服务配置Puppet管理方案.docx

服务配置管理应用与操作方案-陈英杰一业务需求描述：随着我们在线业务的扩大，需要对在线服务配置进行规范化的管理；二测试环境描述：Server：22配置启动PuppetmasterdClient：046配置启动Puppetd三安装与环境搭建参考Puppet安装手册四应用描述：使用Puppet.conf定义相关环境及功能，以site.pp作为执行代码入口，通过import和include引入文件、模块和类，按模块和类对服务环境进行配置管理和状态把握；1.Server应用：a).puppet.conf在默认配置中添加了如下配置：autosign=true/打开自动认证 autosign = /etc/puppet/autosign.conf/自动认证配置文件 templatedir = /etc/puppet/modules/模板文件读取路径默认隐藏配置：manifest = /etc/puppet/manifests/site.pp/代码读取进入口;The entry-point manifest for puppet mastermodulepath = /etc/puppet/modules:/usr/share/puppet/modules/模块默认搜索路径; The search path for modules as a colon-separated list of directories其他默认隐藏环境参数：可通过puppetmasterd genconfig 获取b).site.pp#公共环境声明Exec path = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin File ensure = present, mode = 0644, owner = root, group = root,$puppetserver=#通过import导入其他pp文件或模块#import modules.ppimport namedimport snmpdimport sysimport cron#import nodes/*.pp#使用node通过正则表达式匹配适当的分组或单个节点设备，并通过include引入模块中定义的类node /E09RMRH53T01.$/ include sys include snmpd #include namednode /.$/ include crontab_root include sys include snmpd include namednode /.$/ # include crontab_root include sys include snmpd include namednode default include sys include snmpd include namedc).文件结构|- manifests| |- modules.pp| - site.pp-主代码入口，引入模块和类|- modules-模块所在目录| |- cron-模块名称为文件夹名| | |- files-该模块下需要用的到相关文件| | |- manifests-该模块下pp代买主目录| | | - init.pp-该模块将被引入执行的pp代码| | - template-该模块下应用的文件模板| |- named| | |- files| | | |- named.conf-NAMED服务需要的文件| | | |- named.root| | | |- rndc.conf| | | - test.zone| | |- manifests| | | - init.pp-定义NAMED类| | - template| |- snake| | |- files| | | |- daemon_snake.sh| | | |- install_snake.sh| | | - snake-r163.tar.gz| | |- manifests| | | - init.pp| | - template| |- snmpd| | |- files| | | - snmpd.conf| | |- manifests| | | - init.pp| | - template| - sys| |- files| | |- resolv.conf| | - sys_init.sh| |- manifests| | - init.pp| - template2.Client应用：执行获取任务命令，从服务端下载伪代码，并在本地通过ruby执行，使任务生效，可通过crontab自定义执行时间和执行频率，相关命令如下：puppetd -test -server 五实际操作描述：1环境的建立与测试a）.Server端主机名定义：Server 2 主机名定义为：SFTP.;修改/etc/sysconfig/network中HOSTNAME为SFTP.；rootSFTP manifests# cat /etc/sysconfig/networkNETWORKING=yesHOSTNAME=SFTP.执行hostname SFTP.；b）.Server端Puppet.conf配置文件；添加如下配置：autosign=true autosign = /etc/puppet/autosign.conf templatedir = /etc/puppet/modulesc）.Client端添加Server端host解析：rootSC-A-10 tmp# cat /etc/hosts localhost localhost.localdomain localhost4 localhost4.localdomain4:1 localhost localhost.localdomain localhost6 localhost6.localdomain62 SFTP.增加Server端内网地址域名到host文件，保存；d）.在Server端建立Site文件测试环境；rootSFTP manifests# pwd/etc/puppet/manifestsYou have mail in /var/spool/mail/rootrootSFTP manifests# vi site.pp node default file /tmp/temp.txt:content =hello!;保存，退出。e）.在Client端执行Puppet,执行测试；执行：rootSC-A-10 # puppetd -test -server SFTP.info: Caching catalog for sc-a-10info: Applying configuration version 1320807719notice: /Stagemain/Nodedefault/File/tmp/temp.txt/ensure: defined content as md5e777f67b068b983360554b28cf6d0bb7notice: Finished catalog run in 0.05 seconds检查执行结果：rootSC-A-10 tmp# cat /tmp/temp.txt hello!rootSC-A-10 tmp#2真实环境搭建：a).建立主代码文件；Exec path = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin File ensure = present, mode = 0644, owner = root, group = root,$puppetserver=SFTP. node /SC-A-10/ include openssl include zdnsnode default file /tmp/temp.txt:content =hello!;b).建立如下目录结构，编写Puppet代码，安装openssl和zdns； rootSFTP modules# tree. openssl-OPENSSL模块 files openssl-1.0.0d.tar.gz openssl_install.sh-OPENSSL安装脚本 manifests init.pp-OPENSSL模块初始代码 template zdns-ZDNS服务模块 files-ZDNS所需相关文件 bind-9.7.4-b25600-p0.tar.gz bind-9.7.4.tar.gz chroot.tar.gz list 111 domain.cm domain.ct domain.cu domain.er domain.fc domain.ot domain.st nsutest.sh named_5301.conf named_5302.conf named_5303.conf named_5304.conf named.conf named.root rndc.conf test.zone zdns_install.sh-ZDNS服务安装脚本 manifests init.pp-ZDNS模块初始代码 template named_5301.conf.erb-ZDNS实例1 named.conf模板 named_5302.conf.erb-ZDNS实例2 named.conf模板 named_5303.conf.erb-ZDNS实例3 named.conf模板 named_5304.conf.erb-ZDNS实例4 named.conf模板c).两模块相关文件代码如下：AOpenssl Puppet执行代码：class openssl file /opt/openssl_install.sh: path = /opt/openssl_install.sh, ensure = present, mode = 744, source =puppet:/$puppetserver/openssl/openssl_install.sh; file /opt/openssl-1.0.0d.tar.gz: path = /opt/openssl-1.0.0d.tar.gz, ensure = present, mode = 644, source =puppet:/$puppetserver/openssl/openssl-1.0.0d.tar.gz; exec openssl_install.sh: require = File /opt/openssl_install.sh,/opt/openssl-1.0.0d.tar.gz, command = /opt/openssl_install.sh; B.Openssl安装脚本：#!/bin/bashPWD=pwdNAME=openssl-1.0.0dOpenssl_conf=/usr/local/ssl/libOpenssl_install () tar -zxvf $NAME.tar.gz cd $NAME ./config share make & make install echo $Openssl_conf /etc/ld.so.conf.d/$NAME.conf ldconfigwhereis opensslrel1=$?if $rel1 -ne 0 ;then Openssl_install else if $Openssl_conf != cat /etc/ld.so.conf.d/$NAME.conf ;then echo $Openssl_conf /etc/ld.so.conf.d/$NAME.conf ldconfig fifiCZDNS Puppet执行代码；class zdns File mode = 0644, owner = zdns, group = zdns, $Serverip01=0 user zdns: ensure = present, home = /home/zdns, shell = /bin/bash, # Install # file /opt/zdns_install.sh: path = /opt/zdns_install.sh, mode = 755, source =puppet:/$puppetserver/zdns/zdns_install.sh; file /opt/bind-9.7.4-b25600-p0.tar.gz: path = /opt/bind-9.7.4-b25600-p0.tar.gz, source =puppet:/$puppetserver/zdns/bind-9.7.4-b25600-p0.tar.gz; file /opt/chroot.tar.gz: path = /opt/chroot.tar.gz, source =puppet:/$puppetserver/zdns/chroot.tar.gz; exec /opt/zdns_install.sh: require = File /opt/zdns_install.sh,/opt/bind-9.7.4-b25600-p0.tar.gz,/opt/chroot.tar.gz, command = /opt/zdns_install.sh; # Named.conf # file named_5301.conf: path = /home/zdns/a/bind/chroot1/etc/named.conf, require = Exec /opt/zdns_install.sh, content = template(zdns/template/named_5301.conf.erb); file named_5302.conf: path = /home/zdns/a/bind/chroot2/etc/named.conf, require = Exec /opt/zdns_install.sh, content = template(zdns/template/named_5302.conf.erb); file named_5303.conf: path = /home/zdns/a/bind/chroot3/etc/named.conf, require = Exec /opt/zdns_install.sh, content = template(zdns/template/named_5303.conf.erb); file named_5304.conf: path = /home/zdns/a/bind/chroot4/etc/named.conf, require = Exec /opt/zdns_install.sh, content = template(zdns/template/named_5304.conf.erb); # Named.zone # file /home/zdns/a/bind/chroot1/etc/list/: path = /home/zdns/a/bind/chroot1/etc/list/, ensure = present, require = Exec /opt/zdns_install.sh, purge = true, recurse = true, force = true, source =puppet:/$puppetserver/zdns/list/; file /home/zdns/a/bind/chroot2/etc/list/: path = /home/zdns/a/bind/chroot2/etc/list/, ensure = present, require = Exec /opt/zdns_install.sh, purge = true, recurse = true, force = true, source =puppet:/$puppetserver/zdns/list/; file /home/zdns/a/bind/chroot3/etc/list/: path = /home/zdns/a/bind/chroot3/etc/list/, ensure = present, require = Exec /opt/zdns_install.sh, purge = true, recurse = true, force = true, source =puppet:/$puppetserver/zdns/list/; file /home/zdns/a/bind/chroot4/etc/list/: path = /home/zdns/a/bind/chroot4/etc/list/, ensure = present, require = Exec /opt/zdns_install.sh, purge = true, recurse = true, force = true, source =puppet:/$puppetserver/zdns/list/; # Links #file /home/zdns/a/bind/9/: ensure = link, mode = 777, target = /home/zdns/a/bind/9.7.4/, require = Exec /opt/zdns_install.sh;# type = link; file /home/zdns/a/bind/bind91: ensure = link, mode = 777, target = /home/zdns/a/bind/chroot1/bin/bind9, require = Exec /opt/zdns_install.sh;# type = link; file /home/zdns/a/bind/bind92: ensure = link, mode = 777, target = /home/zdns/a/bind/chroot2/bin/bind9, require = Exec /opt/zdns_install.sh;# type = link; file /home/zdns/a/bind/bind93: ensure = link, mode = 777, target = /home/zdns/a/bind/chroot3/bin/bind9, require = Exec /opt/zdns_install.sh;# type = link; file /home/zdns/a/bind/bind94: ensure = link, mode = 777, target = /home/zdns/a/bind/chroot4/bin/bind9, require = Exec /opt/zdns_install.sh;# type = link; # Zdns start # exec Zdns01_start: require = File /home/zdns/a/bind/bind91, command = /home/zdns/a/bind/bind91 start -p 5301; exec Zdns02_start: require = File /home/zdns/a/bind/bind92, command = /home/zdns/a/bind/bind92 start -p 5302; exec Zdns01_start: require = File /home/zdns/a/bind/bind93, command = /home/zdns/a/bind/bind93 start -p 5303; exec Zdns01_start: require = Fil