Shulou(Shulou.com)06/03 Report--

Puppet is deployed in applications

1. Workflow

1) the client puppet calls facter (facter is a tool for collecting, detecting and analyzing client configuration information through ssl encryption), and facter detects some variables of the host, such as hostname, memory size, ip address, and so on. Puppet sends this information to the server side over a ssl connection

2) puppetmaster on the server side uses facter tool to analyze and detect the hostname of the client, then finds the corresponding node configuration in the project main configuration file mainfest, and parses this part of the content. The information sent by Facter can be processed as variables, the code involved in node is parsed, and the other codes not involved are not parsed. Parsing is divided into several stages. First, syntax checking is carried out. If the syntax is correct, the parsing continues to be parsed. The result of parsing generates an intermediate "pseudo code", and then sends the pseudocode to the client.

3) the client receives the pseudo code and executes it, and the client sends the result to the server.

4) the server writes the execution result of the client to the log.

The working process of Puppet has the following two points to note:

1) in order to ensure security, the relationship between client and master is based on ssl and certificate, and only client authenticated by master certificate can communicate with master.

2) Puppet will keep the system in a certain state that people expect, for example, detecting a file and ensuring that it always exists, ensuring that the ssh service is always open, and if the file is deleted or the ssh service is closed, the next time puppet executes (default is 30 minutes), the file will be recreated or the ssh service will be started.

Experimental environment:

Experimental objectives:

1. Manage the ssh service on the Clinet side through puppetmaster

two。 The client can actively pull

3.master can push actively.

First, set up ntp server (already installed)

Server 127.127.1.0

Fudge 127.127.1.0 stratum 8

[root@centos4 ~] # service ntpd start

[root@centos4 ~] # chkconfig ntpd on

Second, set up puppetmaster

1. Planning server hostname

[root@centos1 ~] # vim / etc/sysconfig/network

NETWORKING=yes

HOSTNAME=master.test.com

[root@centos1 ~] # hostname master.test.com

[root@centos1 ~] # bash

two。 Add hostname resolution; DNS services can be built on the Internet

[root@centos1 ~] # vim / etc/hosts

192.168.1.1 master.test.com

192.168.1.2 client1.test.com

192.168.1.3 client2.test.com

two。 Server time synchronization

[root@master ~] # yum-y install ntp (installed by default)

[root@master ~] # ntpdate 192.168.1.4

3. To install ruby, install compat-readline5 (on the system disk) first, or you can install it together

Since puppet is developed in Ruby language, whether it is source code or RPM mode to install puppet, we must first install the Ruby language environment.

[root@master] # rpm-ivh / mnt/Packages/compat-readline5-5.2-17.1.el6.x86_64.rpm

[root@master ~] # rpm-ivh / mnt/ruby-*.rpm

4. Check the ruby version

[root@master] # ruby-v

Ruby 1.8.7 (2011-06-30 patchlevel 352) [x86_64-linux]

5. Install facter installation

[root@master] # useradd-s / sbin/nologin puppet

Install the facter source package

[root@master] # tar zxf / mnt/facter-1.7.1.tar.gz-C / usr/src

[root@master ~] # cd / usr/src/facter-1.7.1/

[root@master facter-1.7.1] # ruby install.rb

6. Install the puppet source package

① installation

[root@master puppet-2.7.21] # tar zxf / mnt/puppet-2.7.21.tar.gz-C / usr/src

[root@master puppet-2.7.21] # cd / usr/src/puppet-2.7.21/

[root@master puppet-2.7.21] # ruby install.rb

② replication profile

[root@master puppet-2.7.21] # cp conf/redhat/fileserver.conf / etc/puppet/

[root@master puppet-2.7.21] # cp conf/redhat/puppet.conf / etc/puppet/

[root@master puppet-2.7.21] # cp conf/redhat/server.init / etc/init.d/puppetmaster

③ modifies file properties

[root@master puppet-2.7.21] # chmod + x / etc/init.d/puppetmaster

④ creates a puppet home directory

[root@master puppet-2.7.21] # mkdir / etc/puppet/manifests / / Store configuration file

[root@master puppet-2.7.21] # mkdir / etc/puppet/modules / / Storage module configuration

7.puppet service certificate request and signature

Master side configuration

①, turn off the firewall

# service iptables stop / / has been closed before

② modifies the configuration file. Add the following line under the [main] heading: configure the server module path

[root@master ~] # vim / etc/puppet/puppet.conf

Modulepath = / etc/puppet/modules:/usr/share/puppet/modules

③ starts the puppet main program

[root@master ~] # / etc/init.d/puppetmaster start

Starting puppetmaster: [OK]

④ View puppet listening Port

[root@master ~] # netstat-anpt | grep 8140

Tcp 0 0 0.0.0.0 8140 0.0.0.015 * LISTEN 2123/ruby

Second, set up puppetclient1

1. Planning server hostname

[root@centos1 ~] # vim / etc/sysconfig/network

NETWORKING=yes

HOSTNAME=client1.test.com

[root@centos1 ~] # hostname client1.test.com

[root@centos1 ~] # bash

two。 Add hostname resolution

[root@centos1 ~] # vim / etc/hosts

192.168.1.1 master.test.com

192.168.1.2 client1.test.com

192.168.1.3 client2.test.com

3. Make sure to reach puppetmaster through the domain name ping

[root@client1 ~] # ping master.test.com

PING master.test.com (192.168.1.1) 56 (84) bytes of data.

64 bytes from master.test.com (192.168.1.1): icmp_seq=1 ttl=64 time=7.29 ms

3. Server time synchronization

[root@client1 ~] # ntpdate 192.168.1.4

7 May 16:24:22 ntpdate [2532]: adjust time server 192.168.1.4 offset-0.144460 sec

4. To install ruby, install compat-readline5 (on the system disk) first, or you can install it together

[root@master] # rpm-ivh / mnt/Packages/compat-readline5-5.2-17.1.el6.x86_64.rpm

[root@master ~] # rpm-ivh / mnt/ruby-*.rpm

5 check the ruby version

[root@master] # ruby-v

Ruby 1.8.7 (2011-06-30 patchlevel 352) [x86_64-linux]

6. Install facter

[root@client1 facter-1.7.1] # useradd-s / sbin/nologin puppet

[root@client1] # tar zxf / mnt/facter-1.7.1.tar.gz-C / usr/src

[root@client1 ~] # cd / usr/src/facter-1.7.1/

[root@client1 facter-1.7.1] # ruby install.rb

7. Install puppet

[root@client1 facter-1.7.1] # tar zxf / mnt/puppet-2.7.21.tar.gz-C / usr/src

[root@client1 facter-1.7.1] # cd / usr/src//puppet-2.7.21/

[root@client1 puppet-2.7.21] # ruby install.rb

8. Copy Profil

[root@client1 puppet-2.7.21] # cp conf/redhat/puppet.conf / etc/puppet

[root@client1 puppet-2.7.21] # cp conf/redhat/client.init / etc/init.d/puppetclient

9. Modify file properties

[root@client1 puppet-2.7.21] # chmod + x / etc/init.d/puppetclient

10.puppet service certificate and signature

①, turn off the firewall

[root@client1 puppet-2.7.21] # service iptables stop / / has been closed before

② modifies client configuration file (two client configurations are exactly the same)

# vim / etc/puppet/puppet.conf

[main]

# The Puppet log directory.

# The default value is'$vardir/log'.

Logdir = / var/log/puppet

# Where Puppet PID files are kept.

# The default value is'$vardir/run'.

Rundir = / var/run/puppet

Server = master.test.com

Third, set up puppetclient2

1. Planning server hostname

[root@centos1 ~] # vim / etc/sysconfig/network

NETWORKING=yes

HOSTNAME=client2.test.com

[root@centos1 ~] # hostname client2.test.com

[root@centos1 ~] # bash

two。 Add hostname resolution

[root@centos1 ~] # vim / etc/hosts

192.168.1.1 master.test.com

192.168.1.2 client1.test.com

192.168.1.3 client2.test.com

3. Make sure to reach puppetmaster through the domain name ping

[root@client1 ~] # ping master.test.com

PING master.test.com (192.168.1.1) 56 (84) bytes of data.

64 bytes from master.test.com (192.168.1.1): icmp_seq=1 ttl=64 time=7.29 ms

3. Server time synchronization

[root@client1 ~] # ntpdate 192.168.1.4

7 May 16:24:22 ntpdate [2532]: adjust time server 192.168.1.4 offset-0.144460 sec

4. To install ruby, install compat-readline5 (on the system disk) first, or you can install it together

[root@master] # rpm-ivh / mnt/Packages/compat-readline5-5.2-17.1.el6.x86_64.rpm

[root@master ~] # rpm-ivh / mnt/ruby-*.rpm

5 check the ruby version

[root@master] # ruby-v

Ruby 1.8.7 (2011-06-30 patchlevel 352) [x86_64-linux]

6. Install facter

[root@client1 facter-1.7.1] # useradd-s / sbin/nologin puppet

[root@client1] # tar zxf / mnt/facter-1.7.1.tar.gz-C / usr/src

[root@client1 ~] # cd / usr/src/facter-1.7.1/

[root@client1 facter-1.7.1] # ruby install.rb

7. Install puppet

[root@client1 facter-1.7.1] # tar zxf / mnt/puppet-2.7.21.tar.gz-C / usr/src

[root@client1 facter-1.7.1] # cd / usr/src//puppet-2.7.21/

Chmod 0644 / usr/share/man/man8/puppet-node.8

[root@client1 puppet-2.7.21] # ruby install.rb

8. Copy Profil

[root@client1 puppet-2.7.21] # cp conf/redhat/puppet.conf / etc/puppet

[root@client1 puppet-2.7.21] # cp conf/redhat/client.init / etc/init.d/puppetclient

9. Modify file properties

[root@client1 puppet-2.7.21] # chmod + x / etc/init.d/puppetclient

10.puppet service certificate and signature

①, turn off the firewall

[root@client1 puppet-2.7.21] # service iptables stop / / has been closed

② modifies client configuration file (two client configurations are exactly the same)

# vim / etc/puppet/puppet.conf

[main]

# The Puppet log directory.

# The default value is'$vardir/log'.

Logdir = / var/log/puppet

# Where Puppet PID files are kept.

# The default value is'$vardir/run'.

Rundir = / var/run/puppet

Server = master.test.com

IV. Registration and application

1. Register on the client client1 and client2, respectively

[root@client1 puppet-2.7.21] # puppet agent-server=master.test.com-no-daemonize-verbose

[root@client2 puppet-2.7.21] # puppet agent-server=master.test.com-no-daemonize-verbose

The purpose of this directive is to start puppet agent in daemon-free mode. The advantage is that you can see the communication with the server and the process of certificate signing, which is convenient for debug. The default puppet requests a signature from the server every 2 minutes until it obtains a signed certificate from the server before start agent service

two。 View the clients applying for registration on master

[root@master ~] # puppet cert-- list / / View the client applying for registration

Client1.test.com (99:6A:C3:89:C8:1C:B5:75:24:BA:56:51:43:1E:EB:71)

Client2.test.com (B8:51:93:3D:5A:77:49:01:B6:1A:B8:EB:57:16:46:8B)

3. Register unregistered clients on master

[root@master] # puppet cert sign-- all

4. You can view registered clients through the directory

[root@master ~] # ll / var/lib/puppet/ssl/ca/signed/

Total 12

-rw-r- 1 puppet puppet 1915 May 7 17:59 client1.test.com.pem

-rw-r- 1 puppet puppet 1915 May 7 17:59 client2.test.com.pem

-rw-r- 1 puppet puppet 1988 May 7 16:17 master.test.com.pem

At this time, the client has completed the application and signature of the certificate.

V. configure an example

1. Configure a test node

N-node information: / etc/puppet/manifests/nodes

N module information: / etc/puppet/modules

In order to protect the SSH end of linux, modify the client sshd port in batch, change port 22 to 9922, and restart.

Create the ssh module. The module directory is ssh. There are three files under the module: manifests, templates and files.

N manifests: this directory is the directory where the configuration files are stored. It must contain an init.pp file, which is the entry file for the module.

When you import a module, it starts with init.pp. You can write all the code into init.pp, or you can divide it into multiple pp files, and init will include other files.

L must be ssh when defining the class class name, so that you can call the

The n files directory is the file release directory for the module, and puppet provides a file distribution mechanism / etc/ssh/sshd_conf

The n templates directory contains erb template files

Master side:

① creates the necessary directories needed

# mkdir-p / etc/puppet/modules/ssh/ {manifests,templates,files}

# mkdir / etc/puppet/manifests/nodes / / Node Directory function and client

# mkdir / etc/puppet/modules/ssh/files/ssh / / Control ssh service

# chown-R puppet/ etc/puppet/modules/ modify permissions

At this point, the structure under the / et/puppet/modules/ssh directory

[root@master ~] # ll / etc/puppet/modules/ssh

② create module configuration file install.pp

[root@master ~] # vim / etc/puppet/modules/ssh/manifests/install.pp

Class ssh::install {

Package {"openssh":

Ensure = > present

}

}

③ create module configuration file config.pp

[root@master ~] # vim / etc/puppet/modules/ssh/manifests/config.pp

Class ssh::config {

File {"/ etc/ssh/sshd_config":

Ensure = > present

Owner = > "root"

Group = > "root"

Mode = > "0600"

Source = > "puppet://$puppetserver/modules/ssh/ssh/sshd_config"

Require = > Class ["ssh::install"]

Notify = > Class ["ssh::service"]

}

}

④ creates service.pp

[root@master ~] # vim / etc/puppet/modules/ssh/manifests/service.pp

Class ssh::service {

Service {"sshd":

Ensure = > running

Hasstatus = > true

Hasrestart = > true

Enable = > true

Require = > Class ["ssh::config"]

}

}

⑤ creates the module main configuration file, loads the above configuration file, and enters the following information:

[root@master ~] # vim / etc/puppet/modules/ssh/manifests/init.pp

Class ssh {

Include ssh::install,ssh::config,ssh::service

}

There are four files under / etc/puppet/modules/ssh/manifests at this time.

[root@master ~] # ll / etc/puppet/modules/ssh/manifests/

⑥ sets up server ssh unified maintenance file

Since the server and client sshd_config files are the same by default, the server / etc/ssh/sshd_config is copied to the module default path at this time

[root@master ~] # cp / etc/ssh/sshd_config / etc/puppet/modules/ssh/files/ssh/

[root@master ~] #

⑦ creates the test node configuration file and loads the ssh into it

[root@master ~] # vim / etc/puppet/manifests/nodes/ssh.pp

⑧ loads the test node into puppet, that is, modify site.pp

[root@master ~] # vim / etc/puppet/manifests/site.pp

⑨ modifies the sshd_config configuration file maintained by the server

[root@master ~] # vim / etc/puppet/modules/ssh/files/ssh/sshd_config

Port 9922

⑩ restart puppet

[root@master ~] # / etc/init.d/puppetmaster restart

Stopping puppetmaster: [OK]

Starting puppetmaster: [OK]

two。 Client active pull Note: clinet1 test is used here; client2 is the same.

[root@client1 puppet] # puppet agent-t

① checks whether the client / etc/ssh/sshd_config configuration has changed automatically.

[root@client1 puppet] # vim / etc/ssh/sshd_config

Port 9922

② checks whether the server ssh service is restarted and whether the port is valid.

[root@client1 puppet] # netstat-tunlp | grep ssh

3. Server push synchronization

Client configuration

① modify configuration file

[root@client1 puppet] # vim / etc/puppet/puppet.conf

The last line is added as follows

Listen = true / / make puppet listen on port 8139

[root@client1 puppet] # vim / etc/puppet/auth.conf

Allow * / / allow any server to push

② starts the puppet client

[root@client1 puppet] # / etc/init.d/puppetclient start

Starting puppet: [OK]

[root@client1 puppet] # netstat-anpt | grep 8139 / / its own port number

③ modify / etc/ssh/sshd_config configuration file

[root@client1 puppet] # vim / etc/ssh/sshd_config

Port 22

[root@client1 puppet] # service sshd restart

Server-side configuration

④ pushes to the client from the server

[root@master ssh] # puppet kick client1.test.com

⑤ check result

[root@client1 puppet] # vim / etc/ssh/sshd_config

Port 9922

[root@client1 puppet] # service sshd restart

[root@client1 puppet] # netstat-anpt | grep 9922

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.