Shulou(Shulou.com)06/01 Report--

Today, I would like to share with you the relevant knowledge of how puppet works. The content is detailed and the logic is clear. I believe most people still know too much about this knowledge, so share this article for your reference. I hope you can get something after reading this article. Let's take a look at it.

Introduction of Puppet

What is Puppet?

Puppet is a centralized configuration management system for Linux and Unix platforms. Using its own puppet description language, it can manage configuration files, users, cron tasks, software packages, system services and so on. Puppet calls these system entities resources. The design goal of puppet is to simplify the management of these resources and properly deal with the dependencies between resources. Puppet uses a C _ pact S star structure, with all clients interacting with one or more servers.

Each client cycle (default half hour) sends a request to the server to get the latest configuration information to ensure synchronization with the configuration information. Each puppet client connects to the server every half hour (you can set runinterval=30), downloads the latest configuration file, and configures the server strictly according to the configuration file. After the configuration is completed, the puppet client can feedback a message to the server. If something goes wrong, a message will be sent back to the server.

Why use puppet?

When you manage 10 servers, you're sure to say it's no big deal. There's no pressure.

When you manage 100 servers, you're sure to say it's no big deal.

When you manage 1000 + servers? Do you have a headache? different machines, different systems, different software versions, different configurations. In order to improve efficiency. Puppet came in handy.

How Puppet Architecture puppet works:

When Puppet is running in the background, it is executed every half an hour by default, which is not easy to modify. Consider not letting it run in the background but using crontab to call it. This allows precise control of the execution time of each client. Decentralized execution time can also reduce stress

The details of Puppet's work are divided into the following steps:

1. When the client puppetd calls facter, facter will detect some variables of the host, such as hostname, memory size, IP address, and so on. Puppetd then sends this information to the server.

2. The puppetmaster on the server side detects the hostname of the client, and then goes to the corresponding node configuration in manifest, and then parses the content. The information sent by facter can be processed as variables, and the code involved in node is parsed. Other code is not parsed. Parsing is divided into several processes: syntax checking, and then generating an intermediate pseudo code, and then sending the pseudo code to the client.

3. After receiving the pseudo code, the client will execute it, and the client will send the execution result to the server.

4. The server writes the execution result of the client to the log.

Puppet organizational structure:

Why talk about the organizational structure of puppet? When you have installed puppet, you will find that you do not know what its directory structure looks like. How should it be organized and what is reasonable? The puppet directory is under / etc/puppet.

The tree structure is as follows:

| |-- puppet.conf # Master configuration profile |-- fileserver.conf # File Server profile |-- auth.conf # Authentication profile |-- autosign.conf # automatic verification profile |-- tagmail.conf # email profile (send error message) |-- manifests # File Save | Storage directory (puppet reads the .PP file of the directory first) |-- nodes | puppetclient.pp |-- site.pp # defines puppet-related variables and default configuration. | |-- modules.pp # load class module file (include syslog) |-- modules # definition module |-- syslog # take syslog as an example | |-- file | |-- manifests | |-- init.pp # class class configuration | |-templates # | Module configuration directory |-- syslog.erb # erb template environment

Then start the installation. The source code installation is selected here. Puppet runs in the ruby environment, so you need to install ruby.

Upload ruby-1.8.6,facter-1.6.0 Puppet-2.7.1 to / tmp directory (see attachment for the three installation packages) tar zxvf ruby-1.8.6-p114.tar.gzcd ruby-1.8.6-p114./configuremakemake installcd / tmptar zxvf facter-1.6.0.tar.gzcd facter-1.6.0ruby install.rbcd / tmptar zxvf puppet-2.7.1.tar.gzcd puppet-2.7.1ruby install.rbmkdir-p / etc/puppet & & cp conf/redhat/* / etc/puppet/ & & cd ~

Add host file parsing

After installation, you need to write the hostname and IP to hosts, because puppet is recognized by hostname, so hostname is important to puppet:

Echo "192.168.1.100 puppetmaster" > > / etc/hostsecho "192.168.1.200 app_1" > > / etc/hosts

If you have turned on the firewall, you need to add port 8140 to the firewall.

-A RH-Firewall-1-INPUT-s 192.168.0 ACCEPT 255.255.0.0-p tcp-m tcp-- dport 8140-j ACCEPT

Run on the server side after completion

[root@cyy100 templates] # puppetmasterd

The client runs:

[root@cyy111] # puppetd-- server cyy100-- test

❝

PS: what is said here is that when the client requests a certificate from the server for the first time, it should make sure that the time on both sides is synchronized, or it will not report an error.

Err: Could not retrieve catalog from remote server: certificate verify failed

When this error occurs, first synchronize the time:

/ usr/sbin/ntpdate time.nist.gov

Then delete the SSL certificates on both sides

Rm-f / var/lib/puppet/ssl/ca/signed/caotest-2.cym.pem # server rm-rf / var/lib/puppet/ssl/ # client

And then re-verify

[root@cyy111] # puppetd-- server cyy100-- test

No problem should be successful. Puppet is executed every half an hour by default. It is recommended to use scheduled tasks to execute.

Experimental verification

You can write a random class to verify whether it is successful.

[root@cyy100 templates] # cd / etc/puppet [root@cyy100 puppet] # cd modules/ [root@cyy100 modules] # mkdir test/ [root@cyy100 modules] # mkdir test/manifests/ [root@cyy100 modules] # mkdir test/files/ [root@cyy100 modules] # vi test/files/init.pp

Write the following in init.pp

Class po {file {"/ tmp/test.txt": ensure = > present,group = > "root", owner = > "root", mode = > "0644", source = > "puppet:///test/test.txt"}}

Then create a test.txt file under / etc/puppet/modules/est/files and write to it:

Hello world!

Write at / etc/puppet/manifests/modules.pp:

Import "test"

Write in / etc/puppet/manifests/node:

Node 'cyy111' {include po}

Then execute it on the client side

Puppetd-server cyy100-test

You can see that the test.txt file is downloaded to the client's / tmp directory.

These are all the contents of the article "how does puppet work?" Thank you for reading! I believe you will gain a lot after reading this article. The editor will update different knowledge for you every day. If you want to learn more knowledge, please pay attention to the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.