• centos 7 64bit,puppet 5 安装笔记


    安装环境centos 7 64bit,puppet 5版本

    1. 安装master端 
    在puppet的网站查找需要安装的yum repository,https://puppet.com/docs/puppet/5.5/puppet_platform.html#yum-based-systems 

    sudo rpm -Uvh https://yum.puppet.com/puppet5/puppet5-release-el-7.noarch.rpm
     
    yum install puppetserver
     
    systemctl start puppetserver
    
    systemctl enable puppetserver
    

      

    确认8140端口已经启动

    2. puppet的客户端同样是需要安装yum repository, 与上面的的地址同样

    sudo yum install puppet-agent
    

      

    3. 使客户端与服务器端认证同步

    a. 保证服务器和客户端的FQDN,/etc/hostname和/etc/hosts 下设置好FQDN (server1.example.com),再使用hostanme -f检查一次主机名,保证可以ping通主机名

    b. 服务器和客户端需要同步好ntp时间

    4. puppet agent 设置

    [root@server2 ~]# vi /etc/puppetlabs/puppet/puppet.conf 
    
    [main]
    certname = server2.example.com
    server = server1.example.com
    runinterval = 60

    certname是客户端(agent)的主机名,server是服务端(master)的主机名。另外下面是另外一个网站的设置,主要多了environment的选项

    [main]
    certname = client.itzgeek.local
    server = server.itzgeek.local
    environment = production
    runinterval = 1h
    

    通过在客户端puppet agent -t 命令测试服务器与客户端直接是否能够联通,客户端把申请提到服务器上

    [root@server2 ~]# puppet agent -t
    Info: Creating a new SSL key for server2.example.com
    Info: Caching certificate for ca
    Info: csr_attributes file loading from /etc/puppetlabs/puppet/csr_attributes.yaml
    Info: Creating a new SSL certificate request for server2.example.com
    Info: Certificate Request fingerprint (SHA256): 51:2D:9E:00:47:4C:AA:23:5B:36:25:8B:ED:F0:71:96:FC:1B:18:05:CD:6D:36:52:C9:56:E1:0D:7D:A4:38:EA
    Info: Caching certificate for ca
    Exiting; no certificate found and waitforcert is disabled

    在服务器上查询证书,下面提示的是从客户端链接过来提出的证书

    [root@server1 ~]# puppet cert list
      "server2.example.com" (SHA256) 51:2D:9E:00:47:4C:AA:23:5B:36:25:8B:ED:F0:71:96:FC:1B:18:05:CD:6D:36:52:C9:56:E1:0D:7D:A4:38:EA

    使用下面的命令对证书进行签发 

    [root@server1 ~]# puppet cert sign server2.example.com
    Signing Certificate Request for:
      "server2.example.com" (SHA256) 51:2D:9E:00:47:4C:AA:23:5B:36:25:8B:ED:F0:71:96:FC:1B:18:05:CD:6D:36:52:C9:56:E1:0D:7D:A4:38:EA
    Notice: Signed certificate request for server2.example.com
    Notice: Removing file Puppet::SSL::CertificateRequest server2.example.com at '/etc/puppetlabs/puppet/ssl/ca/requests/server2.example.com.pem'  

    如果有多个客户端的节点,你需要一次全部签发可以使用以下命令

    /opt/puppetlabs/bin/puppet cert sign --all
    

    s再服务器端可以使用以下命令清除相关的签证

    /opt/puppetlabs/bin/puppet cert clean <hostname>  

    在客户端上再次使用测试命令

    [root@server2 ~]# puppet agent -t
    Info: Caching certificate for server2.example.com
    Info: Caching certificate_revocation_list for ca
    Info: Caching certificate for server2.example.com
    Info: Using configured environment 'production'
    Info: Retrieving pluginfacts
    Info: Retrieving plugin
    Info: Retrieving locales
    Info: Caching catalog for server2.example.com
    Info: Applying configuration version '1522307153'
    Info: Creating state file /opt/puppetlabs/puppet/cache/state/state.yaml
    Notice: Applied catalog in 0.01 seconds
    

     
    设置代理启动部分:

    root@server3:~# puppet resource service puppet ensure=running enable=true
    Notice: /Service[puppet]/ensure: ensure changed 'stopped' to 'running'
    service { 'puppet':
      ensure => 'running',
      enable => 'true',
    }
    

    agent将puppet-agent服务加载


    5. 测试部分

    manifests/site.pp是设置对agent的推送

    [root@server1 ~]# vi /etc/puppetlabs/code/environments/production/manifests/site.pp
    
    node 'server2.example.com' { # Applies only to mentioned node; if nothing mentioned, applies to all.
    file { '/tmp/puppetesttdir': # Resource type file
     ensure => 'directory', # Create as a diectory
     owner => 'root', # Ownership
     group => 'root', # Group Name
     mode => '0755', # Directory permissions
    }
    }
    

    node 为需要定义的客户端的hostname,应该就是指定客户端需要做什么内容
    file 定义创建一个文件,下面那些就是文件的具体属性

    在client上进行测试

    [root@server2 ~]# puppet agent -t
    Info: Using configured environment 'production'
    Info: Retrieving pluginfacts
    Info: Retrieving plugin
    Info: Retrieving locales
    Info: Caching catalog for server2.example.com
    Info: Applying configuration version '1522364471'
    Notice: /Stage[main]/Main/Node[server2.example.com]/File[/tmp/puppetesttdir]/ensure: created
    Notice: Applied catalog in 0.02 seconds

    如果正常的话你会发现在/tmp下面会有一个新的目录,就是刚才设置的内容,属性都一样


      

    6. manifests 存放在/etc/puppetlabs/code/environments/production/manifests 这个puppet第一检查的目录,里面定义的*.pp文件是puppet第一执行的文件

    node 'server2.example.com' {   # 对对象为server2这个node
      package { 'httpd' :    # 安装httpd服务
      ensure => installed,  # 确认是否安装,如果有没安装就将文件进行安装
              }
      service { 'httpd' :      # 对httpd服务进行操作,关键字service
      ensure => running,   # 对httpd服务进行启动的操作
      enable => true,        # 定义服务器启动后自动启动httpd服务
              }
    }
    

    上面的语句为对server2这个节点的简单操作,如果再复杂的就会使用module class这类进行操作

      

    manifests/ 是这个模块puppet_code(功能代码),也就是这个模块都有什么内容,以什么方式推送给客户端,都在这里定义
    files/ 是资源目录
    任何在manifests/ 中定义的puppet代码,其中如果需要发生一些文件file{} (比如发送一个ssh-key.pub文件) 那么这个文件就需要放入这个file/目录下

    node default {
     
    }

    default为所有的节点都运行的,但如果在下面有特别指定的节点,测试过特别指定的节点不会执行default的内容

    7. puppet resources 资源部分:

    puppet resource -e package openssl    # 这个命令可以查询puppet package 安装的版本

    # centos
    package { 'openssl':
      ensure => '1:1.0.2k-8.el7',
    }
    
    #ubuntu
    package { 'openssl':
      ensure => '1.0.2g-1ubuntu4.10',
    }
    
    
    
    # 在centos 下运行
    [root@server2 ~]# puppet resource service
    
    service { 'httpd.service':
      ensure => 'running',
      enable => 'true',
    
    .....
    
    # 在 ubuntu下运行
    root@server3:~# puppet resource service
    
    service { 'apache2':
      ensure => 'running',
      enable => 'true',
    
    .....
    
    
    
    puppet resource user (puppet resource root)
    puppet describe service         # 这个命令可以现实service所需要的参数
    puppet describe --list (显示puppet所有资源)
    [root@server1 ~]# puppet describe --list
    These are the types known to puppet:
    anchor          - A simple resource type intended to be used as ...
    augeas          - Apply a change or an array of changes to the  ...
    computer        - Computer object management using DirectorySer ...
    cron            - Installs and manages cron jobs
    exec            - Executes external commands
    file            - Manages files, including their content, owner ...
    file_line       - Ensures that a given line is contained within ...
    filebucket      - A repository for storing and retrieving file  ...
    group           - Manage groups
    host            - Installs and manages host entries
    interface       - This represents a router or switch interface
    k5login         - Manage the `.k5login` file for a user
    macauthorization - Manage the Mac OS X authorization database
    mailalias       - .. no documentation ..
    maillist        - Manage email lists
    .......
    

    puppet describe user (显示user里面的属性) puppet describe -s user (只显示属性, short line)

     

    File:
    content =>         编写的内容等于echo 'xxx' > yyy同理
    target =>         目标路径,相当是agent的路径
    source =>          引用的资源可以选择文件路径或http资源
    notify => Service['mysql']  notify相当于触发的意思,例子为当某个文件修改后需要重启服务器
    owner =>         所有权
    group =>         组
    mode => '0644'      权限
    ensure =>         可以选择directory, link, file
    recurse => true      可以将目录下的所有内容全部复制(目录递归)

    class motd {
      file { '/etc/motd':
        owner => 'root',
        group => 'root',
        mode => '0644',
        source => "puppet:///modules/motd/motd.txt"
      }
    }
    
    
    # /etc/puppetlabs/code/environments/production/modules/motd/files/motd.txt
    
    [root@server1 mystuff]# ls
    manifests  templates
    
    
    class mystuff::html {
      file { '/var/www/html/index.html':
        content => template('mystuff/index.html.erb')
      }
    }
    # html.pp in manifests 使用template方法存放erb文件
    

    Package: 
    ensure => installed      安装软件
    ensure => absent      卸载文件
    ensure => '1.0.2g-ubuntu'  指定安装某版本的软件
    ensure => latest        安装最后一个版本
    provider => gem      类似通过yum这样的方式安装软件

    puppet resource -e package openssl    #这个命令可以查询puppet package 安装的版本
    
    package { 'openssl':
      ensure => '1:1.0.2k-8.el7',

    Services:
    puppet describe service  列出所有service 属性的设置项
    puppet describe --list

    ensure => running,      服务要求启动
    enable => true        启动的时候启用服务
    hasstatus => true,false    当使用false的时候,puppet不会使用systemctl service status方式监控,使用ps ax的方式检查进程表; 当设置为true的时候puppet就执行restart命令
    pattern => 'ntpd'       当hasstatus使用false时,进程名称与service 标称的名称不一致,这时候就要使用pattern标识正确的名称

    restart => '/bin/echo restarting >> /tmp/debug.log && systemctl resrart ntp'  重启服务器并且写入记录

    User
    ensure => present     检查系统用户是否存在, absent删除用户
    gid => 3000        设置用户组id
    uid => 3001        设置用户id
    home => '/home/user'   设置用户的主目录
    shell => '/bin/bash'     设置用是否能够使用shell /user/sbin/nologin
    groups => ['devs']      设置组设置,(未清除是否是其他组成员,需要设置后再看)

    SSHkeys
    purge_ssh_keys       当删除用户之后, 可以通过这个属性删除ssh_authorized_key的用户信息

    Cron
    ensure => absent     同样absent为删除这个cron job
    command => '/usr/local/bin/run-puppet'  执行的命令
    hour => '*'         这里*代表每小时都运行
    hour => fqdn_rand(24, 'run daily backup sync')  产生随机数0 - 23数
    minute => '*/15'      这里两行代表每15分钟执行run-puppet脚本一次
    user => 'ubuntu'       指定用户执行
    environment => ['MAILTO=admin@example.com', 'PATH=/bin']  指定环境设置
    weekday => ['Saturaday', 'Sunday']  星期六和星期日执行

    EXEC
    cwd => '/tmp'       类似cd (current working directory)
    command = '/tmp/generator/configure && /usr/bin/make install'  执行的命令(这里一定要使用绝对路径)
    creates => '/usr/local/bin/cat-picture-generator'    creates是检查路径是否有创建,通常是放在command后面使用,如果发现没有创建就会重新执行command的内容
    user => 'ubuntu'     使用ubuntu用户执行
    onlyif => '/bin/ls /tmp/incoming/*'    如果执行ls /tmp/incoming/* 返回0(echo $?)的时候就会执行command的内容
    unless => '/bin/ls /tmp/incoming/*'     与上面相反,当得到的结果为非0的时候才会执行command的内容
    refreshonly => true             期望的状态返回值,返回非此值时表示命令执行(未是好明白)
    timeout =>                超时设置

    8.puppet 变量

    facter命令, 显示当前系统变量,可以使用到if等语句,if Redhat ....

    [root@server1 ~]# facter osfamily
    RedHat
    [root@server1 ~]# facter ipaddress
    192.168.2.181
    [root@server1 ~]# facter hostname
    server1
    

      

    Variables:              变量可以包括string, number, boolean
    $php_package = 'php7.0-cli'
    $answer = 42
    $scheduled = true
    $my_name = 'John'
    notice("Hello, ${my_name}! It's a great to meet you!")


    Booleans:
    enable => true

    Arrays:
    $heights = [192, 120, 181, 164, 172]
    $first_height = $heights[0]

    $dependencies = ['php7.0-cgi', 'php7.0-cli', 'php7.0-common', 'php7.0-gd', 'php7.0-json',]
    package { $dependencies :
      ensure => installed,
    }
    
    
    $admintools = ['git', 'nano', 'screen']
      package { $admintools:
        ensure => 'installed',
    }
    

      




    Hashes:    等于key = value关系 类似dic
    $heights = {
      'john' => 192,
      'rabiah' => 120,
      'abigail' => 181,
      'melina' => 164,
      'sumiko' => 172,
    }
    notice(:John's height is ${heights['john']}cm.")

    $attributes = {
      'owner' => 'ubuntu',
      'group' => 'ubuntu',
      'mode' => '0644',
    }

    file { '/tmp/test':
      ensure => present,
      *         => $attributes,
    }
    等于
    file { '/tmp/test':
      ensure => present,
      owner => 'ubuntu',
      group => 'vagrant',
      mode => '0644',
    }

    $ntpservice = $osfamily ? {
      'redhat' => 'ntpd', 
      'debain' => 'ntp',
      'default' => 'ntp',
    }
    
    
    service { $ntpservice:
      ensure => 'running'
      enable => true,
    }
    
    #例子根据操作系统的service进行判断
    

      


    Regular expressions:
    $candidate = 'foo'
    notice($candidate =~ /foo/)    使用=~作为regex的符号

    if statements:

    case statements:

    facts built-in mechanism:     检查系统的内置函数
    notice($facts['kernel'])      检查linux系统的内核
    notice($::kernel)          旧版本检查方法
    $facts['os']              hash with architecture, distro, family, hardware, name, release, selinux
    notice($facts['os']['architecture'])
    notice($facts['os']['distro']['codename'])
    $facts['os']['release']['major']     这个参数会经常使用

    if $facts['os']['selinux']['enabled'] {
      notice('SELinux is enabled')
    } else {
      notice(''SELinux is disable')
    }
    

     检查SELinux是否打开

    $buffer_pool = $facts['memory']['system']['total_bytes'] * 3/4
    notice("innodb_buffer_pool_size=${buffer_pool}")
    

     检查MySQL的innodb缓存大小

    $facts['memory']['system']['total_bytes']
    

     检查系统内存大小

    notice("My hostname is ${facts['hostname']}")
    notice("My FQDN is ${facts['fqdn']}")
    notice("My IP is ${facts['networking']['ip']}")
    
    $facts['hostname']
    

     检查网络部分


    9. class & modules  (摆放的目录)

    data  environment.conf  hiera.yaml  manifests  modules
    
    ./data:
    
    ./manifests:
    site.pp
    
    ./modules:
    motd
    
    ./modules/motd:
    manifests
    
    ./modules/motd/manifests:
    init.pp

    init.pp是modules的默认文件

    class linux {
      package { 'ntp':
        ensure => 'installed',
        }
    }
    
    node 'wiki' {
      { class 'linux': }
    }
    


    例子1:

    class motd {
      file { '/etc/motd':
        owner => 'root',
        group => 'root',
        mode => '0644',
        content => inline_template("The current $osfamily time is <%= Time.now %>
    ")
      }
    }
    
    #这个是init.pp的设置
    
    class motd::crabby {
      notify { "Knife Crab is the best": }
    }
    
    # 这个是manifests/motd的另外一个模块
    
    node default {
      class { 'motd': }
      class { 'motd::crabby': }
    }
    
    # 这个是主manifests下site.pp配置文件
    

     motd::crabby,crabby为motd的子类

    例子2: 

    [root@server1 modules]# ls -R
    .:
    motd  mystuff
    
    ./motd:
    manifests
    
    ./motd/manifests:
    crabby.pp  init.pp
    
    ./mystuff:
    manifests
    
    ./mystuff/manifests:
    init.pp  vim.pp
    
    class mystuff {
    
    notify { "I'm installing stuff like you wanted me to sir": }
    
    include mystuff::vim
    
    }
    
    # init.pp文件
    
    class mystuff::vim {
    
      package { 'vim':
        ensure => 'latest'
              }
    
    } # mystuff.pp
    
    node default {
      class { 'motd': }
      class { 'mystuff': }
    } #site.pp
    

    例子3:

    class mystuff::apache {
      if $osfamily == 'redhat' {
         package { 'httpd':
           ensure => latest
         }
         service { 'httpd':
           ensure => running,
           enable => true,
         }
      }
      elsif $osfamily == 'debian' {
         package { 'apache2':
           ensure => latest
         }
         service { 'apache2':
           ensure => running,
           enable => true,
         }
      }
    }
    
    # 增加一个apache.pp的文件在mystuff下面
    
    class mystuff {
    
    notify { "I'm installing stuff like you wanted me to sir": }
    
    include mystuff::vim
    include mystuff::apache
    
    }
    
    # 增加mystuff::apache 在init.pp文件下,其他内容均不变
    

      

    10. puppet forge
    https://forge.puppetlabs.com  puppet modules下载

    [root@server1 manifests]# ls
    apache.pp  html.pp  init.pp  vim.pp
    [root@server1 manifests]# vi html.pp 
    [root@server1 manifests]# puppet module list
    /etc/puppetlabs/code/environments/production/modules
    ├── motd (???)
    └── mystuff (???)
    /etc/puppetlabs/code/modules (no modules installed)
    /opt/puppetlabs/puppet/modules (no modules installed)
    

    在master中检查已经按照的modules

    [root@server1 manifests]# puppet module search ntp
    Notice: Searching https://forgeapi.puppet.com ...
    
    [root@server1 manifests]# puppet module install puppetlabs-ntp 
    Notice: Preparing to install into /etc/puppetlabs/code/environments/production/modules ...
    Notice: Downloading from https://forgeapi.puppet.com ...
    Notice: Installing -- do not interrupt ...
    /etc/puppetlabs/code/environments/production/modules
    └─┬ puppetlabs-ntp (v7.1.1)
      └── puppetlabs-stdlib (v4.25.1)
    

    查询及安装puppet module

    node default {
      class { 'motd': }
      class { 'mystuff': }
      class { '::ntp': }
    }
    

    最后只要在site.pp文件中加载ntp就可以了

    notes:

    在配置server的时候,误删除了agent的认证key,导致怎么都加不了agent,后来重新安装系统和gen key发现,应该在服务器上把下面路径的文件删除后就可以重新gen key

    Notice: Removing file Puppet::SSL::CertificateRequest server3.example.com at '/etc/puppetlabs/puppet/ssl/ca/requests/server3.example.com.pem'

  • 相关阅读:
    洛谷P3122 [USACO15FEB]圈住牛Fencing the Herd(计算几何+CDQ分治)
    洛谷P4502 [ZJOI2018]保镖(计算几何+三维凸包)
    [Codeforces1137D]Cooperative Game
    洛谷P2287 [HNOI2004]最佳包裹(三维凸包)
    洛谷P4724 【模板】三维凸包
    洛谷P4526 【模板】自适应辛普森法2(Simpson法)
    A + B Problem
    Java中方法next()和nextLine()的区别
    发现环
    分考场
  • 原文地址:https://www.cnblogs.com/ecwork/p/8655284.html
Copyright © 2020-2023  润新知