# Author:fairylly
1、Puppet kick主动通知客户端更新
编辑客户端/etc/puppet/puppet.conf,开启监听:
在[agent]后面添加
listen = true //这个是让puppet监听8139端口
编辑客户端/etc/puppet/auth.conf,设置允许服务端访问/run:
path /run
auth any
method save
allow puppetmaster.com
# deny everything else; this ACL is not strictly necessary, but
# illustrates the default policy.
path /
auth any
注意:要放在path /前面,path /默认拒绝其它路径;
重启puppet
推送方法:
在服务端运行命令:
puppet kick -p 10 –host 客户端
例:
# puppet kick -p 10 --host puppetclient1.com --host puppetclient2.com
Warning: Puppet kick is deprecated. See http://links.puppetlabs.com/puppet-kick-deprecation
Warning: Failed to load ruby LDAP library. LDAP functionality will not be available
Triggering puppetclient1.com
Triggering puppetclient2.com
Getting status
status is success
puppetclient1.com finished with exit code 0
Getting status
status is success
puppetclient2.com finished with exit code 0
Finished
为了方便操作,可以把客户端配置到文档中:
# cat puppetclient.txt
puppetclient1.com
puppetclient2.com
# puppet kick -p 10 --host `cat puppetclient.txt`
2、Puppet客户端定时更新
Puppet客户端定时更新时间默认为30分钟
查看方法:
# puppet agent --configprint runinterval
1800
客户端/etc/puppet/puppet.conf中
[agent]
runinterval=5 #表示设置agent 5秒钟去同步
注意:runinterval=0,并不表示从来不运行,而是表示继续运行;
如果想要puppet agent从不运行,应该使用--no-client选项来启动;
例:puppet agent --no-client
# ps -ef | grep puppet
root 32442 1 0 11:47 ? 00:00:00 /usr/local/bin/ruby /usr/local/bin/puppet agent --no-client
root 32505 24436 0 11:48 pts/0 00:00:00 grep puppet
注意:使用--no-client选项,会启动守护进程但不检测配置,除非它被puppet kick触发;
而且只有当puppet.conf配置listen=true或启动时有带--listen选项时,它才生效;