手動編寫的幾個簡單的puppet管理配置
puppet在自動化配置管理方面有很強大的優點,這裏就不作過多介紹了,下面記錄下幾個簡單的puppet管理配置:javascript
1、首先在服務端和客戶端安裝puppet和facterphp
1)服務端 安裝Puppet Labs # rpm -ivh http://yum.puppetlabs.com/el/6.5/products/x86_64/puppetlabs-release-6-12.noarch.rpm 安裝Puppet和facter # yum install puppet puppet-server facter 2)客戶端 安裝Puppet Labs # rpm -ivh http://yum.puppetlabs.com/el/6.5/products/x86_64/puppetlabs-release-6-12.noarch.rpm 安裝Puppet和facter # yum install puppet facter
2、puppet配置及證書籤收css
1)客戶端和服務端分別作host主機映射(或者作內網DNS解析)
192.168.1.10 puppet01.wang.com #服務端
192.168.1.11 puppet02.wang.com #客戶端
2)在客服端的puppet.conf配置文件裏
[root@puppet02 ~]# cat /etc/puppet/puppet.conf
[main]
server=puppet01.wang.com
......
3)分別啓動puppet服務(注意服務端和客戶端的iptables防火牆最好關閉,若是開啓的話,要記得開放puppet端口8140的訪問)
服務端
[root@puppet01 ~]# /etc/init.d/puppetmaster start
客服端
[root@puppet02 ~]# /etc/init.d/puppet start
4)自動註冊證書配置
服務端
[root@puppet01 ~]# cat /etc/puppet/puppet.conf
[main]
......
autosign = true
autosign = /etc/puppet/autosign.conf
[root@puppet01 ~]# cat /etc/puppet/autosign.conf #建立自動註冊配置文件,下面表示對全部主機的註冊進行簽收
*
[root@puppet01 ~]# /etc/init.d/puppetmaster restart
客戶端進行註冊
[root@puppet02 ~]# puppet agent --test --server=puppet01.wang.com
Notice: Ignoring --listen on onetime run
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for puppet02.wang.com
Info: Applying configuration version '1501320900'
Notice: Finished catalog run in 0.42 seconds
服務端發現已經自動簽收了證書
[root@puppet01 ~]# puppet cert --list --all
+ "puppet01.wang.com" (SHA256) 3E:99:64:73:14:D5:BA:01:62:2F:53:62:A6:07:55:AB:BA:BE:70:6E:7E:60:7A:81:41:10:63:78:C0:FD:E4:56 (alt names: "DNS:puppet", "DNS:puppet.wang.com", "DNS:puppet01.wang.com")
+ "puppet02.wang.com" (SHA256) A4:EF:73:62:3A:DD:F9:2E:E4:12:8F:2E:AE:90:96:43:95:7A:4C:9F:38:02:44:B7:81:C5:08:B5:16:95:42:0B
3、puppet自動化管理配置html
在puppet master服務端進行puppet管理條目的配置,配置好以後,這些條目會被髮送到puppet agent節點機器上,並被應用到agent節點機器上(即puppet master的"推"操做)。若是agent節點機器以守護進程方式運行,
它會默認每隔30分鐘鏈接一次,並檢查本身所在主機的配置是否發生了變化或者增長了新的配置。能夠經過修改agent上/etc/puppet/puppet.conf文件中的runinterval項來修改這個時間間隔,好比修改時間間隔爲1小時
"runinterval = 3600"。同時,agent節點機器也能夠經過cron進行定時任務的主動鏈接(即puppet agent的"拉"操做),
結合master和agent的一"推"一"拉"的操做。
1)在puppet master端進行配置
[root@puppet01 puppet]# ll
total 36
-rw-r--r-- 1 root root 4178 Jul 29 16:25 auth.conf
-rw-r--r-- 1 root root 2 Jul 29 16:25 autosign.conf
drwxr-xr-x 3 root root 4096 Jul 29 16:25 environments
-rw-r--r-- 1 root root 1462 Jul 29 16:25 fileserver.conf
drwxr-xr-x 2 root root 4096 Jul 29 17:22 manifests
drwxr-xr-x 13 root root 4096 Jul 29 17:03 modules
-rw-r--r-- 1 root root 915 Jul 29 16:25 puppet.conf
先建立模塊能夠手動建立,也能夠經過命令建立,不過要修改模塊名稱。
[root@puppet01 puppet]# cd modules/
[root@puppet01 modules]# puppet module generate propupet-ssh #命令行建立模塊的命令。模塊名稱格式"puppet-模塊名""
[root@puppet01 modules]# mv propupet-ssh ssh #修改成ssh模塊
或者手動建立模塊
[root@puppet01 modules]# mkdir ssh #不過還要手動建立模塊下的目錄結構
[root@puppet01 modules]# mkdir ssh/files #保存模塊須要用到的文件
[root@puppet01 modules]# mkdir ssh/manifests #puppet配置文件的存放目錄
[root@puppet01 modules]# mkdir ssh/templates #保存模塊中用到的模板
modules模塊配置好以後,要在/etc/puppet/manifests/site.pp清單文件中進行引用(以下最後會提到)。
2)參考下面幾個模塊的配置:
[root@puppet01 modules]# pwd
/etc/puppet/modules
--------------------ssh安裝管理模塊--------------------
[root@puppet01 manifests]# cd /etc/puppet/modules/ssh
[root@puppet01 ssh]# cd manifests/
[root@puppet01 manifests]# ls
config.pp init.pp install.pp service.pp
[root@puppet01 manifests]# cat init.pp
class ssh {
class { '::ssh::install':} ->
class { '::ssh::config':} ->
class { '::ssh::service':} ->
Class['ssh']
}
[root@puppet01 manifests]# cat install.pp
class ssh::install {
package { "openssh": #安裝包名爲openssh
ensure => present, #保證該包被安裝
}
}
[root@puppet01 manifests]# cat config.pp
class ssh::config {
file { "/etc/ssh/sshd_config": #ssh諸如端口、用戶名、密碼登陸的控制均可以事先放在模塊的files下的sshd_config文件了,而後利用puppet同步到目標機器上。修改後會自動重啓sshd(service類裏會自動重啓)
ensure => present,
owner => 'root',
group => 'root',
mode => 0600,
source => "puppet:///modules/ssh/sshd_config", #即sshd_config文件存放在/etc/puppet/modules/ssh/files目錄下。注意files目錄不寫在路徑中。
require => Class["ssh::install"], #該文件資源存在的前提條件
notify => Class["ssh::service"], #該文件資源存在後通知ssh::service類
}
}
[root@puppet01 manifests]# cat service.pp
class ssh::service {
service { "sshd":
ensure => running,
hasstatus => true,
hasrestart =>true,
enable => true,
require => Class["ssh::config"],
}
}
[root@puppet01 manifests]# ls ../files/sshd_config
../files/sshd_config
--------------------DNS配置管理--------------------
[root@puppet ~]# cd /etc/puppet/modules/dns/
[root@puppet dns]# ls
files manifests
[root@puppet dns]# cd manifests/
[root@puppet manifests]# ls
config.pp init.pp restart.pp setup.pp
[root@puppet manifests]# cat init.pp
class dns {
include dns::config
include dns::setup
include dns::restart
}
[root@puppet manifests]# cat config.pp
class dns::config {
file { "/etc/named":
ensure => directory,
source => "puppet:///modules/dns/pro-dns/DNS/etc/named",
recurse => true,
}
file { "/var/named":
ensure => directory,
source =>"puppet:///modules/dns/pro-dns/DNS/var/named",
recurse => true,
}
}
[root@puppet manifests]# cat setup.pp
class dns::setup {
exec {"Set permissions of etc-named":
cwd => "/etc",
command => "/bin/chown -R root.named named",
path =>["/usr/bin:/usr/sbin:/bin:/sbin"],
require => Class["dns::config"],
}
exec {"Set permissions of var-named":
cwd => "/var",
command => "/bin/chown -R root.named named && /bin/chown -R named.named named/data/",
path =>["/usr/bin:/usr/sbin:/bin:/sbin"],
require => Class["dns::config"],
}
}
[root@puppet manifests]# cat restart.pp
class dns::restart {
exec {"restart named service":
command => "service named restart",
path => ["/usr/bin:/usr/sbin:/bin:/sbin"],
require => Class["dns::config"],
}
}
files目錄下存放的是DNS的配置文件和正反向解析文件(能夠放到gitlab的pro-dns項目的DNS目錄下,經過git clone下載)
[root@puppet manifests]# cd ../files/
[root@puppet files]# ls
pro-dns
[root@puppet files]# ls pro-dns/DNS/
etc var
[root@puppet files]# ls pro-dns/DNS/etc/named/
named.conf
[root@puppet files]# ls pro-dns/DNS/var/named/
192.168.10.zone 192.168.16.zone 192.168.32.zone 192.168.33.zone 192.168.34.zone 192.168.64.zone 192.168.8.zone wangshibo.cn
--------------------java7安裝管理模塊--------------------
[root@puppet01 java7]# cd manifests/
[root@puppet01 manifests]# ls
init.pp install.pp
[root@puppet01 manifests]# cat init.pp
class java7 {
include java7::install
}
[root@puppet01 manifests]# cat install.pp
class java7::install {
file { "/data/software/java-jdk7_install.sh": #文件資源
source => "puppet:///modules/java7/java-jdk7_install.sh",
owner => root,
group => root,
mode => 0755
}
exec { "install jdk": #命令資源
cwd => "/data/software",
command => "/bin/bash java-jdk7_install.sh",
user => "root",
group => "root",
path =>["/usr/bin:/usr/sbin:/bin:/sbin"],
creates =>"/usr/java/jdk1.7.0_80", #當/usr/java/jdk1.7.0_80文件存在時,不執行該命令。只有當不存在時執行!
require =>File["/data/software/java-jdk7_install.sh"] #該命令資源執行的前提條件
}
}
[root@puppet01 manifests]# cd ../files/
[root@puppet01 files]# ll
total 4
-rwxr-xr-x 1 root root 756 Jul 29 16:25 java-jdk7_install.sh
[root@puppet01 files]# cat java-jdk7_install.sh
#!/bin/bash
/bin/rpm -qa|grep jdk|xargs rpm -e
# install jdk7
/bin/rpm -ivh http://yum.wang.com/software/jdk-7u80-linux-x64.rpm
# set env
NUM=`cat /etc/profile|grep "JAVA_HOME"|wc -l`
JDK=`cat /etc/profile|grep "JAVA_HOME="|cut -d"=" -f2|awk -F"/" '{print $4}'`
if [ $NUM -ne 0 ];then
/bin/sed -i 's#'$JDK'#jdk1.7.0_80#g' /etc/profile
else
echo "JAVA_HOME=/usr/java/jdk1.7.0_80" >> /etc/profile
echo "JAVA_BIN=/usr/java/jdk1.7.0_80/bin" >> /etc/profile
echo "PATH=/usr/lib64/qt-3.3/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin:/bin" >> /etc/profile
echo "CLASSPATH=.:/lib/dt.jar:/lib/tools.jar" >> /etc/profile
echo "export JAVA_HOME JAVA_BIN PATH CLASSPATH" >> /etc/profile
fi
source /etc/profile
--------------------java8安裝管理模塊--------------------
[root@puppet01 files]# cd /etc/puppet/modules/java8
[root@puppet01 java8]# ls
files manifests
[root@puppet01 java8]# cd manifests/
[root@puppet01 manifests]# ls
init.pp install.pp
[root@puppet01 manifests]# cat init.pp
class java8 {
include java8::install
}
[root@puppet01 manifests]# cat install.pp
class java8::install {
file { "/data/software/java-jdk8_install.sh":
source => "puppet:///modules/java8/java-jdk8_install.sh",
owner => root,
group => root,
mode => 0755
}
exec { "install jdk":
cwd => "/data/software",
command => "/bin/bash java-jdk8_install.sh",
user => "root",
group => "root",
path =>["/usr/bin:/usr/sbin:/bin:/sbin"],
creates =>"/usr/java/jdk1.8.0_131",
require =>File["/data/software/java-jdk8_install.sh"]
}
}
[root@puppet01 manifests]# cat ../files/java-jdk8_install.sh
#!/bin/bash
/bin/rpm -qa|grep jdk|xargs rpm -e
# install jdk8 jdk7
/bin/rpm -ivh http://yum.wang.com/software/jdk-8u131-linux-x64.rpm
# set env
NUM=`cat /etc/profile|grep "JAVA_HOME"|wc -l`
JDK=`cat /etc/profile|grep "JAVA_HOME="|cut -d"=" -f2|awk -F"/" '{print $4}'`
if [ $NUM -ne 0 ];then
/bin/sed -i 's#'$JDK'#jdk1.8.0_131#g' /etc/profile
else
echo "JAVA_HOME=/usr/java/jdk1.8.0_131" >> /etc/profile
echo "JAVA_BIN=/usr/java/jdk1.8.0_131/bin" >> /etc/profile
echo "PATH=/usr/lib64/qt-3.3/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin:/bin" >> /etc/profile
echo "CLASSPATH=.:/lib/dt.jar:/lib/tools.jar" >> /etc/profile
echo "export JAVA_HOME JAVA_BIN PATH CLASSPATH" >> /etc/profile
fi
source /etc/profile
--------------------tomcat8安裝管理模塊--------------------
[root@puppet01 manifests]# cd /etc/puppet/modules/tomcat8/
[root@puppet01 tomcat8]# ls
files manifests
[root@puppet01 tomcat8]# cd manifests/
[root@puppet01 manifests]# ls
init.pp install.pp
[root@puppet01 manifests]# cat init.pp
class tomcat8 {
include tomcat8::install
}
[root@puppet01 manifests]# cat install.pp
class tomcat8::install {
file { "/data/software/apache-tomcat-8.5.15.tar.gz":
source =>"puppet:///modules/tomcat8/apache-tomcat-8.5.15.tar.gz",
owner => "root",
group => "root",
mode => 755
}
exec {"install tomcat":
cwd => "/data/software",
command => "/bin/tar -zvxf apache-tomcat-8.5.15.tar.gz && mv apache-tomcat-8.5.15 /data/tomcat",
user => "root",
group => "root",
path =>["/usr/bin:/usr/sbin:/bin:/sbin"],
creates => "/data/tomcat",
require => File["/data/software/apache-tomcat-8.5.15.tar.gz"]
}
}
[root@puppet01 manifests]# ls ../files/
apache-tomcat-8.5.15.tar.gz
--------------------nginx安裝管理模塊--------------------
[root@puppet01 manifests]# cd /etc/puppet/modules/nginx/
[root@puppet01 nginx]# ls
files manifests
[root@puppet01 nginx]# cd manifests/
[root@puppet01 manifests]# ls
init.pp install.pp
[root@puppet01 manifests]# cat init.pp
class nginx {
include nginx::install
}
[root@puppet01 manifests]# cat install.pp
class nginx::install {
file { "/data/software/nginx1.10_install.sh":
source =>"puppet:///modules/nginx/nginx1.10_install.sh",
owner => "root",
group => "root",
mode => 755
}
exec {"install nginx":
cwd => "/data/software",
command => "/bin/bash -x nginx1.10_install.sh",
user => "root",
group => "root",
path =>["/usr/bin:/usr/sbin:/bin:/sbin"],
creates => "/data/nginx/conf/nginx.conf",
require => File["/data/software/nginx1.10_install.sh"]
}
}
[root@puppet01 manifests]# cat ../files/nginx1.10_install.sh
#!/bin/bash
#基礎環境準備
/usr/sbin/groupadd -r nginx
/usr/sbin/useradd -r -g nginx -s /bin/false -M nginx
/usr/bin/yum install -y pcre pcre-devel openssl openssl-devel gcc
#編譯安裝nginx1.10
cd /data/software/
/usr/bin/wget http://yum.wang.com/software/nginx-1.10.3.tar.gz
/bin/tar -zvxf nginx-1.10.3.tar.gz
cd nginx-1.10.3
./configure --prefix=/data/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_flv_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre
make && make install
#配置nginx
cp /data/nginx/conf/nginx.conf /data/nginx/conf/nginx.conf.bak
> /data/nginx/conf/nginx.conf
cat > /data/nginx/conf/nginx.conf << EOF
user nobody;
worker_processes 8;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
events {
worker_connections 65535;
}
http {
server_tokens off;
include mime.types;
default_type application/octet-stream;
charset utf-8;
log_format main '$http_x_forwarded_for $remote_addr $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_cookie" $host $request_time';
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
fastcgi_connect_timeout 3000;
fastcgi_send_timeout 3000;
fastcgi_read_timeout 3000;
fastcgi_buffer_size 256k;
fastcgi_buffers 8 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_intercept_errors on;
client_header_timeout 600s;
client_body_timeout 600s;
client_max_body_size 100m;
client_body_buffer_size 256k;
## support more than 15 test environments server_names_hash_max_size 512; server_names_hash_bucket_size 128;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_comp_level 9;
gzip_types text/plain application/x-javascript text/css application/xml text/javascript application/x-httpd-php;
gzip_vary on;
include vhosts/*.conf;
}
EOF
/bin/mkdir /data/nginx/conf/vhosts
cat > /data/nginx/conf/vhosts/test.conf << EOF
server {
listen 80;
server_name localhost;
access_log logs/access.log;
error_log logs/error.log;
location / {
root html;
index index.php index.html index.htm;
}
}
EOF
/data/nginx/sbin/nginx
--------------------motd文件管理模塊--------------------
[root@puppet01 manifests]# cd /etc/puppet/modules/motd/
[root@puppet01 motd]# ls
files manifests
[root@puppet01 motd]# cd manifests/
[root@puppet01 manifests]# ls
config.pp init.pp install.pp
[root@puppet01 manifests]# cat init.pp
class motd {
include motd::config
include motd::install
}
[root@puppet01 manifests]# cat install.pp
class motd::install {
package{'setup':
ensure => present,
}
}
[root@puppet01 manifests]# cat config.pp
class motd::config {
file { "/etc/motd":
ensure => present,
owner => "root",
group => "root",
mode => 0644,
source => "puppet:///modules/motd/motd",
require => Class["motd::install"],
}
}
[root@puppet01 manifests]# ls ../files/motd
../files/motd
--------------------dns文件管理模塊--------------------
[root@puppet01 manifests]# cd /etc/puppet/modules/dns/
[root@puppet01 dns]# ls
files manifests
[root@puppet01 dns]# cd manifests/
[root@puppet01 manifests]# ls
config.pp init.pp
[root@puppet01 manifests]# cat init.pp
class dns {
include dns::config
}
[root@puppet01 manifests]# cat config.pp
class dns::config {
file { "/etc/resolv.conf":
ensure => present,
owner => "root",
group => "root",
mode => 0644,
source => "puppet:///modules/dns/resolv.conf",
}
}
[root@puppet01 manifests]# cat ../files/resolv.conf
search wang.com
nameserver 192.168.1.27
nameserver 192.168.1.28
--------------------chrony時間同步文件管理模塊--------------------
[root@puppet01 manifests]# cd /etc/puppet/modules/chrony/
[root@puppet01 chrony]# ls
files manifests
[root@puppet01 chrony]# cd manifests/
[root@puppet01 manifests]# ls
init.pp install.pp
[root@puppet01 manifests]# cat init.pp
class chrony {
include chrony::install
}
[root@puppet01 manifests]# cat install.pp
class chrony::install {
file { "/data/software/chrony.sh":
source =>"puppet:///modules/chrony/chrony.sh",
owner => "root",
group => "root",
mode => 755
}
exec {"install chrony":
cwd => "/data/software",
command => "/bin/bash -x chrony.sh",
user => "root",
group => "root",
path =>["/usr/bin:/usr/sbin:/bin:/sbin"],
creates => "/etc/chrony.conf",
require => File["/data/software/chrony.sh"]
}
}
[root@puppet01 manifests]# cat ../files/chrony.sh
#!/bin/bash
/etc/init.d/ntpd stop
/usr/bin/yum install chrony -y
cp /etc/chrony.conf /etc/chrony.conf.bak
rm -f /etc/chrony.conf
wget http://yum.wang.com/software/chrony.conf
cp -f chrony.conf /etc/
/etc/init.d/chronyd start
/usr/bin/chronyc sources -v
--------------------yum文件管理模塊--------------------
[root@puppet01 manifests]# cd /etc/puppet/modules/yum/
[root@puppet01 yum]# ls
files manifests
[root@puppet01 yum]# cd manifests/
[root@puppet01 manifests]# ls
config.pp init.pp
[root@puppet01 manifests]# cat init.pp
class yum {
include yum::config
}
[root@puppet01 manifests]# cat config.pp
class yum::config {
file { "/data/software/yum.sh":
source => "puppet:///modules/yum/yum.sh",
owner => "root",
group => "root",
mode => 0755,
}
exec { "set yum":
cwd => "/data/software",
command => "/bin/bash yum.sh",
user => "root",
group => "root",
path =>["/usr/bin:/usr/sbin:/bin:/sbin"],
unless => "grep mirrors.wang.com /etc/yum.repos.d/CentOS-Base.repo", #當這個結果爲假的時候才執行這個命令。若是結果爲真,就中止執行這個命令。
require =>File["/data/software/yum.sh"]
}
}
[root@puppet01 manifests]# cat ../files/yum.sh
#!/bin/bash
rm -f /etc/yum.repos.d/*.repo
wget http://yum.wang.com/software/CentOS-Base.repo -O /etc/yum.repos.d/CentOS-Base.repo
wget http://yum.wang.com/software/epel.repo -O /etc/yum.repos.d/epel.repo
#wget http://yum.wang.com/software/mongodb.repo
yum clean all
yum makecache
--------------------resolv文件管理模塊--------------------
[root@puppet ~]# ls /etc/puppet/modules/
chrony dns java7 java8 motd nginx postfix resolv ssh sudo tomcat8 yum
[root@puppet ~]# cd /etc/puppet/modules/resolv/manifests/
[root@puppet manifests]# ls
config.pp init.pp
[root@puppet manifests]# cat init.pp
class resolv {
include resolv::config
}
class resolv01 {
include resolv::dns01
}
class resolv02 {
include resolv::dns02
}
[root@puppet manifests]# cat config.pp
class resolv::config {
file { "/etc/resolv.conf":
source => "puppet:///modules/resolv/resolv.conf",
ensure => "present",
owner => "root",
group => "root",
mode => 0644,
}
}
[root@puppet manifests]# cat ../files/resolv.conf
search wang.com
nameserver 192.168.1.27
nameserver 192.168.1.28
options timeout:1
options attempts:1
--------------------postfix安裝管理模塊--------------------
[root@puppet01 manifests]# cd /etc/puppet/modules/postfix/
[root@puppet01 postfix]# ls manifests/
config.pp init.pp install.pp service.pp
[root@puppet01 postfix]# ls files/
master.cf
[root@puppet01 postfix]# ls templates/
main.cf.erb
[root@puppet01 postfix]# cat manifests/init.pp
class postfix {
include postfix::install
include postfix::config
include postfix::service
}
[root@puppet01 postfix]# cat manifests/install.pp
class postfix::install {
package { ["postfix","mailx" ]:
ensure => present,
}
}
[root@puppet01 postfix]# cat manifests/config.pp
class postfix::config {
File {
owner => 'postfix',
group => 'postfix',
mode => 0644,
}
file {'/etc/postfix/master.cf':
ensure => present,
source => 'puppet:///modules/postfix/master.cf',
require => Class['postfix::install'],
notify => Class['postfix::service'],
}
file {'/etc/postfix/main.cf':
ensure => present,
content => template('postfix/main.cf.erb'),
require => Class['postfix::install'],
notify => Class['postfix::service'],
}
}
[root@puppet01 postfix]# cat manifests/service.pp
class postfix::service {
service { 'postfix':
ensure => running,
hasstatus => true,
hasrestart => true,
enable => true,
require => Class['postfix::config'],
}
}
[root@puppet01 postfix]# cat templates/main.cf.erb
soft_bounce = no
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
myhostname = <%= @hostname %>
mydomain = <%= @domain %>
myorigin = $mydomain
mydestination = $myhostname,localhost.$mydomain,localhost,$mydomain
unknown_local_recipient_reject_code = 550
relay_domains = $mydestination
smtpd_reject_unlisted_recipient = yes
unverified_recipient_reject_code = 500
smtpd_banner = $myhostname ESMTP
setgid_group = postdrop
[root@puppet01 postfix]# ls files/master.cf
files/master.cf
#注意:模板裏的變量經過ERB語法從Facter的fact中獲取值。fact的名稱放在有<%=和%>組成的ERB括號裏,在Puppet運行時,它們將被替代爲Fact的實際值(即agent端的實際值)。
--------------------------------------------------------------------------------------------------
而後在/etc/puppet/manifests/site.pp清單文件中引用這些類:
[root@puppet manifests]# cat /etc/puppet/manifests/site.pp
class base {
include chrony
include java8
include tomcat8
include nginx
include yum
include resolv
}
node 'puppet02.bkjk.cn' {
include dns
include yum
}
node 'dns01' {
#include dns
include yum
include ssh
include resolv
}
node 'dns02' {
#include dns
include yum
include ssh
include resolv
}
node 'mirrors' {
include yum
include ssh
include resolv
}
上面的dns0一、dns0二、mirrors都是經過內網DNS解析的。
[root@puppet manifests]# ping mirrors
PING mirrors.wang.com (192.168.1.240) 56(84) bytes of data.
64 bytes from yum.wang.com (192.168.1.240): icmp_seq=1 ttl=64 time=0.889 ms
......
--------------------------------------------------------------------------------------------------
最後在puppet agent端鏈接puppet master,進行應用同步管理。
[root@puppet02 ~]# puppet agent --test --server=puppet01.wang.com
Notice: Ignoring --listen on onetime run
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for puppet02.wang.com
Info: Applying configuration version '1501429243'
Notice: /Stage[main]/Chrony::Install/File[/data/software/chrony.sh]/ensure: defined content as '{md5}fe7f9787a7cae33ed0e00c26f880b145'
Notice: /Stage[main]/Chrony::Install/Exec[install chrony]/returns: executed successfully
........
執行成功後,在puppet agent節點機器上進行驗證。後續再對這些應用配置進行管理時,只需在puppet master進行維護操做,puppet agent端會自動進行同步管理的。
------------------------------------------------------------------------------------------------------
[root@puppet dns]# puppet agent -t #puppet服務端測試鏈接
[root@puppet dns]# puppet agent --help
配置說明:
class source::exec2{
exec { "install nginx":
cwd =>"/tmp/rhel5/nginx", #目錄存在的狀況下執行command
command =>"tar -zxvf nginx-0.8.42.tar.gz && cd nginx-0.8.42 &&./configure --user=nginx --group=nginx --prefix=/usr/local/nginx --without-http-cache && make&&make install",
path => ["/usr/bin","/usr/sbin","/bin","/sbin"],
logoutput => on_failure,
unless => "/bin/ls /usr/local/nginx/conf", #命令返回值不爲0的狀況下執行commond
require => Class[source::file1,source::user]
notify => Class["source::exec3"],
}
[root@puppet dns]# /bin/ls /data/nginx/conf/nginx.conf
/data/nginx/conf/nginx.conf
[root@puppet dns]# echo $?
0
相關文章
- 1. Puppet自動化管理配置
- 2. 手寫一個簡單的webpack的配置
- 3. 手寫一個簡單的單例
- 4. puppet集中配置管理系統
- 5. Springboot2.2 Redis多個實例簡單的手動配置
- 6. 自己動手寫最簡單的Android驅動---LED驅動的編寫
- 7. Puppet集中配置管理系統[前言 關於Puppet]
- 8. 一個簡單的配置管理器(SettingManager)
- 9. Java新手,手動編寫一個簡單的數字小遊戲(詳解)
- 10. 幾個簡單的shell編程題
- 更多相關文章...
- • Hibernate事務的配置 - Hibernate教程
- • TiDB數據庫的管理機制 - NoSQL教程
- • TiDB 在摩拜單車在線數據業務的應用和實踐
- • IntelliJ IDEA 代碼格式化配置和快捷鍵
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
