• 环境
  • Puppet服务端安装
    • 安装Puppet源
    • 配置puppet.conf
    • 配置site.pp
    • 启动Puppet-Server
  • Puppet Agent客户端安装
    • 安装Puppet源
    • 配置puppet.conf
    • 启动Puppet
    • 向Puppet-Server注册认证
    • Puppet服务端确定认证
    • 查看认证情况
    • Puppet同步实例
    • 配置init.pp文件
    • 配置site.pp文件
    • 在客户端同步文件
    • 查看同步文件

环境

类型 IP 名称 系统 软件
服务端Puppet-Master 192.168.0.100 puppet-master.puppet.com Centos 6.5 X64 Puppet-server
客户端Puppet-Agent 192.168.0.101 node1.puppet.com Centos 6.5 X64 Puppet

Puppet服务端安装


#yum install puppet puppet-server facter  -y


配置puppet.conf

#cat  /etc/puppet/puppet.conf

[main]
    logdir = /var/log/puppet                        #日志路径
    rundir = /var/run/puppet
    ssldir = $vardir/ssl                            #证书存放目录,默认$vardir为/var/lib/puppet/ssl
[agent]
    classfile = $vardir/classes.txt
    localconfig = $vardir/localconfig
    server = puppet-master.puppet.com              #服务端名称
    certname = puppet-master.puppet.com            #客户端名称
[master]
    certname = puppet-master.puppet.com            #服务端名称
    reports = http                                 #报表方式为http
    reporturl = http://192.168.0.100:3000/reports  #报表url地址


注:服务端名称,客户端名称需要服务端和客户端正确解析,也可配置hosts。

配置site.pp

site.pp文件存放了客户端节点服务器信息。以后面的例子中会使用到

# touch /etc/puppet/manifests/site.pp


启动Puppet-Server

#/etc/init.d/puppetmaster start

查看Puppet-Server是否启动成功

# netstat -ntlp | grep 8140
tcp     0    0 0.0.0.0:8140       0.0.0.0:*    LISTEN      18667/ruby

如果有TCP端口8140,说明启动成功。


Puppet Agent客户端安装

安装Puppet源

#yum install puppet puppet-server facter  -y

配置puppet.conf

# cat /etc/puppet/puppet.conf

[main]
    logdir = /var/log/puppet            #日志路径
    rundir = /var/run/puppet 
    ssldir = $vardir/ssl                #证书存放目录,默认$vardir为/var/lib/puppet/ssl
[agent]
    classfile = $vardir/classes.txt
    localconfig = $vardir/localconfig
    server = puppet-master.puppet.com   #服务器名称
    certname = node1.puppet.com         #客户端名称
#    runinterval=30                     #自动更新时间/秒
    reports = true                      #是否发送报表


启动Puppet

#/etc/init.d/puppet start

向Puppet-Server注册认证

# puppet agent --test
info: Creating a new SSL key for node1.puppet.com
info: Caching certificate for ca
info: Creating a new SSL certificate request for node1.puppet.com
info: Certificate Request fingerprint (md5): 692:86:E4:7F:00:E0:55:61:19:02:34:9E:9B:AF:F9
Exiting; no certificate found and waitforcert is disabled

Puppet服务端确定认证

注册node1.puppet.com客户端



# puppet cert --sign node1.puppet.com
notice: Signed certificate request for node1.puppet.com

notice: Removing file Puppet::SSL::CertificateRequest agent1_cert.kisspuppet.com \

at '/var/lib/puppet/ssl/ca/requests/ node1.puppet.com


查看认证情况

# puppet cert --list --all
注:也可通过 # tree /var/lib/puppet/ssl/ 查看

Puppet同步实例

在puppet-server服务器上创建同步模块varnish

创建puppet.conf.out文件


# puppet master --genconfig >/etc/puppet/puppet.conf.out

# cat /etc/puppet/puppet.conf.out | grep modulepath

modulepath = /etc/puppet/modules:/usr/share/puppet/modules


模块目录结构

注: puppet模块默认会在/etc/puppet/modules:/usr/share/puppet/modules路径查找

# tree /etc/puppet/modules/

`-- varnish

    |-- files                   #默认文件存放目录
    |   `-- etc
    |       `-- default.vcl      #varnish配置文件
    `-- manifests               #存放pp配置文件目录
        `-- init.pp

注:如没以上文件目录,自行创建

mkdir –p /etc/puppet/modules/varnish/files/etc

mkdir –p /etc/puppet/modules/varnish/manifests

配置init.pp文件

#cat /etc/puppet/modules/varnish/manifests/init.pp


class varnish{                                              #定义一个类叫varnish      

     package{ 'setup':                                        #定义package资源

     ensure => present,                                       #要求setup这个包处于被安装状态
  }
     file' /opt/varnish/etc/varnish/default.vcl ':          #定义file资源
     ensure  => present,                                      #要求file文件处于存在状态
     owner   => 'root',                                       #要求file文件属主为root
     group   => 'root',                                       #要求file文件属组为root
     mode    => '0644',                                       #要求file文件权限为644
     source  => "puppet://$puppetserver/modules/varnish/etc/ default.vcl ",
                                                              #要求file文件从puppetmaster端服务器下载
     require => Package['setup'],                             #要求文件被配置之前先执行package资
  }
}

33

配置site.pp文件

#cat /etc/puppet/manifests/site.pp


$puppetserver = 'puppet-master.puppet.com'    #puppet服务器名称
 node 'node1.puppet.com'{                     #puppet客户端名称
  include  varnish                            #加载varnish类,与init.pp配置文件中相同
}


在客户端同步文件

# puppet agent --test
Info: Retrieving plugin
Info: Caching catalog for node1.puppet.com
Info: Applying configuration version '1425458121'
Notice: /Stage[main]/Varnish/File[/opt/default.vcl]/ensure: defined content as '{md5}cc649df2ee775565f9cc43db135330cf'
Notice: Finished catalog run in 0.36 seconds

注:参数 --noop 输出文件不同之处,并不真正应用。可以判断配置是否正确,但并不真实执行。

查看同步文件

# ll /opt/varnish/etc/varnish/

-rw-r--r--. 1 root root 3133 Nov  6 00:26 default.vcl