案例环境:
-----------------------------------------------------------------
主机  操作系统   IP地址  主要软件
-----------------------------------------------------------------
puppetmaster Centos 6.5 x86_64 192.168.200.131 ruby-* 
       facter-1.7.1.tar.gz
       puppet-2.7.21.tar.gz
----------------------------------------------------------------------------
puppetclient1 Centos 6.5 x86_64 192.168.200.132 ruby-* 
       facter-1.7.1.tar.gz
       puppet-2.7.21.tar.gz
----------------------------------------------------------------------------
puppetclient2 Centos 6.5 x86_64 192.168.200.133 ruby-* 
       facter-1.7.1.tar.gz
       puppet-2.7.21.tar.gz
----------------------------------------------------------------------------
NTP Server Centos 6.5 x86_64 192.168.200.134 
================================================================================
案例实施:
setup1: 搭建puppetmaster
1.1 规划服务器主机名
[root@localhost ~]# vi /etc/sysconfig/network
HOSTNAME=master.test.cn
[root@localhost ~]# vi /etc/hosts
192.168.200.131 master.test.cn
192.168.200.132 client.test.cn
192.168.200.133 client133.test.cn
[root@localhost ~]# hostname master.test.cn
[root@localhost ~]# bash
1.2 配置时间服务器NTP Server
1.2.1
[root@localhost ~]# yum -y install ntp
[root@localhost ~]# vi /etc/ntp.conf 
添加两行:
server 127.127.1.0
fudge 127.127.1.0 stratum 8
[root@localhost ~]# service ntpd start
正在启动 ntpd:                                            [确定]
[root@localhost ~]# chkconfig ntpd on
1.2.2 puppetmaster作为NTP客户端的配置
[root@master ~]# yum -y install ntp
[root@master ~]# ntpdate 192.168.200.134
 7 Jan 22:43:18 ntpdate[3058]: adjust time server 192.168.200.134 offset 0.467919 sec
1.3 安装ruby(注意:Centos的镜像光盘有两张,要做下面的安装,需要将两张盘都挂载,并在*.repo文档中指定路径)
[root@master ~]# yum -y install compat-readline5 ruby*
安装完成后检查ruby的版本
[root@master ~]# ruby -v
ruby 1.8.7 (2011-06-30 patchlevel 352) [x86_64-linux]
1.4 puppet 、facter安装
[root@master ~]# useradd -s /sbin/nologin puppet
通过facter工具分析客户端传输过来的信息。
安装facter:
[root@master ~]# tar xf facter-1.7.1.tar.gz 
[root@master ~]# cd facter-1.7.1
[root@master facter-1.7.1]# ruby install.rb 
安装puppet:
[root@master facter-1.7.1]# cd
[root@master ~]# tar xf puppet-2.7.21.tar.gz 
[root@master ~]# cd puppet-2.7.21
[root@master puppet-2.7.21]# ruby install.rb 
安装后的调整:
[root@master puppet-2.7.21]# cp conf/redhat/fileserver.conf /etc/puppet/
[root@master puppet-2.7.21]# cp conf/redhat/puppet.conf /etc/puppet/
[root@master puppet-2.7.21]# cp conf/redhat/server.init /etc/init.d/puppetmaster
[root@master puppet-2.7.21]# chmod +x /etc/init.d/puppetmaster 
[root@master puppet-2.7.21]# mkdir /etc/puppet/manifests
[root@master puppet-2.7.21]# mkdir /etc/puppet/modules
puppet服务证书请求与签名:
(注意:在生产环境中iptalbes默认是全部关闭的)
master端配置:
[root@master puppet-2.7.21]# service iptables stop
修改配置文件
[root@master puppet-2.7.21]# vi /etc/puppet/puppet.conf 
[main]
    # The Puppet log directory.
    # The default value is '$vardir/log'.
    logdir = /var/log/puppet
    # Where Puppet PID files are kept.
    # The default value is '$vardir/run'.
    rundir = /var/run/puppet
    # Where SSL certificates are kept.
    # The default value is '$confdir/ssl'.
    ssldir = $vardir/ssl
    modulepath = /etc/puppet/modules:/usr/share/puppet/modules   //添加本行,配置服务器模块路径
[agent]
    # The file in which puppetd stores a list of the classes
    # associated with the retrieved configuratiion.  Can be loaded in
    # the separate ``puppet`` executable using the ``--loadclasses``
    # option.
    # The default value is '$confdir/classes.txt'.
    classfile = $vardir/classes.txt
    # Where puppetd caches the local configuration.  An
    # extension indicating the cache format is added automatically.
 # The default value is '$confdir/localconfig'.
    localconfig = $vardir/localconfig
-----------------------------------------------------------------
启动puppet主程序
[root@master puppet-2.7.21]# /etc/init.d/puppetmaster start
启动 puppetmaster:                                        [确定]
=======================================================================
setup2: 搭建puppetclient1、2
首先配置puppetclient1
2.1 规划服务器主机名
[root@localhost ~]# vi /etc/sysconfig/network
HOSTNAME=client.test.cn
[root@localhost ~]# vi /etc/hosts
192.168.200.131 master.test.cn
192.168.200.132 client.test.cn
192.168.200.133 client133.test.cn
[root@localhost ~]# hostname client.test.cn
[root@localhost ~]# bash
[root@client ~]# 
2.2 服务器的时间同步
[root@client ~]# ntpdate 192.168.200.134
 8 Jan 21:52:50 ntpdate[3244]: step time server 192.168.200.134 offset -28.886955 sec
2.3 安装ruby
[root@client ~]# yum -y install compat-readline5 ruby*
安装完成后检查ruby的版本
[root@client ~]# ruby -v
ruby 1.8.7 (2011-06-30 patchlevel 352) [x86_64-linux]
2.4 puppet facter安装
[root@client ~]# tar xf facter-1.7.1.tar.gz 
[root@client ~]# cd facter-1.7.1
[root@client facter-1.7.1]# ruby install.rb
[root@client facter-1.7.1]# cd
[root@client ~]# tar xf puppet-2.7.21.tar.gz 
[root@client ~]# cd puppet-2.7.21
[root@client puppet-2.7.21]# ruby install.rb
安装后的调整:
[root@client puppet-2.7.21]# cp conf/redhat/puppet.conf /etc/puppet/
[root@client puppet-2.7.21]# cp conf/redhat/client.init /etc/init.d/puppetclient
[root@client puppet-2.7.21]# chmod  +x /etc/init.d/puppetclient
puppet服务证书请求与签名:
(注意:在生产环境中iptalbes默认是全部关闭的)
[root@client puppet-2.7.21]# service iptables stop
iptables:将链设置为政策 ACCEPT:filter                    [确定]
iptables:清除防火墙规则:                                 [确定]
iptables:正在卸载模块:                                   [确定]
[root@client puppet-2.7.21]# chkconfig iptables off
[root@client puppet-2.7.21]# iptables -F
[root@client puppet-2.7.21]# setenforce 0
192.168.200.132和192.168.200.133一样,操作如下
修改client配置文件
[root@client puppet-2.7.21]# vi /etc/puppet/puppet.conf 
[main]
    # The Puppet log directory.
    # The default value is '$vardir/log'.
    logdir = /var/log/puppet
    # Where Puppet PID files are kept.
    # The default value is '$vardir/run'.
    rundir = /var/run/puppet
    # Where SSL certificates are kept.
    # The default value is '$confdir/ssl'.
    ssldir = $vardir/ssl
        server = master.test.cn  //添加本行,设置服务器的域名
[agent]
    # The file in which puppetd stores a list of the classes
    # associated with the retrieved configuratiion.  Can be loaded in
    # the separate ``puppet`` executable using the ``--loadclasses``
    # option.
    # The default value is '$confdir/classes.txt'.
    classfile = $vardir/classes.txt
    # Where puppetd caches the local configuration.  An
    # extension indicating the cache format is added automatically.
    # The default value is '$confdir/localconfig'.
    localconfig = $vardir/localconfig
----------------------------------------------------------------------------
puppetclient2的配置和puppetclient1类似,注意将主机名修改为client133.test.cn
申请与注册:
Client端:
分别在puppetclient1和puppetclient2上进行注册
[root@client ~]# puppet agent --server=master.test.cn --no-daemonize --verbose
info: Creating a new SSL key for client.test.cn
info: Caching certificate for ca
info: Creating a new SSL certificate request for client.test.cn
info: Certificate Request fingerprint (md5): 91:DB:05:67:4E:E7:62:2B:2F:4C:8C:C6:03:48:7B:64
puppet此时在等待任务,但是在server此时可以查看到申请信息
Master端
查看申请注册的客户端
[root@master ~]# puppet cert --list
  "client.test.cn"    (91:DB:05:67:4E:E7:62:2B:2F:4C:8C:C6:03:48:7B:64)
  "client133.test.cn" (CD:EE:80:26:D6:16:C3:D6:9F:7C:DD:14:A0:99:BA:C4)
将未注册的客户端进行注册:
[root@master ~]# puppet cert sign --all
notice: Signed certificate request for client133.test.cn
notice: Removing file Puppet::SSL::CertificateRequest client133.test.cn at '/var/lib/puppet/ssl/ca/requests/client133.test.cn.pem'
notice: Signed certificate request for client.test.cn
notice: Removing file Puppet::SSL::CertificateRequest client.test.cn at '/var/lib/puppet/ssl/ca/requests/client.test.cn.pem'
通过目录去查看已经注册的客户端:
[root@master ~]# ll /var/lib/puppet/ssl/ca/signed/
总用量 12
-rw-r-----. 1 puppet puppet 1911 1月   8 22:21 client133.test.cn.pem
-rw-r-----. 1 puppet puppet 1907 1月   8 22:21 client.test.cn.pem
-rw-r-----. 1 puppet puppet 1976 1月   8 21:48 master.test.cn.pem
==================================================================
此时,客户端已经完成证书的请求与签名。
setup3: 配置实例:
3.1 配置一个测试节点
节点信息:/etc/puppet/manifests/nodes
模块信息:/etc/puppet/modules
实例要求:为了保护linux的ssh端口被爆破,批量修改客户端ssh端口,22 ---> 9922
在master端的操作:
3.1.1 创建需要的必要目录
[root@master ~]# mkdir -p /etc/puppet/modules/ssh/{manifests,templates,files}
[root@master ~]# mkdir /etc/puppet/manifests/nodes
[root@master ~]# mkdir /etc/puppet/modules/ssh/files/ssh
[root@master ~]# chown -R puppet /etc/puppet/modules/
[root@master ~]# ll /etc/puppet/modules/ssh/
总用量 12
drwxr-xr-x. 3 puppet root 4096 1月   8 22:46 files
drwxr-xr-x. 2 puppet root 4096 1月   8 22:46 manifests
drwxr-xr-x. 2 puppet root 4096 1月   8 22:46 templates
3.1.2 创建模块配置文件install.pp
[root@master ~]# vi /etc/puppet/modules/ssh/manifests/install.pp
首先确定客户端安装ssh服务
class ssh::install {
        package { "openssh":
                ensure => present,
        }
}
--------------------------------------------------------------------------
3.1.3 创建模块配置文件config.pp
[root@master ~]# vi /etc/puppet/modules/ssh/manifests/config.pp
class ssh::config {
        file { "/etc/ssh/sshd_config": //配置客户端需要同步的文件
                ensure => present, //确定客户端此文件存在
                owner => "root", 
                group => "root",
                mode => "0600",
                source => "puppet://$puppetserver/modules/ssh/ssh/sshd_config",
     //从服务器端同步文件
                require => Class["ssh::install"],
     //调用install.pp确定ssh已经安装
                notify => Class["ssh::service"],
     //如果config.pp发生变化通知service.pp
        }
}
-------------------------------------------------------------------------
3.1.4 创建模块配置文件service.pp,
[root@master ~]# vi /etc/puppet/modules/ssh/manifests/service.pp
class ssh::service {
        service { "sshd":   //确定ssh运行
                ensure => running,
                hasstatus => true,
  //puppet该服务支持status命令,类似service sshd status
                hasrestart => true,
  //puppet该服务支持restart命令,类似service sshd restart
                enable => true,  //服务器是否开机启动
                require => Class["ssh::config"]  //确认config.pp调用
        }
}
--------------------------------------------------------------------------
3.1.5 创建主配置模块文件init.pp
[root@master ~]# vi /etc/puppet/modules/ssh/manifests/init.pp
class ssh {
        include ssh::install,ssh::config,ssh::service
}
---------------------------------------------------------
此时/etc/puppet/modules/ssh/manifests有四个文件
[root@master ~]# ll /etc/puppet/modules/ssh/manifests
总用量 16
-rw-r--r--. 1 root root 271 1月   8 22:58 config.pp
-rw-r--r--. 1 root root  60 1月   8 23:05 init.pp
-rw-r--r--. 1 root root  69 1月   8 22:52 install.pp
-rw-r--r--. 1 root root 159 1月   8 23:04 service.pp
-----------------------------------------------------
3.1.6 建立服务器端ssh统一维护文件。
[root@master ~]# cp /etc/ssh/sshd_config /etc/puppet/modules/ssh/files/ssh/
[root@master ~]# chown puppet /etc/puppet/modules/ssh/files/ssh/sshd_config
----------------------------------------------------------------
3.1.7 创建测试节点配置文件,并将ssh加载进去。
[root@master ~]# vi /etc/puppet/manifests/nodes/ssh.pp
node 'client.test.cn' {
        include ssh
}
node 'client133.test.cn' {
        include ssh
}
-----------------------------------------------
3.1.8 将测试节点载入puppet,即修改site.pp
[root@master ~]# vi /etc/puppet/manifests/site.pp
import "nodes/ssh.pp"
----------------------------------
3.1.9 修改服务器端维护的sshd_config配置文件
[root@master ~]# vi /etc/puppet/modules/ssh/files/ssh/sshd_config
添加一行:
Port 9922
-------------------------------------------------------------------
3.1.10 重启puppet
[root@master ~]# /etc/init.d/puppetmaster restart
停止 puppetmaster:                                        [确定]
启动 puppetmaster:                                        [确定]
-----------------------------------------------------------------------
setup4:测试:
客户端主动拉取
192.168.200.132执行如下命令
[root@client ~]# puppet agent -t
info: Caching catalog for client.test.cn
info: Applying configuration version '1420730314'
notice: /Stage[main]/Ssh::Config/File[/etc/ssh/sshd_config]/content: 
--- /etc/ssh/sshd_config 2013-11-23 06:40:03.000000000 +0800
+++ /tmp/puppet-file20150108-4788-pehloa-0 2015-01-08 23:18:36.011709007 +0800
@@ -11,6 +11,7 @@
 # default value.
 
 #Port 22
+Port 9922
 #AddressFamily any
 #ListenAddress 0.0.0.0
 #ListenAddress ::
info: FileBucket adding {md5}53ad75eb1f2269d23f6e4228353cbca3
info: /Stage[main]/Ssh::Config/File[/etc/ssh/sshd_config]: Filebucketed /etc/ssh/sshd_config to puppet with sum 53ad75eb1f2269d23f6e4228353cbca3
notice: /Stage[main]/Ssh::Config/File[/etc/ssh/sshd_config]/content: content changed '{md5}53ad75eb1f2269d23f6e4228353cbca3' to '{md5}3a2dee85056976947f1c154af9a0bf35'
info: /Stage[main]/Ssh::Config/File[/etc/ssh/sshd_config]: Scheduling refresh of Class[Ssh::Service]
info: Class[Ssh::Service]: Scheduling refresh of Service[sshd]
notice: /Stage[main]/Ssh::Service/Service[sshd]: Triggered 'refresh' from 1 events
info: Creating state file /var/lib/puppet/state/state.yaml
notice: Finished catalog run in 0.89 seconds
=======================================================================
此时,在客户端已经成功执行。验证如下
[root@client ~]# grep "9922" /etc/ssh/sshd_config 
Port 9922
---------------------------------
查看服务器ssh服务是否重启:端口是否生效
[root@client ~]# netstat -anpt |grep ssh
tcp        0      0 0.0.0.0:9922                0.0.0.0:*                   LISTEN      5075/sshd           
tcp        0     52 192.168.200.132:22          192.168.200.102:49606       ESTABLISHED 3167/sshd           
tcp        0      0 :::9922                     :::*                        LISTEN      5075/sshd  
-----------------------------------------------------------------------------------------------
setup5:服务器推送同步
当大规模部署时采用服务器推送模式。
Client端:
192.168.200.133端修改
5.1 修改配置文件:
[root@client ~]# vi /etc/puppet/puppet.conf 
最后添加一行如下:
listen = true  //使puppet监听8139端口
[root@client133 ~]# vi /etc/puppet/auth.conf  //验证配置文件auth.conf定义一些验证信息及访问权限
最后一行添加如下:
allow *  //允许任何服务器端推送
5.2 启动puppet客户端
[root@client133 ~]# /etc/init.d/puppetclient start
启动 puppet:                                              [确定]
------------------------------------------------------------------------
此时,在客户端已经成功执行。验证如下
#Port 22
Port 9922
-----------------------------------------
[root@client133 ~]# netstat -anpt |grep "sshd"
tcp        0      0 0.0.0.0:9922                0.0.0.0:*                   LISTEN      3675/sshd           
tcp        0     52 192.168.200.133:22          192.168.200.102:49614       ESTABLISHED 2274/sshd           
tcp        0      0 192.168.200.133:22          192.168.200.102:61164       ESTABLISHED 2182/sshd           
tcp        0      0 :::9922                     :::*                        LISTEN      3675/sshd 
===================================================================================================
Master端也可以强制推送
[root@master ~]# puppet kick client133.test.cn
Triggering client133.test.cn
Getting status
status is success
client133.test.cn finished with exit code 0
Finished
==========================================================
本文来源:http://www.benet.wang/%E6%9C%8D%E5%8A%A1%E6%90%AD%E5%BB%BA/4.html

运维自动化工具---Puppet的更多相关文章

  1. Ansible运维自动化工具19个常用模块使用实例【转】

    一.模块列表 1.setup 2.ping 3.file 4.copy 5.command 6.shell 7.script 8.cron 9.yum 10.service 11.group 12.u ...

  2. 使用Chef管理windows集群 | 运维自动化工具

    但凡服务器上了一定规模(百台以上),普通的ssh登录管理的模式就越来越举步维艰.试想Linux发布了一个高危漏洞的补丁,你要把手下成百上千台机器都更新该补丁,如果没有一种自动化方式,那么至少要耗上大半 ...

  3. 运维自动化工具ansible

    企业级自动化运维工具应用实战ansible 公司计划在年底做一次大型市场促销活动,全面冲刺下交易额,为明年的上市做准备.公司要求各业务组对年底大促做准备,运维部要求所有业务容量进行三倍的扩容,并搭建出 ...

  4. Ansible运维自动化工具

    1>Ansible 1>ansible简介 ansible是新出现的自动化运维工具,基于Python开发,集合了众多运维工具(puppet.cfengine.chef.func.fabri ...

  5. 运维自动化工具 Cobbler

    简介: 关于操作系统安装方面的自动化,早前我们使用 RedHat 推出的 Kickstart 来批量安装操作系统,近年来 RedHat 又推出一个 Cobbler . Cobbler 使用 Pytho ...

  6. 运维自动化工具 Kickstart

    简介: 批量安装操作系统工具之 Kickstart ,RedHat 早前推出的产品( 不多说了,现在都玩 Cobbler 啦 ). 测试环境:CentOS 6.6 x86_64 minimal 一.安 ...

  7. Centos7安装配置ansible运维自动化工具

    准备至少两台机器 Centos7,这两台机器都关闭 selinux IP:106.13.118.132 服务端(ansible) masterIP:148.70.60.244 节点 slaver 服务 ...

  8. Centos7搭建ansible运维自动化工具

    1)设置主机名和hosts文件 2)配置阿里云repo源 Wget -O /etc/yum.repos.d/aliyun.repo https://mirrors.aliyun.com/repo/Ce ...

  9. Ansible 运维自动化 ( 配置管理工具 )

    背景 出差背景,要搞项目的自动化部署.因为只直接对接生产分发,机器又非常多,这样以往使用的bat只能作为应急方案了,还是得考虑使用专业化的工具来做这个事情! 当下有许多的运维自动化工具( 配置管理 ) ...

随机推荐

  1. java 的面向对象

    1.java是什么语言: java也属于面向对象编程语言. 2.面向对象的三大特性: 封装 ,继承, 多态. 3.什么是对象: 对象是真实存在的唯一失误. 面向对象的英文是(oop),面向对象的编程思 ...

  2. [题解]USACO 1.3 Wormholes

    Wormholes Farmer John's hobby of conducting high-energy physics experiments on weekends has backfire ...

  3. NGUI 新手引导

    现在我们的游戏已到了开发后期,这个时候需要做新手引导这一块(恶心的新手引导,真想说游戏行业究竟哪个2B最先想出来要引导的???代码搞的到处都是,改了一次又改!) 吐槽过后进入正题:主要还是UI相关的操 ...

  4. NGUI BUG /各种坑

    以下为:NGUI3.6具体使用过程中碰到的 各种BUG /各种坑 备忘 1.UIToggle 使用UIToggle组件实现多个tab标签互斥,如果是在代码中动态的设置显示某个tab标签对应的内容,则需 ...

  5. 【经验】Maven Tomcat8+ 实现自动化部署

    1.配置tomcat-users.xml 首先在Tomcat里配置deploy的用户(tomcat根目录/conf/tomcat-users.xml): <role rolename=" ...

  6. EasyUI中Treegrid节点的删除

    // 删除function removes() {    var rows = ruletreegrid.treegrid('getSelections');    if (rows &&am ...

  7. SQL Server 获取最后一天(指定时间的月最后一天日期)

    /* author OceanHo @ 2015-10-23 10:14:21 获取指定时间字符串指定日期的月最后一天日期 */ IF OBJECT_ID('get_LastDayDate') IS ...

  8. SQL图形化操作设置级联更新和删除

    SQL级联操作设置   对SQL数据库的表,进行级联操作(如级联更新及删除),首先需要设置表的主外键关系,有两种方法:   第一种:   1. 选择你要进行操作的数据库   2. 为你要创建关系的两个 ...

  9. Python Windows环境下安装Python集成开发环境 学习之路(一)

    一.安装下载安装 Python https://www.python.org/ 全部下一步,直接Finish  PyCharm http://www.jetbrains.com/pycharm/ 全部 ...

  10. 关于实现Extjs动态加载类的方式实现

    Extjs4以前的版本没有动态加载类的方式,这样开发程序的时候加载很多的js会导致加载变慢,由于本人一直使用extjs3的版本进行开发,于是简单实现了一个动态加载类的管理器,使用方式与extjs4的方 ...