Legido Wiki

User Tools

Site Tools

Trace: puppet
informatica:linux:puppet

This is an old revision of the document!

puppet

cfengine

Sistema para centralizar configuraciones e instalacion de paquetes…

Instalación y configuración del servidor

sudo aptitude update; sudo aptitude install puppetmaster -R

1. Archivos de configuracion

1.2 Manifiesto 

/etc/puppet/manifests/site.pp

import 'nodes/*'
$puppetserver = 'puppet_server.domain.com'

1.2 Nodos 

sudo mkdir /etc/puppet/manifests/nodes/
/etc/puppet/manifests/nodes/puppet_client_1.domain.com.pp

node 'puppet_client_1.domain.com'{
	include modulo1
	include modulo2
}

/etc/puppet/manifests/nodes/puppet_client_2.domain.com.pp

node 'puppet_client_2.domain.com'{
	include modulo1
	include modulo2
}

...

1.3 Modulos 

sudo mkdir -p /etc/puppet/modules/modulo1/{files,templates,manifests}
/etc/puppet/modules/modulo1/files/modulo1.txt

Simplemente un archivo vacio
/etc/puppet/modules/modulo1/manifests/init.pp

class modulo1 {
	package { sudo:
		ensure => present,
	}
	file { "/tmp/modulo1.txt":
		owner => "root",
		group => "root",
		mode => 0440,
		source => "puppet:///modules/modulo1/modulo1.txt",
	}
}

En este ejemplo:

  • Instalamos (si no lo esta) el paquete 'sudo'
  • Copiamos el archivo puppet_server.domain.com:/etc/puppet/modules/modulo1/files/modulo1.txt a puppet_client_1.domain.com:/tmp/modulo1.txt. Notese que la URL es puppet:/modules/modulo1/modulo1.txt * Importante: el archivo (/etc/puppet/modules/modulo1/files/modulo1.txt) debe ser accesible por el usuario 'puppet', que es el que ejecuta el cliente 2. Arrancar/reiniciar/parar servicio * Habilitar debug <code> sudo cp /etc/default/puppetmaster /etc/default/puppetmaster.old sudo vim /etc/default/puppetmaster </code> Y asegurarnos que la siguiente linea queda asi: … DAEMON_OPTS=“–verbose” … Recargar configuracion (NO hace falta reiniciar): sudo /etc/init.d/puppetmaster force-reload Restarting puppet master. Comprobar: ps aux | grep puppetmaster puppet 14997 0.5 7.2 136952 37012 ? Ssl 09:59 0:00 /usr/bin/ruby1.8 /usr/bin/puppet master –verbose –masterport=8140 * Arrancar/parar/reiniciar sudo /etc/init.d/puppetmaster start|stop|restart * Recargar configuracion (NO hace falta reiniciar): sudo /etc/init.d/puppetmaster force-reload 3. Logs /var/log/puppet/masterhttp.log /var/log/daemon.log ===== Instalación y configuración del nodo (cliente) ===== 1. Instalar paquetes sudo aptitude update; sudo aptitude install puppet -R 2. Configurar para que se puede arrancar como demonio sudo cp /etc/default/puppet /etc/default/puppet.old; sudo vim /etc/default/puppet Y dejar la siguiente linea asi: … START=yes … 3. Definir el nombre del servidor al que se conecta: sudo cp /etc/puppet/puppet.conf /etc/puppet/puppet.conf.old sudo vim /etc/puppet/puppet.conf Y anyadirle: server=puppet_server.domain.com 4. Arrancar el cliente: OJO para que todo vaya bien probablemente el nodo deberia estar definido en el servidor previamente sudo /etc/init.d/puppet restart Restarting puppet agent. 5. Comprobar logs: <code> sudo tail -F /var/log/daemon.log May 29 15:04:03 test5 puppet-master[1931]: Caught TERM; calling stop May 29 15:04:05 test5 puppet-master[11049]: Reopening log files May 29 15:04:05 test5 puppet-master[11049]: Starting Puppet master version 2.6.2 May 29 15:04:14 test5 puppet-agent[10852]: Caught TERM; calling stop May 29 15:04:16 test5 puppet-agent[11081]: Reopening log files May 29 15:04:16 test5 puppet-agent[11081]: Starting Puppet client version 2.6.2 May 29 15:04:17 test5 puppet-master[11049]: Compiled catalog for test5.jj.com in environment production in 0.21 seconds May 29 15:04:17 test5 puppet-agent[11081]: (/Stage[main]/Test3/File[/tmp/test3.txt]/ensure) defined content as '{md5}d41d8cd98f00b204e9800998ecf8427e' May 29 15:04:18 test5 puppet-agent[11081]: (/Stage[main]/Test3/Package[bzip2]/ensure) change from purged to present failed: Execution of '/usr/bin/apt-get -q -y -o DPkg::Options::=–force-confold install bzip2' returned 100: Reading package lists…#012Building dependency tree…#012Reading state information…#012Suggested packages:#012 bzip2-doc#012The following NEW packages will be installed:#012 bzip2#0120 upgraded, 1 newly installed, 0 to remove and 4 not upgraded.#012Need to get 50.5 kB of archives.#012After this operation, 164 kB of additional disk space will be used.#012WARNING: The following packages cannot be authenticated!#012 bzip2#012E: There are problems and -y was used without –force-yes May 29 15:04:18 test5 puppet-agent[11081]: (/Stage[main]/Test4/File[/tmp/test4.txt]/ensure) defined content as '{md5}d41d8cd98f00b204e9800998ecf8427e' May 29 15:04:18 test5 puppet-agent[11081]: (/Stage[main]/Test2/File[/tmp/test2.txt]/ensure) defined content as '{md5}d41d8cd98f00b204e9800998ecf8427e' May 29 15:04:18 test5 puppet-agent[11081]: Finished catalog run in 1.04 seconds </code> Explicación May 29 15:04:17 test5 puppet-agent[11081]: (/Stage[main]/Test3/File[/tmp/test3.txt]/ensure) defined content as '{md5}d41d8cd98f00b204e9800998ecf8427e' Se ha ejecutado el manifiesto 'Test3'. Dependiendo de lo que incluya puede conllevar mas lineas, como por ejemplo instalar el paquete 'bzip2': May 29 15:04:18 test5 puppet-agent[11081]: (/Stage[main]/Test3/Package[bzip2]/ensure) change from purged to present failed: Execution of '/usr/bin/apt-get -q -y -o DPkg::Options::=–force-confold install bzip2' returned 100: Reading package lists…#012Building dependency tree…#012Reading state information…#012Suggested packages:#012 bzip2-doc#012The following NEW packages will be installed:#012 bzip2#0120 upgraded, 1 newly installed, 0 to remove and 4 not upgraded.#012Need to get 50.5 kB of archives.#012After this operation, 164 kB of additional disk space will be used.#012WARNING: The following packages cannot be authenticated!#012 bzip2#012E: There are problems and -y was used without –force-yes ===== Arrancar servicios para probar ===== * Cliente puppet agent –server=puppet_server.domain.com –no-daemonize –verbose –onetime * Servidor puppet master –verbose –no-daemonize ===== Firmar peticiones de nodos (certificados) ===== http://projects.puppetlabs.com/projects/1/wiki/Certificates_And_Security Este paso es necesario para poder conectar un nodo al servidor. Una vez arrancados nodo y servidor: 1. (Servidor) Ver peticiones pendientes: sudo puppet cert –list dns.jj.com (CF:DD:8D:0F:82:31:E6:7A:7C:27:03:C1:3D:24:95:A2) En los logs: sudo tail -F /var/log/daemon.log May 30 11:31:15 puppet puppet-master[1958]: dns.jj.com has a waiting certificate request May 30 11:31:15 puppet puppet-master[1958]: Could not find certificate for 'dns.jj.com' 2. (Servidor) Firmarla: sudo puppet cert –sign dns.jj.com notice: Signed certificate request for dns.jj.com notice: Removing file Puppet::SSL::CertificateRequest dns.jj.com at '/var/lib/puppet/ssl/ca/requests/dns.jj.com.pem' ===== Revocar certificado ===== <code> sudo puppet cert –clean dns.jj.com notice: Revoked certificate with serial 3 notice: Removing file Puppet::SSL::Certificate dns.jj.com at '/var/lib/puppet/ssl/ca/signed/dns.jj.com.pem' notice: Removing file Puppet::SSL::Certificate dns.jj.com at '/var/lib/puppet/ssl/certs/dns.jj.com.pem' </code>
informatica/linux/puppet.1339074060.txt.gz · Last modified: 2015/04/13 20:19 (external edit)