資料結構
網路
關係資料庫管理系統 (RDBMS)
作業系統
Java
MS Excel
iOS
HTML
CSS
Android
Python
C語言程式設計
C++
C#
MongoDB
MySQL
Javascript
PHP
物理學
化學
生物學
數學
英語
經濟學
心理學
社會學
時尚研究
法律研究如何在Ubuntu 16.04上安裝和配置Puppet 4
在這篇文章中,我們將學習如何在Ubuntu 16.04上安裝和配置Puppet 4。Puppet是一個配置管理工具,有助於系統管理員自動化任務。這類工具可以節省大量的時間和精力。
先決條件
在這篇文章中,我們需要至少兩到三臺具有以下要求的Ubuntu機器。
- 所有機器都擁有具有sudo許可權的非root使用者。
- 一臺Puppet master伺服器
- 一臺或兩臺Puppet agent用於測試配置。
配置主機檔案
所有伺服器和客戶端都需要使用主機名進行通訊,通常情況下,這由DNS伺服器完成。在這個演示中,我們沒有DNS伺服器,因此我們需要手動將主機名新增到`/etc/hosts`檔案中。
需要在所有`/etc/hosts`檔案中新增以下文字:
$sudo vi /etc/hosts 192.168.0.1 puppet 192.168.0.200 ubuntu1
預設情況下,Puppet master被稱為“puppet”,這使得Puppet的設定非常容易。這意味著,我們需要分配Puppet伺服器的IP地址,例如`192.168.0.1`,如果我們沒有在Puppet master中指定這些值,Puppet客戶端將無法與伺服器通訊。
安裝和配置Puppet伺服器
預設情況下,Ubuntu軟體包管理器中沒有Puppet軟體包,我們將從Puppet官方倉庫下載並安裝它。以下是安裝並向伺服器機器新增Puppet倉庫的命令:
以下是安裝並向伺服器機器新增Puppet倉庫的命令:
puppet$ sudo curl -O https://apt.puppetlabs.com/puppetlabs-release-pc1-xenial.deb % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 13662 100 13662 0 0 7787 0 0:00:01 0:00:01 --:--:-- 7784 puppet$ sudo dpkg -i puppetlabs-release-pc1-xenial.deb Selecting previously unselected package puppetlabs-release-pc1. (Reading database ... 91848 files and directories currently installed.) Preparing to unpack puppetlabs-release-pc1-xenial.deb ... Unpacking puppetlabs-release-pc1 (1.1.0-2xenial) ... Setting up puppetlabs-release-pc1 (1.1.0-2xenial) ...
安裝Puppet Master
puttet$ sudo apt-get update –y Hit:1 http://in.archive.ubuntu.com/ubuntu xenial InRelease Get:2 http://in.archive.ubuntu.com/ubuntu xenial-updates InRelease [102 kB] Get:3 http://security.ubuntu.com/ubuntu xenial-security InRelease [102 kB] Ign:4 http://apt.puppetlabs.com xenial InRelease Get:5 http://apt.puppetlabs.com xenial Release [13.3 kB] Get:6 http://apt.puppetlabs.com xenial Release.gpg [841 B] Get:7 http://in.archive.ubuntu.com/ubuntu xenial-backports InRelease [102 kB] Get:8 http://apt.puppetlabs.com xenial/PC1 amd64 Packages [11.9 kB] Get:9 http://apt.puppetlabs.com xenial/PC1 i386 Packages [11.4 kB] Get:10 http://apt.puppetlabs.com xenial/PC1 all Packages [6,786 B] Fetched 351 kB in 1s (192 kB/s) Reading package lists... Done
更新完成後,我們需要執行以下命令在本地Puppet伺服器上安裝Puppet。
puppet$ sudo apt-get install puppetserver Reading package lists... Done Building dependency tree Reading state information... Done The following additional packages will be installed: ca-certificates-java fontconfig-config fonts-dejavu-core java-common libavahi-client3 libavahi-common-data libavahi-common3 libcups2 libfontconfig1 libjpeg-turbo8 libjpeg8 liblcms2-2 libnspr4 libnss3 libnss3-nssdb libpcsclite1 libxi6 libxrender1 libxtst6 openjdk-8-jre-headless puppet-agent x11-common Suggested packages: default-jre cups-common liblcms2-utils pcscd openjdk-8-jre-jamvm libnss-mdns fonts-dejavu-extra fonts-ipafont-gothic fonts-ipafont-mincho ttf-wqy-microhei | ttf-wqy-zenhei fonts-indic The following NEW packages will be installed: ca-certificates-java fontconfig-config fonts-dejavu-core java-common libavahi-client3 libavahi-common-data libavahi-common3 libcups2 libfontconfig1 libjpeg-turbo8 libjpeg8 liblcms2-2 libnspr4 libnss3 libnss3-nssdb libpcsclite1 libxi6 libxrender1 libxtst6 openjdk-8-jre-headless puppet-agent puppetserver x11-common 0 upgraded, 23 newly installed, 0 to remove and 91 not upgraded. Need to get 79.8 MB of archives. After this operation, 246 MB of additional disk space will be used. Do you want to continue? [Y/n] y … … … Setting up libjpeg-turbo8:amd64 (1.4.2-0ubuntu3) ... Setting up liblcms2-2:amd64 (2.6-3ubuntu2) ... Setting up x11-common (1:7.7+13ubuntu3) ... update-rc.d: warning: start and stop actions are no longer supported; falling back to defaults Setting up libxtst6:amd64 (2:1.2.2-1) ... Setting up libnspr4:amd64 (2:4.12-0ubuntu0.16.04.1) ... Setting up java-common (0.56ubuntu2) ... Setting up libavahi-common-data:amd64 (0.6.32~rc+dfsg-1ubuntu2) ... Setting up libavahi-common3:amd64 (0.6.32~rc+dfsg-1ubuntu2) ... Setting up libavahi-client3:amd64 (0.6.32~rc+dfsg-1ubuntu2) ... Setting up libcups2:amd64 (2.1.3-4) ... Setting up libjpeg8:amd64 (8c-2ubuntu8) ... Setting up fonts-dejavu-core (2.35-1) ... Setting up fontconfig-config (2.11.94-0ubuntu1.1) ... … … … Setting up openjdk-8-jre-headless:amd64 (8u121-b13-0ubuntu1.16.04.2) ... update-alternatives: using /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/rmid to provide /usr/bin/rmid (rmid) in auto mode update-alternatives: using /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java to provide /usr/bin/java (java) in auto mode update-alternatives: using /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/keytool to provide /usr/bin/keytool (keytool) in auto mode update-alternatives: using /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/jjs to provide /usr/bin/jjs (jjs) in auto mode update-alternatives: using /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/pack200 to provide /usr/bin/pack200 (pack200) in auto mode update-alternatives: using /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/rmiregistry to provide /usr/bin/rmiregistry (rmiregistry) in auto mode update-alternatives: using /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/unpack200 to provide /usr/bin/unpack200 (unpack200) in auto mode update-alternatives: using /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/orbd to provide /usr/bin/orbd (orbd) in auto mode update-alternatives: using /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/servertool to provide /usr/bin/servertool (servertool) in auto mode update-alternatives: using /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/tnameserv to provide /usr/bin/tnameserv (tnameserv) in auto mode update-alternatives: using /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/jexec to provide /usr/bin/jexec (jexec) in auto mode Setting up puppetserver (2.7.2-1puppetlabs1) ... usermod: no changes Processing triggers for libc-bin (2.23-0ubuntu3) ... Processing triggers for systemd (229-4ubuntu10) ... Processing triggers for ureadahead (0.100.0-19) ...
啟用Puppet伺服器防火牆
安裝後,我們需要為Puppet開啟防火牆。Puppet的預設埠是8140,以下是開啟Puppet伺服器防火牆(UFW)以允許客戶端傳入連線的命令:
ubuntu@puppet:~$ sudo ufw allow 8140 Rules updated Rules updated (v6)
自定義Puppet伺服器和節點的記憶體分配
預設情況下,將分配2GB記憶體給Puppet master,我們可以根據Puppet伺服器的記憶體進行自定義。
我們需要編輯以下檔案“`/etc/default/puppetserver`”,找到以下行並進行相應的編輯:`JAVA_ARGS="-Xms2g -Xmx2g -XX:MaxPermSize=256m"`,這裡我使用4GB RAM。
ubuntu@puppet$ sudo nano /etc/default/puppetserver ########################################### # Init settings for puppetserver ########################################### # Location of your Java binary (version 7 or higher) JAVA_BIN="/usr/bin/java" # Modify this if you'd like to change the memory allocation, enable JMX, etc JAVA_ARGS="-Xms4g –Xmx4g -XX:MaxPermSize=256m" # These normally shouldn't need to be edited if using OS packages USER="puppet" GROUP="puppet" INSTALL_DIR="/opt/puppetlabs/server/apps/puppetserver" CONFIG="/etc/puppetlabs/puppetserver/conf.d" # Bootstrap path BOOTSTRAP_CONFIG="/etc/puppetlabs/puppetserver/services.d/,/opt/puppetlabs/server/apps/puppetserver/config/services.d/" # SERVICE_STOP_RETRIES can be set here to alter the default stop timeout in # seconds. For systemd, the shorter of this setting or 'TimeoutStopSec' in # the systemd.service definition will effectively be the timeout which is used. SERVICE_STOP_RETRIES=60 … …
完成配置後,我們需要啟動Puppet Master並檢查Puppet Master的狀態。
ubuntu@puppet:~$ sudo systemctl start puppetserver ubuntu@puppet:~$ sudo systemctl status puppetserver puppet server.service - puppet server Service Loaded: loaded (/lib/systemd/system/puppetserver.service; disabled; vendor preset: enabled) Active: active (running) since Mon 2017-02-13 13:19:02 IST; 3s ago Process: 4943 ExecStart=/opt/puppetlabs/server/apps/puppetserver/bin/puppetserver start (code=exited, status=0/SUCCESS) Main PID: 4954 (java) Tasks: 26 Memory: 983.1M CPU: 50.819s CGroup: /system.slice/puppetserver.service └─4954 /usr/bin/java -Xms2g -Xmx2g -XX:MaxPermSize=256m -Djava.security.egd=/dev/urandom -XX:OnOutOfMemoryError=k Feb 13 13:18:10 puppet systemd[1]: Starting puppetserver Service... Feb 13 13:18:10 puppet puppetserver[4943]: OpenJDK 64-Bit Server VM warning: ignoring option MaxPermSize=256m; support was r Feb 13 13:19:02 puppet systemd[1]: Started puppetserver Service.
在Puppet節點上安裝Agent
我們需要為所有客戶端安裝agent,為此,我們需要新增官方Puppet倉庫,然後在客戶端上安裝agent。
ubuntu@ubuntu1:~$ sudo wget https://apt.puppetlabs.com/puppetlabs-release-pc1-xenial.deb --2017-02-13 13:24:49-- https://apt.puppetlabs.com/puppetlabs-release-pc1-xenial.deb Resolving apt.puppetlabs.com (apt.puppetlabs.com)... 192.155.89.90, 2600:3c03::f03c:91ff:fedb:6b1d Connecting to apt.puppetlabs.com (apt.puppetlabs.com)|192.155.89.90|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 13662 (13K) [application/x-debian-package] Saving to: ‘puppetlabs-release-pc1-xenial.deb’ puppetlabs-release-pc1-xeni 100%[=========================================>] 13.34K --.-KB/s in 0.01s 2017-02-13 13:24:50 (1.29 MB/s) - ‘puppetlabs-release-pc1-xenial.deb’ saved [13662/13662] ubuntu@ubuntu1:~$ sudo dpkg -i puppetlabs-release-pc1-xenial.deb Selecting previously unselected package puppetlabs-release-pc1. (Reading database ... 91848 files and directories currently installed.) Preparing to unpack puppetlabs-release-pc1-xenial.deb ... Unpacking puppetlabs-release-pc1 (1.1.0-2xenial) ... Setting up puppetlabs-release-pc1 (1.1.0-2xenial) ... sudo dpkg -i puppetlabs-release-pc1-xenial.deb Selecting previously unselected package puppetlabs-release-pc1. (Reading database ... 91848 files and directories currently installed.) Preparing to unpack puppetlabs-release-pc1-xenial.deb ... Unpacking puppetlabs-release-pc1 (1.1.0-2xenial) ... Setting up puppetlabs-release-pc1 (1.1.0-2xenial) ... $ sudo apt-get update Get:1 http://security.ubuntu.com/ubuntu xenial-security InRelease [102 kB] Hit:2 http://in.archive.ubuntu.com/ubuntu xenial InRelease Ign:3 http://apt.puppetlabs.com xenial InRelease Get:4 http://in.archive.ubuntu.com/ubuntu xenial-updates InRelease [102 kB] Get:5 http://apt.puppetlabs.com xenial Release [13.3 kB] Get:6 http://apt.puppetlabs.com xenial Release.gpg [841 B] Get:7 http://in.archive.ubuntu.com/ubuntu xenial-backports InRelease [102 kB] Get:8 http://apt.puppetlabs.com xenial/PC1 amd64 Packages [11.9 kB] Get:9 http://apt.puppetlabs.com xenial/PC1 i386 Packages [11.4 kB] Get:10 http://apt.puppetlabs.com xenial/PC1 all Packages [6,786 B] Fetched 351 kB in 1s (201 kB/s) Reading package lists... Done
新增倉庫後,我們需要執行以下命令來安裝agent:
ubuntu@ubuntu1:~$ sudo apt-get install puppet-agent Reading package lists... Done Building dependency tree Reading state information... Done The following NEW packages will be installed: puppet-agent 0 upgraded, 1 newly installed, 0 to remove and 91 not upgraded. Need to get 15.5 MB of archives. After this operation, 92.2 MB of additional disk space will be used. Get:1 http://apt.puppetlabs.com xenial/PC1 amd64 puppet-agent amd64 1.9.1-1xenial [15.5 MB] Fetched 15.5 MB in 32s (476 kB/s) Selecting previously unselected package puppet-agent. (Reading database ... 91853 files and directories currently installed.) Preparing to unpack .../puppet-agent_1.9.1-1xenial_amd64.deb ... Unpacking puppet-agent (1.9.1-1xenial) ... Processing triggers for libc-bin (2.23-0ubuntu3) ... Setting up puppet-agent (1.9.1-1xenial) ... Created symlink from /etc/systemd/system/multi-user.target.wants/puppet.service to /lib/systemd/system/puppet.service. Created symlink from /etc/systemd/system/multi-user.target.wants/mcollective.service to /lib/systemd/system/mcollective.service. Created symlink from /etc/systemd/system/multi-user.target.wants/pxp-agent.service to /lib/systemd/system/pxp-agent.service. Removed symlink /etc/systemd/system/multi-user.target.wants/pxp-agent.service. Processing triggers for libc-bin (2.23-0ubuntu3) ...
安裝成功後,我們需要啟動agent並在啟動時啟用它。
ubuntu@ubuntu1:~$ sudo systemctl start puppet ubuntu@ubuntu1:~$ sudo systemctl enable puppet
在Puppet Master上籤署Agent節點簽名證書
當我們第一次執行agent節點時,節點會將簽名請求傳送到Puppet master。在節點和Puppet master之間進行任何通訊之前,會在Puppet master上建立一個證書籤名請求。
要檢視Puppet master當前的證書請求列表,請執行以下命令:
root@puppet:~# sudo /opt/puppetlabs/bin/puppet cert list "ubuntu1" (SHA256) 60:4C:AE:CE:BD:3F:EC:2F:C6:70:F6:45:62:EC:9A:AF:B2:8B:1C:42:4A:67:BB:C5:F6:F4:AE:BF:38:87:EA:9E
簽署請求
要簽署請求,請為特定節點執行以下命令:
$ sudo /opt/puppetlabs/bin/puppet cert sign ubuntu1 Signing Certificate Request for: "ubuntu1" (SHA256) 60:4C:AE:CE:BD:3F:EC:2F:C6:70:F6:45:62:EC:9A:AF:B2:8B:1C:42:4A:67:BB:C5:F6:F4:AE:BF:38:87:EA:9E Notice: Signed certificate request for ubuntu1 Notice: Removing file Puppet::SSL::CertificateRequest ubuntu1 at '/etc/puppetlabs/puppet/ssl/ca/requests/ubuntu1.pem'
要一次性簽署所有節點的請求,請執行以下命令:
$ sudo /opt/puppetlabs/bin/puppet cert sign –all
建立和執行演示清單
演示清單示例
# vi /etc/puppetlabs/code/environments/production/manifests/site.pp
file {'/tmp/example-ip': # resource type file and filename
ensure => present, # make sure it exists
mode => '0644', # file permissions
content => "The Node IP address is ${ipaddress_eth0}!
", # note the ipaddress_eth0 fact
}這將顯示位於`/tmp`資料夾中的IP地址,並且清單將確保所有節點在`/tmp`資料夾中都具有`example-IP`檔案。
從客戶端執行清單
以下是執行我們在伺服器上建立的演示清單的命令:
root@ubuntu1:~# sudo /opt/puppetlabs/bin/puppet agent --test
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for ubuntu1
Info: Applying configuration version '1486993606'
Notice: /Stage[main]/Main/File[/tmp/example-ip]/ensure: defined content as '{md5}438876fa0fef0d66a99582754b266473'
Notice: Applied catalog in 0.21 seconds在本教程中,我們學習瞭如何安裝和配置Puppet Master和Puppet節點,以及如何為節點新增證書籤名。此外,我們還建立了一個演示清單並在節點上執行以獲取結果。
更新於:2019年10月22日
162 次瀏覽
廣告