brief introduction
Puppet is a centralized configuration management system for Linux, Unix and windows platforms. It uses its own puppet description language to manage configuration files, users, cron tasks, software packages, system services, etc. These system entities are called resources by puppet. The design goal of puppet is to simplify the management of these resources and properly handle the dependency between resources.
Puppet adopts the C/S star structure, all clients interact with one or several servers. Each client cycle (default half an hour) sends a request to the server to obtain its latest configuration information and ensure synchronization with the configuration information. Every puppet client connects to the server every half an hour (can be set), downloads the latest configuration file, and configures the client strictly according to the configuration file. After configuration, the puppet client can feed back a message to the server. If there is an error, it will also feed back a message to the server.
Workflow
The puppet client will first connect to the puppet server, and send the basic configuration information of the client to the server through the factor tool. The server analyzes the host name of the client, finds the configuration code of the host through the node definition, compiles the configuration code, and sends the compiled configuration code back to the client, The client executes the code to complete the configuration, and feeds back the code execution to the puppet server
Common resources
Common resources include notify (debug and output), file (configuration file), package (software installation), service (Service Management), exec (execute command), cron (timing script), user (user), group (user group)
preparation in advance
Prepare two Centos7 virtual machines, one for server and one for agent. Configure IP address and hostname (strictly match FQDN format), synchronization time, turn off firewall and selinux, and configure IP address and hostname mapping
| hostname | ip |
|---|---|
| puppet-master.jun.cc | 192.168.29.136 |
| puppet-agent.jun.cc | 192.168.29.137 |
Download the official rpm package and configure the yum source
Download address: http://yum.puppetlabs.com/el/7/products/x86_64/
Deploy Puppet Master
#Install software [root@puppet-master ~]# yum install puppet-server puppet -y #Start service [root@puppet-master ~]#systemctl start puppetmaster start #View startup status [root@puppet-master ~]# netstat -tnlp |grep 8140
Modify profile
[root@puppet-master ~]# vi /etc/puppet/puppet.conf certname=puppet-master.jun.cc #Define the name of your own signature authentication, that is, your own host name
Deploy puppet agent
#Install software [root@puppet-agent ~]# yum install puppet -y
Modify profile
[root@puppet-agent ~]# vi /etc/puppet/puppet.conf certname=puppet-agent.jun.cc #Define the name of your own signature authentication, that is, your own host name server=puppet-master.jun.cc #Specify puppetmaster runinterval=60 #Define how often an agent actively pulls resources from the master
Realize the authentication connection between master and agent
agent tries to send registration application
[root@puppet-agent ~]# puppet agent -t
Authentication connection at the master end
#View authentication request [root@puppet-master ~]# puppet cert --list #Issue certification [root@puppet-master ~]# puppet cert sign --all
agent sends registration application again
[root@puppet-agent ~]# puppet agent -t #Generate Certificate in / var/lib/puppet/ssl
Application cases
1. Create file
#Edit profile
[root@puppet-master ~]# vi /etc/puppet/manifests/site.pp
#Create a file
#Set deployment node
node 'puppet-agent.jun.cc'{
#Format: file resource {'title': attribute = > value,}
#title can be named by itself
file{'aaa':
#Specify path
path => "/tmp/puppet.txt",
#Add file content
content => "Hello puppet agent";
}
}
#Pull resources manually at agent end
[root@puppet-agent ~]# puppet agent -t
#View execution
[root@puppet-agent ~]# cat /tmp/puppet.txt
Hello puppet agent[root@puppet-agent ~]#2. Create users kawhi and www
#Edit profile
[root@puppet-master ~]# vi /etc/puppet/manifests/site.pp
node 'puppet-agent.jun.cc'{
user{'abc':
name => kawhi,
#present: must exist
ensure => present,
uid => 1024;
}
user{'bcd':
name => www,
ensure => present,
uid => 1056;
}
}
#Wait for 60s, the agent automatically pulls resources
#View execution
[root@puppet-agent ~]# id kawhi
uid=1024(kawhi) gid=1024(kawhi) group=1024(kawhi)
[root@puppet-agent ~]# id www
uid=1056(www) gid=1056(www) group=1056(www)3. Install vsftpd in agent
#Create software module catalog
#The manifest directory is the function code directory of the module
#The files directory is the resource directory
[root@puppet-master ~]# mkdir -pv /etc/puppet/modules/vsftpd/{manifests,files}
#Write module core file
[root@puppet-master ~]# vi /etc/puppet/modules/vsftpd/manifests/init.pp
class vsftpd{
#Configure yum source
yumrepo {"Server":
descr => "Server repo",
#Resources need to be attached to the agent in advance
baseurl => "file:///media/CentOS_6.10_Final",
gpgcheck => "0",
enabled => "1";
}
#Processing package
package {"vsftpd":
ensure => installed,
#The first letter needs to be capitalized when associating yum resources
require => Yumrepo["Server"];
}
#Configure services
service {"vsftpd":
#Open service
ensure => running;
}
}
#Call module
#Edit profile
[root@puppet-master ~]# vi /etc/puppet/manifests/site.pp
node 'puppet-agent.jun.cc'{
include vsftpd
}
#Check configuration syntax
[root@puppet-master ~]# puppet parser validate /etc/puppet/modules/vsftpd/manifests/init.pp
[root@puppet-master ~]# puppet parser validate /etc/puppet/manifests/site.pp
#Pull resources manually at agent end
[root@puppet-agent ~]# puppet agent -t
#View service status
[root@puppet-agent ~]# netstat -tnlp |grep vsftpd
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 2404/vsftpd