本文概述
- 环境细节
- 安装Puppet服务器
- 安装Puppet服务器
- 配置人偶服务器
- 安装人偶代理
- 配置人偶代理
- 生成并签署证书
- Puppet样本示例
Puppet是DevOps领域中企业采用最多的配置管理工具之一。作为DevOps工程师, 你必须知道如何在系统上设置人偶。
但是在开始之前, 让我告诉你, 安装Puppet根本不是一件容易的事。如果你错过了一个步骤, 或者更改了本教程中提到的步骤流程, 即使在某个地方, 也可能会整日挠头, 出现很多错误, 但是设置将不完整。因此, 请非常仔细地遵循每个步骤。
Puppet具有客户端-服务器体系结构, 该体系结构由一个Puppet主服务器(服务器)和Puppet代理(客户端)组成。 Puppet Master具有所有配置, 并且可以编译配置并将其提供给Puppet代理。人偶代理会定期将事实发送到人偶主目录, 以请求目录。 Puppet Master将所需的目录发送回给Puppet代理。然后, Puppet Agent将该目录应用到节点上, 并向主节点报告。
现在, 你已经对Puppet有了基本的了解, 让我们开始设置Puppet Master和Puppet Agent。
如果你绝对是新手, 则可以参加此在线视频课程。环境细节我正在使用2台Ubuntu 18.04机器。一个将充当人偶大师, 另一个将充当人偶代理商。以下是机器的详细信息:
Puppet大师(服务器)
- 主机名:puppet, puppet.geekflate.com
- IP地址:192.168.0.108
- 主机名:puppetagent
- IP地址:192.168.0.107
在主节点上
[email
protected]:~$ sudo gedit /etc/hosts[sudo] password for geekflare:127.0.0.1 localhost127.0.1.1 geekflare192.168.0.108 puppet puppet.geekflare.com
在代理节点上
[email
protected]:~$ sudo gedit /etc/hosts127.0.0.1 localhost127.0.1.1 geekflare192.168.0.107 puppetagent192.168.0.108 puppet puppet.geekflare.com
现在, 我需要在主节点上获取一个Puppet存储库并进行更新。
下载人偶库。
[email
protected]:~$ wget https://apt.puppetlabs.com/puppet6-release-bionic.deb--2019-10-15 15:41:34-- https://apt.puppetlabs.com/puppet6-release-bionic.debResolving apt.puppetlabs.com (apt.puppetlabs.com)... 99.86.19.107, 99.86.19.59, 99.86.19.2, ...Connecting to apt.puppetlabs.com (apt.puppetlabs.com)|99.86.19.107|:443... connected.HTTP request sent, awaiting response... 200 OKLength: 11736 (11K) [application/x-debian-package]Saving to: ‘puppet6-release-bionic.deb’puppet6-release-bio 100%[===================>
] 11.46K --.-KB/s in 0s
2019-10-15 15:41:34 (236 MB/s) - ‘puppet6-release-bionic.deb’ saved [11736/11736]
添加并配置puppet 6 repo。
[email
protected]:~$ sudo dpkg -i puppet6-release-bionic.debSelecting previously unselected package puppet6-release.(Reading database ... 187041 files and directories currently installed.)Preparing to unpack puppet6-release-bionic.deb ...Unpacking puppet6-release (6.0.0-5bionic) ...Setting up puppet6-release (6.0.0-5bionic) ...
更新存储库列表。
[email
protected]:~$ sudo apt updateHit:1 https://download.docker.com/linux/ubuntu bionic InReleaseHit:2 http://security.ubuntu.com/ubuntu cosmic-security InRelease
Hit:3 http://ppa.launchpad.net/ansible/ansible/ubuntu cosmic InRelease
Get:4 http://download.virtualbox.org/virtualbox/debian cosmic InRelease [4, 429 B]Get:5 http://apt.puppetlabs.com bionic InRelease [85.3 kB]
Hit:6 http://us.archive.ubuntu.com/ubuntu cosmic InRelease
Hit:7 http://us.archive.ubuntu.com/ubuntu cosmic-updates InRelease
Get:8 http://download.virtualbox.org/virtualbox/debian cosmic/contrib amd64 Packages [1, 466 B]Get:9 http://apt.puppetlabs.com bionic/puppet6 all Packages [13.5 kB]Hit:10 http://us.archive.ubuntu.com/ubuntu cosmic-backports InReleaseGet:11 http://apt.puppetlabs.com bionic/puppet6 i386 Packages [13.5 kB]Get:12 http://apt.puppetlabs.com bionic/puppet6 amd64 Packages [32.3 kB]Fetched 151 kB in 2s (61.9 kB/s)
Reading package lists... DoneBuilding dependency tree
Reading state information... Done234 packages can be upgraded. Run 'apt list --upgradable' to see them.
安装Puppet服务器让我们在主节点上运行以下命令以在其上安装人偶服务器。
[email
protected]:~$ sudo apt install -y puppetserverReading package lists... DoneBuilding dependency tree
Reading state information... DoneThe following additional packages will be installed:
ca-certificates-java java-common openjdk-8-jre-headless puppet-agentSuggested packages:
default-jre fonts-dejavu-extra fonts-ipafont-gothic fonts-ipafont-mincho
fonts-wqy-microhei fonts-wqy-zenheiThe following NEW packages will be installed:
ca-certificates-java java-common openjdk-8-jre-headless puppet-agent
puppetserver0 upgraded, 5 newly installed, 0 to remove and 234 not upgraded.Need to get 109 MB of archives.After this operation, 287 MB of additional disk space will be used.Get:1 http://us.archive.ubuntu.com/ubuntu cosmic/main amd64 java-common all 0.68ubuntu1 [6, 988 B]Get:2 http://apt.puppetlabs.com bionic/puppet6 amd64 puppet-agent amd64 6.10.1-1bionic [19.9 MB]Get:3 http://us.archive.ubuntu.com/ubuntu cosmic-updates/universe amd64 openjdk-8-jre-headless amd64 8u212-b03-0ubuntu1.18.10.1 [27.2 MB]Get:4 http://apt.puppetlabs.com bionic/puppet6 amd64 puppetserver all 6.7.1-1bionic [61.5 MB]Get:5 http://us.archive.ubuntu.com/ubuntu cosmic/main amd64 ca-certificates-java all 20180516ubuntu1 [12.3 kB]Fetched 109 MB in 1min 41s (1, 072 kB/s)
Unpacking puppetserver (6.7.1-1bionic) ...Setting up puppet-agent (6.10.1-1bionic) ...Created symlink /etc/systemd/system/multi-user.target.wants/puppet.service → /lib/systemd/system/puppet.service.Created symlink /etc/systemd/system/multi-user.target.wants/pxp-agent.service → /lib/systemd/system/pxp-agent.service.Removed /etc/systemd/system/multi-user.target.wants/pxp-agent.service.Setting up java-common (0.68ubuntu1) ...Processing triggers for libc-bin (2.28-0ubuntu1) ...Processing triggers for systemd (239-7ubuntu10.12) ...Processing triggers for man-db (2.8.4-2) ...Processing triggers for ca-certificates (20180409) ...Updating certificates in /etc/ssl/certs...0 added, 0 removed;
done.Running hooks in /etc/ca-certificates/update.d...done.Setting up ca-certificates-java (20180516ubuntu1) ...head: cannot open '/etc/ssl/certs/java/cacerts' for reading: No such file or directoryAdding debian:SSL.com_EV_Root_Certification_Authority_ECC.pemAdding debian:ssl-cert-snakeoil.pemAdding debian:SwissSign_Gold_CA_-_G2.pemAdding debian:SZAFIR_ROOT_CA2.pemAdding debian:OpenTrust_Root_CA_G3.pemAdding debian:TWCA_Root_Certification_Authority.pemAdding debian:QuoVadis_Root_CA_2_G3.pemAdding debian:DST_Root_CA_X3.pemAdding debian:SecureSign_RootCA11.pemAdding debian:QuoVadis_Root_CA_1_G3.pemAdding debian:T-TeleSec_GlobalRoot_Class_3.pemAdding debian:Go_Daddy_Root_Certificate_Authority_-_G2.pemAdding debian:Actalis_Authentication_Root_CA.pemAdding debian:Chambers_of_Commerce_Root_-_2008.pemdone.Processing triggers for ca-certificates (20180409) ...Updating certificates in /etc/ssl/certs...0 added, 0 removed;
done.Running hooks in /etc/ca-certificates/update.d...done.done.Setting up openjdk-8-jre-headless:amd64 (8u212-b03-0ubuntu1.18.10.1) ...Setting up puppetserver (6.7.1-1bionic) ...usermod: no changesProcessing triggers for systemd (239-7ubuntu10.12) ...
配置人偶服务器编辑puppetserver文件, 如下所示。这用于配置人偶服务器的JVM。
[email
protected]:~$ sudo gedit /etc/default/puppetserver
# Modify this if you'd like to change the memory allocation, enable JMX, etcJAVA_ARGS="-Xms512m -Xmx512m -Djruby.logger.class=com.puppetlabs.jruby_utils.jruby.Slf4jLogger"
编辑人偶配置文件以修改人偶服务器设置。
[email
protected]:~$ sudo gedit /etc/puppetlabs/puppet/puppet.conf# This file can be used to override the default puppet settings.# See the following links for more details on what settings are available:# - https://puppet.com/docs/puppet/latest/config_important_settings.html# - https://puppet.com/docs/puppet/latest/config_about_settings.html# - https://puppet.com/docs/puppet/latest/config_file_main.html# - https://puppet.com/docs/puppet/latest/configuration.html[master]vardir = /opt/puppetlabs/server/data/puppetserverlogdir = /var/log/puppetlabs/puppetserverrundir = /var/run/puppetlabs/puppetserverpidfile = /var/run/puppetlabs/puppetserver/puppetserver.pidcodedir = /etc/puppetlabs/codedns_alt_names = puppet, puppet.geekflare.com[main]certname = puppet.geekflare.comserver = puppet.geekflare.comenvironment = productionruninterval = 15m
Puppet服务器需要生成一个根和中间签名CA。
[email
protected]:~$ sudo /opt/puppetlabs/bin/puppetserver ca setupGeneration succeeded. Find your files in /etc/puppetlabs/puppet/ssl/ca
启动并启用人偶服务器服务。
[email
protected]:~$ sudo systemctl start puppetserver[email
protected]:~$ sudo systemctl enable puppetserverSynchronizing state of puppetserver.service with SysV service script with /lib/systemd/systemd-sysv-install.Executing: /lib/systemd/systemd-sysv-install enable puppetserver
安装人偶代理与在主系统上一样, 在代理节点上执行以下步骤。Puppet存储库需要出现在所有代理节点上。
[email
protected]:~$ wget https://apt.puppetlabs.com/puppet6-release-bionic.deb[email
protected]:~$ sudo dpkg -i puppet6-release-bionic.deb[email
protected]:~$ sudo apt update
在代理节点上运行以下命令以安装人偶代理。
[email
protected]:~$ sudo apt install -y puppet-agentReading package lists... DoneBuilding dependency tree
Reading state information... DoneThe following NEW packages will be installed:
puppet-agent0 upgraded, 1 newly installed, 0 to remove and 233 not upgraded.Need to get 19.9 MB of archives.After this operation, 115 MB of additional disk space will be used.Get:1 http://apt.puppetlabs.com bionic/puppet6 amd64 puppet-agent amd64 6.10.1-1bionic [19.9 MB]Fetched 19.9 MB in 2s (8, 488 kB/s)
Selecting previously unselected package puppet-agent.(Reading database ... 185786 files and directories currently installed.)Preparing to unpack .../puppet-agent_6.10.1-1bionic_amd64.deb ...Unpacking puppet-agent (6.10.1-1bionic) ...Setting up puppet-agent (6.10.1-1bionic) ...Created symlink /etc/systemd/system/multi-user.target.wants/puppet.service → /lib/systemd/system/puppet.service.Created symlink /etc/systemd/system/multi-user.target.wants/pxp-agent.service → /lib/systemd/system/pxp-agent.service.Removed /etc/systemd/system/multi-user.target.wants/pxp-agent.service.Processing triggers for libc-bin (2.28-0ubuntu1) ...
配置人偶代理编辑代理节点上的人偶配置文件。
[email
protected]:~$ sudo gedit /etc/puppetlabs/puppet/puppet.conf[main]certname = puppetagentserver = puppet.geekflare.comenvironment = productionruninterval = 15m
运行以下命令以启动人偶服务。该命令启动后也会自动启动。
[email
protected]:~$ sudo /opt/puppetlabs/bin/puppet resource service puppet ensure=running enable=trueservice { 'puppet':
ensure =>
'running',
enable =>
'true', }
生成并签署证书代理第一次启动时, 它将证书签名请求发送到人偶主服务器。主机需要检查并签署此证书。此后, 代理将从主数据库中获取目录, 并定期将其应用于代理节点。
【如何在Ubuntu 18上安装Puppet 6()】现在, up代理正在运行, 请在主节点上运行以下命令, 以检查其是否已收到任何证书签名请求。
在主节点上
[email
protected]:~$ sudo /opt/puppetlabs/bin/puppetserver ca list[sudo] password for geekflare:Requested Certificates:
puppetagent (SHA256) EA:68:23:B5:C3:71:2C:E6:4A:6A:3B:2F:24:F5:B8:5B:50:F7:3F:12:89:DE:B1:EB:D1:0A:74:3E:48:C3:D7:35
签署代理发送的证书。
[email
protected]:~$ sudo /opt/puppetlabs/bin/puppetserver ca list[sudo] password for geekflare:Requested Certificates:
puppetagent (SHA256) EA:68:23:B5:C3:71:2C:E6:4A:6A:3B:2F:24:F5:B8:5B:50:F7:3F:12:89:DE:B1:EB:D1:0A:74:3E:48:C3:D7:35
运行以下命令以检查所有证书列表。一个证书已经存在, 是默认的主节点证书, 另一个证书来自代理节点。
[email
protected]:~$ sudo /opt/puppetlabs/bin/puppetserver ca list --allSigned Certificates:
puppetagent (SHA256) EA:68:23:B5:C3:71:2C:E6:4A:6A:3B:2F:24:F5:B8:5B:50:F7:3F:12:89:DE:B1:EB:D1:0A:74:3E:48:C3:D7:35
puppet.geekflare.com (SHA256) 71:30:5B:C8:C5:CE:28:A0:60:5C:4F:39:26:D0:FC:DA:DF:0A:0F:4D:ED:D4:B1:9C:05:1A:38:2F:D6:5F:9C:06 alt names: ["DNS:puppet.geekflare.com", "DNS:puppet", "DNS:puppet.geekflare.com"]
在代理节点上
现在运行此命令以测试是否在主节点和代理节点之间建立了连接, 并且一切运行正常。
[email
protected]:~$ sudo /opt/puppetlabs/bin/puppet agent --testInfo: Using configured environment 'production'Info: Retrieving pluginfactsInfo: Retrieving pluginInfo: Retrieving localesInfo: Caching catalog for puppet-agentInfo: Applying configuration version '1571171191'Notice: Applied catalog in 0.02 seconds
Puppet样本示例让我们运行一个简单的Puppet示例。我将创建一个简单的Puppet清单, 该清单创建具有一定权限的目录。
在主节点上:
[email
protected]:~$ sudo gedit /etc/puppetlabs/code/environments/production/manifests/site.pp
输入以下内容。
node 'puppetagent' { # Applies only to mentioned node. If nothing mentioned, applies to all.
file { '/home/test': # Resource type file
ensure =>
'directory', # Create a directory
owner =>
'root', # Ownership
group =>
'root', # Group Name
mode =>
'0755', # Directory permissions
}}
现在, 运行以下命令以使代理伸出手来掌握和提取配置。运行此命令后, 它将在代理节点上创建该目录。
在代理节点上
[email
protected]:~$ sudo /opt/puppetlabs/bin/puppet agent --test[sudo] password for geekflare:Info: Using configured environment 'production'Info: Retrieving pluginfactsInfo: Retrieving pluginInfo: Retrieving localesInfo: Caching catalog for puppetagentInfo: Applying configuration version '1571333010'Notice: /Stage[main]/Main/Node[puppetagent]/File[/home/test]/ensure: createdNotice: Applied catalog in 0.05 seconds
运行ls命令, 以检查是否已成功创建控制器。
[email
protected]:~$ ls -l /home/total 32drwxr-xr-x 13 geekflare geekflare 4096 Jul 19 08:06 geekflaredrwx------ 2 root root 16384 Oct 23 2018 lost+founddrwxr-xr-x 23 geekflare geekflare 4096 Oct 17 11:02 geekflaredrwxr-xr-x 2 root root 4096 Oct 17 13:23 testdrwxr-xr-x 2 username username 4096 Jun 29 09:38 username
你去!
总结
这是一个简单的例子来演示其工作原理。但是, 想象一个更大的场景, 你必须在数百台服务器上安装或应用某种配置。Puppet可以帮助你在数分钟内实现。
如果你从事自动化并有兴趣了解更多信息, 则可以查看此Udemy课程, 其中涉及Ansible, Puppet和Salt。
推荐阅读
- 用于生产JAVA应用程序系统的10个重要JVM选项
- 如何在Ubuntu 18上安装Chef()
- 如何在VirtualBox上安装Linux Mint()
- 如何在CentOS 7和8上安装dig()
- 如何在Windows上安装Ansible()
- 如何使用Hyper-V在Windows 10上安装Ubuntu()
- 解决java.lang.IllegalArgumentException: There is no PasswordEncoder mapped for the id "null"
- app 立即杀进程导致 webview保存的cookie失效
- android 动画基础绘——view 动画[补]