Redhat Puppet Centralized configuration management _php Tutorial

Redhat under puppet centralized configuration management

A brief introduction to puppet
Puppet is a configuration management tool, typically, Puppet is a C/s structure, and of course, here's a lot,
This can also be said to be a star-shaped structure. All puppet clients have the same server-side puppet communication. Each
The puppet client connects once every half hour (can be set) to the server side, downloads the latest configuration files, and strictly follows the
File to configure the server. After the configuration is complete, the puppet client can feed back a message to the server. If an error occurs,
A message is also fed back to the server.

Two installation environment
Server side: 172.25.254.2 vm2.example.com Puppet Master
Client side: 172.25.254.3 vm3.example.com puppet Agent
Client side: 172.25.254.4 vm4.example.com puppet Agent
Important: There is a need for resolution between server and all clients, as well as time synchronization, or the validation will fail.

Server side:
Install these packages first
[Root@vm2 puppet]# yum install-y puppet-server-3.8.1-1.el6.noarch.rpm facter-2.4.4-1.el6.x86_64.rpm ruby-augeas-0.4.1-3.el6.x86_64.rpm rubygems-1.3.7-5.el6.noarch.rpm rubygem-json-1.5.5-3.el6.x86_64.rpm ruby-shadow-2.2.0-2.el6.x86_64.rpm puppet-3.8.1-1.el6.noarch.rpm hiera-1.3.4-1.el6.noarch.rpm

Open service: [root@vm2 puppet]#/etc/init.d/puppetmaster start
Starting puppetmaster: [OK]

See if Port 8140 is turned on
[Root@vm2 puppet]# Netstat-anltp|grep Ruby
TCP 0 0 0.0.0.0:8140 0.0.0.0:* LISTEN 1118/ruby

Client:
Install these packages: Yum install-y puppet-3.8.1-1.el6.noarch.rpm ruby-shadow-2.2.0-2.el6.x86_64.rpm facter-2.4.4-1.el6.x86_64.rpm hiera-1.3.4-1.el6.noarch.rpm ruby-augeas-0.4.1-3.el6.x86_64.rpmrubygems-1.3.7-5.el6.noarch.rpm rubygem-json-1.5.5-3.el6.x86_64.rpm

Initiating certification:
The first authentication will show no certificate because the server has not consented


The user who initiated the authentication request can be viewed on the server side


Signing certificate
Delete a certificate
Puppet cert Clean vm3.example.com


See if authentication is successful on the client
If the certification proves successful


Automatic authentication for three service-side
On the server side
Vim/etc/puppet/puppet.conf
Add this line under Main
[Main]
Autosign = True

Create the autosign.conf file under the/etc/puppet directory, as follows:
*.example.com #表示允许所有 the host for the example.com domain
/etc/init.d/puppetmaster Reload

On the client only need to apply directly can be successful
Puppet Agent--server vm2.example.com--test


In practice, it is sometimes necessary to modify the host name on the client side, so that the certificate needs to be regenerated:
1) Execute on server side: Puppet cert--clean vm3.example.com #你要删除的原 client Side host name
2) execution on client side: rm-fr/var/lib/puppet/ssl/*
Puppet Agent--server=puppet.example.com

The first code executed by puppet is in/etc/puppet/manifest/site.pp, so this file must exist, and
And the other code is called through the file.
Four server-side resource definitions:
Cd/etc/puppet/manifests
Vim site.pp
File {
"/MNT/PUPPET-3.8.1-1.EL6.NOARCH.RPM": Client whereabouts
Content = "puppet:///files/puppet-3.8.1-1.el6.noarch.rpm", server source
mode = 600, client gets resource permissions
Owner = Puppet Client gets resource user
}

Cd..
mkdir files
Place the PUPPET-3.8.1-1.EL6.NOARCH.RPM package in this directory
Vim/etc/puppet/fileserver.conf
At the bottom, add the following
[Files]
Path/etc/puppet/files
Allow *

Client-side validation This diagram shows the changes in resources under/MNT
And also verifies the configuration of the server side


Package and service definition
Continue to edit the site.pp file, add the following
Package {# #软件包定义
"VSFTPD":
ensure = present (install present, uninstall absent)

}

Service {# #服务定义
"VSFTPD":
ensure = Running
}

File {
"/etc/vsftpd/vsftpd.conf":
Source = "Puppet:///files/vsftpd.conf",
mode = 600,
notify = service[vsftpd] equivalent to reload
}
Then the client tests


User-Created
Continue editing the site.pp file by adding the following
User {"XP": uid = =, # #创建用户
Home = "/home/test",
Shell = "/bin/bash",
Provider = Useradd,
Managehome = True,
ensure = present,
Password = Westos
}


#exec {"Echo Westos | passwd--stdin XP ": # #更改密码加密方式 This encryption will be plaintext under/etc/shadow
#path = "/usr/bin:/usr/sbin:/bin",
#onlyif = "id XP"
#}
Client Authentication


crontab Tasks
On the service side of the old rule, continue compiling the site.pp file
Cron {echo:
Command = "/bin/echo '/bin/date ' >>/tmp/echo",
user = root,
hour = [' 2-4 '],
minute = ' */10 '
}

The task is generated in the client's/var/spool/cron directory
In Client Authentication


In short, Puppet is a very good management system, is an indispensable tool for automated operation and maintenance, we can build a LNMP architecture, source installation,
Then I will post, I hope that we can discuss together and progress together.

http://www.bkjia.com/PHPjc/1110195.html www.bkjia.com true http://www.bkjia.com/PHPjc/1110195.html techarticle Redhat Puppet centralized configuration Management a puppet introduction Puppet is a configuration management tool, typical, Puppet is a C/s structure, of course, there can be a lot of C., so, can also say ...

