Puppet 简明教程

Puppet - Configuration

一旦我们在系统上安装完 Puppet,下一步就是对其进行配置以执行某些初始操作。

Once we have Puppet installed on the system, the next step is to configure it to perform certain initial operations.

Open Firewall Ports on Machines

为了让 Puppet 服务器集中管理客户端服务器,需要在所有机器上打开一个指定端口,即 如果我们在尝试配置的机器上没有使用 8140 ,可以使用它。我们需要在所有机器上启用 TCP 和 UDP 通信。

To make the Puppet server manage the client’s server centrally, one needs to open a specified port on all the machines, i.e. 8140 can be used if it is not in use in any of the machines which we are trying to configure. We need to enable both TCP and UDP communication on all the machines.

Configuration File

Puppet 的主配置文件为 etc/puppet/puppet.conf 。所有配置文件都会在 Puppet 的基于包的配置中创建。在这些文件中保留了配置 Puppet 所需的大部分配置,而且一旦 Puppet 运行开始,它就会自动选取这些配置。但是,对于配置 Web 服务器或外部证书颁发机构 (CA) 等一些特定任务,Puppet 具有用于文件和设置的单独配置。

The main configuration file for Puppet is etc/puppet/puppet.conf. All the configuration files get created in a package-based configuration of Puppet. Most of the configuration which is required to configure Puppet is kept in these files and once the Puppet run takes place, it picks up those configurations automatically. However, for some specific tasks such as configuring a web server or an external Certificate Authority (CA), Puppet has separate configuration for files and settings.

服务器配置文件位于 conf.d 目录中,该目录又称为 Puppet 主控。这些文件默认位于 /etc/puppetlabs/puppetserver/conf.d 路径下。这些配置文件采用 HOCON 格式,该格式保留了 JSON 的基本结构,但更具可读性。当 Puppet 启动时,它会从 conf.d 目录中选取所有 .cong 文件并将它们用于进行任何配置更改。只有在重新启动服务器时,这些文件中的任何更改才会发生。

Server configuration files are located in conf.d directory which is also known as the Puppet master. These files are by default located under /etc/puppetlabs/puppetserver/conf.d path. These config files are in HOCON format, which keeps the basic structure of JSON but it is more readable. When the Puppet startup takes place it picks up all .cong files from conf.d directory and uses them for making any configurational changes. Any changes in these files only takes place when the server is restarted.

List File and Settings File

  1. global.conf

  2. webserver.conf

  3. web-routes.conf

  4. puppetserver.conf

  5. auth.conf

  6. master.conf (deprecated)

  7. ca.conf (deprecated)

Puppet 中有不同的配置文件,它们特定于 Puppet 中的每个组件。

There are different configuration files in Puppet which are specific to each component in Puppet.

Puppet.conf

Puppet.conf 文件是 Puppet 的主配置文件。Puppet 使用同一配置文件来配置所有必需的 Puppet 命令和服务。所有 Puppet 相关设置(例如 Puppet 主控、Puppet 代理、Puppet 应用和证书的定义)都在此文件中定义。Puppet 可以根据要求引用它们。

Puppet.conf file is Puppet’s main configuration file. Puppet uses the same configuration file to configure all the required Puppet command and services. All Puppet related settings such as the definition of Puppet master, Puppet agent, Puppet apply and certificates are defined in this file. Puppet can refer them as per requirement.

该配置文件类似于一个标准 ini 文件,其中设置可以进入主部分的特定应用程序部分。

The config file resembles a standard ini file wherein the settings can go into the specific application section of the main section.

Main Config Section

[main]
certname = Test1.vipin.com
server = TestingSrv
environment = production
runinterval = 1h

Puppet Master Config File

[main]
certname = puppetmaster.vipin.com
server = MasterSrv
environment = production
runinterval = 1h
strict_variables = true
[master]

dns_alt_names = MasterSrv,brcleprod01.vipin.com,puppet,puppet.test.com
reports = puppetdb
storeconfigs_backend = puppetdb
storeconfigs = true
environment_timeout = unlimited

Detail Overview

在 Puppet 配置中,要使用的文件有多个配置部分,其中每个部分有多种不同数量的设置。

In Puppet configuration, the file which is going to be used has multiple configuration sections wherein each section has different kinds of multiple number of settings.

Config Section

Puppet 配置文件主要包含以下配置部分。

Puppet configuration file mainly consists of the following config sections.

  1. Main − This is known as the global section which is used by all the commands and services in Puppet. One defines the default values in the main section which can be overridden by any section present in puppet.conf file.

  2. Master − This section is referred by Puppet master service and Puppet cert command.

  3. Agent − This section is referred by Puppet agent service.

  4. User − It is mostly used by Puppet apply command as well as many of the less common commands.

[main]
certname = PuppetTestmaster1.example.com

Key Components of Config File

以下是配置文件的主要组件。

Following are the key components of Config file.

Comment Lines

在 Puppet 中,任何注释行都以 ( # ) 符号开头。这可能意指任何数量的空间。我们也可以在同一行中添加部分注释。

In Puppet, any comment line starts with (#) sign. This may intend with any amount of space. We can have a partial comment as well within the same line.

# This is a comment.
Testing = true #this is also a comment in same line

Settings Lines

设置行的语法必须包含:

Settings line must consist of −

  1. Any amount of leading space (optional)

  2. Name of the settings

  3. An equals = to sign, which may be surrounded by any number of space

  4. A value for the setting

Setting Variables

在大多数情况下,设置的值是一个单词,但有些特殊情况下,则有几个特殊值。

In most of the cases, the value of settings will be a single word but in some special cases, there are few special values.

Paths

在配置文件设置中,列出目录。定义这些目录时,应该记住用系统路径分隔符分隔,在*nix平台上为“:”,在Windows上为分号“;”。

In configuration file settings, take a list of directories. While defining these directories, one should keep in mind that they should be separated by the system path separator character, which is (:) in *nix platforms and semicolons (;) on Windows.

# *nix version:
environmentpath = $codedir/special_environments:$codedir/environments
# Windows version:
environmentpath = $codedir/environments;C:\ProgramData\PuppetLabs\code\environment

在定义中,首先扫描列出的文件目录,然后再移动到列表中的其他目录,如果没找到一个。

In the definition, the file directory which is listed first is scanned and then later moves to the other directory in the list, if it doesn’t find one.

Files and Directories

所有接受单个文件或目录的设置都可以接受可选的权限哈希。当服务器启动时,Puppet将强制执行列表中的那些文件或目录。

All the settings that take a single file or directory can accept an optional hash of permissions. When the server is starting up, Puppet will enforce those files or directories in the list.

ssldir = $vardir/ssl {owner = service, mode = 0771}

在上面的代码中,允许的hash为所有者、组和模式。所有者和组键只有两个有效值。

In the above code, the allowed hash are owner, group, and mode. There are only two valid values of the owner and group keys.