如何在Ubuntu 16.04上安装和配置Puppet 4
在本文中,我们将学习–如何在Ubuntu16.04上安装和配置Puppet4。Puppet是一种配置管理工具,可帮助系统管理员自动化任务。这些类型的工具也将节省大量时间和精力。
先决条件
在本文的此处,我们至少需要两到三台具有以下要求的Ubuntu计算机。
所有具有非root用户且对计算机具有Sudo权限的计算机。
一位木偶大师
一两个木偶代理来测试配置。
配置主机文件
与主机名进行通信所需的所有服务器和客户端,通常,这将由DNS服务器完成。在本演示中,我们没有任何DNS服务器,因此我们需要手动将主机名添加到/etc/hosts文件中。
需要使用以下文本添加所有/etc/hosts文件
$sudo vi /etc/hosts 192.168.0.1 puppet 192.168.0.200 ubuntu1
默认情况下,人偶主控被称为人偶,这使设置人偶变得容易。这意味着,我们需要如以下示例192.168.0.1所示分配Puppet服务器,如果我们未在Puppet主服务器中指定值,则puppet客户端将无法与服务器通信。
安装和配置Puppet服务器
默认情况下,Ubuntu软件包管理器不提供puppet软件包,因为我们将从Puppet官方存储库下载并安装它。以下是用于将the存储库安装并添加到服务器计算机的命令。
以下是用于将人偶存储库安装并添加到服务器计算机的命令–
puppet$ sudo curl -O https://apt.puppetlabs.com/puppetlabs-release-pc1-xenial.deb % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 13662 100 13662 0 0 7787 0 0:00:01 0:00:01 --:--:-- 7784 puppet$ sudo dpkg -i puppetlabs-release-pc1-xenial.deb Selecting previously unselected package puppetlabs-release-pc1. (Reading database ... 91848 files and directories currently installed.) Preparing to unpack puppetlabs-release-pc1-xenial.deb ... Unpacking puppetlabs-release-pc1 (1.1.0-2xenial) ... Setting up puppetlabs-release-pc1 (1.1.0-2xenial) ...
安装木偶大师
puttet$ sudo apt-get update –y Hit:1 http://in.archive.ubuntu.com/ubuntu xenial InRelease Get:2 http://in.archive.ubuntu.com/ubuntu xenial-updates InRelease [102 kB] Get:3 http://security.ubuntu.com/ubuntu xenial-security InRelease [102 kB] Ign:4 http://apt.puppetlabs.com xenial InRelease Get:5 http://apt.puppetlabs.com xenial Release [13.3 kB] Get:6 http://apt.puppetlabs.com xenial Release.gpg [841 B] Get:7 http://in.archive.ubuntu.com/ubuntu xenial-backports InRelease [102 kB] Get:8 http://apt.puppetlabs.com xenial/PC1 amd64 Packages [11.9 kB] Get:9 http://apt.puppetlabs.com xenial/PC1 i386 Packages [11.4 kB] Get:10 http://apt.puppetlabs.com xenial/PC1 all Packages [6,786 B] Fetched 351 kB in 1s (192 kB/s) Reading package lists... Done
更新完成后,我们需要运行以下命令在本地人偶服务器上安装人偶。
puppet$ sudo apt-get install puppetserver Reading package lists... Done Building dependency tree Reading state information... Done The following additional packages will be installed: ca-certificates-java fontconfig-config fonts-dejavu-core java-common libavahi-client3 libavahi-common-data libavahi-common3 libcups2 libfontconfig1 libjpeg-turbo8 libjpeg8 liblcms2-2 libnspr4 libnss3 libnss3-nssdb libpcsclite1 libxi6 libxrender1 libxtst6 openjdk-8-jre-headless puppet-agent x11-common Suggested packages: default-jre cups-common liblcms2-utils pcscd openjdk-8-jre-jamvm libnss-mdns fonts-dejavu-extra fonts-ipafont-gothic fonts-ipafont-mincho ttf-wqy-microhei | ttf-wqy-zenhei fonts-indic The following NEW packages will be installed: ca-certificates-java fontconfig-config fonts-dejavu-core java-common libavahi-client3 libavahi-common-data libavahi-common3 libcups2 libfontconfig1 libjpeg-turbo8 libjpeg8 liblcms2-2 libnspr4 libnss3 libnss3-nssdb libpcsclite1 libxi6 libxrender1 libxtst6 openjdk-8-jre-headless puppet-agent puppetserver x11-common 0 upgraded, 23 newly installed, 0 to remove and 91 not upgraded. Need to get 79.8 MB of archives. After this operation, 246 MB of additional disk space will be used. Do you want to continue? [Y/n] y … … … Setting up libjpeg-turbo8:amd64 (1.4.2-0ubuntu3) ... Setting up liblcms2-2:amd64 (2.6-3ubuntu2) ... Setting up x11-common (1:7.7+13ubuntu3) ... update-rc.d: warning: start and stop actions are no longer supported; falling back to defaults Setting up libxtst6:amd64 (2:1.2.2-1) ... Setting up libnspr4:amd64 (2:4.12-0ubuntu0.16.04.1) ... Setting up java-common (0.56ubuntu2) ... Setting up libavahi-common-data:amd64 (0.6.32~rc+dfsg-1ubuntu2) ... Setting up libavahi-common3:amd64 (0.6.32~rc+dfsg-1ubuntu2) ... Setting up libavahi-client3:amd64 (0.6.32~rc+dfsg-1ubuntu2) ... Setting up libcups2:amd64 (2.1.3-4) ... Setting up libjpeg8:amd64 (8c-2ubuntu8) ... Setting up fonts-dejavu-core (2.35-1) ... Setting up fontconfig-config (2.11.94-0ubuntu1.1) ... … … … Setting up openjdk-8-jre-headless:amd64 (8u121-b13-0ubuntu1.16.04.2) ... update-alternatives: using /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/rmid to provide /usr/bin/rmid (rmid) in auto mode update-alternatives: using /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java to provide /usr/bin/java (java) in auto mode update-alternatives: using /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/keytool to provide /usr/bin/keytool (keytool) in auto mode update-alternatives: using /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/jjs to provide /usr/bin/jjs (jjs) in auto mode update-alternatives: using /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/pack200 to provide /usr/bin/pack200 (pack200) in auto mode update-alternatives: using /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/rmiregistry to provide /usr/bin/rmiregistry (rmiregistry) in auto mode update-alternatives: using /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/unpack200 to provide /usr/bin/unpack200 (unpack200) in auto mode update-alternatives: using /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/orbd to provide /usr/bin/orbd (orbd) in auto mode update-alternatives: using /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/servertool to provide /usr/bin/servertool (servertool) in auto mode update-alternatives: using /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/tnameserv to provide /usr/bin/tnameserv (tnameserv) in auto mode update-alternatives: using /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/jexec to provide /usr/bin/jexec (jexec) in auto mode Setting up puppetserver (2.7.2-1puppetlabs1) ... usermod: no changes Processing triggers for libc-bin (2.23-0ubuntu3) ... Processing triggers for systemd (229-4ubuntu10) ... Processing triggers for ureadahead (0.100.0-19) ...
为Puppet服务器启用防火墙
安装完成后,我们需要默认情况下为人偶打开防火墙,人偶的默认端口为8140,以下是用于为人偶服务器打开防火墙(UFW)的命令,以允许来自客户端的传入连接。
ubuntu@puppet:~$ sudo ufw allow 8140 Rules updated Rules updated (v6)
自定义Puppet服务器和节点的内存分配
默认情况下,会将2GB内存分配给Puppet主服务器,我们可以根据Puppet服务器的内存进行自定义。
我们需要编辑下面的文件“/etc/default/puppetserver”,我们需要找到下面的行并进行相应的编辑`JAVA_ARGS=”-Xms2g-Xmx2g-XX:MaxPermSize=256m”`,这里我使用的是4GB内存
ubuntu@puppet$ sudo nano /etc/default/puppetserver ########################################### # Init settings for puppetserver ########################################### # Location of your Java binary (version 7 or higher) JAVA_BIN="/usr/bin/java" # Modify this if you'd like to change the memory allocation, enable JMX, etc JAVA_ARGS="-Xms4g –Xmx4g -XX:MaxPermSize=256m" # These normally shouldn't need to be edited if using OS packages USER="puppet" GROUP="puppet" INSTALL_DIR="/opt/puppetlabs/server/apps/puppetserver" CONFIG="/etc/puppetlabs/puppetserver/conf.d" # Bootstrap path BOOTSTRAP_CONFIG="/etc/puppetlabs/puppetserver/services.d/,/opt/puppetlabs/server/apps/puppetserver/config/services.d/" # SERVICE_STOP_RETRIES can be set here to alter the default stop timeout in # seconds. For systemd, the shorter of this setting or 'TimeoutStopSec' in # the systemd.service definition will effectively be the timeout which is used. SERVICE_STOP_RETRIES=60 … …
完成配置后,我们需要启动PuppetMaster,并将检查PuppetMaster的状态。
ubuntu@puppet:~$ sudo systemctl start puppetserver ubuntu@puppet:~$ sudo systemctl status puppetserver puppet server.service - puppet server Service Loaded: loaded (/lib/systemd/system/puppetserver.service; disabled; vendor preset: enabled) Active: active (running) since Mon 2017-02-13 13:19:02 IST; 3s ago Process: 4943 ExecStart=/opt/puppetlabs/server/apps/puppetserver/bin/puppetserver start (code=exited, status=0/SUCCESS) Main PID: 4954 (java) Tasks: 26 Memory: 983.1M CPU: 50.819s CGroup: /system.slice/puppetserver.service └─4954 /usr/bin/java -Xms2g -Xmx2g -XX:MaxPermSize=256m -Djava.security.egd=/dev/urandom -XX:OnOutOfMemoryError=k Feb 13 13:18:10 puppet systemd[1]: Starting puppetserver Service... Feb 13 13:18:10 puppet puppetserver[4943]: OpenJDK 64-Bit Server VM warning: ignoring option MaxPermSize=256m; support was r Feb 13 13:19:02 puppet systemd[1]: Started puppetserver Service.
在人偶节点上安装代理
我们需要为所有客户端安装代理,为此,我们需要添加OfficialPuppet存储库,然后在客户端上安装代理。
ubuntu@ubuntu1:~$ sudo wget https://apt.puppetlabs.com/puppetlabs-release-pc1-xenial.deb --2017-02-13 13:24:49-- https://apt.puppetlabs.com/puppetlabs-release-pc1-xenial.deb Resolving apt.puppetlabs.com (apt.puppetlabs.com)... 192.155.89.90, 2600:3c03::f03c:91ff:fedb:6b1d Connecting to apt.puppetlabs.com (apt.puppetlabs.com)|192.155.89.90|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 13662 (13K) [application/x-debian-package] Saving to: ‘puppetlabs-release-pc1-xenial.deb’ puppetlabs-release-pc1-xeni 100%[=========================================>] 13.34K --.-KB/s in 0.01s 2017-02-13 13:24:50 (1.29 MB/s) - ‘puppetlabs-release-pc1-xenial.deb’ saved [13662/13662] ubuntu@ubuntu1:~$ sudo dpkg -i puppetlabs-release-pc1-xenial.deb Selecting previously unselected package puppetlabs-release-pc1. (Reading database ... 91848 files and directories currently installed.) Preparing to unpack puppetlabs-release-pc1-xenial.deb ... Unpacking puppetlabs-release-pc1 (1.1.0-2xenial) ... Setting up puppetlabs-release-pc1 (1.1.0-2xenial) ... sudo dpkg -i puppetlabs-release-pc1-xenial.deb Selecting previously unselected package puppetlabs-release-pc1. (Reading database ... 91848 files and directories currently installed.) Preparing to unpack puppetlabs-release-pc1-xenial.deb ... Unpacking puppetlabs-release-pc1 (1.1.0-2xenial) ... Setting up puppetlabs-release-pc1 (1.1.0-2xenial) ... $ sudo apt-get update Get:1 http://security.ubuntu.com/ubuntu xenial-security InRelease [102 kB] Hit:2 http://in.archive.ubuntu.com/ubuntu xenial InRelease Ign:3 http://apt.puppetlabs.com xenial InRelease Get:4 http://in.archive.ubuntu.com/ubuntu xenial-updates InRelease [102 kB] Get:5 http://apt.puppetlabs.com xenial Release [13.3 kB] Get:6 http://apt.puppetlabs.com xenial Release.gpg [841 B] Get:7 http://in.archive.ubuntu.com/ubuntu xenial-backports InRelease [102 kB] Get:8 http://apt.puppetlabs.com xenial/PC1 amd64 Packages [11.9 kB] Get:9 http://apt.puppetlabs.com xenial/PC1 i386 Packages [11.4 kB] Get:10 http://apt.puppetlabs.com xenial/PC1 all Packages [6,786 B] Fetched 351 kB in 1s (201 kB/s) Reading package lists... Done
添加存储库后,我们需要运行以下命令来安装代理
ubuntu@ubuntu1:~$ sudo apt-get install puppet-agent Reading package lists... Done Building dependency tree Reading state information... Done The following NEW packages will be installed: puppet-agent 0 upgraded, 1 newly installed, 0 to remove and 91 not upgraded. Need to get 15.5 MB of archives. After this operation, 92.2 MB of additional disk space will be used. Get:1 http://apt.puppetlabs.com xenial/PC1 amd64 puppet-agent amd64 1.9.1-1xenial [15.5 MB] Fetched 15.5 MB in 32s (476 kB/s) Selecting previously unselected package puppet-agent. (Reading database ... 91853 files and directories currently installed.) Preparing to unpack .../puppet-agent_1.9.1-1xenial_amd64.deb ... Unpacking puppet-agent (1.9.1-1xenial) ... Processing triggers for libc-bin (2.23-0ubuntu3) ... Setting up puppet-agent (1.9.1-1xenial) ... Created symlink from /etc/systemd/system/multi-user.target.wants/puppet.service to /lib/systemd/system/puppet.service. Created symlink from /etc/systemd/system/multi-user.target.wants/mcollective.service to /lib/systemd/system/mcollective.service. Created symlink from /etc/systemd/system/multi-user.target.wants/pxp-agent.service to /lib/systemd/system/pxp-agent.service. Removed symlink /etc/systemd/system/multi-user.target.wants/pxp-agent.service. Processing triggers for libc-bin (2.23-0ubuntu3) ...
安装成功后,我们需要启动代理并在启动时启用它。
ubuntu@ubuntu1:~$ sudo systemctl start puppet ubuntu@ubuntu1:~$ sudo systemctl enable puppet
在PuppetMaster上对代理节点签名证书
当我们第一次运行代理节点时,该节点会将签名请求发送到Puppet主服务器,在该节点与Puppet主服务器之间发生任何通信之前,将在Puppet主服务器上创建证书签名请求
要使用Puppet主服务器查看当前的证书请求列表,请运行bellow命令
root@puppet:~# sudo /opt/puppetlabs/bin/puppet cert list "ubuntu1" (SHA256) 60:4C:AE:CE:BD:3F:EC:2F:C6:70:F6:45:62:EC:9A:AF:B2:8B:1C:42:4A:67:BB:C5:F6:F4:AE:BF:38:87:EA:9E
签署请求
要签署请求,请对特定节点运行以下命令。
$ sudo /opt/puppetlabs/bin/puppet cert sign ubuntu1 Signing Certificate Request for: "ubuntu1" (SHA256) 60:4C:AE:CE:BD:3F:EC:2F:C6:70:F6:45:62:EC:9A:AF:B2:8B:1C:42:4A:67:BB:C5:F6:F4:AE:BF:38:87:EA:9E Notice: Signed certificate request for ubuntu1 Notice: Removing file Puppet::SSL::CertificateRequest ubuntu1 at '/etc/puppetlabs/puppet/ssl/ca/requests/ubuntu1.pem'
要对请求进行签名,一次对所有节点运行以下命令
$ sudo /opt/puppetlabs/bin/puppet cert sign –all
创建和执行演示列表
演示示例列表
# vi /etc/puppetlabs/code/environments/production/manifests/site.pp
file {'/tmp/example-ip': # resource type file and filename
ensure => present, # make sure it exists
mode => '0644', # file permissions
content => "The Node IP address is ${ipaddress_eth0}!\n", # note the ipaddress_eth0 fact
}这将显示/tmp文件夹中的IP地址,列表将确保/tmp文件夹中的所有节点都具有example-IP文件。
从客户端执行列表
以下是运行我们在服务器上创建的演示列表的命令
root@ubuntu1:~# sudo /opt/puppetlabs/bin/puppet agent --test
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for ubuntu1
Info: Applying configuration version '1486993606'
Notice: /Stage[main]/Main/File[/tmp/example-ip]/ensure: defined content as '{md5}438876fa0fef0d66a99582754b266473'
Notice: Applied catalog in 0.21 seconds在上面的教程中,我们了解了–如何安装和配置PuppetMaster和Puppet节点,以及如何为这些节点添加Signin证书。此外,我们还创建了一个演示以从节点列表并执行以获取结果。