puppet笔记

简介：

• puppet是一种Linux、Unix平台的集中配置管理系统，使用ruby语言，可管理配置文件、用户、cron任务、软件包、系统服务等。puppet把这些系统实体称之为资源，puppet的设计目标是简化对这些资源的管理 以及妥善处理资源间的依赖关系
• Puppet是一个C/S架构的配置管理工具，在中央服务器上安装puppet-server软件包（被称作Puppet master）。在需要管理的目标主机上安装puppet客户端软件（被称作Puppet Client）。当客户端连接上Puppet master后，定义在Puppet master上的配置文件会被编译，然后在客户端上运行。每个客户端默认每半个小时和服务器进行一次通信，确认配置信息的更新情况。如果有新的配置信息或者配置信息已经改变，配置将会被重新编译并发布到各客户端执行。也可以在服务器上主动触发一个配置信息的更新，强制各客户端进行配置。如果客户端的配置信息被改变了，它可以从服务器获得原始配置进行校正。

[yongsan@yz141 puppet]$ tree
.
|-- auth.conf
|-- files
| |-- nagios
| | |-- README
| | `-- nrpe.cfg
| |-- rsync94_98
| | `-- rsyncd.conf_yz_94-98
| `-- scribe
| |-- README
| |-- central_scribe.conf_scribe06
| |-- central_scribe.conf_yt
| |-- central_scribe.conf_yt_intra
| |-- run_scribe_zhj.sh
| |-- scribe.server.conf_zhj
| `-- scribe_zhj.list
|-- fileserver.conf
|-- manifests
| |-- backup
| | |-- README

一‘环境
系统版本：
centos5.x(x86_64)
软件版本“
facter-1.5.8.tar.gz
puppet-2.6.1.tar.gz

二：安装配置
=====start puppet master=====
1.避免影响
/etc/init.d/iptables stop
#时间同步--重要
/usr/sbin/ntpdate pool.ntp.org
2.ruby环境
yum -y install ruby
3.创建puppet组合用户
useradd -s /sbin/nologin puppet

[root@yz6245 ~]# hostname
yz6245.hadoop.data.sina.com.cn
[root@yz3110 ~]# hostname
yz3110.hadoop.data.sina.com.cn
4.设置hosts
echo "10.39.3.110 yz3110.hadoop.data.sina.com.cn" >> /etc/hosts
echo "10.39.6.245 yz6245.hadoop.data.sina.com.cn" >> /etc/hosts
5,安装facter和puppet
[root@yz3110 ~]# wget https://downloads.puppetlabs.com/puppet/puppet-3.1.0.tar.gz
[root@yz3110 ~]# wget http://downloads.puppetlabs.com/facter/facter-1.6.17.tar.gz
[root@yz3110 puppet]# wget https://downloads.puppetlabs.com/puppet/puppet-2.7.10.tar.gz

[root@yz3110 puppet]# tar zxvf facter-1.6.17.tar.gz
[root@yz3110 puppet]# cd facter-1.6.17
[root@yz3110 facter-1.6.17]# ruby install.rb

#check factor
[root@yz3110 facter-1.6.17]# facter

[root@yz3110 puppet]# tar zxvf puppet-3.1.0.tar.gz
[root@yz3110 puppet]# cd puppet-3.1.0
[root@yz3110 puppet-3.1.0]# mkdir -p /etc/puppet
[root@yz3110 conf]# cp redhat/* /etc/puppet/
[root@yz3110 conf]# cp auth.conf /etc/puppet/
[root@yz3110 conf]# cp /etc/puppet/server.init /etc/init.d/puppetmaster
[root@yz3110 conf]# chkconfig --add puppetmaster
[root@yz3110 conf]# chkconfig --level 35 puppetmaster on
[root@master conf]# mkdir -p /etc/puppet/manifests
#启动puppet master
[root@master puppet-2.7.10]# /etc/init.d/puppetmaster start
Starting puppetmaster: /bin/bash: /usr/sbin/puppetmasterd: No such file or directory
[FAILED]
[root@master puppet-2.7.10]# cp sbin/puppetmasterd /usr/sbin/
[root@master puppet-2.7.10]# /etc/init.d/puppetmaster start
Starting puppetmaster: [ OK ]

#check 8140端口
netstat -lnt

#===master end=====

#=====agetn start====
授权
telnet master 8140

agent#puppet --test --server master.test.com

[yongsan@yz141 ~]$ sudo puppetca -l
"genneralwiki.localdomain" (A8:6B:67:6A:34:77:22:DC:94:22:63:36:6D:C4:2F:0C)

[yongsan@yz141 ~]$puppet -s genneralwiki.localdomain

agent#puppet --test --server master.test.com

重新授权
agent端
cd /var/lib/puppet/
rm -fr ssl
master端
cd /var/lib/puppet/ssl/ca/signed
rm -f agent.test.com.pem

[root@yz141 puppet]# ls /var/lib/puppet/yaml/node/

常见问题：

[root@yz6205 puppet]# puppetd --test --server yz6245.hadoop.data.sina.com.cn
info: Creating a new SSL key for yz6205.hadoop.data.sina.com.cn
warning: peer certificate won't be verified in this SSL session
info: Caching certificate for ca
warning: peer certificate won't be verified in this SSL session
info: Caching certificate for yz6205.hadoop.data.sina.com.cn
err: Could not request certificate: The certificate retrieved from the master does not match the agent's private key.
Certificate fingerprint: EB:28:80:42:A8:DC:D3:BD:36:9C:02:81:54:CA:FE:96
To fix this, remove the certificate from both the master and the agent and then start a puppet run, which will automatically regenerate a certficate.
On the master:
puppet cert clean yz6205.hadoop.data.sina.com.cn
On the agent:
rm -f /var/lib/puppet/ssl/certs/yz6205.hadoop.data.sina.com.cn.pem
puppet agent -t

Exiting; failed to retrieve certificate and waitforcert is disabled

解决：

vim /etc/puppet/fileserver.conf
[system_conf]
path /etc/puppet/manifests/
allow *
重启master
[root@yz6245 puppet]# /etc/init.d/puppetmaster restart
Stopping puppetmaster: [ OK ]
Starting puppetmaster: [ OK ]

修改site.pp
file {"/data0/test/scribe/scribe.server.conf":
mode=> 644,
source => "puppet://yz6245.hadoop.data.sina.com.cn/system_conf/scribe/scribe.server.conf",
}

[root@yz6205 scribe]# puppetd --test --server yz6245.hadoop.data.sina.com.cn
完成

查看agent更新时间
[root@yz6245 puppet]# ll /var/lib/puppet/yaml/node/

node'gz-qx-src-149-153-54.sina.cn','bj-yf-149-153-138.sina.com.cn','bj-yf-149-134-97.sina.com.cn','bj-yf-149-134-96.sina.com.cn','bj-ja-src-142-78-195.sina.cn','bj-bx-src-13-0-133.sina.cn','bj-bx-src-13-0-130.sina.cn','bj-bx-src-13-0-80.sina.cn','bj-bx-src-13-0-132.sina.cn','bj-bx-src-13-0-134.sina.cn','bj-ja-src-142-78-197.sina.cn','bj-yf-149-153-137.sina.com.cn','bj-ja-src-142-78-202.sina.cn','bj-bx-src-13-0-135.sina.cn','bj-ja-src-142-78-203.sina.cn','bj-yf-149-153-25.sina.com.cn','bj-ja-30-114-113.sina.com.cn','bj-yf-149-153-214.sina.com.cn','bj-ja-src-142-78-61.sina.cn','bj-xd-src-108-7-97.sina.cn','bj-bx-src-13-0-79.sina.cn','bj-xd-src-108-7-33.sina.cn','bj-xd-src-108-7-32.sina.cn','bj-yf-149-153-215.sina.com.cn','bj-xd-src-108-7-40.sina.cn','gz-qx-src-60-187-21.sina.cn','gz-qx-src-60-187-22.sina.cn','gz-qx-src-60-187-23.sina.cn','gz-qx-src-63-237-192.sina.cn','gz-qx-src-108-216-136.sina.cn','gz-qx-108-216-28-src.sina.com.cn','gz-qx-108-216-29-src.sina.com.cn','gz-qxg-108-216-137.sina.com.cn','gz-qxg-108-216-48.sina.com.cn','gz-qxg-108-216-55.sina.com.cn','gz-qxg-108-216-56.sina.com.cn','gz-sx-src-83-0-137.sina.com.cn','gz-sx-src-83-0-138.sina.com.cn','gz-sx-src-83-0-140.sina.com.cn','gz-sx-src-83-0-139.sina.com.cn','gz-sx-src-83-0-141.sina.com.cn','gz-sx-src-83-0-144.sina.com.cn','gz-sx-83-0-150.sina.com.cn','gz-sx-83-0-148.sina.com.cn','gz-sx-83-0-149.sina.com.cn','gz-sx-83-0-147.sina.com.cn','gz-sx-83-0-146.sina.com.cn','gz-sx-83-0-145.sina.com.cn','gz-sx-src-83-0-154.sina.com.cn','sh-qz-172-207-195.sina.com.cn','gz-sx-src-83-0-155.sina.com.cn','sh-qz-172-207-192.sina.com.cn' {
cron {"remove sima data":
command=>"find /data0/logs/sima -type f -name 'sima_*' -atime -3 -delete > /root/delete.log ",
minute=>"*/10",
hour=>"*",
monthday=> "*",
ensure=> present,
}
}

定义模板：
[yongsan@mis2120 manifests]$ cat site.pp
import "modules.pp"
import "nodes/*.pp"

[yongsan@mis2120 manifests]$ cat modules.pp
import "vm"
#import "freetds"
import "jobclient"

[yongsan@mis2120 nodes]$ cat vm.pp
node 'yz384.hadoop.data.sina.com.cn' {
include vm
include jobclient
}

node 'yz385.hadoop.data.sina.com.cn' {
include vm
include jobclient
}

生成puppet.conf文件
[root@yz6245 puppet]# puppetmasterd --genconfig > puppet.conf

noop参数又称dry run模式，即模拟执行
[root@yz6205 test]# puppetd --test --server yz6245.hadoop.data.sina.com.cn --noop

验证.pp文件语法正确性
[root@yz6245 manifests]# puppet parser validate site.pp

批量检查文件语法的正确性
[root@yz6245 manifests]# find /etc/puppet/ -type f -name "*.pp" |xargs -n 1 puppet parser validate

[root@yz6245 manifests]# puppet kick -p 10 -t test -host yz6205.hadoop.data.sina.com.cn