运维自动化工具---Puppet
案例环境:
-----------------------------------------------------------------
主机 操作系统 IP地址 主要软件
-----------------------------------------------------------------
puppetmaster Centos 6.5 x86_64 192.168.200.131 ruby-*
facter-1.7.1.tar.gz
puppet-2.7.21.tar.gz
----------------------------------------------------------------------------
puppetclient1 Centos 6.5 x86_64 192.168.200.132 ruby-*
facter-1.7.1.tar.gz
puppet-2.7.21.tar.gz
----------------------------------------------------------------------------
puppetclient2 Centos 6.5 x86_64 192.168.200.133 ruby-*
facter-1.7.1.tar.gz
puppet-2.7.21.tar.gz
----------------------------------------------------------------------------
NTP Server Centos 6.5 x86_64 192.168.200.134
================================================================================
案例实施:
setup1: 搭建puppetmaster
1.1 规划服务器主机名
[root@localhost ~]# vi /etc/sysconfig/network
HOSTNAME=master.test.cn
[root@localhost ~]# vi /etc/hosts
192.168.200.131 master.test.cn
192.168.200.132 client.test.cn
192.168.200.133 client133.test.cn
[root@localhost ~]# hostname master.test.cn
[root@localhost ~]# bash
1.2 配置时间服务器NTP Server
1.2.1
[root@localhost ~]# yum -y install ntp
[root@localhost ~]# vi /etc/ntp.conf
添加两行:
server 127.127.1.0
fudge 127.127.1.0 stratum 8
[root@localhost ~]# service ntpd start
正在启动 ntpd: [确定]
[root@localhost ~]# chkconfig ntpd on
1.2.2 puppetmaster作为NTP客户端的配置
[root@master ~]# yum -y install ntp
[root@master ~]# ntpdate 192.168.200.134
7 Jan 22:43:18 ntpdate[3058]: adjust time server 192.168.200.134 offset 0.467919 sec
1.3 安装ruby(注意:Centos的镜像光盘有两张,要做下面的安装,需要将两张盘都挂载,并在*.repo文档中指定路径)
[root@master ~]# yum -y install compat-readline5 ruby*
安装完成后检查ruby的版本
[root@master ~]# ruby -v
ruby 1.8.7 (2011-06-30 patchlevel 352) [x86_64-linux]
1.4 puppet 、facter安装
[root@master ~]# useradd -s /sbin/nologin puppet
通过facter工具分析客户端传输过来的信息。
安装facter:
[root@master ~]# tar xf facter-1.7.1.tar.gz
[root@master ~]# cd facter-1.7.1
[root@master facter-1.7.1]# ruby install.rb
安装puppet:
[root@master facter-1.7.1]# cd
[root@master ~]# tar xf puppet-2.7.21.tar.gz
[root@master ~]# cd puppet-2.7.21
[root@master puppet-2.7.21]# ruby install.rb
安装后的调整:
[root@master puppet-2.7.21]# cp conf/redhat/fileserver.conf /etc/puppet/
[root@master puppet-2.7.21]# cp conf/redhat/puppet.conf /etc/puppet/
[root@master puppet-2.7.21]# cp conf/redhat/server.init /etc/init.d/puppetmaster
[root@master puppet-2.7.21]# chmod +x /etc/init.d/puppetmaster
[root@master puppet-2.7.21]# mkdir /etc/puppet/manifests
[root@master puppet-2.7.21]# mkdir /etc/puppet/modules
puppet服务证书请求与签名:
(注意:在生产环境中iptalbes默认是全部关闭的)
master端配置:
[root@master puppet-2.7.21]# service iptables stop
修改配置文件
[root@master puppet-2.7.21]# vi /etc/puppet/puppet.conf
[main]
# The Puppet log directory.
# The default value is '$vardir/log'.
logdir = /var/log/puppet
# Where Puppet PID files are kept.
# The default value is '$vardir/run'.
rundir = /var/run/puppet
# Where SSL certificates are kept.
# The default value is '$confdir/ssl'.
ssldir = $vardir/ssl
modulepath = /etc/puppet/modules:/usr/share/puppet/modules //添加本行,配置服务器模块路径
[agent]
# The file in which puppetd stores a list of the classes
# associated with the retrieved configuratiion. Can be loaded in
# the separate ``puppet`` executable using the ``--loadclasses``
# option.
# The default value is '$confdir/classes.txt'.
classfile = $vardir/classes.txt
# Where puppetd caches the local configuration. An
# extension indicating the cache format is added automatically.
# The default value is '$confdir/localconfig'.
localconfig = $vardir/localconfig
-----------------------------------------------------------------
启动puppet主程序
[root@master puppet-2.7.21]# /etc/init.d/puppetmaster start
启动 puppetmaster: [确定]
=======================================================================
setup2: 搭建puppetclient1、2
首先配置puppetclient1
2.1 规划服务器主机名
[root@localhost ~]# vi /etc/sysconfig/network
HOSTNAME=client.test.cn
[root@localhost ~]# vi /etc/hosts
192.168.200.131 master.test.cn
192.168.200.132 client.test.cn
192.168.200.133 client133.test.cn
[root@localhost ~]# hostname client.test.cn
[root@localhost ~]# bash
[root@client ~]#
2.2 服务器的时间同步
[root@client ~]# ntpdate 192.168.200.134
8 Jan 21:52:50 ntpdate[3244]: step time server 192.168.200.134 offset -28.886955 sec
2.3 安装ruby
[root@client ~]# yum -y install compat-readline5 ruby*
安装完成后检查ruby的版本
[root@client ~]# ruby -v
ruby 1.8.7 (2011-06-30 patchlevel 352) [x86_64-linux]
2.4 puppet facter安装
[root@client ~]# tar xf facter-1.7.1.tar.gz
[root@client ~]# cd facter-1.7.1
[root@client facter-1.7.1]# ruby install.rb
[root@client facter-1.7.1]# cd
[root@client ~]# tar xf puppet-2.7.21.tar.gz
[root@client ~]# cd puppet-2.7.21
[root@client puppet-2.7.21]# ruby install.rb
安装后的调整:
[root@client puppet-2.7.21]# cp conf/redhat/puppet.conf /etc/puppet/
[root@client puppet-2.7.21]# cp conf/redhat/client.init /etc/init.d/puppetclient
[root@client puppet-2.7.21]# chmod +x /etc/init.d/puppetclient
puppet服务证书请求与签名:
(注意:在生产环境中iptalbes默认是全部关闭的)
[root@client puppet-2.7.21]# service iptables stop
iptables:将链设置为政策 ACCEPT:filter [确定]
iptables:清除防火墙规则: [确定]
iptables:正在卸载模块: [确定]
[root@client puppet-2.7.21]# chkconfig iptables off
[root@client puppet-2.7.21]# iptables -F
[root@client puppet-2.7.21]# setenforce 0
192.168.200.132和192.168.200.133一样,操作如下
修改client配置文件
[root@client puppet-2.7.21]# vi /etc/puppet/puppet.conf
[main]
# The Puppet log directory.
# The default value is '$vardir/log'.
logdir = /var/log/puppet
# Where Puppet PID files are kept.
# The default value is '$vardir/run'.
rundir = /var/run/puppet
# Where SSL certificates are kept.
# The default value is '$confdir/ssl'.
ssldir = $vardir/ssl
server = master.test.cn //添加本行,设置服务器的域名
[agent]
# The file in which puppetd stores a list of the classes
# associated with the retrieved configuratiion. Can be loaded in
# the separate ``puppet`` executable using the ``--loadclasses``
# option.
# The default value is '$confdir/classes.txt'.
classfile = $vardir/classes.txt
# Where puppetd caches the local configuration. An
# extension indicating the cache format is added automatically.
# The default value is '$confdir/localconfig'.
localconfig = $vardir/localconfig
----------------------------------------------------------------------------
puppetclient2的配置和puppetclient1类似,注意将主机名修改为client133.test.cn
申请与注册:
Client端:
分别在puppetclient1和puppetclient2上进行注册
[root@client ~]# puppet agent --server=master.test.cn --no-daemonize --verbose
info: Creating a new SSL key for client.test.cn
info: Caching certificate for ca
info: Creating a new SSL certificate request for client.test.cn
info: Certificate Request fingerprint (md5): 91:DB:05:67:4E:E7:62:2B:2F:4C:8C:C6:03:48:7B:64
puppet此时在等待任务,但是在server此时可以查看到申请信息
Master端
查看申请注册的客户端
[root@master ~]# puppet cert --list
"client.test.cn" (91:DB:05:67:4E:E7:62:2B:2F:4C:8C:C6:03:48:7B:64)
"client133.test.cn" (CD:EE:80:26:D6:16:C3:D6:9F:7C:DD:14:A0:99:BA:C4)
将未注册的客户端进行注册:
[root@master ~]# puppet cert sign --all
notice: Signed certificate request for client133.test.cn
notice: Removing file Puppet::SSL::CertificateRequest client133.test.cn at '/var/lib/puppet/ssl/ca/requests/client133.test.cn.pem'
notice: Signed certificate request for client.test.cn
notice: Removing file Puppet::SSL::CertificateRequest client.test.cn at '/var/lib/puppet/ssl/ca/requests/client.test.cn.pem'
通过目录去查看已经注册的客户端:
[root@master ~]# ll /var/lib/puppet/ssl/ca/signed/
总用量 12
-rw-r-----. 1 puppet puppet 1911 1月 8 22:21 client133.test.cn.pem
-rw-r-----. 1 puppet puppet 1907 1月 8 22:21 client.test.cn.pem
-rw-r-----. 1 puppet puppet 1976 1月 8 21:48 master.test.cn.pem
==================================================================
此时,客户端已经完成证书的请求与签名。
setup3: 配置实例:
3.1 配置一个测试节点
节点信息:/etc/puppet/manifests/nodes
模块信息:/etc/puppet/modules
实例要求:为了保护linux的ssh端口被爆破,批量修改客户端ssh端口,22 ---> 9922
在master端的操作:
3.1.1 创建需要的必要目录
[root@master ~]# mkdir -p /etc/puppet/modules/ssh/{manifests,templates,files}
[root@master ~]# mkdir /etc/puppet/manifests/nodes
[root@master ~]# mkdir /etc/puppet/modules/ssh/files/ssh
[root@master ~]# chown -R puppet /etc/puppet/modules/
[root@master ~]# ll /etc/puppet/modules/ssh/
总用量 12
drwxr-xr-x. 3 puppet root 4096 1月 8 22:46 files
drwxr-xr-x. 2 puppet root 4096 1月 8 22:46 manifests
drwxr-xr-x. 2 puppet root 4096 1月 8 22:46 templates
3.1.2 创建模块配置文件install.pp
[root@master ~]# vi /etc/puppet/modules/ssh/manifests/install.pp
首先确定客户端安装ssh服务
class ssh::install {
package { "openssh":
ensure => present,
}
}
--------------------------------------------------------------------------
3.1.3 创建模块配置文件config.pp
[root@master ~]# vi /etc/puppet/modules/ssh/manifests/config.pp
class ssh::config {
file { "/etc/ssh/sshd_config": //配置客户端需要同步的文件
ensure => present, //确定客户端此文件存在
owner => "root",
group => "root",
mode => "0600",
source => "puppet://$puppetserver/modules/ssh/ssh/sshd_config",
//从服务器端同步文件
require => Class["ssh::install"],
//调用install.pp确定ssh已经安装
notify => Class["ssh::service"],
//如果config.pp发生变化通知service.pp
}
}
-------------------------------------------------------------------------
3.1.4 创建模块配置文件service.pp,
[root@master ~]# vi /etc/puppet/modules/ssh/manifests/service.pp
class ssh::service {
service { "sshd": //确定ssh运行
ensure => running,
hasstatus => true,
//puppet该服务支持status命令,类似service sshd status
hasrestart => true,
//puppet该服务支持restart命令,类似service sshd restart
enable => true, //服务器是否开机启动
require => Class["ssh::config"] //确认config.pp调用
}
}
--------------------------------------------------------------------------
3.1.5 创建主配置模块文件init.pp
[root@master ~]# vi /etc/puppet/modules/ssh/manifests/init.pp
class ssh {
include ssh::install,ssh::config,ssh::service
}
---------------------------------------------------------
此时/etc/puppet/modules/ssh/manifests有四个文件
[root@master ~]# ll /etc/puppet/modules/ssh/manifests
总用量 16
-rw-r--r--. 1 root root 271 1月 8 22:58 config.pp
-rw-r--r--. 1 root root 60 1月 8 23:05 init.pp
-rw-r--r--. 1 root root 69 1月 8 22:52 install.pp
-rw-r--r--. 1 root root 159 1月 8 23:04 service.pp
-----------------------------------------------------
3.1.6 建立服务器端ssh统一维护文件。
[root@master ~]# cp /etc/ssh/sshd_config /etc/puppet/modules/ssh/files/ssh/
[root@master ~]# chown puppet /etc/puppet/modules/ssh/files/ssh/sshd_config
----------------------------------------------------------------
3.1.7 创建测试节点配置文件,并将ssh加载进去。
[root@master ~]# vi /etc/puppet/manifests/nodes/ssh.pp
node 'client.test.cn' {
include ssh
}
node 'client133.test.cn' {
include ssh
}
-----------------------------------------------
3.1.8 将测试节点载入puppet,即修改site.pp
[root@master ~]# vi /etc/puppet/manifests/site.pp
import "nodes/ssh.pp"
----------------------------------
3.1.9 修改服务器端维护的sshd_config配置文件
[root@master ~]# vi /etc/puppet/modules/ssh/files/ssh/sshd_config
添加一行:
Port 9922
-------------------------------------------------------------------
3.1.10 重启puppet
[root@master ~]# /etc/init.d/puppetmaster restart
停止 puppetmaster: [确定]
启动 puppetmaster: [确定]
-----------------------------------------------------------------------
setup4:测试:
客户端主动拉取
192.168.200.132执行如下命令
[root@client ~]# puppet agent -t
info: Caching catalog for client.test.cn
info: Applying configuration version '1420730314'
notice: /Stage[main]/Ssh::Config/File[/etc/ssh/sshd_config]/content:
--- /etc/ssh/sshd_config 2013-11-23 06:40:03.000000000 +0800
+++ /tmp/puppet-file20150108-4788-pehloa-0 2015-01-08 23:18:36.011709007 +0800
@@ -11,6 +11,7 @@
# default value.
#Port 22
+Port 9922
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
info: FileBucket adding {md5}53ad75eb1f2269d23f6e4228353cbca3
info: /Stage[main]/Ssh::Config/File[/etc/ssh/sshd_config]: Filebucketed /etc/ssh/sshd_config to puppet with sum 53ad75eb1f2269d23f6e4228353cbca3
notice: /Stage[main]/Ssh::Config/File[/etc/ssh/sshd_config]/content: content changed '{md5}53ad75eb1f2269d23f6e4228353cbca3' to '{md5}3a2dee85056976947f1c154af9a0bf35'
info: /Stage[main]/Ssh::Config/File[/etc/ssh/sshd_config]: Scheduling refresh of Class[Ssh::Service]
info: Class[Ssh::Service]: Scheduling refresh of Service[sshd]
notice: /Stage[main]/Ssh::Service/Service[sshd]: Triggered 'refresh' from 1 events
info: Creating state file /var/lib/puppet/state/state.yaml
notice: Finished catalog run in 0.89 seconds
=======================================================================
此时,在客户端已经成功执行。验证如下
[root@client ~]# grep "9922" /etc/ssh/sshd_config
Port 9922
---------------------------------
查看服务器ssh服务是否重启:端口是否生效
[root@client ~]# netstat -anpt |grep ssh
tcp 0 0 0.0.0.0:9922 0.0.0.0:* LISTEN 5075/sshd
tcp 0 52 192.168.200.132:22 192.168.200.102:49606 ESTABLISHED 3167/sshd
tcp 0 0 :::9922 :::* LISTEN 5075/sshd
-----------------------------------------------------------------------------------------------
setup5:服务器推送同步
当大规模部署时采用服务器推送模式。
Client端:
192.168.200.133端修改
5.1 修改配置文件:
[root@client ~]# vi /etc/puppet/puppet.conf
最后添加一行如下:
listen = true //使puppet监听8139端口
[root@client133 ~]# vi /etc/puppet/auth.conf //验证配置文件auth.conf定义一些验证信息及访问权限
最后一行添加如下:
allow * //允许任何服务器端推送
5.2 启动puppet客户端
[root@client133 ~]# /etc/init.d/puppetclient start
启动 puppet: [确定]
------------------------------------------------------------------------
此时,在客户端已经成功执行。验证如下
#Port 22
Port 9922
-----------------------------------------
[root@client133 ~]# netstat -anpt |grep "sshd"
tcp 0 0 0.0.0.0:9922 0.0.0.0:* LISTEN 3675/sshd
tcp 0 52 192.168.200.133:22 192.168.200.102:49614 ESTABLISHED 2274/sshd
tcp 0 0 192.168.200.133:22 192.168.200.102:61164 ESTABLISHED 2182/sshd
tcp 0 0 :::9922 :::* LISTEN 3675/sshd
===================================================================================================
Master端也可以强制推送
[root@master ~]# puppet kick client133.test.cn
Triggering client133.test.cn
Getting status
status is success
client133.test.cn finished with exit code 0
Finished
==========================================================
本文来源:http://www.benet.wang/%E6%9C%8D%E5%8A%A1%E6%90%AD%E5%BB%BA/4.html
运维自动化工具---Puppet的更多相关文章
- Ansible运维自动化工具19个常用模块使用实例【转】
一.模块列表 1.setup 2.ping 3.file 4.copy 5.command 6.shell 7.script 8.cron 9.yum 10.service 11.group 12.u ...
- 使用Chef管理windows集群 | 运维自动化工具
但凡服务器上了一定规模(百台以上),普通的ssh登录管理的模式就越来越举步维艰.试想Linux发布了一个高危漏洞的补丁,你要把手下成百上千台机器都更新该补丁,如果没有一种自动化方式,那么至少要耗上大半 ...
- 运维自动化工具ansible
企业级自动化运维工具应用实战ansible 公司计划在年底做一次大型市场促销活动,全面冲刺下交易额,为明年的上市做准备.公司要求各业务组对年底大促做准备,运维部要求所有业务容量进行三倍的扩容,并搭建出 ...
- Ansible运维自动化工具
1>Ansible 1>ansible简介 ansible是新出现的自动化运维工具,基于Python开发,集合了众多运维工具(puppet.cfengine.chef.func.fabri ...
- 运维自动化工具 Cobbler
简介: 关于操作系统安装方面的自动化,早前我们使用 RedHat 推出的 Kickstart 来批量安装操作系统,近年来 RedHat 又推出一个 Cobbler . Cobbler 使用 Pytho ...
- 运维自动化工具 Kickstart
简介: 批量安装操作系统工具之 Kickstart ,RedHat 早前推出的产品( 不多说了,现在都玩 Cobbler 啦 ). 测试环境:CentOS 6.6 x86_64 minimal 一.安 ...
- Centos7安装配置ansible运维自动化工具
准备至少两台机器 Centos7,这两台机器都关闭 selinux IP:106.13.118.132 服务端(ansible) masterIP:148.70.60.244 节点 slaver 服务 ...
- Centos7搭建ansible运维自动化工具
1)设置主机名和hosts文件 2)配置阿里云repo源 Wget -O /etc/yum.repos.d/aliyun.repo https://mirrors.aliyun.com/repo/Ce ...
- Ansible 运维自动化 ( 配置管理工具 )
背景 出差背景,要搞项目的自动化部署.因为只直接对接生产分发,机器又非常多,这样以往使用的bat只能作为应急方案了,还是得考虑使用专业化的工具来做这个事情! 当下有许多的运维自动化工具( 配置管理 ) ...
随机推荐
- iOS常用网络库之AFNetWorking
简介 `AFNetworking`是iOS开发网络API中最常用的第三方库,`github`中的`star`数充分说明了它在iOS开发中第三方库中的江湖地位 github地址:[AFNe ...
- 2016 CCPC 合肥赛区 平行四边形//打铁记录..... 背锅还是我在行 此处@ctr 233
也希望自己记住这些题并不是真的很难很难... 平行四边形... 这个题要两个直线上的两个点和给出点中的两个点组成的平行四边形面积最大. 确定两个点后,发现线上的点随之确定.那么我们解出线上的点 然后求 ...
- fastjson将json字符串转化成bean对象解析出错的检查方法
我的情况是:解析第一层数据成功,解析第二层嵌套的数据失败.如: { "response": { "resultcode": "0", &qu ...
- jQuery与Ajax的应用——《锋利的jQuery》(第2版)读书笔记3
第6章 jQuery与Ajax的应用 jQuery对Ajax操作进行了封装,在jQuery中$.ajax()方法属于最底层的方法,第2层是load().$.get()和$.post()方法,第3层是$ ...
- redis对比其余数据库
Redis属于常见的NoSQL数据库或者说非关系数据库:Redis不使用表,她的数据库也不会预定义或者强制去要求用户对Redis存储的不同数据进行关联. 常见数据库对比: 和高性能键值缓存服务器mem ...
- jQuery实现折叠下拉效果
<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8" ...
- 接入百度语音SDK的步骤
1.导入依赖库 SystemConfiguration.framework AudioToolbox.framework UIkit.framework AVFoundation.framework ...
- C# Winform学习--- 实现石头剪刀布的游戏
本文使用winform实现简单的石头剪刀布的游戏,主要实现,电脑随机出拳,玩家手动点击出拳:实现简易背景图片3秒切换:简易统计信息. 1.效果图 2.实现代码 新建一个windows窗体程序,用数字1 ...
- HTTP 错误 403.14–Forbidden错误解决
运行环境:开发环境:Windows7旗舰版64bit.VisualStudio2008 With SP1.ArcEngine10.0.NetFrameWork4.0.IIS7和C#开发语言. 问题描述 ...
- 网络-->监控-->OID-->BGP
说明:暂时发现只适合cisco设备,h3c的交换机只支持部分OID(支持版本.AS号.ROUTER-ID)