Puppet
Jump to navigation
Jump to search
Инсталляция программного обеспечения на сервере и на агенте
rpm -ivh https://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm
На сервере:
# yum install puppet-server # chkconfig puppetmaster on
Файл /etc/puppet/puppet.conf:
# vi /etc/puppet/puppet.conf [main] … certname = puppet.mybox.lv server = puppet.mybox.lv environment = production runinterval = 1h [master] dns_alt_names = puppet.mybox.lv,puppet
На агенте:
# yum install puppet
Установка сертификатов на сервере и на агенте
На сервере:
# rm -rf /var/lib/puppet/ssl/* # puppet master --verbose --no-daemonize Info: Creating a new SSL key for ca Info: Creating a new SSL certificate request for ca Info: Certificate Request fingerprint (SHA256): 3F:CD:FD:CF:5B:1A:72:C1:D2:BA:ED:0A:C8:AF:AE:E0:B3:66:AC:78:9B:03:53:01:2E:47:36:6A:21:41:80:76 Notice: Signed certificate request for ca Info: Creating a new certificate revocation list Info: Creating a new SSL key for puppet.mybox.lv Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml Info: Creating a new SSL certificate request for puppet.mybox.lv Info: Certificate Request fingerprint (SHA256): 80:D0:E6:43:66:54:85:85:59:2A:3E:40:C1:A4:5F:93:82:89:35:07:84:6C:DF:0F:B8:A0:EC:CB:A1:63:24:D1 Notice: puppet.mybox.lv has a waiting certificate request Notice: Signed certificate request for puppet.mybox.lv Notice: Removing file Puppet::SSL::CertificateRequest puppet.mybox.lv at '/var/lib/puppet/ssl/ca/requests/puppet.mybox.lv.pem' Notice: Removing file Puppet::SSL::CertificateRequest puppet.mybox.lv at '/var/lib/puppet/ssl/certificate_requests/puppet.mybox.lv.pem' Notice: Starting Puppet master version 3.8.7 <Ctrl-C>
# puppet cert list --all + "puppet.mybox.lv" (SHA256) 2B:52:7C:52:1E:E9:44:7A:02:BE:1B:8E:9F:84:8D:BF:EC:1E:59:F3:10:18:B9:16:53:C7:22:BB:B6:40:28:00 (alt names: "DNS:puppet.mybox.lv","DNS:puppet", "DNS:puppet.mybox.lv")
# service puppetmaster start
На агенте:
# vim /etc/puppet/puppet.conf [main] … certname = proxy.mybox.lv server = puppet.mybox.lv environment = production runinterval = 1h
# puppet agent –test
На сервере:
# puppet cert list "proxy.mybox.lv" (SHA256) CF:68:EF:63:98:BD:9A:FA:9F:6B:11:F5:BA:36:E1:AE:38:63:B3:82:FF:CB:73:B7:3E:F3:AB:2A:44:9B:5E:08
# puppet cert sign proxy.mybox.lv
Примеры настроек (на puppet-сервере)
NTP-server
# cat /etc/puppet/manifests/site.pp
node 'puppet.mybox.lv' {
include "ntp_config"
}
node 'proxy.mybox.lv' {
include "ntp_config"
}
class ntp_config {
#case $operatingsystem {
# centos, redhat: { $service_name = 'ntpd' }
# debian, ubuntu: { $service_name = 'ntp' }
#}
package { 'ntp':
ensure => installed,
}
service { 'ntp':
name => ntpd,
ensure => running,
enable => true,
subscribe => File['ntp.conf'],
}
file { 'ntp.conf':
path => '/etc/ntp.conf',
ensure => file,
owner => root,
group => root,
mode => 644,
require => Package['ntp'],
source => "puppet:///modules/ntp/ntp.conf",
# This source file would be located on the Puppet master at
# /etc/puppet/modules/ntp/files/ntp.conf
}
}
NTP-сервер и Squid-сервер
$ cat /etc/puppet/manifests/site.pp
node 'squid-1.mybox.lv', 'squid-2.mybox.lv' {
include ntp, squid
}
$ cat /etc/puppet/modules/ntp/manifests/init.pp
class ntp {
package { ['ntp']:
ensure => present;
}
service { 'ntp':
name => ntpd,
ensure => running,
enable => true,
require => Package['ntp'];
}
file { 'ntp.conf':
path => '/etc/ntp.conf',
ensure => file,
owner => root,
group => root,
mode => 644,
require => Package['ntp'],
notify => Service['ntp'],
source => "puppet:///modules/ntp/ntp.conf",
# This source file would be located on the Puppet master at
# /etc/puppet/modules/ntp/files/ntp.conf
}
}
$ cat /etc/puppet/modules/ntp/files/ntp.conf
…
Файл конфикурации ntp.conf
$ cat /etc/puppet/modules/squid/manifests/init.pp
class squid {
package { ['squid']:
ensure => present;
}
service { 'squid':
name => squid,
ensure => running,
enable => true,
require => Package['squid'];
}
file { 'squid.conf':
path => '/etc/squid/squid.conf',
ensure => file,
owner => root,
group => squid,
mode => 640,
require => Package['squid'],
source => "puppet:///modules/squid/squid.conf",
# This source file would be located on the Puppet master at
# /etc/puppet/modules/squid/files/squid.conf
}
file { 'squidguard.conf':
path => '/etc/squid/squidguard.conf',
ensure => file,
owner => squid,
group => squid,
mode => 644,
require => Package['squid'],
source => "puppet:///modules/squid/squidguard.conf",
# This source file would be located on the Puppet master at
# /etc/puppet/modules/squid/files/squidguard.conf
}
exec { 'squid-reconfigure':
command => 'squid -k reconfigure',
path => ['/bin', '/usr/bin', '/usr/sbin'],
require => Service['squid'];
}
}
$ cat /etc/puppet/modules/squid/files/squid.conf … Файл конфигурации squid.conf.
$ cat /etc/puppet/modules/squid/files/squidguard.conf … Файл конфигурации squidguard.conf.