(一)Puppet介绍
puppet是一种Linux、Unix、windows平台的集中配置管理系统,使用自有的puppet描述语言,可管理配置文件、用户、cron任务、软件包、系统服务等。puppet把这些系统实体称之为资源,puppet的设计目标是简化对这些资源的管理以及妥善处理资源间的依赖关系。
puppet采用C/S星状的结构,所有的客户端和一个或几个服务器交互。每个客户端周期的(默认半个小时)向服务器发送请求,获得其最新的配置信息,保证和该配置信息同步。每个puppet客户端每半小时(可以设置)连接一次服务器端, 下载最新的配置文件,并且严格按照配置文件来配置客户端. 配置完成以后,puppet客户端可以反馈给服务器端一个消息. 如果出错,也会给服务器端反馈一个消息.
(二)配置Puppet
实验环境:
Puppet Server:192.168.2.130 主机名130-node1(随便起,只要Server和Client不一样即可)
Puppet Client:192.168.2.129 主机名bp-vm
Server:
[root@130-node1 ~]#yum install epel-release -y
[root@130-node1 ~]# cat /etc/hostname #获取主机名,下面hosts文件需要用到130-node1
[root@130-node1 ~]# vi /etc/hosts #配置对应的ip和主机名
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.2.130 130-node1
192.168.2.129 bp-vm
[root@130-node1 ~]#yum install puppet-server -y
[root@130-node1 ~]#puppet master --no-daemonize --debug #前台运行puppet,方便排错.然后另开一个窗口执行后续操作
[root@130-node1 ~]#vi /etc/puppet/manifests/site.pp #配置.这里的意思是修改Client上的/tmp/helloworld.txt的内容为Hello World!
node default {
file { "/tmp/helloworld.txt" :
content => "Hello World!",
}
}
[root@130-node1 ~]#
node default {
file { "/tmp/helloworld.txt" :
content => "Hello World!",
}
}
[root@130-node1 ~]#
Client:
[root@bp-vm ~]#yum install epel-release -y
[root@bp-vm ~]#yum install puppet -y
[root@bp-vm ~]# cat /etc/hostname #获取主机名,下面hosts文件需要用到
bp-vm
[root@bp-vm ~]# vi /etc/hosts #配置对应的ip和主机名
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.2.130 130-node1
192.168.2.129 bp-vm
bp-vm
[root@bp-vm ~]# vi /etc/hosts #配置对应的ip和主机名
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.2.130 130-node1
192.168.2.129 bp-vm
[root@bp-vm ~]# cat /etc/puppet/puppet.conf|grep -v '#'|grep -v ^$
[main]
logdir = /var/log/puppet
rundir = /var/run/puppet
ssldir = $vardir/ssl
[agent]
classfile = $vardir/classes.txt
localconfig = $vardir/localconfig
server=130-node1 #只需要修改这里即可.指定Puppet的地址
[root@bp-vm ~]# puppet agent --test #开始测试,puppet涉及到认证授权问题,因为Client没正式得到授权,所以这里只是向Server发起认证申请,因此会返回报错,不用管
[main]
logdir = /var/log/puppet
rundir = /var/run/puppet
ssldir = $vardir/ssl
[agent]
classfile = $vardir/classes.txt
localconfig = $vardir/localconfig
server=130-node1 #只需要修改这里即可.指定Puppet的地址
[root@bp-vm ~]# puppet agent --test #开始测试,puppet涉及到认证授权问题,因为Client没正式得到授权,所以这里只是向Server发起认证申请,因此会返回报错,不用管
Server:
[root@130-node1 ~]# puppet cert list --all #查看Server的授权信息,有+号在前面就是得到授权了,可以看到我们的Client(bp-vm)没有得到授权
"bp-vm" (SHA256) 3C:97:3B:C7:EB:5D:D2:67:77:D6:9C:6D:50:90:1E:49:D8:DA:14:40:4D:18:6B:5B:7F:F2:0E:8C:02:98:91:F2
+ "130-node1" (SHA256) 6A:C2:ED:5C:B4:E6:CE:AC:0B:48:CB:48:46:10:10:5D:13:C1:0F:78:D8:86:62:00:98:B8:52:C4:60:46:34:FD
[root@130-node1 ~]# puppet cert sign bp-vm #确认授权给bp-vm
Notice: Signed certificate request for bp-vm
Notice: Removing file Puppet::SSL::CertificateRequest bp-vm at '/var/lib/puppet/ssl/ca/requests/bp-vm.pem'
[root@130-node1 ~]# puppet cert list --all #bp-vm有+号就是得到授权
+ "130-node1" (SHA256) 6A:C2:ED:5C:B4:E6:CE:AC:0B:48:CB:48:46:10:10:5D:13:C1:0F:78:D8:86:62:00:98:B8:52:C4:60:46:34:FD
+ "bp-vm" (SHA256) B7:EE:85:62:BE:C8:BD:46:54:A4:BC:09:D4:F5:94:0A:E0:CC:8B:0E:D9:E2:68:3E:93:56:CD:1D:6B:9E:A7:04
[root@130-node1 ~]#
"bp-vm" (SHA256) 3C:97:3B:C7:EB:5D:D2:67:77:D6:9C:6D:50:90:1E:49:D8:DA:14:40:4D:18:6B:5B:7F:F2:0E:8C:02:98:91:F2
+ "130-node1" (SHA256) 6A:C2:ED:5C:B4:E6:CE:AC:0B:48:CB:48:46:10:10:5D:13:C1:0F:78:D8:86:62:00:98:B8:52:C4:60:46:34:FD
[root@130-node1 ~]# puppet cert sign bp-vm #确认授权给bp-vm
Notice: Signed certificate request for bp-vm
Notice: Removing file Puppet::SSL::CertificateRequest bp-vm at '/var/lib/puppet/ssl/ca/requests/bp-vm.pem'
[root@130-node1 ~]# puppet cert list --all #bp-vm有+号就是得到授权
+ "130-node1" (SHA256) 6A:C2:ED:5C:B4:E6:CE:AC:0B:48:CB:48:46:10:10:5D:13:C1:0F:78:D8:86:62:00:98:B8:52:C4:60:46:34:FD
+ "bp-vm" (SHA256) B7:EE:85:62:BE:C8:BD:46:54:A4:BC:09:D4:F5:94:0A:E0:CC:8B:0E:D9:E2:68:3E:93:56:CD:1D:6B:9E:A7:04
[root@130-node1 ~]#
Client:
[root@bp-vm ~]# cat /tmp/helloworld.txt
cat: /tmp/helloworld.txt: 没有那个文件或目录
[root@bp-vm ~]# puppet agent --test #之前没有授权就报错了,授权后执行新增/tmp/helloworld.txt文件
Info: Caching certificate for bp-vm
Info: Caching certificate_revocation_list for ca
Info: Caching certificate for bp-vm
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for bp-vm
Info: Applying configuration version '1587394106'
Notice: /Stage[main]/Main/Node[default]/File[/tmp/helloworld.txt]/ensure: defined content as '{md5}ed076287532e86365e841e92bfc50d8c'
Info: Creating state file /var/lib/puppet/state/state.yaml
Notice: Finished catalog run in 0.01 seconds
[root@bp-vm ~]# cat /tmp/helloworld.txt
Hello World![root@bp-vm ~]#
cat: /tmp/helloworld.txt: 没有那个文件或目录
[root@bp-vm ~]# puppet agent --test #之前没有授权就报错了,授权后执行新增/tmp/helloworld.txt文件
Info: Caching certificate for bp-vm
Info: Caching certificate_revocation_list for ca
Info: Caching certificate for bp-vm
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for bp-vm
Info: Applying configuration version '1587394106'
Notice: /Stage[main]/Main/Node[default]/File[/tmp/helloworld.txt]/ensure: defined content as '{md5}ed076287532e86365e841e92bfc50d8c'
Info: Creating state file /var/lib/puppet/state/state.yaml
Notice: Finished catalog run in 0.01 seconds
[root@bp-vm ~]# cat /tmp/helloworld.txt
Hello World![root@bp-vm ~]#
参考链接:
https://www.cnblogs.com/eastson/p/6056456.html