[Automation] PUPPET service installation and deployment

Introduction to puppet

Puppet is a centralized configuration management system based on Lnux, Unix, and Windows platforms developed in ruby ​​language. It uses its own puppet description language to manage system entities such as configuration files, users, cron tasks, software packages, and system services.

Puppet relies on the C/S (client/server) deployment architecture. It needs to install the puppet-server software package (hereinafter referred to as master) on the puppet server, and install the puppet client software (hereinafter referred to as client) on the target host to be managed.

In order to ensure security, the master and client are based on SSL and certificates. Only the client authenticated by the master certificate can communicate with the master.

Puppet working principle

  • 1. Client puppet calls fast to detect some variables of the host, such as host name, memory size, IP address Wait. Puppet sends this information to the server using an SSL connection;
  • 2, the puppetmaster on the server analyzes and detects the host name of the client through the fast tool, and then finds the corresponding node configuration in the main configuration file manifest of the project, and This part of the content is parsed. The information sent by fast can be processed as a variable. The code involved in node will be parsed. The code that is not involved will not be parsed. The parsing is divided into grammar checking. If the grammar is correct, continue parsing, and the parsing result will generate a The result is’pseudo code’, and then the’pseudo code’ is sent to the client;
  • 3. The client receives the’pseudo code’ and executes it, and the client sends the execution result to the server;
  • 4. The server writes the execution result of the client into the log.

Experiment:

Use four servers to simulate a Puppet environment. The specific topology is as follows:
[Automation]Puppet Service installation and deployment

1. Install NTP Server

Because Puppet needs Use SSL certificate, rely on time synchronization, all need to build NTP server.

(1) Turn off the firewall and security policies of all servers

systemctl stop firewalld.service 
systemctl disable firewalld.service
setenforce 0

(2) yum install NTP and modify the configuration file

yum install ntp -y #install ntp 

vi /etc/ntp.conf
#24 line Add two lines of records
server 127.127.26.0
fudge 127.127.26.0 stratum 8

(3) Start ntp service

service ntpd start #start ntp service< br />chkconfig ntpd on

(4) View synchronization status`

ntpstat #View synchronization status

[Automation] Puppet service installation And deployment

2. Install Puppet Master

(1) Planning the host Name

vi /etc/hostname
master.test.cn #Modify the corresponding host name

vi /etc/hosts #Add
192.168.26.131 master.test.cn
192.168.26.132 client1.test.cn
192.168.26.133 client2.test.cn

Then restart and turn off the security policy again

setenforce 0

(2) Set up NTP client service

yum install ntp -y
service ntpd start #Start ntp service
ntpdate 192.168. 26.130 (NTPs erver address)

[Automation]Puppet service installation and deployment

(3) Install puppet control terminal

yum install -y epel-replease #install epel source
yum install -y puppet-server #yum install puppet server

(4) Start Puppet main program

systemctl enable puppetmaster.service
systemctl start puppetmaster.service

3. Install Puppet client (client1 client2 configuration is the same)< /h3>

(1) Plan the host name

vi /etc/hostname
client1.test.cn #Modify the corresponding host name

vi /etc /hosts #Add
192.168.26.131 master.test.cn
192.168.26.132 client1.test.cn
192.168.26.133 client2.test.cn

Then restart, Turn off the security policy again

setenforce 0

(2) Set up NTP client service

yum install ntp -y
service ntpd start #Start ntp service
ntpdate 192.168.26.130 (NTPserver address)

(3) Install puppet control terminal

yum install -y epel-replease #install epel source
yum install -y puppet #yum install the puppet control terminal

(4) Edit the puppet configuration file

vi /etc/puppet/puppet.conf
[main] < br /> server = master.test.cn
......

[Automation]Puppet service installation and deployment
(5) Client application certificate

puppet agent --server=master.test.cn --no-daemonize --verbose #The two client-side execution commands are the same.

After execution, there will be the following prompt:

Info: Creating a new SSL key for client2.test.cn
Info: Caching certificate for ca
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for client2.test.cn
Info: Certificate Request fingerprint (SHA256) : 9E:E6:4D:3F:5B:03:D2:72:08:FF:0B:E7:92:48:45:FA:B7:2C:89:B5:12:CB:EC:8F:2E :50:B4:02:5F:4C:DF:17
Info: Caching certificate for ca

Wait for a while and press ctrl+c to end

4. Go to the Puppet Master to view the application information

(1) View the client applying for the certificate

puppet cert list

[Automation]Puppet service Installation and deployment

(2) Authorize unapplied clients

< pre>puppet cert sign –all

[Automation]Puppet service installation and deployment
(3) View the registered clients through the directory

ll /var/lib/puppet/ssl/ca/signed/

[Automation]Puppet service installation and deployment

5. Batch modify client ssh port

master End configuration:

(1) Create an ssh module, there are 3 files under the module: manifests, templates and files

mkdir -p /etc/puppet/modules/ ssh/{manifests,templates,files} #module information
mkdir /etc/puppet/manifests/nodes #node information
mkdir /etc/puppet/modules/ssh/files/ssh #module file release Directory
chown -R puppet /etc/puppet/modules/ #Modify permissions

(2) Create module configuration file install.pp

vi /etc/puppet/modules /ssh/manifests/install.pp #Create a new file (first make sure the client installs the ssh service)

class ssh::install{
package{"openssh":
ensure = > present,
}
}

(3) Create the module configuration file config.pp

vi /etc/puppet/modules/ssh/manifests/config .pp #Create a new module configuration file, configure the files that need to be synchronized
class ssh::config {
file {"/etc/ssh/sshd_config": #Configure the file that the client needs to synchronize
ensure => present, #Make sure this file exists in the client
owner => "root ", #File belonging user
group => "root", #File belonging group
mode => "0600", #File attribute
source => "puppet://$puppetserver/ modules/ssh/ssh/sshd_config", #Sync files from the server
require => Class["ssh::install"], #Call install.pp to confirm that ssh is installed
notify => Class[ "ssh::service"], #If config.pp changes, notify service.pp
}
}

(4) Create module configuration file service.pp

vi /etc/puppet/modules/ssh/manifests/service.pp #New server module file
class ssh::service {
service {"sshd":
ensure =>running, #Make sure ssh is running
hasstatus=>true, #puppet service support status command
hasrestart=>true, #puppet service support restart command
enable=>true, #server Whether to boot or not
require=>Class["ssh::config"] #Confirm that config.pp calls
}
}

(5) Create the main configuration file of the module init. pp

vi /etc/puppet/modules/ssh/manifests/init.pp #New module main configuration file
class ssh{
include ssh::install,ssh::config ,ssh::service #Load the above configuration files into
}

At this time, there are four files in the /etc/puppet/modules/ssh/manifests directory:

(6) Establish a server-side ssh unified maintenance file
Copy the server-side ssh configuration file sshd_config to the default path of the module

cp /etc/ssh/sshd_config /etc/puppet/modules/ssh/files/ ssh/
chown -R puppet /etc/puppet/modules/ssh/files/ssh/sshd_config #Modify permissions

(7) Create a test node configuration file, and load ssh into it p>

vi /etc/puppet/manifests/nodes/ssh.pp 
node'client1.test.cn' {
include ssh
}
node'client2. test.cn' {
include ssh
}

(8) Load the test node into puppet and create the site file site.pp

vi /etc/ puppet/manifests/site.pp //Load the test node into puppet//
import "nodes/ssh.pp"

(9) Modify the sshd_cofig configuration file maintained by the server

vi /etc/puppet/modules/ssh/files/ssh/sshd_config #Modify line 19
Port 9922

(10) Restart puppet

systemctl restart puppetmaster

The following is how the client obtains server-side resources:

(1) General In a small-scale automated cluster, the client takes the initiative to pull

puppet agent -t

[Automation]Puppet service installation and deployment
View the content of /etc/ssh/sshd_config on the client
[Automation] Puppet service installation and deployment
Check whether the server ssh service is restarted and whether the port is valid.
[Automation] Puppet service installation and Deployment
(2) When deploying on a large scale, use server push

client side ( 192.168.26.133) as an example:

1) Modify the configuration file

vi /etc/puppet/puppet.conf #The last line adds monitoring port 8139
listen = true< /pre>
vi /etc/puppet/auth.conf #Add the last line to allow any server to push
allow *

2) Start the puppet client

systemctl start puppetagent

Check the port content of /etc/ssh/sshd_config on the client
[Automation]Puppet service installation and deployment
Check whether the server ssh service is restarted and the port is in effect
[Automation]Puppet service installation and deployment
master :

3) Modify the sshd_cofig configuration file maintained by the server

vi /etc/puppet/modules/ssh/files/ssh/sshd_config #Modify 19 lines
Port 8822

4) Start pushing to the client

puppet kick client2.test.cn

[Automation]Puppet service installation and deployment
View the content of /etc/ssh/sshd_config on the client
[Automation]Puppet service Installation and deployment
Check whether the ssh service is restarted and the port is valid on the client
 [Automation] Puppet service installation and deployment

WordPress database error: [Table 'yf99682.wp_s6mz6tyggq_comments' doesn't exist]
SELECT SQL_CALC_FOUND_ROWS wp_s6mz6tyggq_comments.comment_ID FROM wp_s6mz6tyggq_comments WHERE ( comment_approved = '1' ) AND comment_post_ID = 2240 ORDER BY wp_s6mz6tyggq_comments.comment_date_gmt ASC, wp_s6mz6tyggq_comments.comment_ID ASC

Leave a Comment

Your email address will not be published.