puppet自動(dòng)化運(yùn)維工具
創(chuàng)新互聯(lián)建站主營(yíng)遂平網(wǎng)站建設(shè)的網(wǎng)絡(luò)公司,主營(yíng)網(wǎng)站建設(shè)方案,手機(jī)APP定制開發(fā),遂平h5微信小程序定制開發(fā)搭建,遂平網(wǎng)站營(yíng)銷推廣歡迎遂平等地區(qū)企業(yè)咨詢
Puppet是一款運(yùn)維自動(dòng)化工具,在一些大型的互聯(lián)網(wǎng)企業(yè),它可以針對(duì)多臺(tái)服務(wù)器進(jìn)行統(tǒng)一操作,如統(tǒng)一部署軟件,進(jìn)行統(tǒng)一上線維護(hù)等,意思就是說(shuō)在一臺(tái)linux服務(wù)器上所部署的操作,會(huì)通過puppet同步到其他linux服務(wù)器的一款強(qiáng)大工具。
Puppet使用的端口是8139
搭建puppetmaster:
v 規(guī)劃服務(wù)器主機(jī)名
# vim /etc/sysconfig/network
修改內(nèi)容:
NETWORKING=yes
HOSTNAME=master.test.cn
# vim /etc/hosts
添加解析記錄:
1.1.1.128 master.test.cn
1.1.1.129 client.test.cn
# hostname master.test.cn
# bash
v 服務(wù)器時(shí)間同步
#vim /etc/ntp.com
添加兩行:
server 127.127.1.0
fudge 127.127.1.0 stratum 8
# yum -y install ntpdate
#service ntpd restart
#chkconfig ntpd on
v 安裝ruby
# yum -y install ruby
#ruby -v
v 安裝puppet和facter
# useradd -s /sbin/nologin puppet
# tar xzvf facter-1.7.1.tar.gz
# cd facter-1.7.1
# ruby install.rb
# tar xzvf puppet-2.7.21.tar.gz
# cd puppet-2.7.21
# ruby install.rb
# cp conf/redhat/fileserver.conf /etc/puppet/
# cp conf/redhat/puppet.conf /etc/puppet/
# cp conf/redhat/server.init /etc/init.d/puppetmaster
# chmod +x /etc/init.d/puppetmaster
# mkdir /etc/puppet/manifests
# mkdir /etc/puppet/modules
v Puppet服務(wù)證書與簽名
# iptables -F
# vim /etc/puppet/puppet.conf
在main行添加:
ssldir = $vardir/ssl
modulepath = /etc/puppet/modules:/usr/share/puppet/modules
# /etc/init.d/puppetmaster start
搭建client客戶端:
v 規(guī)劃服務(wù)器主機(jī)名
# vim /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=client.test.cn
# vim /etc/hosts
1.1.1.128 master.test.cn
1.1.1.129 client.test.cn
# hostname client.test.cn
# bash
v 同步服務(wù)時(shí)間
# ntpdate 1.1.1.128
v 安裝ruby安裝工具
# yum -y install ruby
# ruby -v
v 安裝puppet和facter
#useradd -s /sbin/nologin puppet
# tar xzvf facter-1.7.1.tar.gz
# cd facter-1.7.1
# ruby install.rb
# tar xzvf puppet-2.7.2
# cd puppet-2.7.21
# ruby install.rb
# cp conf/redhat/puppet.conf /etc/puppet
# cp conf/redhat/client.init /etc/init.d/puppetclient
# chmod +x /etc/init.d/puppetclient
# iptables -F
# vim /etc/puppet/puppet.conf
在main項(xiàng)添加內(nèi)容 :
ssldir = $vardir/ssl
server = master.test.cn
v 在client端申請(qǐng)與注冊(cè)
# puppet agent --server=master.test.cn --no-daemonize --verbose
在master端提交注冊(cè)信息
# puppet cert --list 查看申請(qǐng)列表
# puppet cert sign --all 提交注冊(cè)信息,會(huì)在下面目錄中創(chuàng)建證書
#ll /var/lib/puppet/ssl/ca/signed 查看client端的注冊(cè)信息文件
案例需求:需要將ssh服務(wù)的端口統(tǒng)一更改為9922
節(jié)點(diǎn)入口存放目錄:/etc/puppet/manifests/nodes
模塊存放目錄:/etc/puppet/modules
Puppet分發(fā)部署:
v 創(chuàng)建必要目錄
#mkdir -p /etc/puppet/modules/ssh/{manifests,templates,files}
#mkdir /etc/puppet/modules/ssh/files/ssh
#mkdir /etc/puppet/manifests/nodes
#chown -R puppet /etc/puppet/modules/
#ll /etc/puppet/modules/ssh
注:ssh/manifests目錄是ssh模塊配置文件目錄,ssh/files是ssh模塊的文件發(fā)布目錄
v 創(chuàng)建模塊配置文件
# vim /etc/puppet/modules/ssh/manifests/install.pp 確定客戶端是否安裝ssh服務(wù)
class ssh::install{
package{ "openssh":
ensure => present,
}
}
# vim /etc/puppet/modules/ssh/manifests/config.pp 配置需要同步的文件
class ssh::config{ 定義類
file { "/etc/ssh/sshd_config": 文件路徑
ensure => present, 確定客戶端此文件存在
owner =>"root", 文件所屬用戶
group =>"root", 文件所屬組
mode =>"0600", 文件屬性
source =>"puppet://$puppetserver/modules/ssh/ssh/sshd_config",從服務(wù)器同步文件
require => Class["ssh::install"], 調(diào)用ssh::install類
notify => Class["ssh::service"], 如果config.pp發(fā)生變化通知service.pp
}
}
# vim /etc/puppet/modules/ssh/manifests/service.pp
class ssh::service { 定義類
service {"sshd":
ensure=>running, 確定ssh在運(yùn)行
hasstatus=>true, 查看ssh服務(wù)狀態(tài)
hasrestart=>true, 重啟ssh服務(wù)
enable=>ture, 服務(wù)器是否開機(jī)
require=>Class["ssh::config"] 調(diào)用ssh::config類
}
}
# vim /etc/puppet/modules/ssh/manifests/init.pp 模塊主配置文件
class ssh{
include ssh::install,ssh::config,ssh::service 調(diào)用上面三個(gè)類
}
v 復(fù)制已修改好的ssh的配置文件到默認(rèn)目錄
# cp /etc/ssh/sshd_config /etc/puppet/modules/ssh/files/ssh/
#chown puppet /etc/puppet/modules/ssh/files/ssh/sshd_config
v 創(chuàng)建節(jié)點(diǎn)配置文件
# vim /etc/puppet/manifests/nodes/ssh.pp
node 'client.test.cn' { 定義客戶端入口
include ssh
}
# vim /etc/puppet/manifests/nodes/site.pp 配置節(jié)點(diǎn)位置
import "nodes/ssh.pp"
同步方法:
v 客戶端主動(dòng)拉取
#puppet agent -t
v 服務(wù)器推送同步
2 客戶端
# echo "listen = true" >> /etc/puppet/puppet.conf
# echo "allow *" >> /etc/puppet/auth.conf
#/etc/init.d/puppetclient restart
#vim /etc/ssh/sshd_config
#netstat -lnupt |grep ssh
2 服務(wù)端
#puppet kick client.test.cn