mso-bidi-font-family:宋體;mso-bidi-theme-font:minor-fareast">一. Calibri;mso-ascii-theme-font:minor-latin;mso-fareast-font-family:宋體;mso-fareast-theme-font: minor-fareast;mso-hansi-font-family:Calibri;mso-hansi-theme-font:minor-latin">介紹
Puppet是開源的自動化配置和部署工具,與cfengine相比,Puppet的語法更簡單;對管理員屏蔽了底層的具體操作步驟,可以支持多種系統
Linux,freebsd等等,並且Puppet的代碼是可以分享和重用的,避免了重複勞動同時彌補了腳本無法重用的缺陷.
mso-fareast-font-family:宋體;mso-fareast-theme-font:minor-fareast;mso-hansi-font-family: Calibri;mso-hansi-theme-font:minor-latin">工作原理
工作原理如下:
Calibri;mso-ascii-theme-font:minor-latin;mso-fareast-font-family:宋體;mso-fareast-theme-font: minor-fareast;mso-hansi-font-family:Calibri;mso-hansi-theme-font:minor-latin">客戶端
puppetd調用facter,facter探測出主機的變數信息並且將這些信息通過ssl連接發送到伺服器端Calibri;mso-ascii-theme-font:minor-latin;mso-fareast-font-family:宋體;mso-fareast-theme-font: minor-fareast;mso-hansi-font-family:Calibri;mso-hansi-theme-font:minor-latin">伺服器端puppetmaster檢測客戶端的主機名,然後找到manifest中對應的
node配置,進行解析生成偽代碼,並將偽代碼發送給客戶端Calibri;mso-ascii-theme-font:minor-latin;mso-fareast-font-family:宋體;mso-fareast-theme-font: minor-fareast;mso-hansi-font-family:Calibri;mso-hansi-theme-font:minor-latin">客戶端接受到偽代碼並執行,將執行結果返回給伺服器
Calibri;mso-ascii-theme-font:minor-latin;mso-fareast-font-family:宋體;mso-fareast-theme-font: minor-fareast;mso-hansi-font-family:Calibri;mso-hansi-theme-font:minor-latin">伺服器把客戶端的執行結果寫入日誌
Puppet使用的埠:8140,443,
61613 防火牆需要開放這幾個埠mso-fareast-font-family:宋體;mso-fareast-theme-font:minor-fareast;mso-hansi-font-family: Calibri;mso-hansi-theme-font:minor-latin">測試環境搭建
測試環境列表:
Client1.centos | 192.168.2.101 |
Client2.centos | 192.168.2.102 |
Client3.freebsd | 192.168.2.99 |
Master.puppet | 192.168.2.98 |
Puppet需要和DNS結合,這裡測試是寫
hosts文件伺服器端安裝puppet-server,可以使用yum安裝或者源碼包編譯安裝
- [root@localhost ~]# yum install puppet-server
啟動puppetmaster服務:
- [root@localhost puppet]# /usr/sbin/puppetmasterd start
- [root@localhost puppet]# netstat -antup
- Active Internet connections (servers and established)
- Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
- tcp 0 0 0.0.0.0:57771 0.0.0.0:* LISTEN 1699/rpc.statd
- tcp 0 0 0.0.0.0:8140 0.0.0.0:* LISTEN 15415/ruby
重啟puppetmaster
服務和將puppetmaster設置為自動啟動
- [root@localhost puppet]# service puppetmaster restart
- [root@master ~]# chkconfig --level 345 puppetmaster on
Centos客戶端安裝,使用EPEL源,直接yum安裝puppet客戶端
- [root@client1~]#rpm -ivh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-5.noarch.rpm
- [root@localhost ~]# yum install puppet
FreeBSD客戶端的安裝
- [root@nagios ~]# whereis puppet
- puppet: /usr/ports/sysutils/puppet
- [root@nagios ~]# cd /usr/ports/sysutils/puppet
- [root@nagios /usr/ports/sysutils/puppet]# make install clean
- [root@nagios ~]# vim /etc/rc.conf
- puppet_enable="YES"
- [root@nagios ~]# cd /usr/local/etc/puppet/
- [root@nagios /usr/local/etc/puppet]# cp auth.conf-dist auth.conf
- [root@nagios /usr/local/etc/puppet] # cp puppet.conf-dist puppet.conf
- [root@nagios ~]# vi puppet.conf
- [root@nagios ~]# /usr/local/etc/rc.d/puppet start
客戶端的設置
- [root@client1 ~]# vim /etc/sysconfig/puppet
- # The puppetmaster server
- PUPPET_SERVER=Master.puppet
- # If you wish to specify the port to connect to do so here
- PUPPET_PORT=8140
- # Where to log to. Specify syslog to send log messages to the system log.
- PUPPET_LOG=/var/log/puppet/puppet.log
- # You may specify other parameters to the puppet client here
- PUPPET_EXTRA_OPTS=--waitforcert=500
重啟客戶端服務並加入自動啟動
- [root@master ~]# service puppet start
- [root@client1 ~]# chkconfig --level 345 puppet on
查看需要認證的客戶端
- [root@master ~]# puppetca --list
- client1.centos (CD:3E:E5:F0:6A:0B:8B:52:B2:54:C7:AB:09:E7:E3:A1)
- client2.centos (F3:DF:25:77:7F:DF:37:5B:2B:18:EE:DC:7A:A6:F5:CA)
- client3.freebsd (C4:93:76:65:49:34:18:FC:C7:68:9B:FD:02:D3:5F:CF)
認證所有的客戶端
- [root@master ~]# puppetca -s -a
認證某一台客戶端
- [root@master ~]# puppetca --sign client1.centos
- notice: Signed certificate request for client1.centos
- notice: Removing file Puppet::SSL::CertificateRequest client1.centos at '/var/lib/puppet/ssl/ca/requests/client1.centos.pem'
客戶端連接測試
- [root@client1 ~]# puppetd --test --server master.puppet
- info: Caching catalog for client1.centos
- info: Applying configuration version '1329891537'
- notice: Finished catalog run in 0.01 seconds
解決RDoc::usage問題
- [root@master ~] # puppetca --help
- No help available unless you have RDoc::usage installed
- [root@master ~]# yum install ruby-rdoc
- 安裝ruby-rdoc后恢復
本文出自 「Waydee的博客」 博客,請務必保留此出處http://waydee.blog.51cto.com/4677242/847112
[火星人 ] Puppet--測試環境搭建已經有632次圍觀