Shulou(Shulou.com)06/01 Report--

Moved from Sina blog on April 21, 2017.

In fact, we have already connected a client, that is, when the client is started), on the first connection, agent will initiate a request for authentication and use a private key to encrypt the connection. Puppet uses a SSL certificate to verify the connection between master and client. Client initiates a certificate request to master, then waits for master to sign and return the certificate.

To complete the connection, master needs to sign the certificate:

Puppet cert-- list displays the certificate waiting for signature

Puppet cert-sign client34.puppet.com signs the certificate initiated by client34

Puppet cert-- sign-- all signs all certificates waiting to be signed

Possible problems:

Err: Could not retrieve catalog: Could not find default node or by name whit... ..

Although agent is now connected to master and has signed and verified the session, there is no configuration available on master for agent, so receive this error message and add an available configuration to the node

1. Create the first configuration

Puppet calls the file that contains configuration data a manifest, and the puppet manifest consists of many components:

Resources: separate configuration items

Files: real files that can be sent to agent

Template: a template file that can be filled with files

Nodes: used to specify the configuration of each agent

Classes: containers for resources

Definition: composite container of resources

These components are guaranteed by a configuration language that contains variables, conditions, arrays, and other features

Extended site.pp file

The first step in creating the first agent configuration is to define and extend the stie.pp file

Vim / etc/puppet/manifests/site.pp

Import 'nodes.pp'

$puppetserver = 'master.puppet.com'

The # import instruction tells puppet to load one nodes.pp file or multiple files. Import 'nodes/*' will load all files with .pp extension in the nodes directory.

# $puppetserve defines a variable where puppetserve is assigned to specify puppet master and can be used in puppet configuration

Configuration of Agent

First you need to add a node definition

Vim / etc/puppet/manifests/nodes.pp

Node 'client34.puppet.com' {

Include sudo

Package {'vim': ensure = > present} # can also specify separate resources for a node

}

The include directive is used to specify the set of configurations that need to be applied to the host, and a node contains two sets of configurations:

Class: container module for resources: an advanced, portable resource easy to contain classes, definitions, and other puppet configurations

You can use multiple include instructions or separate them with commas

Include sudo

Include sshd

Include vim, syslog-ng

Create the first module

Each module needs a specific directory structure and a file called init.pp, which can help puppet load the module automatically. The module path can be set by the modulepath configuration item of the [main] section in puppet.conf, and the default paths / etc/puppet/modules/ and / var/lib/puppet/modules/

Here we create a module for sudo

Create a module structure

Mkdir-p / etc/puppet/modules/sudo/ {files,manifests, templates}

Touch / etc/puppet/modules/sudo/manifests/init.pp

Manifests is used to store init.pp files and other configurations. The init.pp file is the core of the module and each module must exist. The files directory stores some files belonging to the module. Templates contains any templates that may be used by the module.

Create an init.pp file for the sudo module

Vim/etc/puppet/modules/sudo/manifests/init.pp

Class sudo {

Package {sudo:

Ensure = > present

}

If $operatingsystem = = "Ubuntu" {

Package {"sudo-ldap":

Ensurce = > present

Require = > Package ["sudo"]

}

}

File {"/ etc/sudoers":

Owner = > "root"

Group = > "root"

Mode = > 0440

Source = > "puppet://$puppetserver/modules/sudo/etc/sudoers"

Require = > Package ["sudo"]

}

}

The init.pp file of the Sudo module contains a separate class, also known as the sudo; class, which contains three resources: two software packages and a file resource

The first package resource uses ensure = > present to ensure that the sudo package is installed, and the second package resource uses the if/ else syntax as the condition for installing the sudo-ldap package; there are two other conditional judgment statements: case and selector syntax >

Puppet checks the operatingsystem value of each connected client, and if the facet value of $operatingsystem is Ubuntu,puppet, the sudo-ldap package is installed.

The last resource in the Sudo class is a file resource File ["/ etc/sudoers"] to manage the / etc/sudoers file. The first three attributes specify the user, group and permissions of the file. The next attribute, source, allows puppet to get a file from the puppet file server and generate it to the client. The value of this attribute is the path of the puppet file server and the desired file.

The next part of Source tells puppet where to find the file, which is equivalent to a network shared file. The first part of the file is modules, indicating that the file is stored under a module, then specify the module, here is sudo, and finally specify the path within the module.

Require is a meta-parameter, and the meta-parameter require creates a dependency between the resource Package ["sudo-ldap"] and Package ["sudo"]. In this example, adding the require meta-parameter to the resource means that the high-speed puppet Package ["sudo-ldap"] depends on the Package ["sudo"], so the Package ["sudo"] resource must be executed first.

All the files stored in the module are located in the files directory, which can be thought of as the shared root of the module file. In this example, we will create the etc directory and sudoers file in files.

Mkdir-p / etc/puppet/modules/sudo/files/etc/

Cp / etc/sudoers / etc/puppet/modules/sudo/files/etc/sudoers

Note that everyone in / etc/puppet/modules/sudo/files/etc/sudoers has to be given readable access here.

Apply the first configuration

Once again, we allow puppet agent to observe this.

Since the file / etc/sudoers already exists in my virtual machine, delete it first

Rm-rf / etc/soduers

Puppet agent-server=master.puppet.com-no-daemonize-verbose-onetime

You can see that there is a sudoers file in / etc/, which means that we have successfully applied agent from master.

Or you can test the application by creating a file under / tmp

Vim / etc/puppet/manifests/nodes.pp

Node 'client34.puppet.com' {

File {"/ tmp/agent_test.txt": # this is the file path

Content = > "The Is Puppet testing!", # this is the content of the file

}

}

View the effect on the client side

At this point, the preliminary installation and test connection of Puppet is completed, and this is my first contact with puppet. I have installed and tested successfully at present. Other features need to be explored. If there is any incorrect or better way, please give me some advice!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.