Introduction of Foreman Architecture 6-Integrated puppetmaster

0 Basic Learning Puppet Automation configuration Management Series documentation

Note: The following is an operation in a foreman1.6.3+puppet2.6.2 environment. For more configuration, please refer to official website http://theforeman.org/manuals/1.6/index.html

After installing foreman and puppetmaster, the next thing to do is to do the integration, currently Foreman can manage the puppet environment, classes, variables in the class, reports, Facter and other information. The next step will be introduced.

1, first to ensure that the intelligent agent has been agent puppet and puppet CA

650) this.width=650; "src=" Http://kisspuppet.com/img/foreman06-1.png "alt=" Foreman Installation "/>Foreman installation

Agent Puppet and PUPPETCA need to be opened in Foreman-proxy.

#配置代理puppet [[email protected] ~]# cat /etc/foreman-proxy/settings.d/puppet.yml ---#  Puppet management:enabled: true    #开启:p uppet_conf: /etc/puppet/puppet.conf # valid providers:#   puppetrun    (for puppetrun/kick,  deprecated in puppet 3) #   mcollective  (Uses mco puppet) #    puppetssh    (RUN PUPPET OVER SSH) #   salt          (Uses salt puppet.run) #   customrun     (Calls a custom command with args):p uppet_provider: mcollective#  Customrun command details# set :customrun_cmd to the full path of  the script you want to run, instead of /bin/false:customrun_cmd:  /bin/false# set :customrun_args to any args you want to pass to your  custom script. the hostname of the# system to run against  Will be appended after the custom commands.:customrun_args: -ay -f  -s# whether to use sudo before the ssh command:puppetssh_sudo:  false# the command which will be sent to the host:puppetssh _command: /usr/bin/puppet agent --onetime --no-usecacheonfailure# with which  user should the proxy connect#:p uppetssh_user: root#:p uppetssh_keyfile: / etc/foreman-proxy/id_rsa# which user to invoke sudo as to run  Puppet commands:puppet_user: root# url of the puppet master itself  for api requesTs:puppet_url: https://puppetmaster162.kisspuppet.com:8140# ssl certificates used to  ACCESS THE PUPPET MASTER API:PUPPET_SSL_CA: /VAR/LIB/PUPPET/SSL/CERTS/CA.PEM: puppet_ssl_cert: /var/lib/puppet/ssl/certs/puppetmaster162.kisspuppet.com.pem:puppet_ssl_key: /var/ Lib/puppet/ssl/private_keys/puppetmaster162.kisspuppet.com.pem# override use of puppet ' s  API to list environments, by default it will use only  If# environmentpath is given in puppet.conf, else will look for  environments in puppet.conf#:p uppet_use_environment_api: true# Configure proxy Puppet ca[[email  protected] ~]# cat /etc/foreman-proxy/settings.d/puppetca.yml ---# puppetca  management:enabled: true:ssldir: /var/lib/puppet/ssl:puppetdir: /etc/puppet

2, management puppet Environment 2.1, configuration puppetmaster Environment

Puppet added "Directory Environment" function from version 2.6, please visit website for more details https://docs.puppetlabs.com/puppet/latest/reference/environments.html

[[email protected] ~]# cat /etc/puppet/puppet.conf [master]     ...    environmentpath  = /etc/puppet/environments     basemodulepath   = /etc/puppet/modules:/usr/share/puppet/modules     environment_timeout = 2   #多长时间刷新一次 [[email protected] ~]# ll /etc/ puppet/environments/total 24drwxr-xr-x 4 root root 4096 dec  5  16:46 developmentdrwxr-xr-x 4 root root 4096 dec  5 16:46  Example42drwxr-xr-x 4 root root 4096 dec  5 16:39 example_ Envdrwxr-xr-x 5 root root 4096 dec  5 17:03 productiondrwxr-xr-x  4 root root 4096 Dec  5 16:46 puppetlabsdrwxr-xr-x 7  Root root 4096 dec  5 17:03 temp 

Note: you can see from the above configuration that two environments are set up.

2.2, Foreman on the import puppet environment

650) this.width=650; "src=" Http://kisspuppet.com/img/foreman06-2.png "alt=" Foreman Installation "/>Foreman installation

3, Management Puppet class

3.1. Configuring the Puppet Class

Note the following points:

• The Basemodulepath value in puppet.conf is set as a common environment for all environments in the environment directory, where all modules are searched by other environments (without configuring environment.conf)

• In the Environment directory, each environment directory should contain manifests (the main profile site.pp) directory and the modules (storage module) directory, the directory structure is as follows.

    [[email protected] environments]# tree production/  production/   ├── environment.conf  ├── manifests  │   └──  site.pp  ├── modules  │   ├── jenkins  │    │   ├── files  │   │   │    └── jenkins.repo  │   │   ├── manifests  │    │   │   ├── init.pp  │   │    │   ├── install.pp  │   │   │    ├── service.pp  │   │   │   └── yum.pp   │   │   ├── README  │   │    └── templates  │   └── motd  │       ├── files   │       │   └── motd  │        ├── manifests  │       │    └── init.pp  │       └── templates   └── system      └── ssh           ├── files          ├──  manifests          │   ├──  Backup.pp          │   ├── config.pp           │   ├── init.pp           │   ├── install.pp          │    └── service.pp          ├──  modulefile          ├── readme           ├── spec          │    └── spec_helper.rb          ├──  Templates          │   └── sshd_ config.erb          └── tests               └── init.pp  17 directories,  20 files

• If you want to include multiple directories in an environment, and each directory contains modules, you should add the environment.conf file

    [[email protected] environments]# ll temp/  total 24   -rw-r--r--  1 root root   95 Dec  5 17:03  environment.conf   #添加环境搜索配置文件   drwxr-xr-x 11 root root 4096 dec   5 17:02 juhailu  drwxr-xr-x  2 root root 4096  dec  5 16:48 kisspuppet  drwxr-xr-x  4 root root 4096  dec  5 16:56 lin  drwxr-xr-x  2 root root 4096  Dec  5 16:48 manifests  drwxr-xr-x  5 root root  4096 dec  5 16:47 puppetlabs  [[email protected] environments]#  ll temp/puppetlabs/  total 12  drwxr-xr-x 5 root root  4096 dec  5 16:46 propuppet-demoapp  drwxr-xr-x 5 root root 4096 dec   5 16:46 puppetlabs-demoapp  drwxr-xr-x 4 root root 4096 dec   5 16:46 puppet-module-skeleton  [[email protected] environments]#  cat temp/environment.conf  #添加搜索路径   modulepath =  $basemodulepath:p uppetlabs : Modules:lin:modules:juhailu:modules:kisspuppet:modules

Note: Adding a search path requires adding $basemodulepath or not searching for the default public environment path.

3.2. Import Puppet class on Foreman

650) this.width=650; "src=" Http://kisspuppet.com/img/foreman06-3.png "alt=" Foreman Installation "/>Foreman installation

4, set ENC4.1, direct management module through the node

650) this.width=650; "src=" Http://kisspuppet.com/img/foreman06-4.png "alt=" Foreman Installation "/>Foreman installation

Note: Adding the main class is possible

The node and the module are then associated, which is equivalent to adding the following code to the SITE.PP

Node puppetmaster162.kisspuppet.com{include SSH}

4.2. Inherit the module through the group

650) this.width=650; "src=" Http://kisspuppet.com/img/foreman06-5.png "alt=" Foreman Installation "/>Foreman installation

650) this.width=650; "src=" Http://kisspuppet.com/img/foreman06-6.png "alt=" Foreman Installation "/>Foreman installation

Note: If you use the Group Management module, it is not recommended to select a separate module for a node, otherwise you will find that if you add module A to the node, and then add module A to the node corresponding to the group, then the node's puppet class will show that the containing class has two modules with the same name.

5. Management between group and Module 5.1, add configuration group

Note:Foreman from the 1.5 version of the "configuration group" feature, you can add multiple modules to the "configuration group", and then give the configuration group name, so that the host group in the check module, only need to tick the configuration group to integrate all the modules inside

650) this.width=650; "src=" Http://kisspuppet.com/img/foreman06-7.png "alt=" Foreman Install "/>Foreman installation 650) this.width=650; "src=" Http://kisspuppet.com/img/foreman06-8.png "alt=" Foreman Install "/>Foreman installation

6. See if the settings are successful

650) this.width=650; "src=" Http://kisspuppet.com/img/foreman06-9.png "alt=" Foreman Installation "/>Foreman installation

650) this.width=650; "src=" Http://kisspuppet.com/img/foreman06-10.png "alt=" Foreman Installation "/>Foreman installation

#可以通过以下方式查看, if you need to run NODE.RB first, you can trigger it via the "puppet Agent" command or "node.rb <certname>". [Email protected] ~]# Cat/var/lib/puppet/yaml/foreman/puppetmaster162.kisspuppet.com.yaml---classes:ssh:  parameters:puppetmaster:puppetmaster162.kisspuppet.com HOSTGROUP:PRD root_pw:foreman_env:production owner_name: Admin User owner_email: [Email protected]

Set the above information, you can complete the function of ENC, the basic can guarantee the hook between the node and class. The node can be tested with the puppet Agent command. As for how to push on the foreman, follow the article.

This article is from the "www.kisspuppet.com" blog, make sure to keep this source http://dreamfire.blog.51cto.com/418026/1589403

Introduction of Foreman Architecture 6-Integrated puppetmaster