如何在Ubuntu 18上安装Puppet 6？

本文概述

• 环境细节
• 安装Puppet服务器
• 安装Puppet服务器
• 配置人偶服务器
• 安装人偶代理
• 配置人偶代理
• 生成并签署证书
• Puppet样本示例

了解如何安装Puppet服务器和代理并进行设置, 使他们彼此交谈。

Puppet是DevOps领域中企业采用最多的配置管理工具之一。作为DevOps工程师, 你必须知道如何在系统上设置人偶。

但是在开始之前, 让我告诉你, 安装Puppet根本不是一件容易的事。如果你错过了一个步骤, 或者更改了本教程中提到的步骤流程, 即使在某个地方, 也可能会整日挠头, 出现很多错误, 但是设置将不完整。因此, 请非常仔细地遵循每个步骤。

Puppet具有客户端-服务器体系结构, 该体系结构由一个Puppet主服务器(服务器)和Puppet代理(客户端)组成。 Puppet Master具有所有配置, 并且可以编译配置并将其提供给Puppet代理。人偶代理会定期将事实发送到人偶主目录, 以请求目录。 Puppet Master将所需的目录发送回给Puppet代理。然后, Puppet Agent将该目录应用到节点上, 并向主节点报告。

现在, 你已经对Puppet有了基本的了解, 让我们开始设置Puppet Master和Puppet Agent。

如果你绝对是新手, 则可以参加此在线视频课程。

环境细节

我正在使用2台Ubuntu 18.04机器。一个将充当人偶大师, 另一个将充当人偶代理商。以下是机器的详细信息：

Puppet大师(服务器)

• 主机名：puppet, puppet.geekflate.com
• IP地址：192.168.0.108

人偶代理(客户)

• 主机名：puppetagent
• IP地址：192.168.0.107

安装Puppet服务器

在开始安装之前, 我需要编辑master和agent上的/ etc / hosts文件, 以便它们可以相互解析。

在主节点上

[email protected]:~$ sudo gedit /etc/hosts

[sudo] password for geekflare:

127.0.0.1 localhost
127.0.1.1 geekflare
192.168.0.108 puppet puppet.geekflare.com

在代理节点上

[email protected]:~$ sudo gedit /etc/hosts

127.0.0.1 localhost
127.0.1.1 geekflare
192.168.0.107 puppetagent
192.168.0.108 puppet puppet.geekflare.com

现在, 我需要在主节点上获取一个Puppet存储库并进行更新。

下载人偶库。

[email protected]:~$ wget https://apt.puppetlabs.com/puppet6-release-bionic.deb

--2019-10-15 15:41:34-- https://apt.puppetlabs.com/puppet6-release-bionic.deb

Resolving apt.puppetlabs.com (apt.puppetlabs.com)... 99.86.19.107, 99.86.19.59, 99.86.19.2, ...

Connecting to apt.puppetlabs.com (apt.puppetlabs.com)|99.86.19.107|:443... connected.

HTTP request sent, awaiting response... 200 OK

Length: 11736 (11K) [application/x-debian-package]

Saving to: ‘puppet6-release-bionic.deb’

puppet6-release-bio 100%[===================>] 11.46K --.-KB/s in 0s     

2019-10-15 15:41:34 (236 MB/s) - ‘puppet6-release-bionic.deb’ saved [11736/11736]

添加并配置puppet 6 repo。

[email protected]:~$ sudo dpkg -i puppet6-release-bionic.deb

Selecting previously unselected package puppet6-release.

(Reading database ... 187041 files and directories currently installed.)

Preparing to unpack puppet6-release-bionic.deb ...

Unpacking puppet6-release (6.0.0-5bionic) ...

Setting up puppet6-release (6.0.0-5bionic) ...

更新存储库列表。

[email protected]:~$ sudo apt update

Hit:1 https://download.docker.com/linux/ubuntu bionic InRelease

Hit:2 http://security.ubuntu.com/ubuntu cosmic-security InRelease             

Hit:3 http://ppa.launchpad.net/ansible/ansible/ubuntu cosmic InRelease        

Get:4 http://download.virtualbox.org/virtualbox/debian cosmic InRelease [4, 429 B]

Get:5 http://apt.puppetlabs.com bionic InRelease [85.3 kB]                    

Hit:6 http://us.archive.ubuntu.com/ubuntu cosmic InRelease                    

Hit:7 http://us.archive.ubuntu.com/ubuntu cosmic-updates InRelease            

Get:8 http://download.virtualbox.org/virtualbox/debian cosmic/contrib amd64 Packages [1, 466 B]

Get:9 http://apt.puppetlabs.com bionic/puppet6 all Packages [13.5 kB]

Hit:10 http://us.archive.ubuntu.com/ubuntu cosmic-backports InRelease

Get:11 http://apt.puppetlabs.com bionic/puppet6 i386 Packages [13.5 kB]

Get:12 http://apt.puppetlabs.com bionic/puppet6 amd64 Packages [32.3 kB]

Fetched 151 kB in 2s (61.9 kB/s) 

Reading package lists... Done

Building dependency tree      

Reading state information... Done

234 packages can be upgraded. Run 'apt list --upgradable' to see them.

安装Puppet服务器

让我们在主节点上运行以下命令以在其上安装人偶服务器。

[email protected]:~$ sudo apt install -y puppetserver

Reading package lists... Done

Building dependency tree      

Reading state information... Done

The following additional packages will be installed:

 ca-certificates-java java-common openjdk-8-jre-headless puppet-agent

Suggested packages:

 default-jre fonts-dejavu-extra fonts-ipafont-gothic fonts-ipafont-mincho

 fonts-wqy-microhei fonts-wqy-zenhei

The following NEW packages will be installed:

 ca-certificates-java java-common openjdk-8-jre-headless puppet-agent

 puppetserver

0 upgraded, 5 newly installed, 0 to remove and 234 not upgraded.

Need to get 109 MB of archives.

After this operation, 287 MB of additional disk space will be used.

Get:1 http://us.archive.ubuntu.com/ubuntu cosmic/main amd64 java-common all 0.68ubuntu1 [6, 988 B]

Get:2 http://apt.puppetlabs.com bionic/puppet6 amd64 puppet-agent amd64 6.10.1-1bionic [19.9 MB]

Get:3 http://us.archive.ubuntu.com/ubuntu cosmic-updates/universe amd64 openjdk-8-jre-headless amd64 8u212-b03-0ubuntu1.18.10.1 [27.2 MB]

Get:4 http://apt.puppetlabs.com bionic/puppet6 amd64 puppetserver all 6.7.1-1bionic [61.5 MB]

Get:5 http://us.archive.ubuntu.com/ubuntu cosmic/main amd64 ca-certificates-java all 20180516ubuntu1 [12.3 kB]

Fetched 109 MB in 1min 41s (1, 072 kB/s)                                       

Unpacking puppetserver (6.7.1-1bionic) ...

Setting up puppet-agent (6.10.1-1bionic) ...

Created symlink /etc/systemd/system/multi-user.target.wants/puppet.service → /lib/systemd/system/puppet.service.

Created symlink /etc/systemd/system/multi-user.target.wants/pxp-agent.service → /lib/systemd/system/pxp-agent.service.

Removed /etc/systemd/system/multi-user.target.wants/pxp-agent.service.

Setting up java-common (0.68ubuntu1) ...

Processing triggers for libc-bin (2.28-0ubuntu1) ...

Processing triggers for systemd (239-7ubuntu10.12) ...

Processing triggers for man-db (2.8.4-2) ...

Processing triggers for ca-certificates (20180409) ...

Updating certificates in /etc/ssl/certs...

0 added, 0 removed; done.

Running hooks in /etc/ca-certificates/update.d...

done.

Setting up ca-certificates-java (20180516ubuntu1) ...

head: cannot open '/etc/ssl/certs/java/cacerts' for reading: No such file or directory

Adding debian:SSL.com_EV_Root_Certification_Authority_ECC.pem

Adding debian:ssl-cert-snakeoil.pem

Adding debian:SwissSign_Gold_CA_-_G2.pem

Adding debian:SZAFIR_ROOT_CA2.pem

Adding debian:OpenTrust_Root_CA_G3.pem

Adding debian:TWCA_Root_Certification_Authority.pem

Adding debian:QuoVadis_Root_CA_2_G3.pem

Adding debian:DST_Root_CA_X3.pem

Adding debian:SecureSign_RootCA11.pem

Adding debian:QuoVadis_Root_CA_1_G3.pem

Adding debian:T-TeleSec_GlobalRoot_Class_3.pem

Adding debian:Go_Daddy_Root_Certificate_Authority_-_G2.pem

Adding debian:Actalis_Authentication_Root_CA.pem

Adding debian:Chambers_of_Commerce_Root_-_2008.pem

done.

Processing triggers for ca-certificates (20180409) ...

Updating certificates in /etc/ssl/certs...

0 added, 0 removed; done.

Running hooks in /etc/ca-certificates/update.d...

done.

done.

Setting up openjdk-8-jre-headless:amd64 (8u212-b03-0ubuntu1.18.10.1) ...

Setting up puppetserver (6.7.1-1bionic) ...

usermod: no changes

Processing triggers for systemd (239-7ubuntu10.12) ...

配置人偶服务器

编辑puppetserver文件, 如下所示。这用于配置人偶服务器的JVM。

[email protected]:~$ sudo gedit /etc/default/puppetserver

 
# Modify this if you'd like to change the memory allocation, enable JMX, etc

JAVA_ARGS="-Xms512m -Xmx512m -Djruby.logger.class=com.puppetlabs.jruby_utils.jruby.Slf4jLogger"

编辑人偶配置文件以修改人偶服务器设置。

[email protected]:~$ sudo gedit /etc/puppetlabs/puppet/puppet.conf


# This file can be used to override the default puppet settings.

# See the following links for more details on what settings are available:

# - https://puppet.com/docs/puppet/latest/config_important_settings.html

# - https://puppet.com/docs/puppet/latest/config_about_settings.html

# - https://puppet.com/docs/puppet/latest/config_file_main.html

# - https://puppet.com/docs/puppet/latest/configuration.html

[master]

vardir = /opt/puppetlabs/server/data/puppetserver

logdir = /var/log/puppetlabs/puppetserver

rundir = /var/run/puppetlabs/puppetserver

pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid

codedir = /etc/puppetlabs/code

dns_alt_names = puppet, puppet.geekflare.com

[main]

certname = puppet.geekflare.com

server = puppet.geekflare.com

environment = production

runinterval = 15m

Puppet服务器需要生成一个根和中间签名CA。

[email protected]:~$ sudo /opt/puppetlabs/bin/puppetserver ca setup

Generation succeeded. Find your files in /etc/puppetlabs/puppet/ssl/ca

启动并启用人偶服务器服务。

[email protected]:~$ sudo systemctl start puppetserver

[email protected]:~$ sudo systemctl enable puppetserver

Synchronizing state of puppetserver.service with SysV service script with /lib/systemd/systemd-sysv-install.

Executing: /lib/systemd/systemd-sysv-install enable puppetserver

安装人偶代理

与在主系统上一样, 在代理节点上执行以下步骤。Puppet存储库需要出现在所有代理节点上。

[email protected]:~$ wget https://apt.puppetlabs.com/puppet6-release-bionic.deb

[email protected]:~$ sudo dpkg -i puppet6-release-bionic.deb

[email protected]:~$ sudo apt update

在代理节点上运行以下命令以安装人偶代理。

[email protected]:~$ sudo apt install -y puppet-agent

Reading package lists... Done

Building dependency tree      

Reading state information... Done

The following NEW packages will be installed:

 puppet-agent

0 upgraded, 1 newly installed, 0 to remove and 233 not upgraded.

Need to get 19.9 MB of archives.

After this operation, 115 MB of additional disk space will be used.

Get:1 http://apt.puppetlabs.com bionic/puppet6 amd64 puppet-agent amd64 6.10.1-1bionic [19.9 MB]

Fetched 19.9 MB in 2s (8, 488 kB/s)      

Selecting previously unselected package puppet-agent.

(Reading database ... 185786 files and directories currently installed.)

Preparing to unpack .../puppet-agent_6.10.1-1bionic_amd64.deb ...

Unpacking puppet-agent (6.10.1-1bionic) ...

Setting up puppet-agent (6.10.1-1bionic) ...

Created symlink /etc/systemd/system/multi-user.target.wants/puppet.service → /lib/systemd/system/puppet.service.

Created symlink /etc/systemd/system/multi-user.target.wants/pxp-agent.service → /lib/systemd/system/pxp-agent.service.

Removed /etc/systemd/system/multi-user.target.wants/pxp-agent.service.

Processing triggers for libc-bin (2.28-0ubuntu1) ...

配置人偶代理

编辑代理节点上的人偶配置文件。

[email protected]:~$ sudo gedit /etc/puppetlabs/puppet/puppet.conf

[main]

certname = puppetagent

server = puppet.geekflare.com

environment = production

runinterval = 15m

运行以下命令以启动人偶服务。该命令启动后也会自动启动。

[email protected]:~$ sudo /opt/puppetlabs/bin/puppet resource service puppet ensure=running enable=true

service { 'puppet':

 ensure => 'running',  enable => 'true', } 

生成并签署证书

代理第一次启动时, 它将证书签名请求发送到人偶主服务器。主机需要检查并签署此证书。此后, 代理将从主数据库中获取目录, 并定期将其应用于代理节点。

现在, up代理正在运行, 请在主节点上运行以下命令, 以检查其是否已收到任何证书签名请求。

在主节点上

[email protected]:~$ sudo /opt/puppetlabs/bin/puppetserver ca list

[sudo] password for geekflare:

Requested Certificates:

   puppetagent (SHA256) EA:68:23:B5:C3:71:2C:E6:4A:6A:3B:2F:24:F5:B8:5B:50:F7:3F:12:89:DE:B1:EB:D1:0A:74:3E:48:C3:D7:35

签署代理发送的证书。

[email protected]:~$ sudo /opt/puppetlabs/bin/puppetserver ca list

[sudo] password for geekflare:

Requested Certificates:

   puppetagent (SHA256) EA:68:23:B5:C3:71:2C:E6:4A:6A:3B:2F:24:F5:B8:5B:50:F7:3F:12:89:DE:B1:EB:D1:0A:74:3E:48:C3:D7:35

运行以下命令以检查所有证书列表。一个证书已经存在, 是默认的主节点证书, 另一个证书来自代理节点。

[email protected]:~$ sudo /opt/puppetlabs/bin/puppetserver ca list --all

Signed Certificates:

   puppetagent (SHA256) EA:68:23:B5:C3:71:2C:E6:4A:6A:3B:2F:24:F5:B8:5B:50:F7:3F:12:89:DE:B1:EB:D1:0A:74:3E:48:C3:D7:35

   puppet.geekflare.com (SHA256) 71:30:5B:C8:C5:CE:28:A0:60:5C:4F:39:26:D0:FC:DA:DF:0A:0F:4D:ED:D4:B1:9C:05:1A:38:2F:D6:5F:9C:06 alt names: ["DNS:puppet.geekflare.com", "DNS:puppet", "DNS:puppet.geekflare.com"]

在代理节点上

现在运行此命令以测试是否在主节点和代理节点之间建立了连接, 并且一切运行正常。

[email protected]:~$ sudo /opt/puppetlabs/bin/puppet agent --test

Info: Using configured environment 'production'

Info: Retrieving pluginfacts

Info: Retrieving plugin

Info: Retrieving locales

Info: Caching catalog for puppet-agent

Info: Applying configuration version '1571171191'

Notice: Applied catalog in 0.02 seconds

Puppet样本示例

让我们运行一个简单的Puppet示例。我将创建一个简单的Puppet清单, 该清单创建具有一定权限的目录。

在主节点上：

[email protected]:~$ sudo gedit /etc/puppetlabs/code/environments/production/manifests/site.pp

输入以下内容。

node 'puppetagent' { # Applies only to mentioned node. If nothing mentioned, applies to all.

    file { '/home/test': # Resource type file

            ensure => 'directory', # Create a directory

            owner => 'root', # Ownership

            group => 'root', # Group Name

            mode => '0755', # Directory permissions

         }

}

现在, 运行以下命令以使代理伸出手来掌握和提取配置。运行此命令后, 它将在代理节点上创建该目录。

在代理节点上

[email protected]:~$ sudo /opt/puppetlabs/bin/puppet agent --test

[sudo] password for geekflare:

Info: Using configured environment 'production'

Info: Retrieving pluginfacts

Info: Retrieving plugin

Info: Retrieving locales

Info: Caching catalog for puppetagent

Info: Applying configuration version '1571333010'

Notice: /Stage[main]/Main/Node[puppetagent]/File[/home/test]/ensure: created

Notice: Applied catalog in 0.05 seconds

运行ls命令, 以检查是否已成功创建控制器。

[email protected]:~$ ls -l /home/

total 32

drwxr-xr-x 13 geekflare geekflare 4096 Jul 19 08:06 geekflare

drwx------ 2 root root 16384 Oct 23 2018 lost+found

drwxr-xr-x 23 geekflare geekflare 4096 Oct 17 11:02 geekflare

drwxr-xr-x 2 root root 4096 Oct 17 13:23 test

drwxr-xr-x 2 username username 4096 Jun 29 09:38 username

你去！

总结

这是一个简单的例子来演示其工作原理。但是, 想象一个更大的场景, 你必须在数百台服务器上安装或应用某种配置。Puppet可以帮助你在数分钟内实现。

如果你从事自动化并有兴趣了解更多信息, 则可以查看此Udemy课程, 其中涉及Ansible, Puppet和Salt。