#### Puppet基礎篇3-安裝Puppet前期的準備工作
# 工欲善其事必先利其器
在安裝Puppet之前是需要做很多預備工作的,比如網絡地址規范、主機名、certname名、時間等等,也只有這些準備好了,才不至于在安裝好puppet之后發現問題而后悔莫及。**說明:**接下來的整套文檔體系都是以本篇文檔規范方案進行設計和擴充的,同樣也是也是按照準生產的標準進行編寫。
### 一、網絡地址規范
~~~
【HOSTNAME】 【IP】 【certname】 【operatingsystem】
puppetmaster.kisspuppet.com 192.168.100.110/24 puppetmaster_cert.kisspuppet.com RHEL6.4
agent1.kisspuppet.com 192.168.100.111/24 agent1_cert.kisspuppet.com RHEL5.7
agent2.kisspuppet.com 192.168.100.112/24 agent2_cert.kisspuppet.com RHEL5.8
agent3.kisspuppet.com 192.168.100.123/24 agent3_cert.kisspuppet.com RHEL6.4
~~~
**注:**192.168.100.*/24的網關為192.168.100.110 所有服務器的DNS1為192.168.100.110
**1、設置主機名**
~~~
[root@puppetmaster ~]# vim /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=puppetmaster.kisspuppet.com
[root@agent1 ~]# vim /etc/sysconfig/network
NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=agent1.kisspuppet.com
~~~
**注:**agent2~agent3同上
**2、設置IP地址**
可通過`system-config-network`命令進行配置好后在進入配置文件進行修改
~~~
[root@puppetmaster ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=none
IPADDR=192.168.100.110
NETMASK=255.255.255.0
GATEWAY=192.168.100.110
DNS1=192.168.100.110
IPV6INIT=no
USERCTL=no
~~~
**注:**node1~node3同上
**3、關閉NetworkManager服務**
NetworkManager服務是RHEL圖形界面管理網卡的服務,由于其開啟會對網絡造成影響,RHEL6默認是開啟的,建議關閉。
~~~
[root@puppetmaster ~]# /etc/init.d/NetworkManager stop
Stopping NetworkManager daemon: [ OK ]
[root@puppetmaster ~]# chkconfig NetworkManager off
~~~
**注:**node1~node3同上
**4、關閉防火墻**
本實驗主要是為了測試整個架構的功能,如果要測試防火墻,請另行解決。
~~~
[root@puppetmaster ~]# /etc/init.d/iptables stop
iptables: Flushing firewall rules: [ OK ]
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Unloading modules: [ OK ]
[root@puppetmaster ~]# chkconfig iptables off
~~~
**注:**node1~node3同上
**5、關閉selinux**
~~~
[root@puppetmaster ~]# sed -i 's/SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config
~~~
**注:**node1~node3同上
**6、設置key**為了操作方便,設置公鑰私鑰,可通過puppetmaster端統一部署
~~~
[root@puppetmaster ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
ff:55:8d:31:34:b4:b3:6a:70:3b:aa:09:76:12:5b:8d root@puppetmaster.kisspuppet.com
The key's randomart image is:
+--[ RSA 2048]----+
| .+ |
| . o |
| = |
| o *.|
| . E o . o o|
| + . o o . |
| = . . = . |
| . + . + o |
| o.. . |
+-----------------+
[root@puppetmaster ~]# for i in {1..3}; do ssh-copy-id -i 192.168.100.11$i; done
The authenticity of host '192.168.100.111 (192.168.100.111)' can't be established.
RSA key fingerprint is ae:db:c5:0c:0e:3f:8c:62:ea:a1:26:e2:09:63:18:32.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.100.111' (RSA) to the list of known hosts.
root@192.168.100.111's password:
Now try logging into the machine, with "ssh '192.168.100.111'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
...
~~~
**7、設置hosts文件**
puppet通信的前提是agent和master必須能夠互相解析主機名。當然,也可以設置DNS,在第四部分搭建kermit架構的時候會搭建DNS服務,現在先暫時通過hosts文件進行解析,可先設置好puppetmaster后,統一copy到所有節點上
~~~
[root@puppetmaster ~]# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.100.110 puppetmaster.kisspuppet.com puppetmaster
192.168.100.111 agent1.kisspuppet.com agent1
192.168.100.112 agent2.kisspuppet.com agent2
192.168.100.113 agent3.kisspuppet.com agent3
[root@puppetmaster ~]# for i in {1..3}; do scp /etc/hosts 192.168.100.11$i:/etc/; done
hosts 100% 354 0.4KB/s 00:00
hosts 100% 354 0.4KB/s 00:00
hosts 100% 354 0.4KB/s 00:00
[root@agent1 ~]# ping puppetmaster.kisspuppet.com #設置完成之后記得測試下
PING puppetmaster.kisspuppet.com (192.168.100.110) 56(84) bytes of data.
64 bytes from puppetmaster.kisspuppet.com (192.168.100.110): icmp_seq=1 ttl=64 time=0.327 ms
64 bytes from puppetmaster.kisspuppet.com (192.168.100.110): icmp_seq=2 ttl=64 time=0.996 ms
64 bytes from puppetmaster.kisspuppet.com (192.168.100.110): icmp_seq=3 ttl=64 time=1.00 ms
--- puppetmaster.kisspuppet.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 0.327/0.774/1.000/0.317 ms
~~~
**注意:**設置完網絡后,可以通過類似**Xshell**這樣的工具進行登錄,方便操作
**二、配置本地光盤yum源**
由于我這邊是vmware虛擬機操作,所以光盤是可以直接掛載到某一個目錄里面,如果是物理機,建議將光盤里的文件全部copy到指定的一個目錄里面,然后beaeurl指向它既可。
~~~
[root@puppetmaster ~]# mkdir /media/cdrom
[root@puppetmaster ~]# mount /dev/cdrom /media/cdrom/
mount: block device /dev/sr0 is write-protected, mounting read-only
[root@puppetmaster ~]# cp /etc/yum.repos.d/rhel-source.repo /etc/yum.repos.d/rhel-base.repo
[root@puppetmaster ~]# vim /etc/yum.repos.d/rhel-base.repo
[rhel-base]
name=Red Hat Enterprise Linux $releasever - $basearch - Source
baseurl=file:///media/cdrom
enabled=1
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
[root@puppetmaster ~]# yum clean all
Loaded plugins: product-id, refresh-packagekit, security, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Cleaning repos: rhel-base
Cleaning up Everything
[root@puppetmaster ~]# yum install tree lrzsz #測試
Loaded plugins: product-id, refresh-packagekit, security, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
rhel-base | 3.9 kB 00:00 ...
rhel-base/primary_db | 3.1 MB 00:01 ...
Setting up Install Process
Resolving Dependencies
...
~~~
**注:**node1~node3同上
**說明:**RHEL5的report在Server目錄,所以在配置repo文件的時候參數 `baseurl=file:///media/cdrom/Server`
### 三、設置NTP服務器
**1、配置NTP服務器**設置ntp服務器和本地進行同步,當然如果聯網也可以和外部服務器同步,這里只需要保證所有服務器時間一致。原因是因為,puppetmaster和agent之間時間相差不得超過10分鐘(好像是),而后期配置的mcollecitve服務端和客戶端之間不能相差60秒
~~~
[root@puppetmaster ~]# rpm -qa | grep ntp
fontpackages-filesystem-1.41-1.1.el6.noarch
ntpdate-4.2.4p8-3.el6.x86_64 #默認已經安裝
ntp-4.2.4p8-3.el6.x86_64 #默認已經安裝
[root@puppetmaster ~]# cp /etc/ntp.conf{,.bak}
[root@puppetmaster ~]# vim /etc/ntp.conf
driftfile /var/lib/ntp/drift
logfile /var/log/ntp.log
Broadcastdelay 0.008
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
restrict default ignore
restrict 127.0.0.1
restrict -6 ::1
restrict 192.168.100.0 mask 255.255.255.0 notrap nomodify
server 127.127.1.0 # local clock
fudge 127.127.1.0 stratum 10 refid NIST
includefile /etc/ntp/crypto/pw
keys /etc/ntp/keys
[root@puppetmaster ~]# /etc/init.d/ntpd start
Starting ntpd: [ OK ]
[root@puppetmaster ~]# chkconfig ntpd on
~~~
**2、節點測試并設置crontab**
~~~
[root@agent1 ~]# ntpdate puppetmaster.kisspuppet.com
7 Mar 06:08:30 ntpdate[16411]: adjust time server 192.168.100.110 offset 0.049448 sec
[root@agent1 ~]# crontab -l #可通過croutab -e命令設置
*/30 * * * * /usr/sbin/ntpdate puppetmaster.kisspuppet.com >>/root/ntdate.log 2>&1 && /sbin/clock --systohc
[root@agent1 ~]# /etc/init.d/crond reload
Reloading cron daemon configuration: [ OK ]
~~~
### 四、制作本地yum倉庫
本實驗大部分包來自于[http://yum.puppetlabs.com](http://yum.puppetlabs.com),部分包來自于EPEL和Gems官網,rabbitmq官方等,關于如何制作yum倉庫,之前有文章寫道[http://kisspuppet.com/2014/01/26/puppet_create_repo/](http://kisspuppet.com/2014/01/26/puppet_create_repo/),這里在簡單操作一下
~~~
[root@puppetmaster RHEL6U4]# yum install createrepo #安裝制作軟件包的軟件
[root@puppetmaster RHEL6U4]# createrepo . #將本目錄以及子目錄下所有rpm包生產repodata
Spawning worker 0 with 105 pkgs
Workers Finished
Gathering worker results
Saving Primary metadata
Saving file lists metadata
Saving other metadata
Generating sqlite DBs
Sqlite DBs complete
~~~
**注:**RHEL5的repodata必須在RHEL5環境下運行createrpo命令生成
### 五、配置FTP服務器
**1、安裝并配置FTP服務器**
搭建FTP服務器的目的只要是為自定義yum倉庫做準備
~~~
[root@puppetmaster ~]# yum install vsftpd
Loaded plugins: product-id, refresh-packagekit, security, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
rhel-base | 3.9 kB 00:00 ...
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package vsftpd.x86_64 0:2.2.2-11.el6 will be installed
--> Finished Dependency Resolution
...
[root@puppetmaster ~]# cp /etc/vsftpd/vsftpd.conf{,.bak}
[root@puppetmaster ~]# vim /etc/vsftpd/vsftpd.conf
anonymous_enable=YES
local_enable=YES
write_enable=YES
local_umask=022
anon_upload_enable=YES
anon_root=/puppet #匿名訪問的目錄
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_file=/var/log/xferlog
xferlog_std_format=YES
listen=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
[root@puppetmaster ~]# /etc/init.d/vsftpd start
Starting vsftpd for vsftpd: [ OK ]
[root@puppetmaster ~]# chkconfig vsftpd on
~~~
**2、在FTP共享目錄里制作yum倉庫**
將生成好的yum源copy到FTP共享目錄中
~~~
[root@puppetmaster ~]# ll /puppet/
total 12
drwxr-xr-x 4 root root 4096 Mar 7 06:21 RHEL5U7
drwxr-xr-x 4 root root 4096 Mar 7 06:21 RHEL5U8
drwxr-xr-x 6 root root 4096 Mar 7 06:21 RHEL6U4
[root@puppetmaster ~]# ll /puppet/RHEL6U4/
total 16600
-rw-r--r-- 1 root root 87643 Mar 7 06:21 facter-1.7.3-1.el5.x86_64.rpm
-rw-r--r-- 1 root root 87440 Mar 7 06:21 facter-1.7.3-1.el6.x86_64.rpm
drwxr-xr-x 2 root root 4096 Mar 7 06:21 gem
-rw-r--r-- 1 root root 634944 Mar 7 06:21 GeoIP-1.4.8-1.el6.x86_64.rpm
-rw-r--r-- 1 root root 151654 Mar 7 06:21 keepalived-1.2.7-1.1.x86_64.rpm
-rw-r--r-- 1 root root 10924 Mar 7 06:21 mcollective-2.2.4-1.el6.noarch.rpm
-rw-r--r-- 1 root root 24596 Mar 7 06:21 mcollective-client-2.2.4-1.el6.noarch.rpm
-rw-r--r-- 1 root root 759300 Mar 7 06:21 mcollective-common-2.2.4-1.el6.noarch.rpm
drwxr-xr-x 3 root root 4096 Mar 7 06:21 mcollective-plugins
drwxr-xr-x 2 root root 4096 Mar 7 06:21 mq
-rw-r--r-- 1 root root 406588 Mar 7 06:21 nginx-1.0.15-5.el6.x86_64.rpm
-rw-r--r-- 1 root root 1128352 Mar 7 06:21 puppet-2.7.23-1.el6.noarch.rpm
-rw-r--r-- 1 root root 4509032 Mar 7 06:21 puppet-dashboard-1.2.23-1.el6.noarch.rpm
-rw-r--r-- 1 root root 25596 Mar 7 06:21 puppet-server-2.7.23-1.el6.noarch.rpm
-rw-r--r-- 1 root root 3729988 Mar 7 06:21 rabbitmq-server-3.1.5-1.el6.noarch.rpm
drwxr-xr-x 2 root root 4096 Mar 7 06:21 repodata
...
~~~
### 六、配置遠程yum倉庫
~~~
[root@puppetmaster ~]# vim /etc/yum.repos.d/rhel-puppet.repo
[rhel-puppet]
name=puppetlabs epel gems for rhel
baseurl=ftp://puppetmaster.kisspuppet.com/RHEL6U4 #指向FTP服務器地址
enabled=1
gpgcheck=0
[root@puppetmaster ~]# yum list | grep puppet-server #測試
puppet-server.noarch 2.7.25-1.el6 rhel-puppet
~~~
**注:**node1~node3同上
### 七、重要軟件版本選型
目前puppet最成熟的版本為2.7.和3.3版本,兩個版本都可以,本實驗采用2.7版本。
~~~
puppet-server 2.7.25-1 來自puppetlabs
puppet 2.7.25-1 來自puppetlabs
facter 1.7.5 來自puppetlabs
puppet-dashboar 1.2.23 來自puppetlabs
ruby 1.8.* 系統自帶
mcollective 2.2.4 來自puppetlabs
activemq 5.5.0 來自puppetlabs
rabbitmq-server 3.1.5 來自rabbitmq官網
kermit-webui 1.2-1 來自kermit官網
...
~~~
- 序
- 第一章:Puppet基礎篇
- 編寫此系列文檔的目的
- 如何學習和使用Puppet
- 安裝Puppet前期的準備工作
- 安裝、配置并使用Puppet
- 如何建立master和agent之間的認證關系
- Puppet更新方式的選型
- 編寫第一個完整測試模塊puppet
- 編寫第二個完整測試模塊yum
- Puppetmaster多環境配置
- 自定義fact實現的四種方式介紹
- 第二章:Puppet擴展篇
- 自定義fact結合ENC(hirea)的應用實踐
- 如何使用虛擬資源解決puppet沖突問題
- 如何擴展master的SSL傳輸性能(apache)
- 如何擴展master的SSL傳輸性能(nginx)
- 通過多進程增強master的負載均衡能力(nginx+mongrel)
- 通過橫向擴展puppetmaster增加架構的靈活性
- puppet代碼與版本控制系統的結合
- Puppet dashboard的部署及測試
- 第三章:MCollective架構篇
- MCollecitve架構的引入
- MCollective+MQ架構的部署
- Puppet插件的部署及測試
- MCollective各種插件的部署及測試
- MCollective安全性設計
- MQ的安全性設計
- 多MQ下MCollective高可用部署
- 第四章:Foreman架構的引入
- Foreman作為自動化運維工具為什么會如此強大
- 安裝前環境準備
- 安裝Foreman1.5架構(all-in-one)
- 安裝Foreman1.6架構(foreman與puppetmaster分離)
- 安裝Foreman1.7架構(源碼,僅測試使用)
- 整合puppetmaster
- Foreman結合mcollective完成push動作
- Foreman結合puppetssh完成push動作
- Foreman的ENC環境與fact環境的對比
- hostgroup如何轉換為本地的fact
- 智能變量與puppet模塊參數化類的結合
- Foreman報告系統的使用
- Foreman-proxy如何做負載均衡
- Foreman上如何展現代碼及文件內容
- Foreman如何和虛擬化管理軟件結合
- 如何借助Foreman完成自動化部署操作系統(一)
- 如何借助Foreman完成自動化部署操作系統(二)
- Foreman CLI(Hammer)工具的使用
- Foreman目前的不足之處