对我来说,在 Ubuntu 上安装 Puppet Master 一直是一件需要运气和耐心的事情——有很多看似不相关的事情要做,但必须按照精确的顺序完成,软件有很多组合和变化的行为。所以我开始编写一个引导脚本,有一天它可以自动完成这项任务。我在这里分享它,希望在你们的帮助下,它能成为许多初学者的一个很好的起点。
输入:
- lxc 容器的名称(
puppetmaster) - ubuntu 代码库的名称(即它是否精确、有趣或可信)
mycodename。 - Puppetmaster 的完全限定域名 (
puppetmasterfqdn) /etc/puppet用户曾经操作过机器上的木偶;他也是(puppetuser)的所有者- 外部 git 存储库的位置。它将被克隆到 lxc 容器中。
gitlocation - 用于登录的公共 ssh 密钥的位置 (
puppetauth) - 容器的静态 IP 地址,最好位于 lxc 的私有网络内(
puppetip) - lxc 的网关。它可以根据默认的 lxc 配置自动设置,但我懒得围绕它编写自动化程序 (
puppetgetewayip)
特征:
lxc在主机上安装容器支持- 安装ubuntu的模板(代号可以自定义)
- 在机器上安装用户的 ssh 密钥
- 安装带有 puppetdb 支持的 puppetmaster(用于存储配置)
- 设置固定IP地址。
- 将外部 puppet git 存储库与容器连接起来
该脚本以傀儡精神编写,即确保设置了系统的某些属性,如果已设置则跳过操作。因此,可以根据需要多次运行。
作为额外的好处,它还会调整用户的名称,从默认的“ubuntu”
答案1
剧本:
#!/bin/bash
puppetmaster=puppetmaster
puppetmasterfqdn=puppetmaster.fqdn.name
puppetuser=adam
gitlocation=/home/puppet.git
puppetauth=`cat ~/.ssh/id_rsa.pub`
puppetip='10.0.3.90'
puppetgetewayip='10.0.3.1'
#mycodename=`lsb_release -c | perl -pe 's/^Codename:\s*(.*)$/$1/'`
mycodename=saucy
######################################
mydir="/var/lib/lxc/$puppetmaster/rootfs"
#lxc installation
sudo dpkg -s lxc>/dev/null
if [ $? -eq 0 ]; then
echo "lxc already installed!"
else
sudo apt-get --yes install lxc
fi
#Container creation
sudo lxc-ls | grep $puppetmaster >/dev/null
if [ $? -eq 0 ]; then
echo "Container '$puppetmaster' already created!"
else
sudo lxc-create -t ubuntu -n $puppetmaster -- -r $mycodename
fi
#Container's hostname
sudo grep $puppetmasterfqdn $mydir/etc/hostname >/dev/null
if [ $? -eq 0 ]; then
echo "Puppet master's name is correctly set to FQDN!"
else
echo $puppetmasterfqdn | sudo tee $mydir/etc/hostname >/dev/null
fi
host=`sudo grep -E ^127\.0\.1\.1 $mydir/etc/hosts`
if [ $? -eq 0 ]; then
echo $host | grep "$puppetmasterfqdn" >/dev/null
if [ $? -eq 0 ]; then
echo "Puppet master's name is correctly set in hosts!"
else
sudo sed -i.old "s/^127\.0\.1\.1\s*/127.0.1.1 $puppetmasterfqdn /" $mydir/etc/hosts
fi
else
echo "127.0.1.1\t$puppetmasterfqdn" | sudo tee -a $mydir/etc/hosts >/dev/null
fi
#Montowanie puppet.git
sudo mkdir -p $mydir/mnt/puppet.git
sudo grep rootfs/mnt/puppet.git $mydir/../fstab >/dev/null
if [ $? -eq 0 ]; then
echo "Puppet git repository is already mounted!"
else
echo "$gitlocation $mydir/mnt/puppet.git none bind 0 0" | sudo tee -a $mydir/../fstab >/dev/null
sudo lxc-info -n $puppetmaster |grep RUNNING >/dev/null
if [ $? -eq 0 ]; then
sudo lxc-stop -n $puppetmaster
fi
fi
#Network setup
sudo grep $puppetip $mydir/etc/network/interfaces >/dev/null
if [ $? -eq 0 ]; then
echo "Static ip on the container is already set!"
else
sudo sed -i "iface eth0 inet dhcp/iface eth0 inet static \naddress $puppetip\nnetmask 255.255.255.0\ngateway $puppetgetewayip/" $mydir/etc/network/interfaces
fi
#Container startup
sudo lxc-info -n $puppetmaster |grep RUNNING >/dev/null
if [ $? -eq 0 ]; then
echo "Container is '$puppetmaster' already running!"
else
sudo lxc-start -d -n $puppetmaster
sleep 5
fi
#Learning the assigned dynamic IP. Static IP will be assigned later.
myip=`sudo lxc-info -n $puppetmaster -i | grep -oE "[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}"`
echo "puppetmaster IP = $myip"
#Preparing the puppet's configuration bare repository for cross-container mount
mount | grep $gitlocation >/dev/null
if [ $? -eq 0 ]; then
echo "Mount point '$gitlocation' is already declared"
else
sudo mount --bind $gitlocation $gitlocation
sudo mount --make-unbindable $gitlocation $gitlocation
sudo mount --make-shared $gitlocation $gitlocation
fi
#Puppet release.deb
if sudo [ -f $mydir/tmp/puppetdeb.deb ]; then
echo "Puppet release deb already exists!"
else
sudo wget -O $mydir/tmp/puppetdeb.deb http://apt.puppetlabs.com/puppetlabs-release-$mycodename.deb
fi
#Second stage script
sudo tee $mydir/tmp/bootstrap-puppetmaster-insider.sh >/dev/null <<EOT
#!/bin/bash
getent passwd $puppetuser >/dev/null
if [ \$? -eq 0 ]; then
echo "user $puppetuser already exists"
else
usermod -l $puppetuser -d /home/$puppetuser ubuntu
groupmod -n $puppetuser ubuntu
sudo mv /home/ubuntu /home/adam
fi
if [ -d /home/$puppetuser/.ssh ]; then
echo "'.ssh' folder already exists"
sudo chown $puppetuser:$puppetuser /home/$puppetuser/.ssh
else
sudo mkdir -p /home/$puppetuser/.ssh
sudo chown $puppetuser:$puppetuser /home/$puppetuser/.ssh
sudo chmod 0700 /home/$puppetuser/.ssh
fi
id $puppetuser | grep sudo >/dev/null
if [ \$? -eq 0 ]; then
echo "user $puppetuser already is a sudoer"
else
sudo usermod -a -G sudo $puppetuser
fi
if [ -f /home/$puppetuser/.ssh/authorized_keys ]; then
echo "File .ssh/authorized_keys already exists"
else
sudo -u $puppetuser touch /home/$puppetuser/.ssh/authorized_keys
fi
sudo grep "$puppetauth" /home/$puppetuser/.ssh/authorized_keys >/dev/null
if [ \$? -eq 0 ]; then
echo "proper key in authorized_keys already present"
else
echo $puppetauth | sudo -u $puppetuser tee /home/$puppetuser/.ssh/authorized_keys >/dev/null
fi
sudo dpkg -s puppetlabs-release>/dev/null
if [ \$? -eq 0 ]; then
echo "puppetlabs-release is already installed!"
else
sudo dpkg -i /tmp/puppetdeb.deb
fi
sudo dpkg -s puppetmaster>/dev/null
if [ \$? -eq 0 ]; then
echo "puppetlabsmaster is already installed!"
else
sudo apt-get update
sudo apt-get --yes install puppetmaster
fi
sudo dpkg -s git>/dev/null
if [ \$? -eq 0 ]; then
echo "git already installed!"
else
sudo apt-get --yes install git
sudo -u $puppetuser git config --global push.default simple
fi
sudo puppet module list|grep puppetlabs-puppetdb>/dev/null
if [ \$? -eq 0 ]; then
echo "PuppetDB module already installed!"
else
sudo puppet module install puppetlabs-puppetdb
fi
sudo puppet agent --test --server $puppetmasterfqdn
sudo puppet apply /tmp/puppetdb.pp
if [ -d /etc/puppet/.git ]; then
echo "Git repository is already clonned!"
else
if [ -d /etc/puppet.old ]; then
sudo rm -r /etc/puppet.old
fi
sudo mv /etc/puppet /etc/puppet.old
user=`whoami`
sudo git clone /mnt/puppet.git /etc/puppet
sudo chown -R $puppetuser:$puppetuser /etc/puppet
fi
grep "export LANG=C.UTF-8" /etc/default/puppetmaster >/dev/null
if [ \$? -eq 0 ]; then
echo "UTF-8 is properly set"
else
echo "export LANG=C.UTF-8" | sudo tee -a /etc/default/puppetmaster
sudo service puppetmaster restart
fi
sudo chown -R $puppetuser:$puppetuser /home/$puppetuser
EOT
sudo tee $mydir/tmp/puppetdb.pp >/dev/null <<'EOT'
node puppetmaster {
# Configure puppetdb and its underlying database
class { 'puppetdb': database => 'embedded'}
# Configure the puppet master to use puppetdb
class { 'puppetdb::master::config': }
}
EOT
sudo chmod +x $mydir/tmp/bootstrap-puppetmaster-insider.sh
# Disabling use of DNS on ssh
sudo lxc-attach -n $puppetmaster -- bash -x "/tmp/bootstrap-puppetmaster-insider.sh"
tmp=$(sudo grep -E '^UseDNS' $mydir/etc/ssh/sshd_config)
if [ $? -eq 0 ]; then
echo $tmp | grep UseDNS >/dev/null
if [ $? -eq 0 ]; then
echo "Puppet master's sshd is correctly configured to skip reverse DNS!"
else
sudo sed -i.old "s/^\s*UseDNS\s*.*$/UseDNS no/" $mydir/etc/ssh/sshd_config
fi
else
echo "UseDNS no" | sudo tee -a $mydir/etc/ssh/sshd_config >/dev/null
sudo lxc-attach -n $puppetmaster -- service ssh restart
fi
tmp=$(sudo grep -E '^iface eth0 inet dhcp$' $mydir/etc/network/interfaces)
if [ $? -eq 0 ]; then
sudo sed -i.old "s/iface eth0 inet dhcp/iface eth0 inet static\naddress $puppetip \nnetmask 255.255.255.0 \ngateway $puppetgetewayip/" $mydir/etc/network/interfaces
else
tmp=$(sudo grep -E '^iface eth0 inet static$' $mydir/etc/ssh/sshd_config)
if [ $? -eq 0 ]; then
echo "Networking is already configured with static IP on $puppetmaster!"
else
echo "### Cannot configure static IP on $puppetmaster! Please configure networking manually."
fi
fi
tmp=$(sudo grep -E '^iface eth0 inet static$' $mydir/etc/ssh/sshd_config)
echo "puppetmaster IP = $myip"