PUPPET » Historique » Version 6
Mehdi Abaakouk, 04/01/2012 11:06
| 1 | 6 | Mehdi Abaakouk | h1. Master of Puppet |
|---|---|---|---|
| 2 | 1 | Mehdi Abaakouk | |
| 3 | 6 | Mehdi Abaakouk | h2. Exemple duplication www avec puppet et les backups: |
| 4 | 1 | Mehdi Abaakouk | |
| 5 | 6 | Mehdi Abaakouk | Installation d'une vm (ici: puppet-tester) avec ganeti: |
| 6 | 6 | Mehdi Abaakouk | |
| 7 | 6 | Mehdi Abaakouk | sur h1: |
| 8 | 6 | Mehdi Abaakouk | <pre> |
| 9 | 6 | Mehdi Abaakouk | ./gnt-addvm puppet-tester |
| 10 | 6 | Mehdi Abaakouk | </pre> |
| 11 | 6 | Mehdi Abaakouk | |
| 12 | 6 | Mehdi Abaakouk | Sur puppet-tester, restauration du dernier backup de /var/www de www.tetaneutral.net qui se trouve sur h2 |
| 13 | 6 | Mehdi Abaakouk | |
| 14 | 6 | Mehdi Abaakouk | Puis installation de puppet: |
| 15 | 6 | Mehdi Abaakouk | <pre> |
| 16 | 6 | Mehdi Abaakouk | $ apt-get install puppet |
| 17 | 6 | Mehdi Abaakouk | |
| 18 | 6 | Mehdi Abaakouk | $ cat /etc/puppet/puppet.conf ajouter: |
| 19 | 6 | Mehdi Abaakouk | [main] |
| 20 | 6 | Mehdi Abaakouk | logdir=/var/log/puppet |
| 21 | 6 | Mehdi Abaakouk | vardir=/var/lib/puppet |
| 22 | 6 | Mehdi Abaakouk | ssldir=/var/lib/puppet/ssl |
| 23 | 6 | Mehdi Abaakouk | rundir=/var/run/puppet |
| 24 | 6 | Mehdi Abaakouk | factpath=$vardir/lib/facter |
| 25 | 6 | Mehdi Abaakouk | templatedir=$confdir/templates |
| 26 | 6 | Mehdi Abaakouk | pluginsync = true |
| 27 | 6 | Mehdi Abaakouk | |
| 28 | 6 | Mehdi Abaakouk | [agent] |
| 29 | 6 | Mehdi Abaakouk | server=puppet.tetaneutral.net |
| 30 | 6 | Mehdi Abaakouk | |
| 31 | 6 | Mehdi Abaakouk | $ puppet agent --test |
| 32 | 6 | Mehdi Abaakouk | </pre> |
| 33 | 6 | Mehdi Abaakouk | |
| 34 | 6 | Mehdi Abaakouk | Sur puppet.teteneutral.net, dans le fichier nodes.pp copie du bloc de la machine www en puppet-tester |
| 35 | 6 | Mehdi Abaakouk | puis on sign la cle de puppet-tester |
| 36 | 6 | Mehdi Abaakouk | <pre> |
| 37 | 6 | Mehdi Abaakouk | puppetca --sign puppet-tester.tetaneutral.net |
| 38 | 6 | Mehdi Abaakouk | </pre> |
| 39 | 6 | Mehdi Abaakouk | |
| 40 | 6 | Mehdi Abaakouk | sur puppet-tester, on descend la configuration via puppet: |
| 41 | 6 | Mehdi Abaakouk | |
| 42 | 6 | Mehdi Abaakouk | <pre>puppet agent --test</pre> |
| 43 | 6 | Mehdi Abaakouk | |
| 44 | 6 | Mehdi Abaakouk | et pour finir on restaure le backup mysql: |
| 45 | 6 | Mehdi Abaakouk | |
| 46 | 6 | Mehdi Abaakouk | <pre> |
| 47 | 6 | Mehdi Abaakouk | mysql -u root < www.tetaneutral.net-all-mysql-databases.20120103.sql |
| 48 | 6 | Mehdi Abaakouk | </pre> |
| 49 | 6 | Mehdi Abaakouk | |
| 50 | 6 | Mehdi Abaakouk | |
| 51 | 1 | Mehdi Abaakouk | h2. Ajout d'une machine: |
| 52 | 1 | Mehdi Abaakouk | |
| 53 | 1 | Mehdi Abaakouk | Sur le client: |
| 54 | 1 | Mehdi Abaakouk | |
| 55 | 1 | Mehdi Abaakouk | <pre> |
| 56 | 1 | Mehdi Abaakouk | $ apt-get install puppet |
| 57 | 1 | Mehdi Abaakouk | </pre> |
| 58 | 1 | Mehdi Abaakouk | |
| 59 | 1 | Mehdi Abaakouk | dans /etc/default/puppet mettre: |
| 60 | 1 | Mehdi Abaakouk | <pre> |
| 61 | 1 | Mehdi Abaakouk | START=yes |
| 62 | 1 | Mehdi Abaakouk | </pre> |
| 63 | 1 | Mehdi Abaakouk | |
| 64 | 1 | Mehdi Abaakouk | et dans /etc/puppet/puppet.conf ajouter: |
| 65 | 1 | Mehdi Abaakouk | <pre> |
| 66 | 6 | Mehdi Abaakouk | pluginsync=true |
| 67 | 6 | Mehdi Abaakouk | |
| 68 | 1 | Mehdi Abaakouk | [agent] |
| 69 | 1 | Mehdi Abaakouk | server=puppet.tetaneutral.net |
| 70 | 1 | Mehdi Abaakouk | </pre> |
| 71 | 1 | Mehdi Abaakouk | |
| 72 | 1 | Mehdi Abaakouk | Ensuite ajouter la machine dans le puppet master, MOUAHAHA: |
| 73 | 1 | Mehdi Abaakouk | Sur le client: |
| 74 | 1 | Mehdi Abaakouk | <pre> |
| 75 | 1 | Mehdi Abaakouk | $ puppet agent --test |
| 76 | 1 | Mehdi Abaakouk | warning: peer certificate won't be verified in this SSL session |
| 77 | 1 | Mehdi Abaakouk | warning: peer certificate won't be verified in this SSL session |
| 78 | 1 | Mehdi Abaakouk | warning: peer certificate won't be verified in this SSL session |
| 79 | 1 | Mehdi Abaakouk | Exiting; no certificate found and waitforcert is disabled |
| 80 | 1 | Mehdi Abaakouk | </pre> |
| 81 | 1 | Mehdi Abaakouk | |
| 82 | 1 | Mehdi Abaakouk | Sur le serveur: |
| 83 | 1 | Mehdi Abaakouk | <pre> |
| 84 | 1 | Mehdi Abaakouk | $ puppetca --list |
| 85 | 1 | Mehdi Abaakouk | www.tetaneutral.net |
| 86 | 1 | Mehdi Abaakouk | |
| 87 | 1 | Mehdi Abaakouk | $ puppetca --sign --all |
| 88 | 1 | Mehdi Abaakouk | notice: Signed certificate request for www.tetaneutral.net |
| 89 | 1 | Mehdi Abaakouk | notice: Removing file Puppet::SSL::CertificateRequest www.tetaneutral.net at '/var/lib/puppet/ssl/ca/requests/www.tetaneutral.net.pem' |
| 90 | 1 | Mehdi Abaakouk | </pre> |
| 91 | 1 | Mehdi Abaakouk | |
| 92 | 1 | Mehdi Abaakouk | Sur le client: |
| 93 | 1 | Mehdi Abaakouk | <pre> |
| 94 | 1 | Mehdi Abaakouk | $ puppet agent --test |
| 95 | 1 | Mehdi Abaakouk | warning: peer certificate won't be verified in this SSL session |
| 96 | 1 | Mehdi Abaakouk | info: Caching certificate for www.tetaneutral.net |
| 97 | 1 | Mehdi Abaakouk | info: Caching certificate_revocation_list for ca |
| 98 | 1 | Mehdi Abaakouk | info: Caching catalog for www.tetaneutral.net |
| 99 | 1 | Mehdi Abaakouk | info: Applying configuration version '1325516709' |
| 100 | 4 | Mehdi Abaakouk | info: Creating state file /var/lib/puppet/state/state.yaml |
| 101 | 4 | Mehdi Abaakouk | notice: Finished catalog run in 0.01 seconds |
| 102 | 4 | Mehdi Abaakouk | </pre> |
| 103 | 4 | Mehdi Abaakouk | |
| 104 | 4 | Mehdi Abaakouk | Sur le serveur, on associe les modules au client: |
| 105 | 4 | Mehdi Abaakouk | |
| 106 | 4 | Mehdi Abaakouk | <pre> |
| 107 | 4 | Mehdi Abaakouk | $ cat manifests/nodes.pp |
| 108 | 4 | Mehdi Abaakouk | |
| 109 | 4 | Mehdi Abaakouk | node basenode { |
| 110 | 2 | Mehdi Abaakouk | include backup |
| 111 | 2 | Mehdi Abaakouk | include motd |
| 112 | 5 | Mehdi Abaakouk | } |
| 113 | 5 | Mehdi Abaakouk | |
| 114 | 5 | Mehdi Abaakouk | node 'www.tetaneutral.net' inherits basenode { |
| 115 | 5 | Mehdi Abaakouk | } |
| 116 | 5 | Mehdi Abaakouk | </pre> |
| 117 | 5 | Mehdi Abaakouk | |
| 118 | 5 | Mehdi Abaakouk | |
| 119 | 5 | Mehdi Abaakouk | |
| 120 | 5 | Mehdi Abaakouk | h2. Récupération de fichier écrasé par puppet: |
| 121 | 5 | Mehdi Abaakouk | |
| 122 | 1 | Mehdi Abaakouk | Voir la liste des fichiers backupés: |
| 123 | 2 | Mehdi Abaakouk | <pre> |
| 124 | 2 | Mehdi Abaakouk | find /var/*/puppet/clientbucket -name paths | while read path ; do echo $(cat $path): $(basename $(dirname $path)) $(stat -c %y $path) ; done |
| 125 | 2 | Mehdi Abaakouk | </pre> |
| 126 | 2 | Mehdi Abaakouk | Ensuite pour voir le fichier: |
| 127 | 2 | Mehdi Abaakouk | <pre> |
| 128 | 6 | Mehdi Abaakouk | A venir ... (un truc avec puppet filebucket ...) |
| 129 | 2 | Mehdi Abaakouk | </pre> |
| 130 | 2 | Mehdi Abaakouk | |
| 131 | 2 | Mehdi Abaakouk | h2. Ajout d'un module (ie: un truc/service/user a configurer), ici module motdpour l'exemple : |
| 132 | 2 | Mehdi Abaakouk | |
| 133 | 2 | Mehdi Abaakouk | h3. Création du module |
| 134 | 2 | Mehdi Abaakouk | |
| 135 | 2 | Mehdi Abaakouk | <pre> |
| 136 | 2 | Mehdi Abaakouk | cd /etc/puppet/modules |
| 137 | 2 | Mehdi Abaakouk | mkdir -p motd/{files,lib,manifests,templates,tests} |
| 138 | 2 | Mehdi Abaakouk | $ cat motd/manifests/init.pp |
| 139 | 2 | Mehdi Abaakouk | class motd { |
| 140 | 2 | Mehdi Abaakouk | file {'motd': |
| 141 | 2 | Mehdi Abaakouk | ensure => file, |
| 142 | 2 | Mehdi Abaakouk | path => '/etc/motd.tail', |
| 143 | 2 | Mehdi Abaakouk | mode => 0644, |
| 144 | 2 | Mehdi Abaakouk | content => "Bienvenue sur ${::hostname}, machine de l'infrastructure ${::domain}\n\nCette machine est geree par puppet toutes modifications effectuee est suceptible d'etre perdu." |
| 145 | 2 | Mehdi Abaakouk | } |
| 146 | 2 | Mehdi Abaakouk | } |
| 147 | 2 | Mehdi Abaakouk | </pre> |
| 148 | 2 | Mehdi Abaakouk | |
| 149 | 2 | Mehdi Abaakouk | |
| 150 | 2 | Mehdi Abaakouk | h3. Ajout du module à la liste des modules disponibles |
| 151 | 1 | Mehdi Abaakouk | |
| 152 | 2 | Mehdi Abaakouk | <pre> |
| 153 | 2 | Mehdi Abaakouk | $ cat manifests/modules.pp |
| 154 | 2 | Mehdi Abaakouk | import "motd" |
| 155 | 2 | Mehdi Abaakouk | </pre> |
| 156 | 2 | Mehdi Abaakouk | |
| 157 | 2 | Mehdi Abaakouk | h3. Utilisation du module pour une node |
| 158 | 2 | Mehdi Abaakouk | |
| 159 | 2 | Mehdi Abaakouk | <pre> |
| 160 | 2 | Mehdi Abaakouk | $ cat manifests/nodes.pp |
| 161 | 6 | Mehdi Abaakouk | node 'www.tetaneutral.net' { |
| 162 | 2 | Mehdi Abaakouk | include motd |
| 163 | 2 | Mehdi Abaakouk | } |
| 164 | 2 | Mehdi Abaakouk | </pre> |
| 165 | 1 | Mehdi Abaakouk | |
| 166 | 1 | Mehdi Abaakouk | |
| 167 | 1 | Mehdi Abaakouk | h2. Installation |
| 168 | 1 | Mehdi Abaakouk | |
| 169 | 1 | Mehdi Abaakouk | Installation du paquet: |
| 170 | 1 | Mehdi Abaakouk | <pre> |
| 171 | 1 | Mehdi Abaakouk | $ apt-get install puppetmaster |
| 172 | 1 | Mehdi Abaakouk | </pre> |
| 173 | 1 | Mehdi Abaakouk | |
| 174 | 1 | Mehdi Abaakouk | |
| 175 | 1 | Mehdi Abaakouk | Dans /etc/puppet/puppet.conf mettre le nom du serveur puppetmaster: |
| 176 | 1 | Mehdi Abaakouk | <pre> |
| 177 | 1 | Mehdi Abaakouk | [master] |
| 178 | 1 | Mehdi Abaakouk | certname=puppet.tetaneutral.net |
| 179 | 1 | Mehdi Abaakouk | </pre> |
| 180 | 1 | Mehdi Abaakouk | |
| 181 | 1 | Mehdi Abaakouk | Dans /etc/puppet/fileserver.conf configurer les autorisations: |
| 182 | 1 | Mehdi Abaakouk | <pre> |
| 183 | 1 | Mehdi Abaakouk | [files] |
| 184 | 1 | Mehdi Abaakouk | path /etc/puppet/files |
| 185 | 1 | Mehdi Abaakouk | allow 91.224.149.0/24 |
| 186 | 1 | Mehdi Abaakouk | allow 91.224.148.0/24 |
| 187 | 1 | Mehdi Abaakouk | </pre> |
| 188 | 6 | Mehdi Abaakouk | |
| 189 | 6 | Mehdi Abaakouk | |
| 190 | 6 | Mehdi Abaakouk | h2. Liens: |
| 191 | 6 | Mehdi Abaakouk | |
| 192 | 6 | Mehdi Abaakouk | * http://docs.puppetlabs.com/references/stable/ |
| 193 | 6 | Mehdi Abaakouk | * http://madeinsyria.fr/2011/06/howto-puppet-administration-et-industrialisation-de-masse/ |