puppet的配置文件:
环境配置段:
例如为了区分生产环境,开发环境和普通实验环境。应该如下定义
[master]
environmnet = production,testing,development
[production]
manifest = /etc/puppet/environments/production/manifests/site.pp
modulepath = /etc/puppet/environments/production/modules/
fileserverconfig = /etc/puppet/fileserver.conf
......
而客户端每次链接需要指定自己所在的环境。此时会在master中找对应的环境清单
[agent]
environment = production
文件服务配置文件:
fileserver.conf
生效的结果和puppet.conf和auth.conf。用于实现安全的配置。
MOUNT POINTS(挂载点),PERMISSIONS(权限)
[mount_point]
path /etc/puppet/files
allow *
认证配置文件:
auth.conf,为puppet提供acl功能,主要应用于puppet的Restful API的调用。自动签署文件:
autosign.conf ,自动为客户端去签署证书puppet的相关命令。 puppet kick 去推送内容去给客户端去执行。 需要在agent端的puppet.conf里加上一段 listen = true和server = master.wjx.com。 在agent端的namespaceauth.conf里加上允许哪个服务器区触发
开始配置资源
创建相关的目录 # mkdir -pv /etc/puppet/modules/varnish/{manifests,files,templates,lib,tests,spec}mkdir: created directory `/etc/puppet/modules/varnish'
mkdir: created directory `/etc/puppet/modules/varnish/manifests'
mkdir: created directory `/etc/puppet/modules/varnish/files'
mkdir: created directory `/etc/puppet/modules/varnish/templates'
mkdir: created directory `/etc/puppet/modules/varnish/lib'
mkdir: created directory `/etc/puppet/modules/varnish/tests'
mkdir: created directory `/etc/puppet/modules/varnish/spec'
创建site.pp # vim /etc/puppet/manifests/site.pp
node "node1.wjx.com" {
include varnish
}
创建init.pp # vim /etc/puppet/modules/varnish/manifests/init.pp
class varnish{
package{'varnish':
ensure => latest,
}
}
自动验证
编辑 puppet.conf 文件:
[main]
autosign = true #允许所有客户端的认证
创建并且编辑autosign.conf
*.wjx.com #表示允许所有 wjx.com域的主机
# service puppetmaster reload
编辑fileserver.conf [files]
path /etc/puppet/files
allow *
为了查看实验现象,可以主动推送 在agent端。 auth.conf上
path /run
method save
auth any
allow *.wjx.com
# deny everything else; this ACL is not strictly necessary, but
# illustrates the default policy.
path /
auth any
在服务器端上执行 puppet kick -p 10 node1.wjx.com
puppet的默认是每30分钟去向服务器端请求一遍资源。 在agent端的puppet.conf里的agent段里添加runinterval = 1 ,可以每秒钟同步一次。