- [Show page]
- [Old revisions]
- [[unknown link type]]
- []
Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
linux:puppet [2014/11/06 20:17] admin |
linux:puppet [2019/01/28 15:16] (current) admin [Client side again] |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== Client side ===== | ====== Client side ===== | ||
- | 1. add puppet to your /etc/hosts | + | First |
+ | apt install puppet | ||
+ | |||
+ | You can choose how to reach the server by configuring it or using dns, which is a great advantage if you have all the servers in one domain. | ||
+ | ==== Config way ==== | ||
+ | puppet config set server puppet.starlab.cz | ||
+ | |||
+ | ==== DNS way ==== | ||
+ | |||
+ | - make sure you have properly setup hostname in /etc/hostname and /etc/hosts | ||
+ | - add puppet to your /etc/hosts | ||
<file /etc/hosts> | <file /etc/hosts> | ||
10.0.4.60 puppet puppet.starlab.cz | 10.0.4.60 puppet puppet.starlab.cz | ||
Line 8: | Line 18: | ||
212.20.102.91 puppet puppet.starlab.cz | 212.20.102.91 puppet puppet.starlab.cz | ||
</file> | </file> | ||
- | + | - initiate connection to server<code bash> | |
- | <code bash> | + | xen-starlab:~# puppetd --server puppet --test |
- | xen-jpcomp:~# puppetd --server puppet --test | + | info: Creating a new SSL key for xen.starlab.cz |
- | info: Creating a new SSL key for xen-jpcomp.jpcomp.cz | + | |
info: Caching certificate for ca | info: Caching certificate for ca | ||
- | info: Creating a new SSL certificate request for xen-jpcomp.jpcomp.cz | + | info: Creating a new SSL certificate request for xen.starlab.cz |
info: Certificate Request fingerprint (md5): AA:A6:EA:69:9A:35:91:C2:EA:8B:CF:B4:70:8E:2E:4B | info: Certificate Request fingerprint (md5): AA:A6:EA:69:9A:35:91:C2:EA:8B:CF:B4:70:8E:2E:4B | ||
Exiting; no certificate found and waitforcert is disabled | Exiting; no certificate found and waitforcert is disabled | ||
+ | </code> | ||
+ | v novejsi verzi puppetu: | ||
+ | <code bash> | ||
+ | xen-starlab:~# puppet agent --server puppet --test | ||
</code> | </code> | ||
Line 27: | Line 40: | ||
Hey! We have a new client | Hey! We have a new client | ||
- | root@ibm:~# puppetca --list | + | root@ibm:~# puppet cert --list |
- | "xen-jpcomp.jpcomp.cz" (AA:A6:EA:69:9A:35:91:C2:EA:8B:CF:B4:70:8E:2E:4B) | + | "xen.starlab.cz" (AA:A6:EA:69:9A:35:91:C2:EA:8B:CF:B4:70:8E:2E:4B) |
So sign it! | So sign it! | ||
- | puppetca --sign xen-jpcomp.jpcomp.cz | + | puppet cert --sign xen.starlab.cz |
- | notice: Signed certificate request for xen-jpcomp.jpcomp.cz | + | notice: Signed certificate request for xen.starlab.cz |
- | notice: Removing file Puppet::SSL::CertificateRequest xen-jpcomp.jpcomp.cz at '/path/to.pem' | + | notice: Removing file Puppet::SSL::CertificateRequest xen.starlab.cz at '/path/to.pem' |
| | ||
| | ||
====== Client side again ===== | ====== Client side again ===== | ||
+ | puppetd --server puppet --waitforcert 80 --test | ||
+ | **Warning** **--test** doesn't mean 'test', it is a short for: | ||
+ | |||
+ | '' ´onetime´, ´verbose´, ´ignorecache´, ´no-daemonize´, ´no-usecacheonfailure´, ´detailed-exit-codes´, ´no-splay´, and ´show_diff´'' | ||
+ | |||
+ | |||
+ | Here is the output: | ||
+ | <code> | ||
+ | xen-starlab:~# puppetd --server puppet --waitforcert 80 --test | ||
+ | info: Caching catalog for xen.starlab.cz | ||
+ | info: Applying configuration version '1413471896' | ||
+ | notice: /Stage[main]//File[nrpe_local.cfg]/content: | ||
+ | --- /etc/nagios/nrpe_local.cfg 2013-03-09 08:53:33.000000000 +0100 | ||
+ | +++ /tmp/puppet-file20141106-21693-vorhz2-0 2014-11-06 20:57:19.823561813 +0100 | ||
+ | @@ -1,3 +1,10 @@ | ||
+ | -###################################### | ||
+ | -# Do any local nrpe configuration here | ||
+ | -###################################### | ||
+ | +command[check_users]=/usr/lib/nagios/plugins/check_users -w 5 -c 10 | ||
+ | +command[check_load]=/usr/lib/nagios/plugins/check_load -w 15,10,5 -c 30,25,20 | ||
+ | +command[check_disk]=/usr/lib/nagios/plugins/check_disk -w 8% -c 4% | ||
+ | +command[check_zombie_procs]=/usr/lib/nagios/plugins/check_procs -w 5 -c 10 -s Z | ||
+ | +command[check_total_procs]=/usr/lib/nagios/plugins/check_procs -w 150 -c 200 | ||
+ | +command[check_apt]=/usr/lib/nagios/plugins/check_apt | ||
+ | +command[check_linux_raid]=/usr/lib/nagios/plugins/check_linux_raid | ||
+ | +command[check_rdiff]=sudo /usr/lib/nagios/plugins/check_backup_storage | ||
+ | +command[check_smart]=sudo /usr/lib/nagios/plugins/check_smart | ||
+ | +command[check_ipmi]=/usr/lib/nagios/plugins/check_ipmi | ||
+ | |||
+ | info: FileBucket adding {md5}19c1c67393a0b6002f4595b535c71cc2 | ||
+ | info: /Stage[main]//File[nrpe_local.cfg]: Filebucketed /etc/nagios/nrpe_local.cfg to puppet with sum 19c1c67393a0b6002f4595b535c71cc2 | ||
+ | notice: /Stage[main]//File[nrpe_local.cfg]/content: content changed '{md5}19c1c67393a0b6002f4595b535c71cc2' to '{md5}d8116d9a68b755368037d6bc08d3f1db' | ||
+ | notice: Finished catalog run in 0.44 seconds | ||
+ | </code> | ||
+ | |||
+ | Create a cron job | ||
+ | <code> | ||
+ | puppet resource cron puppet-agent ensure=present user=root minute=30 command='/usr/bin/puppet agent --onetime --no-daemonize --splay' | ||
+ | </code> | ||
+ | |||
+ | Output: | ||
+ | <code> | ||
+ | notice: /Cron[puppet-agent]/ensure: created | ||
+ | cron { 'puppet-agent': | ||
+ | ensure => 'present', | ||
+ | command => '/usr/bin/puppet agent --onetime --no-daemonize --splay', | ||
+ | minute => ['30'], | ||
+ | target => 'root', | ||
+ | user => 'root', | ||
+ | } | ||
+ | </code> | ||
+ | and the cron line is not system wide, but root's | ||
+ | <code bash> | ||
+ | server:~# crontab -l | ||
+ | # HEADER: This file was autogenerated at Thu Nov 06 21:21:15 +0100 2014 by puppet. | ||
+ | # HEADER: While it can still be managed manually, it is definitely not recommended. | ||
+ | # HEADER: Note particularly that the comments starting with 'Puppet Name' should | ||
+ | # HEADER: not be deleted, as doing so could cause duplicate cron jobs. | ||
+ | # Puppet Name: puppet-agent | ||
+ | 30 * * * * /usr/bin/puppet agent --onetime --no-daemonize --splay | ||
+ | </code> | ||
+ | |||
+ | Why cron job instead of daemon? Cron job can sometimes perform better and use less memory. | ||
+ | |||
+ | ===== Autostart ===== | ||
+ | <code bash> | ||
+ | puppet agent --enable | ||
+ | service puppet restart | ||
+ | </code> | ||
linux/puppet.1415301474.txt.gz · Last modified: 2014/11/06 20:17 by admin