01 manifests]# cd /etc/puppet/modules/ssh
[root@puppet01 ssh]# cd manifests/
[root@puppet01 manifests]# ls
config.pp init.pp install.pp service.pp
[root@puppet01 manifests]# cat init.pp
class ssh {
class { '::ssh::install':} ->
class { '::ssh::config':} ->
class { '::ssh::service':} ->
Class['ssh']
}
[root@puppet01 manifests]# cat install.pp
class ssh::install {
package { "openssh": #安装包名为openssh
ensure => present, #保证该包被安装
}
}
[root@puppet01 manifests]# cat config.pp
class ssh::config {
file { "/etc/ssh/sshd_config": #ssh诸如端口、用户名、密码登录的控制都可以事先放在模块的files下的sshd_config文件了,然后利用puppet同步到目标机器上。修改后会自动重启sshd(service类里会自动重启)
ensure => present,
owner => 'root',
group => 'root',
mode => 0600,
source => "puppet:///modules/ssh/sshd_config", #即sshd_config文件存放在/etc/puppet/modules/ssh/files目录下。注意files目录不写在路径中。
require => Class["ssh::install"], #该文件资源存在的前提条件
notify => Class["ssh::service"], #该文件资源存在后通知ssh::service类
}
}
[root@puppet01 manifests]# cat service.pp
class ssh::service {
service { "sshd":
ensure => running,
hasstatus => true,
hasrestart =>true,
enable => true,
require => Class["ssh::config"],
}
} [root@puppet01 manifests]# ls ../files/sshd_config
../files/sshd_config --------------------DNS配置管理--------------------
[root@puppet ~]# cd /etc/puppet/modules/dns/
[root@puppet dns]# ls
files manifests
[root@puppet dns]# cd manifests/
[root@puppet manifests]# ls
config.pp init.pp restart.pp setup.pp
[root@puppet manifests]# cat init.pp
class dns {
include dns::config
include dns::setup
include dns::restart
}
[root@puppet manifests]# cat config.pp
class dns::config {
file { "/etc/named":
ensure => directory,
source => "puppet:///modules/dns/pro-dns/DNS/etc/named",
recurse => true,
} file { "/var/named":
ensure => directory,
source =>"puppet:///modules/dns/pro-dns/DNS/var/named",
recurse => true,
}
} [root@puppet manifests]# cat setup.pp
class dns::setup {
exec {"Set permissions of etc-named":
cwd => "/etc",
command => "/bin/chown -R root.named named",
path =>["/usr/bin:/usr/sbin:/bin:/sbin"],
require => Class["dns::config"],
} exec {"Set permissions of var-named":
cwd => "/var",
command => "/bin/chown -R root.named named && /bin/chown -R named.named named/data/",
path =>["/usr/bin:/usr/sbin:/bin:/sbin"],
require => Class["dns::config"],
} }
[root@puppet manifests]# cat restart.pp
class dns::restart {
exec {"restart named service":
command => "service named restart",
path => ["/usr/bin:/usr/sbin:/bin:/sbin"],
require => Class["dns::config"],
}
} files目录下存放的是DNS的配置文件和正反向解析文件(可以放到gitlab的pro-dns项目的DNS目录下,通过git clone下载)
[root@puppet manifests]# cd ../files/
[root@puppet files]# ls
pro-dns
[root@puppet files]# ls pro-dns/DNS/
etc var
[root@puppet files]# ls pro-dns/DNS/etc/named/
named.conf
[root@puppet files]# ls pro-dns/DNS/var/named/
192.168.10.zone 192.168.16.zone 192.168.32.zone 192.168.33.zone 192.168.34.zone 192.168.64.zone 192.168.8.zone wangshibo.cn --------------------java7安装管理模块--------------------
[root@puppet01 java7]# cd manifests/
[root@puppet01 manifests]# ls
init.pp install.pp
[root@puppet01 manifests]# cat init.pp
class java7 {
include java7::install
}
[root@puppet01 manifests]# cat install.pp
class java7::install {
file { "/data/software/java-jdk7_install.sh": #文件资源
source => "puppet:///modules/java7/java-jdk7_install.sh",
owner => root,
group => root,
mode => 0755
} exec { "install jdk": #命令资源
cwd => "/data/software",
command => "/bin/bash java-jdk7_install.sh",
user => "root",
group => "root",
path =>["/usr/bin:/usr/sbin:/bin:/sbin"],
creates =>"/usr/java/jdk1.7.0_80", #当/usr/java/jdk1.7.0_80文件存在时,不执行该命令。只有当不存在时执行!
require =>File["/data/software/java-jdk7_install.sh"] #该命令资源执行的前提条件
}
}
[root@puppet01 manifests]# cd ../files/
[root@puppet01 files]# ll
total 4
-rwxr-xr-x 1 root root 756 Jul 29 16:25 java-jdk7_install.sh
[root@puppet01 files]# cat java-jdk7_install.sh
#!/bin/bash /bin/rpm -qa|grep jdk|xargs rpm -e # install jdk7
/bin/rpm -ivh http://yum.wang.com/software/jdk-7u80-linux-x64.rpm # set env
NUM=`cat /etc/profile|grep "JAVA_HOME"|wc -l`
JDK=`cat /etc/profile|grep "JAVA_HOME="|cut -d"=" -f2|awk -F"/" '{print $4}'`
if [ $NUM -ne 0 ];then
/bin/sed -i 's#'$JDK'#jdk1.7.0_80#g' /etc/profile
else
echo "JAVA_HOME=/usr/java/jdk1.7.0_80" >> /etc/profile
echo "JAVA_BIN=/usr/java/jdk1.7.0_80/bin" >> /etc/profile
echo "PATH=/usr/lib64/qt-3.3/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin:/bin" >> /etc/profile
echo "CLASSPATH=.:/lib/dt.jar:/lib/tools.jar" >> /etc/profile
echo "export JAVA_HOME JAVA_BIN PATH CLASSPATH" >> /etc/profile
fi source /etc/profile --------------------java8安装管理模块--------------------
[root@puppet01 files]# cd /etc/puppet/modules/java8
[root@puppet01 java8]# ls
files manifests
[root@puppet01 java8]# cd manifests/
[root@puppet01 manifests]# ls
init.pp install.pp
[root@puppet01 manifests]# cat init.pp
class java8 {
include java8::install
}
[root@puppet01 manifests]# cat install.pp
class java8::install {
file { "/data/software/java-jdk8_install.sh":
source => "puppet:///modules/java8/java-jdk8_install.sh",
owner => root,
group => root,
mode => 0755
} exec { "install jdk":
cwd => "/data/software",
command => "/bin/bash java-jdk8_install.sh",
user => "root",
group => "root",
path =>["/usr/bin:/usr/sbin:/bin:/sbin"],
creates =>"/usr/java/jdk1.8.0_131",
require =>File["/data/software/java-jdk8_install.sh"]
}
}
[root@puppet01 manifests]# cat ../files/java-jdk8_install.sh
#!/bin/bash /bin/rpm -qa|grep jdk|xargs rpm -e # install jdk8 jdk7
/bin/rpm -ivh http://yum.wang.com/software/jdk-8u131-linux-x64.rpm # set env
NUM=`cat /etc/profile|grep "JAVA_HOME"|wc -l`
JDK=`cat /etc/profile|grep "JAVA_HOME="|cut -d"=" -f2|awk -F"/" '{print $4}'`
if [ $NUM -ne 0 ];then
/bin/sed -i 's#'$JDK'#jdk1.8.0_131#g' /etc/profile
else
echo "JAVA_HOME=/usr/java/jdk1.8.0_131" >> /etc/profile
echo "JAVA_BIN=/usr/java/jdk1.8.0_131/bin" >> /etc/profile
echo "PATH=/usr/lib64/qt-3.3/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin:/bin" >> /etc/profile
echo "CLASSPATH=.:/lib/dt.jar:/lib/tools.jar" >> /etc/profile
echo "export JAVA_HOME JAVA_BIN PATH CLASSPATH" >> /etc/profile
fi source /etc/profile --------------------tomcat8安装管理模块--------------------
[root@puppet01 manifests]# cd /etc/puppet/modules/tomcat8/
[root@puppet01 tomcat8]# ls
files manifests
[root@puppet01 tomcat8]# cd manifests/
[root@puppet01 manifests]# ls
init.pp install.pp
[root@puppet01 manifests]# cat init.pp
class tomcat8 {
include tomcat8::install
} [root@puppet01 manifests]# cat install.pp
class tomcat8::install {
file { "/data/software/apache-tomcat-8.5.15.tar.gz":
source =>"puppet:///modules/tomcat8/apache-tomcat-8.5.15.tar.gz",
owner => "root",
group => "root",
mode => 755
} exec {"install tomcat":
cwd => "/data/software",
command => "/bin/tar -zvxf apache-tomcat-8.5.15.tar.gz && mv apache-tomcat-8.5.15 /data/tomcat",
user => "root",
group => "root",
path =>["/usr/bin:/usr/sbin:/bin:/sbin"],
creates => "/data/tomcat",
require => File["/data/software/apache-tomcat-8.5.15.tar.gz"]
}
}
[root@puppet01 manifests]# ls ../files/
apache-tomcat-8.5.15.tar.gz --------------------nginx安装管理模块--------------------
[root@puppet01 manifests]# cd /etc/puppet/modules/nginx/
[root@puppet01 nginx]# ls
files manifests
[root@puppet01 nginx]# cd manifests/
[root@puppet01 manifests]# ls
init.pp install.pp
[root@puppet01 manifests]# cat init.pp
class nginx {
include nginx::install
}
[root@puppet01 manifests]# cat install.pp
class nginx::install {
file { "/data/software/nginx1.10_install.sh":
source =>"puppet:///modules/nginx/nginx1.10_install.sh",
owner => "root",
group => "root",
mode => 755
} exec {"install nginx":
cwd => "/data/software",
command => "/bin/bash -x nginx1.10_install.sh",
user => "root",
group => "root",
path =>["/usr/bin:/usr/sbin:/bin:/sbin"],
creates => "/data/nginx/conf/nginx.conf",
require => File["/data/software/nginx1.10_install.sh"]
}
}
[root@puppet01 manifests]# cat ../files/nginx1.10_install.sh
#!/bin/bash
#基础环境准备
/usr/sbin/groupadd -r nginx
/usr/sbin/useradd -r -g nginx -s /bin/false -M nginx
/usr/bin/yum install -y pcre pcre-devel openssl openssl-devel gcc #编译安装nginx1.10
cd /data/software/
/usr/bin/wget http://yum.wang.com/software/nginx-1.10.3.tar.gz
/bin/tar -zvxf nginx-1.10.3.tar.gz
cd nginx-1.10.3
./configure --prefix=/data/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_flv_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre
make && make install #配置nginx
cp /data/nginx/conf/nginx.conf /data/nginx/conf/nginx.conf.bak
> /data/nginx/conf/nginx.conf cat > /data/nginx/conf/nginx.conf << EOF
user nobody;
worker_processes 8; #error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info; events {
worker_connections 65535;
} http {
server_tokens off;
include mime.types;
default_type application/octet-stream;
charset utf-8; log_format main '$http_x_forwarded_for $remote_addr $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_cookie" $host $request_time';
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65; fastcgi_connect_timeout 3000;
fastcgi_send_timeout 3000;
fastcgi_read_timeout 3000;
fastcgi_buffer_size 256k;
fastcgi_buffers 8 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_intercept_errors on; client_header_timeout 600s;
client_body_timeout 600s; client_max_body_size 100m;
client_body_buffer_size 256k;
## support more than 15 test environments server_names_hash_max_size 512; server_names_hash_bucket_size 128;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_comp_level 9;
gzip_types text/plain application/x-javascript text/css application/xml text/javascript application/x-httpd-php;
gzip_vary on; include vhosts/*.conf;
}
EOF /bin/mkdir /data/nginx/conf/vhosts cat > /data/nginx/conf/vhosts/test.conf << EOF
server {
listen 80;
server_name localhost;
access_log logs/access.log;
error_log logs/error.log; location / {
root html;
index index.php index.html index.htm;
}
}
EOF /data/nginx/sbin/nginx --------------------motd文件管理模块--------------------
[root@puppet01 manifests]# cd /etc/puppet/modules/motd/
[root@puppet01 motd]# ls
files manifests
[root@puppet01 motd]# cd manifests/
[root@puppet01 manifests]# ls
config.pp init.pp install.pp
[root@puppet01 manifests]# cat init.pp
class motd {
include motd::config
include motd::install
}
[root@puppet01 manifests]# cat install.pp
class motd::install {
package{'setup':
ensure => present,
}
}
[root@puppet01 manifests]# cat config.pp
class motd::config {
file { "/etc/motd":
ensure => present,
owner => "root",
group => "root",
mode => 0644,
source => "puppet:///modules/motd/motd",
require => Class["motd::install"],
}
}
[root@puppet01 manifests]# ls ../files/motd
../files/motd --------------------dns文件管理模块--------------------
[root@puppet01 manifests]# cd /etc/puppet/modules/dns/
[root@puppet01 dns]# ls
files manifests
[root@puppet01 dns]# cd manifests/
[root@puppet01 manifests]# ls
config.pp init.pp
[root@puppet01 manifests]# cat init.pp
class dns {
include dns::config
}
[root@puppet01 manifests]# cat config.pp
class dns::config {
file { "/etc/resolv.conf":
ensure => present,
owner => "root",
group => "root",
mode => 0644,
source => "puppet:///modules/dns/resolv.conf",
}
}
[root@puppet01 manifests]# cat ../files/resolv.conf
search wang.com
nameserver 192.168.1.27
nameserver 192.168.1.28 --------------------chrony时间同步文件管理模块--------------------
[root@puppet01 manifests]# cd /etc/puppet/modules/chrony/
[root@puppet01 chrony]# ls
files manifests
[root@puppet01 chrony]# cd manifests/
[root@puppet01 manifests]# ls
init.pp install.pp
[root@puppet01 manifests]# cat init.pp
class chrony {
include chrony::install
}
[root@puppet01 manifests]# cat install.pp
class chrony::install {
file { "/data/software/chrony.sh":
source =>"puppet:///modules/chrony/chrony.sh",
owner => "root",
group => "root",
mode => 755
} exec {"install chrony":
cwd => "/data/software",
command => "/bin/bash -x chrony.sh",
user => "root",
group => "root",
path =>["/usr/bin:/usr/sbin:/bin:/sbin"],
creates => "/etc/chrony.conf",
require => File["/data/software/chrony.sh"]
}
}
[root@puppet01 manifests]# cat ../files/chrony.sh
#!/bin/bash
/etc/init.d/ntpd stop
/usr/bin/yum install chrony -y
cp /etc/chrony.conf /etc/chrony.conf.bak
rm -f /etc/chrony.conf
wget http://yum.wang.com/software/chrony.conf
cp -f chrony.conf /etc/
/etc/init.d/chronyd start
/usr/bin/chronyc sources -v --------------------yum文件管理模块--------------------
[root@puppet01 manifests]# cd /etc/puppet/modules/yum/
[root@puppet01 yum]# ls
files manifests
[root@puppet01 yum]# cd manifests/
[root@puppet01 manifests]# ls
config.pp init.pp
[root@puppet01 manifests]# cat init.pp
class yum {
include yum::config
}
[root@puppet01 manifests]# cat config.pp
class yum::config {
file { "/data/software/yum.sh":
source => "puppet:///modules/yum/yum.sh",
owner => "root",
group => "root",
mode => 0755,
} exec { "set yum":
cwd => "/data/software",
command => "/bin/bash yum.sh",
user => "root",
group => "root",
path =>["/usr/bin:/usr/sbin:/bin:/sbin"],
unless => "grep mirrors.wang.com /etc/yum.repos.d/CentOS-Base.repo", #当这个结果为假的时候才执行这个命令。如果结果为真,就停止执行这个命令。
require =>File["/data/software/yum.sh"]
}
} [root@puppet01 manifests]# cat ../files/yum.sh
#!/bin/bash rm -f /etc/yum.repos.d/*.repo wget http://yum.wang.com/software/CentOS-Base.repo -O /etc/yum.repos.d/CentOS-Base.repo
wget http://yum.wang.com/software/epel.repo -O /etc/yum.repos.d/epel.repo
#wget http://yum.wang.com/software/mongodb.repo yum clean all
yum makecache --------------------resolv文件管理模块--------------------
[root@puppet ~]# ls /etc/puppet/modules/
chrony dns java7 java8 motd nginx postfix resolv ssh sudo tomcat8 yum
[root@puppet ~]# cd /etc/puppet/modules/resolv/manifests/
[root@puppet manifests]# ls
config.pp init.pp
[root@puppet manifests]# cat init.pp
class resolv {
include resolv::config
}
class resolv01 {
include resolv::dns01
}
class resolv02 {
include resolv::dns02
}
[root@puppet manifests]# cat config.pp
class resolv::config {
file { "/etc/resolv.conf":
source => "puppet:///modules/resolv/resolv.conf",
ensure => "present",
owner => "root",
group => "root",
mode => 0644,
}
} [root@puppet manifests]# cat ../files/resolv.conf
search wang.com
nameserver 192.168.1.27
nameserver 192.168.1.28
options timeout:1
options attempts:1 --------------------postfix安装管理模块--------------------
[root@puppet01 manifests]# cd /etc/puppet/modules/postfix/
[root@puppet01 postfix]# ls manifests/
config.pp init.pp install.pp service.pp
[root@puppet01 postfix]# ls files/
master.cf
[root@puppet01 postfix]# ls templates/
main.cf.erb
[root@puppet01 postfix]# cat manifests/init.pp
class postfix {
include postfix::install
include postfix::config
include postfix::service
}
[root@puppet01 postfix]# cat manifests/install.pp
class postfix::install {
package { ["postfix","mailx" ]:
ensure => present,
}
}
[root@puppet01 postfix]# cat manifests/config.pp
class postfix::config {
File {
owner => 'postfix',
group => 'postfix',
mode => 0644,
} file {'/etc/postfix/master.cf':
ensure => present,
source => 'puppet:///modules/postfix/master.cf',
require => Class['postfix::install'],
notify => Class['postfix::service'],
} file {'/etc/postfix/main.cf':
ensure => present,
content => template('postfix/main.cf.erb'),
require => Class['postfix::install'],
notify => Class['postfix::service'],
}
}
[root@puppet01 postfix]# cat manifests/service.pp
class postfix::service {
service { 'postfix':
ensure => running,
hasstatus => true,
hasrestart => true,
enable => true,
require => Class['postfix::config'],
}
} [root@puppet01 postfix]# cat templates/main.cf.erb
soft_bounce = no
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
myhostname = <%= @hostname %>
mydomain = <%= @domain %>
myorigin = $mydomain
mydestination = $myhostname,localhost.$mydomain,localhost,$mydomain
unknown_local_recipient_reject_code = 550
relay_domains = $mydestination
smtpd_reject_unlisted_recipient = yes
unverified_recipient_reject_code = 500
smtpd_banner = $myhostname ESMTP
setgid_group = postdrop [root@puppet01 postfix]# ls files/master.cf
files/master.cf #注意:模板里的变量通过ERB语法从Facter的fact中获取值。fact的名称放在有<%=和%>组成的ERB括号里,在Puppet运行时,它们将被替代为Fact的实际值(即agent端的实际值)。 -------------------------------------------------------------------------------------------------- 然后在/etc/puppet/manifests/site.pp清单文件中引用这些类:
[root@puppet manifests]# cat /etc/puppet/manifests/site.pp
class base {
include chrony
include java8
include tomcat8
include nginx
include yum
include resolv
} node 'puppet02.bkjk.cn' {
include dns
include yum
} node 'dns01' {
#include dns
include yum
include ssh
include resolv
} node 'dns02' {
#include dns
include yum
include ssh
include resolv
} node 'mirrors' {
include yum
include ssh
include resolv
} 上面的dns01、dns02、mirrors都是通过内网DNS解析的。
[root@puppet manifests]# ping mirrors
PING mirrors.wang.com (192.168.1.240) 56(84) bytes of data.
64 bytes from yum.wang.com (192.168.1.240): icmp_seq=1 ttl=64 time=0.889 ms
...... -------------------------------------------------------------------------------------------------- 最后在puppet agent端连接puppet master,进行应用同步管理。
[root@puppet02 ~]# puppet agent --test --server=puppet01.wang.com
Notice: Ignoring --listen on onetime run
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for puppet02.wang.com
Info: Applying configuration version '1501429243'
Notice: /Stage[main]/Chrony::Install/File[/data/software/chrony.sh]/ensure: defined content as '{md5}fe7f9787a7cae33ed0e00c26f880b145'
Notice: /Stage[main]/Chrony::Install/Exec[install chrony]/returns: executed successfully
........ 执行成功后,在puppet agent节点机器上进行验证。后续再对这些应用配置进行管理时,只需在puppet master进行维护操作,puppet agent端会自动进行同步管理的。 ------------------------------------------------------------------------------------------------------
[root@puppet dns]# puppet agent -t #puppet服务端测试连接
[root@puppet dns]# puppet agent --help 配置说明:
class source::exec2{
exec { "install nginx":
cwd =>"/tmp/rhel5/nginx", #目录存在的情况下执行command
command =>"tar -zxvf nginx-0.8.42.tar.gz && cd nginx-0.8.42 &&./configure --user=nginx --group=nginx --prefix=/usr/local/nginx --without-http-cache && make&&make install",
path => ["/usr/bin","/usr/sbin","/bin","/sbin"],
logoutput => on_failure,
unless => "/bin/ls /usr/local/nginx/conf", #命令返回值不为0的情况下执行commond
require => Class[source::file1,source::user]
notify => Class["source::exec3"],
} [root@puppet dns]# /bin/ls /data/nginx/conf/nginx.conf
/data/nginx/conf/nginx.conf
[root@puppet dns]# echo $?
0
手动编写的几个简单的puppet管理配置的更多相关文章
- 手动编写一个简单的loadrunner脚本
loadrunner除了自动录制脚本外,还可以手动编写脚本,通过右键+inset step添加步骤,还可以手动添加事务,集合点等 下面是一个简单的Action脚本,服务是运行在本机的flask服务: ...
- NATS_08:NATS客户端Go语言手动编写
NATS客户端 一个NATS客户端是基于NATS服务端来说既可以是一个生产数据的也可以是消费数据的.生产数据的叫生产者英文为 publishers,消费数据的叫消费者英文为 subscriber ...
- katalon系列五:使用Katalon Studio手动编写WEB自动化脚本
上一篇主要讲了怎么录制脚本,这次我们看看怎么手动编写脚本,接下来就编写一个简单的用百度搜索的脚本. 1.我们先抓取页面上的元素,点击工具栏上的Spy Web按钮(地球上有个绿点),URL输入百度地址, ...
- C# 手动编写 DataSet,DataTable 及遍历DataSet中的数据
一.手动编写DataSet: 有时候不想从数据库导出 DataSet,或者有其他的需要,要将数据库里的DataSet包装成另一个样子,这个时候,了解DataSet的内部结构就非常必要.DataS ...
- 性能测试总结工作总结-基于WebService协议脚本 内置函数手动编写
LoadRunner基于WebService协议脚本 WebService协议脚本有三种生成方式,一种是直接通过LoadRunner导入URL自动解析生成:一种是使用LoadRunner内置函数手动编 ...
- 学习LSM(Linux security module)之二:编写并运行一个简单的demo
各种折腾,经过了一个蛋疼的周末,终于在Ubuntu14.04上运行了一个基于LSM的简单demo程序. 一:程序编写 先简单的看一下这个demo: //demo_lsm.c#include <l ...
- 深入浅出 Cocoa 之 Core Data(2)- 手动编写代码
深入浅出 Cocoa 之 Core Data(2)- 代码示例 罗朝辉(http://blog.csdn.net/kesalin) CC 许可,转载请注明出处 前面详细讲解了 Core Data 的框 ...
- puppet的配置
1时间问题 agent与master端务必要保持时间的一致性,最好使用ntp服务 检查ntp服务是否安装 [root@master-elk ~]# rpm -qa|grep ntp ntpdate-. ...
- puppet的配置清单书写
puppet的配置清单书写 1使用数组,合并同类的 例如你想安装很多软件,如果分开来写的话,很麻烦,不简洁,这时我们可以使用数组来完成 以前我们这样来写 class packages{ package ...
随机推荐
- asp在线压缩和解压缩文件(文件夹)
<%'\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'\\'\\ 1. c:\windows\system32\cmd.e ...
- 3星|《AI极简经济学》:AI的预测、决策、战略等方面的应用案例介绍
AI极简经济学 主要内容是AI的各种应用案例介绍.作者把这些案例分到五个部分介绍:预测.决策.工具.战略.社会. 看书名和介绍以为会从经济学的角度解读AI,有更多的新鲜的视角和观点,读后比较失望,基本 ...
- January 09th, 2018 Week 02nd Tuesday
Use the smile to change the world. Don't let the world change your smile. 用你的笑容去改变这个世界,别让这个世界改变了你的笑容 ...
- Ulua对象管理方式
不管是C++中还是在C#中,在都绕不开一个问题:类对象怎么在Lua中使用的问题,还好Lua提供了Userdata以及ligh Userdata结构类型,通过扩展可以处理这方面的问题.现在的很多框架也大 ...
- css 位置居中篇,flex布局【转】
最近看到沅老师的博客,关于flex布局的,觉得不错,http://www.ruanyifeng.com/blog/2015/07/flex-grammar.html
- python之面向对象进阶2
封装.property装饰器 封装分为3种情况:封装对象的属性.封装类的属性.封装方法. 封装对象的属性:(在属性名前加双下划线__) class Person: def __init__(self, ...
- vue.js 防暴力点击方案
import lodash from 'lodash' <input v-on:onclick ="doStuff">methods: { doStuff:loadsh ...
- openzeppelin-solidity/contracts的代码学习——access
https://github.com/OpenZeppelin/openzeppelin-solidity/tree/master/contracts/access access - Smart co ...
- activemq5.14+zookeeper3.4.9实现高可用
一.activeMQ主要的几类部署方式比较1.默认的单机部署(kahadb)activeMQ的默认存储的单机方式,以本地kahadb文件的方式存储,所以性能指标完全依赖本地磁盘IO,不能提供高可用. ...
- Android TextView的属性设置为textstyle="bold"时 中文的“¥”不显示
昨天在修改列表的时候出现了一个挺让人纠结的问题.在TextView中“¥”符号无论如何也显示不出来.尝试了使用气的特殊符号,都是能够正确显示的. 最后百度google了一圈也没找出个所以然来.于是觉得 ...