Puppet管理Puppet

我希望可以实现当机器采用最小化安装后，装好Puppet，后面的一切操作，都是交给Puppet。不过现在外面的文档和资料，基本都是教大家如何设置dns，hosts文件，配置agent。难道这些功能不能让Puppet来完成吗。

周末参加了1天的Puppet聚会和培训，感觉找到的方向，如何实现这个我自己的目标。先完成基本的设置，后续考虑加上安装puppet dashboard等设置。

一般来说，当你安装完Puppet master后，你一般需要做这几个工作

1. 添加hosts记录
2. 设置Agent，添加Puppet Server的IP
3. NTP

这些工作我们完全可以交给Puppet来完成，当agent注册上来后，这些就会自动应用到agent上，无需手工设置。利用google和Puppet官方的资料，总算基本搞定，赶紧记录一下。要完成上面这些工作，其实还需要一个包：augeas-tools。

我是Ubuntu 12.04下完成的，动手写了几个class，感觉好像对puppet又熟悉了一点。

安装Puppet Master

apt-get install puppetmaster

创建site.pp 文件

cat > /etc/puppet/manifests/site.pp << EOF
import 'nodes.pp'
EOF

创建node.pp 文件

cat > /etc/puppet/manifests/nodes.pp << EOF
node default {
include admin::augeas
include admin::agent
include admin::hosts
}
EOF

这个时候我们就需要创建一个admin的模块，创建模块目录

mkdir -p /etc/puppet/modules/admin/manifests

创建相应pp文件, 需要修改IP地址，根据你的情况

cat > /etc/puppet/modules/admin/manifests/augeas.pp << EOF
class admin::augeas {
package { [ "augeas-lenses",
"augeas-tools",
"libaugeas0",
"libaugeas-ruby1.8" ]:
ensure => "present",
}
} 
EOF
cat > /etc/puppet/modules/admin/manifests/agent.pp << EOF
class admin::agent {
augeas { "agent":
context => "/files/etc/puppet/puppet.conf",
changes => [
"set /files/etc/puppet/puppet.conf/agent/server node06.chenshake.com",
"set /files/etc/puppet/puppet.conf/agent/pluginsync true",
],
}
}
EOF
cat > /etc/puppet/modules/admin/manifests/hosts.pp << EOF
class admin::hosts {
     host { 'node06.chenshake.com':
     ensure    => 'present',
     target    => '/etc/hosts',
     ip        => '10.1.199.6',
     host_aliases   => 'node06',
    }
}
EOF

如果你希望更加方便, 可以设置自动签名

cat > /etc/puppet/autosign.conf <<EOF
*.chenshake.com
EOF

需要重启服务

service puppetmaster restart

本地的agent去连接

由于是第一次连接，还没设置hosts文件，所以需要用使用域名去连接，不过后续就不需要

# puppet agent -t --server node06.chenshake.com
Info: Retrieving plugin
Info: Caching catalog for node06.chenshake.com
Info: Applying configuration version '1352942935'
Augeas[agent](provider=augeas): 
--- /etc/puppet/puppet.conf     2012-10-19 01:53:01.000000000 +0800
+++ /etc/puppet/puppet.conf.augnew      2012-11-15 09:28:56.122991197 +0800
@@ -12,3 +12,6 @@
 ssl_client_header = SSL_CLIENT_S_DN 
 ssl_client_verify_header = SSL_CLIENT_VERIFY

+[agent]
+server=node06.chenshake.com
+pluginsync=true
/Stage[main]/Admin::Agent/Augeas[agent]/returns: executed successfully
/Stage[main]/Admin::Augeas/Package[augeas-tools]/ensure: ensure changed 'purged' to 'present'
/Stage[main]/Admin::Hosts/Host[node06.chenshake.com]/ip: ip changed '127.0.1.1' to '10.1.199.6'
Info: FileBucket adding {md5}c8be5039329fcea6b7b4cdf3079a92ad
Info: Creating state file /var/lib/puppet/state/state.yaml
Finished catalog run in 3.62 seconds

这个时候，所有要做的修改，都已经生效。

 

# puppet agent -t
Info: Retrieving plugin
Info: Caching catalog for node06.chenshake.com
Info: Applying configuration version '1352942985'
Finished catalog run in 0.45 seconds

应该还有很多细节需要改进。如果是一个agent连接过来，他们还是需要事先修改hosts文件才行。看来这个活，要交给cobbler来做比较好。

# puppet agent -t --server node06.chenshake.com
Info: Creating a new SSL key for node08.chenshake.com
Info: Caching certificate for ca
Info: Creating a new SSL certificate request for node08.chenshake.com
Info: Certificate Request fingerprint (SHA256): 8C:63:FA:5A:1F:D4:5B:C0:9E:49:48:6E:65:E1:
5F:F9:3E:2E:5D:83:20:5C:D8:BC:7E:CD:FB:F7:E2:3A:AF:CF
Info: Caching certificate for node08.chenshake.com
Info: Caching certificate_revocation_list for ca
Info: Retrieving plugin
Info: Caching catalog for node08.chenshake.com
Info: Applying configuration version '1352947545'
Augeas[agent](provider=augeas): 
--- /etc/puppet/puppet.conf     2012-10-19 01:53:01.000000000 +0800
+++ /etc/puppet/puppet.conf.augnew      2012-11-15 10:45:46.486462599 +0800
@@ -12,3 +12,6 @@
 ssl_client_header = SSL_CLIENT_S_DN 
 ssl_client_verify_header = SSL_CLIENT_VERIFY

+[agent]
+server=node06.chenshake.com
+pluginsync=true
/Stage[main]/Admin::Agent/Augeas[agent]/returns: executed successfully
/Stage[main]/Admin::Augeas/Package[augeas-tools]/ensure: ensure changed 'purged' to 'present'
/Stage[main]/Admin::Hosts/Host[node06.chenshake.com]/ensure: created
Info: FileBucket adding {md5}d5677f41037d06b9a34cec53c49426e7
Info: Creating state file /var/lib/puppet/state/state.yaml
Finished catalog run in 3.57 seconds