>

Puppet学习之puppet的装置和布局

- 编辑:乐百家599手机首页 -

Puppet学习之puppet的装置和布局

初步化设定

/etc/rc.d/init.d/puppetmaster start

4.Master透过API将数据发给深入分析工具。报告完全能够因此开放API或与其余系统合而为一。

Linux下安装Puppet

一、计划条件
1、设置主机名和hosts文件
Master
图片 1
Agent
图片 2
2、运转节点ntpd服务
3、制作地点yum酒店 

见那么些链接

4、搭建FTP服务器,提供自定义yum饭店访谈接口

[[email protected] ~]# cat /etc/vsftpd/vsftpd.conf
listen=YES
anonymous_enable=YES
local_enable=YES
write_enable=YES
local_umask=022
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
dirmessage_enable=YES
xferlog_enable=YES
xferlog_file=/etc/vsftpd/vsftpd.log
xferlog_std_format=YES
ftpd_banner=Welcome to Ftp(installed by DQ)
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES

5、将生成好的yum源copy到FTP分享目录中

[root@master ~]# cp -arv /home/puppet /var/ftp/pub/

6、agent上配备远程yum旅舍

[[email protected] ~]# cat /etc/yum.repos.d/puppet.repo 
[CentOS-puppet]
name=puppetlabs epel gems for centos
baseurl=ftp://master.puppet.com/pub/puppet/
enabled=1
gpgcheck=0
priority=1 

测验puppet yum是或不是可用
图片 3

  • 申明puppet安装依赖ruby-shadow和ruby-augeas,ruby相关的软件包通过EPEL源获取,可是要求安装Master和Agent上EPEL源的预先级比自动制作的puppet低,不然puppet会得到EPEL中高版本安装
  • 可参照步骤3,制作地方yum货仓中的设置,这里不再赘言

二、Master端yum安装配置puppet
1、安装Puppet-server、puppet和facter

[root@master ~]# yum install puppet puppet-server facter -y

图片 4
2、配置puppet.conf 注意:配置文件中有七个certname,[master]中布署的certname是为持有节点认证用的master名称,[agent]中配置的certname是其自己agent的名号,当然不安顿暗中认可是和master的称号是同样的。

[[email protected] ~]# cp /etc/puppet/puppet.conf{,.bak}
[[email protected] ~]# cat /etc/puppet/puppet.conf |grep "^s*[^# t].*$"
[main]
    logdir = /var/log/puppet
    rundir = /var/run/puppet
    ssldir = $vardir/ssl #证书存放目录,默认$vardir为/var/lib/puppet
[agent]
    classfile = $vardir/classes.txt
    server = master.puppet.com #设置agent认证连接master端的服务器名称,注意这个名字必须能够被节点解析
    certname = agent.puppet.com #设置agent端certname名称
    localconfig = $vardir/localconfig
[master]
    certname = master.puppet.com #设置puppetmaster认证服务器名

3、创设site.pp文件 site.pp文件是puppet读取全体模块pp文件的起来,在3.0版本从前必需安装,否则服务不能够运行。

[root@master ~]# touch /etc/puppet/manifests/site.pp

4、启动puppetmaster服务

[root@master ~]# /etc/init.d/puppetmaster start
Starting puppetmaster:                                     [  OK  ]

5、查看本地证书意况 puppetmaster第壹回运转会自动生成证书自动注册本人

[[email protected] ~]#  tree /var/lib/puppet/ssl/
/var/lib/puppet/ssl/
├── ca
│   ├── ca_crl.pem
│   ├── ca_crt.pem
│   ├── ca_key.pem
│   ├── ca_pub.pem
│   ├── inventory.txt
│   ├── private
│   │   └── ca.pass
│   ├── requests
│   ├── serial
│   └── signed
│       └── master.puppet.com.pem  #已注册
├── certificate_requests
├── certs
│   ├── ca.pem
│   └── master.puppet.com.pem
├── crl.pem
├── private
├── private_keys
│   └── master.puppet.com.pem
└── public_keys
    └── master.puppet.com.pem

9 directories, 13 files
[[email protected] ~]# puppet cert --list --all
  "master.puppet.com" #带 标示已经注册成功(CF:74:C7:C7:91:DB:F5:82:3A:5E:01:93:E8:23:64:C4) 
  (alt names: "DNS:master.puppet.com", "DNS:puppet", "DNS:puppet.puppet.com")

6、查看监听状态 puppetmaster服务开启后,暗中同意监听TCP 8140端口
图片 5
二、Agent端yum安装配备puppet
1、安装puppet和facter

[root@agent ~]# yum install puppet facter -y

图片 6
2、配置puppet.conf
图片 7
3、agent通过调节和测验形式运转节点向master端发起认证
图片 8
4、master端鲜明认证

[root@master ~]# puppet cert --list --all
[root@master ~]# puppet cert --sign agent.puppet.com
[root@master ~]# tree /var/lib/puppet/ssl/ 

查看认证景况,agent未表达
图片 9
注册agent
图片 10
重复查看认证意况,agent已证实
图片 11
图片 12 

Puppet 学习种类:

Puppet 学习一:安装及简便实例应用

Puppet学习二:简单模块配置和接纳

有关Puppet agent端三种备份复苏方案研商钻探
慎选更安全的点子注册你的Puppet节点
由此配备SSH深切掌握Puppet的语法及专门的学业体制
Puppet利用Nginx多端口达成负载均衡
CentOS(5和6)下Puppet的C/S形式实例

Puppet 的详细介绍:请点这里
Puppet 的下载地址:请点这里

正文恒久更新链接地址:

一、计划条件 1、设置主机名和hosts文件 Master Agent 2、运转节点ntpd服务 3、制作地点yum商旅 见这一个链接 4、搭建FTP服务器,提...

Agent/Master VS Stand-alone

Puppet能够看成Agent/Master的情势也得以用来Stand-alone的情势,后面一个则独自作为单机版本工具的运用,可依赖情状举行选取。

dnsdomainname: Unknown host

3、配置

安装Agent

安装Puppet Agent要求如下步骤:

  • Step 1:rpm -Uvh
  • Step 2:yum install puppet-agent

本子确认

[root@host133 ~]# puppet --version
5.4.0
[root@host133 ~]#

ls -1 /etc/puppet/

Example agent config

配备管理工科具Puppet入门介绍:1 :安装与设定,配置处理puppet

Puppet是安顿管理工科具的一种,那篇文章首要介绍一下Puppet的安装与设定。

vim  /etc/hosts增加如下内容:

puppet agent -test --debug

安装Master

设置Puppet Master须要如下步骤:

  • Step 1: rpm -Uvh
  • Step 2: yum install puppetserver

本子确认

[root@host131 ~]# puppet --version
5.4.0
[root@host131 ~]#

解决办法:服务器端未有配备hosts域名绑定,在hosts中加上。

(1)定义:使用Puppet特定的语言定义基础配置音讯。平日我们把这么些音信写在Modules中。

什么是Puppet

Puppet是puppetlabs出品的布置管理工科具,每年的DORA的DevOps报告正是有puppetlabs牵头做的,puppet作为美好的管理工具,也是可圈可点。通过可读性很好的设定描述音信,能够达成比很多繁杂的效果,比如如下保险软件wget棉被服装置,顾客admin被成立,而不用关系太多具体细节,剩余的付出Agent/Master构成的Puppet来做。

package { 'wget':
  ensure => installed,
}

user { 'admin':
ensure => present,
}

变动多选项能够选取/etc/rc.d/init.d/puppetmaster –h查看

图片 13

启动Puppet master

在master所在节点host131,使用如下命令运行master,当中–debug为出口调节和测量检验消息

[[email protected] ~]# puppet master --no-daemonize --debug
Debug: Applying settings catalog for sections main, master, ssl, metrics
Debug: Evicting cache entry for environment 'production'
Debug: Caching environment 'production' (ttl = 0 sec)
...

Puppet的装置情势支持源码安装、yum安装以及ruby的gem安装。官方网址推荐使用yum来安装puppet,方面随后的升官、管理、维护。Centos能够运用yum来安装,不过Centos的默许源中绝非puppet包,由此须求先安装epel包。Epel是市肆版Linux附加软件包(Extra Packages for Enterprise Linux)的缩写,是二个由特意兴趣小组创制、维护并管理的,针对红帽公司版Linux(LacrosseHEL)会同衍生发行版(举例CentOS、Scientific Linux)的一个高水平附加软件包项目。

A: 改造java vm内部存款和储蓄器设置

启动Agent

在agent所在节点host133,尝试连接host133,因为非缺省设定,可经过server=host131传入设定

[[email protected] ~]# puppet agent --server=host131 --test --debug
Debug: Applying settings catalog for sections main, agent, ssl
Debug: Caching environment 'production' (ttl = 0 sec)
Debug: Evicting cache entry for environment 'production'
Debug: Caching environment 'production' (ttl = 0 sec)
...
Debug: Dynamically-bound port lookup failed; falling back to ca_port setting
Debug: Creating new connection for https://host131:8140
Exiting; no certificate found and waitforcert is disabled
[[email protected] ~]# 

依照提示开采证书设定不得法,所以接下去需求设定服务器侧证书音讯

  1. Agent的配置

puppetserver

安装计划

正文的安装与设定音信如下

IP Hostname OS Puppet软件
192.169.31.131 host131 CentOS7.4 Puppet-server 5.4
192.169.31.133 host133 CentOS7.4 Puppet-agent 5.4

2.   连接master的时候出现如下报错:

  • A puppet-agent "All-in-One" package that installs Puppet, Ruby, Facter, Hiera, and supporting code.
  • A puppetserver package that installs Puppet Server.
  • A puppetdb package that installs PuppetDB.

缺省证书音信

列出脚下阐明音讯,发掘有两张证书,个中当前机械host131的和host133,host133前不带 注解此证书未通过核算。

[[email protected] ~]# puppet cert list -all
  "host133" (SHA256) 52:2A:AE:C0:58:47:B1:C3:8E:BC:80:F5:51:71:6C:46:77:58:00:4C:96:61:6D:FA:4E:AD:59:4B:F6:71:78:4E
  "host131" (SHA256) 0E:2E:2B:22:61:E8:F1:59:3A:E4:92:F9:99:2E:3F:D4:7F:D6:E6:83:21:E0:96:4B:1F:4E:7A:A3:D4:EE:FA:78
[[email protected] ~]#

因为证书host133未通过核查,所以从顾客端host133发过来的测量检验音信不能够通过,使用命令对此证书举行核准和认可

[root@host131 ~]# puppet cert sign host133
Signing Certificate Request for:
  "host133" (SHA256) 52:2A:AE:C0:58:47:B1:C3:8E:BC:80:F5:51:71:6C:46:77:58:00:4C:96:61:6D:FA:4E:AD:59:4B:F6:71:78:4E
Notice: Signed certificate request for host133
Notice: Removing file Puppet::SSL::CertificateRequest host133 at '/etc/puppetlabs/puppet/ssl/ca/requests/host133.pem'
[root@host131 ~]# 
[root@host131 ~]# puppet cert list -all
  "host131" (SHA256) 0E:2E:2B:22:61:E8:F1:59:3A:E4:92:F9:99:2E:3F:D4:7F:D6:E6:83:21:E0:96:4B:1F:4E:7A:A3:D4:EE:FA:78
  "host133" (SHA256) 68:4B:45:DD:99:C7:F7:ED:25:BB:DC:BD:18:3A:81:8C:EF:9F:1D:3E:FB:1E:2D:73:B3:77:31:DE:46:E4:E1:E5
[root@host131 ~]# 

一、Puppet简介

puppet cert genarate <client DNS name>

再一次举行Agent连接

重复进行Agent连接,则开采Agent已经可以平常与Master举行通讯了。

[root@host133 ~]# puppet agent --server=host131 --test
Info: Caching certificate for host133
Info: Caching certificate_revocation_list for ca
Info: Caching certificate for host133
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Retrieving locales
Info: Caching catalog for host133
Info: Applying configuration version '1519038659'
Info: Creating state file /opt/puppetlabs/puppet/cache/state/state.yaml
Notice: Applied catalog in 0.01 seconds
[root@host133 ~]# 
  1. Agent的启航和终止

The demands on the Puppet master vary widely between deployments. The total needs are affected by the number of agents being served, how frequently those agents check in, how many resources are being managed on each agent, and the complexity of the manifests and modules in use.

modules            #puppet模块目录

   

runinterval = 3600                       #每隔多长期的岁月展开自动更新,时间单位为秒

Puppet uses four config sections:

 

   

的法子来运维,那样起步大家得以看出agent是如何和master创立连接的。

Settings for agents (all nodes)

rpm -Uvh epel-release-5-3.noarch.rpm

   

Agent的启动

puppet cert sign lux-vm32.gw.local

首先次运转建议利用puppet master --verbose --no-daemonize形式运营,有利于测量试验和调度错误,假如运用后边这种措施,你能够看到运营的一体进度,运维进程会做一些最先化的做事,为master创设本地证书认证中央,证书和key。并开采socket等待client的总是。你能够在/etc/puppet/ssl目录看到有关的公文和目录。

   

puppet.conf     #puppet主配置文件

Sudo users

warning: peer certificate won't be verified in this SSL session

puppet master

四、puppet的起步和截至

5. Puppet客商端Agent最后达成最先阶所定义的情事,并且将结果及其他试行多少经过开放API的款式发送给Puppet服务端Master。

世家要依据实情加,作者那边是三个master,多个agent。

   

也得以以应用 service puppetmaster start运行

rpm pacakge

3.  三回九转master的时候出现如下报错:

   

yum install ruby ruby-libs ruby-shadow

1. Puppet客商端Agent将节点名与facts音信发送给Master。

1.  老是master的时候出现如下报错:

Location

 

   

Master的启动

图片 14

err: Could not request certificate: getaddrinfo: Name or service not known

The puppet.conf file is always located at $confdir/puppet.conf.

  1. Master的开发银行和甘休

   

         至此倘诺设置进度不报错的话,puppet已经安装成功了。

3. Puppet服务端Master将所须求的Class类音信举行编写翻译后存入Catalog并发送给Puppet客商端Agent,到此产生第贰次交互。

  1. Master的安装

[master]
dns_alt_names = puppetmaster01,puppetmaster01.example.com,puppet,puppet.example.com
reports = puppetdb
storeconfigs_backend = puppetdb
storeconfigs = true
environment_timeout = unlimited

wget ftp://ftp.sunet.se/pub/Linux/distributions/yellowdog/yum/6.2/extras/RPMS/epel-release-5-3.noarch.rpm

图片 15

10.1.4.214 node2.zhang.com node2

如下所示为总体puppet自动计划进度中agent和master的详实的相互进程:

yum -y install puppet puppet-server facter

数据流表明:

err: Could not retrieve catalog from remote server: certificate verify failed

puppet-agent

 

Puppet consists of:

auth.conf       #定义puppet master的acl文件

   

本文由乐百家服务器发布,转载请注明来源:Puppet学习之puppet的装置和布局