如何在 Ubuntu 上的 lxc 上引导 puppetmaster?

如何在 Ubuntu 上的 lxc 上引导 puppetmaster?

对我来说,在 Ubuntu 上安装 Puppet Master 一直是一件需要运气和耐心的事情——有很多看似不相关的事情要做,但必须按照精确的顺序完成,软件有很多组合和变化的行为。所以我开始编写一个引导脚本,有一天它可以自动完成这项任务。我在这里分享它,希望在你们的帮助下,它能成为许多初学者的一个很好的起点。

输入:

  • lxc 容器的名称(puppetmaster
  • ubuntu 代码库的名称(即它是否精确、有趣或可信)mycodename
  • Puppetmaster 的完全限定域名 ( puppetmasterfqdn)
  • /etc/puppet用户曾经操作过机器上的木偶;他也是(puppetuser)的所有者
  • 外部 git 存储库的位置。它将被克隆到 lxc 容器中。gitlocation
  • 用于登录的公共 ssh 密钥的位置 ( puppetauth)
  • 容器的静态 IP 地址,最好位于 lxc 的私有网络内(puppetip
  • lxc 的网关。它可以根据默认的 lxc 配置自动设置,但我懒得围绕它编写自动化程序 ( puppetgetewayip)

特征:

  • lxc在主机上安装容器支持
  • 安装ubuntu的模板(代号可以自定义)
  • 在机器上安装用户的 ssh 密钥
  • 安装带有 puppetdb 支持的 puppetmaster(用于存储配置)
  • 设置固定IP地址。
  • 将外部 puppet git 存储库与容器连接起来

该脚本以傀儡精神编写,即确保设置了系统的某些属性,如果已设置则跳过操作。因此,可以根据需要多次运行。

作为额外的好处,它还会调整用户的名称,从默认的“ubuntu”

答案1

剧本:

#!/bin/bash

puppetmaster=puppetmaster
puppetmasterfqdn=puppetmaster.fqdn.name
puppetuser=adam
gitlocation=/home/puppet.git
puppetauth=`cat ~/.ssh/id_rsa.pub`
puppetip='10.0.3.90'
puppetgetewayip='10.0.3.1'

#mycodename=`lsb_release -c | perl -pe 's/^Codename:\s*(.*)$/$1/'`
mycodename=saucy

######################################

mydir="/var/lib/lxc/$puppetmaster/rootfs"


#lxc installation

sudo dpkg -s lxc>/dev/null
if [ $? -eq 0 ]; then
    echo "lxc already installed!"
else
    sudo apt-get --yes install lxc
fi


#Container creation

sudo lxc-ls | grep $puppetmaster >/dev/null

if [ $? -eq 0 ]; then
    echo "Container '$puppetmaster' already created!"
else
    sudo lxc-create -t ubuntu -n $puppetmaster -- -r $mycodename
fi


#Container's hostname

sudo grep $puppetmasterfqdn $mydir/etc/hostname >/dev/null
if [ $? -eq 0 ]; then
    echo "Puppet master's name is correctly set to FQDN!"
else
    echo $puppetmasterfqdn | sudo tee $mydir/etc/hostname >/dev/null
fi

host=`sudo grep -E ^127\.0\.1\.1 $mydir/etc/hosts`
if [ $? -eq 0 ]; then
    echo $host | grep "$puppetmasterfqdn" >/dev/null
    if [ $? -eq 0 ]; then
        echo "Puppet master's name is correctly set in hosts!"
    else
        sudo sed -i.old "s/^127\.0\.1\.1\s*/127.0.1.1 $puppetmasterfqdn /" $mydir/etc/hosts
    fi
else
    echo "127.0.1.1\t$puppetmasterfqdn" | sudo tee -a $mydir/etc/hosts >/dev/null
fi


#Montowanie puppet.git

sudo mkdir -p $mydir/mnt/puppet.git
sudo grep rootfs/mnt/puppet.git $mydir/../fstab >/dev/null
if [ $? -eq 0 ]; then
    echo "Puppet git repository is already mounted!"
else
    echo "$gitlocation $mydir/mnt/puppet.git none bind 0 0" | sudo tee -a $mydir/../fstab  >/dev/null
    sudo lxc-info -n $puppetmaster |grep RUNNING >/dev/null
    if [ $? -eq 0 ]; then
        sudo lxc-stop -n $puppetmaster
    fi
fi



#Network setup
sudo grep $puppetip $mydir/etc/network/interfaces >/dev/null
if [ $? -eq 0 ]; then
    echo "Static ip on the container is already set!"
else
    sudo sed -i "iface eth0 inet dhcp/iface eth0 inet static \naddress $puppetip\nnetmask 255.255.255.0\ngateway $puppetgetewayip/" $mydir/etc/network/interfaces
fi



#Container startup

sudo lxc-info -n $puppetmaster |grep RUNNING >/dev/null
if [ $? -eq 0 ]; then
    echo "Container is '$puppetmaster' already running!"
else
    sudo lxc-start -d -n $puppetmaster
    sleep 5
fi


#Learning the assigned dynamic IP. Static IP will be assigned later.

myip=`sudo lxc-info -n $puppetmaster -i | grep -oE "[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}"`
echo "puppetmaster IP = $myip"


#Preparing the puppet's configuration bare repository for cross-container mount

mount | grep $gitlocation >/dev/null
if [ $? -eq 0 ]; then
    echo "Mount point '$gitlocation' is already declared"
else
    sudo mount --bind $gitlocation $gitlocation
    sudo mount --make-unbindable $gitlocation $gitlocation
    sudo mount --make-shared $gitlocation $gitlocation
fi


#Puppet release.deb

if sudo [ -f $mydir/tmp/puppetdeb.deb ]; then
    echo "Puppet release deb already exists!"
else
    sudo wget -O $mydir/tmp/puppetdeb.deb http://apt.puppetlabs.com/puppetlabs-release-$mycodename.deb
fi


#Second stage script

sudo tee $mydir/tmp/bootstrap-puppetmaster-insider.sh >/dev/null <<EOT
#!/bin/bash

getent passwd $puppetuser >/dev/null
if [ \$? -eq 0 ]; then
    echo "user $puppetuser already exists"
else
    usermod -l $puppetuser -d /home/$puppetuser ubuntu
    groupmod -n $puppetuser ubuntu
    sudo mv /home/ubuntu /home/adam
fi

if [ -d /home/$puppetuser/.ssh ]; then
    echo "'.ssh' folder already exists"
    sudo chown $puppetuser:$puppetuser /home/$puppetuser/.ssh
else
    sudo mkdir -p /home/$puppetuser/.ssh
    sudo chown $puppetuser:$puppetuser /home/$puppetuser/.ssh
    sudo chmod 0700 /home/$puppetuser/.ssh
fi

id $puppetuser | grep sudo >/dev/null
if [ \$? -eq 0 ]; then
    echo "user $puppetuser already is a sudoer"
else
    sudo usermod -a -G sudo $puppetuser
fi


if [ -f /home/$puppetuser/.ssh/authorized_keys ]; then
    echo "File .ssh/authorized_keys already exists"
else
    sudo -u $puppetuser touch /home/$puppetuser/.ssh/authorized_keys
fi

sudo grep "$puppetauth" /home/$puppetuser/.ssh/authorized_keys >/dev/null

if [ \$? -eq 0 ]; then
    echo "proper key in authorized_keys already present"
else
    echo $puppetauth | sudo -u $puppetuser tee /home/$puppetuser/.ssh/authorized_keys >/dev/null
fi

sudo dpkg -s puppetlabs-release>/dev/null
if [ \$? -eq 0 ]; then
    echo "puppetlabs-release is already installed!"
else
    sudo dpkg -i /tmp/puppetdeb.deb
fi

sudo dpkg -s puppetmaster>/dev/null
if [ \$? -eq 0 ]; then
    echo "puppetlabsmaster is already installed!"
else
    sudo apt-get update
    sudo apt-get --yes install puppetmaster
fi

sudo dpkg -s git>/dev/null
if [ \$? -eq 0 ]; then
    echo "git already installed!"
else
    sudo apt-get --yes install git
    sudo -u $puppetuser git config --global push.default simple
fi


sudo puppet module list|grep  puppetlabs-puppetdb>/dev/null
if [ \$? -eq 0 ]; then
    echo "PuppetDB module already installed!"
else
    sudo puppet module install puppetlabs-puppetdb
fi

sudo puppet agent --test --server $puppetmasterfqdn

sudo puppet apply /tmp/puppetdb.pp

if [ -d /etc/puppet/.git ]; then
    echo "Git repository is already clonned!"
else
    if [ -d /etc/puppet.old ]; then
        sudo rm -r /etc/puppet.old
    fi
    sudo mv /etc/puppet /etc/puppet.old
    user=`whoami`
    sudo git clone /mnt/puppet.git /etc/puppet
    sudo chown -R $puppetuser:$puppetuser /etc/puppet
fi

grep "export LANG=C.UTF-8" /etc/default/puppetmaster >/dev/null
if [ \$? -eq 0 ]; then
    echo "UTF-8 is properly set"
else
    echo "export LANG=C.UTF-8" | sudo tee -a /etc/default/puppetmaster
    sudo service puppetmaster restart
fi

sudo chown -R $puppetuser:$puppetuser /home/$puppetuser

EOT

sudo tee $mydir/tmp/puppetdb.pp >/dev/null <<'EOT'
node puppetmaster {
  # Configure puppetdb and its underlying database
  class { 'puppetdb': database => 'embedded'}
  # Configure the puppet master to use puppetdb
  class { 'puppetdb::master::config': }
}
EOT

sudo chmod +x $mydir/tmp/bootstrap-puppetmaster-insider.sh


# Disabling use of DNS on ssh

sudo lxc-attach -n $puppetmaster -- bash -x "/tmp/bootstrap-puppetmaster-insider.sh"

tmp=$(sudo grep -E '^UseDNS' $mydir/etc/ssh/sshd_config)
if [ $? -eq 0 ]; then
    echo $tmp | grep UseDNS >/dev/null
    if [ $? -eq 0 ]; then
        echo "Puppet master's sshd is correctly configured to skip reverse DNS!"
    else
        sudo sed -i.old "s/^\s*UseDNS\s*.*$/UseDNS no/" $mydir/etc/ssh/sshd_config
    fi
else
    echo "UseDNS no" | sudo tee -a $mydir/etc/ssh/sshd_config >/dev/null
    sudo lxc-attach -n $puppetmaster -- service ssh restart
fi


tmp=$(sudo grep -E '^iface eth0 inet dhcp$' $mydir/etc/network/interfaces)
if [ $? -eq 0 ]; then
    sudo sed -i.old "s/iface eth0 inet dhcp/iface eth0 inet static\naddress $puppetip \nnetmask 255.255.255.0 \ngateway $puppetgetewayip/" $mydir/etc/network/interfaces
else
    tmp=$(sudo grep -E '^iface eth0 inet static$' $mydir/etc/ssh/sshd_config)
    if [ $? -eq 0 ]; then
        echo "Networking is already configured with static IP on $puppetmaster!"
    else
        echo "### Cannot configure static IP on $puppetmaster! Please configure networking manually."
    fi
fi

tmp=$(sudo grep -E '^iface eth0 inet static$' $mydir/etc/ssh/sshd_config)


echo "puppetmaster IP = $myip"

相关内容