• Puppet基础篇3-安装Puppet前期的准备工作
  • 工欲善其事必先利其器
    • 一、网络地址规范
    • 三、设置NTP服务器
    • 四、制作本地yum仓库
    • 五、配置FTP服务器
    • 六、配置远程yum仓库
    • 七、重要软件版本选型

    Puppet基础篇3-安装Puppet前期的准备工作

    工欲善其事必先利其器

    在安装Puppet之前是需要做很多预备工作的,比如网络地址规范、主机名、certname名、时间等等,也只有这些准备好了,才不至于在安装好puppet之后发现问题而后悔莫及。
    说明:接下来的整套文档体系都是以本篇文档规范方案进行设计和扩充的,同样也是也是按照准生产的标准进行编写。

    一、网络地址规范

    1. HOSTNAME IP certname operatingsystem
    2. puppetmaster.kisspuppet.com 192.168.100.110/24 puppetmaster_cert.kisspuppet.com RHEL6.4
    3. agent1.kisspuppet.com 192.168.100.111/24 agent1_cert.kisspuppet.com RHEL5.7
    4. agent2.kisspuppet.com 192.168.100.112/24 agent2_cert.kisspuppet.com RHEL5.8
    5. agent3.kisspuppet.com 192.168.100.123/24 agent3_cert.kisspuppet.com RHEL6.4

    注:192.168.100.*/24的网关为192.168.100.110 所有服务器的DNS1为192.168.100.110

    1、设置主机名

    1. [root@puppetmaster ~]# vim /etc/sysconfig/network
    2. NETWORKING=yes
    3. HOSTNAME=puppetmaster.kisspuppet.com
    4. [root@agent1 ~]# vim /etc/sysconfig/network
    5. NETWORKING=yes
    6. NETWORKING_IPV6=no
    7. HOSTNAME=agent1.kisspuppet.com

    注:agent2~agent3同上

    2、设置IP地址

    可通过system-config-network命令进行配置好后在进入配置文件进行修改

    1. [root@puppetmaster ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
    2. DEVICE=eth0
    3. TYPE=Ethernet
    4. ONBOOT=yes
    5. NM_CONTROLLED=yes
    6. BOOTPROTO=none
    7. IPADDR=192.168.100.110
    8. NETMASK=255.255.255.0
    9. GATEWAY=192.168.100.110
    10. DNS1=192.168.100.110
    11. IPV6INIT=no
    12. USERCTL=no

    注:node1~node3同上

    3、关闭NetworkManager服务

    NetworkManager服务是RHEL图形界面管理网卡的服务,由于其开启会对网络造成影响,RHEL6默认是开启的,建议关闭。

    1. [root@puppetmaster ~]# /etc/init.d/NetworkManager stop
    2. Stopping NetworkManager daemon: [ OK ]
    3. [root@puppetmaster ~]# chkconfig NetworkManager off

    注:node1~node3同上

    4、关闭防火墙

    本实验主要是为了测试整个架构的功能,如果要测试防火墙,请另行解决。

    1. [root@puppetmaster ~]# /etc/init.d/iptables stop
    2. iptables: Flushing firewall rules: [ OK ]
    3. iptables: Setting chains to policy ACCEPT: filter [ OK ]
    4. iptables: Unloading modules: [ OK ]
    5. [root@puppetmaster ~]# chkconfig iptables off

    注:node1~node3同上

    5、关闭selinux

    1. [root@puppetmaster ~]# sed -i 's/SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config

    注:node1~node3同上

    6、设置key
    为了操作方便,设置公钥私钥,可通过puppetmaster端统一部署

    1. [root@puppetmaster ~]# ssh-keygen
    2. Generating public/private rsa key pair.
    3. Enter file in which to save the key (/root/.ssh/id_rsa):
    4. Enter passphrase (empty for no passphrase):
    5. Enter same passphrase again:
    6. Your identification has been saved in /root/.ssh/id_rsa.
    7. Your public key has been saved in /root/.ssh/id_rsa.pub.
    8. The key fingerprint is:
    9. ff:55:8d:31:34:b4:b3:6a:70:3b:aa:09:76:12:5b:8d root@puppetmaster.kisspuppet.com
    10. The key's randomart image is:
    11. +--[ RSA 2048]----+
    12. | .+ |
    13. | . o |
    14. | = |
    15. | o *.|
    16. | . E o . o o|
    17. | + . o o . |
    18. | = . . = . |
    19. | . + . + o |
    20. | o.. . |
    21. +-----------------+
    22. [root@puppetmaster ~]# for i in {1..3}; do ssh-copy-id -i 192.168.100.11$i; done
    23. The authenticity of host '192.168.100.111 (192.168.100.111)' can't be established.
    24. RSA key fingerprint is ae:db:c5:0c:0e:3f:8c:62:ea:a1:26:e2:09:63:18:32.
    25. Are you sure you want to continue connecting (yes/no)? yes
    26. Warning: Permanently added '192.168.100.111' (RSA) to the list of known hosts.
    27. root@192.168.100.111's password:
    28. Now try logging into the machine, with "ssh '192.168.100.111'", and check in:
    29. .ssh/authorized_keys
    30. to make sure we haven't added extra keys that you weren't expecting.
    31. ...

    7、设置hosts文件

    puppet通信的前提是agent和master必须能够互相解析主机名。
    当然,也可以设置DNS,在第四部分搭建kermit架构的时候会搭建DNS服务,现在先暂时通过hosts文件进行解析,可先设置好puppetmaster后,统一copy到所有节点上

    1. [root@puppetmaster ~]# vim /etc/hosts
    2. 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
    3. ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
    4. 192.168.100.110 puppetmaster.kisspuppet.com puppetmaster
    5. 192.168.100.111 agent1.kisspuppet.com agent1
    6. 192.168.100.112 agent2.kisspuppet.com agent2
    7. 192.168.100.113 agent3.kisspuppet.com agent3
    8. [root@puppetmaster ~]# for i in {1..3}; do scp /etc/hosts 192.168.100.11$i:/etc/; done
    9. hosts 100% 354 0.4KB/s 00:00
    10. hosts 100% 354 0.4KB/s 00:00
    11. hosts 100% 354 0.4KB/s 00:00
    12. [root@agent1 ~]# ping puppetmaster.kisspuppet.com #设置完成之后记得测试下
    13. PING puppetmaster.kisspuppet.com (192.168.100.110) 56(84) bytes of data.
    14. 64 bytes from puppetmaster.kisspuppet.com (192.168.100.110): icmp_seq=1 ttl=64 time=0.327 ms
    15. 64 bytes from puppetmaster.kisspuppet.com (192.168.100.110): icmp_seq=2 ttl=64 time=0.996 ms
    16. 64 bytes from puppetmaster.kisspuppet.com (192.168.100.110): icmp_seq=3 ttl=64 time=1.00 ms
    17. --- puppetmaster.kisspuppet.com ping statistics ---
    18. 3 packets transmitted, 3 received, 0% packet loss, time 1999ms
    19. rtt min/avg/max/mdev = 0.327/0.774/1.000/0.317 ms

    注意:设置完网络后,可以通过类似Xshell这样的工具进行登录,方便操作

    二、配置本地光盘yum源

    由于我这边是vmware虚拟机操作,所以光盘是可以直接挂载到某一个目录里面,如果是物理机,建议将光盘里的文件全部copy到指定的一个目录里面,然后beaeurl指向它既可。

    1. [root@puppetmaster ~]# mkdir /media/cdrom
    2. [root@puppetmaster ~]# mount /dev/cdrom /media/cdrom/
    3. mount: block device /dev/sr0 is write-protected, mounting read-only
    4. [root@puppetmaster ~]# cp /etc/yum.repos.d/rhel-source.repo /etc/yum.repos.d/rhel-base.repo
    5. [root@puppetmaster ~]# vim /etc/yum.repos.d/rhel-base.repo
    6. [rhel-base]
    7. name=Red Hat Enterprise Linux $releasever - $basearch - Source
    8. baseurl=file:///media/cdrom
    9. enabled=1
    10. gpgcheck=0
    11. gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
    12. [root@puppetmaster ~]# yum clean all
    13. Loaded plugins: product-id, refresh-packagekit, security, subscription-manager
    14. This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
    15. Cleaning repos: rhel-base
    16. Cleaning up Everything
    17. [root@puppetmaster ~]# yum install tree lrzsz #测试
    18. Loaded plugins: product-id, refresh-packagekit, security, subscription-manager
    19. This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
    20. rhel-base | 3.9 kB 00:00 ...
    21. rhel-base/primary_db | 3.1 MB 00:01 ...
    22. Setting up Install Process
    23. Resolving Dependencies
    24. ...

    注:node1~node3同上

    说明:RHEL5的report在Server目录,所以在配置repo文件的时候参数 baseurl=file:///media/cdrom/Server

    三、设置NTP服务器

    1、配置NTP服务器
    设置ntp服务器和本地进行同步,当然如果联网也可以和外部服务器同步,这里只需要保证所有服务器时间一致。
    原因是因为,puppetmaster和agent之间时间相差不得超过10分钟(好像是),而后期配置的mcollecitve服务端和客户端之间不能相差60秒

    1. [root@puppetmaster ~]# rpm -qa | grep ntp
    2. fontpackages-filesystem-1.41-1.1.el6.noarch
    3. ntpdate-4.2.4p8-3.el6.x86_64 #默认已经安装
    4. ntp-4.2.4p8-3.el6.x86_64 #默认已经安装
    5. [root@puppetmaster ~]# cp /etc/ntp.conf{,.bak}
    6. [root@puppetmaster ~]# vim /etc/ntp.conf
    7. driftfile /var/lib/ntp/drift
    8. logfile /var/log/ntp.log
    9. Broadcastdelay 0.008
    10. restrict default kod nomodify notrap nopeer noquery
    11. restrict -6 default kod nomodify notrap nopeer noquery
    12. restrict default ignore
    13. restrict 127.0.0.1
    14. restrict -6 ::1
    15. restrict 192.168.100.0 mask 255.255.255.0 notrap nomodify
    16. server 127.127.1.0 # local clock
    17. fudge 127.127.1.0 stratum 10 refid NIST
    18. includefile /etc/ntp/crypto/pw
    19. keys /etc/ntp/keys
    20. [root@puppetmaster ~]# /etc/init.d/ntpd start
    21. Starting ntpd: [ OK ]
    22. [root@puppetmaster ~]# chkconfig ntpd on

    2、节点测试并设置crontab

    1. [root@agent1 ~]# ntpdate puppetmaster.kisspuppet.com
    2. 7 Mar 06:08:30 ntpdate[16411]: adjust time server 192.168.100.110 offset 0.049448 sec
    3. [root@agent1 ~]# crontab -l #可通过croutab -e命令设置
    4. */30 * * * * /usr/sbin/ntpdate puppetmaster.kisspuppet.com >>/root/ntdate.log 2>&1 && /sbin/clock --systohc
    5. [root@agent1 ~]# /etc/init.d/crond reload
    6. Reloading cron daemon configuration: [ OK ]

    四、制作本地yum仓库

    本实验大部分包来自于http://yum.puppetlabs.com,部分包来自于EPEL和Gems官网,rabbitmq官方等,关于如何制作yum仓库,之前有文章写道http://kisspuppet.com/2014/01/26/puppet_create_repo/,这里在简单操作一下

    1. [root@puppetmaster RHEL6U4]# yum install createrepo #安装制作软件包的软件
    2. [root@puppetmaster RHEL6U4]# createrepo . #将本目录以及子目录下所有rpm包生产repodata
    3. Spawning worker 0 with 105 pkgs
    4. Workers Finished
    5. Gathering worker results
    6. Saving Primary metadata
    7. Saving file lists metadata
    8. Saving other metadata
    9. Generating sqlite DBs
    10. Sqlite DBs complete

    注:RHEL5的repodata必须在RHEL5环境下运行createrpo命令生成

    五、配置FTP服务器

    1、安装并配置FTP服务器

    搭建FTP服务器的目的只要是为自定义yum仓库做准备

    1. [root@puppetmaster ~]# yum install vsftpd
    2. Loaded plugins: product-id, refresh-packagekit, security, subscription-manager
    3. This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
    4. rhel-base | 3.9 kB 00:00 ...
    5. Setting up Install Process
    6. Resolving Dependencies
    7. --> Running transaction check
    8. ---> Package vsftpd.x86_64 0:2.2.2-11.el6 will be installed
    9. --> Finished Dependency Resolution
    10. ...
    11. [root@puppetmaster ~]# cp /etc/vsftpd/vsftpd.conf{,.bak}
    12. [root@puppetmaster ~]# vim /etc/vsftpd/vsftpd.conf
    13. anonymous_enable=YES
    14. local_enable=YES
    15. write_enable=YES
    16. local_umask=022
    17. anon_upload_enable=YES
    18. anon_root=/puppet #匿名访问的目录
    19. anon_mkdir_write_enable=YES
    20. anon_other_write_enable=YES
    21. dirmessage_enable=YES
    22. xferlog_enable=YES
    23. connect_from_port_20=YES
    24. xferlog_file=/var/log/xferlog
    25. xferlog_std_format=YES
    26. listen=YES
    27. pam_service_name=vsftpd
    28. userlist_enable=YES
    29. tcp_wrappers=YES
    30. [root@puppetmaster ~]# /etc/init.d/vsftpd start
    31. Starting vsftpd for vsftpd: [ OK ]
    32. [root@puppetmaster ~]# chkconfig vsftpd on

    2、在FTP共享目录里制作yum仓库

    将生成好的yum源copy到FTP共享目录中

    1. [root@puppetmaster ~]# ll /puppet/
    2. total 12
    3. drwxr-xr-x 4 root root 4096 Mar 7 06:21 RHEL5U7
    4. drwxr-xr-x 4 root root 4096 Mar 7 06:21 RHEL5U8
    5. drwxr-xr-x 6 root root 4096 Mar 7 06:21 RHEL6U4
    6. [root@puppetmaster ~]# ll /puppet/RHEL6U4/
    7. total 16600
    8. -rw-r--r-- 1 root root 87643 Mar 7 06:21 facter-1.7.3-1.el5.x86_64.rpm
    9. -rw-r--r-- 1 root root 87440 Mar 7 06:21 facter-1.7.3-1.el6.x86_64.rpm
    10. drwxr-xr-x 2 root root 4096 Mar 7 06:21 gem
    11. -rw-r--r-- 1 root root 634944 Mar 7 06:21 GeoIP-1.4.8-1.el6.x86_64.rpm
    12. -rw-r--r-- 1 root root 151654 Mar 7 06:21 keepalived-1.2.7-1.1.x86_64.rpm
    13. -rw-r--r-- 1 root root 10924 Mar 7 06:21 mcollective-2.2.4-1.el6.noarch.rpm
    14. -rw-r--r-- 1 root root 24596 Mar 7 06:21 mcollective-client-2.2.4-1.el6.noarch.rpm
    15. -rw-r--r-- 1 root root 759300 Mar 7 06:21 mcollective-common-2.2.4-1.el6.noarch.rpm
    16. drwxr-xr-x 3 root root 4096 Mar 7 06:21 mcollective-plugins
    17. drwxr-xr-x 2 root root 4096 Mar 7 06:21 mq
    18. -rw-r--r-- 1 root root 406588 Mar 7 06:21 nginx-1.0.15-5.el6.x86_64.rpm
    19. -rw-r--r-- 1 root root 1128352 Mar 7 06:21 puppet-2.7.23-1.el6.noarch.rpm
    20. -rw-r--r-- 1 root root 4509032 Mar 7 06:21 puppet-dashboard-1.2.23-1.el6.noarch.rpm
    21. -rw-r--r-- 1 root root 25596 Mar 7 06:21 puppet-server-2.7.23-1.el6.noarch.rpm
    22. -rw-r--r-- 1 root root 3729988 Mar 7 06:21 rabbitmq-server-3.1.5-1.el6.noarch.rpm
    23. drwxr-xr-x 2 root root 4096 Mar 7 06:21 repodata
    24. ...

    六、配置远程yum仓库

    1. [root@puppetmaster ~]# vim /etc/yum.repos.d/rhel-puppet.repo
    2. [rhel-puppet]
    3. name=puppetlabs epel gems for rhel
    4. baseurl=ftp://puppetmaster.kisspuppet.com/RHEL6U4 #指向FTP服务器地址
    5. enabled=1
    6. gpgcheck=0
    7. [root@puppetmaster ~]# yum list | grep puppet-server #测试
    8. puppet-server.noarch 2.7.25-1.el6 rhel-puppet

    注:node1~node3同上

    七、重要软件版本选型

    目前puppet最成熟的版本为2.7.和3.3版本,两个版本都可以,本实验采用2.7版本。

    1. puppet-server 2.7.25-1 来自puppetlabs
    2. puppet 2.7.25-1 来自puppetlabs
    3. facter 1.7.5 来自puppetlabs
    4. puppet-dashboar 1.2.23 来自puppetlabs
    5. ruby 1.8.* 系统自带
    6. mcollective 2.2.4 来自puppetlabs
    7. activemq 5.5.0 来自puppetlabs
    8. rabbitmq-server 3.1.5 来自rabbitmq官网
    9. kermit-webui 1.2-1 来自kermit官网
    10. ...