在 Ubuntu 20.04|18.04 上安装 Puppet Master 和 Agent
这是有关如何在 Ubuntu 20.04|18.04 Linux 系统上安装 Puppet Master 和 Agent 的指南。 Puppet 是一种用 Ruby 和 C++ 编写的配置管理工具,可帮助您跨数百到数千个系统自动配置和部署应用程序。该软件遵循 Apache 许可证。
Puppet 在 Linux、Unix 和 Windows 环境上运行。截至撰写本文时,Puppet 的最新版本是7.2
Puppet 服务器/客户端架构
Puppet 使用客户端/服务器模型。服务器在安装了客户端应用程序的系统上执行所有任务的自动化。 Puppet 代理的工作是将事实发送给 Puppet Master,并根据一定的间隔级别请求目录。一旦收到目录,Puppet 代理就会通过检查目录描述的每个资源将其应用到节点。它进行相关更改以达到所需状态。
Puppet Master的工作是控制配置信息。每个受管代理节点向主节点请求其自己的配置目录。
Puppet 中的目录是什么?
目录是描述一个特定系统所需的系统状态的文档。它列出了需要管理的所有资源,以及这些资源之间的任何依赖关系。
Puppet 能够分两个阶段配置终端系统:
- 编制目录。
- 应用目录。
Puppet Master – 代理沟通
Puppet 代理和主服务器之间的通信通过加密隧道 (HTTPS) 进行,并进行客户端验证。通过使用 Puppet 等配置管理系统,作为系统管理员,您可以消除所有手动重复性任务,从而专注于生产任务。
在 Ubuntu 20.04|18.04 上安装 Puppet Master
现在让我们深入了解 Puppet master 在 Ubuntu 20.04 | 18.04 上的安装过程。我的实验室环境如下:
木偶大师:
Hostname: puppetmaster
IP Address: 192.168.1.2傀儡代理(用于测试):
Hostname: puppetclient
IP Address: 192.168.1.3设置先决条件
Puppet Master 的关键要求之一是网络时间同步。我们将确保在 Puppet 主服务器上设置正确的时区以及有效的 NTP 服务。稍后我们将配置 Agent 节点以将其时间与 Puppet Master 同步,
第 1 步:设置正确的时区
Ubuntu 18.04+ 附带 timedatectl 命令行工具,您可以使用它在服务器上设置正确的时区。像下面这样使用它,将“非洲/内罗毕”替换为您的正确时区。
sudo timedatectl set-timezone Africa/Nairobi使用以下命令确认更改:
$ timedatectl
Local time: Wed 2019-10-30 08:33:53 EAT
Universal time: Wed 2019-10-30 05:33:53 UTC
RTC time: Wed 2019-10-30 05:33:54
Time zone: Africa/Nairobi (EAT, +0300)
System clock synchronized: yes
systemd-timesyncd.service active: yes
RTC in local TZ: no
第 2 步:设置服务器主机名
使用hostnamectl命令设置服务器主机名
export HOST_NAME="puppetmaster"
sudo hostnamectl set-hostname ${HOST_NAME}再次登录并确认新主机名
$ hostname
puppetmaster将稍后使用的正确主机名和 IP 地址添加到 /etc/hosts 文件中。
$ sudo vim /etc/hosts
[puppet-master-ip] puppetmaster puppet
[puppet-client-ip] puppetclient步骤 2:设置 Chrony NTP 服务器
安装ntp包:
sudo apt remove ntp
sudo apt -y install chrony如果您想限制哪些系统可以使用您的 ntp 服务器,请将如下行添加到 /etc/chrony/chrony.conf:
$ sudo vim /etc/chrony/chrony.conf
restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap将192.168.1.0替换为您信任的网络。
重启ntp服务:
sudo systemctl restart chronyd检查ntp状态:
$ sudo chronyc sources
210 Number of sources = 8
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* chilipepper.canonical.com 2 6 17 2 +991us[ +836us] +/- 57ms
^+ pugot.canonical.com 2 6 17 2 +1049us[+1049us] +/- 61ms
^+ golem.canonical.com 2 6 17 3 +153us[-2656ns] +/- 63ms
^+ alphyn.canonical.com 2 6 17 3 +589us[ +433us] +/- 66ms
^+ pool-71-168-219-127.cmdn> 1 6 17 3 +1249us[+1093us] +/- 54ms
^+ smtp.us.naz.com 2 6 17 3 -2583us[-2738us] +/- 67ms
^+ mail.masters-of-cloud.de 2 6 17 2 +1293us[+1137us] +/- 49ms
^+ ns4.turbodns.co.uk 2 6 17 2 +4616us[+4460us] +/- 103ms在 Ubuntu 20.04|18.04 上安装 Puppet Master
现在满足所有先决条件,继续下载 Ubuntu 的 PuppetLabs 存储库并在服务器上安装 Puppet master。
Ubuntu 20.04:
sudo apt update
curl -O https://apt.puppet.com/puppet-release-focal.deb
sudo apt install ./puppet-release-focal.debUbuntu 18.04:
sudo apt update
sudo apt install wget
curl -O https://apt.puppet.com/puppet6-release-bionic.deb
sudo apt install ./puppet6-release-bionic.deb更新 apt 索引并安装 puppet master:
sudo apt update
sudo apt install puppetserver同意开始安装:
...
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
ca-certificates-java fontconfig-config fonts-dejavu-core java-common libavahi-client3 libavahi-common-data libavahi-common3 libcups2 libfontconfig1
libjpeg-turbo8 libjpeg8 liblcms2-2 libnspr4 libnss3 libpcsclite1 libxi6 libxrender1 libxtst6 net-tools openjdk-8-jre-headless puppet-agent x11-common
Suggested packages:
default-jre cups-common liblcms2-utils pcscd libnss-mdns fonts-dejavu-extra fonts-ipafont-gothic fonts-ipafont-mincho fonts-wqy-microhei fonts-wqy-zenhei
fonts-indic
The following NEW packages will be installed:
ca-certificates-java fontconfig-config fonts-dejavu-core java-common libavahi-client3 libavahi-common-data libavahi-common3 libcups2 libfontconfig1
libjpeg-turbo8 libjpeg8 liblcms2-2 libnspr4 libnss3 libpcsclite1 libxi6 libxrender1 libxtst6 net-tools openjdk-8-jre-headless puppet-agent puppetserver
x11-common
0 upgraded, 23 newly installed, 0 to remove and 66 not upgraded.
Need to get 118 MB of archives.
After this operation, 329 MB of additional disk space will be used.
Do you want to continue? [Y/n] y确认安装的Puppet版本:
$ apt policy puppetserver
puppetserver:
Installed: 7.2.0-1focal
Candidate: 7.2.0-1focal
Version table:
*** 7.2.0-1focal 500
500 http://apt.puppetlabs.com focal/puppet amd64 Packages
500 http://apt.puppetlabs.com focal/puppet all Packages
100 /var/lib/dpkg/status
....启动并启用 puppetserver 服务
sudo systemctl start puppetserver.service
sudo systemctl enable puppetserver.service在 Ubuntu 上,该服务应该自动启动:
$ systemctl status puppetserver.service
systemctl status puppetserver
● puppetserver.service - puppetserver Service
Loaded: loaded (/lib/systemd/system/puppetserver.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2021-06-28 14:31:27 EAT; 33s ago
Main PID: 6131 (java)
Tasks: 45 (limit: 4915)
Memory: 968.2M
CGroup: /system.slice/puppetserver.service
└─6131 /usr/bin/java -Xms2g -Xmx2g -Djruby.logger.class=com.puppetlabs.jruby_utils.jruby.Slf4jLogger -XX:OnOutOfMemoryError="kill -9 %p" -XX:ErrorFi>
Jun 28 14:31:07 puppet-server.computingforgeeks.com systemd[1]: Starting puppetserver Service...
Jun 28 14:31:27 puppet-server.computingforgeeks.com systemd[1]: Started puppetserver Service.在 Ubuntu 20.04|18.04 上配置 Puppet Master
安装 Puppet Master 服务器后,就可以开始配置了。建议更改 Puppet Java 进程内存分配基础结构大小。我将为我的 Puppet 服务器分配 1GB 内存。这是通过编辑位于 /etc/default/puppet-master 的环境文件来完成的
$ sudo vim /etc/default/puppetserver
JAVA_ARGS="-Xms1024m -Xmx1024m"进行更改后重新启动 Puppet 服务器进程。
sudo systemctl restart puppetserver配置防火墙:
如果您的 Ubuntu 系统上有防火墙,则需要打开 Puppet master 服务使用的端口 8140。运行以下命令以允许防火墙上的端口:
sudo ufw allow 8140/tcp配置PATH环境
在 bashrc 文件中添加以下行:
$ vim ~/.bashrc
export PATH=$PATH:/opt/puppetlabs/bin获取 ~/.bashrc 文件:
source ~/.bashrc确认您当前的 PATH 设置:
$ echo $PATH
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin:/opt/puppetlabs/bin在受管节点上安装 Puppet Agent
在要使用 Puppet 进行自动化的节点上安装 puppet Agent:
Ubuntu 20.04:
sudo apt update
curl -O https://apt.puppet.com/puppet-release-focal.deb
sudo apt install ./puppet-release-focal.deb
sudo apt update
sudo apt install puppet-agentUbuntu 18.04:
sudo apt update
sudo apt install wget
curl -O https://apt.puppet.com/puppet6-release-bionic.deb
sudo apt install ./puppet6-release-bionic.deb
sudo apt update
sudo apt install puppet-agent打开 /etc/hosts 文件并设置服务器和此代理的名称:
$ sudo vim /etc/hosts
[puppet-master-ip] puppetmaster puppet
[puppet-client-ip] puppetclient编辑 Puppet Agent 配置文件并添加主服务器 DNS 备用名称:
$ sudo vim /etc/puppetlabs/puppet/puppet.conf
[server]
vardir = /opt/puppetlabs/server/data/puppetserver
logdir = /var/log/puppetlabs/puppetserver
rundir = /var/run/puppetlabs/puppetserver
pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid
codedir = /etc/puppetlabs/code
dns_alt_names=puppetmaster,puppetserver还配置主要部分,如下所示:
$ sudo vim /etc/puppetlabs/puppet/puppet.conf
[main]
server = puppetmaster
certname = puppetclient
environment = production
runinterval = 1h现在启动 Puppet 服务:
sudo systemctl start puppet
sudo systemctl enable puppet在 Puppet Master 节点上列出所有可用的证书:
$ sudo /opt/puppetlabs/bin/puppetserver ca list --all
Signed Certificates:
puppetmaster (SHA256) 88:75:01:73:8A:CE:50:1D:A1:55:6F:00:47:5C:0B:87:F5:AD:5E:B8:7F:70:F6:A7:7F:C4:92:67:35:07:3E:32 alt names: ["DNS:puppetmaster", "DNS:puppetmaster", "DNS:puppetserver", "DNS:puppetmaster"] authorization extensions: [pp_cli_auth: true]
puppetclient (SHA256) 71:80:13:23:4F:30:18:32:05:01:80:52:F7:C2:48:BE:7B:89:AE:E6:DD:87:C4:6B:4C:4F:07:47:7D:D8:14:A2 alt names: ["DNS:puppet", "DNS:puppetclient"] authorization extensions: [pp_cli_auth: true]签署任何待处理的证书:
sudo /opt/puppetlabs/bin/puppetserver ca sign --allPuppet Master 现在应该能够与代理节点通信并控制它。通过在代理上运行以下命令进行确认:
$ sudo /opt/puppetlabs/bin/puppet agent --test
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for puppetmaster
Info: Applying configuration version '1624883476'
Notice: Applied catalog in 0.01 seconds将 Puppet 二进制文件夹添加到 ` PATH
Puppet 二进制文件位于 /opt/puppetlabs/bin 中。默认情况下,此目录不在您的 PATH 中。可以通过以下方式确认:
$ ls /opt/puppetlabs/bin/
facter hiera puppet puppetserver
$ which puppet
/usr/bin/which: no puppet in (/home/vagrant/.local/bin:/home/vagrant/bin:/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin)将其添加到路径:
$ vim ~/.bashrc
export PATH=$PATH:/opt/puppetlabs/bin
$ source ~/.bashrc
$ which puppet
/opt/puppetlabs/bin/puppet使用 Puppet 配置管理工具实现基础设施管理和应用程序部署的自动化。