-
puppet3.3.1-(六)-puppet&Dashboard问题记录2
2013-11-06 10:32:52
# Author:fairylly
11、puppet-dashboard启动脚本start后进程不存在
问题描述:
/etc/init.d/puppet-dashboard
启动脚本start启动后,puppet-dashboard进程不存在,使用脚本中命令执行:
/usr/bin/ruby /opt/puppet-dashboard/script/server
提示:
Database isn't the current migration version: expected 20120112195235, got 0
You must either run 'rake db:migrate' or set environmental variable NO_MIGRATION_CHECK
解决方法:
修改/etc/init.d/puppet-dashboard
/usr/bin/ruby /opt/puppet-dashboard/script/server >/dev/null 2>&1 &
修改为:
/usr/bin/ruby /opt/puppet-dashboard/script/server -e production>/dev/null 2>&1 &
12、puppet-dashboard提示没有权限访问报告
问题描述:
Background Tasks显示1 new failed task
点击链接,显示:
Importing report report-21631-3.yaml at 2013-11-05 10:22 CST
Permission denied - /opt/puppet-dashboard/spool/report-21631-3.yaml
解决方法:
修改/etc/init.d/puppet-dashboard
#/usr/bin/ruby /opt/puppet-dashboard/script/server -e production >/dev/null 2>&1 &
修改为:
sudo -u puppet-dashboard /opt/puppet-dashboard/script/server -e production >/dev/null 2>&1 &
13、puppet kick主动通知客户端提示连接失败
问题描述:
# puppet kick -p 10 --host puppetmaster.com
Warning: Puppet kick is deprecated. See http://links.puppetlabs.com/puppet-kick-deprecation
Warning: Failed to load ruby LDAP library. LDAP functionality will not be available
Triggering puppetmaster.com
Error: Host puppetmaster.com failed: Connection refused - connect(2)
puppetmaster.com finished with exit code 2
Failed: puppetmaster.com
解决方法:
在客户端/etc/puppet/puppet.conf
[agent]中配置listen=true
或者启动puppet时使用--listen选项启动
例:puppet agent --no-client --listen
14、puppet kick主动通知客户端提示错误号3
问题描述:
puppet kick执行一次后,再次执行,会提示错误号3。
# puppet kick -p 10 --host puppetclient1.com
Warning: Puppet kick is deprecated. See http://links.puppetlabs.com/puppet-kick-deprecation
Warning: Failed to load ruby LDAP library. LDAP functionality will not be available
Triggering puppetclient1.com
Getting status
status is running
Host puppetclient1.com is already running
puppetclient1.com finished with exit code 3
Failed: puppetclient1.com
这时客户端执行# puppet agent -t
Notice: Ignoring --listen on onetime run
Notice: Run of Puppet configuration client already in progress; skipping (/var/lib/puppet/state/agent_catalog_run.lock exists)
解决方法:
/var/lib/puppet/state/agent_catalog_run.lock存放的是puppet agent进程的pid
使用puppet agent --no-client方式进行启动,会生成该lock文件;
方法一:
rm -rf /var/lib/puppet/state/agent_catalog_run.lock
但此方法不方便,特别是在只使用puppet kick进行主动通知的部署方案中;
方法二:
更新ruby为2.0.0版本,facter/puppet也需要再重装次;
使用ruby2.0.0,多次执行puppet kick都是正常,不会生成该.lock文件;
具体原因不太清楚了,但实验结果是这样的。
-
puppet3.3.1-(六)-puppet&Dashboard问题记录1
2013-11-05 14:11:22
# Author:fairylly
1、puppetmaster启动失败
问题描述:
[root@mx puppet-3.3.1]# service puppetmaster start
Starting puppetmaster: /bin/bash: /usr/bin/puppet: /usr/bin/ruby: bad interpreter: No such file or directory
[FAILED]
解决方法:
[root@mx puppet-3.3.1]# whereis ruby
ruby: /usr/lib/ruby /usr/local/bin/ruby /usr/local/lib/ruby
vi /usr/bin/puppet
#!/usr/bin/ruby
修改为=》
#!/usr/local/bin/ruby
2、puppet agent --test提示Could not evaluate: Could not retrieve information from environment production source(s) puppet://puppetmaster.com/plugins
问题描述:
[root@mx ~]# puppet agent --test
Info: Retrieving plugin
Error: /File[/var/lib/puppet/lib]: Could not evaluate: Could not retrieve information from environment production source(s) puppet://puppetmaster.com/plugins
Info: Caching catalog for puppetclient1.com
Info: Applying configuration version '1382687178'
Notice: Finished catalog run in 0.03 seconds
解决方法:
服务端及客户端的/etc/puppet/puppet.conf配置文件中,指明:
pluginsync=false
重启puppetmaster/puppet服务,即可解决;
如果不设置pluginsync=false,那么就需要至少建个插件。
3、puppet agent --test提示SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
问题描述:
[root@mx puppet]# puppet agent --test
Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate signature failure for /CN=puppetmaster.com]
Info: Retrieving plugin
Error: /File[/var/lib/puppet/lib]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate signature failure for /CN=puppetmaster.com]
Error: /File[/var/lib/puppet/lib]: Could not evaluate: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate signature failure for /CN=puppetmaster.com] Could not retrieve file metadata for puppet://puppetmaster.com/plugins: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate signature failure for /CN=puppetmaster.com]
Error: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate signature failure for /CN=puppetmaster.com]
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
Error: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate signature failure for /CN=puppetmaster.com]
解决方法:
客户端删除现有ssl证书:
find /var/lib/puppet -type f -print0 |xargs -0r rm
服务端进行客户端证书删除操作:
puppet cert clean puppetclient1.com
客户端重新注册:
rm -f /var/lib/puppet/ssl/certs/puppetclient1.com.pem
puppet agent -t
服务端同意注册:
puppet cert sign puppetclient1.com
确认注册成功:
puppet agent -t
4、puppet agent --test提示not qualified and no path was specified. Please qualify the command or specify a path
问题描述:
exec { 'update-131018':
command => './update-131018.sh',
}
[root@mx /]# puppet agent -t
Info: Retrieving plugin
Info: Caching catalog for puppetclient1.com
Error: Failed to apply catalog: Validation of Exec[update-131018] failed: './update-131018.sh' is not qualified and no path was specified. Please qualify the command or specify a path. at /etc/puppet/manifests/site.pp:19
Wrapped exception:
'./update-131018.sh' is not qualified and no path was specified. Please qualify the command or specify a path.
解决方法:
command => './update-131018.sh',
Exec要求command使用绝对路径,或指定path路径;这里修改为绝对路径:
command => '/root/update-131018.sh',
path:命令执行的搜索路径。如果path没有被定义,命令需要使用绝对路径。路径可以以数组或以冒号分隔的形式来定义。
5、配置dashboard,rake db:migrate提示No Rakefile found
问题描述:
配置dashboard过程中,执行下述命令出错:
[root@mx lib]# rake RAILS_ENV=production db:migrate
rake aborted!
No Rakefile found (looking for: rakefile, Rakefile, rakefile.rb, Rakefile.rb)
(See full trace by running task with --trace)
解决方法:
未进入对应的工程目录;
# cd /opt/puppet-dashboard/
6、配置dashboard,rake db:migrate提示undefined method `source_index' for Gem:Module
问题描述:
[root@mx puppet-dashboard]# rake RAILS_ENV=production db:migrate
(in /opt/puppet-dashboard)
rake aborted!
undefined method `source_index' for Gem:Module
/opt/puppet-dashboard/Rakefile:4
(See full trace by running task with --trace)
解决方法:
rubygem版本过高,不兼容,安装低版本1.8.25;
7、gem install ruby-mysql提示:SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B
问题描述:
[root@mx puppet-dashboard]# gem install ruby-mysql
ERROR: While executing gem ... (Gem::RemoteFetcher::FetchError)
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (https://rubygems.global.ssl.fastly.net/gems/ruby-mysql-2.9.11.gem)
解决方法:
更新证书
[root@mx tls]# /usr/bin/openssl version -d
OPENSSLDIR: "/etc/pki/tls"
# cd /etc/pki/tls
# wget http://curl.haxx.se/ca/cacert.pem
# mv cert.pem cert.pem.bak
# mv cacert.pem cert.pem
8、gem install rails提示:make: *** [atomic_reference.o] Error 1
问题描述:
[root@mx puppet-dashboard]# gem install rails
Fetching: i18n-0.6.5.gem (100%)
Successfully installed i18n-0.6.5
Fetching: multi_json-1.8.2.gem (100%)
Successfully installed multi_json-1.8.2
Fetching: tzinfo-0.3.38.gem (100%)
Successfully installed tzinfo-0.3.38
Fetching: minitest-4.7.5.gem (100%)
Successfully installed minitest-4.7.5
Fetching: atomic-1.1.14.gem (100%)
Building native extensions. This could take a while...
ERROR: Error installing rails:
ERROR: Failed to build gem native extension.
/usr/local/bin/ruby extconf.rb
creating Makefile
make
gcc -I. -I. -I/usr/local/lib/ruby/1.8/i686-linux -I. -D_FILE_OFFSET_BITS=64 -fPIC -g -O2 -c atomic_reference.c
atomic_reference.c:75:2: error: #error No CAS operation available for this platform
make: *** [atomic_reference.o] Error 1
Gem files will remain installed in /usr/local/lib/ruby/gems/1.8/gems/atomic-1.1.14 for inspection.
Results logged to /usr/local/lib/ruby/gems/1.8/gems/atomic-1.1.14/ext/gem_make.out
解决方法:
# gem install atomic -- --with-cflags=-march=i686
9、启动puppet-dashboard提示:/usr/bin/env: ruby: No such file or directory
问题描述:
[root@mx puppet-dashboard]# sudo -u puppet-dashboard ./script/server -e production
/usr/bin/env: ruby: No such file or directory
解决方法:
# whereis ruby
ruby: /usr/lib/ruby /usr/local/bin/ruby /usr/local/lib/ruby
找不到ruby,在系统默认path下,增加ruby软链接,或者把/usr/local/bin增加到环境变更中;
# ln -s /usr/local/bin/ruby /usr/bin/ruby
10、启动puppet-dashboard提示:Rails Error: Unable to access log file
问题描述:
# sudo -u puppet-dashboard ./script/server -e production
Rails Error: Unable to access log file. Please ensure that /opt/puppet-dashboard/log/production.log exists and is chmod 0666. The log level has been raised to WARN and the output directed to STDERR until the problem is fixed.
解决方法:
确认/opt/puppet-dashboard/log/production.log文件是否存在,并且权限为666;
[root@mx puppet-dashboard]# ll /opt/puppet-dashboard/log/production.log
-rw-r--r-- 1 root root 51 Nov 1 17:10 /opt/puppet-dashboard/log/production.log
[root@mx puppet-dashboard]# chmod 666 /opt/puppet-dashboard/log/production.log
[root@mx puppet-dashboard]# ll /opt/puppet-dashboard/log/production.log
-rw-rw-rw- 1 root root 51 Nov 1 17:10 /opt/puppet-dashboard/log/production.log
-
puppet3.3.1-(五)-puppet-Dashboard安装配置
2013-11-05 14:09:11
# Author:fairylly
Puppet Dashboard是GUI(图形用户界面)方式管理puppet,可以查看puppet运行日志。
安装过程中,一直追求使用新版,导致安装配置一直出错,重装了好几次才成功,一定要注意相互匹配的版本才是安装成功的前提。
1、安装依赖
2 RubyGems
2 Rake version 0.8.3 or newer
2 MySQL database server version 5.x
2 Ruby-MySQL bindings version 2.7.x or 2.8.x
#gem source -r http://rubygems.org/ \\删除默认的源
#gem source -r http://production.s3.rubygems.org/
#gem sources -a http://ruby.taobao.org/ \\由于国内网络原因,导致rubygems.org 存放在 Amazon S3 上面的资源文件间歇性连接失败,所以使用淘宝提供的镜像
Rubygems
下载:
http://files.rubyforge.vm.bytemark.co.uk/rubygems/rubygems-1.8.25.tgz
Rubygems安装:
# tar xzvf rubygems-1.8.25.tgz
# cd rubygems-1.8.25
# ruby setup.rb
# gem -v
1.8.25
注:原来装了2.1.7版本,dashboard在准备架构:rake RAILS_ENV=production db:migrate时,会出错,具体见问题记录6;
Rake
1)直接安装:
# # gem install rake -v 0.8.7
注:原来装了10.1.0版本太高,会有问题;
Rails
安装:
# gem install rails -v 3.2.15
注:直接使用gem install rails安装4.0版本,会要求ruby版本>=1.9.3
activesupport requires Ruby version >= 1.9.3
安装rails过程中,如果有提示:make: *** [atomic_reference.o] Error 1
则先进行:# gem install atomic -- --with-cflags=-march=i686
具体见:问题记录8;
Mysql
版本确认:
# mysql -V
mysql Ver 14.12 Distrib 5.0.95, for redhat-linux-gnu (i386) using readline 5.1
安装方法:yum install -y mysql mysql-server mysql-devel
Ruby-mysql
下载:
ftp://ftp.pbone.net/mirror/ftp5.gwdg.de/pub/opensuse/repositories/home:/dibo2010:/buildservice/CentOS_CentOS-5/i386/ruby-mysql-2.8.1-9.1.i386.rpm
安装:
# yum install -y libruby
# rpm -ivh ruby-mysql-2.8.1-9.1.i386.rpm
mysql的gem模块
# gem install mysql
2、安装dashboard
Dashboard下载:
https://downloads.puppetlabs.com/dashboard/
安装:
# tar xzvf puppet-dashboard-1.2.23.tar.gz
# mv puppet-dashboard-1.2.23 /opt/puppet-dashboard
# groupadd puppet-dashboard
# useradd puppet-dashboard -g puppet-dashboard
# chown -R puppet-dashboard:puppet-dashboard /opt/puppet-dashboard
3、配置dashboard
# cd /opt/puppet-dashboard/config
# cp -af database.yml.example database.yml
# cp -af settings.yml.example settings.yml
database.yml包含生产(production)、开发(development)、测试环境(test);
我们使用生产环境,所以在database.yml以下位置修改:
production:
database: dashboard_production
username: dashboard
password: dashboard
encoding: utf8
adapter: mysql
4、创建dashboard数据库
mysql> CREATE DATABASE dashboard_production CHARACTER SET utf8;
mysql> CREATE USER 'dashboard'@'localhost' IDENTIFIED BY 'dashboard';
mysql> GRANT ALL PRIVILEGES ON dashboard_production.* TO 'dashboard'@'localhost';
mysql> flush privileges;
5、修改mysql最大数据包大小配置
Dashboard在罕见情况下,有可能发送一行17M的数据,为了确保正常运行,修改mysql最大数据包大小配置:
# vi /etc/my.cnf
# Allowing 32MB allows an occasional 17MB row with plenty of spare room max_allowed_packet = 32M
6、准备架构
一旦dashboard有了它的数据库,它就可以创建表,但是这必须手工完成的:db:migrate的rake任务。对于典型的production生产环境中使用的:
# rake RAILS_ENV=production db:migrate
7、启动bashboard
# sudo -u puppet-dashboard ./script/server -e production
启动后,可以使用:http://dashboardserver:3000进行访问;
8、配置puppet发送报告
Puppet客户端:
# puppet.conf (on each agent)
[agent]
report = true
Puppet服务端:
# puppet.conf (on puppet master)
[master]
reports = store,http
reporturl = http://dashboardserver:3000/reports/upload
注:服务端修改配置后,需要重启服务;
修改显示的时间:
默认为UTC# vi /opt/puppet-dashboard/config/environment.rb
#config.time_zone = 'UTC'
config.time_zone = 'Beijing'
配置后,如果已启动puppet-dashboard,则需要重启puppet-dashboard;
9、导入已存在报告
# rake RAILS_ENV=production reports:import
Importing 6 reports from /var/lib/puppet/reports in the background
Importing: 100% |###########################################################################################################################################| Time: 00:00:01
6 of 6 reports queued 查看(5181) 评论(0) 收藏 分享 管理
puppet3.3.1-(四)-puppet常用操作
2013-11-05 14:07:16
# Author:fairylly
1、puppet主服务器上的文件传输给puppet客户端
/etc/puppet/manifests/site.pp
file { 'Config.php':
path => '/var/www/html/luly/Config.php',
ensure => file,
source => 'puppet:///modules/www/Config.php',
owner => apache,
group => 'apache',
mode => 0644,
}
config.php:title文件名
path => '/var/www/html/Config.php':文件路径
ensure => file:确认为文件
source => 'puppet:///modules/www/Config.php':客户端从服务端该位置下载文件,即:/etc/puppet/modules/www/files/Config.php
(puppet:///modules目录,默认为:/etc/puppet/modules)
owner => apache:文件所属用户为apache
group => apache:文件所属组为apache
mode => 0644:文件权限为644
客户端执行:puppet agent -t
[root@mx /]# ll /var/www/html/luly/Config.php
-rw-r--r-- 1 apache apache 19 Oct 28 17:00 /var/www/html/luly/Config.php
[root@mx /]# cat /var/www/html/luly/Config.php
this is Config.php
注意:要确保客户端存在/var/www/html/路径,否则会出错;
2、puppet-exec之执行数据库脚本
/etc/puppet/manifests/site.pp
file { 'update_20131029.sql':
path => '/root/update_20131029.sql',
ensure => file,
source => 'puppet:///modules/sql/update_20131029.sql',
before => Exec['update_sql']
}
exec { 'update_sql':
command => '/usr/bin/mysql < /root/update_20131029.sql',
path => '/usr/bin'
}
file:
before => Exec['update_sql']:执行update_sql之前,先确认有/root/update_20131029.sql文件存在
(注意:调用Exec['update_sql'],Exec首字母要大写)
exec:
command => '/usr/bin/mysql < /root/update_20131029.sql':执行的命令
客户端执行:
[root@mx /]# puppet agent -t
Info: Retrieving plugin
Info: Caching catalog for puppetclient1.com
Info: Applying configuration version '1383035718'
Notice: /Stage[main]//File[update_20131029.sql]/ensure: defined content as '{md5}837a631949bee4b3824bda74df200d39'
Notice: /Stage[main]//Exec[update_sql]/returns: executed successfully
Notice: Finished catalog run in 0.50 seconds
3、puppet-exec之执行shell脚本
/etc/puppet/manifests/site.pp
file { 'update-131018.sh':
path => '/root/update-131018.sh',
ensure => file,
source => 'puppet:///modules/update_package/update-131018.sh',
owner => root,
mode => 0777,
before => Exec['update-131018']
}
file { 'update-131018.zip':
path => '/root/update-131018.zip',
ensure => file,
source => 'puppet:///modules/update_package/update-131018.zip',
before => Exec['update-131018']
}
exec { 'update-131018':
command => '/root/update-131018.sh',
}
执行exec的前提是:先有update-131018.sh及update-131018.zip两个文件,且update-131018.sh要有可执行权限;
客户端执行:
[root@mx /]# puppet agent -t
Info: Retrieving plugin
Info: Caching catalog for puppetclient1.com
Info: Applying configuration version '1383036536'
Notice: /Stage[main]//File[update-131018.sh]/ensure: defined content as '{md5}19e2d44448373148236f599270ebd485'
Notice: /Stage[main]//File[update-131018.zip]/ensure: defined content as '{md5}34d81766fd1a4c46f0b271df657ca5a3'
Notice: /Stage[main]//Exec[update-131018]/returns: executed successfully
Notice: Finished catalog run in 2.30 seconds
puppet3.3.1-(三)-puppet通知方式更改
2013-11-05 14:06:22
# Author:fairylly
1、Puppet kick主动通知客户端更新
编辑客户端/etc/puppet/puppet.conf,开启监听:
在[agent]后面添加
listen = true //这个是让puppet监听8139端口
编辑客户端/etc/puppet/auth.conf,设置允许服务端访问/run:
path /run
auth any
method save
allow puppetmaster.com
# deny everything else; this ACL is not strictly necessary, but
# illustrates the default policy.
path /
auth any
注意:要放在path /前面,path /默认拒绝其它路径;
重启puppet
推送方法:
在服务端运行命令:
puppet kick -p 10 –host 客户端
例:
# puppet kick -p 10 --host puppetclient1.com --host puppetclient2.com
Warning: Puppet kick is deprecated. See http://links.puppetlabs.com/puppet-kick-deprecation
Warning: Failed to load ruby LDAP library. LDAP functionality will not be available
Triggering puppetclient1.com
Triggering puppetclient2.com
Getting status
status is success
puppetclient1.com finished with exit code 0
Getting status
status is success
puppetclient2.com finished with exit code 0
Finished
为了方便操作,可以把客户端配置到文档中:
# cat puppetclient.txt
puppetclient1.com
puppetclient2.com
# puppet kick -p 10 --host `cat puppetclient.txt`
2、Puppet客户端定时更新
Puppet客户端定时更新时间默认为30分钟
查看方法:
# puppet agent --configprint runinterval
1800
客户端/etc/puppet/puppet.conf中
[agent]
runinterval=5 #表示设置agent 5秒钟去同步注意:runinterval=0,并不表示从来不运行,而是表示继续运行;
如果想要puppet agent从不运行,应该使用--no-client选项来启动;
例:puppet agent --no-client
# ps -ef | grep puppet
root 32442 1 0 11:47 ? 00:00:00 /usr/local/bin/ruby /usr/local/bin/puppet agent --no-client
root 32505 24436 0 11:48 pts/0 00:00:00 grep puppet
注意:使用--no-client选项,会启动守护进程但不检测配置,除非它被puppet kick触发;
而且只有当puppet.conf配置listen=true或启动时有带--listen选项时,它才生效;
puppet3.3.1-(二)-puppet3.3.1源码安装配置
2013-11-05 14:03:32
# Author:fairylly操作系统环境:CentOS5.4
软件包版本:
puppet-3.3.1.tar.gz
facter-1.7.3.tar.gz
ruby-1.8.7-p374.tar.gz
本资料中,服务端hostname为puppetmaster.com,客户端hostname为puppetclient1.com及puppetclient2.com
1、下载地址
Ruby下载:
https://www.ruby-lang.org/en/news/2013/06/27/ruby-1-8-7-p374-is-released/
http://cache.ruby-lang.org/pub/ruby/2.0/ruby-2.0.0-p247.tar.gz
Puppet下载:
https://downloads.puppetlabs.com/puppet/
http://puppetlabs.com/misc/download-options
Facter下载:
https://downloads.puppetlabs.com/facter/
2、安装前提
1)配置好puppet master及agent的hostname
2)并在/etc/hosts配置,使其可以相互解析
192.168.148.24 puppetmaster.com
192.168.146.239 puppetclient1.com
192.168.146.101 puppetclient2.com
3)同步puppet服务端及客户端时间;
3、安装ruby
# ruby-1.8.7-p374.tar.gz
# cd ruby-1.8.7-p374
# ./configure
# make
# make install
# tar xzvf ruby-2.0.0-p247.tar.gz
# cd ruby-2.0.0-p247
# ./configure
# make
# make install
安装Puppet3.x,要求Ruby1.8.7版本及以上,如果要安装puppet-dashboard推荐使用1.8.7;
如果不安装puppet-dashboard,只安装puppet,推荐使用2.0.0;
Puppet客户端使用1.8.7的ruby,会生成lock文件(/var/lib/puppet/state/agent_catalog_run.lock),使用puppet kick或puppet agent -t时,会出错;具体见问题记录14;
注意:系统中如果自带低版本ruby,需要卸载,以免安装facter和puppet时,识别不到新版本;
[root@mx local]# rpm -qa | grep ruby
ruby-devel-1.8.5-5.el5_3.7
ruby-1.8.5-5.el5_3.7
ruby-rdoc-1.8.5-5.el5_3.7
ruby-libs-1.8.5-5.el5_3.7
ruby-irb-1.8.5-5.el5_3.7
ruby-ri-1.8.5-5.el5_3.7
[root@mx local]# rpm -e ruby-ri
[root@mx local]# rpm -e ruby-rdoc
[root@mx local]# rpm -e ruby-irb
[root@mx local]# rpm -e ruby-devel
[root@mx local]# rpm -e ruby
[root@mx local]# rpm -e ruby-libs
[root@mx local]# rpm -qa | grep ruby
4、安装facter
# tar xzvf facter-1.7.3.tar.gz
# cd facter-1.7.3
# ruby install.rb
5、安装puppet
# tar xzvf puppet-3.3.1.tar.gz
# cd puppet-3.3.1
# ruby install.rb
6、配置puppet并启动服务
创建puppet用户组:
# sudo puppet resource group puppet ensure=present
创建puppet用户:
# sudo puppet resource user puppet ensure=present gid=puppet shell='/sbin/nologin'
# cp -af ext/redhat/puppet.conf /etc/puppet/
服务端在[main]中增加:
server = puppetmaster的hostname
certname = puppetmaster的hostname
客户端在[main]中增加:
server = puppetmaster的hostname
创建puppetmaster启动脚本:
# cp -af puppet-3.3.1/ext/redhat/server.init /etc/init.d/puppetmaster
# chmod +x /etc/init.d/puppetmaster
可以使用puppet启动并永久启用puppetmaster:
# puppet resource service puppetmaster ensure=running enable=true
或:
# service puppetmaster start/stop
创建puppet启动脚本:
# cp -af ext/redhat/client.init /etc/init.d/puppet
# chmod +x /etc/init.d/puppet
可以使用puppet启动并永久启用puppet:
# puppet resource service puppet ensure=running enable=true
或:
# service puppet start/stop
7、注册操作
客户端创建注册请求:
puppet agent -t同puppet agent --test
[root@mx ~]# puppet agent --test
Info: Caching certificate for ca
Info: Creating a new SSL certificate request for puppetclient1.com
Info: Certificate Request fingerprint (SHA256): 8C:66:ED:74:BC:A4:8A:94:F4:8A:9D:CE:B6:04:2A:8B:61:13:BE:D7:F7:71:19:7D:11:DA:49:AC:E5:C1:7A:13
Exiting; no certificate found and waitforcert is disabled
服务端查看注册请求:
[root@mx ~]# puppet cert list
"puppetclient1.com" (SHA256) 8C:66:ED:74:BC:A4:8A:94:F4:8A:9D:CE:B6:04:2A:8B:61:13:BE:D7:F7:71:19:7D:11:DA:49:AC:E5:C1:7A:13
# puppet cert list --all
查看所有客户端的请求(有+号的代表已经签好证书可以通信,没有加号的代表尚未签好证书)
服务端受理注册请求:
[root@mx ~]# puppet cert sign puppetclient1.com
Notice: Signed certificate request for puppetclient1.com
Notice: Removing file Puppet::SSL::CertificateRequest puppetclient1.com at '/var/puppet/vardir/ssl/ca/requests/puppetclient1.com.pem'
# puppet cert sign --all
受理所有注册请求
客户端确认注册是否成功:
[root@mx ~]# puppet agent --test
Info: Retrieving plugin
Info: Caching catalog for puppetclient1.com
Info: Applying configuration version '1382687178'
Notice: Finished catalog run in 0.03 seconds
至此,客户端已经在服务端注册成功;
服务端清理证书:
[root@mx ~]# puppet cert clean puppetclient1.com
8、配置服务端自动受理注册
在服务端:
/etc/puppet/puppet.conf
master中增加:autosign = ture
[master]
autosign = true
/etc/puppet/autosign.conf
配置客户端的certname,(可直接使用hostname),一个一行,例:
# cat /etc/puppet/autosign.conf
puppetclient1.com
puppetclient2.com
9、测试是否正常
在服务端编写执行代码:
[root@mx ~]# vim /etc/puppet/manifests/site.pp
-----------------添加如下内容-----------------------
file { "/tmp/temp1.txt":
content => "Hello World\n"; }
-----------------添加内容结束------------------------在客户端执行命令:
[root@mx ~]# puppet agent --test
Info: Retrieving plugin
Info: Caching catalog for puppetclient1.com
Info: Applying configuration version '1382687704'
Notice: /Stage[main]//File[/tmp/temp1.txt]/ensure: defined content as '{md5}e59ff97941044f85df5297e1c302d260'
Notice: Finished catalog run in 0.03 seconds
在客户端查看是否成功创建:
[root@mx ~]# cat /tmp/temp1.txt
Hello World
puppet3.3.1-(一)-puppet介绍及参考资料
2013-11-05 14:01:18
# Author:fairylly
一、Puppet介绍
Puppet是一个C/S架构的配置管理工具,在中央服务器上安装puppet-server软件包(被称作Puppetmaster)。在需要管理的目标主机上安装puppet客户端软件(被称作PuppetClient)。当客户端连接上Puppetmaster后,定义在 Puppetmaster上的配置文件会被编译,然后在客户端上运行。每个客户端默认每半个小时和服务器进行一次通信,确认配置信息的更新情况。如果有新的配置信息或者配置信息已经改变,配置将会被重新编译并发布到各客户端执行。也可以在服务器上主动触发一个配置信息的更新,强制各客户端进行配置。如果客户端的配置信息被改变了,它可以从服务器获得原始配置进行校正。
二、参考资料
puppet官网手册:
http://docs.puppetlabs.com/puppet/3/reference/index.html
安装:http://docs.puppetlabs.com/guides/installation.html
语法:http://docs.puppetlabs.com/puppet/3/reference/lang_visual_index.html
配置:http://docs.puppetlabs.com/guides/configuring.html
Dashboard安装文档:
http://docs.puppetlabs.com/dashboard/manual/1.2/bootstrapping.html#installing-dependencies
专题:puppet运维自动化那些事儿:
http://os.51cto.com/art/201306/398025.htm
puppet运维自动化之Exec资源管理:
http://os.51cto.com/art/201205/334242.htm
puppet3.3.1-前言
2013-11-05 13:46:01
# Author:fairylly因开发、测试环境使用到多台服务器,每次发布升级包后,要同步部署到各服务器上,需要花费较多时间,故考虑进行自动化升级;配置管理工程师推荐使用:cfengine、puppet简单了解了下,cfengine确实挺强大的,但是语法有点深奥,所以最后决定使用puppet;花了些时间学习,因年老记性不好,所以记录了下学习内容;主要章节:1、puppet介绍及参考资料2、puppet3.3.1源码安装配置3、puppet通知方式更改4、puppet常用操作5、puppet-Dashboard安装配置6、puppet&Dashboard问题记录
我的栏目
标题搜索
我的存档
数据统计
- 访问量: 1095208
- 日志数: 260
- 文件数: 1
- 书签数: 1
- 建立时间: 2009-01-05
- 更新时间: 2017-08-22