20140808-1 选题

This commit is contained in:
DeadFire 2014-08-08 21:42:45 +08:00
parent c7f96269ab
commit 6cb597a69f
2 changed files with 355 additions and 0 deletions

View File

@ -0,0 +1,197 @@
How to install Puppet server and client on CentOS and RHEL
================================================================================
As a system administrator acquires more and more systems to manage, automation of mundane tasks gets quite important. Many administrators adopted the way of writing custom scripts, that are simulating complex orchestration software. Unfortunately, scripts get obsolete, people who developed them leave, and without an enormous level of maintenance, after some time these scripts will end up unusable. It is certainly more desirable to share a system that everyone can use, and invest in tools that can be used regardless of one's employer. For that we have several systems available, and in this howto you will learn how to use one of them - Puppet.
### What is Puppet? ###
Puppet is an automation software for IT system administrators and consultants. It allows you to automate repetitive tasks such as the installation of applications and services, patch management, and deployments. Configuration for all resources are stored in so called "manifests", that can be applied to multiple machines or just a single server. If you would like to know more information, The Puppet Labs site has a more complete description of [what Puppet is and how it works][1].
### What are we going to achieve in this tutorial? ###
We will install and configure a Puppet server, and set up some basic configuration for our client servers. You will discover how to write and manage Puppet manifests and how to push it into your servers.
### Prerequisites ###
Since Puppet is not in basic CentOS or RHEL distribution repositories, we have to add a custom repository provided by Puppet Labs. On all servers in which you want to use Puppet, install the repository by executing following command (RPM file name can change with new release):
**On CentOS/RHEL 6.5:**
# rpm -ivh https://yum.puppetlabs.com/el/6.5/products/x86_64/puppetlabs-release-6-10.noarch.rpm
**On CentOS/RHEL 7:**
# rpm -ivh https://yum.puppetlabs.com/el/7/products/x86_64/puppetlabs-release-7-10.noarch.rpm
### Server Installation ###
Install the package "puppet-server" on the server you want to use as a master.
# yum install puppet-server
When the installation is done, set the Puppet server to automatically start on boot and turn it on.
# chkconfig puppetmaster on
# service puppetmaster start
Now when we have the server working, we need to make sure that it is reachable from our network.
On CentOS/RHEL 6, where iptables is used as firewall, add following line into section ":OUTPUT ACCEPT" of /etc/sysconfig/iptables.
> -A INPUT -m state --state NEW -m tcp -p tcp --dport 8140 -j ACCEPT
To apply this change, it's necessary to restart iptables.
# service iptables restart
On CentOS/RHEL 7, where firewalld is used, the same thing can be achieved by:
# firewall-cmd --permanent --zone=public --add-port=8140/tcp
# firewall-cmd --reload
### Client Installation ###
Install the Puppet client package on your client nodes by executing the following:
# yum install puppet
When the installation finishes, make sure that Puppet will start after boot.
# chkconfig puppet on
Your Puppet client nodes have to know where the Puppet master server is located. The best practice for this is to use a DNS server, where you can configure the Puppet domain name. If you don't have a DNS server running, you can use the /etc/hosts file, by simply adding the following line:
> 1.2.3.4 server.your.domain
> 2.3.4.5 client-node.your.domain
1.2.3.4 corresponds to the IP address of your Puppet master server, "server.your.domain" is the domain name of your master server (the default is usually the server's hostname), "client-node.your.domain" is your client node. This hosts file should be configured accordingly on all involved servers (both Puppet master and clients).
When you are done with these settings, we need to show the Puppet client what is its master. By default Puppet looks for a server called "puppet", but this setting is usually inappropriate for your network configuration, therefore we will exchange it for the proper FQDN of the Puppet master server. Open the file /etc/sysconfig/puppet and change the "PUPPET_SERVER" value to your Puppet master server domain name specified in /etc/hosts:
> PUPPET_SERVER=server.your.domain
The master server name also has to be defined in the section "[agent]" of /etc/puppet/puppet.conf:
> server=server.your.domain
Now you can start your Puppet client:
# service puppet start
We need to force our client to check in with the Puppet master by using:
# puppet agent --test
You should see something like the following output. Don't panic, this is desired as the server is still not verified on the Puppet master server.
> Exiting; no certificate found and waitforcert is disabled
Go back to your puppet master server and check certificate verification requests:
# puppet cert list
You should see a list of all the servers that requested a certificate signing from your puppet master. Find the hostname of your client server and sign it using the following command (client-node is the domain name of your client node):
# puppet cert sign client-node
At this point you have a working Puppet client and server. Congratulations! However, right now there is nothing for the Puppet master to instruct the client to do. So, let's create some basic manifest and set our client node to install basic utilities.
Connect back to your Puppet server and make sure the directory /etc/puppet/manifests exists.
# mkdir -p /etc/puppet/manifests
Now create the manifest file /etc/puppet/manifests/site.pp with the following content
node 'client-node' {
include custom_utils
}
class custom_utils {
package { ["nmap","telnet","vim-enhanced","traceroute"]:
ensure => latest,
allow_virtual => false,
}
}
and restart the puppetmaster service.
# service puppetmaster restart
The default refresh interval of the client configuration is 30 minutes, if you want to force the application of your changes manually, execute the following command on your client node:
# puppet agent -t
If you would like to change the default client refresh interval, add:
> runinterval = <yourtime>
to the "[agent]" section of /etc/puppet/puppet.conf on your client node. This setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y). Note that a runinterval of 0 means "run continuously" rather than "never run".
### Tips & Tricks ###
#### 1. Debugging ####
It can happen from time to time that you will submit a wrong configuration and you have to debug where the Puppet failed. For that you will always start with either checking logs in /var/log/puppet/ or running the agent manually to see the output:
# puppet agent -t
By default "-t" activates verbose mode, so it allows you to see the output of Puppet. This command also has several parameters that might help you identify your problem a bit more. The first useful option is:
# puppet agent -t --debug
Debug shows you basically all steps that Puppet goes through during its runtime. It can be really useful during debug of really complicated rules. Another parameter you might find really useful is:
# puppet agent -t --noop
This option sets puppet in so called dry-run mode, where no changes are performed. Puppet only writes what it would do on the screen but nothing is written on the disk.
#### 2. Modules ####
After some time you find yourself in the situation where you will want to have more complicated manifests. But before you will sit down and start to program them, you should invest some time and browse [https://forge.puppetlabs.com][2]. Forge is a repository of the Puppet community modules and it's very likely that you find the solution for your problem already made there. If not, feel free to write your own and submit it, so other people can benefit from the Puppet modularity.
Now, let's assume that you have already found a module that would fix your problem. How to install it into the system? It is actually quite easy, because Puppet already contains an interface to download modules directly. Simply type the following command:
# puppet module install <module_name> --version 0.0.0
<module_name> is the name of your chosen module, the version is optional (if not specified then the latest release is taken). If you don't remember the name of the module you want to install, you can try to find it by using module search:
# puppet module search <search_string>
As a result you will get a list of all modules that contain your search string.
# puppet module search apache
----------
Notice: Searching https://forgeapi.puppetlabs.com ...
NAME DESCRIPTION AUTHOR KEYWORDS
example42-apache Puppet module for apache @example42 example42, apache
puppetlabs-apache Puppet module for Apache @puppetlabs apache web httpd centos rhel ssl wsgi proxy
theforeman-apache Apache HTTP server configuration @theforeman foreman apache httpd DEPRECATED
And if you would like to see what modules you already installed, type:
# puppet module list
### Summary ###
By now, you should have a fully functional Puppet master that is delivering basic configuration to one or more client servers. At this point feel free to add more settings into your configuration to adapt it to your infrastructure. Don't worry about experimenting with Puppet and you will see that it can be a genuine lifesaver.
Puppet labs is trying to maintain a top quality documentation for their projects, so if you would like to learn more about Puppet and its configuration, I strongly recommend visiting the Puppet project page at [http://docs.puppetlabs.com][3].
If you have any questions feel free to post them in the comments and I will do my best to answer and advise.
--------------------------------------------------------------------------------
via: http://xmodulo.com/2014/08/install-puppet-server-client-centos-rhel.html
作者:[Jaroslav Štěpánek][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[a]:http://xmodulo.com/author/jaroslav
[1]:https://puppetlabs.com/puppet/what-is-puppet/
[2]:https://forge.puppetlabs.com/
[3]:http://docs.puppetlabs.com/

View File

@ -0,0 +1,158 @@
How to set up a Samba file server to use with Windows clients
================================================================================
According to the [Samba][1] project web site, Samba is an open source/free software suite that provides seamless file and print services to SMB/CIFS clients. Unlike other implementations of the SMB/CIFS networking protocol (such as LM Server for HP-UX, LAN Server for OS/2, or VisionFS), Samba (along with its source code) is freely available (at no cost to the end user), and allows for interoperability between Linux/Unix servers and Windows/Unix/Linux clients.
For these reasons, Samba is the preferred solution for a file server in networks where different operating systems (other than Linux) coexist - the most common setup being the case of multiple Microsoft Windows clients accessing a Linux server where Samba is installed, which is the situation we are going to deal with in this article.
Please note that on the other hand, if our network consists of only Unix-based clients (such as Linux, AIX, or Solaris, to name a few examples), we can consider using NFS (although Samba is still an option in this case), which has greater reported speeds.
### Installing Samba in Debian and CentOS ###
Before we proceed with the installation, we can use our operating system's package management system to look for information about Samba:
On Debian:
# aptitude show samba
On CentOS:
# yum info samba
In the following screenshot we can see the output of 'aptitude show samba' ('yum info samba' yields similar results):
![](https://farm4.staticflickr.com/3868/14837993244_0fa525eb35_z.jpg)
Now let's install Samba (the screenshot below corresponds to the installation on a Debian 7 [Wheezy] server):
On Debian:
# aptitude install samba
On CentOS:
# yum install samba
### Adding Users to Samba ###
For versions earlier than 4.x, a local Unix account is required for adding users to Samba:
# adduser <username>
![](https://farm6.staticflickr.com/5574/14837266181_fed68bddf2_o.png)
Next, we need to add the user to Samba using the smbpasswd command with the '-a' option, which specifies that the username following should be added to the local smbpasswd file. We will be prompted to enter a password (which does not necessarily have to be the same as the password of the local Unix account):
# smbpassword -a <username>
![](https://farm6.staticflickr.com/5555/14653711099_578f8613ca.jpg)
Finally, we will give access to user xmodulo to a directory within our system that will be used as a Samba share for him (and other users as well, if needed). This is done by opening the /etc/samba/smb.conf file with a text editor (such as Vim), navigating to the end of the file, and creating a section (enclose name between square brackets) with a descriptive name, such as [xmodulo]:
# SAMBA SHARE
[xmodulo]
path = /home/xmodulo
available = yes
valid users = xmodulo
read only = no
browseable = yes
public = yes
writeable = yes
We must now restart Samba and -just in case- check the smb.conf file for syntax errors with the testparm command:
# service samba restart
# testparm
![](https://farm6.staticflickr.com/5589/14653655390_becb4f4981_z.jpg)
If there are any errors, they will be reported when testparm ends.
### Mapping the Samba Share as a Network Drive on a Windows 7 PC ###
Right click on Computer, and select "Map network drive":
![](https://farm6.staticflickr.com/5571/14837993154_981b73ea92.jpg)
Type the IP address of the machine where Samba is installed, followed by the name of the share (this is the name that is enclosed between single brackets in the smb.conf file), and make sure that the "Connect using different credentials" checkbox is checked:
![](https://farm4.staticflickr.com/3881/14839997172_d67ec98933_o.png)
nter the username and password that were set with '**smbpasswd -a**' earlier:
![](https://farm6.staticflickr.com/5563/14653711029_ddfea53bd6_o.png)
Go to Computer and check if the network drive has been added correctly:
![](https://farm6.staticflickr.com/5584/14837993124_c664728039_o.png)
As a test, let's create a pdf file from the man page of Samba, and save it in the /home/xmodulo directory:
![](https://farm6.staticflickr.com/5593/14860219723_e8380f0d0f_o.png)
Next, we can verify that the file is accessible from Windows:
![](https://farm4.staticflickr.com/3869/14817386696_74a12dfdcd_o.png)
And we can open it using our default pdf reader:
![](https://farm6.staticflickr.com/5584/14653655350_8a243b1493_z.jpg)
Finally, let's see if we can save a file from Windows in our newly mapped network drive. We will open the change.log file that lists the features of Notepad++:
![](https://farm6.staticflickr.com/5565/14817386676_18c1d7bc60_o.png)
and try to save it in Z:\ as a plain text file (.txt extension); then let's see if the file is visible in Linux:
![](https://farm4.staticflickr.com/3841/14817386656_fb09a95a65_o.png)
### Enabling quotas ###
As a first step, we need to verify whether the current kernel has been compiled with quota support:
# cat /boot/config-$(uname -r) | grep
![](https://farm4.staticflickr.com/3867/14837993054_081dc9b0dc_z.jpg)
Each file system has up to five types of quota limits that can be enforced on it: user soft limit, user hard limit, group soft limit, group hard limit, and grace time.
We will now enable quotas for the /home file system by adding the usrquota and grpquota mount options to the existing defaults option in the line that corresponds to the /home filesystem in the /etc/fstab file, and we will remount the file system in order to apply the changes:
![](https://farm6.staticflickr.com/5561/14653806067_b8b0dc2333_z.jpg)
Next, we need to create two files that will serve as the databases for user and group quotas: **aquota.user** and **aquota.group**, respectively, in **/home**. Then, we will generate the table of current disk usage per file system with quotas enabled:
# quotacheck -cug /home
# quotacheck -avugm
![](https://farm6.staticflickr.com/5584/14837265971_654e8f3bc0_o.png)
# quota -u <username>
# quota -g <groupname>
![](https://farm6.staticflickr.com/5582/14653735848_8de88d69c4_o.png)
Finally, the last couple of steps consist of assigning the quotas per user and / or group with the quotatool command (note that this task can also be performed by using edquota, but quotatool is more straightforward and less error-prone).
To set the soft limits to 4 MB and the hard limit to 5 MB for the user called xmodulo, and 10 MB / 15 MB for the xmodulo group:
# quotatool -u xmodulo -bq 4M -l '5 Mb' /home
# quotatool -g xmodulo -bq 10M -l '15 Mb' /home
![](https://farm4.staticflickr.com/3888/14653806037_5438b5034e_z.jpg)
And we can see the results in Windows 7 (3.98 MB free of 4.00 MB):
![](https://farm4.staticflickr.com/3919/14653805967_c2b1551869_o.png)
--------------------------------------------------------------------------------
via: http://xmodulo.com/2014/08/samba-file-server-windows-clients.html
作者:[Gabriel Cánepa][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[a]:http://xmodulo.com/author/gabriel
[1]:http://www.samba.org/