Puppet: Difference between revisions

From wiki.habital.lv
Jump to navigation Jump to search
(Created page with "Инсталляция программного обеспечения на сервере и на агенте rpm -ivh https://yum.puppetlabs.com/puppetlabs-release-el-6.no...")
 
 
(12 intermediate revisions by the same user not shown)
Line 1: Line 1:
Инсталляция программного обеспечения на сервере и на агенте
== Инсталляция программного обеспечения на сервере и на агенте ==
  rpm -ivh https://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm
  rpm -ivh https://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm


Line 5: Line 5:
  # yum install puppet-server
  # yum install puppet-server
  # chkconfig puppetmaster on
  # chkconfig puppetmaster on
# service puppetmaster start
 
Файл /etc/puppet/puppet.conf:
Файл /etc/puppet/puppet.conf:
  # vi /etc/puppet/puppet.conf
  # vi /etc/puppet/puppet.conf
Line 20: Line 20:
'''На агенте:'''
'''На агенте:'''
  # yum install puppet
  # yum install puppet
== Установка сертификатов на сервере и на агенте ==
'''На сервере:'''
# rm -rf /var/lib/puppet/ssl/*
# puppet master --verbose --no-daemonize
''Info: Creating a new SSL key for ca''
''Info: Creating a new SSL certificate request for ca''
''Info: Certificate Request fingerprint (SHA256): 3F:CD:FD:CF:5B:1A:72:C1:D2:BA:ED:0A:C8:AF:AE:E0:B3:66:AC:78:9B:03:53:01:2E:47:36:6A:21:41:80:76''
''Notice: Signed certificate request for ca''
''Info: Creating a new certificate revocation list''
''Info: Creating a new SSL key for puppet.mybox.lv''
''Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml''
''Info: Creating a new SSL certificate request for puppet.mybox.lv''
''Info: Certificate Request fingerprint (SHA256): 80:D0:E6:43:66:54:85:85:59:2A:3E:40:C1:A4:5F:93:82:89:35:07:84:6C:DF:0F:B8:A0:EC:CB:A1:63:24:D1''
''Notice: puppet.mybox.lv has a waiting certificate request''
''Notice: Signed certificate request for puppet.mybox.lv''
''Notice: Removing file Puppet::SSL::CertificateRequest puppet.mybox.lv at '/var/lib/puppet/ssl/ca/requests/puppet.mybox.lv.pem'''
''Notice: Removing file Puppet::SSL::CertificateRequest puppet.mybox.lv at '/var/lib/puppet/ssl/certificate_requests/puppet.mybox.lv.pem'''
''Notice: Starting Puppet master version 3.8.7''
''<Ctrl-C>''
# puppet cert list --all
''+ "puppet.mybox.lv" (SHA256) 2B:52:7C:52:1E:E9:44:7A:02:BE:1B:8E:9F:84:8D:BF:EC:1E:59:F3:10:18:B9:16:53:C7:22:BB:B6:40:28:00 (alt names:''
''"DNS:puppet.mybox.lv","DNS:puppet", "DNS:puppet.mybox.lv")''
# service puppetmaster start
'''На агенте:'''
# vim /etc/puppet/puppet.conf
''[main]''
    ''certname = proxy.mybox.lv''
    ''server = puppet.mybox.lv''
    ''environment = production''
    ''runinterval = 1h''
# puppet agent –test
'''На сервере:'''
# puppet cert list
  ''"proxy.mybox.lv" (SHA256) CF:68:EF:63:98:BD:9A:FA:9F:6B:11:F5:BA:36:E1:AE:38:63:B3:82:FF:CB:73:B7:3E:F3:AB:2A:44:9B:5E:08''
# puppet cert sign proxy.mybox.lv
== Примеры настроек (на puppet-сервере) ==
'''NTP-server'''
# cat /etc/puppet/manifests/site.pp
''node 'puppet.mybox.lv' {''
  ''include "ntp_config"''
''}''
''node 'proxy.mybox.lv' {''
  ''include "ntp_config"''
''}''
''class ntp_config {''
  ''#case $operatingsystem {''
  ''#  centos, redhat: { $service_name = 'ntpd' }''
  ''#  debian, ubuntu: { $service_name = 'ntp' }''
  ''#}''
  ''package { 'ntp':''
    ''ensure => installed,''
  ''}''
  ''service { 'ntp':''
    ''name      => ntpd,''
    ''ensure    => running,''
    ''enable    => true,''
    ''subscribe => File['ntp.conf'],''
  ''}''
  ''file { 'ntp.conf':''
    ''path    => '/etc/ntp.conf',''
    ''ensure  => file,''
    ''owner  => root,''
    ''group  => root,''
    ''mode    => 644,''
    ''require => Package['ntp'],''
    ''source  => "puppet:///modules/ntp/ntp.conf",''
    ''# This source file would be located on the Puppet master at''
    ''# /etc/puppet/modules/ntp/files/ntp.conf''
  ''}''
''}''
'''NTP-сервер и Squid-сервер'''
$ cat /etc/puppet/manifests/site.pp
''node 'squid-1.mybox.lv', 'squid-2.mybox.lv' {''
  ''include ntp, squid''
''}''
$ cat /etc/puppet/modules/ntp/manifests/init.pp
''class ntp {''
  ''package { ['ntp']:''
    ''ensure => present;''
  ''}''
 
  ''service { 'ntp':''
    ''name    => ntpd,''
    ''ensure  => running,''
    ''enable  => true,''
    ''require => Package['ntp'];''
  ''}''
 
  ''file { 'ntp.conf':''
    ''path    => '/etc/ntp.conf',''
    ''ensure  => file,''
    ''owner  => root,''
    ''group  => root,''
    ''mode    => 644,''
    ''require => Package['ntp'],''
    ''notify  => Service['ntp'],''
    ''source  => "puppet:///modules/ntp/ntp.conf",''
    ''# This source file would be located on the Puppet master at''
    ''# /etc/puppet/modules/ntp/files/ntp.conf''
  ''}''
''}''
$ cat /etc/puppet/modules/ntp/files/ntp.conf
''Файл конфикурации ntp.conf''
$ cat /etc/puppet/modules/squid/manifests/init.pp
''class squid {''
  ''package { ['squid']:''
    ''ensure => present;''
  ''}''
  ''service { 'squid':''
    ''name      => squid,''
    ''ensure    => running,''
    ''enable    => true,''
    ''require  => Package['squid'];''
  ''}''
  ''file { 'squid.conf':''
    ''path    => '/etc/squid/squid.conf',''
    ''ensure  => file,''
    ''owner  => root,''
    ''group  => squid,''
    ''mode    => 640,''
    ''require => Package['squid'],''
    ''source  => "puppet:///modules/squid/squid.conf",''
    ''# This source file would be located on the Puppet master at''
    ''# /etc/puppet/modules/squid/files/squid.conf''
  ''}''
  ''file { 'squidguard.conf':''
    ''path    => '/etc/squid/squidguard.conf',''
    ''ensure  => file,''
    ''owner  => squid,''
    ''group  => squid,''
    ''mode    => 644,''
    ''require => Package['squid'],''
    ''source  => "puppet:///modules/squid/squidguard.conf",''
    ''# This source file would be located on the Puppet master at''
    ''# /etc/puppet/modules/squid/files/squidguard.conf''
  ''}''
  ''exec { 'squid-reconfigure':''
    ''command => 'squid -k reconfigure',''
    ''path    => ['/bin', '/usr/bin', '/usr/sbin'],''
    ''require => Service['squid'];''
  ''}''
''}''
$ cat /etc/puppet/modules/squid/files/squid.conf
''Файл конфигурации squid.conf.''
$ cat /etc/puppet/modules/squid/files/squidguard.conf
''Файл конфигурации squidguard.conf.''

Latest revision as of 07:12, 13 June 2016

Инсталляция программного обеспечения на сервере и на агенте

rpm -ivh https://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm

На сервере:

# yum install puppet-server
# chkconfig puppetmaster on

Файл /etc/puppet/puppet.conf:

# vi /etc/puppet/puppet.conf
[main]certname = puppet.mybox.lv
   server = puppet.mybox.lv
   environment = production
   runinterval = 1h

[master]
   dns_alt_names = puppet.mybox.lv,puppet

На агенте:

# yum install puppet

Установка сертификатов на сервере и на агенте

На сервере:

# rm -rf /var/lib/puppet/ssl/*
# puppet master --verbose --no-daemonize
Info: Creating a new SSL key for ca
Info: Creating a new SSL certificate request for ca
Info: Certificate Request fingerprint (SHA256): 3F:CD:FD:CF:5B:1A:72:C1:D2:BA:ED:0A:C8:AF:AE:E0:B3:66:AC:78:9B:03:53:01:2E:47:36:6A:21:41:80:76
Notice: Signed certificate request for ca
Info: Creating a new certificate revocation list
Info: Creating a new SSL key for puppet.mybox.lv
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for puppet.mybox.lv
Info: Certificate Request fingerprint (SHA256): 80:D0:E6:43:66:54:85:85:59:2A:3E:40:C1:A4:5F:93:82:89:35:07:84:6C:DF:0F:B8:A0:EC:CB:A1:63:24:D1
Notice: puppet.mybox.lv has a waiting certificate request
Notice: Signed certificate request for puppet.mybox.lv
Notice: Removing file Puppet::SSL::CertificateRequest puppet.mybox.lv at '/var/lib/puppet/ssl/ca/requests/puppet.mybox.lv.pem'
Notice: Removing file Puppet::SSL::CertificateRequest puppet.mybox.lv at '/var/lib/puppet/ssl/certificate_requests/puppet.mybox.lv.pem'
Notice: Starting Puppet master version 3.8.7
<Ctrl-C>
# puppet cert list --all
+ "puppet.mybox.lv" (SHA256) 2B:52:7C:52:1E:E9:44:7A:02:BE:1B:8E:9F:84:8D:BF:EC:1E:59:F3:10:18:B9:16:53:C7:22:BB:B6:40:28:00 (alt names:
"DNS:puppet.mybox.lv","DNS:puppet", "DNS:puppet.mybox.lv")
# service puppetmaster start

На агенте:

# vim /etc/puppet/puppet.conf
[main]certname = proxy.mybox.lv
   server = puppet.mybox.lv
   environment = production
   runinterval = 1h
# puppet agent –test

На сервере:

# puppet cert list
 "proxy.mybox.lv" (SHA256) CF:68:EF:63:98:BD:9A:FA:9F:6B:11:F5:BA:36:E1:AE:38:63:B3:82:FF:CB:73:B7:3E:F3:AB:2A:44:9B:5E:08
# puppet cert sign proxy.mybox.lv

Примеры настроек (на puppet-сервере)

NTP-server

# cat /etc/puppet/manifests/site.pp
node 'puppet.mybox.lv' {
  include "ntp_config"
}

node 'proxy.mybox.lv' {
 include "ntp_config"
}

class ntp_config {
 #case $operatingsystem {
 #  centos, redhat: { $service_name = 'ntpd' }
 #  debian, ubuntu: { $service_name = 'ntp' }
 #}

 package { 'ntp':
   ensure => installed,
 }

 service { 'ntp':
   name      => ntpd,
   ensure    => running,
   enable    => true,
   subscribe => File['ntp.conf'],
 }

 file { 'ntp.conf':
   path    => '/etc/ntp.conf',
   ensure  => file,
   owner   => root,
   group   => root,
   mode    => 644,
   require => Package['ntp'],
   source  => "puppet:///modules/ntp/ntp.conf",
   # This source file would be located on the Puppet master at
   # /etc/puppet/modules/ntp/files/ntp.conf
 }
}

NTP-сервер и Squid-сервер

$ cat /etc/puppet/manifests/site.pp
node 'squid-1.mybox.lv', 'squid-2.mybox.lv' {
  include ntp, squid
}
$ cat /etc/puppet/modules/ntp/manifests/init.pp 
class ntp {
 package { ['ntp']:
   ensure => present;
 }
 
 service { 'ntp':
   name    => ntpd,
   ensure  => running,
   enable  => true,
   require => Package['ntp'];
 }
 
 file { 'ntp.conf':
   path    => '/etc/ntp.conf',
   ensure  => file,
   owner   => root,
   group   => root,
   mode    => 644,
   require => Package['ntp'],
   notify  => Service['ntp'],
   source  => "puppet:///modules/ntp/ntp.conf",
   # This source file would be located on the Puppet master at
   # /etc/puppet/modules/ntp/files/ntp.conf
 }
}
$ cat /etc/puppet/modules/ntp/files/ntp.conf 
…
Файл конфикурации ntp.conf
$ cat /etc/puppet/modules/squid/manifests/init.pp 
class squid {
 package { ['squid']:
   ensure => present;
 }

 service { 'squid':
   name      => squid,
   ensure    => running,
   enable    => true,
   require   => Package['squid'];
 }

 file { 'squid.conf':
   path    => '/etc/squid/squid.conf',
   ensure  => file,
   owner   => root,
   group   => squid,
   mode    => 640,
   require => Package['squid'],
   source  => "puppet:///modules/squid/squid.conf",
   # This source file would be located on the Puppet master at
   # /etc/puppet/modules/squid/files/squid.conf
 }

 file { 'squidguard.conf':
   path    => '/etc/squid/squidguard.conf',
   ensure  => file,
   owner   => squid,
   group   => squid,
   mode    => 644,
   require => Package['squid'],
   source  => "puppet:///modules/squid/squidguard.conf",
   # This source file would be located on the Puppet master at
   # /etc/puppet/modules/squid/files/squidguard.conf
 }

 exec { 'squid-reconfigure':
   command => 'squid -k reconfigure',
   path    => ['/bin', '/usr/bin', '/usr/sbin'],
   require => Service['squid'];
 }
}
$ cat /etc/puppet/modules/squid/files/squid.conf
…
Файл конфигурации squid.conf.
$ cat /etc/puppet/modules/squid/files/squidguard.conf
…
Файл конфигурации squidguard.conf.