标签:ar io os 使用 sp for on 文件 2014
为了ssh配置文件安全性,保证配置权限不被串改,可以通过puppet统一管理.
1 . 创建ssh模块相关目录:
root@10.1.1.33:ssh# pwd /etc/puppet/modules/ssh root@10.1.1.33:ssh# ll total 12 drwxr-xr-x 2 root root 4096 Nov 9 10:42 files drwxr-xr-x 2 root root 4096 Dec 16 18:15 manifests drwxr-xr-x 2 root root 4096 Dec 16 18:15 templates
2. 定义ssh模块全局配置:
root@10.1.1.33:manifests# vim init.pp
class ssh{
include ssh::params,ssh::install,ssh::config,ssh::service
}
3.创建安装ssh包文件:
root@10.1.1.33:manifests# cat install.pp
class ssh::install {
package { $ssh::params::ssh_package_name:
ensure => present,
allow_virtual => true,
}
} 4. 创建变量文件,根据不同操作系统使用相应变量.
root@10.1.1.33:manifests# cat params.pp
class ssh::params {
case $::operatingsystem {
Slaris: {
$ssh_package_name = ‘openssh‘
$ssh_service_config = ‘/etc/ssh/sshd_config‘
$ssh_service_name = ‘sshd‘
}
/^(Ubuntu|Debian)$/: {
$ssh_package_name = ‘openssh-server‘
$ssh_service_config = ‘/etc/ssh/sshd_config‘
$ssh_service_name = ‘sshd‘
}
default: {
$ssh_package_name = ‘openssh-server‘
$ssh_service_config = ‘/etc/ssh/sshd_config‘
$ssh_service_name = ‘sshd‘
}
}
} 5.创建ssh配置文件
root@10.1.1.33:manifests# cat config.pp
class ssh::config {
file { $ssh::params::ssh_service_config:
owner => root,
group => root,
mode => 0644,
ensure => present,
content => template("ssh/sshd_config.erb"),
require => Class["ssh::install"],
notify => Class["ssh::service"],
}
} 6.创建ssh服务文件
root@10.1.1.33:manifests# cat service.pp
class ssh::service {
service {$ssh::params::ssh_service_name:
ensure => running,
hasstatus => true,
hasrestart => true,
enable => true,
require => Class["ssh::config"],
}
}
7.客户端测试
root@10.1.1.34:~# puppet agent --test
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for agent.domain.com
Info: Applying configuration version ‘1418724923‘
Notice: Finished catalog run in 0.43 seconds
root@10.1.1.34:~# puppet agent --test
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for agent.domain.com
Info: Applying configuration version ‘1418724963‘
Notice: /Stage[main]/Ssh::Config/File[/etc/ssh/sshd_config]/content:
--- /etc/ssh/sshd_config 2014-12-16 17:54:57.925899311 +0800
+++ /tmp/puppet-file20141216-29636-1fidan3-0 2014-12-16 18:16:06.120181312 +0800
@@ -145,3 +145,4 @@
####################################
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
+#davehe
Info: Computing checksum on file /etc/ssh/sshd_config
Info: /Stage[main]/Ssh::Config/File[/etc/ssh/sshd_config]: Filebucketed /etc/ssh/sshd_config to puppet with sum 2f42725b0c617b2ec7b9dd2db6c8fe61
Notice: /Stage[main]/Ssh::Config/File[/etc/ssh/sshd_config]/content: content changed ‘{md5}2f42725b0c617b2ec7b9dd2db6c8fe61‘ to ‘{md5}53141dd1bb8749a04a5fd2a2f05b2b2a‘
Info: /Stage[main]/Ssh::Config/File[/etc/ssh/sshd_config]: Scheduling refresh of Class[Ssh::Service]
Info: Class[Ssh::Service]: Scheduling refresh of Service[sshd]
Notice: /Stage[main]/Ssh::Service/Service[sshd]: Triggered ‘refresh‘ from 1 events
Notice: Finished catalog run in 0.73 seconds
标签:ar io os 使用 sp for on 文件 2014
原文地址:http://my.oschina.net/davehe/blog/356792
