puppet在自动化配置管理方面有很强大的优势,这里就不做过多介绍了,下面记录下几个简单的puppet管理配置:

一、首先在服务端和客户端安装puppet和facter

1)服务端
安装Puppet Labs
# rpm -ivh http://yum.puppetlabs.com/el/6.5/products/x86_64/puppetlabs-release-6-12.noarch.rpm 安装Puppet和facter
# yum install puppet puppet-server facter 2)客户端
安装Puppet Labs
# rpm -ivh http://yum.puppetlabs.com/el/6.5/products/x86_64/puppetlabs-release-6-12.noarch.rpm 安装Puppet和facter
# yum install puppet facter

二、puppet配置及证书签收

1)客户端和服务端分别做host主机映射(或者做内网DNS解析)
192.168.1.10 puppet01.wang.com #服务端
192.168.1.11 puppet02.wang.com #客户端 2)在客服端的puppet.conf配置文件里
[root@puppet02 ~]# cat /etc/puppet/puppet.conf
[main]
server=puppet01.wang.com
...... 3)分别启动puppet服务(注意服务端和客户端的iptables防火墙最好关闭,如果开启的话,要记得开放puppet端口8140的访问)
服务端
[root@puppet01 ~]# /etc/init.d/puppetmaster start 客服端
[root@puppet02 ~]# /etc/init.d/puppet start 4)自动注册证书配置
服务端
[root@puppet01 ~]# cat /etc/puppet/puppet.conf
[main]
......
autosign = true
autosign = /etc/puppet/autosign.conf [root@puppet01 ~]# cat /etc/puppet/autosign.conf #创建自动注册配置文件,下面表示对所有主机的注册进行签收
* [root@puppet01 ~]# /etc/init.d/puppetmaster restart 客户端进行注册
[root@puppet02 ~]# puppet agent --test --server=puppet01.wang.com
Notice: Ignoring --listen on onetime run
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for puppet02.wang.com
Info: Applying configuration version '1501320900'
Notice: Finished catalog run in 0.42 seconds 服务端发现已经自动签收了证书
[root@puppet01 ~]# puppet cert --list --all
+ "puppet01.wang.com" (SHA256) 3E:99:64:73:14:D5:BA:01:62:2F:53:62:A6:07:55:AB:BA:BE:70:6E:7E:60:7A:81:41:10:63:78:C0:FD:E4:56 (alt names: "DNS:puppet", "DNS:puppet.wang.com", "DNS:puppet01.wang.com")
+ "puppet02.wang.com" (SHA256) A4:EF:73:62:3A:DD:F9:2E:E4:12:8F:2E:AE:90:96:43:95:7A:4C:9F:38:02:44:B7:81:C5:08:B5:16:95:42:0B

三、puppet自动化管理配置

在puppet master服务端进行puppet管理条目的配置,配置好之后,这些条目会被发送到puppet agent节点机器上,并被应用到agent节点机器上(即puppet master的"推"操作)。如果agent节点机器以守护进程方式运行,
它会默认每隔30分钟连接一次,并检查自己所在主机的配置是否发生了变化或者增加了新的配置。可以通过修改agent上/etc/puppet/puppet.conf文件中的runinterval项来修改这个时间间隔,比如修改时间间隔为1小时
"runinterval = 3600"。同时,agent节点机器也可以通过cron进行定时任务的主动连接(即puppet agent的"拉"操作),
结合master和agent的一"推"一"拉"的操作。 1)在puppet master端进行配置
[root@puppet01 puppet]# ll
total 36
-rw-r--r-- 1 root root 4178 Jul 29 16:25 auth.conf
-rw-r--r-- 1 root root 2 Jul 29 16:25 autosign.conf
drwxr-xr-x 3 root root 4096 Jul 29 16:25 environments
-rw-r--r-- 1 root root 1462 Jul 29 16:25 fileserver.conf
drwxr-xr-x 2 root root 4096 Jul 29 17:22 manifests
drwxr-xr-x 13 root root 4096 Jul 29 17:03 modules
-rw-r--r-- 1 root root 915 Jul 29 16:25 puppet.conf 先创建模块可以手动创建,也可以通过命令创建,不过要修改模块名称。
[root@puppet01 puppet]# cd modules/
[root@puppet01 modules]# puppet module generate propupet-ssh #命令行创建模块的命令。模块名称格式"puppet-模块名""
[root@puppet01 modules]# mv propupet-ssh ssh #修改为ssh模块 或者手动创建模块
[root@puppet01 modules]# mkdir ssh #不过还要手动创建模块下的目录结构
[root@puppet01 modules]# mkdir ssh/files #保存模块需要用到的文件
[root@puppet01 modules]# mkdir ssh/manifests #puppet配置文件的存放目录
[root@puppet01 modules]# mkdir ssh/templates #保存模块中用到的模板 modules模块配置好之后,要在/etc/puppet/manifests/site.pp清单文件中进行引用(如下最后会提到)。 2)参考下面几个模块的配置:
[root@puppet01 modules]# pwd
/etc/puppet/modules --------------------ssh安装管理模块--------------------
[root@puppet01 manifests]# cd /etc/puppet/modules/ssh
[root@puppet01 ssh]# cd manifests/
[root@puppet01 manifests]# ls
config.pp init.pp install.pp service.pp
[root@puppet01 manifests]# cat init.pp
class ssh {
class { '::ssh::install':} ->
class { '::ssh::config':} ->
class { '::ssh::service':} ->
Class['ssh']
}
[root@puppet01 manifests]# cat install.pp
class ssh::install {
package { "openssh": #安装包名为openssh
ensure => present, #保证该包被安装
}
}
[root@puppet01 manifests]# cat config.pp
class ssh::config {
file { "/etc/ssh/sshd_config": #ssh诸如端口、用户名、密码登录的控制都可以事先放在模块的files下的sshd_config文件了,然后利用puppet同步到目标机器上。修改后会自动重启sshd(service类里会自动重启)
ensure => present,
owner => 'root',
group => 'root',
mode => 0600,
source => "puppet:///modules/ssh/sshd_config", #即sshd_config文件存放在/etc/puppet/modules/ssh/files目录下。注意files目录不写在路径中。
require => Class["ssh::install"], #该文件资源存在的前提条件
notify => Class["ssh::service"], #该文件资源存在后通知ssh::service类
}
}
[root@puppet01 manifests]# cat service.pp
class ssh::service {
service { "sshd":
ensure => running,
hasstatus => true,
hasrestart =>true,
enable => true,
require => Class["ssh::config"],
}
} [root@puppet01 manifests]# ls ../files/sshd_config
../files/sshd_config --------------------DNS配置管理--------------------
[root@puppet ~]# cd /etc/puppet/modules/dns/
[root@puppet dns]# ls
files manifests
[root@puppet dns]# cd manifests/
[root@puppet manifests]# ls
config.pp init.pp restart.pp setup.pp
[root@puppet manifests]# cat init.pp
class dns {
include dns::config
include dns::setup
include dns::restart
}
[root@puppet manifests]# cat config.pp
class dns::config {
file { "/etc/named":
ensure => directory,
source => "puppet:///modules/dns/pro-dns/DNS/etc/named",
recurse => true,
} file { "/var/named":
ensure => directory,
source =>"puppet:///modules/dns/pro-dns/DNS/var/named",
recurse => true,
}
} [root@puppet manifests]# cat setup.pp
class dns::setup {
exec {"Set permissions of etc-named":
cwd => "/etc",
command => "/bin/chown -R root.named named",
path =>["/usr/bin:/usr/sbin:/bin:/sbin"],
require => Class["dns::config"],
} exec {"Set permissions of var-named":
cwd => "/var",
command => "/bin/chown -R root.named named && /bin/chown -R named.named named/data/",
path =>["/usr/bin:/usr/sbin:/bin:/sbin"],
require => Class["dns::config"],
} }
[root@puppet manifests]# cat restart.pp
class dns::restart {
exec {"restart named service":
command => "service named restart",
path => ["/usr/bin:/usr/sbin:/bin:/sbin"],
require => Class["dns::config"],
}
} files目录下存放的是DNS的配置文件和正反向解析文件(可以放到gitlab的pro-dns项目的DNS目录下,通过git clone下载)
[root@puppet manifests]# cd ../files/
[root@puppet files]# ls
pro-dns
[root@puppet files]# ls pro-dns/DNS/
etc var
[root@puppet files]# ls pro-dns/DNS/etc/named/
named.conf
[root@puppet files]# ls pro-dns/DNS/var/named/
192.168.10.zone 192.168.16.zone 192.168.32.zone 192.168.33.zone 192.168.34.zone 192.168.64.zone 192.168.8.zone wangshibo.cn --------------------java7安装管理模块--------------------
[root@puppet01 java7]# cd manifests/
[root@puppet01 manifests]# ls
init.pp install.pp
[root@puppet01 manifests]# cat init.pp
class java7 {
include java7::install
}
[root@puppet01 manifests]# cat install.pp
class java7::install {
file { "/data/software/java-jdk7_install.sh": #文件资源
source => "puppet:///modules/java7/java-jdk7_install.sh",
owner => root,
group => root,
mode => 0755
} exec { "install jdk": #命令资源
cwd => "/data/software",
command => "/bin/bash java-jdk7_install.sh",
user => "root",
group => "root",
path =>["/usr/bin:/usr/sbin:/bin:/sbin"],
creates =>"/usr/java/jdk1.7.0_80", #当/usr/java/jdk1.7.0_80文件存在时,不执行该命令。只有当不存在时执行!
require =>File["/data/software/java-jdk7_install.sh"] #该命令资源执行的前提条件
}
}
[root@puppet01 manifests]# cd ../files/
[root@puppet01 files]# ll
total 4
-rwxr-xr-x 1 root root 756 Jul 29 16:25 java-jdk7_install.sh
[root@puppet01 files]# cat java-jdk7_install.sh
#!/bin/bash /bin/rpm -qa|grep jdk|xargs rpm -e # install jdk7
/bin/rpm -ivh http://yum.wang.com/software/jdk-7u80-linux-x64.rpm # set env
NUM=`cat /etc/profile|grep "JAVA_HOME"|wc -l`
JDK=`cat /etc/profile|grep "JAVA_HOME="|cut -d"=" -f2|awk -F"/" '{print $4}'`
if [ $NUM -ne 0 ];then
/bin/sed -i 's#'$JDK'#jdk1.7.0_80#g' /etc/profile
else
echo "JAVA_HOME=/usr/java/jdk1.7.0_80" >> /etc/profile
echo "JAVA_BIN=/usr/java/jdk1.7.0_80/bin" >> /etc/profile
echo "PATH=/usr/lib64/qt-3.3/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin:/bin" >> /etc/profile
echo "CLASSPATH=.:/lib/dt.jar:/lib/tools.jar" >> /etc/profile
echo "export JAVA_HOME JAVA_BIN PATH CLASSPATH" >> /etc/profile
fi source /etc/profile --------------------java8安装管理模块--------------------
[root@puppet01 files]# cd /etc/puppet/modules/java8
[root@puppet01 java8]# ls
files manifests
[root@puppet01 java8]# cd manifests/
[root@puppet01 manifests]# ls
init.pp install.pp
[root@puppet01 manifests]# cat init.pp
class java8 {
include java8::install
}
[root@puppet01 manifests]# cat install.pp
class java8::install {
file { "/data/software/java-jdk8_install.sh":
source => "puppet:///modules/java8/java-jdk8_install.sh",
owner => root,
group => root,
mode => 0755
} exec { "install jdk":
cwd => "/data/software",
command => "/bin/bash java-jdk8_install.sh",
user => "root",
group => "root",
path =>["/usr/bin:/usr/sbin:/bin:/sbin"],
creates =>"/usr/java/jdk1.8.0_131",
require =>File["/data/software/java-jdk8_install.sh"]
}
}
[root@puppet01 manifests]# cat ../files/java-jdk8_install.sh
#!/bin/bash /bin/rpm -qa|grep jdk|xargs rpm -e # install jdk8 jdk7
/bin/rpm -ivh http://yum.wang.com/software/jdk-8u131-linux-x64.rpm # set env
NUM=`cat /etc/profile|grep "JAVA_HOME"|wc -l`
JDK=`cat /etc/profile|grep "JAVA_HOME="|cut -d"=" -f2|awk -F"/" '{print $4}'`
if [ $NUM -ne 0 ];then
/bin/sed -i 's#'$JDK'#jdk1.8.0_131#g' /etc/profile
else
echo "JAVA_HOME=/usr/java/jdk1.8.0_131" >> /etc/profile
echo "JAVA_BIN=/usr/java/jdk1.8.0_131/bin" >> /etc/profile
echo "PATH=/usr/lib64/qt-3.3/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin:/bin" >> /etc/profile
echo "CLASSPATH=.:/lib/dt.jar:/lib/tools.jar" >> /etc/profile
echo "export JAVA_HOME JAVA_BIN PATH CLASSPATH" >> /etc/profile
fi source /etc/profile --------------------tomcat8安装管理模块--------------------
[root@puppet01 manifests]# cd /etc/puppet/modules/tomcat8/
[root@puppet01 tomcat8]# ls
files manifests
[root@puppet01 tomcat8]# cd manifests/
[root@puppet01 manifests]# ls
init.pp install.pp
[root@puppet01 manifests]# cat init.pp
class tomcat8 {
include tomcat8::install
} [root@puppet01 manifests]# cat install.pp
class tomcat8::install {
file { "/data/software/apache-tomcat-8.5.15.tar.gz":
source =>"puppet:///modules/tomcat8/apache-tomcat-8.5.15.tar.gz",
owner => "root",
group => "root",
mode => 755
} exec {"install tomcat":
cwd => "/data/software",
command => "/bin/tar -zvxf apache-tomcat-8.5.15.tar.gz && mv apache-tomcat-8.5.15 /data/tomcat",
user => "root",
group => "root",
path =>["/usr/bin:/usr/sbin:/bin:/sbin"],
creates => "/data/tomcat",
require => File["/data/software/apache-tomcat-8.5.15.tar.gz"]
}
}
[root@puppet01 manifests]# ls ../files/
apache-tomcat-8.5.15.tar.gz --------------------nginx安装管理模块--------------------
[root@puppet01 manifests]# cd /etc/puppet/modules/nginx/
[root@puppet01 nginx]# ls
files manifests
[root@puppet01 nginx]# cd manifests/
[root@puppet01 manifests]# ls
init.pp install.pp
[root@puppet01 manifests]# cat init.pp
class nginx {
include nginx::install
}
[root@puppet01 manifests]# cat install.pp
class nginx::install {
file { "/data/software/nginx1.10_install.sh":
source =>"puppet:///modules/nginx/nginx1.10_install.sh",
owner => "root",
group => "root",
mode => 755
} exec {"install nginx":
cwd => "/data/software",
command => "/bin/bash -x nginx1.10_install.sh",
user => "root",
group => "root",
path =>["/usr/bin:/usr/sbin:/bin:/sbin"],
creates => "/data/nginx/conf/nginx.conf",
require => File["/data/software/nginx1.10_install.sh"]
}
}
[root@puppet01 manifests]# cat ../files/nginx1.10_install.sh
#!/bin/bash
#基础环境准备
/usr/sbin/groupadd -r nginx
/usr/sbin/useradd -r -g nginx -s /bin/false -M nginx
/usr/bin/yum install -y pcre pcre-devel openssl openssl-devel gcc #编译安装nginx1.10
cd /data/software/
/usr/bin/wget http://yum.wang.com/software/nginx-1.10.3.tar.gz
/bin/tar -zvxf nginx-1.10.3.tar.gz
cd nginx-1.10.3
./configure --prefix=/data/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_flv_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre
make && make install #配置nginx
cp /data/nginx/conf/nginx.conf /data/nginx/conf/nginx.conf.bak
> /data/nginx/conf/nginx.conf cat > /data/nginx/conf/nginx.conf << EOF
user nobody;
worker_processes 8; #error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info; events {
worker_connections 65535;
} http {
server_tokens off;
include mime.types;
default_type application/octet-stream;
charset utf-8; log_format main '$http_x_forwarded_for $remote_addr $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_cookie" $host $request_time';
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65; fastcgi_connect_timeout 3000;
fastcgi_send_timeout 3000;
fastcgi_read_timeout 3000;
fastcgi_buffer_size 256k;
fastcgi_buffers 8 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_intercept_errors on; client_header_timeout 600s;
client_body_timeout 600s; client_max_body_size 100m;
client_body_buffer_size 256k;
## support more than 15 test environments server_names_hash_max_size 512; server_names_hash_bucket_size 128;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_comp_level 9;
gzip_types text/plain application/x-javascript text/css application/xml text/javascript application/x-httpd-php;
gzip_vary on; include vhosts/*.conf;
}
EOF /bin/mkdir /data/nginx/conf/vhosts cat > /data/nginx/conf/vhosts/test.conf << EOF
server {
listen 80;
server_name localhost;
access_log logs/access.log;
error_log logs/error.log; location / {
root html;
index index.php index.html index.htm;
}
}
EOF /data/nginx/sbin/nginx --------------------motd文件管理模块--------------------
[root@puppet01 manifests]# cd /etc/puppet/modules/motd/
[root@puppet01 motd]# ls
files manifests
[root@puppet01 motd]# cd manifests/
[root@puppet01 manifests]# ls
config.pp init.pp install.pp
[root@puppet01 manifests]# cat init.pp
class motd {
include motd::config
include motd::install
}
[root@puppet01 manifests]# cat install.pp
class motd::install {
package{'setup':
ensure => present,
}
}
[root@puppet01 manifests]# cat config.pp
class motd::config {
file { "/etc/motd":
ensure => present,
owner => "root",
group => "root",
mode => 0644,
source => "puppet:///modules/motd/motd",
require => Class["motd::install"],
}
}
[root@puppet01 manifests]# ls ../files/motd
../files/motd --------------------dns文件管理模块--------------------
[root@puppet01 manifests]# cd /etc/puppet/modules/dns/
[root@puppet01 dns]# ls
files manifests
[root@puppet01 dns]# cd manifests/
[root@puppet01 manifests]# ls
config.pp init.pp
[root@puppet01 manifests]# cat init.pp
class dns {
include dns::config
}
[root@puppet01 manifests]# cat config.pp
class dns::config {
file { "/etc/resolv.conf":
ensure => present,
owner => "root",
group => "root",
mode => 0644,
source => "puppet:///modules/dns/resolv.conf",
}
}
[root@puppet01 manifests]# cat ../files/resolv.conf
search wang.com
nameserver 192.168.1.27
nameserver 192.168.1.28 --------------------chrony时间同步文件管理模块--------------------
[root@puppet01 manifests]# cd /etc/puppet/modules/chrony/
[root@puppet01 chrony]# ls
files manifests
[root@puppet01 chrony]# cd manifests/
[root@puppet01 manifests]# ls
init.pp install.pp
[root@puppet01 manifests]# cat init.pp
class chrony {
include chrony::install
}
[root@puppet01 manifests]# cat install.pp
class chrony::install {
file { "/data/software/chrony.sh":
source =>"puppet:///modules/chrony/chrony.sh",
owner => "root",
group => "root",
mode => 755
} exec {"install chrony":
cwd => "/data/software",
command => "/bin/bash -x chrony.sh",
user => "root",
group => "root",
path =>["/usr/bin:/usr/sbin:/bin:/sbin"],
creates => "/etc/chrony.conf",
require => File["/data/software/chrony.sh"]
}
}
[root@puppet01 manifests]# cat ../files/chrony.sh
#!/bin/bash
/etc/init.d/ntpd stop
/usr/bin/yum install chrony -y
cp /etc/chrony.conf /etc/chrony.conf.bak
rm -f /etc/chrony.conf
wget http://yum.wang.com/software/chrony.conf
cp -f chrony.conf /etc/
/etc/init.d/chronyd start
/usr/bin/chronyc sources -v --------------------yum文件管理模块--------------------
[root@puppet01 manifests]# cd /etc/puppet/modules/yum/
[root@puppet01 yum]# ls
files manifests
[root@puppet01 yum]# cd manifests/
[root@puppet01 manifests]# ls
config.pp init.pp
[root@puppet01 manifests]# cat init.pp
class yum {
include yum::config
}
[root@puppet01 manifests]# cat config.pp
class yum::config {
file { "/data/software/yum.sh":
source => "puppet:///modules/yum/yum.sh",
owner => "root",
group => "root",
mode => 0755,
} exec { "set yum":
cwd => "/data/software",
command => "/bin/bash yum.sh",
user => "root",
group => "root",
path =>["/usr/bin:/usr/sbin:/bin:/sbin"],
unless => "grep mirrors.wang.com /etc/yum.repos.d/CentOS-Base.repo", #当这个结果为假的时候才执行这个命令。如果结果为真,就停止执行这个命令。
require =>File["/data/software/yum.sh"]
}
} [root@puppet01 manifests]# cat ../files/yum.sh
#!/bin/bash rm -f /etc/yum.repos.d/*.repo wget http://yum.wang.com/software/CentOS-Base.repo -O /etc/yum.repos.d/CentOS-Base.repo
wget http://yum.wang.com/software/epel.repo -O /etc/yum.repos.d/epel.repo
#wget http://yum.wang.com/software/mongodb.repo yum clean all
yum makecache --------------------resolv文件管理模块--------------------
[root@puppet ~]# ls /etc/puppet/modules/
chrony dns java7 java8 motd nginx postfix resolv ssh sudo tomcat8 yum
[root@puppet ~]# cd /etc/puppet/modules/resolv/manifests/
[root@puppet manifests]# ls
config.pp init.pp
[root@puppet manifests]# cat init.pp
class resolv {
include resolv::config
}
class resolv01 {
include resolv::dns01
}
class resolv02 {
include resolv::dns02
}
[root@puppet manifests]# cat config.pp
class resolv::config {
file { "/etc/resolv.conf":
source => "puppet:///modules/resolv/resolv.conf",
ensure => "present",
owner => "root",
group => "root",
mode => 0644,
}
} [root@puppet manifests]# cat ../files/resolv.conf
search wang.com
nameserver 192.168.1.27
nameserver 192.168.1.28
options timeout:1
options attempts:1 --------------------postfix安装管理模块--------------------
[root@puppet01 manifests]# cd /etc/puppet/modules/postfix/
[root@puppet01 postfix]# ls manifests/
config.pp init.pp install.pp service.pp
[root@puppet01 postfix]# ls files/
master.cf
[root@puppet01 postfix]# ls templates/
main.cf.erb
[root@puppet01 postfix]# cat manifests/init.pp
class postfix {
include postfix::install
include postfix::config
include postfix::service
}
[root@puppet01 postfix]# cat manifests/install.pp
class postfix::install {
package { ["postfix","mailx" ]:
ensure => present,
}
}
[root@puppet01 postfix]# cat manifests/config.pp
class postfix::config {
File {
owner => 'postfix',
group => 'postfix',
mode => 0644,
} file {'/etc/postfix/master.cf':
ensure => present,
source => 'puppet:///modules/postfix/master.cf',
require => Class['postfix::install'],
notify => Class['postfix::service'],
} file {'/etc/postfix/main.cf':
ensure => present,
content => template('postfix/main.cf.erb'),
require => Class['postfix::install'],
notify => Class['postfix::service'],
}
}
[root@puppet01 postfix]# cat manifests/service.pp
class postfix::service {
service { 'postfix':
ensure => running,
hasstatus => true,
hasrestart => true,
enable => true,
require => Class['postfix::config'],
}
} [root@puppet01 postfix]# cat templates/main.cf.erb
soft_bounce = no
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
myhostname = <%= @hostname %>
mydomain = <%= @domain %>
myorigin = $mydomain
mydestination = $myhostname,localhost.$mydomain,localhost,$mydomain
unknown_local_recipient_reject_code = 550
relay_domains = $mydestination
smtpd_reject_unlisted_recipient = yes
unverified_recipient_reject_code = 500
smtpd_banner = $myhostname ESMTP
setgid_group = postdrop [root@puppet01 postfix]# ls files/master.cf
files/master.cf #注意:模板里的变量通过ERB语法从Facter的fact中获取值。fact的名称放在有<%=和%>组成的ERB括号里,在Puppet运行时,它们将被替代为Fact的实际值(即agent端的实际值)。 -------------------------------------------------------------------------------------------------- 然后在/etc/puppet/manifests/site.pp清单文件中引用这些类:
[root@puppet manifests]# cat /etc/puppet/manifests/site.pp
class base {
include chrony
include java8
include tomcat8
include nginx
include yum
include resolv
} node 'puppet02.bkjk.cn' {
include dns
include yum
} node 'dns01' {
#include dns
include yum
include ssh
include resolv
} node 'dns02' {
#include dns
include yum
include ssh
include resolv
} node 'mirrors' {
include yum
include ssh
include resolv
} 上面的dns01、dns02、mirrors都是通过内网DNS解析的。
[root@puppet manifests]# ping mirrors
PING mirrors.wang.com (192.168.1.240) 56(84) bytes of data.
64 bytes from yum.wang.com (192.168.1.240): icmp_seq=1 ttl=64 time=0.889 ms
...... -------------------------------------------------------------------------------------------------- 最后在puppet agent端连接puppet master,进行应用同步管理。
[root@puppet02 ~]# puppet agent --test --server=puppet01.wang.com
Notice: Ignoring --listen on onetime run
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for puppet02.wang.com
Info: Applying configuration version '1501429243'
Notice: /Stage[main]/Chrony::Install/File[/data/software/chrony.sh]/ensure: defined content as '{md5}fe7f9787a7cae33ed0e00c26f880b145'
Notice: /Stage[main]/Chrony::Install/Exec[install chrony]/returns: executed successfully
........ 执行成功后,在puppet agent节点机器上进行验证。后续再对这些应用配置进行管理时,只需在puppet master进行维护操作,puppet agent端会自动进行同步管理的。 ------------------------------------------------------------------------------------------------------
[root@puppet dns]# puppet agent -t #puppet服务端测试连接
[root@puppet dns]# puppet agent --help 配置说明:
class source::exec2{
exec { "install nginx":
cwd =>"/tmp/rhel5/nginx", #目录存在的情况下执行command
command =>"tar -zxvf nginx-0.8.42.tar.gz && cd nginx-0.8.42 &&./configure --user=nginx --group=nginx --prefix=/usr/local/nginx --without-http-cache && make&&make install",
path => ["/usr/bin","/usr/sbin","/bin","/sbin"],
logoutput => on_failure,
unless => "/bin/ls /usr/local/nginx/conf", #命令返回值不为0的情况下执行commond
require => Class[source::file1,source::user]
notify => Class["source::exec3"],
} [root@puppet dns]# /bin/ls /data/nginx/conf/nginx.conf
/data/nginx/conf/nginx.conf
[root@puppet dns]# echo $?
0

手动编写的几个简单的puppet管理配置的更多相关文章

  1. 手动编写一个简单的loadrunner脚本

    loadrunner除了自动录制脚本外,还可以手动编写脚本,通过右键+inset step添加步骤,还可以手动添加事务,集合点等 下面是一个简单的Action脚本,服务是运行在本机的flask服务: ...

  2. NATS_08:NATS客户端Go语言手动编写

    NATS客户端    一个NATS客户端是基于NATS服务端来说既可以是一个生产数据的也可以是消费数据的.生产数据的叫生产者英文为 publishers,消费数据的叫消费者英文为 subscriber ...

  3. katalon系列五:使用Katalon Studio手动编写WEB自动化脚本

    上一篇主要讲了怎么录制脚本,这次我们看看怎么手动编写脚本,接下来就编写一个简单的用百度搜索的脚本. 1.我们先抓取页面上的元素,点击工具栏上的Spy Web按钮(地球上有个绿点),URL输入百度地址, ...

  4. C# 手动编写 DataSet,DataTable 及遍历DataSet中的数据

    一.手动编写DataSet:    有时候不想从数据库导出 DataSet,或者有其他的需要,要将数据库里的DataSet包装成另一个样子,这个时候,了解DataSet的内部结构就非常必要.DataS ...

  5. 性能测试总结工作总结-基于WebService协议脚本 内置函数手动编写

    LoadRunner基于WebService协议脚本 WebService协议脚本有三种生成方式,一种是直接通过LoadRunner导入URL自动解析生成:一种是使用LoadRunner内置函数手动编 ...

  6. 学习LSM(Linux security module)之二:编写并运行一个简单的demo

    各种折腾,经过了一个蛋疼的周末,终于在Ubuntu14.04上运行了一个基于LSM的简单demo程序. 一:程序编写 先简单的看一下这个demo: //demo_lsm.c#include <l ...

  7. 深入浅出 Cocoa 之 Core Data(2)- 手动编写代码

    深入浅出 Cocoa 之 Core Data(2)- 代码示例 罗朝辉(http://blog.csdn.net/kesalin) CC 许可,转载请注明出处 前面详细讲解了 Core Data 的框 ...

  8. puppet的配置

    1时间问题 agent与master端务必要保持时间的一致性,最好使用ntp服务 检查ntp服务是否安装 [root@master-elk ~]# rpm -qa|grep ntp ntpdate-. ...

  9. puppet的配置清单书写

    puppet的配置清单书写 1使用数组,合并同类的 例如你想安装很多软件,如果分开来写的话,很麻烦,不简洁,这时我们可以使用数组来完成 以前我们这样来写 class packages{ package ...

随机推荐

  1. Node.js中文乱码解决方法

  2. Scoop Windows 的命令行安装程序管理工具

    传送门: # 官网 http://scoop.sh/ # github https://github.com/lukesampson/scoop window中快速安装: 必须使用powershell ...

  3. Dos命令讲解

    目录 一.什么是DOS 二.启动DOS的多种方法 三.DOS的内部命令与外部命令 四.系统环境变量讲解 增加Path环境变量路径 常见的系统环境变量 五.常用的运行命令 六.DOS使用技巧 设置CMD ...

  4. 4.9Python数据类型(5)列表(新版)

    前言 列表是一种python类似数组的数据结构,操作灵活,可存储多种类型的数据. 目录 1.列表的基础知识 2.列表的增删改查并操作 3.列表的其他操作 4.基本方法表 (一)列表的基础知识 1.说明 ...

  5. react redux学习之路

    React 自学 chapter one React新的前端思维方式 React的首要思想是通过组件(Component)来开发应用.所谓组件,简单说,指的是能够完成某个特定功能的独立的.可重用的代码 ...

  6. 控件_RadioGroup&&RadioButton(单选按钮)和Toast

    <LinearLayout xmlns:android="http://schemas.android.com/apk/res/android" xmlns:tools=&q ...

  7. HDU 2865 Birthday Toy

    题目链接 题意:n个小珠子组成的正n边形,中间有一个大珠子.有木棍相连的两个珠子不能有相同的颜色,旋转后相同视为相同的方案,求着色方案数. \(\\\) 先选定一种颜色放在中间,剩下的\(k-1\)种 ...

  8. EBS-新增和更新价目表行

    版权声明:本文为博主原创文章.未经博主同意不得转载. https://blog.csdn.net/gh320/article/details/36666133  新增和更新价目表行 --目的:在已 ...

  9. 【转】UEFI是什么?与BIOS的区别在哪里?UEFI详解!

    前几天在帮同事小何笔记本电脑安装64位 Windows 7 的时候,遇到一个从来没有碰到过的问题,使用光盘安装时,提示:Windows无法安装到这个磁盘.选中的磁盘具有MBR分区表.在EFI系统上,W ...

  10. P1004 方格取数-洛谷luogu-dp动态规划

    题目描述 设有N \times NN×N的方格图(N \le 9)(N≤9),我们将其中的某些方格中填入正整数,而其他的方格中则放入数字00.如下图所示(见样例): A 0 0 0 0 0 0 0 0 ...