puppet是一个为 实现数据中心自动化管理而设计的配置管理软件。
puppet的服务器端保存着所有的对客户端服务器的配置代码,在puppet里面叫做manifest(清单)。manifest(清单)存放在puppetmaster服务端。 puppet客户端下载manifest之后,可以根据manifest对客户端服务器进行配置,例如软件包管理,用户管理和文件管理等等。
pupput实现运维自动化管理的软件。
puppet的工作流程如下:
1. 客户端puppetd调用facter,facter探测出主机的一些变量,例如主机名,内存大小,ip地址等。pupppetd 把这些信息通过ssl连接发送到服务器端;
2.服务器端的puppetmaster 检测客户端的主机名,然后找到manifest里面对应的node配置,并对该部分内容进行解析,让对应的客户端执行。
3. 客户端接收到catalog日志,并且执行,客户端把执行结果发送给服务器;
4. 服务器端把客户端的执行结果写入日志
puppet安装配置
配置主机名
[root@server ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.220.138 server
192.168.220.139 client
[root@client ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.220.138 server
192.168.220.139 client
[root@server ~]# rpm -ivh http://yum.puppetlabs.com/el/7/products/x86_64/puppetlabs-release-7-12.noarch.rpm
[root@client ~]# rpm -ivh http://yum.puppetlabs.com/el/7/products/x86_64/puppetlabs-release-7-12.noarch.rpm
[root@server ~]# yum install openssl openssl-devel ruby -y
[root@client ~]# yum install openssl openssl-devel ruby -y
[root@server ~]# yum install puppet-server puppet -y
[root@client ~]# yum install puppet -y
[root@server ~]# ls /etc/puppet/
auth.conf environments fileserver.conf manifests modules puppet.conf
[root@client ~]# ls /etc/puppet/
auth.conf modules puppet.conf
# auth.conf --> client访问puppet server的ACL配置文件
# fileserver.conf --> puppet server 作为文件服务器的ACL配置文件
# puppet.conf --> Puppet服务器配置文件
# manifests --> Puppet脚本主文件目录,至少需要包含site.pp文件。site.pppuppet主文件(入口文件)。所有要在服务器上执行的操作都写在这种.pp结尾的文件中。
[root@server ~]# systemctl start puppetmaster
[root@server ~]# netstat -antup | grep 8140
tcp 0 0 0.0.0.0:8140 0.0.0.0:* LISTEN 4115/ruby
[root@server ~]# lsof -i:8140
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
puppet 4115 puppet 8u IPv4 24693 0t0 TCP *:8140 (LISTEN)
[root@client ~]# vim /etc/puppet/puppet.conf
添加
[agent]
server=server #指定puppetmaster主机名
[root@client ~]# systemctl restart puppet
[root@client ~]# puppet agent -t #发送认证
[root@server ~]# puppet cert list #查看证书
[root@server ~]# puppet cert --sign --list
"client" (SHA256) 18:E4:F0:93:C5:F3:DA:AB:72:4F:5E:B2:BE:7E:56:4E:02:78:AB:3D:16:98:C0:64:02:9A:49:9E:A2:C7:E4:FE
[root@server ~]# puppet cert --sign client #通过认证
[root@server ~]# ls /var/lib/puppet/ssl/ca/signed/
client.pem
案例测试
[root@server ~]# vim /etc/puppet/manifests/site.pp
node default{
file {"/tmp/test.txt":
content=>"this is test file;"
}
}
[root@client ~]# systemctl restart puppet
[root@client ~]# cat /tmp/test.txt
this is test file
[root@server ~]# vim /etc/puppet/manifests/site.pp
1 node default{
2 file { "/tmp/test.txt":
3 content=> "this is test file",
4 owner=> "puppet",
5 group=> "puppet",
6 mode=> 777;
7 }
8 }
[root@client opt]# puppet agent --test
[root@client opt]# ll /tmp/test.txt
-rwxrwxrwx 1 puppet puppet 17 8月 18 10:26 /tmp/test.txt