Shulou(Shulou.com)06/02 Report--

Puppet Automated Operation and maintenance tool

Puppet is an automation tool for operation and maintenance. In some large Internet enterprises, it can operate uniformly for multiple servers, such as unified deployment of software, unified online maintenance, etc., which means that operations deployed on one linux server will be synchronized to other linux servers through puppet. A powerful tool.

The port used by Puppet is 8139

Set up puppetmaster:

V Planning server hostname

# vim / etc/sysconfig/network

Modify the content:

NETWORKING=yes

HOSTNAME=master.test.cn

# vim / etc/hosts

Add a resolution record:

1.1.1.128 master.test.cn

1.1.1.129 client.test.cn

# hostname master.test.cn

# bash

V server time synchronization

# vim / etc/ntp.com

Add two lines:

Server 127.127.1.0

Fudge 127.127.1.0 stratum 8

# yum-y install ntpdate

# service ntpd restart

# chkconfig ntpd on

V install ruby

# yum-y install ruby

# ruby-v

V install puppet and facter

# useradd-s / sbin/nologin puppet

# tar xzvf facter-1.7.1.tar.gz

# cd facter-1.7.1

# ruby install.rb

# tar xzvf puppet-2.7.21.tar.gz

# cd puppet-2.7.21

# ruby install.rb

# cp conf/redhat/fileserver.conf / etc/puppet/

# cp conf/redhat/puppet.conf / etc/puppet/

# cp conf/redhat/server.init / etc/init.d/puppetmaster

# chmod + x / etc/init.d/puppetmaster

# mkdir / etc/puppet/manifests

# mkdir / etc/puppet/modules

V Puppet service certificate and signature

# iptables-F

# vim / etc/puppet/puppet.conf

On the main line, add:

Ssldir = $vardir/ssl

Modulepath = / etc/puppet/modules:/usr/share/puppet/modules

# / etc/init.d/puppetmaster start

Set up a client client:

V Planning server hostname

# vim / etc/sysconfig/network

NETWORKING=yes

HOSTNAME=client.test.cn

# vim / etc/hosts

1.1.1.128 master.test.cn

1.1.1.129 client.test.cn

# hostname client.test.cn

# bash

V synchronization service time

# ntpdate 1.1.1.128

V install ruby installation tools

# yum-y install ruby

# ruby-v

V install puppet and facter

# useradd-s / sbin/nologin puppet

# tar xzvf facter-1.7.1.tar.gz

# cd facter-1.7.1

# ruby install.rb

# tar xzvf puppet-2.7.2

# cd puppet-2.7.21

# ruby install.rb

# cp conf/redhat/puppet.conf / etc/puppet

# cp conf/redhat/client.init / etc/init.d/puppetclient

# chmod + x / etc/init.d/puppetclient

# iptables-F

# vim / etc/puppet/puppet.conf

Add content to the main item:

Ssldir = $vardir/ssl

Server = master.test.cn

V apply and register on the client side

# puppet agent-server=master.test.cn-no-daemonize-verbose

Submit registration information on the master side

# puppet cert-list to view the application list

# puppet cert sign-all submits registration information and creates a certificate in the following directory

# ll / var/lib/puppet/ssl/ca/signed View the registration information file on the client side

Case requirement: the port of the ssh service needs to be changed to 9922

Node entry storage directory: / etc/puppet/manifests/nodes

Module storage directory: / etc/puppet/modules

Puppet distribution deployment:

V create the necessary directory

# mkdir-p / etc/puppet/modules/ssh/ {manifests,templates,files}

# mkdir / etc/puppet/modules/ssh/files/ssh

# mkdir / etc/puppet/manifests/nodes

# chown-R puppet/ etc/puppet/modules/

# ll / etc/puppet/modules/ssh

Note: the ssh/manifests directory is the ssh module configuration file directory, and ssh/files is the file release directory of the ssh module.

V create module configuration file

# vim / etc/puppet/modules/ssh/manifests/install.pp determines whether the client installs the ssh service

Class ssh::install {

Package {"openssh":

Ensure = > present

}

}

# vim / etc/puppet/modules/ssh/manifests/config.pp configure files that need to be synchronized

Class ssh::config {define the class

File {"/ etc/ssh/sshd_config": file path

Ensure = > present, make sure that this file exists on the client

Owner = > "root", the user to which the file belongs

Group = > "root", the group to which the file belongs

Mode = > "0600", file properties

Source = > "puppet://$puppetserver/modules/ssh/ssh/sshd_config" to synchronize files from the server

Require = > Class ["ssh::install"], call the ssh::install class

Notify = > Class ["ssh::service"], notify service.pp if config.pp changes

}

}

# vim / etc/puppet/modules/ssh/manifests/service.pp

Class ssh::service {define the class

Service {"sshd":

Ensure= > running, make sure ssh is running

Hasstatus= > true to view the status of ssh service

Hasrestart= > true, restart the ssh service

Enable= > ture, whether the server is powered on

Require= > Class ["ssh::config"] calls the ssh::config class

}

}

# vim / etc/puppet/modules/ssh/manifests/init.pp module main configuration file

Class ssh {

Include ssh::install,ssh::config,ssh::service calls the above three classes

}

V copy the modified ssh configuration file to the default directory

# cp / etc/ssh/sshd_config / etc/puppet/modules/ssh/files/ssh/

# chown puppet/ etc/puppet/modules/ssh/files/ssh/sshd_config

V create a node profile

# vim / etc/puppet/manifests/nodes/ssh.pp

Node 'client.test.cn' {define client entry

Include ssh

}

# vim / etc/puppet/manifests/nodes/site.pp configure node location

Import "nodes/ssh.pp"

Synchronization method:

V client active pull

# puppet agent-t

V server push synchronization

2 client

# echo "listen = true" > > / etc/puppet/puppet.conf

# echo "allow *" > > / etc/puppet/auth.conf

# / etc/init.d/puppetclient restart

# vim / etc/ssh/sshd_config

# netstat-lnupt | grep ssh

2 server

# puppet kick client.test.cn

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.