歡迎您光臨本站 註冊首頁

Puppet--測試環境搭建

←手機掃碼閱讀     火星人 @ 2014-03-08 , reply:0

Puppet測試環境搭建

mso-bidi-font-family:宋體;mso-bidi-theme-font:minor-fareast">一. Calibri;mso-ascii-theme-font:minor-latin;mso-fareast-font-family:宋體;mso-fareast-theme-font: minor-fareast;mso-hansi-font-family:Calibri;mso-hansi-theme-font:minor-latin">介紹

Puppet是開源的自動化配置和部署工具,與cfengine相比,Puppet的語法更簡單;對管理員屏蔽了底層的具體操作步驟,可以支持多種系統

Linux,freebsd等等,並且Puppet的代碼是可以分享和重用的,避免了重複勞動同時彌補了腳本無法重用的缺陷.

mso-fareast-font-family:宋體;mso-fareast-theme-font:minor-fareast;mso-hansi-font-family: Calibri;mso-hansi-theme-font:minor-latin">工作原理

工作原理如下:

Calibri;mso-ascii-theme-font:minor-latin;mso-fareast-font-family:宋體;mso-fareast-theme-font: minor-fareast;mso-hansi-font-family:Calibri;mso-hansi-theme-font:minor-latin">客戶端

puppetd調用facter,facter探測出主機的變數信息並且將這些信息通過ssl連接發送到伺服器端

Calibri;mso-ascii-theme-font:minor-latin;mso-fareast-font-family:宋體;mso-fareast-theme-font: minor-fareast;mso-hansi-font-family:Calibri;mso-hansi-theme-font:minor-latin">伺服器端puppetmaster檢測客戶端的主機名,然後找到manifest中對應的

node配置,進行解析生成偽代碼,並將偽代碼發送給客戶端

Calibri;mso-ascii-theme-font:minor-latin;mso-fareast-font-family:宋體;mso-fareast-theme-font: minor-fareast;mso-hansi-font-family:Calibri;mso-hansi-theme-font:minor-latin">客戶端接受到偽代碼並執行,將執行結果返回給伺服器

Calibri;mso-ascii-theme-font:minor-latin;mso-fareast-font-family:宋體;mso-fareast-theme-font: minor-fareast;mso-hansi-font-family:Calibri;mso-hansi-theme-font:minor-latin">伺服器把客戶端的執行結果寫入日誌

Puppet使用的埠:8140,443,

61613 防火牆需要開放這幾個埠

mso-fareast-font-family:宋體;mso-fareast-theme-font:minor-fareast;mso-hansi-font-family: Calibri;mso-hansi-theme-font:minor-latin">測試環境搭建

測試環境列表:

Client1.centos 192.168.2.101
Client2.centos 192.168.2.102
Client3.freebsd 192.168.2.99
Master.puppet 192.168.2.98

Puppet需要和DNS結合,這裡測試是寫

hosts文件

伺服器端安裝puppet-server,可以使用yum安裝或者源碼包編譯安裝

  1. [root@localhost ~]# yum install puppet-server

啟動puppetmaster服務:

                         
  1. [root@localhost puppet]# /usr/sbin/puppetmasterd start
  2. [root@localhost puppet]# netstat -antup
  3. Active Internet connections (servers and established)
  4. Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
  5. tcp 0 0 0.0.0.0:57771 0.0.0.0:* LISTEN 1699/rpc.statd
  6. tcp 0 0 0.0.0.0:8140 0.0.0.0:* LISTEN 15415/ruby

重啟puppetmaster

服務和將puppetmaster設置為自動啟動
  1. [root@localhost puppet]# service puppetmaster restart
  2. [root@master ~]# chkconfig --level 345 puppetmaster on

Centos客戶端安裝,使用EPEL源,直接yum安裝puppet客戶端

  1. [root@client1~]#rpm -ivh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-5.noarch.rpm
  2. [root@localhost ~]# yum install puppet

FreeBSD客戶端的安裝

  1. [root@nagios ~]# whereis puppet
  2. puppet: /usr/ports/sysutils/puppet
  3. [root@nagios ~]# cd /usr/ports/sysutils/puppet
  4. [root@nagios /usr/ports/sysutils/puppet]# make install clean
  5. [root@nagios ~]# vim /etc/rc.conf
  6. puppet_enable="YES"
  7. [root@nagios ~]# cd /usr/local/etc/puppet/
  8. [root@nagios /usr/local/etc/puppet]# cp auth.conf-dist auth.conf
  9. [root@nagios /usr/local/etc/puppet] # cp puppet.conf-dist puppet.conf
  10. [root@nagios ~]# vi puppet.conf
  11. [root@nagios ~]# /usr/local/etc/rc.d/puppet start

客戶端的設置

  1. [root@client1 ~]# vim /etc/sysconfig/puppet
  2. # The puppetmaster server
  3. PUPPET_SERVER=Master.puppet
  4. # If you wish to specify the port to connect to do so here
  5. PUPPET_PORT=8140
  6. # Where to log to. Specify syslog to send log messages to the system log.
  7. PUPPET_LOG=/var/log/puppet/puppet.log
  8. # You may specify other parameters to the puppet client here
  9. PUPPET_EXTRA_OPTS=--waitforcert=500

重啟客戶端服務並加入自動啟動
  1. [root@master ~]# service puppet start
  2. [root@client1 ~]# chkconfig --level 345 puppet on

查看需要認證的客戶端

  1. [root@master ~]# puppetca --list
  2. client1.centos (CD:3E:E5:F0:6A:0B:8B:52:B2:54:C7:AB:09:E7:E3:A1)
  3. client2.centos (F3:DF:25:77:7F:DF:37:5B:2B:18:EE:DC:7A:A6:F5:CA)
  4. client3.freebsd (C4:93:76:65:49:34:18:FC:C7:68:9B:FD:02:D3:5F:CF)

認證所有的客戶端

  1. [root@master ~]# puppetca -s -a

認證某一台客戶端

  1. [root@master ~]# puppetca --sign client1.centos
  2. notice: Signed certificate request for client1.centos
  3. notice: Removing file Puppet::SSL::CertificateRequest client1.centos at '/var/lib/puppet/ssl/ca/requests/client1.centos.pem'

客戶端連接測試
  1. [root@client1 ~]# puppetd --test --server master.puppet
  2. info: Caching catalog for client1.centos
  3. info: Applying configuration version '1329891537'
  4. notice: Finished catalog run in 0.01 seconds

解決RDoc::usage問題

  1. [root@master ~] # puppetca --help
  2. No help available unless you have RDoc::usage installed
  3. [root@master ~]# yum install ruby-rdoc
  4. 安裝ruby-rdoc后恢復

本文出自 「Waydee的博客」 博客,請務必保留此出處http://waydee.blog.51cto.com/4677242/847112


[火星人 ] Puppet--測試環境搭建已經有632次圍觀

http://coctec.com/docs/linux/show-post-45804.html