Shulou(Shulou.com)06/03 Report--

Introduction to Puppet:

Puppet is a configuration management tool based on the Ruby language (earlier versions, Clojure on the Server side of 4 and later) and can manage Unix (including OS X), Linux, and Microsoft Windows platforms. At the same time, for R & D and operation and maintenance personnel, it is one of the important tools to achieve DevOps.

Application scenarios:

Unified configuration management software

Unified configuration system optimization parameters

Periodically check whether the service is running

Automatically configure reasonable properties for the software on the corresponding host according to the machine hardware environment

The operational model of Puppet: deployment layer

Puppet usually runs in Cramp S mode, the server side is called Puppet master, the client side is called Agent, and the client host is called Node. Agent establishes a connection with Master through standard SSL encryption authentication to obtain the configuration information needed by the machine.

When Agent does not get configuration information or has reached the configuration state, Puppet does not change the system. It only modifies the system when it is required. This is a key feature of Puppet, called Idempotency, and this modification process is called Configuration run.

Agent usually runs as a daemon, and by default interacts with Master every 30 minutes to confirm that the configuration item has changed, and this interval can be adjusted flexibly according to your own needs. You can also run it as cron or trigger Agent manually.

Configuration language and resource abstraction layer

Most scripting languages, such as Shell Perl, are imperative or procedural, that is, "how" to achieve the desired state, while the Puppet language is descriptive and only needs to describe what the final state is, regardless of how. For example, to install the vim package, the following steps are required for manual installation:

1. Connect to the host where the package needs to be installed

two。 Check to see if vim is installed

3. There is no installation. You need to choose the appropriate command to install according to the operating system of the host. For example, CentOS uses the yum command and Ubuntu uses the apt-get command.

4. The end of the installation confirms the success of the installation according to the returned results.

To install vim using Puppet, you only need to define a resource and define the state to be reached by the resource to package {'vim': ensure = > present,} transaction layer

The transaction layer is the working engine of Puppet. A Puppet transaction includes the complete process of configuring an Agent host, including the following steps:

Parsing and compiling configuration sends the compiled configuration to Agent, applies the compiled configuration on Agent, reports the running result to Master workflow Agent to visit Master to establish access trust relationship, including Master authorizes the signature of Agent certificate, and allows Agent to access Master resources to establish trust relationship, Master calls Agent's Facter to detect some machine variables of Agent host, such as operating system, host name, IP address, CPU and so on. Agent encrypts the information to Master,Master through SSL to obtain the information in the form of variables, receives the request from Agent using Master, sends them to the local manifests or ENC (external node classifier), then performs configuration information query to match the corresponding Node according to the HOSTNAME of Agent, checks the syntax and generates the corresponding CatalogAgent to receive the Catalog, and then applies it in the local machine. And according to the information in Catalog, determine whether there are any File files to be obtained from the Master side, and then initiate a request to Master Fileserver to obtain the file. The results of the execution will be reported to the Master in the form of a report that needs to be considered before the installation of the entire transaction is completed:

Version selection: the best version of Puppet is usually the latest release

Operation mode: server-client mode and stand-alone mode

Every time DNS:Agent connects to Master, it uses the domain name

Firewall: Puppet master listens on port 8140. If the firewall is enabled, port 8140 must be released. The Iptables configuration is as follows:

Iptables-An INPUT-p tcp-m state-- state NEW-- dport 8140-j ACCEPT

Iptables-An INPUT-p tcp-m state-- state NEW-s 172.16.0.0 ACCEPT 16-- sport 8140-j ACCEPT

NTP clock synchronization

Puppetmaster: cannot run on Windows host

Mixed version deployment: the version of the server must be higher than that of the client. 4.x and above do not support 3.x and below.

Hardware requirements: more than 2 to 4 core CPU,4GB memory, about 1000 nodes can be managed

Installation (from the official website)

Yum-based systems

To enable the Puppet 5 Platform repository:

1 Choose the package based on your operating system and version.

The packages are located in the puppet5 directory of the yum.puppet.com repository and named using the following convention:-release--.noarch.rpm For instance, the package for Puppet 5 Platform on Red Hat Enterprise Linux 7 (RHEL 7) is puppet5-release-el-7.noarch.rpm.

2 Use the rpm tool as root with the upgrade (- U) flag, and optionally the verbose (- v), and hash (- h) flags:

Enterprise Linux 7sudo rpm-Uvh https://yum.puppet.com/puppet5/puppet5-release-el-7.noarch.rpmEnterprise Linux 6sudo rpm-Uvh https://yum.puppet.com/puppet5/puppet5-release-el-6.noarch.rpmEnterprise Linux 5wget https://yum.puppet.com/puppet5/puppet5-release-el-5.noarch.rpmsudo rpm-Uvh puppet5-release-el-5.noarch.rpm

Note: For recent versions of Puppet, we no longer ship Puppet master components for RHEL 5. However, we continue to ship new versions of the puppet-agent package for RHEL 5 agents.

Fedora 26sudo rpm-Uvh https://yum.puppet.com/puppet5/puppet5-release-fedora-26.noarch.rpmFedora 25sudo rpm-Uvh https://yum.puppet.com/puppet5/puppet5-release-fedora-25.noarch.rpmSuSE Enterprise Linux 12sudo rpm-Uvh https://yum.puppet.com/puppet5/puppet5-release-sles-12.noarch.rpmSuSE Enterprise Linux 11sudo rpm-Uvh https://yum.puppet.com/puppet5/puppet5-release-sles-11.noarch.rpm

Apt-based systems

To enable the Puppet 5 Platform repository:

1 Choose the package based on your operating system and version. The packages are located in the apt.puppet.com repository and named using the convention-release-.debFor instance, the release package for Puppet Platform on Debian 7 "Wheezy" is puppet5-release-wheezy.deb. For Ubuntu releases, the code name is the adjective, not the animal.

2 Download the release package and install it as root using the dpkg tool and the install flag (- I): wget https://apt.puppetlabs.com/puppet5-release-wheezy.deb

3 sudo dpkg-I puppet5-release-wheezy.deb

4 Run apt-get update after installing the release package to update the apt package lists.

Ubuntu 16.04 Xenial Xeruswget https://apt.puppetlabs.com/puppet5-release-xenial.debsudo dpkg-I puppet5-release-xenial.debsudo apt updateUbuntu 14.04 Trusty Tahrwget https://apt.puppetlabs.com/puppet5-release-trusty.debsudo dpkg-I puppet5-release-trusty.debsudo apt-get updateDebian 9 Stretchwget https://apt.puppetlabs.com/puppet5-release-stretch.debsudo dpkg-I puppet5-release-stretch.debsudo apt-get updateDebian 8 Jessiewget https://apt.puppetlabs.com/puppet5-release- Jessie.debsudo dpkg-I puppet5-release-jessie.debsudo apt-get updateDebian 7 Wheezywget https://apt.puppetlabs.com/puppet5-release-wheezy.debsudo dpkg-I puppet5-release-wheezy.debsudo apt-get update [root@master1 yum.repos.d] # cat / etc/redhat-release CentOS Linux release 7.4.1708 (Core) [root@master1 yum.repos.d] # sudo rpm-Uvh https://yum.puppet.com/puppet5/puppet5-release-el-7.noarch.rpm[root @ master1 yum.repos.d] # yum list | grep puppetpuppet5-release.noarch 5.0.0-1.el7 installedbolt.x86_64 0.17.2-1.el7 puppet5 pdk.x86_64 1.4.1.1-1.el7 puppet5 Puppet-agent.x86_64 5.4.0-1.el7 puppet5 puppet-client-tools.x86_64 1.2.2-1.el7 puppet5 puppet-release.noarch 1.0.0-1.el7 puppet5 puppetdb.noarch 5.2.0-1.el7 puppet5 puppetdb-termini.noarch 5.2.0-1.el7 puppet5 puppetserver.noarch 5.2.0-1.el7 puppet5 razor-server.noarch 1.7.1-1.el7 puppet5 installation Puppet Master [ Root@master1 yum.repos.d] # sudo yum install-y puppetserver [root@master1 puppetlabs] # pwd/opt/puppetlabs [root@master1 puppetlabs] # bin/puppet-- version5.4.0 [root@master1 puppetlabs] # server/bin/puppetserver-- versionpuppetserver version: 5.2.0

When yum installs Master, the Agent package is also installed. The installation path for 4.x and above is / opt/puppetlabs/ directory, and the configuration file path is / etc/puppetlabs/ directory.

Install Puppet Agent [root@master1 yum.repos.d] # sudo yum install-y puppet-agent to modify the configuration file

The configuration file path of Puppet5.x is / etc/puppetlabs/puppet/ directory

Introduction to puppet.conf profile:

[main] for Puppet global configuration

[master] Master configuration for Puppet

[agent] Agent configuration for Puppet

[main] server = master1.tongwen.life # specify Puppet server address autoflush = false # whether to refresh the log to disk in real time logdir = / var/log/puppet # log directory rundir = / var/run/puppet # process pid file storage directory [master] reportdir = / var/lib/puppet/reports # report storage directory autosign = true # automatic authorization signature configuration file autosign = / etc/puppet/autosign.confbindaddress = 0.0.0.0 # puppetserver server Service snooping address masterport = 8140 # puppetserver service listening port evaltrace = true # defined as true You can see the process and changes performed [agent] certname = www1.tongwen.life # whether the hostname of the client daemonize = true # runs in the background, and true indicates whether allow_duplicate_certs = true # allows automatic certificate overwriting, which is not allowed by default Valid for 5 years report = true # whether to upload the execution result of the client to the resource reports = store, http # upload method report_server = master1.tongwen.life # store upload address report_port = 8140reporturl = http://localhost:3000/reports/uploadruninterval = 20m # client execution interval, default 30msplay = true # whether to add a random time to the execution time Integer between 0 and maximum random time splaylimit = 10m # maximum length of random time configtimeout = 2m # client gets configuration timeout color = ansi # whether log records are colored ignorecache = true # whether to ignore the local cache to start the service

If the memory configuration of the Master host is less than 2GB, you need to modify the initial memory of Java

Vi / etc/sysconfig/puppetserverJAVA_ARGS= "- Xms2g-Xmx2gsystemctl start puppetserver # launch server systemctl start puppet # launch agent signing certificate [root@master1 puppetlabs] # puppet cert list" node1.tongwen.life "(SHA256) E9:62:D5:7A:AD:1F:1D:DD:8F:0F:36:16:50:0C: [root@master1 puppetlabs] # puppet cert sign node1.tongwen.lifeSigning Certificate Request for:" node1.tongwen.life "(SHA256) E9:62:D5:7A: AD:1F:1D:DD:8F:0F:36:16:50:0C:11:D6:02:39:7B:CB:8C:87:C9:25:E0:F7:A2:D7:D9:55:3B:37Notice: Signed certificate request for node1.tongwen.lifeNotice: Removing file Puppet::SSL::CertificateRequest node1.tongwen.life at'/ etc/puppetlabs/puppet/ssl/ca/requests/node1.tongwen.life.pem' [root@master1 puppetlabs] # puppet cert sign-all # sign all

Perform puppet agent-test on agent to verify the authentication result of the certificate, and if there is an error, check whether the time is synchronized.

[root@master1 puppetlabs] # ntpdate cn.ntp.org.cn create configuration item [root@master1 manifests] # pwd/etc/puppetlabs/code/environments/production/manifestsvi site.ppnode 'node1.tongwen.life' {package {' vim': ensure = > present,}}

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.