模塊化管理
管理員將類似的配置組合成模塊,比如webserver裡面就包含了web伺服器的所有相關設置.使用模塊可以將puppet
代碼重用和共享.模塊的目錄路徑
默認路徑:/etc/puppet/modules 或者使用modulepath變數設置路徑
檢查默認的
module路徑
- [root@master ~]# puppet --genconfig|grep modulepath
- modulepath = /etc/puppet/modules:/usr/share/puppet/modules
創建sudo模塊對應目錄
- [root@master ~]# mkdir -p /etc/puppet/modules/sudo/{files,templates,manifests}
- [root@master ~]# touch /etc/puppet/modules/sudo/manifests/init.pp
編輯init.pp文件,內容如下
- [root@master ~]# vim /etc/puppet/modules/sudo/manifests/init.pp
- class sudo {
- package {sudo:
- ensure=>present,
- }
- if $operatingsystem == "Ubuntu" {
- package {"sudo-ldap":
- ensure=>present,
- require=>Package["sudo"],
- }
- }
- file {"/etc/sudoers":
- owner=>"root",
- group=>"root",
- mode=>0440,
- source=>"puppet://$puppetserver/modules/sudo/etc/sudoers",
- require=>Package["sudo"],
- }
- }
在files
目錄中創建etc目錄,並複製一份sudoer文件到該目錄下
- [root@master ~]# mkdir -p /etc/puppet/modules/sudo/files/etc
- [root@master ~]# cp /etc/sudoers /etc/puppet/modules/sudo/files/etc/
編輯nodes.pp文件,將
sudo模塊應用到相應的節點
- [root@master ~]# vim /etc/puppet/manifests/nodes.pp
- node 'client1.centos' {
- include sudo
- }
當然在site.pp文件中需要包含node.pp文件,並設置$puppetserver
變數
- [root@master ~]# vim /etc/puppet/manifests/site.pp
- import 'nodes.pp'
- $puppetserver="master.puppet"
應該剛剛只針對了client1.centos應用了sudo模塊,需要到該節點上驗證是否成功
[root@client1 ~]# puppetd --server master.puppet --test
- notice: Ignoring --listen on onetime run
- info: Caching catalog for client1.centos
- info: Applying configuration version '1330047901'
- notice: /Stage[main]/Sudo/Package[sudo]/ensure: created
- notice: Finished catalog run in 26.30 seconds
- You have new mail in /var/spool/mail/root
將master上files目錄下的
Empire CMS,phome.net |
- [root@client1 ~]# puppetd --server master.puppet --test
- notice: Ignoring --listen on onetime run
- info: Caching catalog for client1.centos
- info: Applying configuration version '1330047901'
- notice: /Stage[main]/Sudo/File[/etc/sudoers]/ensure: defined content as '{md5}4093e52552d97099d003c645f15f9372'
- notice: Finished catalog run in 0.37 seconds
配置客戶端自動運行的時間,客戶端增加配置
runinterval
- [agent]
- # The file in which puppetd stores a list of the classes
- # associated with the retrieved configuratiion. Can be loaded in
- # the separate ``puppet`` executable using the ``--loadclasses``
- # option.
- # The default value is '$confdir/classes.txt'.
- classfile = $vardir/classes.txt
- # Where puppetd caches the local configuration. An
- # extension indicating the cache format is added automatically.
- # The default value is '$confdir/localconfig'.
- localconfig = $vardir/localconfig
- server=master.puppet
- report=true
- listen=true
- runinterval=3600
Node的定義
相同功能的node可以一起定義
- node 'web1.example.com', 'web2.example.com', 'web3.example.com' { }
定義
node也支持正則表達式
- node /^web\d \.example\.com$/ { }
Base node是基本的node,每個節點都會應用的設置可以放在base裡面
- node base {
- …
- }
Node的定義支持繼承
- node webserver inherits base {
- …
- }
- node 'web.example.com' inherits webserver {
- …
- }
創建ssh模塊相應的目錄和文件
- [root@master ~]# mkdir -p /etc/puppet/modules/ssh/{manifests,templetes,files}
前面
sudo模塊的時候,所有相關的設置都是在init.pp文件中,但再SSH模塊中我們嘗試著將配置分為init.pp,install.pp,config.pp, service.pp,params.pp.創建配置相應文件
- [root@master ~]# touch /etc/puppet/modules/ssh/manifests/{install.pp,config.pp,service.pp}
配置params.pp文件,該文件主要是配置模塊的參數
- [root@master ~]# vim /etc/puppet/modules/ssh/manifests/params.pp
- class ssh::params {
- case $operatingsystem {
- Solaris: {
- $ssh_package_name ='openssh'
- $ssh_service_config='/etc/ssh/sshd_config'
- $ssh_service_name='sshd'
- }
- /(Ubuntu|Debian)/: {
- $ssh_package_name='openssh-server'
- $ssh_service_config='/etc/ssh/sshd_config'
- $ssh_service_name='sshd'
- }
- /(RedHat|CentOS|Fedora)/: {
- $ssh_package_name='openssh-server'
- $ssh_service_config='/etc/ssh/sshd_config'
- $ssh_service_name='sshd'
- }
- }
- }
編輯ssh模塊的init.pp文件
- [root@master ~]# vim /etc/puppet/modules/ssh/manifests/init.pp
- class ssh{
include ssh::params,ssh::install,ssh::config,ssh::service
Empire CMS,phome.net - }
編輯install.pp
- [root@master ~]# vim /etc/puppet/modules/ssh/manifests/install.pp
- class ssh::install {
- package {"$ssh::params::ssh_package_name":
- ensure=>installed,
- }
- }
編輯config.pp
- [root@master ~]# vim /etc/puppet/modules/ssh/manifests/config.pp
- class ssh::config{
- file { $ssh::params::ssh_service_config:
- ensure=>present,
- owner=>'root',
- group=>'root',
- mode=>0600,
- source=>"puppet://$puppetserver/modules/ssh/sshd_config",
- require=>Class["ssh::install"],
- notify=>Class["ssh::service"],
- }
- }
Notify在這裡是發出通知到對應的類,即如果ssh:config改變了,就
notify通知ssh::service類.編輯service.pp
- [root@master ~]# vim /etc/puppet/modules/ssh/manifests/service.pp
- class ssh::service{
- service{ $ssh::params::ssh_service_name:
- ensure=>running,
- hasstatus=>true,
- hasrestart=>true,
- enable=>true,
- require=>Class["ssh::config"],
- }
- }
設置hasstatus告訴puppet該服務支持status命令,即類似service sshd status
設置
hasrestart告訴puppet該服務支持restart命令,即類似service sshd restart複製默認的sshd_config文件到模塊的files目錄下
- [root@master ~]# cp /etc/ssh/sshd_config /etc/puppet/modules/ssh/files/
Ssh模塊設置完成,下面是將該模塊應用到節點上
編輯nodes.pp
- [root@master ~]# vim /etc/puppet/manifests/nodes.pp
- class base {
- include sudo,ssh
- }
- node 'client1.centos' {
- include base
- }
- node 'client2.centos' {
- include base
- }
到節點上驗證配置是否正確
- [root@client1 ~]# puppetd --server master.puppet --test
- notice: Ignoring --listen on onetime run
- info: Caching catalog for client1.centos
- info: Applying configuration version '1330052716'
- --- /etc/ssh/sshd_config 2011-12-08 04:25:10.000000000 0800
- /tmp/puppet-file20120224-27947-1eierk0-0 2012-02-24 11:06:15.203891553 0800
- @@ -1,3 1,4 @@
- # puppet auto configuration
- # $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $
- # This is the sshd server system-wide configuration file. See
- info: FileBucket adding {md5}853a26a0f4b8a7fc8529e45ed57fe67b
- info: /Stage[main]/Ssh::Config/File[/etc/ssh/sshd_config]: Filebucketed /etc/ssh/sshd_config to puppet with sum 853a26a0f4b8a7fc8529e45ed57fe67b
- notice: /Stage[main]/Ssh::Config/File[/etc/ssh/sshd_config]/content: content changed '{md5}853a26a0f4b8a7fc8529e45ed57fe67b' to '{md5}4a860a0861932b44d8af13e64d953b39'
- info: /Stage[main]/Ssh::Config/File[/etc/ssh/sshd_config]: Scheduling refresh of Service[sshd]
- notice: /Stage[main]/Ssh::Service/Service[sshd]: Triggered 'refresh' from 1 events
- notice: Finished catalog run in 0.81 seconds
本文出自 「Waydee的博客」 博客,請務必保留此出處http://waydee.blog.51cto.com/4677242/847134
[火星人 ] Puppet--sudo和ssh自動化管理已經有578次圍觀