Home > Others

Puppet File Resource detailed

Source: Internet
Author: User
Tags ssl certificate
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Yum Source Configuration

1. wget http://ftp.kaist.ac.kr/fedora//epel/6/i386/epel-release-6-8.noarch.rpm2. yum list | grep puppet`  //测试yum源配置有没有问题
NTP Time server Configuration
Start the NTPD service and join the boot boot 
service ntpd start

The client tests after a few minutes

1. service ntpd start2. ntpdate 172.16.1.1 #这个IP地址是你时间服务器的IP地址
Installation of puppetmaster 
yum install -y puppetmaster puppet facter #系统会自己安装ruby环境,因为puppet是用ruby写的所以需要ruby环境的支持
Configure puppet.confvim/etc/puppet/puppet.conf 
[main]logdir = /var/log/puppet  #默认日志存放路径rundir = /var/run/puppet  #pid存放路径ssldir = $vardir/ssl #证书存放目录,默认$vardir为/var/lib/puppet[agent]classfile = $vardir/classes.txtlocalconfig = $vardir/localconfigserver = puppetmaster.kisspuppet.com #设置agent认证连接master端的服务器名称,注意这个名字必须能够被节点解析certname = puppetmaster_cert.kisspuppet.com #设置agent端certname名称[master]certname = puppetmaster.kisspuppet.com  puppetmaster.kisspuppet.com #设置puppetmaster认证服务器名
Create a site.pp file 
touch /etc/puppet/manifests/site.pp
Start the puppetmaster service 
1. /etc/init.d/puppetmaster start
To view the generation of certificatesbecause the first boot automatically generates a certificate that automatically registers itselfTree/var/lib/puppet/ssl 
/var/lib/puppet/ssl/├── ca│   ├── ca_crl.pem│   ├── ca_crt.pem│   ├── ca_key.pem│   ├── ca_pub.pem│   ├── inventory.txt│   ├── private│   │   └── ca.pass│   ├── requests│   ├── serial│   └── signed│       └── puppetmaster.kisspuppet.com.pem  #已注册├── certificate_requests├── certs│   ├── ca.pem│   └── puppetmaster.kisspuppet.com.pem├── crl.pem├── private├── private_keys│   └── puppetmaster.kisspuppet.com.pem└── public_keys└── puppetmaster.kisspuppet.com.pem
List certificates that have been registered successfully 
puppet cert --list --all  #带+标示已经注册成功
Puppetagent Installation 
yum install puppet facter
Configure puppet.confvim/etc/puppet/puppet.conf 
[main]logdir = /var/log/puppetrundir = /var/run/puppetssldir = $vardir/ssl[agent]classfile = $vardir/classes.txtlocalconfig = $vardir/localconfigserver = puppetmaster.kisspuppet.com  #指向puppetmaster端certname = agent1_cert.kisspuppet.com #设置自己的certname名
Start the node to the puppetmaster end through debug mode to initiate the authentication puppet agent--test 
info: Creating a new SSL key for agent1_cert.kisspuppet.cominfo: Caching certificate for cainfo: Creating a new SSL certificate request for agent1_cert.kisspuppet.cominfo: Certificate Request fingerprint (md5): 69:D2:86:E4:7F:00:E0:55:61:19:02:34:9E:9B:AF:F9Exiting; no certificate found and waitforcert is disabled
Server-Side Determination authentication 
 [[email protected] ~]#puppet cert --list --all "agent1_cert.kisspuppet.com"  (69:D2:86:E4:7F:00:E0:55:61:19:02:34:9E:9B:AF:F9) #未认证+ "puppetmaster.kisspuppet.com" (C0:E3:6B:76:36:EC:92:93:4D:BF:F0:8F:77:00:91:C8) (alt names: "DNS:puppet", "DNS:puppet.kisspuppet.com", "DNS:puppetmaster.kisspuppet.com")
Register CLIENT1 
[[email protected] ~]#puppet cert --sign agent1_cert.kisspuppet.com #注册agent1notice: Signed certificate request for agent1_cert.kisspuppet.comnotice: Removing file Puppet::SSL::CertificateRequest agent1_cert.kisspuppet.com at ‘/var/lib/puppet/ssl/ca/requests/agent1_cert.kisspuppet.com.pem‘
Review the certification situation again 
[[email protected] ~]# puppet cert --list --all + "agent1_cert.kisspuppet.com"  (3E:46:4E:75:34:9A:5A:62:A6:3C:AE:BD:49:EE:C0:F5)+ "puppetmaster.kisspuppet.com" (C0:E3:6B:76:36:EC:92:93:4D:BF:F0:8F:77:00:91:C8) (alt names: "DNS:puppet", "DNS:puppet.kisspuppet.com", "DNS:puppetmaster.kisspuppet.com")

Client2 and Client3 and client1 need to edit this configuration file and start the service

Authentication with other nodes 
[[email protected] ~]# puppet agent--test #puppetmaster自己申请agent认证info: Creating A new SSL key for Puppetmaster_cert . kisspuppet.cominfo:Creating a new SSL certificate request for Puppetmaster_cert.kisspuppet.cominfo:Certificate Request fingerprint (MD5): 7d:ac:f7:97:04:2b:e4:c5:74:4a:16:05:db:f6:6a:98exiting; No certificate found and Waitforcert is disabled[[email protected] ~]# puppet cert--sign--all #注册所有请求的节点notice: Sig Ned Certificate request for puppetmaster_cert.kisspuppet.comnotice:Removing file Puppet::ssl::certificaterequest puppetmaster_cert.kisspuppet.com at '/VAR/LIB/PUPPET/SSL/CA/REQUESTS/PUPPETMASTER_CERT.KISSPUPPET.COM.PEM ' notice : Signed certificate request for agent2_cert.kisspuppet.comnotice:Removing file Puppet::ssl::certificaterequest Agent2 _cert.kisspuppet.com at '/var/lib/puppet/ssl/ca/requests/agent2_cert.kisspuppet.com.pem ' notice:signed certificate Request for agent3_cert.kisspuppet.comnotice:Removing file Puppet::ssl::certificaterequest agent3_cert.kisspuppet.com at '/var/lib/puppet/ssl/ca/requests/agent3_cert.kisspuppet.com.pem ' [[email protected] ~] # Puppet cert--list--all #查看所有节点认证 + "agent1_cert.kisspuppet.com" (3E:46:4E:75:34:9A:5A:62:A6:3C:AE:BD:49:EE:C0:F5)       + "agent2_cert.kisspuppet.com" (a0:ce:70:be:a9:11:bf:f4:c8:ef:25:8e:c2:2c:3b:b7) + "agent3_cert.kisspuppet.com" (98:93:f7:0c:ed:94:81:3d:51:14:86:68:2b:f3:f1:a0) + "puppetmaster.kisspuppet.com" (C0:E3:6B:76:36:EC:92:93:4D:BF: F0:8F:77:00:91:C8) (Alt names: "Dns:puppet", "DNS:puppet.kisspuppet.com", "DNS:puppetmaster.kisspuppet.com") + " Puppetmaster_cert.kisspuppet.com "(57:a3:d7:3d:64:2f:d6:fd:bc:2a:6c:79:68:73:ea:ab)
Write a simple MOTD module

Create a module directory structure Note: If the Modulepath search path is not specified, there will be a default search path, which can be found in the following ways

[[email protected] ~]# puppet master --genconfig >/etc/puppet/puppet.conf.out[[email protected] ~]# cat /etc/puppet/puppet.conf.out | grep modulepath    modulepath = /etc/puppet/modules:/usr/share/puppet/modules[[email protected] modules]# tree /etc/puppet/modules//etc/puppet/modules/└── motd    ├── files  #存放文件目录    │   └── etc    │       └── motd    ├── manifests  #存放模块pp配置文件目录    │   └── init.pp    └── templates #存放模板目录5 directories, 2 files
Write a pp file 
[[email protected] modules]# vim motd/manifests/init.pp class motd{                 #定义一个类叫motd  package{ ‘setup‘:    #定义package资源    ensure => present,  #要求setup这个包处于被安装状态  }  file{ ‘/etc/motd‘:  #定义file资源    ensure  => present,  #要求file文件处于存在状态    owner   => ‘root‘, #要求file文件属主为root    group   => ‘root‘, #要求file文件属组为root    mode    => ‘0644‘, #要求file文件权限为644    source  => "puppet://$puppetserver/modules/motd/etc/motd", #要求file文件从puppetmaster端服务器下载    require => Package[‘setup‘], #要求文件被配置之前先执行package资源  }}[[email protected] modules]# cat motd/files/etc/motd --                       ----------puppet test-----------                       --
Writing site.pp files 
[[email protected] ~]# vim /etc/puppet/manifests/site.pp $puppetserver = ‘puppetmaster.kisspuppet.com‘ #设置全局变量node ‘puppetmaster_cert.kisspuppet.com‘{  include  motd}node ‘agent1_cert.kisspuppet.com‘{  include  motd}node ‘agent2_cert.kisspuppet.com‘{  include  motd}node ‘agent3_cert.kisspuppet.com‘{  include  motd}
Test MOTD Module 
[[email protected] ~]# puppet agent--test #测试节点agent1info: Caching Catalog for AGENT1_CERT.KISSPUPPET.COMINFO:APP Lying configuration version ' 1394304542 ' notice:/stage[main]/motd/file[/etc/motd]/content:---/etc/motd 2000-01-13 07 : 18:52.000000000 +0800+++/tmp/puppet-file20140309-4571-1vqc18j-0 2014-03-09 02:51:47.000000000 +0800@@ -0,0 +1,3 @@+- ---+--------Puppet test---------+----Info:filebucket Adding {md5}d41d8cd98f 00b204e9800998ecf8427einfo:/STAGE[MAIN]/MOTD/FILE[/ETC/MOTD]: Filebucketed/etc/motd to puppet with Sum D41d8cd98f00b204e9800998ecf8427enotice:/stage[main]/motd/file[/etc/motd]/content:content changed ' {MD5} d41d8cd98f00b204e9800998ecf8427e ' to ' {md5}87ea3a1af8650395038472457cc7f2b1 ' notice:finished catalog run in 0.40                       Seconds[[email protected] ~]# cat/etc/motd------------puppet test----------- --[[email protected] ~]# [[email protected] ~]# PuppeT agent-t #测试节点puppetmasterinfo: Caching Catalog for puppetmaster_cert.kisspuppet.cominfo:Applying configuration Versi On ' 1394305371 ' notice:/stage[main]/motd/file[/etc/motd]/content:---/etc/motd 2010-01-12 21:28:22.000000000 +0800++ +/tmp/puppet-file20140309-3102-1gadon0-0 2014-03-09 03:02:51.966998294 +0800@@ -0,0 +1,3 @@+--- -+--------Puppet test---------+----Info:filebucket Adding {md5}d41d8cd98f00b204e9800998ecf8427einf O:/STAGE[MAIN]/MOTD/FILE[/ETC/MOTD]: Filebucketed/etc/motd to puppet with Sum D41d8cd98f00b204e9800998ecf8427enotice :/stage[main]/motd/file[/etc/motd]/content:content changed ' {md5}d41d8cd98f00b204e9800998ecf8427e ' to ' {MD5} 87ea3a1af8650395038472457cc7f2b1 ' info:creating State file/var/lib/puppet/state/state.yamlnotice:finished Catalog                       Run in 0.52 seconds[[email protected] ~]# cat/etc/motd------------puppet test----------- --

reprinted from:https://kisspuppet.gitbooks.io/puppet/content/puppetLearningbase3.html

Puppet File Resource detailed

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
puppet configuration file detailed network statistics detailed network diagram visio detailed network statistics detailed world map vector cloudwatch detailed monitoring puppet scripts

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More