Puppet
puppet grundlagen
szenario
der spätere master server "puppet"
root@puppet:~# host tac tac.xinux.org has address 192.168.244.52 root@puppet:~# host tic tic.xinux.org has address 192.168.244.53
der client "tac"
root@tac:~# host puppet puppet.xinux.org has address 192.168.244.51
root@tac:~# netstat -lntp Aktive Internetverbindungen (Nur Server) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 913/sshd tcp6 0 0 :::22 :::* LISTEN 913/sshd
der client "tic"
root@tic:~# host puppet puppet.xinux.org has address 192.168.244.51
root@tic:~# netstat -lntp Aktive Internetverbindungen (Nur Server) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 916/sshd tcp6 0 0 :::22 :::* LISTEN 916/sshd
installation vom puppetmaster
root@puppet:~# apt-get update root@puppet:~# apt-get install puppetmaster -y
das konfigurationsverzeichnis
root@puppet:/etc/puppet# ls auth.conf etckeeper-commit-post etckeeper-commit-pre files fileserver.conf manifests modules puppet.conf templates
das standard site manifest
das verzeichnis ist leer
root@puppet:/etc/puppet# cd manifests/ root@puppet:/etc/puppet/manifests# ls
beispiel apache
root@puppet:/etc/puppet/manifests# cat site.pp package { 'apache2' : ensure => installed } service { 'apache2' : ensure => true, enable => true, require => Package['apache2'] }
restarten des service
root@puppet:~# service puppetmaster restart * Restarting puppet master
installation der puppetclients
auf tac
root@tac:~# apt-get update root@tac:~# apt-get install -y puppet
auf tic
root@tic:~# apt-get update root@tic:~# apt-get install -y puppet
puppetd dämon starten
tac und tic
root@tac:~# service puppet restart * Restarting puppet agent root@tic:~# service puppet restart * Restarting puppet agent
kontrolle
root@tac:~# ps -elf | grep puppet 5 S root 2711 1 0 80 0 - 46195 futex_ 11:15 ? 00:00:00 /usr/bin/ruby /usr/bin/puppet agent 0 S root 2734 1516 0 80 0 - 3313 pipe_w 11:17 pts/0 00:00:00 grep --color=auto puppet
root@tic:~# ps -elf | grep puppet 5 S root 2551 1 0 80 0 - 46188 futex_ 11:15 ? 00:00:00 /usr/bin/ruby /usr/bin/puppet agent 0 S root 2571 1517 0 80 0 - 3313 pipe_w 11:17 pts/0 00:00:00 grep --color=auto puppe
auf dem puppet master warten zwei clients auf bestätigung
root@puppet:~# puppet ca list tac.xinux.org (SHA256) 22:86:C4:D0:08:D6:79:AD:41:36:CC:50:F8:3E:2F:E2:DE:92:4D:E9:0A:27:12:45:9F:96:AD:44:F4:42:99:89 tic.xinux.org (SHA256) E8:26:23:54:8D:AE:09:04:BD:7A:08:73:D6:7B:46:83:8B:A7:24:8A:46:CE:21:05:FC:F1:D5:06:FA:B4:C4:29
signieren der clients
root@puppet:~# puppet ca sign tac.xinux.org Notice: Signed certificate request for tac.xinux.org Notice: Removing file Puppet::SSL::CertificateRequest tac.xinux.org at '/var/lib/puppet/ssl/ca/requests/tac.xinux.org.pem' "-----BEGIN CERTIFICATE-----\.... \n-----END CERTIFICATE-----\n" root@puppet:~# puppet ca sign tic.xinux.org Notice: Signed certificate request for tic.xinux.org Notice: Removing file Puppet::SSL::CertificateRequest tic.xinux.org at '/var/lib/puppet/ssl/ca/requests/tic.xinux.org.pem' "-----BEGIN CERTIFICATE-----\n.... \n-----END CERTIFICATE-----\n"
kontrolle
root@puppet:~# puppet ca list
die clients produktiv stellen
root@tac:~# puppet agent --enable root@tac:~# servie puppet restart root@tic:~# puppet agent --enable root@tac:~# servie puppet restart
apache läuft
tac
root@tac:~# netstat -lntp Aktive Internetverbindungen (Nur Server) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 913/sshd tcp6 0 0 :::22 :::* LISTEN 913/sshd tcp6 0 0 :::80 :::* LISTEN 4670/apache2
tic
root@tic:~# netstat -lntp Aktive Internetverbindungen (Nur Server) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 916/sshd tcp6 0 0 :::22 :::* LISTEN 916/sshd tcp6 0 0 :::80 :::* LISTEN 3772/apache2
client hinzufügen
tuc
root@tuc:~# dpkg -l | grep apache2 root@tuc:~# netstat -lntp Aktive Internetverbindungen (Nur Server) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 904/sshd tcp6 0 0 :::22 :::* LISTEN 904/sshd
puppet client installation
root@tuc:~# apt-get update root@tuc:~# apt-get install -y puppet
docus
- https://docs.puppetlabs.com/guides/install_puppet/install_debian_ubuntu.html
- https://www.howtoforge.com/puppet-ubuntu-14.04
- https://www.jerger.org/blog-lang/-/blogs/puppetmaster-einer-sie-alle-zu-knechten-