Puppet centralized configuration management under Redhat
An introduction to puppet
Puppet is a configuration management tool. Typically, puppet is a C/S structure. Of course, there can be many C here ,Therefore
, it can also be said to be a star structure. All puppet clients communicate with the puppet on the same server. Each
puppet client connects to the server every half hour (can be set) and downloads the latest Configuration file, and configure the server strictly according to the configuration file
. After the configuration is completed, the puppet client can feedback a message to the server. If an error occurs,
will also feedback a message to the server.
Second installation environment
Server side: 172.25.254.2 vm2.example.com puppet master
Client side: 172.25.254.3 vm3.example.com puppet agent
Client side: 172.25.254.4 vm4.example .com puppet agent
Important: Resolution and time synchronization are required between the server and all clients, otherwise the verification will fail.
Server side:
Install these packages first
[root@vm2 puppet]# yum install -y puppet-server-3.8.1-1.el6.noarch.rpm facter-2.4.4 -1.el6.x86_64.rpm ruby-augeas-0.4.1-3.el6.x86_64.rpm rubygems-1.3.7-5.el6.noarch.rpm rubygem-json-1.5.5-3.el6.x86_64. rpm ruby-shadow-2.2.0-2.el6.x86_64.rpm puppet-3.8.1-1.el6.noarch.rpm hiera-1.3.4-1.el6.noarch.rpm
Start the service :[root@vm2 puppet]# /etc/init.d/puppetmaster start
Starting puppetmaster: [ OK ]
Check whether port 8140 is open
[root@vm2 puppet]# netstat -anltp |grep ruby
tcp 0 0 0.0.0.0:8140 0.0.0.0:* LISTEN 1118/ruby
Client:
Install these packages: yum install -y puppet-3.8.1-1 .el6.noarch.rpm ruby-shadow-2.2.0-2.el6.x86_64.rpm facter-2.4.4-1.el6.x86_64.rpm hiera-1.3.4-1.el6.noarch.rpm ruby-augeas -0.4.1-3.el6.x86_64.rpmrubygems-1.3.7-5.el6.noarch.rpm rubygem-json-1.5.5-3.el6.x86_64.rpm
Initiate authentication:
When the authentication is initiated for the first time, it will show that there is no certificate because the server has not agreed yet
At this time, you can view the user who initiated the authentication request on the server
Signing certificate
Delete certificate
puppet cert clean vm3.example.com
Check on the client whether the authentication is successful
As shown below, the authentication is successful.
Three servers realize automatic authentication
On the server side
vim /etc/puppet/puppet.conf
Add this line under main
[ main]
autosign = true
Create the autosign.conf file in the /etc/puppet directory with the following content:
*.example.com #Indicates that all hosts in the example.com domain are allowed
/etc/init.d/puppetmaster reload
You only need to apply directly on the client to succeed
puppet agent --server vm2.example.com --test
In practice, sometimes the client host name is modified, so the certificate needs to be regenerated:
1) Execute on the server side: puppet cert --clean vm3.example.com #The original client host you want to delete Name
2) Execute on the client side: rm -fr /var/lib/puppet/ssl/*
puppet agent --server=puppet.example.com
The first execution of puppet The code is in /etc/puppet/manifest/site.pp, so this file must exist, and other codes must also be called through this file.
Four server resource definitions:
cd /etc/puppet/manifests
vim site.pp
file {
"/mnt/puppet-3.8.1-1.el6.noarch. rpm": client destination
content => "puppet:///files/puppet-3.8.1-1.el6.noarch.rpm", server source
mode => 600, client Get resource permissions
owner => puppet client gets resource user
}
cd ..
mkdir files
will puppet-3.8.1-1.el6.noarch. The rpm package is placed in this directory
vim /etc/puppet/fileserver.conf
Add the following at the bottom
[files]
path /etc/puppet/files
allow *
Client side verification This picture shows the changes in resources under /mnt
and also verifies the server configuration
Software package and service definition
Continue Edit the site.pp file just now and add the following
package { ##Software package definition
"vsftpd":
ensure => present (install present, uninstall absent)
}
service {##Service definition
"vsftpd":
ensure => running
}
file {
"/etc/vsftpd/vsftpd .conf":
source => "puppet:///files/vsftpd.conf",
mode => 600,
notify => Service[vsftpd] is equivalent to reload
}
and then in the client End test
User creation
Continue to edit the site.pp file and add the following
user { "xp": uid => 900, ##Create user
home => "/home/test",
shell => "/bin/bash",
provider => useradd,
managehome => true,
ensure => present ,
password => westos
}
#exec { "echo westos | passwd --stdin xp": ##Change the password encryption method so that it is encrypted under /etc/shadow The password will be in clear text
#path => "/usr/bin:/usr/sbin:/bin",
#onlyif => "id xp"
#}
Client verification
crontab task
Old rules on the server side, continue to compile the site.pp file
cron { echo:
command => "/bin/echo `/ bin/date` >> /tmp/echo",
user => root,
hour => ['2-4'],
minute => '*/10'
}
The task will be generated in the /var/spool/cron directory of the client
Verified on the client
In short, puppet is a good The management system is an indispensable tool for automated operation and maintenance in the future. You can build an lnmp architecture yourself and install the source code.
I will release it later. I hope everyone can discuss and make progress together.
http://www.bkjia.com/PHPjc/1110195.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/1110195.htmlTechArticlePuppet centralized configuration management under Redhat - puppet introduction puppet is a configuration management tool. Typically, puppet is a C/ S structure, of course, there can be many C here, so it can also be said...
Three major frameworks for android development
What system is android
How to unlock android permission restrictions
What are the methods for restarting applications in Android?
Android voice playback function implementation method
linux view process
midownload
What are the Python artificial intelligence frameworks?
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
