Puppet安裝配置小結
前言
Puppet這個詞實際上包括了兩層含義:它既表明編寫這種代碼的語言,也表明對基礎設施進行管理的平臺。作運維老是靠流程驅動和事故驅動,不管是生產仍是測試環境配置上的不統一使得團隊的總體效率大打折扣。可以在開發者的筆記本或是在QA環境下正常工做的代碼,每每在部署到生產環境後就會出現問題,最糟糕的是沒人知道問題的根源在哪裏。而Puppet是一個優秀的基礎設施管理平臺,可讓每一個系統管理員更高效地完成工做,Puppet可以爲共享的代碼庫提供一種強力的粘合劑,以統一不一樣團隊的工做。Puppet能夠幫助處於各類不一樣情況的團隊加強協做能力,以進行軟件開發和發佈的——這種工做方式的演變一般被稱作DevOps。html
Puppet是最佳的集中配置管理系統之一java
更新記錄
2016年03月25日 - 初稿node
閱讀原文 - http://wsgzao.github.io/post/puppet/python
擴展閱讀linux
Puppet Labs Documentation - https://docs.puppetlabs.com/
Puppet Forge - https://forge.puppetlabs.com/git
工做原理
Puppet採用了很是簡單的C/S架構,全部數據的交互都經過SSL進行,以保證安全github
客戶端Puppetd向Master發起認證請求,或使用帶簽名的證書。json
Master告訴Client你是合法的。centos
客戶端Puppetd調用Facter,Facter探測出主機的一些變量,例如主機名、內存大小、IP地址等。Puppetd將這些信息經過SSL鏈接發送到服務器端。安全
服務器端的Puppet Master檢測客戶端的主機名,而後找到manifest對應的node配置,並對該部份內容進行解析。Facter送過來的信息能夠做爲變量處 理,node牽涉到的代碼才解析,其餘沒牽涉的代碼不解析。解析分爲幾個階段,首先是語法檢查,若是語法錯誤就報錯;若是語法沒錯,就繼續解析,解析的結 果生成一箇中間的「僞代碼」(catelog),而後把僞代碼發給客戶端。
客戶端接收到「僞代碼」,而且執行。
客戶端在執行時判斷有沒有File文件,若是有,則向fileserver發起請求。
客戶端判斷有沒有配置Report,若是已配置,則把執行結果發送給服務器。
服務器端把客戶端的執行結果寫入日誌,併發送給報告系統。
這就是puppet的工做流程,最重要的莫過於puppet-master來管理node的配置文件。
準備工做
以rhel6.3爲例,前期核心在於配置yum,更多技巧能夠參考如下文章
RHEL(Red Hat Enterprise Linux)配置yum源 - http://wsgzao.github.io/post/yum/
#關閉iptables /etc/init.d/iptables stop chkconfig iptables off #關閉selinux setenforce 0 sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config #NTP同步 ntpdate 0.rhel.pool.ntp.org crontab -e 0 0 * * * /usr/sbin/ntpdate 0.rhel.pool.ntp.org;/usr/sbin/hwclock -w #添加hosts vi /etc/hosts 192.168.1.10 master 192.168.1.11 client #puppet http://downloads.puppetlabs.com/puppet/ #facter http://downloads.puppetlabs.com/facter/ #ruby https://www.ruby-lang.org/zh_cn/downloads/ #配置CentOS YUM源 cd /etc/yum.repos.d/ cp rhel-source.repo rhel-source.repo.bak vi rhel-source.repo [base] name=CentOS-$releasever-Base baseurl=http://centos.ustc.edu.cn/centos/6/os/x86_64/ gpgcheck=1 gpgkey=http://mirrors.163.com/centos/RPM-GPG-KEY-CentOS-6 [updates] name=CentOS-$releasever-Updates baseurl=http://centos.ustc.edu.cn/centos/6/os/x86_64/ gpgcheck=1 gpgkey=http://mirrors.163.com/centos/RPM-GPG-KEY-CentOS-6 [extras] name=CentOS-$releasever-Extras baseurl=http://centos.ustc.edu.cn/centos/6/os/x86_64/ gpgcheck=1 gpgkey=http://mirrors.163.com/centos/RPM-GPG-KEY-CentOS-6 [centosplus] name=CentOS-$releasever-Plus baseurl=http://centos.ustc.edu.cn/centos/6/os/x86_64/ gpgcheck=1 yum clean all yum makecache yum repolist
Puppet Server
若是能夠訪問外網並配置repos,直接yum install puppetserver簡單粗暴
#Enable the Puppet Labs Package Repository
rpm -ivh https://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm
#安裝yum-plugin-downloadonly插件
yum install -y yum-plugin-downloadonly
#yum install puppetserver
yum install --downloadonly --downloaddir=/tmp/puppetserver puppetserver
Total download size: 73 M
Is this ok [y/N]: y
Downloading Packages:
(1/22): augeas-libs-1.0.0-10.el6.x86_64.rpm
(2/22): compat-readline5-5.2-17.1.el6.x86_64.rpm
(3/22): facter-2.4.6-1.el6.x86_64.rpm
(4/22): hiera-1.3.4-1.el6.noarch.rpm
(5/22): java-1.7.0-openjdk-1.7.0.79-2.5.5.4.el6.x86_6
(6/22): libjpeg-turbo-1.2.1-3.el6_5.x86_64.rpm
(7/22): libselinux-2.0.94-5.8.el6.i686.rpm
(8/22): libselinux-2.0.94-5.8.el6.x86_64.rpm
(9/22): libselinux-devel-2.0.94-5.8.el6.x86_64.rpm
(10/22): libselinux-python-2.0.94-5.8.el6.x86_64.rpm
(11/22): libselinux-ruby-2.0.94-5.8.el6.x86_64.rpm
(12/22): libselinux-utils-2.0.94-5.8.el6.x86_64.rpm
(13/22): puppet-3.8.6-1.el6.noarch.rpm
(14/22): puppetserver-1.1.3-1.el6.noarch.rpm
(15/22): ruby-1.8.7.374-4.el6_6.x86_64.rpm
(16/22): ruby-augeas-0.4.1-3.el6.x86_64.rpm
(17/22): ruby-irb-1.8.7.374-4.el6_6.x86_64.rpm
(18/22): ruby-libs-1.8.7.374-4.el6_6.x86_64.rpm
(19/22): ruby-rdoc-1.8.7.374-4.el6_6.x86_64.rpm
(20/22): ruby-shadow-2.2.0-2.el6.x86_64.rpm
(21/22): rubygem-json-1.5.5-3.el6.x86_64.rpm
(22/22): rubygems-1.3.7-5.el6.noarch.rpm
master@/tmp/puppetserver#rpm -Uvh *
warning: augeas-libs-1.0.0-10.el6.x86_64.rpm: Header V3 RSA/SHA1 Signature, key ID c105b9de: NOKEY
warning: facter-2.4.6-1.el6.x86_64.rpm: Header V4 RSA/SHA1 Signature, key ID 4bd6ec30: NOKEY
Preparing... ########################################### [100%]
1:libselinux ########################################### [ 5%]
2:augeas-libs ########################################### [ 9%]
3:libselinux-ruby ########################################### [ 14%]
4:libselinux-utils ########################################### [ 18%]
5:libjpeg-turbo ########################################### [ 23%]
6:java-1.7.0-openjdk ########################################### [ 27%]
7:compat-readline5 ########################################### [ 32%]
8:ruby-libs ########################################### [ 36%]
9:ruby ########################################### [ 41%]
10:facter ########################################### [ 45%]
11:ruby-irb ########################################### [ 50%]
12:ruby-rdoc ########################################### [ 55%]
13:rubygems ########################################### [ 59%]
14:rubygem-json ########################################### [ 64%]
15:hiera ########################################### [ 68%]
16:ruby-shadow ########################################### [ 73%]
17:ruby-augeas ########################################### [ 77%]
18:puppet ########################################### [ 82%]
19:puppetserver ########################################### [ 86%]
20:libselinux-devel ########################################### [ 91%]
21:libselinux-python ########################################### [ 95%]
22:libselinux ########################################### [100%]
#驗證puppetserver
master@/tmp/puppetserver#yum install puppetserver
Loaded plugins: downloadonly, product-id, refresh-packagekit, security, subscription-manager
Updating certificate-based repositories.
Unable to read consumer identity
Setting up Install Process
Package puppetserver-1.1.3-1.el6.noarch already installed and latest version
Nothing to do
#增長puppet master配置信息
vi /etc/puppet/puppet.conf
[main]
# master的主機名
server = master
# master的主機名
certname = master
#禁用插件同步
pluginsync = false
# The Puppet log directory.
# The default value is '$vardir/log'.
logdir = /var/log/puppet
# Where Puppet PID files are kept.
# The default value is '$vardir/run'.
rundir = /var/run/puppet
# Where SSL certificates are kept.
# The default value is '$confdir/ssl'.
ssldir = $vardir/ssl
[agent]
# The file in which puppetd stores a list of the classes
# associated with the retrieved configuratiion. Can be loaded in
# the separate ``puppet`` executable using the ``--loadclasses``
# option.
# The default value is '$confdir/classes.txt'.
classfile = $vardir/classes.txt
# Where puppetd caches the local configuration. An
# extension indicating the cache format is added automatically.
# The default value is '$confdir/localconfig'.
localconfig = $vardir/localconfig
#啓動puppet
puppet master
ps -ef |grep master
puppet 3077 1 0 10:09 ? 00:00:00 /usr/bin/ruby /usr/bin/puppet master
root 3081 3015 0 10:09 pts/0 00:00:00 grep master
Puppet Client
若是能夠訪問外網並配置repos,直接yum install puppet簡單粗暴
#Enable the Puppet Labs Package Repository
rpm -ivh https://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm
#安裝yum-plugin-downloadonly插件
yum install -y yum-plugin-downloadonly
#yum install puppet
yum install --downloadonly --downloaddir=/tmp/puppet puppet
Downloading Packages:
(1/19): augeas-libs-1.0.0-10.el6.x86_64.rpm
(2/19): compat-readline5-5.2-17.1.el6.x86_64.rpm
(3/19): facter-2.4.6-1.el6.x86_64.rpm
(4/19): hiera-1.3.4-1.el6.noarch.rpm
(5/19): libselinux-2.0.94-5.8.el6.i686.rpm
(6/19): libselinux-2.0.94-5.8.el6.x86_64.rpm
(7/19): libselinux-devel-2.0.94-5.8.el6.x86_64.rpm
(8/19): libselinux-python-2.0.94-5.8.el6.x86_64.rpm
(9/19): libselinux-ruby-2.0.94-5.8.el6.x86_64.rpm
(10/19): libselinux-utils-2.0.94-5.8.el6.x86_64.rpm
(11/19): puppet-3.8.6-1.el6.noarch.rpm
(12/19): ruby-1.8.7.374-4.el6_6.x86_64.rpm
(13/19): ruby-augeas-0.4.1-3.el6.x86_64.rpm
(14/19): ruby-irb-1.8.7.374-4.el6_6.x86_64.rpm
(15/19): ruby-libs-1.8.7.374-4.el6_6.x86_64.rpm
(16/19): ruby-rdoc-1.8.7.374-4.el6_6.x86_64.rpm
(17/19): ruby-shadow-2.2.0-2.el6.x86_64.rpm
(18/19): rubygem-json-1.5.5-3.el6.x86_64.rpm
(19/19): rubygems-1.3.7-5.el6.noarch.rpm
#離線安裝
client@/tmp/puppet#rpm -Uvh *
warning: facter-2.4.6-1.el6.x86_64.rpm: Header V4 RSA/SHA1 Signature, key ID 4bd6ec30: NOKEY
Preparing... ########################################### [100%]
1:libselinux ########################################### [ 5%]
2:augeas-libs ########################################### [ 11%]
3:libselinux-ruby ########################################### [ 16%]
4:libselinux-utils ########################################### [ 21%]
5:compat-readline5 ########################################### [ 26%]
6:ruby-libs ########################################### [ 32%]
7:ruby ########################################### [ 37%]
8:facter ########################################### [ 42%]
9:ruby-irb ########################################### [ 47%]
10:ruby-rdoc ########################################### [ 53%]
11:rubygems ########################################### [ 58%]
12:rubygem-json ########################################### [ 63%]
13:hiera ########################################### [ 68%]
14:ruby-shadow ########################################### [ 74%]
15:ruby-augeas ########################################### [ 79%]
16:puppet ########################################### [ 84%]
17:libselinux-devel ########################################### [ 89%]
18:libselinux-python ########################################### [ 95%]
19:libselinux ########################################### [100%]
#驗證puppet
client@/tmp/puppet#yum install puppet
Loaded plugins: fastestmirror, product-id, refresh-packagekit, security, subscription-manager
Updating certificate-based repositories.
Unable to read consumer identity
Setting up Install Process
Loading mirror speeds from cached hostfile
Package puppet-3.8.6-1.el6.noarch already installed and latest version
Nothing to do
#增長puppet client配置信息
vi /etc/puppet/puppet.conf
[main]
# master的主機名
server = master
# 禁用插件同步
pluginsync = false
# The Puppet log directory.
# The default value is '$vardir/log'.
logdir = /var/log/puppet
# Where Puppet PID files are kept.
# The default value is '$vardir/run'.
rundir = /var/run/puppet
# Where SSL certificates are kept.
# The default value is '$confdir/ssl'.
ssldir = $vardir/ssl
[agent]
# The file in which puppetd stores a list of the classes
# associated with the retrieved configuratiion. Can be loaded in
# the separate ``puppet`` executable using the ``--loadclasses``
# option.
# The default value is '$confdir/classes.txt'.
classfile = $vardir/classes.txt
# Where puppetd caches the local configuration. An
# extension indicating the cache format is added automatically.
# The default value is '$confdir/localconfig'.
localconfig = $vardir/localconfig
Puppet證書認證
Puppet爲了安全,採用ssl隧道通訊,所以須要申請證書來驗證的
#client agent鏈接server puppet agent --server=master #在master上查看申請證書請求 puppet cert --list "client" (SHA256) BC:1B:42:88:B0:A4:F0:F2:81:56:5D:0E:7A:49:90:83:79:F2:41:A5:E3:12:FC:E2:F2:DB:DE:30:8E:DB:0D:D0 #在master上籤發證書 #puppet cert sign --all puppet cert --sign client Notice: Signed certificate request for client Notice: Removing file Puppet::SSL::CertificateRequest client at '/var/lib/puppet/ssl/ca/requests/client.pem' #查看證書,"+"表示已經簽名成功 puppet cert -all + "client" (SHA256) BC:1B:42:88:B0:A4:F0:F2:81:56:5D:0E:7A:49:90:83:79:F2:41:A5:E3:12:FC:E2:F2:DB:DE:30:8E:DB:0D:D0 + "master" (SHA256) 04:45:21:0B:B5:5E:41:AE:9C:F4:B4:6B:EC:2F:AA:D2:BE:46:33:3E:B1:0E:85:2E:3C:B7:6B:98:95:A8:CE:4D
Puppet同步驗證
#在master上建立一個site.pp文件
vi /etc/puppet/manifests/site.pp
node default { file { "/tmp/test.txt": content => "Hello, First puppet test!"} }
#在client機進行驗證,若是/tmp/test.txt文件生成並有內容,則說明功能正常。
puppet agent --test
Info: Caching catalog for client
Info: Applying configuration version '1458888162'
Notice: /Stage[main]/Main/Node[default]/File[/tmp/test.txt]/ensure: defined content as '{md5}390b4c389233b9ae38a84ff8c731a8a1'
Info: Creating state file /var/lib/puppet/state/state.yaml
Notice: Finished catalog run in 0.03 seconds
Troubleshooting
硬件配置/操做系統記得按照Puppet的官方建議來作,遇到錯誤仔細分析日誌
https://docs.puppetlabs.com/pe/latest/install_system_requirements.html
https://docs.puppetlabs.com/guides/troubleshooting.html
#Error: Could not find certificate request for client #execute on your puppet master. puppet cert clean "yourhostnamehere" #execute on your puppet agent. rm -f /etc/puppetlabs/puppet/ssl/certs/yourhostnamehere find /var/lib/puppet -name *yourhostnamehere* -delete puppet agent -t #back for your puppet master puppet cert --list #check your name certificate and sign. puppet cert --sign "yourhostnamehere" #come back to your puppet agent and be happy :D puppet agent -t #客戶端報錯提示的方法也是相似 Error: Could not request certificate: The certificate retrieved from the master does not match the agent's private key. To fix this, remove the certificate from both the master and the agent and then start a puppet run, which will automatically regenerate a certficate. On the master: puppet cert clean "client" On the agent: 1a. On most platforms: find /var/lib/puppet/ssl -name client.pem -delete 1b. On Windows: del "/var/lib/puppet/ssl/client.pem" /f 2. puppet agent -t #Error: Could not run: Could not create PID file: /var/run/puppet/master.pid killall puppet puppet master --verbose --no-daemonize #puppet agent --test Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not parse for environment production: Permission denied - /etc/puppet/manifests/site.pp on node client.cffex.com.cn Warning: Not using cache on failed catalog Error: Could not retrieve catalog; skipping run #注意/etc/puppet/manifests的權限
相關文章
- 1. Puppet-1:Puppet安裝與配置測試
- 2. RHEL6.5配置安裝puppet-server和puppet(一)
- 3. Puppet Dashboard的安裝配置
- 4. dns安裝配置小結
- 5. open***安裝配置小結
- 6. puppet安裝配置及測試
- 7. Puppet用戶手冊–安裝與配置
- 8. puppet 3 + Unicorn + Nginx 安裝配置
- 9. Linux puppet的安裝配置部署
- 10. puppet的rpm包安裝及配置
- 更多相關文章...
- • Git 安裝配置 - Git 教程
- • MySQL免安裝版配置教程 - MySQL教程
- • Composer 安裝與使用
- • IntelliJ IDEA安裝代碼格式化插件
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
- 1. Duang!超快Wi-Fi來襲
- 2. 機器學習-補充03 神經網絡之**函數(Activation Function)
- 3. git上開源maven項目部署 多module maven項目(多module maven+redis+tomcat+mysql)後臺部署流程學習記錄
- 4. ecliple-tomcat部署maven項目方式之一
- 5. eclipse新導入的項目經常可以看到「XX cannot be resolved to a type」的報錯信息
- 6. Spark RDD的依賴於DAG的工作原理
- 7. VMware安裝CentOS-8教程詳解
- 8. YDOOK:Java 項目 Spring 項目導入基本四大 jar 包 導入依賴,怎樣在 IDEA 的項目結構中導入 jar 包 導入依賴
- 9. 簡單方法使得putty(windows10上)可以免密登錄樹莓派
- 10. idea怎麼用本地maven
歡迎關注本站公眾號,獲取更多信息
