puppet package资源详解

yum源配置

1. wget http://ftp.kaist.ac.kr/fedora//epel/6/i386/epel-release-6-8.noarch.rpm
2. yum list | grep puppet`  //测试yum源配置有没有问题

NTP时间服务器配置

 vi /etc/ntp.conf
-----------------------
driftfile /var/lib/ntp/drift
Broadcastdelay 0.008
logfile /var/log/ntp.log
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
restrict 127.0.0.1
restrict -6 ::1

restrict 172.16.1.0 mask 255.255.0.0 nomodify notrap

server 127.127.1.0
fudge 127.127.1.0 stratum 10 refid NIST
includefile /etc/ntp/crypto/pw
keys /etc/ntp/keys

启动ntpd服务并加入开机启动

service ntpd start
chkconfig ntpd on

过几分钟之后客户端进行测试

1. service ntpd start
2. ntpdate 172.16.1.1 #这个IP地址是你时间服务器的IP地址

puppetmaster的安装

yum install -y puppetmaster puppet facter #系统会自己安装ruby环境,因为puppet是用ruby写的所以需要ruby环境的支持

配置puppet.conf

vim /etc/puppet/puppet.conf

[main]
logdir = /var/log/puppet  #默认日志存放路径
rundir = /var/run/puppet  #pid存放路径
ssldir = $vardir/ssl #证书存放目录,默认$vardir为/var/lib/puppet
[agent]
classfile = $vardir/classes.txt
localconfig = $vardir/localconfig
server = puppetmaster.kisspuppet.com #设置agent认证连接master端的服务器名称,注意这个名字必须能够被节点解析
certname = puppetmaster_cert.kisspuppet.com #设置agent端certname名称
[master]
certname = puppetmaster.kisspuppet.com  puppetmaster.kisspuppet.com #设置puppetmaster认证服务器名

创建site.pp文件

touch /etc/puppet/manifests/site.pp

启动puppetmaster服务

1. /etc/init.d/puppetmaster start
2. chkconfig puppetmaster on

查看证书的生成情况 因为第一次启动会自动生成证书自动注册自己

tree /var/lib/puppet/ssl

/var/lib/puppet/ssl/
├── ca
│   ├── ca_crl.pem
│   ├── ca_crt.pem
│   ├── ca_key.pem
│   ├── ca_pub.pem
│   ├── inventory.txt
│   ├── private
│   │   └── ca.pass
│   ├── requests
│   ├── serial
│   └── signed
│       └── puppetmaster.kisspuppet.com.pem  #已注册
├── certificate_requests
├── certs
│   ├── ca.pem
│   └── puppetmaster.kisspuppet.com.pem
├── crl.pem
├── private
├── private_keys
│   └── puppetmaster.kisspuppet.com.pem
└── public_keys
└── puppetmaster.kisspuppet.com.pem

列出已经注册成功的证书

puppet cert --list --all  #带+标示已经注册成功

puppetagent安装

yum install puppet facter

配置puppet.conf

vim /etc/puppet/puppet.conf

[main]
logdir = /var/log/puppet
rundir = /var/run/puppet
ssldir = $vardir/ssl

[agent]
classfile = $vardir/classes.txt
localconfig = $vardir/localconfig
server = puppetmaster.kisspuppet.com  #指向puppetmaster端
certname = agent1_cert.kisspuppet.com #设置自己的certname名

通过调试模式启动节点向Puppetmaster端发起认证

puppet agent --test

info: Creating a new SSL key for agent1_cert.kisspuppet.com
info: Caching certificate for ca
info: Creating a new SSL certificate request for agent1_cert.kisspuppet.com
info: Certificate Request fingerprint (md5): 69:D2:86:E4:7F:00:E0:55:61:19:02:34:9E:9B:AF:F9
Exiting; no certificate found and waitforcert is disabled

服务器端确定认证

 [[email protected] ~]#puppet cert --list --all
 "agent1_cert.kisspuppet.com"  (69:D2:86:E4:7F:00:E0:55:61:19:02:34:9E:9B:AF:F9) #未认证
+ "puppetmaster.kisspuppet.com" (C0:E3:6B:76:36:EC:92:93:4D:BF:F0:8F:77:00:91:C8) (alt names: "DNS:puppet", "DNS:puppet.kisspuppet.com", "DNS:puppetmaster.kisspuppet.com")

注册client1

[[email protected]ter ~]#puppet cert --sign agent1_cert.kisspuppet.com #注册agent1
notice: Signed certificate request for agent1_cert.kisspuppet.com
notice: Removing file Puppet::SSL::CertificateRequest agent1_cert.kisspuppet.com at ‘/var/lib/puppet/ssl/ca/requests/agent1_cert.kisspuppet.com.pem‘

再次查看认证情况

[[email protected] ~]# puppet cert --list --all
+ "agent1_cert.kisspuppet.com"  (3E:46:4E:75:34:9A:5A:62:A6:3C:AE:BD:49:EE:C0:F5)
+ "puppetmaster.kisspuppet.com" (C0:E3:6B:76:36:EC:92:93:4D:BF:F0:8F:77:00:91:C8) (alt names: "DNS:puppet", "DNS:puppet.kisspuppet.com", "DNS:puppetmaster.kisspuppet.com")

client2和client3和client1一样都需要编辑本配置文件并启动服务

其它节点一起认证

[[email protected] ~]# puppet agent --test #puppetmaster自己申请agent认证
info: Creating a new SSL key for puppetmaster_cert.kisspuppet.com
info: Creating a new SSL certificate request for puppetmaster_cert.kisspuppet.com
info: Certificate Request fingerprint (md5): 7D:AC:F7:97:04:2B:E4:C5:74:4A:16:05:DB:F6:6A:98
Exiting; no certificate found and waitforcert is disabled

[[email protected] ~]# puppet cert --sign --all #注册所有请求的节点
notice: Signed certificate request for puppetmaster_cert.kisspuppet.com
notice: Removing file Puppet::SSL::CertificateRequest puppetmaster_cert.kisspuppet.com at ‘/var/lib/puppet/ssl/ca/requests/puppetmaster_cert.kisspuppet.com.pem‘
notice: Signed certificate request for agent2_cert.kisspuppet.com
notice: Removing file Puppet::SSL::CertificateRequest agent2_cert.kisspuppet.com at ‘/var/lib/puppet/ssl/ca/requests/agent2_cert.kisspuppet.com.pem‘
notice: Signed certificate request for agent3_cert.kisspuppet.com
notice: Removing file Puppet::SSL::CertificateRequest agent3_cert.kisspuppet.com at ‘/var/lib/puppet/ssl/ca/requests/agent3_cert.kisspuppet.com.pem‘

[[email protected] ~]# puppet cert --list --all #查看所有节点认证
+ "agent1_cert.kisspuppet.com"       (3E:46:4E:75:34:9A:5A:62:A6:3C:AE:BD:49:EE:C0:F5)
+ "agent2_cert.kisspuppet.com"       (A0:CE:70:BE:A9:11:BF:F4:C8:EF:25:8E:C2:2C:3B:B7)
+ "agent3_cert.kisspuppet.com"       (98:93:F7:0C:ED:94:81:3D:51:14:86:68:2B:F3:F1:A0)
+ "puppetmaster.kisspuppet.com"      (C0:E3:6B:76:36:EC:92:93:4D:BF:F0:8F:77:00:91:C8) (alt names: "DNS:puppet", "DNS:puppet.kisspuppet.com", "DNS:puppetmaster.kisspuppet.com")
+ "puppetmaster_cert.kisspuppet.com" (57:A3:D7:3D:64:2F:D6:FD:BC:2A:6C:79:68:73:EA:AB)

编写简单的motd模块

创建模块目录结构 注意:再未指定modulepath搜索路径的情况下,会有默认搜索路径的,可通过以下方式查看到

[[email protected] ~]# puppet master --genconfig >/etc/puppet/puppet.conf.out
[[email protected] ~]# cat /etc/puppet/puppet.conf.out | grep modulepath
    modulepath = /etc/puppet/modules:/usr/share/puppet/modules

[[email protected] modules]# tree /etc/puppet/modules/
/etc/puppet/modules/
└── motd
    ├── files  #存放文件目录
    │   └── etc
    │       └── motd
    ├── manifests  #存放模块pp配置文件目录
    │   └── init.pp
    └── templates #存放模板目录

5 directories, 2 files

编写pp文件

[[email protected] modules]# vim motd/manifests/init.pp
class motd{                 #定义一个类叫motd
  package{ ‘setup‘:    #定义package资源
    ensure => present,  #要求setup这个包处于被安装状态
  }
  file{ ‘/etc/motd‘:  #定义file资源
    ensure  => present,  #要求file文件处于存在状态
    owner   => ‘root‘, #要求file文件属主为root
    group   => ‘root‘, #要求file文件属组为root
    mode    => ‘0644‘, #要求file文件权限为644
    source  => "puppet://$puppetserver/modules/motd/etc/motd", #要求file文件从puppetmaster端服务器下载
    require => Package[‘setup‘], #要求文件被配置之前先执行package资源
  }
}

[[email protected] modules]# cat motd/files/etc/motd
--                       --
--------puppet test---------
--                       --

编写site.pp文件

[[email protected] ~]# vim /etc/puppet/manifests/site.pp 

$puppetserver = ‘puppetmaster.kisspuppet.com‘ #设置全局变量
node ‘puppetmaster_cert.kisspuppet.com‘{
  include  motd
}
node ‘agent1_cert.kisspuppet.com‘{
  include  motd
}

node ‘agent2_cert.kisspuppet.com‘{
  include  motd
}

node ‘agent3_cert.kisspuppet.com‘{
  include  motd
}

测试motd模块

[[email protected] ~]# puppet agent --test  #测试节点agent1
info: Caching catalog for agent1_cert.kisspuppet.com
info: Applying configuration version ‘1394304542‘
notice: /Stage[main]/Motd/File[/etc/motd]/content:
--- /etc/motd    2000-01-13 07:18:52.000000000 +0800
+++ /tmp/puppet-file20140309-4571-1vqc18j-0    2014-03-09 02:51:47.000000000 +0800
@@ -0,0 +1,3 @@
+--                       --
+--------puppet test---------
+--                       --

info: FileBucket adding {md5}d41d8cd98f00b204e9800998ecf8427e
info: /Stage[main]/Motd/File[/etc/motd]: Filebucketed /etc/motd to puppet with sum d41d8cd98f00b204e9800998ecf8427e
notice: /Stage[main]/Motd/File[/etc/motd]/content: content changed ‘{md5}d41d8cd98f00b204e9800998ecf8427e‘ to ‘{md5}87ea3a1af8650395038472457cc7f2b1‘
notice: Finished catalog run in 0.40 seconds

[[email protected] ~]# cat /etc/motd
--                       --
--------puppet test---------
--                       --
[[email protected] ~]# 

[[email protected] ~]# puppet agent -t  #测试节点puppetmaster
info: Caching catalog for puppetmaster_cert.kisspuppet.com
info: Applying configuration version ‘1394305371‘
notice: /Stage[main]/Motd/File[/etc/motd]/content:
--- /etc/motd    2010-01-12 21:28:22.000000000 +0800
+++ /tmp/puppet-file20140309-3102-1gadon0-0    2014-03-09 03:02:51.966998294 +0800
@@ -0,0 +1,3 @@
+--                       --
+--------puppet test---------
+--                       --

info: FileBucket adding {md5}d41d8cd98f00b204e9800998ecf8427e
info: /Stage[main]/Motd/File[/etc/motd]: Filebucketed /etc/motd to puppet with sum d41d8cd98f00b204e9800998ecf8427e
notice: /Stage[main]/Motd/File[/etc/motd]/content: content changed ‘{md5}d41d8cd98f00b204e9800998ecf8427e‘ to ‘{md5}87ea3a1af8650395038472457cc7f2b1‘
info: Creating state file /var/lib/puppet/state/state.yaml
notice: Finished catalog run in 0.52 seconds
[[email protected] ~]# cat /etc/motd
--                       --
--------puppet test---------
--                       --

转载自:https://kisspuppet.gitbooks.io/puppet/content/puppetlearningbase3.html

时间: 2024-10-10 14:43:53

puppet package资源详解的相关文章

puppet进阶指南——package资源详解

package资源 package资源可以借助本地包管理系统帮助我们安装软件,也可以通过参数指定软件包来安装. 1.package资源常用属性 package {'资源标题': allowcdrom description ensure provider source } ◆ allowcdrom:通知apt允许使用cdrom作为软件源,可以设置false或者true. ◆ description:描述软件包. ◆ ensure:设置软件包的安装状态,可以设定的值有present|install

puppet file资源详解

yum源配置 1. wget http://ftp.kaist.ac.kr/fedora//epel/6/i386/epel-release-6-8.noarch.rpm 2. yum list | grep puppet` //测试yum源配置有没有问题 NTP时间服务器配置 vi /etc/ntp.conf ----------------------- driftfile /var/lib/ntp/drift Broadcastdelay 0.008 logfile /var/log/nt

45 puppet基础、资源详解、配置语言、puppet类与模板及模块

01 puppet基础 配置: node1:192.168.1.131 CentOS7.2 node2:192.168.1.132 CentOS7.2 [[email protected] ~]# rpm -ivh epel-release-latest-7.noarch.rpm [[email protected] ~]# yum list all | grep -i "puppet" puppet.noarch                           3.6.2-3.e

Spring的资源详解

一.Spring的资源详解 1.1引言 在日常程序开发中,处理外部资源是很繁琐的事情,我们可能需要处理URL资源.File资源.ClassPath相关资源.服务器相关资源等等很多资源.因此处理这些资源需要使用不同的接口,这就增加了我们系统的复杂性:而且处理这些资源步骤都是类似的(打开资源.读取资源.关闭资源),因此如果能抽象出一个统一的接口来对这些底层资源进行统一访问,是不是很方便,而且使我们系统更加简洁,都是对不同的底层资源使用同一个接口进行访问. Spring提供一个Resource接口来统

Android关键资源详解

Android层次结构中,资源扮演着重要的角色,资源是绑定到可执行程序的文件(例如音乐文件)或值(例如对话框标题).常用的资源实例包括字符串.颜色.布局文件等.例如不需要将字符串硬编码到应用程序中,可以使用它们的ID,这种间接性使你无需要改变源代码就能够更改字符串资源的文本. Android中主要通过两种文件类型来支持资源:XML文件和原始文件(包括图像.音频和视频).甚至在XML文件内部有时也能看到资源被定义为XML文件内部的值(如字符串),有时XML文件整体就是一个资源(如布局资源). XM

Kubernetes-Ingress资源详解

什么是Ingress #阿里云称之为ingress路由!在 Kubernetes 集群中,主要用于接入外部请求到k8s内部,Ingress是授权入站连接到达集群服务的规则集合,为您提供七层负载均衡能力.您可以给 Ingress 配置提供外部可访问的 URL.负载均衡.SSL.基于名称的虚拟主机等.git地址:https://github.com/kubernetes/Ingress-nginx Service缺点 #定义service以后,尤其是NodePort集群访问,需要经过2级转换调度,而

puppet进阶指南——exec资源详解

exec资源 exec资源的功能是调用linux系统命令,完成系统管理的基础操作. 1.exec资源常用属性 exec {'资源标题': command creates cwd environment group logoutput onlyif path refresh refreshonly returns timeout tries try_sleep user provider } ◆ command:指定要执行的系统命令. ◆ creates:指定命令所生成的文件.如果提供了这个参数,

puppet进阶指南——filebucket资源详解

filebucket资源及案例 filebucket主要用于文件的备份与恢复 filebucket {'资源标题': name path port server } ◆ name:filebucket的名字. ◆ path:服务器备份数据路径. ◆ port:备份服务器端口. ◆ server:备份服务器的域名. 这里继续file资源的案例,再次编写/etc/puppet/manifests/site.pp文件 node default { filebucket {'main': server

puppet进阶指南——host资源详解

host资源简介 host资源主要用来管理操作系统的hosts功能,hosts是一个没有扩展名的系统文件,基本作用就是将一些常用的域名与其对应的IP地址建立一个关联的数据库. 1.host资源常用属性 host {'资源标题': host_aliases ensure ip name qtarget } ◆ host_aliases:主机能有任意别名. ◆ ensure:确定该主机是否启用,present即启用,absent即关闭. ◆ ip:主机的IP地址,支持IPV4和IPV6. ◆ nam