1. Overview
Puppet is an open source software automation configuration and deployment tool that is easy to use and powerful, and is gaining more and more attention, and many large IT companies are now using puppet to manage and deploy software in clusters, such as Google using puppet to manage more than 6,000 Mac desktop computers (2007 data).
This article mainly introduces the installation method, design architecture and usage method of puppet.
2. Design architecture
Puppet is based on the C/S architecture. The server side stores all the configuration code for the client server, which is called manifest in puppet. After the client downloads the manifest, the server can be configured according to the manifest, such as package management, user management, and file management.
As shown in the figure above, the workflow of puppet is as follows: (1) The client puppetd calls facter, and facter detects some variables of the host, such as hostname, memory size, IP address, etc. pupppetd sends this information to the server over an SSL connection; (2) The server-side puppetmaster detects the hostname of the client, then finds the corresponding node configuration in the manifest, and parses this part of the content. Parsing is divided into several stages, syntax checking, and error reporting if the syntax is wrong. If the syntax is correct, continue to parse, and the result of the parsing will generate an intermediate "pseudocode", and then send the pseudocode to the client; (3) The client receives the "pseudocode" and executes it, and the client sends the execution result to the server; (4) The server side writes the execution result of the client to the log.
There are two points worth noting in the process of PUPPET work, first, in order to ensure security, the client and the master are based on SSL and certificates, and only the client authenticated by the master certificate can communicate with the master; Second, puppet will keep the system in a certain state you expect and maintain it all the time, such as detecting a file and ensuring that it always exists, ensuring that the ssh service is always on, if the file is deleted or the ssh service is closed, the next time the puppet is executed (30 minutes by default), it will recreate the file or start the ssh service.
3. Software installation
It is not recommended to use the apt-get command for installation because the puppet downloaded by this command has a bug. It can be installed directly from the source code, and the software that needs to be installed is ruby, facter, and puppet.
3.1 Installation Procedure
Edit /etc/host to modify the hostname, as puppet is certificate-based and contains the hostname in the certificate;
Install Ruby, Facter, and Puppet on Master and Slave, and use Ruby Install.rb to install Facter and Puppet.
3.2 Directory structure after installation
(1) Installation directory
The installation directory is stored in /etc/puppet, and manifests in this directory store manifest files.
Other executable files under /user/sbin mainly include:
puppet: Used to execute independent mainfests files written by the user, such as:
puppet -l /tmp/manifest.log manifest.pp
puppetd: A client program that runs on the managed host, such as:
puppet –server servername –waitforcert 60
puppetmasterd: A server program that runs on the management machine, such as:
puppetmasterd –debug
Puppetca Puppet certification program is mainly used to authenticate slave certificates, such as:
Check the slave to be authenticated: puppetca –list
Certify these slaves: puppetca -s –a
puppetrun is used to connect to the client, forcing the local configuration file to run, such as:
puppetrun -p 10 –host host1 –host host2 -t remotefile -t webserver
(2) Configuration files
puppet.conf
The main configuration file of Puppet is /etc/puppet/puppet.conf for root users, and ~user/.puppet/puppet.conf for normal users
For specific configuration parameters, see:
http://docs.puppetlabs.com/references/stable/configuration.html#configuration-files
fileserver.conf
The configuration file of the puppet file server. Use the path configuration file path and allow/deny to configure access permissions, see http://docs.puppetlabs.com/guides/file_serving.html
3.3 Verify that the installation is successful
Select a slave to verify with master, assuming that the host of the slave is slave00 and the host of the master is masterhost, enter on slave00:
puppetd –test –server servername
Then look at the slave to be authenticated on masterhost:
puppetca –list
If that's okay, you can see slave00 signing the slave's certificate:
puppetca -s -a
In this way, slave00 passed the certificate validation and can interact with the master further.
Write the site.pp file in the /etc/puppet/manifests directory of masterhost, which reads:
node default {
file {
“/tmp/test”:
content=>”hello”,
mode => 0644;
}
}
At the same time, enter puppetd –test –server servername on slave00, check the /tmp folder of slave00, and generate a new file test, the content of which is hello, and the permission of the file is -rw-r—r-. In this way, the puppet installation is proven to be successful
|
Posted on 10/20/2014 9:40:45 AM
|
|
|
|
