Puppet: Unterschied zwischen den Versionen

Aus xinux.net
Zur Navigation springen Zur Suche springen
 
(41 dazwischenliegende Versionen von 4 Benutzern werden nicht angezeigt)
Zeile 1: Zeile 1:
 +
=weiter howtos=
 +
*[[puppet handling]]
 +
*[[Templates]]
 +
*[[neuste version & Future passer]]
 +
*[[NFS Server verteilen]]
 +
 
=puppet grundlagen=
 
=puppet grundlagen=
 +
 +
auf allen maschinen läuft ubuntu 14.04
 
==szenario==
 
==szenario==
 
der spätere master server "puppet"
 
der spätere master server "puppet"
Zeile 26: Zeile 34:
 
  tcp6      0      0 :::22                  :::*                    LISTEN      916/sshd  
 
  tcp6      0      0 :::22                  :::*                    LISTEN      916/sshd  
 
==installation vom puppetmaster==
 
==installation vom puppetmaster==
 +
*[[puppet von puppetlabs]]
 +
*[[puppet mit github]]
 
  root@puppet:~# apt-get update  
 
  root@puppet:~# apt-get update  
 
  root@puppet:~# apt-get install puppetmaster -y
 
  root@puppet:~# apt-get install puppetmaster -y
Zeile 51: Zeile 61:
 
  root@puppet:~# service puppetmaster restart
 
  root@puppet:~# service puppetmaster restart
 
   * Restarting puppet master
 
   * Restarting puppet master
 +
 
==installation der puppetclients==
 
==installation der puppetclients==
 
auf tac
 
auf tac
Zeile 60: Zeile 71:
 
==puppetd dämon starten==
 
==puppetd dämon starten==
 
tac und tic  
 
tac und tic  
 +
 +
root@tac:~# puppet agent --enable
 
  root@tac:~# service puppet restart  
 
  root@tac:~# service puppet restart  
 
   * Restarting puppet agent   
 
   * Restarting puppet agent   
 +
root@tac:~# puppet agent --enable
 
  root@tic:~# service puppet restart  
 
  root@tic:~# service puppet restart  
 
   * Restarting puppet agent
 
   * Restarting puppet agent
Zeile 72: Zeile 86:
 
  5 S root      2551    1  0  80  0 - 46188 futex_ 11:15 ?        00:00:00 /usr/bin/ruby /usr/bin/puppet agent
 
  5 S root      2551    1  0  80  0 - 46188 futex_ 11:15 ?        00:00:00 /usr/bin/ruby /usr/bin/puppet agent
 
  0 S root      2571  1517  0  80  0 -  3313 pipe_w 11:17 pts/0    00:00:00 grep --color=auto puppe
 
  0 S root      2571  1517  0  80  0 -  3313 pipe_w 11:17 pts/0    00:00:00 grep --color=auto puppe
 +
==mehrer puppet master==
 +
einen bestimmten puppet master festlegen
  
 +
in/etc/puppet/puppet.conf
 +
##xinux###
 +
server = pupmaster.xinux.org
 +
##xinux###
 +
einfügen
 +
 +
bei 2 puppet server im gleichen netz müssen anscheinend die zertifikate gelöscht werden
 +
 +
cd /var/lib/puppet/ssl/
 +
 +
rm -R*
 
==auf dem puppet master warten zwei clients auf bestätigung==
 
==auf dem puppet master warten zwei clients auf bestätigung==
 
  root@puppet:~# puppet ca list
 
  root@puppet:~# puppet ca list
Zeile 111: Zeile 138:
  
 
=client hinzufügen=
 
=client hinzufügen=
 +
==befehle um client hinzuzufügen==
 +
auf client:
 +
*puppet agent --server puppetmaster --waitforcert 60 --test
 +
auf master:
 +
*puppet cert --list
 +
*puppet cert --sign puppetclient
 +
*https://shapeshed.com/connecting-clients-to-a-puppet-master/
 +
 
tuc
 
tuc
 
  root@tuc:~# dpkg -l | grep apache2
 
  root@tuc:~# dpkg -l | grep apache2
Zeile 132: Zeile 167:
 
  Notice: Removing file Puppet::SSL::CertificateRequest tuc.xinux.org at '/var/lib/puppet/ssl/ca/requests/tuc.xinux.org.pem'
 
  Notice: Removing file Puppet::SSL::CertificateRequest tuc.xinux.org at '/var/lib/puppet/ssl/ca/requests/tuc.xinux.org.pem'
 
  "-----BEGIN CERTIFICATE-----\n ..... \n-----END CERTIFICATE-----\n"
 
  "-----BEGIN CERTIFICATE-----\n ..... \n-----END CERTIFICATE-----\n"
 +
==client wieder austragen==
 +
puppet cert clean isabella.xinux.org
 +
 
==wieder auf dem neuen client==
 
==wieder auf dem neuen client==
 
  root@tuc:~# puppet agent --enable
 
  root@tuc:~# puppet agent --enable
 
  root@tuc:~# service puppet restart
 
  root@tuc:~# service puppet restart
 +
==kontrolle der logs==
 +
root@tuc:~# tail -f /var/log/syslog  | grep puppet-agent
 +
Feb 20 12:24:31 tuc puppet-agent[2511]: Reopening log files
 +
Feb 20 12:26:32 tuc puppet-agent[2511]: Did not receive certificate
 +
Feb 20 12:27:50 tuc puppet-agent[2577]: Enabling Puppet.
 +
Feb 20 12:28:32 tuc puppet-agent[2511]: Starting Puppet client version 3.4.3
 +
Feb 20 12:28:45 tuc puppet-agent[2594]: (/Stage[main]/Main/Package[apache2]/ensure) ensure changed 'purged' to 'present'
 +
Feb 20 12:28:45 tuc puppet-agent[2594]: Finished catalog run in 11.35 seconds
 +
Feb 20 12:29:01 tuc puppet-agent[2511]: Caught TERM; calling stop
 +
Feb 20 12:29:02 tuc puppet-agent[3756]: Reopening log files
 +
Feb 20 12:29:02 tuc puppet-agent[3756]: Starting Puppet client version 3.4.3
 +
Feb 20 12:29:03 tuc puppet-agent[3762]: Finished catalog run in 0.06 seconds
 +
==das ergebnis==
 +
root@tuc:~# dpkg -l | grep apache2
 +
ii  apache2                            2.4.7-1ubuntu4.1              amd64        Apache HTTP Server
 +
ii  apache2-bin                        2.4.7-1ubuntu4.1              amd64        Apache HTTP Server (binary files and modules)
 +
ii  apache2-data                        2.4.7-1ubuntu4.1              all          Apache HTTP Server (common files)
 +
root@tuc:~# netstat -lntp
 +
Aktive Internetverbindungen (Nur Server)
 +
Proto Recv-Q Send-Q Local Address          Foreign Address        State      PID/Program name
 +
tcp        0      0 0.0.0.0:22              0.0.0.0:*              LISTEN      904/sshd       
 +
tcp6      0      0 :::22                  :::*                    LISTEN      904/sshd       
 +
tcp6      0      0 :::80                  :::*                    LISTEN      3573/apache2
 +
 +
=erste versuche=
 +
 +
<pre>
 +
package {
 +
        'apache2' :
 +
                ensure => installed
 +
}
 +
service {
 +
        'apache2' :
 +
                ensure => true,
 +
                enable => true,
 +
                require => Package['apache2']
 +
}
 +
 +
file {'testfile':
 +
      path    => '/tmp/testfile',
 +
      ensure  => present,
 +
      mode    => 0640,
 +
      content => "I'm a test file.",
 +
    }
 +
 +
 +
file { '/etc/ssh/sshd_config':
 +
      ensure => file,
 +
      mode  => 600,
 +
      source => 'puppet:///modules/ssh/sshd_config',
 +
}
 +
    service { 'ssh':
 +
      ensure    => running,
 +
      provider  => 'upstart',
 +
      hasrestart => true,
 +
      hasstatus  => true,
 +
      subscribe => File['/etc/ssh/sshd_config'],
 +
      enable    => true,
 +
    }
 +
</pre>
 +
 +
== apply auf dem master ==
 +
root@puppet:~# puppet apply --verbose /etc/puppet/manifests/site.pp
 +
Notice: Compiled catalog for puppet.xinux.org in environment production in 0.13 seconds
 +
Info: Applying configuration version '1424454643'
 +
Info: mount[files]: allowing * access
 +
Notice: Finished catalog run in 0.15 seconds
 +
 +
=Puppet-Agent Installation Windows=
 +
==Download==
 +
*https://downloads.puppetlabs.com/windows/puppet-agent-x64-latest.msi
 +
 +
==Installation==
 +
[[Datei:puppet-windows.png]]
 +
 +
==Zertifikat auf Master freigeben==
 +
*puppet ca list
 +
<pre>
 +
tuc.xinux.org  (SHA256) 97:1D:EA:6A:47:6A:08:01:1F:33:FE:B7:A8:9B:F3:2C:C3:6B:D6:6D:35:37:70:D9:E7:7D:7D:77:9B:F9:E1:76
 +
</pre>
 +
*puppet ca sign tuc.xinux.org
 +
<pre>
 +
Notice: Signed certificate request for tuc.xinux.org
 +
Notice: Removing file Puppet::SSL::CertificateRequest tuc.xinux.org at '/var/lib/puppet/ssl/ca/requests/tuc.xinux.org.pem'
 +
"-----BEGIN CERTIFICATE-----\n ..... \n-----END CERTIFICATE-----\n"
 +
</pre>
 +
 +
==Benutzung==
 +
[[Datei:puppet-windows-2.png]]
 +
 +
=bestpractice=
 +
*[[bacula-fd über puppet]]
 +
  
 
=docus=
 
=docus=
 +
==errors==
 +
*http://bitcube.co.uk/content/puppet-errors-explained
 +
 +
 +
 +
==vortrag==
 +
https://www.heinlein-support.de/sites/default/files/Puppet-Konfigurationsmanagement-Vortrag.pdf
 +
==password==
 +
*http://razius.com/articles/generating-password-hashes-for-puppet/
 +
 +
==cookbook==
 +
*http://www.puppetcookbook.com/
 +
 +
==fileserver==
 +
*https://docs.puppetlabs.com/guides/file_serving.html
 +
==mounts==
 +
*https://awaseroot.wordpress.com/2012/11/03/puppet-module-for-etcfstab-mounts/
 +
 +
==manifest==
 +
*https://docs.puppetlabs.com/learning/manifests.html
 +
==apt==
 +
*http://stackoverflow.com/questions/22571622/run-all-add-apt-repository-commands-first-then-run-a-single-apt-get-update
 +
==debian==
 
*https://docs.puppetlabs.com/guides/install_puppet/install_debian_ubuntu.html
 
*https://docs.puppetlabs.com/guides/install_puppet/install_debian_ubuntu.html
 +
 +
==ubuntu==
 
*https://www.howtoforge.com/puppet-ubuntu-14.04
 
*https://www.howtoforge.com/puppet-ubuntu-14.04
 +
==templates==
 +
*https://docs.puppetlabs.com/guides/templating.html
 +
==facts==
 +
*http://docs.puppetlabs.com/facter/latest/custom_facts.html?parent=Patterns#adding-custom-facts-to-facter
 +
 +
==artikel==
 
*https://www.jerger.org/blog-lang/-/blogs/puppetmaster-einer-sie-alle-zu-knechten-
 
*https://www.jerger.org/blog-lang/-/blogs/puppetmaster-einer-sie-alle-zu-knechten-
 +
*http://www.linux-magazin.de/Ausgaben/2008/10/Puppenspiel
 +
*http://www.myanubix.de/2015/01/02/schnelleinstieg-in-puppet/
 +
*http://www.myanubix.de/2015/01/03/osx-system-provisioning-mit-puppet/
 +
 
=video=
 
=video=
 
*https://www.youtube.com/watch?v=l86W-WKzhBo
 
*https://www.youtube.com/watch?v=l86W-WKzhBo

Aktuelle Version vom 8. September 2022, 19:52 Uhr

weiter howtos

puppet grundlagen

auf allen maschinen läuft ubuntu 14.04

szenario

der spätere master server "puppet" 

root@puppet:~# host tac
tac.xinux.org has address 192.168.244.52
root@puppet:~# host tic
tic.xinux.org has address 192.168.244.53

der client "tac" 

root@tac:~# host puppet
puppet.xinux.org has address 192.168.244.51

root@tac:~# netstat -lntp
Aktive Internetverbindungen (Nur Server)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      913/sshd        
tcp6       0      0 :::22                   :::*                    LISTEN      913/sshd

der client "tic" 

root@tic:~# host puppet
puppet.xinux.org has address 192.168.244.51

root@tic:~# netstat -lntp
Aktive Internetverbindungen (Nur Server)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      916/sshd        
tcp6       0      0 :::22                   :::*                    LISTEN      916/sshd

installation vom puppetmaster

root@puppet:~# apt-get update 
root@puppet:~# apt-get install puppetmaster -y

das konfigurationsverzeichnis

root@puppet:/etc/puppet# ls 
auth.conf  etckeeper-commit-post  etckeeper-commit-pre  files  fileserver.conf  manifests  modules  puppet.conf  templates

das standard site manifest

das verzeichnis ist leer 

root@puppet:/etc/puppet# cd manifests/
root@puppet:/etc/puppet/manifests# ls

beispiel apache

root@puppet:/etc/puppet/manifests# cat site.pp
package {
       'apache2' :
               ensure => installed
}
service {
       'apache2' :
               ensure => true,
               enable => true,
               require => Package['apache2']
}

restarten des service

root@puppet:~# service puppetmaster restart
 * Restarting puppet master

installation der puppetclients

auf tac 

root@tac:~# apt-get update
root@tac:~# apt-get install -y puppet

auf tic 

root@tic:~# apt-get update
root@tic:~# apt-get install -y puppet

puppetd dämon starten

tac und tic 

root@tac:~# puppet agent --enable
root@tac:~# service puppet restart 
 * Restarting puppet agent  
root@tac:~# puppet agent --enable
root@tic:~# service puppet restart 
 * Restarting puppet agent

kontrolle 

root@tac:~# ps -elf | grep puppet
5 S root      2711     1  0  80   0 - 46195 futex_ 11:15 ?        00:00:00 /usr/bin/ruby /usr/bin/puppet agent
0 S root      2734  1516  0  80   0 -  3313 pipe_w 11:17 pts/0    00:00:00 grep --color=auto puppet

root@tic:~# ps -elf | grep puppet
5 S root      2551     1  0  80   0 - 46188 futex_ 11:15 ?        00:00:00 /usr/bin/ruby /usr/bin/puppet agent
0 S root      2571  1517  0  80   0 -  3313 pipe_w 11:17 pts/0    00:00:00 grep --color=auto puppe

mehrer puppet master

einen bestimmten puppet master festlegen

in/etc/puppet/puppet.conf 

##xinux###
server = pupmaster.xinux.org
##xinux###

einfügen

bei 2 puppet server im gleichen netz müssen anscheinend die zertifikate gelöscht werden

cd /var/lib/puppet/ssl/

rm -R*

auf dem puppet master warten zwei clients auf bestätigung

root@puppet:~# puppet ca list
 tac.xinux.org  (SHA256) 22:86:C4:D0:08:D6:79:AD:41:36:CC:50:F8:3E:2F:E2:DE:92:4D:E9:0A:27:12:45:9F:96:AD:44:F4:42:99:89
 tic.xinux.org  (SHA256) E8:26:23:54:8D:AE:09:04:BD:7A:08:73:D6:7B:46:83:8B:A7:24:8A:46:CE:21:05:FC:F1:D5:06:FA:B4:C4:29

signieren der clients

root@puppet:~# puppet ca sign tac.xinux.org
Notice: Signed certificate request for tac.xinux.org
Notice: Removing file Puppet::SSL::CertificateRequest tac.xinux.org at '/var/lib/puppet/ssl/ca/requests/tac.xinux.org.pem'
"-----BEGIN CERTIFICATE-----\.... \n-----END CERTIFICATE-----\n"
root@puppet:~# puppet ca sign tic.xinux.org
Notice: Signed certificate request for tic.xinux.org
Notice: Removing file Puppet::SSL::CertificateRequest tic.xinux.org at '/var/lib/puppet/ssl/ca/requests/tic.xinux.org.pem'
"-----BEGIN CERTIFICATE-----\n.... \n-----END CERTIFICATE-----\n"

kontrolle

root@puppet:~# puppet ca list

die clients produktiv stellen

root@tac:~# puppet agent --enable
root@tac:~# service puppet restart
root@tic:~# puppet agent --enable
root@tac:~# service puppet restart

apache läuft

tac 

root@tac:~# netstat -lntp 
Aktive Internetverbindungen (Nur Server)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      913/sshd        
tcp6       0      0 :::22                   :::*                    LISTEN      913/sshd        
tcp6       0      0 :::80                   :::*                    LISTEN      4670/apache2

tic 

root@tic:~# netstat -lntp 
Aktive Internetverbindungen (Nur Server)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      916/sshd        
tcp6       0      0 :::22                   :::*                    LISTEN      916/sshd        
tcp6       0      0 :::80                   :::*                    LISTEN      3772/apache2

client hinzufügen

befehle um client hinzuzufügen

auf client:

  • puppet agent --server puppetmaster --waitforcert 60 --test

auf master:

tuc 

root@tuc:~# dpkg -l | grep apache2
root@tuc:~# netstat -lntp 
Aktive Internetverbindungen (Nur Server)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      904/sshd        
tcp6       0      0 :::22                   :::*                    LISTEN      904/sshd

puppet client installation

root@tuc:~# apt-get update
root@tuc:~# apt-get install -y puppet

testweise starten

root@tuc:~# puppet agent --test
Exiting; no certificate found and waitforcert is disabled

zurück auf den server

root@puppet:~# puppet ca list
tuc.xinux.org  (SHA256) 97:1D:EA:6A:47:6A:08:01:1F:33:FE:B7:A8:9B:F3:2C:C3:6B:D6:6D:35:37:70:D9:E7:7D:7D:77:9B:F9:E1:76

signieren

root@puppet:~# puppet ca sign tuc.xinux.org
Notice: Signed certificate request for tuc.xinux.org
Notice: Removing file Puppet::SSL::CertificateRequest tuc.xinux.org at '/var/lib/puppet/ssl/ca/requests/tuc.xinux.org.pem'
"-----BEGIN CERTIFICATE-----\n ..... \n-----END CERTIFICATE-----\n"

client wieder austragen

puppet cert clean isabella.xinux.org

wieder auf dem neuen client

root@tuc:~# puppet agent --enable
root@tuc:~# service puppet restart

kontrolle der logs

root@tuc:~# tail -f /var/log/syslog  | grep puppet-agent 
Feb 20 12:24:31 tuc puppet-agent[2511]: Reopening log files
Feb 20 12:26:32 tuc puppet-agent[2511]: Did not receive certificate
Feb 20 12:27:50 tuc puppet-agent[2577]: Enabling Puppet.
Feb 20 12:28:32 tuc puppet-agent[2511]: Starting Puppet client version 3.4.3
Feb 20 12:28:45 tuc puppet-agent[2594]: (/Stage[main]/Main/Package[apache2]/ensure) ensure changed 'purged' to 'present'
Feb 20 12:28:45 tuc puppet-agent[2594]: Finished catalog run in 11.35 seconds
Feb 20 12:29:01 tuc puppet-agent[2511]: Caught TERM; calling stop
Feb 20 12:29:02 tuc puppet-agent[3756]: Reopening log files
Feb 20 12:29:02 tuc puppet-agent[3756]: Starting Puppet client version 3.4.3
Feb 20 12:29:03 tuc puppet-agent[3762]: Finished catalog run in 0.06 seconds

das ergebnis

root@tuc:~# dpkg -l | grep apache2
ii  apache2                             2.4.7-1ubuntu4.1              amd64        Apache HTTP Server
ii  apache2-bin                         2.4.7-1ubuntu4.1              amd64        Apache HTTP Server (binary files and modules)
ii  apache2-data                        2.4.7-1ubuntu4.1              all          Apache HTTP Server (common files)
root@tuc:~# netstat -lntp 
Aktive Internetverbindungen (Nur Server)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      904/sshd        
tcp6       0      0 :::22                   :::*                    LISTEN      904/sshd        
tcp6       0      0 :::80                   :::*                    LISTEN      3573/apache2

erste versuche

package {
        'apache2' :
                ensure => installed
}
service {
        'apache2' :
                ensure => true,
                enable => true,
                require => Package['apache2']
}

 file {'testfile':
      path    => '/tmp/testfile',
      ensure  => present,
      mode    => 0640,
      content => "I'm a test file.",
    }


file { '/etc/ssh/sshd_config':
      ensure => file,
      mode   => 600,
      source => 'puppet:///modules/ssh/sshd_config',
}
    service { 'ssh':
      ensure    => running,
      provider   => 'upstart',
      hasrestart => true,
      hasstatus  => true,
      subscribe => File['/etc/ssh/sshd_config'],
      enable    => true,
    }

apply auf dem master

root@puppet:~# puppet apply --verbose /etc/puppet/manifests/site.pp
Notice: Compiled catalog for puppet.xinux.org in environment production in 0.13 seconds
Info: Applying configuration version '1424454643'
Info: mount[files]: allowing * access
Notice: Finished catalog run in 0.15 seconds

Puppet-Agent Installation Windows

Download

Installation

Puppet-windows.png

Zertifikat auf Master freigeben

  • puppet ca list
tuc.xinux.org  (SHA256) 97:1D:EA:6A:47:6A:08:01:1F:33:FE:B7:A8:9B:F3:2C:C3:6B:D6:6D:35:37:70:D9:E7:7D:7D:77:9B:F9:E1:76
  • puppet ca sign tuc.xinux.org
Notice: Signed certificate request for tuc.xinux.org
Notice: Removing file Puppet::SSL::CertificateRequest tuc.xinux.org at '/var/lib/puppet/ssl/ca/requests/tuc.xinux.org.pem'
"-----BEGIN CERTIFICATE-----\n ..... \n-----END CERTIFICATE-----\n"

Benutzung

Puppet-windows-2.png

bestpractice


docus

errors


vortrag

https://www.heinlein-support.de/sites/default/files/Puppet-Konfigurationsmanagement-Vortrag.pdf

password

cookbook

fileserver

mounts

manifest

apt

debian

ubuntu

templates

facts

artikel

video

Abgerufen von „https://xinux.net/index.php?title=Puppet&oldid=35027