puppet安装和实施.docx

puppet 原理和工作流程puppet 一个为实现数据中心自动化管理而设计的配置管理软件,基于C/S架构。原理：S服务端保存着所有的对客户端服务器的配置代码，puppet里叫清单（manifest)；c客户端下载清单后，根据清单对服务器进行配置工作流程：客户端调用facter facter探测出主机的一些变量，puppetd 把这些信息通过SSL连接发送到服务器puppetmaster服务器puppetmaster 检测客户端的主机名，然后找到manifest里面对应主机的配置，对其解析，让客户端执行。客户端每隔30分钟同步一次配置文件。puppet安装centos6.5 安装puppet OS: Centos 6.5 x86_64 Puppet master: (35) Puppet clients: (36) Puppet clients: (37)一、先做好安装的准备工作：1. 在master和client均关闭selinux，iptables：停止iptablesrootmaster # service iptables stoprootmaster # chkconfig ptables off关闭selinuxrootmaster # vim /etc/selinux/config改成 SELINUX=disabled2. 为了保证能向master主机申请到正确的有效证书，建议master和client设置ntp：rootmaster # yum -y install ntprootmaster # ntpdate rootmaster # chkconfig ntpd onrootmaster # chkconfig -list|grep ntprootmaster # service ntpd start3. 在master和client端设置主机名和hostsPuppet 要求所有机器有完整的域名，如果没有 DNS 服务器提供域名的话，可以在机器上设置主机名rootmaster # vim /etc/sysconfig/rootmaster # vim /etc/hosts localhost localhost.localdomain localhost4 localhost4.localdomain4 :1 localhost localhost.localdomain localhost6 localhost6.localdomain6 35 36 37 4. 安装puppet官方源(都安装后，克隆改主机名)rootmaster # wget /el/6/products/x86_64/puppetlabs-release-6-7.noarch.rpmrootmaster # rpm -ivh puppetlabs-release-6-7.noarch.rpmrootmaster # yum update之上C/S都安装二、Master端安装配置1. 安装 puppet-serverrootmaster # yum -y install puppet-server2. 添加自动签发证书编辑 /etc/puppet/puppet.conf 文件， 在main段内加入 autosign = true，server = rootmaster # vim /etc/puppet/puppet.confmain # The Puppet log directory. # The default value is $vardir/log. logdir = /var/log/puppet # Where Puppet PID files are kept. # The default value is $vardir/run. rundir = /var/run/puppet # Where SSL certificates are kept. # The default value is $confdir/ssl. ssldir = $vardir/ssl autosign = true server = 3. 启动Puppetmasterrootmaster # service puppetmaster startrootmaster # netstat -tunlp | grep :8140tcp 0 0 :8140 :* LISTEN 9148/ruby4. 开机启动rootmaster # chkconfig -list |grep puppetrootmaster # chkconfig puppetmaster onrootmaster # chkconfig -list |grep puppet 三、客户端安装配置1. puppet 安装rootclient1 # yum -y install puppet2. 为客户端指定puppet服务器,并开启Master的推送功能编辑 /etc/puppet/puppet.conf 文件，在agent段内加入 listen = true，server = rootclient1 # vim /etc/puppet/puppet.confagent # The file in which puppetd stores a list of the classes # associated with the retrieved configuratiion. Can be loaded in # the separate puppet executable using the -loadclasses # option. # The default value is $confdir/classes.txt. classfile = $vardir/classes.txt # Where puppetd caches the local configuration. An # extension indicating the cache format is added automatically. # The default value is $confdir/localconfig. localconfig = $vardir/localconfig listen = true server = 编辑 /etc/puppet/auth.conf 文件， 在 auth / 最下面加入以下语句rootclient1 # vim /etc/puppet/auth.confpath /run method save allow 3. 启动clientrootclient1 # service puppet startrootclient1 # netstat -tunlp | grep :81394. 开机启动rootclient1 # chkconfig puppet onrootclient1 # chkconfig -list |grep puppet测试rootclient1 #puppet agent -testrootmaster #puppet cert list -all在服务端安装puppet的dashboard安装mysql rootmaster # yum install ruby-mysql mysql-server puppet-dashboard优化mysql设置rootmaster # cp /usr/share/mysql/f /etc/frootmaster # vim /etc/fmysqldmax_allowed_packet = 32M启动Mysql服务rootmaster # service mysqld startrootmaster # chkconfig mysqld onrootmaster # chkconfig -list |grep mysqldrootmaster # mysqladmin -u root password 123456创建一个dashboard数据库rootmaster # mysql -uroot -p123456 CREATE DATABASE dashboard CHARACTER SET utf8; CREATE USER dashboardlocalhost IDENTIFIED BY 123456; GRANT ALL PRIVILEGES ON dashboard.* TO dashboardlocalhost; FLUSH PRIVILEGES; EOF配置Dashboardrootmaster # vim /usr/share/puppet-dashboard/config/database.ymlproduction:database: dashboardusername: dashboardpassword: 123456encoding: utf8adapter: mysql修改时区rootmaster # vim /usr/share/puppet-dashboard/config/environment.rbconfig.time_zone=Beijing初始化数据库rootmaster # cd /usr/share/puppet-dashboard/ rootmaster puppet-dashboard# rake RAILS_ENV=production db:migraterootmaster # service httpd stoprootmaster # service puppetmaster start rootmaster # service puppet-dashboard start 访问:3000 导入报告cd /usr/share/puppet-dashboardrake RAILS_ENV=production reports:import执行报告cd /usr/share/puppet-dashboardrake jobs:work RAILS_ENV=productionpuppet 部署实例1、puppet 文件部署rootmaster # mkdir -p /etc/puppet/modules/motdfiles,manifests,templatesrootmaster # cd /etc/puppet/modules/motd/filesrootmaster # mkdir etcrootmaster # vim motd-puppet test -rootmaster # vim /etc/puppet/modules/motd/manifests/init.ppclass motd #定义一个类叫motd package setup: #定义package资源 ensure = present, #要求setup这个包处于被安装状态 file /etc/motd: #定义file资源 ensure = present, #要求file文件处于存在状态 owner = root, #要求file文件属主为root group = root, #要求file文件属组为root mode = 0644, #要求file文件权限为644 source = puppet:/$puppetserver/modules/motd/etc/motd, #要求file文件从puppetmaster端服务器下载 require = Packagesetup, #要求文件被配置之前先执行package资源 rootmaster # vim /etc/puppet/manifests/site.pp$puppetserver = #设置全局变量node include motdrootclient1 #puppet agent -test2、puppet java部署rootmaster #mkdir vp /etc/puppet/modules/java7/files,templates,manifestsrootmaster # cd /etc/puppet/modules/java7/filesrootmaster files# wget /otn-pub/java/jdk/7u71-b14/jdk-7u71-linux-x64.tar.gz rootmaster modulesvim java7/manifests/init.pp class java7 include java7:install,java7:env rootmaster modulesvim java7/manifests/install.pp class java7:install file /usr/jdk-7u79-linux-x64.tar.gz: #指明文件下载到客户端的哪个路径 source= puppet:/modules/java7/jdk-7u79-linux-x64.tar.gz, #服务器上被下载的源文件 owner = root, group = root, mode = 755 exec install jdk: cwd = /usr, command = tar -zxvf jdk-7u79-linux-x64.tar.gz, user = root, group = root, path =/usr/bin:/usr/sbin:/bin:/sbin, creates =/usr/jdk1.7.0_79, require =File/usr/jdk-7u79-linux-x64.tar.gz files/env export JAVA_HOME=/usr/jdk1.7.0_79 exprot PATH=$JAVA_HOME/bin:$PATH export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar rootmaster modulesVim java7/manifests/env.ppclass java7:env file /usr/java/env: owner = root, group = root, source =puppet:/modules/java7/envexec set env: #set JAVA_HOME command =cat /usr/java/env/etc/profile & source /etc/profile, user = root, group = root, path =/usr/local/sbin,/usr/local/bin,/sbin,/bin,/usr/sbin,/usr/bin, unless = grep -i java_home /etc/profile,#if the return value is 1,do this command. require =File/usr/java/env vi /etc/puppet/manifests/nodes.pp nod