Shulou(Shulou.com)06/01 Report--

This article introduces the relevant knowledge of "how to install the automatic deployment tool puppet under the Ubuntu system". Many people will encounter this dilemma in the operation of actual cases, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

1. Set up the host file

In this tutorial, we will use two hosts running ubuntu 15.04 "Vivid Vervet", one as the master server and the other as the proxy node for puppet. The following is the basic information about the server we will use.

Puupet master server IP:44.55.88.6, hostname: puppetmaster

Puppet proxy node IP: 45.55.86.39, hostname: puppetnode

We need to add the corresponding entries to the hosts files of both the proxy node and the server, and use root or sudo access to edit the / etc/hosts file, as follows:

The code is as follows:

# nano / etc/hosts

45.55.88.6 puppetmaster.example.com puppetmaster

45.55.86.39 puppetnode.example.com puppetnode

Note that the puppet master server must run on port 8140, so be sure to open port 8140.

two。 Update time with NTP

The system time used by the puppet proxy node must be accurate to avoid problems with the proxy certificate. If there is a time difference, the certificate will expire, so the system time of the server and the proxy node must be synchronized with each other. We use NTP (Network Time Protocol Network time Protocol) to synchronize time. Run the following command on the server and the agent node to synchronize the time.

The code is as follows:

# ntpdate pool.ntp.org

17 Jun 00:17:08 ntpdate: adjust time server 66.175.209.17 offset-0.001938 sec

(LCTT translation note: displaying a similar output indicates that it is running normally)

If ntp is not installed, update your software repository and install and run the ntp service with the following command

The code is as follows:

# apt-get update & & sudo apt-get-y install ntp; service ntp restart

3. Install master server software

There are many ways to install an open source version of puppet. In this tutorial, we download a software source called puppetlabs-release from the puppet Lab website, which will add puppetmaster-passenger to the software source after installation. Puppetmaster-passenger includes a puppet master server with apache. Let's start downloading this package:

The code is as follows:

# cd / tmp/

# wget https://apt.puppetlabs.com/puppetlabs-release-trusty.deb

-- 2015-06-17 00 1914 26 muri-https://apt.puppetlabs.com/puppetlabs-release-trusty.deb

Resolving apt.puppetlabs.com (apt.puppetlabs.com)... 192.155.89.90, 2600:3c03::f03c:91ff:fedb:6b1d

Connecting to apt.puppetlabs.com (apt.puppetlabs.com) | 192.155.89.90 |: 443. Connected.

HTTP request sent, awaiting response... 200 OK

Length: 7384 (7.2K) [application/x-debian-package]

Saving to: 'puppetlabs-release-trusty.deb'

Puppetlabs-release-tr 100% [= >] 7.21K -.-KB/s in 0.06s

2015-06-17 00:19:26 (130 KB/s)-'puppetlabs-release-trusty.deb' saved [7384 hands 7384]

When the download is complete, let's install it:

The code is as follows:

# dpkg-I puppetlabs-release-trusty.deb

Selecting previously unselected package puppetlabs-release.

(Reading database... 85899 files and directories currently installed.)

Preparing to unpack puppetlabs-release-trusty.deb...

Unpacking puppetlabs-release (1.0-11).

Setting up puppetlabs-release (1.0-11).

Use the apt package management command to update the local software source:

The code is as follows:

# apt-get update

Now we can install puppetmaster-passenger

The code is as follows:

# apt-get install puppetmaster-passenger

Tip: an error may be reported during installation:

Warning: Setting templatedir is deprecated.see http://links.puppetlabs.com/env-settings-deprecations (at / usr/lib/ruby/vendor_ruby/puppet/settings.rb:1139:in `issue_deprecation_warning')

But don't worry, just ignore it, we just need to disable this item when setting up the configuration file.

How to check whether the puppet master server has been installed successfully? It's very simple, just use the following command to see its version.

The code is as follows:

# puppet-version

3.8.1

Now we have installed the puppet master server. Because we use passenger with apache, apache controls the puppet master server, and the puppet master server runs when apache is running.

Before we begin, we need to stop the puppet master server by stopping the apache service.

The code is as follows:

# systemctl stop apache2

4. Use the Apt tool to lock the version of the master server

Now that version 3.8.1 of puppet is installed, we lock this version and do not allow it to upgrade at will, because the upgrade will cause configuration file confusion. Using the apt tool to lock it, here we need to use a text editor to create a new file / etc/apt/preferences.d/00-puppet.pref:

The code is as follows:

# nano / etc/apt/preferences.d/00-puppet.pref

Add the following to the newly created file:

The code is as follows:

# / etc/apt/preferences.d/00-puppet.pref

Package: puppet puppet-common puppetmaster-passenger

Pin: version 3.8 *

Pin-Priority: 501

In this way, in the future system software upgrade, the puppet master server will not follow the system software upgrade.

5. Configure the Puppet master server

The Puppet master server, as a certificate issuer, needs to generate its own certificates for requests to sign certificates for all agents. First, we need to delete all ssl certificates created during the installation of the package. The local default puppet certificate is placed at / var/lib/puppet/ssl. So we just need to use the rm command to remove the certificates as a whole.

The code is as follows:

# rm-rf / var/lib/puppet/ssl

Now to configure the certificate, when creating the puppet master server certificate, we need to include each DNS name that the proxy node uses to communicate with the master server. Use a text editor to modify the server's configuration file puppet.conf:

The code is as follows:

# nano / etc/puppet/puppet.conf

The output looks like this

The code is as follows:

[main]

Logdir=/var/log/puppet

Vardir=/var/lib/puppet

Ssldir=/var/lib/puppet/ssl

Rundir=/var/run/puppet

Factpath=$vardir/lib/facter

Templatedir=$confdir/templates

[master]

# These are needed when the puppetmaster is run by passenger

# and can safely be removed if webrick is used.

Ssl_client_header = SSL_CLIENT_S_DN

Ssl_client_verify_header = SSL_CLIENT_VERIFY

Here we need to comment out templatedir this exercise it invalid. Then add the following information at the end of the [main] section of the file.

The code is as follows:

Server = puppetmaster

Environment = production

Runinterval = 1h

Strict_variables = true

Certname = puppetmaster

Dns_alt_names = puppetmaster, puppetmaster.example.com

Save and exit after editing.

Use the following command to generate a new certificate.

The code is as follows:

# puppet master-verbose-no-daemonize

Info: Creating a new SSL key for ca

Info: Creating a new SSL certificate request for ca

Info: Certificate Request fingerprint (SHA256): F6:2F:69:89:BA:A5:5E:FF:7F:94:15:6B:A7:C4:20:CE:23:C7:E3:C9:63:53:E0:F2:76:D7:2E:E0:BF:BD:A6:78

...

Notice: puppetmaster has a waiting certificate request

Notice: Signed certificate request for puppetmaster

Notice: Removing file Puppet::SSL::CertificateRequest puppetmaster at'/ var/lib/puppet/ssl/ca/requests/puppetmaster.pem'

Notice: Removing file Puppet::SSL::CertificateRequest puppetmaster at'/ var/lib/puppet/ssl/certificate_requests/puppetmaster.pem'

Notice: Starting Puppet master version 3.8.1

^ CNotice: Caught INT; storing stop

Notice: Processing stop

At this point, the certificate has been generated. Once we see Notice: Starting Puppet master version 3.8.1, it indicates that the certificate has been made. We press CTRL-C to return to the shell command line.

To view the information about the newly generated certificate, you can use the following command.

The code is as follows:

# puppet cert list-all

+ "puppetmaster" SHA256) 33:28:97:86:A1:C3:2F:73:10:D1:FB:42:DA:D5:42:69:71:84:F0:E2:8A:01:B9:58:38:90:E4:7D:B7:25:23:EC (alt names: "DNS:puppetmaster", "DNS:puppetmaster.example.com")

6. Create a Puppet manifest

The default main listing Manifest is / etc/puppet/manifests/site.pp. This main manifest file includes configuration definitions for execution at the agent node. Now let's create a manifest file:

The code is as follows:

# nano / etc/puppet/manifests/site.pp

Add the following lines to the file you just opened:

The code is as follows:

# execute 'apt-get update'

Exec {'apt-update': # exec resource named' apt-update'

Command = >'/ usr/bin/apt-get update' # command this resource will run

}

# install apache2 package

Package {'apache2':

Require = > Exec ['apt-update'], # require' apt-update' before installing

Ensure = > installed

}

# ensure apache2 service is running

Service {'apache2':

Ensure = > running

}

The above lines mean to deploy the apache web service to the proxy node.

7. Run the puppet master service

Now that you are ready to run the puppet master server, turn on the apache service to start it.

The code is as follows:

# systemctl start apache2

Our puppet master server is already running, but it can't manage any proxy nodes yet. Now let's add a proxy node to the puppet master server.

Hint: if you report an error

Job for apache2.service failed. See "systemctl status apache2.service" and "journalctl-xe" for details.

There must be something wrong with the apache server. We can use root or sudo access to run apachectl start to view its output logs. During the execution of this tutorial, we found a certificate configuration problem for / etc/apache2/sites-enabled/puppetmaster.conf. Change the SSLCertificateFile / var/lib/puppet/ssl/certs/server.pem to SSLCertificateFile / var/lib/puppet/ssl/certs/puppetmaster.pem, and comment out the latter line SSLCertificateKeyFile. Then restart apache on the command line.

8. Install the software package for the Puppet agent node

We have prepared the puppet server, now we need a manageable agent node, we will install the puppet agent software on the node. Here we will install agent software for each node that needs to be managed and make sure that these nodes can query the server host through DNS. The latest agent software will be installed on the node puppetnode.example.com next.

On the agent node, use the following command to download the software package provided by puppet Labs:

The code is as follows:

# cd / tmp/

# wget https://apt.puppetlabs.com/puppetlabs-release-trusty.deb\

-- 2015-06-1700 Fraser 54VOR 42Mutual-https://apt.puppetlabs.com/puppetlabs-release-trusty.deb

Resolving apt.puppetlabs.com (apt.puppetlabs.com)... 192.155.89.90, 2600:3c03::f03c:91ff:fedb:6b1d

Connecting to apt.puppetlabs.com (apt.puppetlabs.com) | 192.155.89.90 |: 443. Connected.

HTTP request sent, awaiting response... 200 OK

Length: 7384 (7.2K) [application/x-debian-package]

Saving to: 'puppetlabs-release-trusty.deb'

Puppetlabs-release-tr 100% [= >] 7.21K -.-KB/s in 0.04s

2015-06-17 00:54:42 (162 KB/s)-'puppetlabs-release-trusty.deb' saved [7384 hands 7384]

We installed it using the debian package management system on ubuntu 15.04 with the following command:

# dpkg-I puppetlabs-release-trusty.deb

Use the apt package management command to update the local software source:

The code is as follows:

# apt-get update

Install through a remote warehouse:

The code is as follows:

# apt-get install puppet

The Puppet agent does not start by default. Here we need to modify the / etc/default/puppet file using a text editor to make it work:

The code is as follows:

# nano / etc/default/puppet

Change the value of START to "yes"

The code is as follows:

START=yes

Finally save and exit.

9. Use the Apt tool to lock the version of the agent software

As in the above steps, to prevent configuration file confusion caused by random upgrades, we will use the apt tool to lock it. To do this, create a file / etc/apt/preferences.d/00-puppet.pref using a text editor:

The code is as follows:

# nano / etc/apt/preferences.d/00-puppet.pref

Add the following to the newly created file

The code is as follows:

# / etc/apt/preferences.d/00-puppet.pref

Package: puppet puppet-common

Pin: version 3.8 *

Pin-Priority: 501

In this way, puppet will not be upgraded at will as the system software is upgraded.

10. Configure the puppet proxy node

We need to edit the puppet.conf file of the agent node to make it run.

The code is as follows:

# nano / etc/puppet/puppet.conf

It looks exactly the same as the server's configuration file. Also comment out the line templatedir. The difference is that here we need to delete all the sections about [master].

Assuming that the master server can be accessed by the name "puppet-master", our client should be able to connect and communicate with it. If not, we need to use the full host domain name puppetmaster.example.com

The code is as follows:

[agent]

Server = puppetmaster.example.com

Certname = puppetnode.example.com

Add the above three lines to the end of the file, and then the content of the file looks like this:

The code is as follows:

[main]

Logdir=/var/log/puppet

Vardir=/var/lib/puppet

Ssldir=/var/lib/puppet/ssl

Rundir=/var/run/puppet

Factpath=$vardir/lib/facter

# templatedir=$confdir/templates

[agent]

Server = puppetmaster.example.com

Certname = puppetnode.example.com

Finally save and exit.

Start the client software using the following command:

The code is as follows:

# systemctl start puppet

If all goes well, we won't see any output from the command line. On the first run, the proxy node generates a ssl certificate and sends a request to the server. After signature confirmation, the two machines can communicate with each other.

Tip: if this is the first proxy node you have added, it is recommended that you sign the certificate before adding another node. Once you are able to pass and run normally, go back and add other proxy nodes.

11. Sign the certificate request on the master server

The first time it runs, the proxy node generates an ssl certificate and sends a signing request to the server. After the master server signs the certificate of the proxy node server, the master server can communicate with the proxy server and control the proxy server.

Use the following command on the master server to list the current certificate request:

The code is as follows:

# puppet cert list

"puppetnode.example.com" (SHA256) 31:A1:7E:23:6B:CD:7B:7D:83:98:33:8B:21:01:A6:C4:01:D5:53:3D:A0:0E:77:9A:77:AE:8F:05:4A:9A:50:B2

Since only one proxy node server is set up, we will see only one request. Similar to the above, the full domain name of the proxy node is its host name.

Note that there is a "+" sign in front of it, indicating whether the certificate has been signed.

Use the puppet cert sign command with the hostname to sign the signature request, as follows:

The code is as follows:

# puppet cert sign puppetnode.example.com

Notice: Signed certificate request for puppetnode.example.com

Notice: Removing file Puppet::SSL::CertificateRequest puppetnode.example.com at'/ var/lib/puppet/ssl/ca/requests/puppetnode.example.com.pem'

The master server can now communicate and control its signed proxy nodes.

If you want to sign all current requests, you can use the-all option, as shown below:

The code is as follows:

# puppet cert sign-all

twelve。 Delete a Puppet certificate

If we want to remove a host, or if we want to rebuild a host and then add it. In the following example, we will show how to delete a certificate on the puppet master server. The commands used are as follows:

The code is as follows:

# puppet cert clean hostname

Notice: Revoked certificate with serial 5

Notice: Removing file Puppet::SSL::Certificate puppetnode.example.com at'/ var/lib/puppet/ssl/ca/signed/puppetnode.example.com.pem'

Notice: Removing file Puppet::SSL::Certificate puppetnode.example.com at'/ var/lib/puppet/ssl/certs/puppetnode.example.com.pem'

If we want to view all signed and unsigned requests, use the following command:

The code is as follows:

# puppet cert list-all

+ "puppetmaster" SHA256) 33:28:97:86:A1:C3:2F:73:10:D1:FB:42:DA:D5:42:69:71:84:F0:E2:8A:01:B9:58:38:90:E4:7D:B7:25:23:EC (alt names: "DNS:puppetmaster", "DNS:puppetmaster.example.com")

13. Deploy the Puppet manifest

After configuring and completing the puppet manifest, we now need to deploy the manifest to the proxy node server. To apply and load the main puppet manifest, we can use the following command on the proxy node server:

The code is as follows:

# puppet agent-test

Info: Retrieving pluginfacts

Info: Retrieving plugin

Info: Caching catalog for puppetnode.example.com

Info: Applying configuration version '1434563858'

Notice: / Stage[main] / Main/Exec [apt-update] / returns: executed successfully

Notice: Finished catalog run in 10.53 seconds

This shows us how the main list immediately affects a single server.

If the puppet manifest we intend to run has nothing to do with the main manifest, we can simply use puppet apply with the path of the corresponding manifest file. It applies the manifest only to the agent node where we run the manifest.

The code is as follows:

# puppet apply / etc/puppet/manifest/test.pp

14. Configure inventory for specific nodes

If we want to deploy a manifest to a particular node, we need the following configuration list.

Edit / etc/puppet/manifest/site.pp using a text editor on the master server:

The code is as follows:

# nano / etc/puppet/manifest/site.pp

Add the following content to it

The code is as follows:

Node' puppetnode', 'puppetnode1' {

# execute 'apt-get update'

Exec {'apt-update': # exec resource named' apt-update'

Command = >'/ usr/bin/apt-get update' # command this resource will run

}

# install apache2 package

Package {'apache2':

Require = > Exec ['apt-update'], # require' apt-update' before installing

Ensure = > installed

}

# ensure apache2 service is running

Service {'apache2':

Ensure = > running

}

}

The configuration here shows that we will install the apache service on two specified nodes named puppetnode and puppetnode1. Here you can add other specific nodes that we need to install and deploy.

15. Configuration inventory module

Modules are very useful for composite tasks, and there are many people in the Puppet community who contribute their module components.

On the master server, we will use the puppet module command to install the puppetlabs-apache module.

The code is as follows:

# puppet module install puppetlabs-apache

Warning: never use this module on a machine that has deployed an apache environment, or it will empty your apache configuration that is not managed by puppet.

Now use a text editor to modify the site.pp:

The code is as follows:

# nano / etc/puppet/manifest/site.pp

Add the following to install the apache service on top of puppetnode.

The code is as follows:

Node' puppet-node' {

Class {'apache':} # use apache module

Apache::vhost {'example.com': # define vhost resource

Port = > '80'

Docroot = >'/ var/www/html'

}

}

Save exit. Then rerun the listing to deploy the apache configuration for our proxy node.

This is the end of the introduction to "how to install the automated deployment tool puppet under the Ubuntu system". Thank you for reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.