Puppet 简明教程
Puppet - Master
在 Puppet 中,Puppet Master 的客户端服务器架构被认为是整个设置的控制权限。Puppet Master 在设置中充当服务器,并控制所有节点上的所有活动。
In Puppet, the client server architecture of Puppet master is considered as the controlling authority of the entire setup. Puppet master acts as the server in the setup and controls all the activities on all the nodes.
对于任何需要充当 Puppet Master 的服务器,它应运行着 Puppet 服务器软件。此服务器软件是控制节点上所有活动的关键部件。在此设置中,需要记住的一个关键要点是,对想要在设置中使用所有机器拥有超级用户访问权限。以下是设置 Puppet Master 的步骤。
For any server which needs to act as Puppet master, it should have Puppet server software running. This server software is the key component of controlling all the activities on nodes. In this setup, one key point to remember is to have a super user access to all the machines that one is going to use in the setup. Following are the steps to setup Puppet master.
Prerequisites
Private Network DNS − 应配置转发和返回,其中每个服务器应拥有唯一的 Hostname。如果未配置 DNS,则可以使用专用网络与基础设施通信。
Private Network DNS − Forward and backward should be configured, wherein each server should have a unique hostname. If one does not have the DNS configured, then one can use a private network for communication with the infrastructure.
Firewall Open Port − Puppet Master 应在特定端口上打开,以便它可以在特定端口上侦听传入的请求。我们可以使用防火墙上开放的任何端口。
Firewall Open Port − Puppet master should be open on a particular port so that it can listen to the incoming requests on a particular port. We can use any port which is open on the firewall.
Creating Puppet Master Server
我们正在创建的 Puppet 主机将使用 Puppet(作为主机名)置于 CentOS 7 × 64 机器上。创建 Puppet 主机的最低系统配置是两个 CPU 内核和 1GB 内存。配置可能也会更大,具体取决于我们将用此主机管理的节点数。在基础设施中,配置使用 2GB RAM 的更大。
Puppet master that we are creating is going to be on CentOS 7 × 64 machine using Puppet as the host name. The minimum system configuration for the creation of Puppet master is two CPU core and 1GB of memory. Configuration may have bigger size as well depending on the number of nodes we are going to manage with this master. In the infrastructure, is bigger than it is configured using 2 GB RAM.
Host Name |
Role |
Private FQDN |
Brcleprod001 |
Puppet master |
bnrcleprod001.brcl.com |
接下来,需要生成 Puppet 主机 SSL 证书,并且主机机器的名称将复制到所有节点的配置文件中。
Next, one needs to generate Puppet master SSL certificate and the name of the master machine will be copied in the configuration file of all the nodes.
Installing NTP
由于 Puppet 主机是任何给定设置中代理节点的中央授权,因此维护准确的系统时间以避免可能出现的配置问题是 Puppet 主机的一项主要职责,它可以在向节点颁发代理证书时出现。
Since Puppet master is the central authority for agent nodes in any given setup, it is one of the key responsibility of the Puppet master to maintain accurate system time to avoid potential configuration problems, which can arise when it issues agent certificates to nodes.
如果出现时间冲突问题,那么如果主机和节点之间存在时间差异,证书可能会出现过期。网络时间协议是避免此类问题的主要机制之一。
If the time conflict issue arises, then certificates can appear expired if there are time discrepancies between the master and the node. Network time protocol is one of the key mechanisms to avoid such kind of problems.
Listing Available Time Zones
$ timedatectl list-timezones上述命令将提供可用时区的完整列表。它将提供具有时区可用性的区域。
The above command will provide a whole list of available time zones. It will provide regions with time zone availability.
可以使用以下命令在机器上设置所需时区。
Following command can be used to set the required time zone on the machine.
$ sudo timedatectl set-timezone India/Delhi使用 CentOS 机器上的 yum 实用程序在 Puppet 服务器机器上安装 NTP。
Install NTP on the Puppet server machine using the yum utility of CentOS machine.
$ sudo yum -y install ntp使用我们上述命令中设置的系统时间同步 NTP。
Sync NTP with the system time which we have set in the above commands.
$ sudo ntpdate pool.ntp.org通常,我们将更新 NTP 配置以使用离机器数据中心最近的公共池。为此,我们需要编辑 /etc 下的 ntp.conf 文件。
In common practice, we will update the NTP configuration to use common pools which is available nearer to the machine datacenters. For this, we need to edit ntp.conf file under /etc.
$ sudo vi /etc/ntp.conf从提供的 NTP 池时区中添加时间服务器。以下是 ntp.conf 文件的外观。
Add the time server from the NTP pool time zones available. Following is how the ntp.conf file looks like.
brcleprod001.brcl.pool.ntp.org
brcleprod002.brcl.pool.ntp.org
brcleprod003.brcl.pool.ntp.org
brcleprod004.brcl.pool.ntp.org保存配置。启动服务器并启用守护进程。
Save the configuration. Start the server and enable the daemon.
$ sudo systemctl restart ntpd
$ sudo systemctl enable ntpdSetup Puppet Server Software
Puppet 服务器软件是在 Puppet 主机机器上运行的软件。它是将配置推送到运行 Puppet 代理软件的其他机器上的机器。
Puppet server software is a software which runs on the Puppet master machine. It is the machine which pushes configurations to other machines running the Puppet agent software.
使用以下命令启用官方 Puppet 实验室集合存储库。
Enable official Puppet labs collection repository using the following command.
$ sudo rpm -ivh https://yum.puppetlabs.com/puppetlabs-release-pc1-el7.noarch.rpm安装 puppetserver 包。
Install puppetserver package.
$ sudo yum -y install puppetserverConfigure Memory Allocation on the Puppet Server
正如我们已经讨论的,默认情况下,Puppet 服务器在 2GB RAM 机器上进行配置。可以根据机器上可用的空闲内存和服务器将管理的节点数自定义设置。
As we have discussed, by default, the Puppet server gets configured on 2GB RAM machine. One can customize the setup according to the free memory available on the machine and how many nodes the server will manage.
在 vi 模式下编辑 puppet 服务器配置
Edit the puppet server configuration on the vi mode
$ sudo vi /etc/sysconfig/puppetserver
Find the JAVA_ARGS and use the –Xms and –Xms options to set the memory allocation.
We will allocate 3GB of space
JAVA_ARGS="-Xms3g -Xmx3g"完成后,保存并退出编辑模式。
Once done, save and exit from the edit mode.
在所有上述设置完成后,我们准备使用以下命令在主机机器上启动 Puppet 服务器。
After all the above setup is complete, we are ready to start the Puppet server on the master machine with the following command.
$ sudo systemctl start puppetserver接下来,我们将进行设置以在主机服务器启动时启动 puppet 服务器。
Next, we will do the setup so that the puppet server starts whenever the master server boots.
$ sudo systemctl enable puppetserverPuppet.conf Master Section
[master]
autosign = $confdir/autosign.conf { mode = 664 }
reports = foreman
external_nodes = /etc/puppet/node.rb
node_terminus = exec
ca = true
ssldir = /var/lib/puppet/ssl
certname = sat6.example.com
strict_variables = false
manifest =
/etc/puppet/environments/$environment/manifests/site.pp
modulepath = /etc/puppet/environments/$environment/modules
config_version =