企业实际使用的案例
1.创建模块目录
mkdir -p /etc/puppet/modules/ssh/{files,manifests}
2.创建秘钥(一路回车即可)
ssh-keygen
3.将公钥拷贝到资源目录
cat /root/.ssh/id_rsa.pub >/etc/puppet/modules/ssh/files/authorized_keys
4.创建模块的入口文件
[root@master manifests]# cat /etc/puppet/modules/ssh/manifests/init.pp
class ssh{
package { 'openssh-server':
ensure => present,
}
file { '/root/.ssh/authorized_keys':
ensure => present,
owner => 'root',
group => 'root',
mode => '0600',
source => "puppet://$puppetserver/modules/ssh/authorized_keys",
require => Package['openssh-server'],
}
}
4.创建主配置
[root@master manifests]# cat /etc/puppet/manifests/site.pp
node 'nginxnode2.puppetcao.com'{
include ssh
}
client端口服务器启动puppet服务即可同步过去,这样可以方便管理多用户的秘钥
systemctl start puppet
5.测试
[root@master manifests]# ssh root@192.168.1.116
Last login: Wed Sep 18 15:44:58 2019 from master.puppetcao.com
成功登陆
检查配置命令:
puppet parser validate /etc/puppet/manifests/site.pp