- Puppet 5 Essentials(Third Edition)
- Martin Alfke Felix Frank
- 588字
- 2021-07-02 18:22:25
Creating the master manifest
When you used Puppet locally in Chapter 1, Writing Your First Manifests, you specified a manifest file that puppet apply should compile. The master compiles manifests for many machines, but the agent does not get to choose which source file is to be used; this is completely at the master's discretion. The starting point for any compilation by the master is always the site manifest, which can be found in /opt/puppetlabs/code/environments/production/manifests/.
Each connecting agent will use all the manifests found here. Of course, you don't want to manage only one identical set of resources on all your machines. To define a piece of manifest exclusively for a specific agent, put it in a node block. This block's contents will only be considered when the calling agent has a matching common name in its SSL certificate. You can dedicate a piece of the manifest to a machine with the name of agent, for example:
node 'agent' {
$packages = [ 'apache2',
'libapache2-mod-php5',
'libapache2-mod-passenger', ]
package { $packages:
ensure => 'installed',
before => Service['apache2'],
}
service { 'apache2':
ensure => 'running',
enable => true,
}
}
Before you set up and connect your first agent to the master, step back and think about how the master should be addressed. By default, agents will try to resolve the unqualified puppet hostname in order to get the master's address. If you have a default domain that is being searched by your machines, you can use this as a default and add a record for puppet as a subdomain (such as puppet.example.net).
Otherwise, pick a domain name that seems fitting to you, such as master.example.net or adm01.example.net. What's important is the following:
- All your agent machines can resolve the name to an address
- The master process is listening for connections on that address
- The master uses a certificate with the chosen name as CN or DNS Alt Names
The mode of resolution depends on your circumstances; the hosts file on each machine is one ubiquitous possibility. The Puppet server listens on all the available addresses by default.
This leaves the task of creating a suitable certificate, which is simple. Configure the master to use the appropriate certificate name and restart the service. If the certificate does not exist yet, Puppet will take the necessary steps to create it. Put the following setting into your /etc/puppetlabs/puppet/puppet.conf file on the master machine:
[main] certname=puppetmaster.example.net
Upon its next start, the master will use the appropriate certificate for all SSL connections. The automatic proliferation of SSL data is not dangerous, even in an existing setup, except for the certification authority. If the master were to generate a new CA certificate at any point in time, it would break the trust of all existing agents.
- SPSS數(shù)據(jù)挖掘與案例分析應(yīng)用實踐
- Visual FoxPro程序設(shè)計教程
- Mastering QGIS
- Apex Design Patterns
- Mastering Google App Engine
- Java程序設(shè)計:原理與范例
- Learning Unity 2D Game Development by Example
- SQL Server與JSP動態(tài)網(wǎng)站開發(fā)
- Canvas Cookbook
- Visual Basic程序設(shè)計習(xí)題與上機(jī)實踐
- 3ds Max印象 電視欄目包裝動畫與特效制作
- Programming Microsoft Dynamics? NAV 2015
- Practical Predictive Analytics
- The Statistics and Calculus with Python Workshop
- Python GUI Programming Cookbook(Second Edition)