Puppet kasutamine Debianiga
Allikas: Kuutõrvaja
Sisukord
Sissejuhatus
Puppet (ingl. k. nukk) http://reductivelabs.com/products/puppet/ võimaldab korraldada arvutite tarkvara ja seadistuste automatiseeritud haldust.
_____
| | puppetmasterd
|_____|
|
|
---|----|-------|------------|---
| | |
__|__ __|__ __|__
| | | | | | puppetd
|_____| |_____| |_____| ....
smtp1 smtp2 squid
puppet kliendid
Puppetmaster'is (ingl. k. nukujuht) on kirjeldatud klientide tarkvara ja seadistused. Puppetmasteri ja klientide andmevahetus toimub üle 8140/tcp pordi.
Tarkvara paigaldamine
Puppet serverile ehk puppetmasterile tuleb paigadada pakett puppetmaster
# apt-get install puppetmaster
Puppet kliendile tuleb paigaldada pakett puppet
# apt-get install puppet
Puppetmasteri ettevalmistamine
Puppetmasteri tööd juhivad seadistusfailid
- /etc/puppet/puppet.conf
[main] logdir=/var/log/puppet vardir=/var/lib/puppet ssldir=/var/lib/puppet/ssl rundir=/var/run/puppet factpath=$vardir/lib/facter pluginsync=false [puppetmasterd] templatedir=/var/lib/puppet/templates
- /etc/puppet/fileserver.conf
[files] path /etc/puppet/files allow 192.168.10.0/24
Moodulid
# find /etc/puppet/modules -type f /etc/puppet/modules/sudo/files /etc/puppet/modules/sudo/files/sudoers /etc/puppet/modules/sudo/manifests /etc/puppet/modules/sudo/manifests/init.pp
kus
- /etc/puppet/modules/sudo/files/sudoers fail sisaldab väljajagatava /etc/sudoers faili sisu
- /etc/puppet/modules/sudo/manifests/init.pp sisaldab sudo mooduliga seotud metaandmeid
# /etc/puppet/modules/sudo/manifests/init.pp
class sudo {
package { sudo: ensure => latest }
file { "/etc/sudoers":
owner => "root",
group => "root",
mode => 440,
source => "puppet:///sudo/sudoers",
require => Package["sudo"],
}
}
Puppeti seadistused
Moodulid ja node'id ühendab kokku kolm faili
# find /etc/puppet/manifests -type f /etc/puppet/manifests/modules.pp /etc/puppet/manifests/nodes.pp /etc/puppet/manifests/site.pp
kus
- /etc/puppet/manifests/modules.pp
# /etc/puppet/manifests/modules.pp import "sudo"
- /etc/puppet/manifests/nodes.pp
# /etc/puppet/manifests/nodes.pp
node basenode {
include sudo
}
node 'puppet-1.auul' inherits basenode {
}
- /etc/puppet/manifests/site.pp
# /etc/puppet/manifests/site.pp
import "modules"
import "nodes"
# The filebucket option allows for file backups to the server
filebucket { main: server => 'puppet-master.auul' }
# Set global defaults - including backing up all files to the main filebucket and adds a global path
File { backup => main }
Exec { path => "/usr/bin:/usr/sbin/:/bin:/sbin" }
Puppet kliendi ettevalmistamine
- /etc/puppet/puppet.conf
[main] logdir=/var/log/puppet vardir=/var/lib/puppet ssldir=/var/lib/puppet/ssl rundir=/var/run/puppet factpath=$vardir/lib/facter pluginsync=false server=puppet-master.auul [puppetmasterd] templatedir=/var/lib/puppet/templates
- /etc/puppet/namespaceauth.conf
[fileserver]
allow *
[pelementserver]
allow *
[puppetrunner]
allow *
[puppetbucket]
allow *
[puppetreports]
allow *
Kliendi registreerimine
# puppetca -l puppet-1.auul
Signeerimiseks tuleb öelda
# puppetca -s puppet-1.auul Signed puppet-1.auul
Puppetmaster ja puppet kliendid hoiavad oma andmeid kataloogis
/var/lib/puppet
Selleks, et klient küsiks puppetmasterilt oma seadistusi
puppet-1:~# ps aux | grep pup root 8161 4.0 10.0 36652 25472 ? Ssl 15:28 0:14 ruby /usr/sbin/puppetd -w 5 puppet-1:~# kill -SIGUSR1 8161
Kliendi eemaldamiseks sobib öelda
# puppetca --clean puppet-1.auul Removing /var/lib/puppet/ssl/ca/signed/puppet-1.auul.pem
ralsh
# ralsh user ntp
user { 'ntp':
password => '*',
shell => '/bin/false',
uid => '106',
home => '/home/ntp',
gid => '110',
ensure => 'present'
}
puppetrun
Selleks, et töötaks, tuleb /usr/sbin/puppetrun failis teha real 240
if Puppet[:node_terminus] = "ldap"
asendus = -> ==
if Puppet[:node_terminus] == "ldap"
# puppetrun -d --host puppet-3.auul Failed to load ruby LDAP library. LDAP functionality will not be available debug: Parsing /etc/puppet/puppet.conf debug: Puppet::Network::Client::Runner: defining puppetrunner.run Triggering puppet-3.auul debug: Calling puppetrunner.run puppet-3.auul finished with exit code 0 Finished
