Configure and manage puppet in Redhat. Puppet centralized configuration management in Redhat puppet overview puppet is a configuration management tool. Typically, puppet is a CS structure. of course, there are many C types here. therefore, it can also be said that puppet centralized configuration management under Redhat
Puppet introduction
Puppet is a configuration management tool. it is typical that puppet is a C/S structure. of course, there can be a lot of C here, because
This can also be said to be a star structure. all puppet clients communicate with puppet on the same server. each
The puppet client connects to the server every 30 minutes, downloads the latest configuration file, and strictly follows the configuration
After the configuration is complete, the puppet client can send a message to the server. If an error occurs,
A message is also sent to the server.
2. installation environment
Server: 172.25.254.2 vm2.example.com puppet master
Client: 172.25.254.3 vm3.example.com puppet agent
Client: 172.25.254.4 vm4.example.com puppet agent
Important: Resolution and time synchronization are required between the server and all clients. otherwise, verification fails.
Server:
First install these packages
[Root @ vm2 puppet] # yum install-y puppet-server-3.8.1-1.el6.noarch.rpm facter-2.4.4-1.el6.x86_64.rpm ruby-augeas-0.4.1-3.el6.x86_64.rpm rubygems-1.3.7-5.el6.noarch.rpm rubygem-json-1.5.5-3.el6.x86_64.rpm ruby-shadow-2.2.0-2.el6.x86_64.rpm puppet-3.8.1-1.el6.noarch.rpm
Enable service: [root @ vm2 puppet] #/etc/init. d/puppetmaster start
Starting puppetmaster: [OK]
Check whether Port 8140 is enabled
[Root @ vm2 puppet] # netstat-anltp | grep ruby
Tcp 0 0 0.0.0.0: 8140 0.0.0.0: * LISTEN 1118/ruby
Client:
Install these packages: yum install-y puppet-3.8.1-1.el6.noarch.rpm ruby-shadow-2.2.0-2.el6.x86_64.rpm facter-2.4.4-1.el6.x86_64.rpm hiera-1.3.4-1.el6.noarch.rpm ruby-augeas-0.4.1-3.el6.x86_64.rpmrubygems-1.3.7-5.el6.noarch.rpm rubygem-json-1.5.5-3.el6.x86_64.rpm
Initiate authentication:
If you initiate the authentication for the first time, no certificate is displayed, because the server has not yet agreed
You can view the user who initiates the authentication request on the server.
Signature Certificate
Delete certificate
Puppet cert clean vm3.example.com
Check whether the authentication is successful on the client.
If the authentication is successful
Three servers implement automatic authentication
On the server side
Vim/etc/puppet. conf
Add this line under main
[Main]
Autosign = true
Create the autosign. conf file in the/etc/puppet Directory. the content is as follows:
* .Example.com # indicates that all hosts in the example.com domain are allowed.
/Etc/init. d/puppetmaster reload
On the client, you only need to apply directly to succeed.
Puppet agent -- server vm2.example.com -- test
In practice, sometimes the host name of the client is modified, so you need to regenerate the certificate:
1) run the following command on the server: puppet cert -- clean vm3.example.com # the original client host name you want to delete
2) run rm-fr/var/lib/puppet/ssl/* on the client /*
Puppet agent -- server = puppet.example.com
The first code executed by puppet is in/etc/puppet/manifest/site. pp. Therefore, this file must exist
Other code should also be called through this file.
4. server resource definition:
Cd/etc/puppet/manifests
Vim site. pp
File {
"/Mnt/puppet-3.8.1-1.el6.noarch.rpm": client destination
Content => "puppet: // files/puppet-3.8.1-1.el6.noarch.rpm", server source
Mode => 600. the client obtains the resource permission.
Owner => puppet client obtains the resource User
}
Cd ..
Mkdir files
Put the puppet-3.8.1-1.el6.noarch.rpm package in this directory
Vim/etc/puppet/fileserver. conf
Add the following at the bottom:
[Files]
Path/etc/puppet/files
Allow *
Client verification: This figure shows the resource changes under/mnt.
The server configuration is also verified.
Software package and service definition
Edit the site. pp file and add the following to it:
Package {## package definition
"Vsftpd ":
Ensure => present (install present and uninstall absent)
}
Service {## service definition
"Vsftpd ":
Ensure => running
}
File {
"/Etc/vsftpd. conf ":
Source => "puppet: // files/vsftpd. conf ",
Mode = & gt; 600,
Running y => Service [vsftpd] is equivalent to reload
}
Then test on the client
User created
Add the following to edit the site. pp file:
User {"xp": uid => 900, # Create a user
Home => "/home/test ",
Shell => "/bin/bash ",
Provider => useradd,
Managehome => true,
Ensure => present,
Password => westos
}
# Exec {"echo westos | passwd -- stdin xp": # change the password encryption method. in this way, the password in/etc/shadow is encrypted in plaintext.
# Path => "/usr/bin:/usr/sbin:/bin ",
# Onlyif => "id xp"
#}
Client verification
Crontab task
Continue to compile the site. pp file in the old server rule
Cron {echo:
Command => "/bin/echo '/bin/date'>/tmp/echo ",
User => root,
Hour => ['2-4'],
Minute => '*/10'
}
The task is generated in the/var/spool/cron Directory of the client.
Verify on the client
In short, puppet is a good management system and an essential tool for automated O & M in the future. you can build an lnmp architecture by yourself and install the source code,
I will release it later. I hope you can discuss and make progress together.
Puppet is a configuration management tool. it is a typical configuration management tool. puppet is a C/S structure. of course, there can be a lot of C here...