数据结构
网络
关系数据库管理系统 (RDBMS)
操作系统
Java
MS Excel
iOS
HTML
CSS
Android
Python
C语言编程
C++
C#
MongoDB
MySQL
Javascript
PHP
物理学
化学
生物学
数学
英语
经济学
心理学
社会学
时尚研究
法律研究如何在Ubuntu 16.04上安装和配置Puppet 4
在这篇文章中,我们将学习如何在Ubuntu 16.04上安装和配置Puppet 4。Puppet是一个配置管理工具,有助于系统管理员自动化任务。这类工具可以节省大量的时间和精力。
先决条件
在这篇文章中,我们需要至少两到三台具有以下要求的Ubuntu机器。
- 所有机器都拥有具有sudo权限的非root用户。
- 一台Puppet master服务器
- 一台或两台Puppet agent用于测试配置。
配置主机文件
所有服务器和客户端都需要使用主机名进行通信,通常情况下,这由DNS服务器完成。在这个演示中,我们没有DNS服务器,因此我们需要手动将主机名添加到`/etc/hosts`文件中。
需要在所有`/etc/hosts`文件中添加以下文本:
$sudo vi /etc/hosts 192.168.0.1 puppet 192.168.0.200 ubuntu1
默认情况下,Puppet master被称为“puppet”,这使得Puppet的设置非常容易。这意味着,我们需要分配Puppet服务器的IP地址,例如`192.168.0.1`,如果我们没有在Puppet master中指定这些值,Puppet客户端将无法与服务器通信。
安装和配置Puppet服务器
默认情况下,Ubuntu软件包管理器中没有Puppet软件包,我们将从Puppet官方仓库下载并安装它。以下是安装并向服务器机器添加Puppet仓库的命令:
以下是安装并向服务器机器添加Puppet仓库的命令:
puppet$ sudo curl -O https://apt.puppetlabs.com/puppetlabs-release-pc1-xenial.deb % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 13662 100 13662 0 0 7787 0 0:00:01 0:00:01 --:--:-- 7784 puppet$ sudo dpkg -i puppetlabs-release-pc1-xenial.deb Selecting previously unselected package puppetlabs-release-pc1. (Reading database ... 91848 files and directories currently installed.) Preparing to unpack puppetlabs-release-pc1-xenial.deb ... Unpacking puppetlabs-release-pc1 (1.1.0-2xenial) ... Setting up puppetlabs-release-pc1 (1.1.0-2xenial) ...
安装Puppet Master
puttet$ sudo apt-get update –y Hit:1 http://in.archive.ubuntu.com/ubuntu xenial InRelease Get:2 http://in.archive.ubuntu.com/ubuntu xenial-updates InRelease [102 kB] Get:3 http://security.ubuntu.com/ubuntu xenial-security InRelease [102 kB] Ign:4 http://apt.puppetlabs.com xenial InRelease Get:5 http://apt.puppetlabs.com xenial Release [13.3 kB] Get:6 http://apt.puppetlabs.com xenial Release.gpg [841 B] Get:7 http://in.archive.ubuntu.com/ubuntu xenial-backports InRelease [102 kB] Get:8 http://apt.puppetlabs.com xenial/PC1 amd64 Packages [11.9 kB] Get:9 http://apt.puppetlabs.com xenial/PC1 i386 Packages [11.4 kB] Get:10 http://apt.puppetlabs.com xenial/PC1 all Packages [6,786 B] Fetched 351 kB in 1s (192 kB/s) Reading package lists... Done
更新完成后,我们需要运行以下命令在本地Puppet服务器上安装Puppet。
puppet$ sudo apt-get install puppetserver Reading package lists... Done Building dependency tree Reading state information... Done The following additional packages will be installed: ca-certificates-java fontconfig-config fonts-dejavu-core java-common libavahi-client3 libavahi-common-data libavahi-common3 libcups2 libfontconfig1 libjpeg-turbo8 libjpeg8 liblcms2-2 libnspr4 libnss3 libnss3-nssdb libpcsclite1 libxi6 libxrender1 libxtst6 openjdk-8-jre-headless puppet-agent x11-common Suggested packages: default-jre cups-common liblcms2-utils pcscd openjdk-8-jre-jamvm libnss-mdns fonts-dejavu-extra fonts-ipafont-gothic fonts-ipafont-mincho ttf-wqy-microhei | ttf-wqy-zenhei fonts-indic The following NEW packages will be installed: ca-certificates-java fontconfig-config fonts-dejavu-core java-common libavahi-client3 libavahi-common-data libavahi-common3 libcups2 libfontconfig1 libjpeg-turbo8 libjpeg8 liblcms2-2 libnspr4 libnss3 libnss3-nssdb libpcsclite1 libxi6 libxrender1 libxtst6 openjdk-8-jre-headless puppet-agent puppetserver x11-common 0 upgraded, 23 newly installed, 0 to remove and 91 not upgraded. Need to get 79.8 MB of archives. After this operation, 246 MB of additional disk space will be used. Do you want to continue? [Y/n] y … … … Setting up libjpeg-turbo8:amd64 (1.4.2-0ubuntu3) ... Setting up liblcms2-2:amd64 (2.6-3ubuntu2) ... Setting up x11-common (1:7.7+13ubuntu3) ... update-rc.d: warning: start and stop actions are no longer supported; falling back to defaults Setting up libxtst6:amd64 (2:1.2.2-1) ... Setting up libnspr4:amd64 (2:4.12-0ubuntu0.16.04.1) ... Setting up java-common (0.56ubuntu2) ... Setting up libavahi-common-data:amd64 (0.6.32~rc+dfsg-1ubuntu2) ... Setting up libavahi-common3:amd64 (0.6.32~rc+dfsg-1ubuntu2) ... Setting up libavahi-client3:amd64 (0.6.32~rc+dfsg-1ubuntu2) ... Setting up libcups2:amd64 (2.1.3-4) ... Setting up libjpeg8:amd64 (8c-2ubuntu8) ... Setting up fonts-dejavu-core (2.35-1) ... Setting up fontconfig-config (2.11.94-0ubuntu1.1) ... … … … Setting up openjdk-8-jre-headless:amd64 (8u121-b13-0ubuntu1.16.04.2) ... update-alternatives: using /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/rmid to provide /usr/bin/rmid (rmid) in auto mode update-alternatives: using /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java to provide /usr/bin/java (java) in auto mode update-alternatives: using /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/keytool to provide /usr/bin/keytool (keytool) in auto mode update-alternatives: using /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/jjs to provide /usr/bin/jjs (jjs) in auto mode update-alternatives: using /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/pack200 to provide /usr/bin/pack200 (pack200) in auto mode update-alternatives: using /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/rmiregistry to provide /usr/bin/rmiregistry (rmiregistry) in auto mode update-alternatives: using /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/unpack200 to provide /usr/bin/unpack200 (unpack200) in auto mode update-alternatives: using /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/orbd to provide /usr/bin/orbd (orbd) in auto mode update-alternatives: using /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/servertool to provide /usr/bin/servertool (servertool) in auto mode update-alternatives: using /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/tnameserv to provide /usr/bin/tnameserv (tnameserv) in auto mode update-alternatives: using /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/jexec to provide /usr/bin/jexec (jexec) in auto mode Setting up puppetserver (2.7.2-1puppetlabs1) ... usermod: no changes Processing triggers for libc-bin (2.23-0ubuntu3) ... Processing triggers for systemd (229-4ubuntu10) ... Processing triggers for ureadahead (0.100.0-19) ...
启用Puppet服务器防火墙
安装后,我们需要为Puppet打开防火墙。Puppet的默认端口是8140,以下是打开Puppet服务器防火墙(UFW)以允许客户端传入连接的命令:
ubuntu@puppet:~$ sudo ufw allow 8140 Rules updated Rules updated (v6)
自定义Puppet服务器和节点的内存分配
默认情况下,将分配2GB内存给Puppet master,我们可以根据Puppet服务器的内存进行自定义。
我们需要编辑以下文件“`/etc/default/puppetserver`”,找到以下行并进行相应的编辑:`JAVA_ARGS="-Xms2g -Xmx2g -XX:MaxPermSize=256m"`,这里我使用4GB RAM。
ubuntu@puppet$ sudo nano /etc/default/puppetserver ########################################### # Init settings for puppetserver ########################################### # Location of your Java binary (version 7 or higher) JAVA_BIN="/usr/bin/java" # Modify this if you'd like to change the memory allocation, enable JMX, etc JAVA_ARGS="-Xms4g –Xmx4g -XX:MaxPermSize=256m" # These normally shouldn't need to be edited if using OS packages USER="puppet" GROUP="puppet" INSTALL_DIR="/opt/puppetlabs/server/apps/puppetserver" CONFIG="/etc/puppetlabs/puppetserver/conf.d" # Bootstrap path BOOTSTRAP_CONFIG="/etc/puppetlabs/puppetserver/services.d/,/opt/puppetlabs/server/apps/puppetserver/config/services.d/" # SERVICE_STOP_RETRIES can be set here to alter the default stop timeout in # seconds. For systemd, the shorter of this setting or 'TimeoutStopSec' in # the systemd.service definition will effectively be the timeout which is used. SERVICE_STOP_RETRIES=60 … …
完成配置后,我们需要启动Puppet Master并检查Puppet Master的状态。
ubuntu@puppet:~$ sudo systemctl start puppetserver ubuntu@puppet:~$ sudo systemctl status puppetserver puppet server.service - puppet server Service Loaded: loaded (/lib/systemd/system/puppetserver.service; disabled; vendor preset: enabled) Active: active (running) since Mon 2017-02-13 13:19:02 IST; 3s ago Process: 4943 ExecStart=/opt/puppetlabs/server/apps/puppetserver/bin/puppetserver start (code=exited, status=0/SUCCESS) Main PID: 4954 (java) Tasks: 26 Memory: 983.1M CPU: 50.819s CGroup: /system.slice/puppetserver.service └─4954 /usr/bin/java -Xms2g -Xmx2g -XX:MaxPermSize=256m -Djava.security.egd=/dev/urandom -XX:OnOutOfMemoryError=k Feb 13 13:18:10 puppet systemd[1]: Starting puppetserver Service... Feb 13 13:18:10 puppet puppetserver[4943]: OpenJDK 64-Bit Server VM warning: ignoring option MaxPermSize=256m; support was r Feb 13 13:19:02 puppet systemd[1]: Started puppetserver Service.
在Puppet节点上安装Agent
我们需要为所有客户端安装agent,为此,我们需要添加官方Puppet仓库,然后在客户端上安装agent。
ubuntu@ubuntu1:~$ sudo wget https://apt.puppetlabs.com/puppetlabs-release-pc1-xenial.deb --2017-02-13 13:24:49-- https://apt.puppetlabs.com/puppetlabs-release-pc1-xenial.deb Resolving apt.puppetlabs.com (apt.puppetlabs.com)... 192.155.89.90, 2600:3c03::f03c:91ff:fedb:6b1d Connecting to apt.puppetlabs.com (apt.puppetlabs.com)|192.155.89.90|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 13662 (13K) [application/x-debian-package] Saving to: ‘puppetlabs-release-pc1-xenial.deb’ puppetlabs-release-pc1-xeni 100%[=========================================>] 13.34K --.-KB/s in 0.01s 2017-02-13 13:24:50 (1.29 MB/s) - ‘puppetlabs-release-pc1-xenial.deb’ saved [13662/13662] ubuntu@ubuntu1:~$ sudo dpkg -i puppetlabs-release-pc1-xenial.deb Selecting previously unselected package puppetlabs-release-pc1. (Reading database ... 91848 files and directories currently installed.) Preparing to unpack puppetlabs-release-pc1-xenial.deb ... Unpacking puppetlabs-release-pc1 (1.1.0-2xenial) ... Setting up puppetlabs-release-pc1 (1.1.0-2xenial) ... sudo dpkg -i puppetlabs-release-pc1-xenial.deb Selecting previously unselected package puppetlabs-release-pc1. (Reading database ... 91848 files and directories currently installed.) Preparing to unpack puppetlabs-release-pc1-xenial.deb ... Unpacking puppetlabs-release-pc1 (1.1.0-2xenial) ... Setting up puppetlabs-release-pc1 (1.1.0-2xenial) ... $ sudo apt-get update Get:1 http://security.ubuntu.com/ubuntu xenial-security InRelease [102 kB] Hit:2 http://in.archive.ubuntu.com/ubuntu xenial InRelease Ign:3 http://apt.puppetlabs.com xenial InRelease Get:4 http://in.archive.ubuntu.com/ubuntu xenial-updates InRelease [102 kB] Get:5 http://apt.puppetlabs.com xenial Release [13.3 kB] Get:6 http://apt.puppetlabs.com xenial Release.gpg [841 B] Get:7 http://in.archive.ubuntu.com/ubuntu xenial-backports InRelease [102 kB] Get:8 http://apt.puppetlabs.com xenial/PC1 amd64 Packages [11.9 kB] Get:9 http://apt.puppetlabs.com xenial/PC1 i386 Packages [11.4 kB] Get:10 http://apt.puppetlabs.com xenial/PC1 all Packages [6,786 B] Fetched 351 kB in 1s (201 kB/s) Reading package lists... Done
添加仓库后,我们需要运行以下命令来安装agent:
ubuntu@ubuntu1:~$ sudo apt-get install puppet-agent Reading package lists... Done Building dependency tree Reading state information... Done The following NEW packages will be installed: puppet-agent 0 upgraded, 1 newly installed, 0 to remove and 91 not upgraded. Need to get 15.5 MB of archives. After this operation, 92.2 MB of additional disk space will be used. Get:1 http://apt.puppetlabs.com xenial/PC1 amd64 puppet-agent amd64 1.9.1-1xenial [15.5 MB] Fetched 15.5 MB in 32s (476 kB/s) Selecting previously unselected package puppet-agent. (Reading database ... 91853 files and directories currently installed.) Preparing to unpack .../puppet-agent_1.9.1-1xenial_amd64.deb ... Unpacking puppet-agent (1.9.1-1xenial) ... Processing triggers for libc-bin (2.23-0ubuntu3) ... Setting up puppet-agent (1.9.1-1xenial) ... Created symlink from /etc/systemd/system/multi-user.target.wants/puppet.service to /lib/systemd/system/puppet.service. Created symlink from /etc/systemd/system/multi-user.target.wants/mcollective.service to /lib/systemd/system/mcollective.service. Created symlink from /etc/systemd/system/multi-user.target.wants/pxp-agent.service to /lib/systemd/system/pxp-agent.service. Removed symlink /etc/systemd/system/multi-user.target.wants/pxp-agent.service. Processing triggers for libc-bin (2.23-0ubuntu3) ...
安装成功后,我们需要启动agent并在启动时启用它。
ubuntu@ubuntu1:~$ sudo systemctl start puppet ubuntu@ubuntu1:~$ sudo systemctl enable puppet
在Puppet Master上签署Agent节点签名证书
当我们第一次运行agent节点时,节点会将签名请求发送到Puppet master。在节点和Puppet master之间进行任何通信之前,会在Puppet master上创建一个证书签名请求。
要查看Puppet master当前的证书请求列表,请运行以下命令:
root@puppet:~# sudo /opt/puppetlabs/bin/puppet cert list "ubuntu1" (SHA256) 60:4C:AE:CE:BD:3F:EC:2F:C6:70:F6:45:62:EC:9A:AF:B2:8B:1C:42:4A:67:BB:C5:F6:F4:AE:BF:38:87:EA:9E
签署请求
要签署请求,请为特定节点运行以下命令:
$ sudo /opt/puppetlabs/bin/puppet cert sign ubuntu1 Signing Certificate Request for: "ubuntu1" (SHA256) 60:4C:AE:CE:BD:3F:EC:2F:C6:70:F6:45:62:EC:9A:AF:B2:8B:1C:42:4A:67:BB:C5:F6:F4:AE:BF:38:87:EA:9E Notice: Signed certificate request for ubuntu1 Notice: Removing file Puppet::SSL::CertificateRequest ubuntu1 at '/etc/puppetlabs/puppet/ssl/ca/requests/ubuntu1.pem'
要一次性签署所有节点的请求,请运行以下命令:
$ sudo /opt/puppetlabs/bin/puppet cert sign –all
创建和执行演示清单
演示清单示例
# vi /etc/puppetlabs/code/environments/production/manifests/site.pp
file {'/tmp/example-ip': # resource type file and filename
ensure => present, # make sure it exists
mode => '0644', # file permissions
content => "The Node IP address is ${ipaddress_eth0}!
", # note the ipaddress_eth0 fact
}这将显示位于`/tmp`文件夹中的IP地址,并且清单将确保所有节点在`/tmp`文件夹中都具有`example-IP`文件。
从客户端执行清单
以下是运行我们在服务器上创建的演示清单的命令:
root@ubuntu1:~# sudo /opt/puppetlabs/bin/puppet agent --test
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for ubuntu1
Info: Applying configuration version '1486993606'
Notice: /Stage[main]/Main/File[/tmp/example-ip]/ensure: defined content as '{md5}438876fa0fef0d66a99582754b266473'
Notice: Applied catalog in 0.21 seconds在本教程中,我们学习了如何安装和配置Puppet Master和Puppet节点,以及如何为节点添加证书签名。此外,我们还创建了一个演示清单并在节点上执行以获取结果。
更新于:2019年10月22日
162 次浏览
广告