一. 工作原理:
1. 当Agent发起一个请求之后,Agent会把自己的主机名及facter信息(保存着系统的一些变量信息)(SSL)传给Master请求manifests目录下的*.pp入口脚本文件(注)。
2. Master收到信息验证通过后再将Agent所需要的模块编绎生成Catalog数据返回给Agent。
3. Agent收到Master返回在的Catalog数据然后再应用配置到自身系统,就实现了安装配置管理服务等等功能。
4. 最后Agent应用过了配置之后再向Master 发送一个Report(当然这需要配置report才能生效,返回的文件格式是yaml),告诉Master当前执行的结果状态。
注:一般来说manifests目录位于/etc/puppet/manifests,默认入口文件为site.pp。
二. Puppet安装
首先需要做以下准备工作
1. 需要两个虚拟机服务器,并且都关闭 selinux 及防火墙
虚拟机分配:192.168.63.132 【master】 192.168.63.133 【slaver】
2. 编辑hosts文件,两个服务器均要设置
[root@localhost yangcheng]# vim /etc/hosts
192.168.63.132 master.test.com
192.168.63.133 slaver.test.com
192.168.63.132 master.test.com
192.168.63.133 slaver.test.com
3. 在master和slaver上分别设置 hostname
[root@master yangcheng]# vim /etc/sysconfig/network
HOSTNAME=master.test.com
[root@slaver yangcheng]# vim /etc/sysconfig/network
HOSTNAME=slaver.test.com
HOSTNAME=master.test.com
[root@slaver yangcheng]# vim /etc/sysconfig/network
HOSTNAME=slaver.test.com
4. 在master和slaver上分别安装ntpdate
# master
[root@master yangcheng]# yum install -y ntp
[root@master yangcheng]# yum install -y ntp
# slaver
[root@slaver yangcheng]# yum install -y ntp
[root@slaver yangcheng]# yum install -y ntp
安装完成后,建立时间自动同步的任务计划
# master
[root@master yangcheng]# crontab -e
*/3 * * * * ntpdate time.windows.com >/dev/null 2>&1 //每三分钟同步一次
[root@master yangcheng]# crontab -e
*/3 * * * * ntpdate time.windows.com >/dev/null 2>&1 //每三分钟同步一次
# slaver
[root@slaver yangcheng]# crontab -e
*/3 * * * * ntpdate time.windows.com >/dev/null 2>&1 //每三分钟同步一次
[root@slaver yangcheng]# crontab -e
*/3 * * * * ntpdate time.windows.com >/dev/null 2>&1 //每三分钟同步一次
完成上述准备工作后,现在开始安装,我这里用yum命令来安装,由于Puppet 不在 CentOS 的基本源中,需要加入 PuppetLabs 提供的官方源。
# master
[root@master src]# rpm -ivh https://yum.puppetlabs.com/el/7/products/x86_64/puppetlabs-release-7-10.noarch.rpm --force --nodeps
[root@master src]# yum install -y ruby facter puppet-server
# 创建测试文件site.pp,写入以下内容,保存
[root@master src]# vim /etc/puppet/manifests/site.pp
node default {
file { "/tmp/helloworld.txt" :
content => "Hello,Yang cheng!",
}
}
# 启动server,以no-daemonize方式,这样可以在控制台看到操作信息(Server端):
[root@master src]# puppet master --no-daemonize --debug
... ...
Notice: Starting Puppet master version 3.5.1 #启动成功,会看到这样的信息
[root@master src]# rpm -ivh https://yum.puppetlabs.com/el/7/products/x86_64/puppetlabs-release-7-10.noarch.rpm --force --nodeps
[root@master src]# yum install -y ruby facter puppet-server
# 创建测试文件site.pp,写入以下内容,保存
[root@master src]# vim /etc/puppet/manifests/site.pp
node default {
file { "/tmp/helloworld.txt" :
content => "Hello,Yang cheng!",
}
}
# 启动server,以no-daemonize方式,这样可以在控制台看到操作信息(Server端):
[root@master src]# puppet master --no-daemonize --debug
... ...
Notice: Starting Puppet master version 3.5.1 #启动成功,会看到这样的信息
# slaver
[root@slaver src]# rpm -ivh https://yum.puppetlabs.com/el/7/products/x86_64/puppetlabs-release-7-10.noarch.rpm --force --nodeps
[root@slaver src]# yum install -y ruby facter puppet
# 安装完成后编辑puppet.conf,增加server配置项,保存
[root@slaver yangcheng]# vim /etc/puppet/puppet.conf
[agent]
... ...
server = master.test.com
[root@slaver src]# rpm -ivh https://yum.puppetlabs.com/el/7/products/x86_64/puppetlabs-release-7-10.noarch.rpm --force --nodeps
[root@slaver src]# yum install -y ruby facter puppet
# 安装完成后编辑puppet.conf,增加server配置项,保存
[root@slaver yangcheng]# vim /etc/puppet/puppet.conf
[agent]
... ...
server = master.test.com
# 启动agent即slaver上puppet服务
[root@slaver yangcheng]# puppet agent --test
Info: Creating a new SSL key for slaver.test.com
Info: Caching certificate for ca
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for slaver.test.com
Info: Certificate Request fingerprint (SHA256): 89:50:87:2D:F2:06:2D:A3:21:EA:2D:59:F5:14:7C:C6:54:2A:C1:D2:9D:09:34:4B:2C:4E:78:CE:31:5A:50:A2
Info: Caching certificate for ca
Exiting; no certificate found and waitforcert is disabled
# 以上信息说明slaver端没有获得master端的认证。
[root@slaver yangcheng]# puppet agent --test
Info: Creating a new SSL key for slaver.test.com
Info: Caching certificate for ca
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for slaver.test.com
Info: Certificate Request fingerprint (SHA256): 89:50:87:2D:F2:06:2D:A3:21:EA:2D:59:F5:14:7C:C6:54:2A:C1:D2:9D:09:34:4B:2C:4E:78:CE:31:5A:50:A2
Info: Caching certificate for ca
Exiting; no certificate found and waitforcert is disabled
# 以上信息说明slaver端没有获得master端的认证。
# 回到master,通过puppet cert查询证书信息。
[root@master src]# puppet cert list --all
"slaver.test.com" (SHA256) 89:50:87:2D:F2:06:2D:A3:21:EA:2D:59:F5:14:7C:C6:54:2A:C1:D2:9D:09:34:4B:2C:4E:78:CE:31:5A:50:A2
+ "master.test.com" (SHA256) 11:5B:2E:7C:7B:14:87:0D:32:FB:77:8B:95:DD:0F:C9:FD:0D:5F:3D:34:D7:69:57:60:42:26:26:5A:58:83:D1 (alt names: "DNS:master.test.com", "DNS:puppet", "DNS:puppet.test.com")
# 证书列表中有slaver的申请,目前是未审核状态(最前面没有+)。现在审核证书:
[root@master src]# puppet cert sign slaver.test.com
Notice: Signed certificate request for slaver.test.com
Notice: Removing file Puppet::SSL::CertificateRequest slaver.test.com at '/var/lib/puppet/ssl/ca/requests/slaver.test.com.pem'
# 再次查看证书信息
[root@master src]# puppet cert list --all
+ "master.test.com" (SHA256) 11:5B:2E:7C:7B:14:87:0D:32:FB:77:8B:95:DD:0F:C9:FD:0D:5F:3D:34:D7:69:57:60:42:26:26:5A:58:83:D1 (alt names: "DNS:master.test.com", "DNS:puppet", "DNS:puppet.test.com")
+ "slaver.test.com" (SHA256) C8:0E:BB:2B:BB:3E:A7:AE:78:38:2A:3F:9F:EB:93:22:E4:B5:37:A5:92:91:1C:00:DF:05:D6:93:EB:5A:90:62
[root@master src]# puppet cert list --all
"slaver.test.com" (SHA256) 89:50:87:2D:F2:06:2D:A3:21:EA:2D:59:F5:14:7C:C6:54:2A:C1:D2:9D:09:34:4B:2C:4E:78:CE:31:5A:50:A2
+ "master.test.com" (SHA256) 11:5B:2E:7C:7B:14:87:0D:32:FB:77:8B:95:DD:0F:C9:FD:0D:5F:3D:34:D7:69:57:60:42:26:26:5A:58:83:D1 (alt names: "DNS:master.test.com", "DNS:puppet", "DNS:puppet.test.com")
# 证书列表中有slaver的申请,目前是未审核状态(最前面没有+)。现在审核证书:
[root@master src]# puppet cert sign slaver.test.com
Notice: Signed certificate request for slaver.test.com
Notice: Removing file Puppet::SSL::CertificateRequest slaver.test.com at '/var/lib/puppet/ssl/ca/requests/slaver.test.com.pem'
# 再次查看证书信息
[root@master src]# puppet cert list --all
+ "master.test.com" (SHA256) 11:5B:2E:7C:7B:14:87:0D:32:FB:77:8B:95:DD:0F:C9:FD:0D:5F:3D:34:D7:69:57:60:42:26:26:5A:58:83:D1 (alt names: "DNS:master.test.com", "DNS:puppet", "DNS:puppet.test.com")
+ "slaver.test.com" (SHA256) C8:0E:BB:2B:BB:3E:A7:AE:78:38:2A:3F:9F:EB:93:22:E4:B5:37:A5:92:91:1C:00:DF:05:D6:93:EB:5A:90:62
# 再次启动slaver端puppet服务
[root@slaver yangcheng]# puppet agent --test
Info: Caching certificate for slaver.test.com
Info: Caching certificate_revocation_list for ca
Info: Caching certificate for slaver.test.com
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for slaver.test.com
Info: Applying configuration version '1508378615'
Notice: /Stage[main]/Main/Node[default]/File[/tmp/helloworld.txt]/ensure: defined content as '{md5}ed076287532e86365e841e92bfc50d8c'
Info: Creating state file /var/lib/puppet/state/state.yaml
Notice: Finished catalog run in 0.01 seconds
[root@slaver yangcheng]# puppet agent --test
Info: Caching certificate for slaver.test.com
Info: Caching certificate_revocation_list for ca
Info: Caching certificate for slaver.test.com
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for slaver.test.com
Info: Applying configuration version '1508378615'
Notice: /Stage[main]/Main/Node[default]/File[/tmp/helloworld.txt]/ensure: defined content as '{md5}ed076287532e86365e841e92bfc50d8c'
Info: Creating state file /var/lib/puppet/state/state.yaml
Notice: Finished catalog run in 0.01 seconds
[root@slaver yangcheng]# vim /tmp/helloworld.txt
Hello,Yang cheng!
Hello,Yang cheng!
这时候,可以看到/tmp/helloworld.txt文件存在及内容,说明该文件已经自动同步到slaver了。
关于puppet,这里只是简单的示例,更多使用技巧及经验有待继续学习研究,谢谢!
原创文章,作者:iConan,如若转载,请注明出处:https://www.aspyc.com/archives/521.html
赞 (0)
iConan
八 puppet企业级自动化运维、大数据ELK系统实战 作业23
« 上一篇
16/10/2017 am3:10
八 puppet企业级自动化运维、大数据ELK系统实战 作业22
下一篇 »
19/10/2017 am10:52
评论列表(1条)