博客
关于我
强烈建议你试试无所不能的chatGPT,快点击我
手动编写的几个简单的puppet管理配置
阅读量:6225 次
发布时间:2019-06-21

本文共 22776 字,大约阅读时间需要 75 分钟。

 

puppet在自动化配置管理方面有很强大的优势,这里就不做过多介绍了,下面记录下几个简单的puppet管理配置:

一、首先在服务端和客户端安装puppet和facter

1)服务端安装Puppet Labs# rpm -ivh http://yum.puppetlabs.com/el/6.5/products/x86_64/puppetlabs-release-6-12.noarch.rpm安装Puppet和facter# yum install puppet puppet-server facter2)客户端安装Puppet Labs# rpm -ivh http://yum.puppetlabs.com/el/6.5/products/x86_64/puppetlabs-release-6-12.noarch.rpm安装Puppet和facter# yum install puppet facter

二、puppet配置及证书签收

1)客户端和服务端分别做host主机映射(或者做内网DNS解析)192.168.1.10 puppet01.wang.com            #服务端192.168.1.11 puppet02.wang.com            #客户端2)在客服端的puppet.conf配置文件里[root@puppet02 ~]# cat /etc/puppet/puppet.conf [main]    server=puppet01.wang.com    ......3)分别启动puppet服务(注意服务端和客户端的iptables防火墙最好关闭,如果开启的话,要记得开放puppet端口8140的访问)服务端[root@puppet01 ~]# /etc/init.d/puppetmaster start客服端[root@puppet02 ~]# /etc/init.d/puppet start4)自动注册证书配置服务端[root@puppet01 ~]# cat /etc/puppet/puppet.conf[main]    ......    autosign = true    autosign = /etc/puppet/autosign.conf[root@puppet01 ~]# cat /etc/puppet/autosign.conf        #创建自动注册配置文件,下面表示对所有主机的注册进行签收*[root@puppet01 ~]# /etc/init.d/puppetmaster restart客户端进行注册[root@puppet02 ~]# puppet agent --test --server=puppet01.wang.comNotice: Ignoring --listen on onetime runInfo: Retrieving pluginfactsInfo: Retrieving pluginInfo: Caching catalog for puppet02.wang.comInfo: Applying configuration version '1501320900'Notice: Finished catalog run in 0.42 seconds服务端发现已经自动签收了证书[root@puppet01 ~]# puppet cert --list --all+ "puppet01.wang.com" (SHA256) 3E:99:64:73:14:D5:BA:01:62:2F:53:62:A6:07:55:AB:BA:BE:70:6E:7E:60:7A:81:41:10:63:78:C0:FD:E4:56 (alt names: "DNS:puppet", "DNS:puppet.wang.com", "DNS:puppet01.wang.com")+ "puppet02.wang.com" (SHA256) A4:EF:73:62:3A:DD:F9:2E:E4:12:8F:2E:AE:90:96:43:95:7A:4C:9F:38:02:44:B7:81:C5:08:B5:16:95:42:0B

三、puppet自动化管理配置

在puppet master服务端进行puppet管理条目的配置,配置好之后,这些条目会被发送到puppet agent节点机器上,并被应用到agent节点机器上(即puppet master的"推"操作)。如果agent节点机器以守护进程方式运行,它会默认每隔30分钟连接一次,并检查自己所在主机的配置是否发生了变化或者增加了新的配置。可以通过修改agent上/etc/puppet/puppet.conf文件中的runinterval项来修改这个时间间隔,比如修改时间间隔为1小时"runinterval = 3600"。同时,agent节点机器也可以通过cron进行定时任务的主动连接(即puppet agent的"拉"操作),结合master和agent的一"推"一"拉"的操作。   1)在puppet master端进行配置[root@puppet01 puppet]# lltotal 36-rw-r--r--  1 root root 4178 Jul 29 16:25 auth.conf-rw-r--r--  1 root root    2 Jul 29 16:25 autosign.confdrwxr-xr-x  3 root root 4096 Jul 29 16:25 environments-rw-r--r--  1 root root 1462 Jul 29 16:25 fileserver.confdrwxr-xr-x  2 root root 4096 Jul 29 17:22 manifestsdrwxr-xr-x 13 root root 4096 Jul 29 17:03 modules-rw-r--r--  1 root root  915 Jul 29 16:25 puppet.conf   先创建模块可以手动创建,也可以通过命令创建,不过要修改模块名称。[root@puppet01 puppet]# cd modules/[root@puppet01 modules]# puppet module generate propupet-ssh       #命令行创建模块的命令。模块名称格式"puppet-模块名""[root@puppet01 modules]# mv propupet-ssh ssh        #修改为ssh模块   或者手动创建模块[root@puppet01 modules]# mkdir ssh       #不过还要手动创建模块下的目录结构[root@puppet01 modules]# mkdir ssh/files    #保存模块需要用到的文件[root@puppet01 modules]# mkdir ssh/manifests   #puppet配置文件的存放目录[root@puppet01 modules]# mkdir ssh/templates    #保存模块中用到的模板   modules模块配置好之后,要在/etc/puppet/manifests/site.pp清单文件中进行引用(如下最后会提到)。   2)参考下面几个模块的配置:[root@puppet01 modules]# pwd/etc/puppet/modules   --------------------ssh安装管理模块--------------------[root@puppet01 manifests]# cd /etc/puppet/modules/ssh[root@puppet01 ssh]# cd manifests/[root@puppet01 manifests]# lsconfig.pp  init.pp  install.pp  service.pp[root@puppet01 manifests]# cat init.ppclass ssh {  class { '::ssh::install':} ->  class { '::ssh::config':} ->  class { '::ssh::service':} ->  Class['ssh']}[root@puppet01 manifests]# cat install.ppclass ssh::install {  package { "openssh":               #安装包名为openssh    ensure => present,               #保证该包被安装  }}[root@puppet01 manifests]# cat config.ppclass ssh::config {  file { "/etc/ssh/sshd_config":              #ssh诸如端口、用户名、密码登录的控制都可以事先放在模块的files下的sshd_config文件了,然后利用puppet同步到目标机器上。修改后会自动重启sshd(service类里会自动重启)    ensure => present,    owner => 'root',    group => 'root',    mode => 0600,    source => "puppet:///modules/ssh/sshd_config",     #即sshd_config文件存放在/etc/puppet/modules/ssh/files目录下。注意files目录不写在路径中。    require => Class["ssh::install"],                  #该文件资源存在的前提条件    notify =>  Class["ssh::service"],                  #该文件资源存在后通知ssh::service类    }}[root@puppet01 manifests]# cat service.ppclass ssh::service {  service { "sshd":    ensure => running,    hasstatus => true,    hasrestart =>true,    enable => true,    require => Class["ssh::config"],    }}   [root@puppet01 manifests]# ls ../files/sshd_config../files/sshd_config     --------------------DNS配置管理--------------------[root@puppet ~]# cd /etc/puppet/modules/dns/[root@puppet dns]# lsfiles  manifests[root@puppet dns]# cd manifests/[root@puppet manifests]# lsconfig.pp  init.pp  restart.pp  setup.pp[root@puppet manifests]# cat init.ppclass dns {  include dns::config  include dns::setup  include dns::restart  }[root@puppet manifests]# cat config.ppclass dns::config {  file { "/etc/named":  ensure  => directory,  source => "puppet:///modules/dns/pro-dns/DNS/etc/named",  recurse => true,  }    file { "/var/named":  ensure  => directory,  source =>"puppet:///modules/dns/pro-dns/DNS/var/named",  recurse => true,  }}  [root@puppet manifests]# cat setup.ppclass dns::setup {  exec {"Set permissions of etc-named":  cwd => "/etc",  command => "/bin/chown -R root.named named",  path =>["/usr/bin:/usr/sbin:/bin:/sbin"],  require => Class["dns::config"],  }    exec {"Set permissions of var-named":  cwd => "/var",  command => "/bin/chown -R root.named named && /bin/chown -R named.named named/data/",  path =>["/usr/bin:/usr/sbin:/bin:/sbin"],  require => Class["dns::config"],  }  }[root@puppet manifests]# cat restart.ppclass dns::restart {  exec {"restart named service":  command => "service named restart",  path => ["/usr/bin:/usr/sbin:/bin:/sbin"],  require => Class["dns::config"],  }}  files目录下存放的是DNS的配置文件和正反向解析文件(可以放到gitlab的pro-dns项目的DNS目录下,通过git clone下载)[root@puppet manifests]# cd ../files/[root@puppet files]# lspro-dns[root@puppet files]# ls pro-dns/DNS/etc  var[root@puppet files]# ls pro-dns/DNS/etc/named/named.conf[root@puppet files]# ls pro-dns/DNS/var/named/192.168.10.zone  192.168.16.zone  192.168.32.zone  192.168.33.zone  192.168.34.zone  192.168.64.zone  192.168.8.zone  wangshibo.cn    --------------------java7安装管理模块--------------------[root@puppet01 java7]# cd manifests/[root@puppet01 manifests]# lsinit.pp  install.pp[root@puppet01 manifests]# cat init.ppclass java7 {  include java7::install}[root@puppet01 manifests]# cat install.ppclass java7::install {  file { "/data/software/java-jdk7_install.sh":                    #文件资源    source => "puppet:///modules/java7/java-jdk7_install.sh",    owner => root,    group => root,    mode => 0755    }     exec { "install jdk":                             #命令资源    cwd => "/data/software",    command => "/bin/bash java-jdk7_install.sh",    user => "root",    group => "root",    path =>["/usr/bin:/usr/sbin:/bin:/sbin"],    creates =>"/usr/java/jdk1.7.0_80",                            #当/usr/java/jdk1.7.0_80文件存在时,不执行该命令。只有当不存在时执行!    require =>File["/data/software/java-jdk7_install.sh"]         #该命令资源执行的前提条件    }}[root@puppet01 manifests]# cd ../files/[root@puppet01 files]# lltotal 4-rwxr-xr-x 1 root root 756 Jul 29 16:25 java-jdk7_install.sh[root@puppet01 files]# cat java-jdk7_install.sh#!/bin/bash   /bin/rpm -qa|grep jdk|xargs rpm -e   # install jdk7/bin/rpm -ivh  http://yum.wang.com/software/jdk-7u80-linux-x64.rpm   # set envNUM=`cat /etc/profile|grep "JAVA_HOME"|wc -l`JDK=`cat /etc/profile|grep "JAVA_HOME="|cut -d"=" -f2|awk -F"/" '{print $4}'`if [ $NUM -ne 0 ];then    /bin/sed -i 's#'$JDK'#jdk1.7.0_80#g' /etc/profileelse    echo "JAVA_HOME=/usr/java/jdk1.7.0_80" >> /etc/profile    echo "JAVA_BIN=/usr/java/jdk1.7.0_80/bin" >> /etc/profile    echo "PATH=/usr/lib64/qt-3.3/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin:/bin" >> /etc/profile    echo "CLASSPATH=.:/lib/dt.jar:/lib/tools.jar" >> /etc/profile    echo "export JAVA_HOME JAVA_BIN PATH CLASSPATH" >> /etc/profilefi   source /etc/profile      --------------------java8安装管理模块--------------------[root@puppet01 files]# cd /etc/puppet/modules/java8[root@puppet01 java8]# lsfiles  manifests[root@puppet01 java8]# cd manifests/[root@puppet01 manifests]# lsinit.pp  install.pp[root@puppet01 manifests]# cat init.ppclass java8 {  include java8::install}[root@puppet01 manifests]# cat install.ppclass java8::install {  file { "/data/software/java-jdk8_install.sh":    source => "puppet:///modules/java8/java-jdk8_install.sh",    owner => root,    group => root,    mode => 0755    }     exec { "install jdk":    cwd => "/data/software",    command => "/bin/bash java-jdk8_install.sh",    user => "root",    group => "root",    path =>["/usr/bin:/usr/sbin:/bin:/sbin"],    creates =>"/usr/java/jdk1.8.0_131",    require =>File["/data/software/java-jdk8_install.sh"]    }}[root@puppet01 manifests]# cat ../files/java-jdk8_install.sh#!/bin/bash   /bin/rpm -qa|grep jdk|xargs rpm -e   # install jdk8 jdk7/bin/rpm -ivh  http://yum.wang.com/software/jdk-8u131-linux-x64.rpm   # set envNUM=`cat /etc/profile|grep "JAVA_HOME"|wc -l`JDK=`cat /etc/profile|grep "JAVA_HOME="|cut -d"=" -f2|awk -F"/" '{print $4}'`if [ $NUM -ne 0 ];then    /bin/sed -i 's#'$JDK'#jdk1.8.0_131#g' /etc/profileelse    echo "JAVA_HOME=/usr/java/jdk1.8.0_131" >> /etc/profile    echo "JAVA_BIN=/usr/java/jdk1.8.0_131/bin" >> /etc/profile    echo "PATH=/usr/lib64/qt-3.3/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin:/bin" >> /etc/profile    echo "CLASSPATH=.:/lib/dt.jar:/lib/tools.jar" >> /etc/profile    echo "export JAVA_HOME JAVA_BIN PATH CLASSPATH" >> /etc/profilefi   source /etc/profile   --------------------tomcat8安装管理模块--------------------[root@puppet01 manifests]# cd /etc/puppet/modules/tomcat8/[root@puppet01 tomcat8]# lsfiles  manifests[root@puppet01 tomcat8]# cd manifests/[root@puppet01 manifests]# lsinit.pp  install.pp[root@puppet01 manifests]# cat init.ppclass tomcat8 {  include tomcat8::install}   [root@puppet01 manifests]# cat install.ppclass tomcat8::install {  file { "/data/software/apache-tomcat-8.5.15.tar.gz":  source =>"puppet:///modules/tomcat8/apache-tomcat-8.5.15.tar.gz",  owner => "root",  group => "root",  mode => 755  }     exec {"install tomcat":  cwd => "/data/software",  command => "/bin/tar -zvxf apache-tomcat-8.5.15.tar.gz && mv apache-tomcat-8.5.15 /data/tomcat",  user => "root",  group => "root",  path =>["/usr/bin:/usr/sbin:/bin:/sbin"],  creates => "/data/tomcat",  require => File["/data/software/apache-tomcat-8.5.15.tar.gz"]  }}[root@puppet01 manifests]# ls ../files/apache-tomcat-8.5.15.tar.gz   --------------------nginx安装管理模块--------------------[root@puppet01 manifests]# cd /etc/puppet/modules/nginx/[root@puppet01 nginx]# lsfiles  manifests[root@puppet01 nginx]# cd manifests/[root@puppet01 manifests]# lsinit.pp  install.pp[root@puppet01 manifests]# cat init.ppclass nginx {  include nginx::install}[root@puppet01 manifests]# cat install.ppclass nginx::install {  file { "/data/software/nginx1.10_install.sh":  source =>"puppet:///modules/nginx/nginx1.10_install.sh",  owner => "root",  group => "root",  mode => 755  }     exec {"install nginx":  cwd => "/data/software",  command => "/bin/bash -x nginx1.10_install.sh",  user => "root",  group => "root",  path =>["/usr/bin:/usr/sbin:/bin:/sbin"],  creates => "/data/nginx/conf/nginx.conf",  require => File["/data/software/nginx1.10_install.sh"]  }}[root@puppet01 manifests]# cat ../files/nginx1.10_install.sh#!/bin/bash#基础环境准备/usr/sbin/groupadd -r nginx/usr/sbin/useradd -r -g nginx -s /bin/false -M nginx/usr/bin/yum install -y pcre pcre-devel openssl openssl-devel gcc   #编译安装nginx1.10cd /data/software//usr/bin/wget http://yum.wang.com/software/nginx-1.10.3.tar.gz/bin/tar -zvxf nginx-1.10.3.tar.gzcd nginx-1.10.3./configure --prefix=/data/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_flv_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcremake && make install   #配置nginxcp /data/nginx/conf/nginx.conf /data/nginx/conf/nginx.conf.bak> /data/nginx/conf/nginx.conf   cat > /data/nginx/conf/nginx.conf << EOFuser  nobody;worker_processes  8;    #error_log logs/error.log;#error_log logs/error.log notice;#error_log logs/error.log info;    events {    worker_connections  65535;}      http {    server_tokens off;    include       mime.types;    default_type  application/octet-stream;    charset utf-8;         log_format  main  '$http_x_forwarded_for $remote_addr $remote_user [$time_local] "$request" '                      '$status $body_bytes_sent "$http_referer" '                      '"$http_user_agent" "$http_cookie" $host $request_time';    sendfile       on;    tcp_nopush     on;    tcp_nodelay    on;    keepalive_timeout  65;              fastcgi_connect_timeout 3000;    fastcgi_send_timeout 3000;    fastcgi_read_timeout 3000;    fastcgi_buffer_size 256k;    fastcgi_buffers 8 256k;    fastcgi_busy_buffers_size 256k;    fastcgi_temp_file_write_size 256k;    fastcgi_intercept_errors on;                   client_header_timeout 600s;    client_body_timeout 600s;          client_max_body_size 100m;      client_body_buffer_size 256k;        ## support more than 15 test environments    server_names_hash_max_size 512;    server_names_hash_bucket_size 128;    gzip  on;    gzip_min_length  1k;    gzip_buffers     4 16k;    gzip_http_version 1.1;    gzip_comp_level 9;    gzip_types       text/plain application/x-javascript text/css application/xml text/javascript application/x-httpd-php;    gzip_vary on;               include vhosts/*.conf;}EOF   /bin/mkdir /data/nginx/conf/vhosts   cat > /data/nginx/conf/vhosts/test.conf << EOFserver {    listen       80;    server_name  localhost;    access_log  logs/access.log;    error_log   logs/error.log;    location / {   root html;   index index.php index.html index.htm;   }}EOF   /data/nginx/sbin/nginx      --------------------motd文件管理模块--------------------[root@puppet01 manifests]# cd /etc/puppet/modules/motd/[root@puppet01 motd]# lsfiles  manifests[root@puppet01 motd]# cd manifests/[root@puppet01 manifests]# lsconfig.pp  init.pp  install.pp[root@puppet01 manifests]# cat init.ppclass motd {  include motd::config  include motd::install  }[root@puppet01 manifests]# cat install.ppclass motd::install {  package{'setup':  ensure => present,  }}[root@puppet01 manifests]# cat config.ppclass motd::config {  file { "/etc/motd":    ensure => present,    owner => "root",    group => "root",    mode => 0644,    source => "puppet:///modules/motd/motd",    require => Class["motd::install"],    }}[root@puppet01 manifests]# ls ../files/motd../files/motd   --------------------dns文件管理模块--------------------[root@puppet01 manifests]# cd /etc/puppet/modules/dns/[root@puppet01 dns]# lsfiles  manifests[root@puppet01 dns]# cd manifests/[root@puppet01 manifests]# lsconfig.pp  init.pp[root@puppet01 manifests]# cat init.ppclass dns {  include dns::config  }[root@puppet01 manifests]# cat config.ppclass dns::config {  file { "/etc/resolv.conf":    ensure => present,    owner => "root",    group => "root",    mode => 0644,    source => "puppet:///modules/dns/resolv.conf",    }}[root@puppet01 manifests]# cat ../files/resolv.confsearch wang.comnameserver 192.168.1.27nameserver 192.168.1.28   --------------------chrony时间同步文件管理模块--------------------[root@puppet01 manifests]# cd /etc/puppet/modules/chrony/[root@puppet01 chrony]# lsfiles  manifests[root@puppet01 chrony]# cd manifests/[root@puppet01 manifests]# lsinit.pp  install.pp[root@puppet01 manifests]# cat init.ppclass chrony {  include chrony::install  }[root@puppet01 manifests]# cat install.ppclass chrony::install {  file { "/data/software/chrony.sh":  source =>"puppet:///modules/chrony/chrony.sh",  owner => "root",  group => "root",  mode => 755  }     exec {"install chrony":  cwd => "/data/software",  command => "/bin/bash -x chrony.sh",  user => "root",  group => "root",  path =>["/usr/bin:/usr/sbin:/bin:/sbin"],  creates => "/etc/chrony.conf",  require => File["/data/software/chrony.sh"]  }}[root@puppet01 manifests]# cat ../files/chrony.sh#!/bin/bash/etc/init.d/ntpd stop/usr/bin/yum install chrony -ycp /etc/chrony.conf /etc/chrony.conf.bakrm -f /etc/chrony.confwget http://yum.wang.com/software/chrony.confcp -f chrony.conf /etc//etc/init.d/chronyd start/usr/bin/chronyc sources -v   --------------------yum文件管理模块--------------------[root@puppet01 manifests]# cd /etc/puppet/modules/yum/[root@puppet01 yum]# lsfiles  manifests[root@puppet01 yum]# cd manifests/[root@puppet01 manifests]# lsconfig.pp  init.pp[root@puppet01 manifests]# cat init.ppclass yum {  include yum::config  }[root@puppet01 manifests]# cat config.ppclass yum::config {  file { "/data/software/yum.sh":    source => "puppet:///modules/yum/yum.sh",    owner => "root",    group => "root",    mode => 0755,    }     exec { "set yum":    cwd => "/data/software",    command => "/bin/bash yum.sh",    user => "root",    group => "root",    path =>["/usr/bin:/usr/sbin:/bin:/sbin"],    unless => "grep mirrors.wang.com /etc/yum.repos.d/CentOS-Base.repo",           #当这个结果为假的时候才执行这个命令。如果结果为真,就停止执行这个命令。    require =>File["/data/software/yum.sh"]    }}   [root@puppet01 manifests]# cat ../files/yum.sh#!/bin/bash   rm -f  /etc/yum.repos.d/*.repo    wget http://yum.wang.com/software/CentOS-Base.repo -O /etc/yum.repos.d/CentOS-Base.repowget http://yum.wang.com/software/epel.repo    -O /etc/yum.repos.d/epel.repo#wget http://yum.wang.com/software/mongodb.repo   yum clean allyum makecache --------------------resolv文件管理模块--------------------[root@puppet ~]# ls /etc/puppet/modules/chrony  dns  java7  java8  motd  nginx  postfix  resolv  ssh  sudo  tomcat8  yum[root@puppet ~]# cd /etc/puppet/modules/resolv/manifests/[root@puppet manifests]# lsconfig.pp  init.pp[root@puppet manifests]# cat init.ppclass resolv {  include resolv::config  }class resolv01 {  include resolv::dns01  }class resolv02 {  include resolv::dns02  }[root@puppet manifests]# cat config.ppclass resolv::config {  file { "/etc/resolv.conf":    source => "puppet:///modules/resolv/resolv.conf",    ensure => "present",    owner  => "root",    group  => "root",    mode   => 0644,    }} [root@puppet manifests]# cat ../files/resolv.confsearch wang.comnameserver 192.168.1.27nameserver 192.168.1.28options timeout:1options attempts:1   --------------------postfix安装管理模块--------------------[root@puppet01 manifests]# cd /etc/puppet/modules/postfix/[root@puppet01 postfix]# ls manifests/config.pp  init.pp  install.pp  service.pp[root@puppet01 postfix]# ls files/master.cf[root@puppet01 postfix]# ls templates/main.cf.erb[root@puppet01 postfix]# cat manifests/init.ppclass postfix {  include postfix::install  include postfix::config  include postfix::service}[root@puppet01 postfix]# cat manifests/install.ppclass postfix::install {  package { ["postfix","mailx" ]:    ensure => present,  }}[root@puppet01 postfix]# cat manifests/config.ppclass postfix::config {  File {    owner => 'postfix',    group => 'postfix',    mode => 0644,    }     file {'/etc/postfix/master.cf':    ensure => present,    source => 'puppet:///modules/postfix/master.cf',    require => Class['postfix::install'],    notify => Class['postfix::service'],    }     file {'/etc/postfix/main.cf':    ensure => present,    content => template('postfix/main.cf.erb'),    require => Class['postfix::install'],    notify => Class['postfix::service'],    }}[root@puppet01 postfix]# cat manifests/service.ppclass postfix::service {  service { 'postfix':    ensure     => running,    hasstatus  => true,    hasrestart => true,    enable     => true,    require    => Class['postfix::config'],    }}   [root@puppet01 postfix]# cat templates/main.cf.erbsoft_bounce = nocommand_directory = /usr/sbindaemon_directory = /usr/libexec/postfixmail_owner = postfixmyhostname = <%= @hostname %>               mydomain = <%= @domain %>myorigin = $mydomainmydestination = $myhostname,localhost.$mydomain,localhost,$mydomainunknown_local_recipient_reject_code = 550relay_domains = $mydestinationsmtpd_reject_unlisted_recipient = yesunverified_recipient_reject_code = 500smtpd_banner = $myhostname ESMTPsetgid_group = postdrop   [root@puppet01 postfix]# ls files/master.cffiles/master.cf   #注意:模板里的变量通过ERB语法从Facter的fact中获取值。fact的名称放在有<%=和%>组成的ERB括号里,在Puppet运行时,它们将被替代为Fact的实际值(即agent端的实际值)。   --------------------------------------------------------------------------------------------------   然后在/etc/puppet/manifests/site.pp清单文件中引用这些类:[root@puppet manifests]# cat /etc/puppet/manifests/site.ppclass base {  include chrony  include java8  include tomcat8  include nginx  include yum  include resolv  } node 'puppet02.bkjk.cn' {  include dns  include yum  } node 'dns01' {  #include dns  include yum  include ssh  include resolv  } node 'dns02' {  #include dns  include yum  include ssh  include resolv  } node 'mirrors' {  include yum  include ssh  include resolv  } 上面的dns01、dns02、mirrors都是通过内网DNS解析的。[root@puppet manifests]# ping mirrorsPING mirrors.wang.com (192.168.1.240) 56(84) bytes of data.64 bytes from yum.wang.com (192.168.1.240): icmp_seq=1 ttl=64 time=0.889 ms......   --------------------------------------------------------------------------------------------------   最后在puppet agent端连接puppet master,进行应用同步管理。[root@puppet02 ~]# puppet agent --test --server=puppet01.wang.comNotice: Ignoring --listen on onetime runInfo: Retrieving pluginfactsInfo: Retrieving pluginInfo: Caching catalog for puppet02.wang.comInfo: Applying configuration version '1501429243'Notice: /Stage[main]/Chrony::Install/File[/data/software/chrony.sh]/ensure: defined content as '{md5}fe7f9787a7cae33ed0e00c26f880b145'Notice: /Stage[main]/Chrony::Install/Exec[install chrony]/returns: executed successfully........   执行成功后,在puppet agent节点机器上进行验证。后续再对这些应用配置进行管理时,只需在puppet master进行维护操作,puppet agent端会自动进行同步管理的。------------------------------------------------------------------------------------------------------[root@puppet dns]# puppet agent -t       #puppet服务端测试连接[root@puppet dns]# puppet agent --help配置说明:class source::exec2{  exec { "install nginx":    cwd       =>"/tmp/rhel5/nginx",  #目录存在的情况下执行command    command   =>"tar -zxvf nginx-0.8.42.tar.gz && cd nginx-0.8.42 &&./configure --user=nginx --group=nginx --prefix=/usr/local/nginx --without-http-cache && make&&make install",      path      => ["/usr/bin","/usr/sbin","/bin","/sbin"],    logoutput => on_failure,      unless    => "/bin/ls /usr/local/nginx/conf",        #命令返回值不为0的情况下执行commond    require   => Class[source::file1,source::user]    notify    => Class["source::exec3"],  }[root@puppet dns]# /bin/ls /data/nginx/conf/nginx.conf/data/nginx/conf/nginx.conf[root@puppet dns]# echo $?0

转载地址:http://lguna.baihongyu.com/

你可能感兴趣的文章
IOS中常用的知识总结(二)
查看>>
调用另一个Activity
查看>>
关于 Apache 的 25 个初中级面试题
查看>>
Activity那些不得不说的事
查看>>
小米生早了!!
查看>>
mysqldump: Got error: 1556: You can't use locks with log tables
查看>>
JS闭包
查看>>
Windows 管理PostgreSQL服务
查看>>
演讲实录 | Service Mesh 时代的选边与站队(附PPT下载)
查看>>
Eclipse 安装findbugs插件
查看>>
labview加密分析-1综述
查看>>
log4j自定义Appender
查看>>
部署公司后台管理系统中 关于jar包冲突的问题
查看>>
【九度OJ1367】|【剑指offer24】二叉搜索树的后序遍历序列
查看>>
JVM运行时内存结构
查看>>
MySQL数据库删除后的恢复工作
查看>>
转:wordpress样式修改
查看>>
我的友情链接
查看>>
仿新浪微博底部菜单TabHost
查看>>
【高清视频】CCNA系列课程之五:STP生成树协议介绍
查看>>
喝酒易醉,品茶养心,人生如梦,品茶悟道,何以解忧?唯有杜康!-- 愿君每日到此一游!
当前时间: 2025-01-08 18:28:17   当前IP: 18.118.144.50   联系邮箱:javaeecc@qq.com     Copyright © 2020 - 2022 baihongyu.com 京ICP备2021015314号-2
强烈建议你试试无所不能的CHAT-GPT,快点击我
强烈建议你试试无所不能的CHAT-GPT,快点击我