puppet原理及配置

系统环境RHEL6.5

server 192.168.63.110 ty1.com
client 192.168.63.111 ty2.com

安装

server端 安装puppet-server
client端 安装 puppet
安装时需要解决ruby的依赖性
还有 facter 和 hiera

启动

[root@ty1 ~]# touch /etc/puppet/manifests/site.pp
#site.pp 文件  启动需要 如果没有则无法启动
[root@ty1 ~]# /etc/init.d/puppetmaster start

[root@ty2 ~]# puppet agent --server=ty1.com --no-daemonize --verbose
Info: Creating a new SSL key for ty2.com
Info: Caching certificate for ca
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for ty2.com
Info: Certificate Request fingerprint (SHA256): 5C:C7:94:A9:37:36:D7:42:4A:D8:A9:48:13:5E:C6:A8:64:D0:1B:C6:CC:F0:E0:A3:67:57:C8:A0:75:0B:B3:3D
Info: Caching certificate for ca
#client 向 master 发出证书验证请求，然后等待 master 签名并返回证书

[root@ty1 ~]# puppet cert list
  "ty2.com" (SHA256) 5C:C7:94:A9:37:36:D7:42:4A:D8:A9:48:13:5E:C6:A8:64:D0:1B:C6:CC:F0:E0:A3:67:57:C8:A0:75:0B:B3:3D
[root@ty1 ~]# puppet cert sign ty2.com
Notice: Signed certificate request for ty2.com
Notice: Removing file Puppet::SSL::CertificateRequest ty2.com at '/var/lib/puppet/ssl/ca/requests/ty2.com.pem'
#master端签名证书

Info: Caching certificate_revocation_list for ca
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for ty2.com
Info: Applying configuration version '1470755654'
Info: Creating state file /var/lib/puppet/state/state.yaml
Notice: Finished catalog run in 0.02 seconds
#完成验证

自动验证

[root@ty1 ~]# vim /etc/puppet/puppet.conf 
[main]
autosign = true
[root@ty1 ~]# vim /etc/puppet/autosign.conf
*.com #表示允许所有 com 域的主机
[root@ty1 ~]# /etc/init.d/puppetmaster reload
Stopping puppetmaster:                                     [  OK  ]
Starting puppetmaster:   

资源定义

[root@server1 ~]# mkdir /etc/puppet/files
[root@server1 ~]# cd /etc/puppet/files
[root@server1 ~]# echo "hello world" > /etc/puppet/files/index.html
[root@server1 ~]# vim /etc/puppet/fileserver.conf
@@@@@
43 [files]
44 path /etc/puppet/files
45 allow *
@@@@@

1、 定义创建文件的资源

[root@server1 ~]# cd /etc/puppet/manifests/
[root@server1 manifests]# vim site.pp
@@@@@
1 file {
2 "/var/www/html/index.html":
3 source => "puppet:///files/index.html",
4 mode => 777,
5 owner => puppet
6 }
 ##新建/etc/puppet/manifest/site.pp 文件来定义 puppet 相关的变量和默认配置， 在没有指定节
点的情况下,对所有已经经过验证的 client 都生效。
@@@@@
[root@server1 ~]# /etc/init.d/puppetmaster reload

客户端检测：

[root@ty2 ~]# puppet agent --server=ty1.com --test
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for ty2.com
Info: Applying configuration version '1470768678'
Notice: /Stage[main]/Main/File[/var/www/html/index.html]/ensure: defined content as '{md5}44e5a24c74a1072f39360d8f75919f96'
Notice: Finished catalog run in 0.12 seconds

2、定义软件包和服务的资源

[root@ty1 manifests]# cat site.pp 
package {
    "vsftpd":
     ensure=>preset       #定义安装服务

}

service {
    "vsftpd":
    ensure=>running       #定义运行服务
}

客户端检测：

[root@ty2 ~]# puppet agent --server=ty1.com --test
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for ty2.com
Info: Applying configuration version '1470769575'
Notice: /Stage[main]/Main/Package[vsftpd]/ensure: created
Notice: /Stage[main]/Main/Service[vsftpd]/ensure: ensure changed 'stopped' to 'running'
Info: /Stage[main]/Main/Service[vsftpd]: Unscheduling refresh on Service[vsftpd]
Notice: Finished catalog run in 1.94 seconds
[root@ty2 ~]# /etc/init.d/vsftpd status
vsftpd (pid 2631) is running...

#注：此前这台服务器并没有安装过vsftpd

3、定义创建用户资源

user {
    "tyzz": uid => 900,
    home => "/home/tyzz",
    shell => "/bin/bash",
    provider => useradd,
    managehome => true,
    ensure => present
} 
#注意： 如果不加下面的代码， 该用户密码在/etc/shadow 文件中为明文
exec {
    "echo 123456 | passwd --stdin tyzz":
    path => "/usr/bin:/usr/sbin:/bin",
    onlyif => "id tyzz"
}

4、定义 crontab 任务

[root@ty1 manifests]# cat site.pp
cron {
echo:
command => "/bin/echo `/bin/date` >> /tmp/echo",
user => root,
hour => ['2-4'],
minute => '*/10'
}