来到自动部署服务器(192.168.1.110,内存需要2G以上)里面,第一步,安装puppet的rpm仓库源。
[root@autodeploy ~]# rpm -ivh https://yum.puppetlabs.com/puppet5/puppet5-release-el-7.noarch.rpm
Retrieving https://yum.puppetlabs.com/puppet5/puppet5-release-el-7.noarch.rpm
warning: /var/tmp/rpm-tmp.DEhzEF: Header V4 RSA/SHA256 Signature, key ID ef8d349f: NOKEY
Preparing... ################################# [100%]
Updating / installing...
1:puppet5-release-5.0.0-11.el7 ################################# [100%]
第二步,则是使用yum命令安装puppet的服务端。
[root@autodeploy ~]# yum -y install puppetserver
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.163.com
* epel: hkg.mirror.rackspace.com
* extras: mirrors.163.com
* updates: mirrors.163.com
Package puppetserver-5.3.16-1.el7.noarch already installed and latest version
Nothing to do
puppet服务端默认安装是没有软连接,所以需要设置一个软链接进行快速操作。
[root@autodeploy ~]# ln -s /opt/puppetlabs/bin/puppet /bin/
查看puppet支持的命令,发现非常多参数,但是不要害怕,只需使用几个参数就可以完成自动化部署。
puppet之间的通信是需要域名进行解析,所以需要在hosts文件添加一条域名指向,将域名解析到自动部署服务器上面。(注意:后面的puppet agent上面也需要添加这个域名解析记录。)
[root@autodeploy ~]# cat /etc/hosts
192.168.1.110 www.autodeploy.com
[root@autodeploy ~]# ping www.autodeploy.com
PING www.autodeploy.com (192.168.1.110) 56(84) bytes of data.
64 bytes from www.autodeploy.com (192.168.1.110): icmp_seq=1 ttl=64 time=0.031 ms
64 bytes from www.autodeploy.com (192.168.1.110): icmp_seq=2 ttl=64 time=0.034 ms
64 bytes from www.autodeploy.com (192.168.1.110): icmp_seq=3 ttl=64 time=0.043 ms
修改puppet的配置文件,只需要加上倒数两行的main标签和DNS解析记录,puppet服务端这边的配置已经完成了。
[root@autodeploy ~]# cat /etc/puppetlabs/puppet/puppet.conf
[master]
vardir = /opt/puppetlabs/server/data/puppetserver
logdir = /var/log/puppetlabs/puppetserver
rundir = /var/run/puppetlabs/puppetserver
pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid
codedir = /etc/puppetlabs/code
[main]
dns_alt_names = www.autodeploy.com
接下来启动一下puppet服务端的服务,并且设置开机启动和查看启动状态,可以看到显示是正在运行,这就说明服务已经正常运行。
[root@autodeploy ~]# systemctl start puppetserver
[root@autodeploy ~]# systemctl enable puppetserver
Created symlink from /etc/systemd/system/multi-user.target.wants/puppetserver.service to /usr/lib/systemd/system/puppetserver.service.
[root@autodeploy ~]# systemctl status puppetserver
● puppetserver.service - puppetserver Service
Loaded: loaded (/usr/lib/systemd/system/puppetserver.service; enabled; vendor preset: disabled)
Active: active (running) since Sat 2021-06-26 02:45:32 EDT; 28s ago
Main PID: 1426 (java)
CGroup: /system.slice/puppetserver.service
└─1426 /usr/bin/java -Xms2g -Xmx2g -Djruby.logger.class=com.puppetlabs.jruby_utils.jruby.Slf4jLogger -Djava.security.egd=file:/dev/urandom -XX:OnOutOfMemoryError=kill -9 %p -c...
Jun 26 02:44:49 autodeploy systemd[1]: Starting puppetserver Service...
Jun 26 02:45:32 autodeploy systemd[1]: Started puppetserver Service.
wazuh官方已经将wazuh所要安装的依赖和服务都以任务的形式编排好了,我们只需使用他们做好的东西就可以,使用puppet的模块参数就可以将任务下载到本地。
直接使用命令下载最新版本(4.1.5)发现无法下载,只能下载4.0.4版本。
[root@autodeploy proxychains-ng-master]# puppet module install wazuh-wazuh --version 4.1.5
Notice: Preparing to install into /etc/puppetlabs/code/environments/production/modules ...
Notice: Created target directory /etc/puppetlabs/code/environments/production/modules
Notice: Downloading from https://forgeapi.puppet.com ...
Error: Could not install 'wazuh-wazuh' (v4.1.5)
No releases matching '4.1.5' are available from https://forgeapi.puppet.com
[root@autodeploy proxychains-ng-master]# puppet module install wazuh-wazuh
Notice: Preparing to install into /etc/puppetlabs/code/environments/production/modules ...
Notice: Downloading from https://forgeapi.puppet.com ...
Notice: Installing -- do not interrupt ...
/etc/puppetlabs/code/environments/production/modules
└─┬ wazuh-wazuh (v4.0.4)
├── puppet-nodejs (v7.0.1)
├── puppet-selinux (v3.4.0)
├── puppetlabs-apt (v7.7.1)
├─┬ puppetlabs-concat (v6.4.0)
│ └── puppetlabs-translate (v2.2.0)
├── puppetlabs-firewall (v2.8.1)
├── puppetlabs-powershell (v2.3.0)
└── puppetlabs-stdlib (v6.6.0)
由于我们并没有对puppet的配置文件做什么改动,所以wazuh的剧本文件默认会在**/etc/puppetlabs/code/environments/production/modules/wazuh/manifests/**
直接去GitHub下载4.1.5版本**,**然后替换文件夹即可。
https://github.com/wazuh/wazuh-puppet/archive/refs/tags/v4.1.5.zip
查看wazuh的puppet的剧本文件。
[root@autodeploy /]# ll /etc/puppetlabs/code/environments/production/modules/wazuh/manifests/
total 200
-rw-r--r--. 1 root root 1111 Jan 18 06:26 activeresponse.pp
-rw-r--r--. 1 root root 500 Jan 18 06:26 addlog.pp
-rw-r--r--. 1 root root 29743 Jan 18 06:26 agent.pp
-rw-r--r--. 1 root root 1312 Jan 18 06:26 audit.pp
-rw-r--r--. 1 root root 520 Jan 18 06:26 command.pp
-rw-r--r--. 1 root root 2944 Jan 18 06:26 elasticsearch.pp
-rw-r--r--. 1 root root 366 Jan 18 06:26 email_alert.pp
-rw-r--r--. 1 root root 2387 Jan 18 06:26 filebeat_oss.pp
-rw-r--r--. 1 root root 2140 Jan 18 06:26 filebeat.pp
-rw-r--r--. 1 root root 98 Jan 18 06:26 init.pp
-rw-r--r--. 1 root root 464 Jan 18 06:26 integration.pp
-rw-r--r--. 1 root root 3193 Jan 18 06:26 kibana_od.pp
-rw-r--r--. 1 root root 4067 Jan 18 06:26 kibana.pp
-rw-r--r--. 1 root root 34370 Jan 18 06:26 manager.pp
-rw-r--r--. 1 root root 2689 Jan 18 06:26 opendistro.pp
-rw-r--r--. 1 root root 18878 Jan 18 06:26 params_agent.pp
-rw-r--r--. 1 root root 884 Jan 18 06:26 params_elastic.pp
-rw-r--r--. 1 root root 24992 Jan 18 06:26 params_manager.pp
-rw-r--r--. 1 root root 861 Jan 18 06:26 params_opendistro.pp
-rw-r--r--. 1 root root 2550 Jan 18 06:26 repo_elastic_oss.pp
-rw-r--r--. 1 root root 2317 Jan 18 06:26 repo_elastic.pp
-rw-r--r--. 1 root root 2688 Jan 18 06:26 repo_opendistro.pp
-rw-r--r--. 1 root root 2188 Jan 18 06:26 repo.pp
-rw-r--r--. 1 root root 799 Jan 18 06:26 reports.pp
-rw-r--r--. 1 root root 57 Jan 18 06:26 tests.pp
在wazuh模块的manifests目录里面的已经有定义好的任务,只需调用其内容即可,编写了一个简单的wazuh管理端安装任务。
首先,需要定义一个节点(node),告诉puppet你要将任务发送到那里,这里使用的名字是wazuh-manager(不需要设置DNS解析,后续puppet客户端请求puppet服务端,需要批准证书通信,在这个过程服务端就知道客户端的信息),再定义一个管理端的安装类(wazuh::需要安装的服务),后面的变量可以查看manager.pp里面所定义好的变量,我就拿了邮箱设置的变量来测试。
[root@autodeploy manifests]# cat /etc/puppetlabs/code/environments/production/modules/wazuh/manifests/wazuh-manager.pp
node "wazuh-manager" {
class { 'wazuh::manager':
ossec_smtp_server => 'smtp.163.com',
ossec_emailto => ['test@test.com'],
}
wazuh::command { 'firewallblock':
command_name => 'firewall-drop',
command_executable => 'firewall-drop.sh',
command_expect => 'srcip'
}
}
这是centos、Ubuntu、windwos系统安装wazuh客户端的任务脚本,其中wazuh_register_endpoint代表在agent_auth验证的终端地址,wazuh_reporting_endpoint代表ossec.conf里面server标签的address内容。
[root@autodeploy manifests]# cat /etc/puppetlabs/code/environments/production/modules/wazuh/manifests/wazuh-agent.pp
node "wazuh-centos-agent" {
class { "wazuh::agent":
wazuh_register_endpoint => "192.168.1.200",
wazuh_reporting_endpoint => "192.168.1.200"
}
}
node "wazuh-ubuntu-agent" {
class { "wazuh::agent":
wazuh_register_endpoint => "192.168.1.200",
wazuh_reporting_endpoint => "192.168.1.200"
}
}
node "win2008-agent" {
class { "wazuh::agent":
wazuh_register_endpoint => "192.168.1.200",
wazuh_reporting_endpoint => "192.168.1.200"
}
}
