Puppet: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
|||
(11 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
== Инсталляция программного обеспечения на сервере и на агенте == | |||
rpm -ivh https://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm | rpm -ivh https://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm | ||
Line 5: | Line 5: | ||
# yum install puppet-server | # yum install puppet-server | ||
# chkconfig puppetmaster on | # chkconfig puppetmaster on | ||
Файл /etc/puppet/puppet.conf: | Файл /etc/puppet/puppet.conf: | ||
# vi /etc/puppet/puppet.conf | # vi /etc/puppet/puppet.conf | ||
Line 20: | Line 20: | ||
'''На агенте:''' | '''На агенте:''' | ||
# yum install puppet | # yum install puppet | ||
== Установка сертификатов на сервере и на агенте == | |||
'''На сервере:''' | |||
# rm -rf /var/lib/puppet/ssl/* | |||
# puppet master --verbose --no-daemonize | |||
''Info: Creating a new SSL key for ca'' | |||
''Info: Creating a new SSL certificate request for ca'' | |||
''Info: Certificate Request fingerprint (SHA256): 3F:CD:FD:CF:5B:1A:72:C1:D2:BA:ED:0A:C8:AF:AE:E0:B3:66:AC:78:9B:03:53:01:2E:47:36:6A:21:41:80:76'' | |||
''Notice: Signed certificate request for ca'' | |||
''Info: Creating a new certificate revocation list'' | |||
''Info: Creating a new SSL key for puppet.mybox.lv'' | |||
''Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml'' | |||
''Info: Creating a new SSL certificate request for puppet.mybox.lv'' | |||
''Info: Certificate Request fingerprint (SHA256): 80:D0:E6:43:66:54:85:85:59:2A:3E:40:C1:A4:5F:93:82:89:35:07:84:6C:DF:0F:B8:A0:EC:CB:A1:63:24:D1'' | |||
''Notice: puppet.mybox.lv has a waiting certificate request'' | |||
''Notice: Signed certificate request for puppet.mybox.lv'' | |||
''Notice: Removing file Puppet::SSL::CertificateRequest puppet.mybox.lv at '/var/lib/puppet/ssl/ca/requests/puppet.mybox.lv.pem''' | |||
''Notice: Removing file Puppet::SSL::CertificateRequest puppet.mybox.lv at '/var/lib/puppet/ssl/certificate_requests/puppet.mybox.lv.pem''' | |||
''Notice: Starting Puppet master version 3.8.7'' | |||
''<Ctrl-C>'' | |||
# puppet cert list --all | |||
''+ "puppet.mybox.lv" (SHA256) 2B:52:7C:52:1E:E9:44:7A:02:BE:1B:8E:9F:84:8D:BF:EC:1E:59:F3:10:18:B9:16:53:C7:22:BB:B6:40:28:00 (alt names:'' | |||
''"DNS:puppet.mybox.lv","DNS:puppet", "DNS:puppet.mybox.lv")'' | |||
# service puppetmaster start | |||
'''На агенте:''' | |||
# vim /etc/puppet/puppet.conf | |||
''[main]'' | |||
… | |||
''certname = proxy.mybox.lv'' | |||
''server = puppet.mybox.lv'' | |||
''environment = production'' | |||
''runinterval = 1h'' | |||
# puppet agent –test | |||
'''На сервере:''' | |||
# puppet cert list | |||
''"proxy.mybox.lv" (SHA256) CF:68:EF:63:98:BD:9A:FA:9F:6B:11:F5:BA:36:E1:AE:38:63:B3:82:FF:CB:73:B7:3E:F3:AB:2A:44:9B:5E:08'' | |||
# puppet cert sign proxy.mybox.lv | |||
== Примеры настроек (на puppet-сервере) == | |||
'''NTP-server''' | |||
# cat /etc/puppet/manifests/site.pp | |||
''node 'puppet.mybox.lv' {'' | |||
''include "ntp_config"'' | |||
''}'' | |||
''node 'proxy.mybox.lv' {'' | |||
''include "ntp_config"'' | |||
''}'' | |||
''class ntp_config {'' | |||
''#case $operatingsystem {'' | |||
''# centos, redhat: { $service_name = 'ntpd' }'' | |||
''# debian, ubuntu: { $service_name = 'ntp' }'' | |||
''#}'' | |||
''package { 'ntp':'' | |||
''ensure => installed,'' | |||
''}'' | |||
''service { 'ntp':'' | |||
''name => ntpd,'' | |||
''ensure => running,'' | |||
''enable => true,'' | |||
''subscribe => File['ntp.conf'],'' | |||
''}'' | |||
''file { 'ntp.conf':'' | |||
''path => '/etc/ntp.conf','' | |||
''ensure => file,'' | |||
''owner => root,'' | |||
''group => root,'' | |||
''mode => 644,'' | |||
''require => Package['ntp'],'' | |||
''source => "puppet:///modules/ntp/ntp.conf",'' | |||
''# This source file would be located on the Puppet master at'' | |||
''# /etc/puppet/modules/ntp/files/ntp.conf'' | |||
''}'' | |||
''}'' | |||
'''NTP-сервер и Squid-сервер''' | |||
$ cat /etc/puppet/manifests/site.pp | |||
''node 'squid-1.mybox.lv', 'squid-2.mybox.lv' {'' | |||
''include ntp, squid'' | |||
''}'' | |||
$ cat /etc/puppet/modules/ntp/manifests/init.pp | |||
''class ntp {'' | |||
''package { ['ntp']:'' | |||
''ensure => present;'' | |||
''}'' | |||
''service { 'ntp':'' | |||
''name => ntpd,'' | |||
''ensure => running,'' | |||
''enable => true,'' | |||
''require => Package['ntp'];'' | |||
''}'' | |||
''file { 'ntp.conf':'' | |||
''path => '/etc/ntp.conf','' | |||
''ensure => file,'' | |||
''owner => root,'' | |||
''group => root,'' | |||
''mode => 644,'' | |||
''require => Package['ntp'],'' | |||
''notify => Service['ntp'],'' | |||
''source => "puppet:///modules/ntp/ntp.conf",'' | |||
''# This source file would be located on the Puppet master at'' | |||
''# /etc/puppet/modules/ntp/files/ntp.conf'' | |||
''}'' | |||
''}'' | |||
$ cat /etc/puppet/modules/ntp/files/ntp.conf | |||
… | |||
''Файл конфикурации ntp.conf'' | |||
$ cat /etc/puppet/modules/squid/manifests/init.pp | |||
''class squid {'' | |||
''package { ['squid']:'' | |||
''ensure => present;'' | |||
''}'' | |||
''service { 'squid':'' | |||
''name => squid,'' | |||
''ensure => running,'' | |||
''enable => true,'' | |||
''require => Package['squid'];'' | |||
''}'' | |||
''file { 'squid.conf':'' | |||
''path => '/etc/squid/squid.conf','' | |||
''ensure => file,'' | |||
''owner => root,'' | |||
''group => squid,'' | |||
''mode => 640,'' | |||
''require => Package['squid'],'' | |||
''source => "puppet:///modules/squid/squid.conf",'' | |||
''# This source file would be located on the Puppet master at'' | |||
''# /etc/puppet/modules/squid/files/squid.conf'' | |||
''}'' | |||
''file { 'squidguard.conf':'' | |||
''path => '/etc/squid/squidguard.conf','' | |||
''ensure => file,'' | |||
''owner => squid,'' | |||
''group => squid,'' | |||
''mode => 644,'' | |||
''require => Package['squid'],'' | |||
''source => "puppet:///modules/squid/squidguard.conf",'' | |||
''# This source file would be located on the Puppet master at'' | |||
''# /etc/puppet/modules/squid/files/squidguard.conf'' | |||
''}'' | |||
''exec { 'squid-reconfigure':'' | |||
''command => 'squid -k reconfigure','' | |||
''path => ['/bin', '/usr/bin', '/usr/sbin'],'' | |||
''require => Service['squid'];'' | |||
''}'' | |||
''}'' | |||
$ cat /etc/puppet/modules/squid/files/squid.conf | |||
… | |||
''Файл конфигурации squid.conf.'' | |||
$ cat /etc/puppet/modules/squid/files/squidguard.conf | |||
… | |||
''Файл конфигурации squidguard.conf.'' |
Latest revision as of 07:12, 13 June 2016
Инсталляция программного обеспечения на сервере и на агенте
rpm -ivh https://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm
На сервере:
# yum install puppet-server # chkconfig puppetmaster on
Файл /etc/puppet/puppet.conf:
# vi /etc/puppet/puppet.conf [main] … certname = puppet.mybox.lv server = puppet.mybox.lv environment = production runinterval = 1h [master] dns_alt_names = puppet.mybox.lv,puppet
На агенте:
# yum install puppet
Установка сертификатов на сервере и на агенте
На сервере:
# rm -rf /var/lib/puppet/ssl/* # puppet master --verbose --no-daemonize Info: Creating a new SSL key for ca Info: Creating a new SSL certificate request for ca Info: Certificate Request fingerprint (SHA256): 3F:CD:FD:CF:5B:1A:72:C1:D2:BA:ED:0A:C8:AF:AE:E0:B3:66:AC:78:9B:03:53:01:2E:47:36:6A:21:41:80:76 Notice: Signed certificate request for ca Info: Creating a new certificate revocation list Info: Creating a new SSL key for puppet.mybox.lv Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml Info: Creating a new SSL certificate request for puppet.mybox.lv Info: Certificate Request fingerprint (SHA256): 80:D0:E6:43:66:54:85:85:59:2A:3E:40:C1:A4:5F:93:82:89:35:07:84:6C:DF:0F:B8:A0:EC:CB:A1:63:24:D1 Notice: puppet.mybox.lv has a waiting certificate request Notice: Signed certificate request for puppet.mybox.lv Notice: Removing file Puppet::SSL::CertificateRequest puppet.mybox.lv at '/var/lib/puppet/ssl/ca/requests/puppet.mybox.lv.pem' Notice: Removing file Puppet::SSL::CertificateRequest puppet.mybox.lv at '/var/lib/puppet/ssl/certificate_requests/puppet.mybox.lv.pem' Notice: Starting Puppet master version 3.8.7 <Ctrl-C>
# puppet cert list --all + "puppet.mybox.lv" (SHA256) 2B:52:7C:52:1E:E9:44:7A:02:BE:1B:8E:9F:84:8D:BF:EC:1E:59:F3:10:18:B9:16:53:C7:22:BB:B6:40:28:00 (alt names: "DNS:puppet.mybox.lv","DNS:puppet", "DNS:puppet.mybox.lv")
# service puppetmaster start
На агенте:
# vim /etc/puppet/puppet.conf [main] … certname = proxy.mybox.lv server = puppet.mybox.lv environment = production runinterval = 1h
# puppet agent –test
На сервере:
# puppet cert list "proxy.mybox.lv" (SHA256) CF:68:EF:63:98:BD:9A:FA:9F:6B:11:F5:BA:36:E1:AE:38:63:B3:82:FF:CB:73:B7:3E:F3:AB:2A:44:9B:5E:08
# puppet cert sign proxy.mybox.lv
Примеры настроек (на puppet-сервере)
NTP-server
# cat /etc/puppet/manifests/site.pp node 'puppet.mybox.lv' { include "ntp_config" } node 'proxy.mybox.lv' { include "ntp_config" } class ntp_config { #case $operatingsystem { # centos, redhat: { $service_name = 'ntpd' } # debian, ubuntu: { $service_name = 'ntp' } #} package { 'ntp': ensure => installed, } service { 'ntp': name => ntpd, ensure => running, enable => true, subscribe => File['ntp.conf'], } file { 'ntp.conf': path => '/etc/ntp.conf', ensure => file, owner => root, group => root, mode => 644, require => Package['ntp'], source => "puppet:///modules/ntp/ntp.conf", # This source file would be located on the Puppet master at # /etc/puppet/modules/ntp/files/ntp.conf } }
NTP-сервер и Squid-сервер
$ cat /etc/puppet/manifests/site.pp node 'squid-1.mybox.lv', 'squid-2.mybox.lv' { include ntp, squid }
$ cat /etc/puppet/modules/ntp/manifests/init.pp class ntp { package { ['ntp']: ensure => present; } service { 'ntp': name => ntpd, ensure => running, enable => true, require => Package['ntp']; } file { 'ntp.conf': path => '/etc/ntp.conf', ensure => file, owner => root, group => root, mode => 644, require => Package['ntp'], notify => Service['ntp'], source => "puppet:///modules/ntp/ntp.conf", # This source file would be located on the Puppet master at # /etc/puppet/modules/ntp/files/ntp.conf } }
$ cat /etc/puppet/modules/ntp/files/ntp.conf … Файл конфикурации ntp.conf $ cat /etc/puppet/modules/squid/manifests/init.pp class squid { package { ['squid']: ensure => present; } service { 'squid': name => squid, ensure => running, enable => true, require => Package['squid']; } file { 'squid.conf': path => '/etc/squid/squid.conf', ensure => file, owner => root, group => squid, mode => 640, require => Package['squid'], source => "puppet:///modules/squid/squid.conf", # This source file would be located on the Puppet master at # /etc/puppet/modules/squid/files/squid.conf } file { 'squidguard.conf': path => '/etc/squid/squidguard.conf', ensure => file, owner => squid, group => squid, mode => 644, require => Package['squid'], source => "puppet:///modules/squid/squidguard.conf", # This source file would be located on the Puppet master at # /etc/puppet/modules/squid/files/squidguard.conf } exec { 'squid-reconfigure': command => 'squid -k reconfigure', path => ['/bin', '/usr/bin', '/usr/sbin'], require => Service['squid']; } }
$ cat /etc/puppet/modules/squid/files/squid.conf … Файл конфигурации squid.conf.
$ cat /etc/puppet/modules/squid/files/squidguard.conf … Файл конфигурации squidguard.conf.