puppet简单入门

这是一篇迟到的文章,因为对于自动化我有太多的不解。对于自动化的相关的东西,以前的文章也提及过一些,例如我利用fabric批量的执行清除nginx缓存的操作,也有装完了saltstack玩玩他的批量执行命令和安装软件管理配置的功能。自动化是一种思想,没有业务场景和使用的案例,只是一个人躲在SecureCRT后面敲敲打打,很难搞出什么像样的东西来。

因此,虽然我是学python的,saltstack和ansible也有很多人在用,我还是推荐puppet。因为相对于saltstack和ansible,puppet有太多的模板和资料来供学习,感谢刘宇,《puppet》实战的出版更让我这种菜鸟方便容易的理解一些自动化的思想。

一:初始化puppet

这是个老生常谈的操作了,对于一个新工具的使用,基本流程就是先安装,跑起来,再学习。

1. 使用EPEL或者puppet的官方yum源来进行安装
a. 配置CentOS使用EPEL源进行安装,我使用的是CentOS 6.4 64位系统,配置过程如下:
     wget http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
     rpm -ivh epel-release-6-8.noarch.rpm
     参考: http://fedoraproject.org/wiki/EPEL

http://docs.puppetlabs.com/guides/puppetlabs_package_repositories.html
b.使用puppet的源,进行安装:
     rpm -ivh https://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-7.noarch.rpm
    参考: http://docs.puppetlabs.com/guides/puppetlabs_package_repositories.html

2.安装puppet
安装之前先确认自己的ruby版本,如果系统没有安装ruby,可以采用如下方法进行安装:
yum -y install ruby ruby-libs ruby-shadow

服务器端安装puppet-server
yum -y install puppet-server

客户端安装puppet
yum -y install puppet


3. 配置puppet
设置主机名和指定hosts
MASTER: 192.168.189.130
hostname puppet.domain.com
vim /etc/sysconfig/network
OSTNAME=puppet.domain.com

SLAVE:192.168.188.131
hostname agent.domain.com
vim /etc/sysconfig/network 
HOSTNAME=agent.domain.com

两端/etc/hosts加入:
192.168.188.130 puppet.domain.com
192.168.188.131 agent.domain.com

服务的启用方法如下:
可以直接puppet master启动,当然也可以按下面的方式:
[root@master src]# /etc/init.d/puppetmaster start
启动 puppetmaster:                                        [确定]

[root@slave ~]# /etc/init.d/puppet start
Starting puppet agent:                                     [确定]

配置主机配置文件:
vim /etc/puppet/manifests/site.pp
node default { file { "/tmp/puppettest1.txt": content => "Hello,First Puppet test"; } }


客户端发起验证:
[root@slave ~]# puppet agent --server puppet.domain.com --test
Info: Caching certificate for ca
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for agent.domain.com
Info: Certificate Request fingerprint (SHA256): 72:27:FB:46:69:81:B6:AD:A5:5B:FD:82:94:C1:17:7D:94:00:4B:9D:7E:7F:56:AF:43:41:30:80:91:CC:07:94
Info: Caching certificate for ca
Exiting; no certificate found and waitforcert is disabled

服务器端完成验证:
[root@master src]# puppet cert --list
  "agent.domain.com" (SHA256) 72:27:FB:46:69:81:B6:AD:A5:5B:FD:82:94:C1:17:7D:94:00:4B:9D:7E:7F:56:AF:43:41:30:80:91:CC:07:94
[root@master src]# puppet cert  sign agent.domain.com
Notice: Signed certificate request for agent.domain.com
Notice: Removing file Puppet::SSL::CertificateRequest agent.domain.com at '/var/lib/puppet/ssl/ca/requests/agent.domain.com.pem’


客户端再次运行配置:
[root@slave ~]# puppet agent --server puppet.domain.com --test
Info: Caching certificate for agent.domain.com
Info: Caching certificate_revocation_list for ca
Info: Caching certificate for agent.domain.com
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for agent.domain.com
Info: Applying configuration version '1399420364'
Notice: /Stage[main]/Main/Node[default]/File[/tmp/puppettest1.txt]/ensure: defined content as '{md5}1c5b32d02e0562b168cee6ea9411e212'
Info: Creating state file /var/lib/puppet/state/state.yaml
Notice: Finished catalog run in 0.03 seconds
You have new mail in /var/spool/mail/root

验证配置:
[root@slave ~]# more /tmp/puppettest1.txt
Hello,First Puppet test


可以看到客户端已经生成了/tmp/puppettest1.txt文件,puppet的初始化工作算是做完了,下面进行实际的练习来写几个例子看看。

二:配置puppet

来点干货,写两个例子看看

1.配置一个测试节点,客户端从服务端拉取一个文件
a.建立相应的目录
mkdir -p  /etc/puppet/modules/test/{manifests,templates,files}

b.模块目录的结构,及内容:
[root@puppet modules]# pwd
/etc/puppet/modules
[root@puppet modules]# tree test/
test/
├── files
├── manifests
│   └── init.pp
└── templates
    └── test.erb

3 directories, 2 files


[root@puppet modules]# cat test/manifests/init.pp
class test {
    file { "/tmp/$hostname.txt": content => "Hello World!" }
}
[root@puppet modules]# cat test/templates/test.erb
hostname <%= fqdn %>

c.manifests目录结构,及内容
[root@puppet puppet]# pwd
/etc/puppet

[root@puppet puppet]# tree manifests/
manifests/
├── nodes
│   └── agent.domain.com.pp
└── site.pp

1 directory, 2 files


[root@puppet puppet]# cat manifests/site.pp
import "nodes/agent.domain.com.pp"
[root@puppet puppet]# cat manifests/nodes/agent.domain.com.pp
node 'agent.domain.com' {
    #加载test类
    include test
}


d.验证配置文件是否正确:
master端:
puppet parser validate /etc/puppet/modules/test/manifests/init.pp

client端:
puppet agent --test --server puppet.domain.com —noop

e.测试下看看
[root@agent ~]# puppet agent --test --server puppet.domain.com
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for agent.domain.com
Info: Applying configuration version '1402183496'
Notice: /Stage[main]/Test/File[/tmp/agent.txt]/ensure: defined content as '{md5}ed076287532e86365e841e92bfc50d8c'
Notice: Finished catalog run in 0.35 seconds

[root@agent ~]# more /tmp/agent.txt
Hello World!


2.增加一个httpd模块
a.创建相应的目录结构
mkdir -p  /etc/puppet/modules/httpd/{manifests,templates,files}

b.模块目录的结构,及内容:
[root@puppet modules]# pwd
/etc/puppet/modules
[root@puppet modules]# tree httpd/
httpd/
├── files
├── manifests
│   └── init.pp
└── templates

3 directories, 1 file
[root@puppet modules]# cat httpd/manifests/init.pp
class httpd {
    yumrepo { "repo163":
        descr => "163 repo",
        baseurl => "http://tel.mirrors.163.com/centos/6/os/x86_64/",
        gpgcheck => "0",
        enabled => "1";
    }

    package {
        "httpd":
        ensure => installed,
        require => Yumrepo["repo163"];
    }
}

c.加入到节点中
[root@puppet puppet]# cat manifests/nodes/agent.domain.com.pp
node 'agent.domain.com' {
    #加载test类
    include test
    include httpd
}



d.客户端测试
[root@agent ~]# puppet agent --test --server puppet.domain.com
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for agent.domain.com
Info: Applying configuration version '1402184755'
Info: create new repo repo163 in file /etc/yum.repos.d/repo163.repo
Notice: /Stage[main]/Httpd/Yumrepo[repo163]/ensure: created
Info: changing mode of /etc/yum.repos.d/repo163.repo from 600 to 644
Notice: /Stage[main]/Httpd/Package[httpd]/ensure: created
Notice: Finished catalog run in 51.20 seconds

[root@agent ~]# ll /etc/yum.repos.d/repo163.repo
-rw-r--r-- 1 root root 100 6月   8 00:04 /etc/yum.repos.d/repo163.repo
[root@agent ~]# rpm -qa|grep httpd
httpd-tools-2.2.15-30.el6.centos.x86_64
httpd-2.2.15-30.el6.centos.x86_64

自言自语:

这里只是简单的回顾了下puppet,具体高级好玩的用法,后面再慢慢到来。

参考资料:

刘宇: 《puppet实战》