• 手动编写的几个简单的puppet管理配置


    puppet在自动化配置管理方面有很强大的优势,这里就不做过多介绍了,下面记录下几个简单的puppet管理配置:

    一、首先在服务端和客户端安装puppet和facter

    1)服务端
    安装Puppet Labs
    # rpm -ivh http://yum.puppetlabs.com/el/6.5/products/x86_64/puppetlabs-release-6-12.noarch.rpm
    
    安装Puppet和facter
    # yum install puppet puppet-server facter
    
    2)客户端
    安装Puppet Labs
    # rpm -ivh http://yum.puppetlabs.com/el/6.5/products/x86_64/puppetlabs-release-6-12.noarch.rpm
    
    安装Puppet和facter
    # yum install puppet facter
    

    二、puppet配置及证书签收

    1)客户端和服务端分别做host主机映射(或者做内网DNS解析)
    192.168.1.10 puppet01.wang.com            #服务端
    192.168.1.11 puppet02.wang.com            #客户端
    
    2)在客服端的puppet.conf配置文件里
    [root@puppet02 ~]# cat /etc/puppet/puppet.conf 
    [main]
        server=puppet01.wang.com
        ......
    
    3)分别启动puppet服务(注意服务端和客户端的iptables防火墙最好关闭,如果开启的话,要记得开放puppet端口8140的访问)
    服务端
    [root@puppet01 ~]# /etc/init.d/puppetmaster start
    
    客服端
    [root@puppet02 ~]# /etc/init.d/puppet start
    
    4)自动注册证书配置
    服务端
    [root@puppet01 ~]# cat /etc/puppet/puppet.conf
    [main]
        ......
        autosign = true
        autosign = /etc/puppet/autosign.conf
    
    [root@puppet01 ~]# cat /etc/puppet/autosign.conf        #创建自动注册配置文件,下面表示对所有主机的注册进行签收
    *
    
    [root@puppet01 ~]# /etc/init.d/puppetmaster restart
    
    客户端进行注册
    [root@puppet02 ~]# puppet agent --test --server=puppet01.wang.com
    Notice: Ignoring --listen on onetime run
    Info: Retrieving pluginfacts
    Info: Retrieving plugin
    Info: Caching catalog for puppet02.wang.com
    Info: Applying configuration version '1501320900'
    Notice: Finished catalog run in 0.42 seconds
    
    服务端发现已经自动签收了证书
    [root@puppet01 ~]# puppet cert --list --all
    + "puppet01.wang.com" (SHA256) 3E:99:64:73:14:D5:BA:01:62:2F:53:62:A6:07:55:AB:BA:BE:70:6E:7E:60:7A:81:41:10:63:78:C0:FD:E4:56 (alt names: "DNS:puppet", "DNS:puppet.wang.com", "DNS:puppet01.wang.com")
    + "puppet02.wang.com" (SHA256) A4:EF:73:62:3A:DD:F9:2E:E4:12:8F:2E:AE:90:96:43:95:7A:4C:9F:38:02:44:B7:81:C5:08:B5:16:95:42:0B
    

    三、puppet自动化管理配置

    在puppet master服务端进行puppet管理条目的配置,配置好之后,这些条目会被发送到puppet agent节点机器上,并被应用到agent节点机器上(即puppet master的"推"操作)。如果agent节点机器以守护进程方式运行,
    它会默认每隔30分钟连接一次,并检查自己所在主机的配置是否发生了变化或者增加了新的配置。可以通过修改agent上/etc/puppet/puppet.conf文件中的runinterval项来修改这个时间间隔,比如修改时间间隔为1小时
    "runinterval = 3600"。同时,agent节点机器也可以通过cron进行定时任务的主动连接(即puppet agent的"拉"操作),
    结合master和agent的一"推"一"拉"的操作。
       
    1)在puppet master端进行配置
    [root@puppet01 puppet]# ll
    total 36
    -rw-r--r--  1 root root 4178 Jul 29 16:25 auth.conf
    -rw-r--r--  1 root root    2 Jul 29 16:25 autosign.conf
    drwxr-xr-x  3 root root 4096 Jul 29 16:25 environments
    -rw-r--r--  1 root root 1462 Jul 29 16:25 fileserver.conf
    drwxr-xr-x  2 root root 4096 Jul 29 17:22 manifests
    drwxr-xr-x 13 root root 4096 Jul 29 17:03 modules
    -rw-r--r--  1 root root  915 Jul 29 16:25 puppet.conf
       
    先创建模块可以手动创建,也可以通过命令创建,不过要修改模块名称。
    [root@puppet01 puppet]# cd modules/
    [root@puppet01 modules]# puppet module generate propupet-ssh       #命令行创建模块的命令。模块名称格式"puppet-模块名""
    [root@puppet01 modules]# mv propupet-ssh ssh        #修改为ssh模块
       
    或者手动创建模块
    [root@puppet01 modules]# mkdir ssh       #不过还要手动创建模块下的目录结构
    [root@puppet01 modules]# mkdir ssh/files    #保存模块需要用到的文件
    [root@puppet01 modules]# mkdir ssh/manifests   #puppet配置文件的存放目录
    [root@puppet01 modules]# mkdir ssh/templates    #保存模块中用到的模板
       
    modules模块配置好之后,要在/etc/puppet/manifests/site.pp清单文件中进行引用(如下最后会提到)。
       
    2)参考下面几个模块的配置:
    [root@puppet01 modules]# pwd
    /etc/puppet/modules
       
    --------------------ssh安装管理模块--------------------
    [root@puppet01 manifests]# cd /etc/puppet/modules/ssh
    [root@puppet01 ssh]# cd manifests/
    [root@puppet01 manifests]# ls
    config.pp  init.pp  install.pp  service.pp
    [root@puppet01 manifests]# cat init.pp
    class ssh {
      class { '::ssh::install':} ->
      class { '::ssh::config':} ->
      class { '::ssh::service':} ->
      Class['ssh']
    }
    [root@puppet01 manifests]# cat install.pp
    class ssh::install {
      package { "openssh":               #安装包名为openssh
        ensure => present,               #保证该包被安装
      }
    }
    [root@puppet01 manifests]# cat config.pp
    class ssh::config {
      file { "/etc/ssh/sshd_config":              #ssh诸如端口、用户名、密码登录的控制都可以事先放在模块的files下的sshd_config文件了,然后利用puppet同步到目标机器上。修改后会自动重启sshd(service类里会自动重启)
        ensure => present,
        owner => 'root',
        group => 'root',
        mode => 0600,
        source => "puppet:///modules/ssh/sshd_config",     #即sshd_config文件存放在/etc/puppet/modules/ssh/files目录下。注意files目录不写在路径中。
        require => Class["ssh::install"],                  #该文件资源存在的前提条件
        notify =>  Class["ssh::service"],                  #该文件资源存在后通知ssh::service类
        }
    }
    [root@puppet01 manifests]# cat service.pp
    class ssh::service {
      service { "sshd":
        ensure => running,
        hasstatus => true,
        hasrestart =>true,
        enable => true,
        require => Class["ssh::config"],
        }
    }
       
    [root@puppet01 manifests]# ls ../files/sshd_config
    ../files/sshd_config
      
       
    --------------------DNS配置管理--------------------
    [root@puppet ~]# cd /etc/puppet/modules/dns/
    [root@puppet dns]# ls
    files  manifests
    [root@puppet dns]# cd manifests/
    [root@puppet manifests]# ls
    config.pp  init.pp  restart.pp  setup.pp
    [root@puppet manifests]# cat init.pp
    class dns {
      include dns::config
      include dns::setup
      include dns::restart
      }
    [root@puppet manifests]# cat config.pp
    class dns::config {
      file { "/etc/named":
      ensure  => directory,
      source => "puppet:///modules/dns/pro-dns/DNS/etc/named",
      recurse => true,
      }
      
      file { "/var/named":
      ensure  => directory,
      source =>"puppet:///modules/dns/pro-dns/DNS/var/named",
      recurse => true,
      }
    }
      
    [root@puppet manifests]# cat setup.pp
    class dns::setup {
      exec {"Set permissions of etc-named":
      cwd => "/etc",
      command => "/bin/chown -R root.named named",
      path =>["/usr/bin:/usr/sbin:/bin:/sbin"],
      require => Class["dns::config"],
      }
      
      exec {"Set permissions of var-named":
      cwd => "/var",
      command => "/bin/chown -R root.named named && /bin/chown -R named.named named/data/",
      path =>["/usr/bin:/usr/sbin:/bin:/sbin"],
      require => Class["dns::config"],
      }
      
    }
    [root@puppet manifests]# cat restart.pp
    class dns::restart {
      exec {"restart named service":
      command => "service named restart",
      path => ["/usr/bin:/usr/sbin:/bin:/sbin"],
      require => Class["dns::config"],
      }
    }
      
    files目录下存放的是DNS的配置文件和正反向解析文件(可以放到gitlab的pro-dns项目的DNS目录下,通过git clone下载)
    [root@puppet manifests]# cd ../files/
    [root@puppet files]# ls
    pro-dns
    [root@puppet files]# ls pro-dns/DNS/
    etc  var
    [root@puppet files]# ls pro-dns/DNS/etc/named/
    named.conf
    [root@puppet files]# ls pro-dns/DNS/var/named/
    192.168.10.zone  192.168.16.zone  192.168.32.zone  192.168.33.zone  192.168.34.zone  192.168.64.zone  192.168.8.zone  wangshibo.cn
      
      
    --------------------java7安装管理模块--------------------
    [root@puppet01 java7]# cd manifests/
    [root@puppet01 manifests]# ls
    init.pp  install.pp
    [root@puppet01 manifests]# cat init.pp
    class java7 {
      include java7::install
    }
    [root@puppet01 manifests]# cat install.pp
    class java7::install {
      file { "/data/software/java-jdk7_install.sh":                    #文件资源
        source => "puppet:///modules/java7/java-jdk7_install.sh",
        owner => root,
        group => root,
        mode => 0755
        }
       
      exec { "install jdk":                             #命令资源
        cwd => "/data/software",
        command => "/bin/bash java-jdk7_install.sh",
        user => "root",
        group => "root",
        path =>["/usr/bin:/usr/sbin:/bin:/sbin"],
        creates =>"/usr/java/jdk1.7.0_80",                            #当/usr/java/jdk1.7.0_80文件存在时,不执行该命令。只有当不存在时执行!
        require =>File["/data/software/java-jdk7_install.sh"]         #该命令资源执行的前提条件
        }
    }
    [root@puppet01 manifests]# cd ../files/
    [root@puppet01 files]# ll
    total 4
    -rwxr-xr-x 1 root root 756 Jul 29 16:25 java-jdk7_install.sh
    [root@puppet01 files]# cat java-jdk7_install.sh
    #!/bin/bash
       
    /bin/rpm -qa|grep jdk|xargs rpm -e
       
    # install jdk7
    /bin/rpm -ivh  http://yum.wang.com/software/jdk-7u80-linux-x64.rpm
       
    # set env
    NUM=`cat /etc/profile|grep "JAVA_HOME"|wc -l`
    JDK=`cat /etc/profile|grep "JAVA_HOME="|cut -d"=" -f2|awk -F"/" '{print $4}'`
    if [ $NUM -ne 0 ];then
        /bin/sed -i 's#'$JDK'#jdk1.7.0_80#g' /etc/profile
    else
        echo "JAVA_HOME=/usr/java/jdk1.7.0_80" >> /etc/profile
        echo "JAVA_BIN=/usr/java/jdk1.7.0_80/bin" >> /etc/profile
        echo "PATH=/usr/lib64/qt-3.3/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin:/bin" >> /etc/profile
        echo "CLASSPATH=.:/lib/dt.jar:/lib/tools.jar" >> /etc/profile
        echo "export JAVA_HOME JAVA_BIN PATH CLASSPATH" >> /etc/profile
    fi
       
    source /etc/profile
       
       
    --------------------java8安装管理模块--------------------
    [root@puppet01 files]# cd /etc/puppet/modules/java8
    [root@puppet01 java8]# ls
    files  manifests
    [root@puppet01 java8]# cd manifests/
    [root@puppet01 manifests]# ls
    init.pp  install.pp
    [root@puppet01 manifests]# cat init.pp
    class java8 {
      include java8::install
    }
    [root@puppet01 manifests]# cat install.pp
    class java8::install {
      file { "/data/software/java-jdk8_install.sh":
        source => "puppet:///modules/java8/java-jdk8_install.sh",
        owner => root,
        group => root,
        mode => 0755
        }
       
      exec { "install jdk":
        cwd => "/data/software",
        command => "/bin/bash java-jdk8_install.sh",
        user => "root",
        group => "root",
        path =>["/usr/bin:/usr/sbin:/bin:/sbin"],
        creates =>"/usr/java/jdk1.8.0_131",
        require =>File["/data/software/java-jdk8_install.sh"]
        }
    }
    [root@puppet01 manifests]# cat ../files/java-jdk8_install.sh
    #!/bin/bash
       
    /bin/rpm -qa|grep jdk|xargs rpm -e
       
    # install jdk8 jdk7
    /bin/rpm -ivh  http://yum.wang.com/software/jdk-8u131-linux-x64.rpm
       
    # set env
    NUM=`cat /etc/profile|grep "JAVA_HOME"|wc -l`
    JDK=`cat /etc/profile|grep "JAVA_HOME="|cut -d"=" -f2|awk -F"/" '{print $4}'`
    if [ $NUM -ne 0 ];then
        /bin/sed -i 's#'$JDK'#jdk1.8.0_131#g' /etc/profile
    else
        echo "JAVA_HOME=/usr/java/jdk1.8.0_131" >> /etc/profile
        echo "JAVA_BIN=/usr/java/jdk1.8.0_131/bin" >> /etc/profile
        echo "PATH=/usr/lib64/qt-3.3/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin:/bin" >> /etc/profile
        echo "CLASSPATH=.:/lib/dt.jar:/lib/tools.jar" >> /etc/profile
        echo "export JAVA_HOME JAVA_BIN PATH CLASSPATH" >> /etc/profile
    fi
       
    source /etc/profile
       
    --------------------tomcat8安装管理模块--------------------
    [root@puppet01 manifests]# cd /etc/puppet/modules/tomcat8/
    [root@puppet01 tomcat8]# ls
    files  manifests
    [root@puppet01 tomcat8]# cd manifests/
    [root@puppet01 manifests]# ls
    init.pp  install.pp
    [root@puppet01 manifests]# cat init.pp
    class tomcat8 {
      include tomcat8::install
    }
       
    [root@puppet01 manifests]# cat install.pp
    class tomcat8::install {
      file { "/data/software/apache-tomcat-8.5.15.tar.gz":
      source =>"puppet:///modules/tomcat8/apache-tomcat-8.5.15.tar.gz",
      owner => "root",
      group => "root",
      mode => 755
      }
       
      exec {"install tomcat":
      cwd => "/data/software",
      command => "/bin/tar -zvxf apache-tomcat-8.5.15.tar.gz && mv apache-tomcat-8.5.15 /data/tomcat",
      user => "root",
      group => "root",
      path =>["/usr/bin:/usr/sbin:/bin:/sbin"],
      creates => "/data/tomcat",
      require => File["/data/software/apache-tomcat-8.5.15.tar.gz"]
      }
    }
    [root@puppet01 manifests]# ls ../files/
    apache-tomcat-8.5.15.tar.gz
       
    --------------------nginx安装管理模块--------------------
    [root@puppet01 manifests]# cd /etc/puppet/modules/nginx/
    [root@puppet01 nginx]# ls
    files  manifests
    [root@puppet01 nginx]# cd manifests/
    [root@puppet01 manifests]# ls
    init.pp  install.pp
    [root@puppet01 manifests]# cat init.pp
    class nginx {
      include nginx::install
    }
    [root@puppet01 manifests]# cat install.pp
    class nginx::install {
      file { "/data/software/nginx1.10_install.sh":
      source =>"puppet:///modules/nginx/nginx1.10_install.sh",
      owner => "root",
      group => "root",
      mode => 755
      }
       
      exec {"install nginx":
      cwd => "/data/software",
      command => "/bin/bash -x nginx1.10_install.sh",
      user => "root",
      group => "root",
      path =>["/usr/bin:/usr/sbin:/bin:/sbin"],
      creates => "/data/nginx/conf/nginx.conf",
      require => File["/data/software/nginx1.10_install.sh"]
      }
    }
    [root@puppet01 manifests]# cat ../files/nginx1.10_install.sh
    #!/bin/bash
    #基础环境准备
    /usr/sbin/groupadd -r nginx
    /usr/sbin/useradd -r -g nginx -s /bin/false -M nginx
    /usr/bin/yum install -y pcre pcre-devel openssl openssl-devel gcc
       
    #编译安装nginx1.10
    cd /data/software/
    /usr/bin/wget http://yum.wang.com/software/nginx-1.10.3.tar.gz
    /bin/tar -zvxf nginx-1.10.3.tar.gz
    cd nginx-1.10.3
    ./configure --prefix=/data/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_flv_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre
    make && make install
       
    #配置nginx
    cp /data/nginx/conf/nginx.conf /data/nginx/conf/nginx.conf.bak
    > /data/nginx/conf/nginx.conf
       
    cat > /data/nginx/conf/nginx.conf << EOF
    user  nobody;
    worker_processes  8;
        
    #error_log logs/error.log;
    #error_log logs/error.log notice;
    #error_log logs/error.log info;
        
    events {
        worker_connections  65535;
    }
          
    http {
        server_tokens off;
        include       mime.types;
        default_type  application/octet-stream;
        charset utf-8;
         
        log_format  main  '$http_x_forwarded_for $remote_addr $remote_user [$time_local] "$request" '
                          '$status $body_bytes_sent "$http_referer" '
                          '"$http_user_agent" "$http_cookie" $host $request_time';
        sendfile       on;
        tcp_nopush     on;
        tcp_nodelay    on;
        keepalive_timeout  65;
         
         
        fastcgi_connect_timeout 3000;
        fastcgi_send_timeout 3000;
        fastcgi_read_timeout 3000;
        fastcgi_buffer_size 256k;
        fastcgi_buffers 8 256k;
        fastcgi_busy_buffers_size 256k;
        fastcgi_temp_file_write_size 256k;
        fastcgi_intercept_errors on;
          
             
        client_header_timeout 600s;
        client_body_timeout 600s;
          
        client_max_body_size 100m;  
        client_body_buffer_size 256k;     
       ## support more than 15 test environments    server_names_hash_max_size 512;    server_names_hash_bucket_size 128;
        gzip  on;
        gzip_min_length  1k;
        gzip_buffers     4 16k;
        gzip_http_version 1.1;
        gzip_comp_level 9;
        gzip_types       text/plain application/x-javascript text/css application/xml text/javascript application/x-httpd-php;
        gzip_vary on;
          
         
        include vhosts/*.conf;
    }
    EOF
       
    /bin/mkdir /data/nginx/conf/vhosts
       
    cat > /data/nginx/conf/vhosts/test.conf << EOF
    server {
        listen       80;
        server_name  localhost;
        access_log  logs/access.log;
        error_log   logs/error.log;
       
     location / {
       root html;
       index index.php index.html index.htm;
       }
    }
    EOF
       
    /data/nginx/sbin/nginx
       
       
    --------------------motd文件管理模块--------------------
    [root@puppet01 manifests]# cd /etc/puppet/modules/motd/
    [root@puppet01 motd]# ls
    files  manifests
    [root@puppet01 motd]# cd manifests/
    [root@puppet01 manifests]# ls
    config.pp  init.pp  install.pp
    [root@puppet01 manifests]# cat init.pp
    class motd {
      include motd::config
      include motd::install
      }
    [root@puppet01 manifests]# cat install.pp
    class motd::install {
      package{'setup':
      ensure => present,
      }
    }
    [root@puppet01 manifests]# cat config.pp
    class motd::config {
      file { "/etc/motd":
        ensure => present,
        owner => "root",
        group => "root",
        mode => 0644,
        source => "puppet:///modules/motd/motd",
        require => Class["motd::install"],
        }
    }
    [root@puppet01 manifests]# ls ../files/motd
    ../files/motd
       
    --------------------dns文件管理模块--------------------
    [root@puppet01 manifests]# cd /etc/puppet/modules/dns/
    [root@puppet01 dns]# ls
    files  manifests
    [root@puppet01 dns]# cd manifests/
    [root@puppet01 manifests]# ls
    config.pp  init.pp
    [root@puppet01 manifests]# cat init.pp
    class dns {
      include dns::config
      }
    [root@puppet01 manifests]# cat config.pp
    class dns::config {
      file { "/etc/resolv.conf":
        ensure => present,
        owner => "root",
        group => "root",
        mode => 0644,
        source => "puppet:///modules/dns/resolv.conf",
        }
    }
    [root@puppet01 manifests]# cat ../files/resolv.conf
    search wang.com
    nameserver 192.168.1.27
    nameserver 192.168.1.28
       
    --------------------chrony时间同步文件管理模块--------------------
    [root@puppet01 manifests]# cd /etc/puppet/modules/chrony/
    [root@puppet01 chrony]# ls
    files  manifests
    [root@puppet01 chrony]# cd manifests/
    [root@puppet01 manifests]# ls
    init.pp  install.pp
    [root@puppet01 manifests]# cat init.pp
    class chrony {
      include chrony::install
      }
    [root@puppet01 manifests]# cat install.pp
    class chrony::install {
      file { "/data/software/chrony.sh":
      source =>"puppet:///modules/chrony/chrony.sh",
      owner => "root",
      group => "root",
      mode => 755
      }
       
      exec {"install chrony":
      cwd => "/data/software",
      command => "/bin/bash -x chrony.sh",
      user => "root",
      group => "root",
      path =>["/usr/bin:/usr/sbin:/bin:/sbin"],
      creates => "/etc/chrony.conf",
      require => File["/data/software/chrony.sh"]
      }
    }
    [root@puppet01 manifests]# cat ../files/chrony.sh
    #!/bin/bash
    /etc/init.d/ntpd stop
    /usr/bin/yum install chrony -y
    cp /etc/chrony.conf /etc/chrony.conf.bak
    rm -f /etc/chrony.conf
    wget http://yum.wang.com/software/chrony.conf
    cp -f chrony.conf /etc/
    /etc/init.d/chronyd start
    /usr/bin/chronyc sources -v
       
    --------------------yum文件管理模块--------------------
    [root@puppet01 manifests]# cd /etc/puppet/modules/yum/
    [root@puppet01 yum]# ls
    files  manifests
    [root@puppet01 yum]# cd manifests/
    [root@puppet01 manifests]# ls
    config.pp  init.pp
    [root@puppet01 manifests]# cat init.pp
    class yum {
      include yum::config
      }
    [root@puppet01 manifests]# cat config.pp
    class yum::config {
      file { "/data/software/yum.sh":
        source => "puppet:///modules/yum/yum.sh",
        owner => "root",
        group => "root",
        mode => 0755,
        }
       
      exec { "set yum":
        cwd => "/data/software",
        command => "/bin/bash yum.sh",
        user => "root",
        group => "root",
        path =>["/usr/bin:/usr/sbin:/bin:/sbin"],
        unless => "grep mirrors.wang.com /etc/yum.repos.d/CentOS-Base.repo",           #当这个结果为假的时候才执行这个命令。如果结果为真,就停止执行这个命令。
        require =>File["/data/software/yum.sh"]
        }
    }
       
    [root@puppet01 manifests]# cat ../files/yum.sh
    #!/bin/bash
       
    rm -f  /etc/yum.repos.d/*.repo
        
    wget http://yum.wang.com/software/CentOS-Base.repo -O /etc/yum.repos.d/CentOS-Base.repo
    wget http://yum.wang.com/software/epel.repo    -O /etc/yum.repos.d/epel.repo
    #wget http://yum.wang.com/software/mongodb.repo
       
    yum clean all
    yum makecache
     
    --------------------resolv文件管理模块--------------------
    [root@puppet ~]# ls /etc/puppet/modules/
    chrony  dns  java7  java8  motd  nginx  postfix  resolv  ssh  sudo  tomcat8  yum
    [root@puppet ~]# cd /etc/puppet/modules/resolv/manifests/
    [root@puppet manifests]# ls
    config.pp  init.pp
    [root@puppet manifests]# cat init.pp
    class resolv {
      include resolv::config
      }
    class resolv01 {
      include resolv::dns01
      }
    class resolv02 {
      include resolv::dns02
      }
    [root@puppet manifests]# cat config.pp
    class resolv::config {
      file { "/etc/resolv.conf":
        source => "puppet:///modules/resolv/resolv.conf",
        ensure => "present",
        owner  => "root",
        group  => "root",
        mode   => 0644,
        }
    }
     
    [root@puppet manifests]# cat ../files/resolv.conf
    search wang.com
    nameserver 192.168.1.27
    nameserver 192.168.1.28
    options timeout:1
    options attempts:1
       
    --------------------postfix安装管理模块--------------------
    [root@puppet01 manifests]# cd /etc/puppet/modules/postfix/
    [root@puppet01 postfix]# ls manifests/
    config.pp  init.pp  install.pp  service.pp
    [root@puppet01 postfix]# ls files/
    master.cf
    [root@puppet01 postfix]# ls templates/
    main.cf.erb
    [root@puppet01 postfix]# cat manifests/init.pp
    class postfix {
      include postfix::install
      include postfix::config
      include postfix::service
    }
    [root@puppet01 postfix]# cat manifests/install.pp
    class postfix::install {
      package { ["postfix","mailx" ]:
        ensure => present,
      }
    }
    [root@puppet01 postfix]# cat manifests/config.pp
    class postfix::config {
      File {
        owner => 'postfix',
        group => 'postfix',
        mode => 0644,
        }
       
      file {'/etc/postfix/master.cf':
        ensure => present,
        source => 'puppet:///modules/postfix/master.cf',
        require => Class['postfix::install'],
        notify => Class['postfix::service'],
        }
       
      file {'/etc/postfix/main.cf':
        ensure => present,
        content => template('postfix/main.cf.erb'),
        require => Class['postfix::install'],
        notify => Class['postfix::service'],
        }
    }
    [root@puppet01 postfix]# cat manifests/service.pp
    class postfix::service {
      service { 'postfix':
        ensure     => running,
        hasstatus  => true,
        hasrestart => true,
        enable     => true,
        require    => Class['postfix::config'],
        }
    }
       
    [root@puppet01 postfix]# cat templates/main.cf.erb
    soft_bounce = no
    command_directory = /usr/sbin
    daemon_directory = /usr/libexec/postfix
    mail_owner = postfix
    myhostname = <%= @hostname %>               
    mydomain = <%= @domain %>
    myorigin = $mydomain
    mydestination = $myhostname,localhost.$mydomain,localhost,$mydomain
    unknown_local_recipient_reject_code = 550
    relay_domains = $mydestination
    smtpd_reject_unlisted_recipient = yes
    unverified_recipient_reject_code = 500
    smtpd_banner = $myhostname ESMTP
    setgid_group = postdrop
       
    [root@puppet01 postfix]# ls files/master.cf
    files/master.cf
       
    #注意:模板里的变量通过ERB语法从Facter的fact中获取值。fact的名称放在有<%=和%>组成的ERB括号里,在Puppet运行时,它们将被替代为Fact的实际值(即agent端的实际值)。
       
    --------------------------------------------------------------------------------------------------
       
    然后在/etc/puppet/manifests/site.pp清单文件中引用这些类:
    [root@puppet manifests]# cat /etc/puppet/manifests/site.pp
    class base {
      include chrony
      include java8
      include tomcat8
      include nginx
      include yum
      include resolv
      }
     
    node 'puppet02.bkjk.cn' {
      include dns
      include yum
      }
     
    node 'dns01' {
      #include dns
      include yum
      include ssh
      include resolv
      }
     
    node 'dns02' {
      #include dns
      include yum
      include ssh
      include resolv
      }
     
    node 'mirrors' {
      include yum
      include ssh
      include resolv
      }
     
    上面的dns01、dns02、mirrors都是通过内网DNS解析的。
    [root@puppet manifests]# ping mirrors
    PING mirrors.wang.com (192.168.1.240) 56(84) bytes of data.
    64 bytes from yum.wang.com (192.168.1.240): icmp_seq=1 ttl=64 time=0.889 ms
    ......
       
    --------------------------------------------------------------------------------------------------
       
    最后在puppet agent端连接puppet master,进行应用同步管理。
    [root@puppet02 ~]# puppet agent --test --server=puppet01.wang.com
    Notice: Ignoring --listen on onetime run
    Info: Retrieving pluginfacts
    Info: Retrieving plugin
    Info: Caching catalog for puppet02.wang.com
    Info: Applying configuration version '1501429243'
    Notice: /Stage[main]/Chrony::Install/File[/data/software/chrony.sh]/ensure: defined content as '{md5}fe7f9787a7cae33ed0e00c26f880b145'
    Notice: /Stage[main]/Chrony::Install/Exec[install chrony]/returns: executed successfully
    ........
       
    执行成功后,在puppet agent节点机器上进行验证。后续再对这些应用配置进行管理时,只需在puppet master进行维护操作,puppet agent端会自动进行同步管理的。
    
    ------------------------------------------------------------------------------------------------------
    [root@puppet dns]# puppet agent -t       #puppet服务端测试连接
    [root@puppet dns]# puppet agent --help
    
    配置说明:
    class source::exec2{
      exec { "install nginx":
        cwd       =>"/tmp/rhel5/nginx",  #目录存在的情况下执行command
        command   =>"tar -zxvf nginx-0.8.42.tar.gz && cd nginx-0.8.42 &&./configure --user=nginx --group=nginx --prefix=/usr/local/nginx --without-http-cache && make&&make install",  
        path      => ["/usr/bin","/usr/sbin","/bin","/sbin"],
        logoutput => on_failure,  
        unless    => "/bin/ls /usr/local/nginx/conf",        #命令返回值不为0的情况下执行commond
        require   => Class[source::file1,source::user]
        notify    => Class["source::exec3"],
      }
    
    [root@puppet dns]# /bin/ls /data/nginx/conf/nginx.conf
    /data/nginx/conf/nginx.conf
    [root@puppet dns]# echo $?
    0
  • 相关阅读:
    斗鱼扩展--localStorage备份与导出(九)
    斗鱼扩展--管理移除房间(八)
    斗鱼扩展--让你看到更多内容(七)
    Ubuntu18.04 安装水星1300M无线网卡
    Course1_Week1_ProgrammingHomeWork
    找出3个数中不为-1的最小数
    马拉车算法
    偏差-方差分解
    决策树如何防止过拟合
    可视化数据集两个类别变量的关系
  • 原文地址:https://www.cnblogs.com/kevingrace/p/5740963.html
Copyright © 2020-2023  润新知