Puppet安装部署入门版
puppet
简介
puppet官方网站:
http://www.puppetlabs.com/
puppet中文wiki:
http://puppet.chinaec2.com/
puppet中文论坛:
http://www.puppetfans.com/
puppet是一种Linux、Unix平台的集中配置管理系统,所谓配置管理系统,就是管理机器里面诸如文件,用户,进程,软件包这些资源,其设计目标是简化对这些资源的管理以及妥善处理资源间的依赖关系
puppet使用一种描述性语言来定义配置项,配置项中被称为”资源”,描述性语言能够声明你的配置的状态---好比声明一个软件包应该被安装或者一个服务应该被启动
用puppet,能够运行一个服务器端,而后每一个客户端经过ssl证书链接服务器,获得本机器的配置列表,而后更加列表的来完成配置工做,因此若是硬件配置好,在一天以内配置好上千上万台机器是很容易实现的事情,前提得大部分机器配置相似
在大规模的生成环境中,若是只有一台puppetmaster会忙不过来的,由于puppet是用ruby写的,ruby是解析型语言,每一个客户端来访 问,都要解析一次,当客户端多了就忙不过来,因此须要扩展成一个服务器组。puppetmaster能够看做一个web服务器,实际上也是由ruby提供 的web服务器模块来作的。所以能够利用web代理软件来配合puppetmaster作集群设置
puppe项目主要开发者是Luke Kanies,目前是puppet labs CEO,puppet遵循GPLv2版权协议。从1997年开始Kanies参与UNIX的系统管理工做,Puppet的开发源于这些经验。由于对已有的配置工具不甚满意,从2001年到2005年间,Kanies开始在Reductive实验室从事工具的开发。很快,Reductive实验室发布了他们的旗舰产品——
与Luke Kanies谈Puppet工具:http://article.yeeyan.org/view/neilalaer/4629
puppet
系统架构
Puppet是开源的基于Ruby的系统配置管理工具,puppet是一个C/S结构, 固然,这里的C能够有不少,所以,也能够说是一个星型结构. 全部的puppet客户端同一个服务器端的puppet通信.
每一个puppet
客户端每半小时(
能够设置)
链接一次服务器端, 下载最新的配置文件,而且严格按照配置文件来配置服务器. 配置完成之后,puppet客户端能够反馈给服务器端一个消息. 若是出错,也会给服务器端反馈一个消息. 下图展现了一个典型的puppet配置的数据流动状况
puppet
工做流程
实验环境:
puppetmaster 10.13.89.165 lianglab.com
puppet 10.13.89.185 lianglab4.com
安装步骤:
因为centos最小化安装,须要yum一些经常使用工具
[root@lianglab ~]# yum install ntp vixie-cron wget vim-enhanced telnet
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.163.com
* extras: mirrors.163.com
* rpmforge: ftp.riken.jp
* updates: mirrors.163.com
Setting up Install Process
安装NTP同步时间,统一master和client上的时间
crontables(用来安装、卸装、或列举用来驱动 cron 守护进程的表格的程序)默认是安装的,可vixie-cron软件包是cron的主程序
wget下载安装文件
VI只默认安装了vim-minimal-7.x,因此不管是输入vi或者 vim查看文件,syntax功能都没法正常启用。所以须要用yum安装另外两个组件:vim-common-7.x和vim-enhanced- 7.x ,yum vim-enhanced-会自动下载关联vim-common
telnet只安装client,便于测试网络连通性
[root@lianglab soft]# chkconfig --level 35 ntpd on
[root@lianglab soft]# crontab -e
no crontab for root - using an empty one
10 5 * * * root /usr/sbin/ntpdate time.nist.gov ; /sbin/hwclock –w
#天天凌晨5点10分同步time.nist.gov,并将 Linux 时间写入 BIOS时
[root@lianglab soft]# service crond restart
[root@lianglab soft]# ntpdate pool.ntp.org;hwclock -w
15 Jun 11:27:31 ntpdate[4925]: adjust time server 180.153.100.115 offset 0.031925 sec
[root@lianglab soft]#
Puppet 要求全部机器有完整的域名(FQDN),若是没有 DNS 服务器提供域名的话,能够在两台机器上设置主机名(注意要先设置主机名再安装 Puppet,因安装 Puppet 时会把主机名写入证书,客户端和服务端通讯须要这个证书):
[root@lianglab soft]# echo "10.13.89.185 lianglab4.com" >>/etc/hosts
[root@lianglab soft]# hostname
lianglab.com
[root@lianglab soft]# cat /etc/sysconfig/network
NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=lianglab.com
[root@lianglab soft]#
[root@lianglab soft]# cat /etc/resolv.conf
; generated by /sbin/dhclient-script
search taobao.ali.com
nameserver 10.13.2.6
nameserver 10.1.23.6
[root@lianglab soft]#
--------------------------------------------------------------------------------------------------
安装ruby
因为puppet是由ruby语言编写,因此要安装ruby环境及库文件,命令帮助文件
[root@lianglab soft]# yum install ruby ruby-libs ruby-rdoc
安装facter
puppet资源下载点 http://downloads.puppetlabs.com/
facter是一个系统盘点工具,收集主机的一些资料,好比CPU,主机IP等,它收集到值发送给puppet服务器端,服务器端就能够根据不一样的条件来对不一样的节点机器生成不一样的puppet配置文件
安装puppet以前必须先安装facter
[root@lianglab soft]# wget http://downloads.puppetlabs.com/facter/facter-1.6.8.tar.gz
--2013-06-15 12:15:55-- http://downloads.puppetlabs.com/facter/facter-1.6.8.tar.gz
正在解析主机 downloads.puppetlabs.com... 96.126.116.126, 2600:3c00::f03c:91ff:fe93:711a
Connecting to downloads.puppetlabs.com|96.126.116.126|:80... 已链接。
已发出 HTTP 请求,正在等待回应... 200 OK
长度:119323 (117K) [application/x-gzip]
Saving to: `facter-1.6.8.tar.gz'
100%[===================================================>] 119,323 152K/s in 0.8s
2013-06-15 12:15:57 (152 KB/s) - `facter-1.6.8.tar.gz' saved [119323/119323]
[root@lianglab soft]#
[root@lianglab soft]#
[root@lianglab soft]# tar -zxvf facter-1.6.8.tar.gz
------省略--------
facter-1.6.8/conf/osx/PackageInfo.plist
facter-1.6.8/conf/osx/preflight
facter-1.6.8/bin/facter
[root@lianglab soft]# cd facter-1.6.8
[root@lianglab facter-1.6.8]# ruby install.rb
facter-1.6.8/conf/osx/PackageInfo.plist
facter-1.6.8/conf/osx/preflight
facter-1.6.8/bin/facter
[root@lianglab soft]# cd facter-1.6.8
[root@lianglab facter-1.6.8]# ruby install.rb
which: no rst2man.py in (/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin)
install -c -p -m 0755 /tmp/facter-binfile.27543.0 /usr/bin/facter
mkdir -p -m 755 /usr/lib/ruby/site_ruby/1.8
-------------省略-------------------
install -c -p -m 0644 lib/facter/util/plist/generator.rb /usr/lib/ruby/site_ruby/1.8/facter/util/plist/generator.rb
Loaded suite install
Started
Finished in 0.000588 seconds.
0 tests, 0 assertions, 0 failures, 0 errors
[root@lianglab facter-1.6.8]#
安装puppet
[root@lianglab facter-1.6.8]# cd ..
[root@lianglab soft]# wget
http://downloads.puppetlabs.com/puppet/puppet-2.7.14.tar.gz
--2013-06-15 12:21:13-- http://downloads.puppetlabs.com/puppet/puppet-2.7.14.tar.gz
正在解析主机 downloads.puppetlabs.com... 96.126.116.126, 2600:3c00::f03c:91ff:fe93:711a
Connecting to downloads.puppetlabs.com|96.126.116.126|:80... 已链接。
已发出 HTTP 请求,正在等待回应... 200 OK
长度:1898410 (1.8M) [application/x-gzip]
Saving to: `puppet-2.7.14.tar.gz'
100%[===================================================>] 1,898,410 474K/s in 4.4s
2013-06-15 12:21:18 (422 KB/s) - `puppet-2.7.14.tar.gz' saved [1898410/1898410]
[root@lianglab soft]#
[root@lianglab soft]# tar -zxvf puppet-2.7.14.tar.gz
[root@lianglab soft]# cd puppet-2.7.14
[root@lianglab puppet-2.7.14]# ruby install.rb
--------------省略-------------------
man/man8/puppet-doc.8 -> /usr/share/man/man8/puppet-doc.8
chmod 0644 /usr/share/man/man8/puppet-doc.8
man/man8/pi.8 -> /usr/share/man/man8/pi.8
chmod 0644 /usr/share/man/man8/pi.8
man/man8/puppet-describe.8 -> /usr/share/man/man8/puppet-describe.8
chmod 0644 /usr/share/man/man8/puppet-describe.8
man/man8/puppet-device.8 -> /usr/share/man/man8/puppet-device.8
chmod 0644 /usr/share/man/man8/puppet-device.8
man/man8/puppet-man.8 -> /usr/share/man/man8/puppet-man.8
chmod 0644 /usr/share/man/man8/puppet-man.8
man/man8/puppetca.8 -> /usr/share/man/man8/puppetca.8
chmod 0644 /usr/share/man/man8/puppetca.8
man/man5/puppet.conf.5 -> /usr/share/man/man5/puppet.conf.5
chmod 0644 /usr/share/man/man5/puppet.conf.5
[root@lianglab puppet-2.7.14]#
复制配置文件
[root@lianglab puppet-2.7.14]# cp conf/redhat/fileserver.conf /etc/puppet/
[root@lianglab puppet-2.7.14]# cp conf/redhat/puppet.conf /etc/puppet/
[root@lianglab puppet-2.7.14]# cp conf/redhat/server.init /etc/init.d/puppetmaster
[root@lianglab puppet-2.7.14]#
添加puppet用户
[root@lianglab puppet-2.7.14]# groupadd puppet
[root@lianglab puppet-2.7.14]# useradd -g puppet -s /bin/false -M puppet
[root@lianglab puppet-2.7.14]#
验证一下安装是否成功
[root@lianglab puppet-2.7.14]# puppet master
[root@lianglab puppet-2.7.14]# ps -ef | grep puppet | grep -v grep
puppet 27781 1 0 12:30 ? 00:00:00 /usr/bin/ruby /usr/bin/puppet master
[root@lianglab puppet-2.7.14]#
[root@lianglab puppet-2.7.14]# kill 27781
[root@lianglab puppet-2.7.14]# ps -ef | grep puppet | grep -v grep
[root@lianglab puppet-2.7.14]#
设置puppetmaster为服务,并自动启动,确认puppetmaster是否有执行权限
将puppetmaster服务脚本添加为服务,并在三、5级别启动。
[root@lianglab puppet-2.7.14]# chmod 755 /etc/init.d/puppetmaster
[root@lianglab puppet-2.7.14]# chkconfig --add puppetmaster
[root@lianglab puppet-2.7.14]# chkconfig --level 35 puppetmaster on
[root@lianglab puppet-2.7.14]#
[root@lianglab puppet-2.7.14]# /etc/init.d/puppetmaster restart
中止 puppetmaster:[失败]
启动 puppetmaster:[肯定]
[root@lianglab puppet-2.7.14]#
[root@lianglab puppet-2.7.14]# ps -ef | grep puppet | grep -v grep
puppet 27883 1 0 12:48 ? 00:00:00 /usr/bin/ruby /usr/sbin/puppetmasterd
[root@lianglab puppet-2.7.14]#
1)确认是否生成清单文件夹
[root@lianglab puppet-2.7.14]# ll /etc/puppet/
总计 16
-rw-r--r-- 1 root root 2552 06-15 12:22 auth.conf
-rwxr-xr-x 1 root root 381 06-15 12:23 fileserver.conf
drwxr-xr-x 2 root root 4096 06-15 12:30 manifests
-rwxr-xr-x 1 root root 853 06-15 12:23 puppet.conf
[root@lianglab puppet-2.7.14]#
2)确认系统生成puppet用户
[root@lianglab puppet-2.7.14]# cat /etc/passwd | grep puppet
puppet:x:503:504::/home/puppet:/bin/false
[root@lianglab puppet-2.7.14]#
3)保证/var/lib/puppet/rrd目录存在且属主是puppet
[root@lianglab puppet-2.7.14]# ll /var/lib/puppet/
总计 36
drwxr-x--- 2 puppet puppet 4096 06-15 12:30 bucket
drwxr-xr-x 2 root root 4096 06-15 12:30 facts
drwxr-xr-x 2 root root 4096 06-15 12:30 lib
drwxr-x--- 2 puppet puppet 4096 06-15 12:30 reports
drwxr-x--- 2 puppet puppet 4096 06-15 12:30 rrd
drwxr-x--- 2 puppet puppet 4096 06-15 12:30 server_data
drwxrwx--x 8 puppet root 4096 06-15 12:30 ssl
drwxr-xr-t 2 root root 4096 06-15 12:30 state
drwxr-x--- 2 puppet puppet 4096 06-15 12:30 yaml
====================================客户端配置=========================================
[root@lianglab4 ~]# echo "10.13.89.165 lianglab.com" >> /etc/hosts
[root@lianglab4 ~]# cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 lianglab4.com lianglab4 localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6
10.13.89.165 lianglab.com
[root@lianglab4 ~]#
[root@lianglab4 ~]# hostname
lianglab4.com
[root@lianglab4 ~]# cat /etc/sysconfig/network
NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=lianglab4.com
[root@lianglab4 ~]#
在客户端安装ruby facter puppet的步骤与服务端安装同样
yum install ruby ruby-libs ruby-rdoc
wget http://downloads.puppetlabs.com/facter/facter-1.6.8.tar.gz
tar -zxvf facter-1.6.8.tar.gz
cd facter-1.6.8
ruby install.rb
wget http://downloads.puppetlabs.com/puppet/puppet-2.7.14.tar.gz
tar -zxvf puppet-2.7.14.tar.gz
cd puppet-2.7.14
ruby install.rb
特别说明:请注意客户端和服务器端版本要一致。若是版本不一致的话,那么高版本的只能是puppet server,另外一台只能做为puppet客户端,也就是说puppet 服务端的版本能够大于或者等于客户端版本,不能够小于
其中区别一些以下:
[root@lianglab4 puppet-2.7.14]# cp conf/redhat/client.init /etc/init.d/puppet
[root@lianglab4 puppet-2.7.14]# chkconfig --add puppet
[root@lianglab4 puppet-2.7.14]# chkconfig --level 35 puppet on
[root@lianglab4 puppet-2.7.14]# groupadd puppet
[root@lianglab4 puppet-2.7.14]# useradd -g puppet -s /bin/false -M puppet
[root@lianglab4 puppet-2.7.14]#
测试解析与puppetmaster端口是否畅通
[root@lianglab4 puppet-2.7.14]# telnet lianglab.com 8140
Trying 10.13.89.165...
Connected to lianglab.com (10.13.89.165).
Escape character is '^]'.
Connection closed by foreign host.
[root@lianglab4 puppet-2.7.14]#
[root@lianglab4 puppet-2.7.14]# /etc/init.d/puppet start
启动 puppet:Could not prepare for execution: Could not create PID file: /var/lib/puppet/run/agent.pid
[肯定]
[root@lianglab4 puppet-2.7.14]#
puppetd --test --server lianglab.com命令是指puppetd 从 lianglab.com去读取
puppet配置文件. 第一次链接,双方会进行ssl证书的验证,这是一个新的客户端,在服务器端那里尚未被认证,所以须要在服务器端进行证书认证
如下这步批准证书是在服务端操做
A。咱们要向服务器申请证书
[root@lianglab4 puppet-2.7.14]# puppetd --test --server lianglab.com
warning: peer certificate won't be verified in this SSL session
info: Caching certificate for ca
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
info: Creating a new SSL certificate request for lianglab4.com
info: Certificate Request fingerprint (md5): 50:2D:89:E5:B8:6A:11:4A:6E:5D:AB:3F:47:21:A1:12
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
Exiting; no certificate found and waitforcert is disabled
[root@lianglab4 puppet-2.7.14]#
B:服务端接受申请
[root@lianglab puppet-2.7.14]# puppetca --list #查看当前待批准证书列表
lianglab4.com (50:2D:89:E5:B8:6A:11:4A:6E:5D:AB:3F:47:21:A1:12)
[root@lianglab puppet-2.7.14]#
[root@lianglab puppet-2.7.14]# puppetca -s lianglab4.com #批准当前证书
notice: Signed certificate request for lianglab4.com
notice: Removing file Puppet::SSL::CertificateRequest lianglab4.com at '/var/lib/puppet/ssl/ca/requests/lianglab4.com.pem'
[root@lianglab puppet-2.7.14]#
查看验证签名,注意前面的+号,说明已经签名
[root@lianglab puppet-2.7.14]# puppetca -a --list
+ lianglab.com (71:46:13:EC:A1:FB:E2:43:57:6B:AA:14:CC:4B:0E:5E) (alt names: DNS:lianglab.com, DNS:puppet, DNS:puppet.com)
+ lianglab4.com (14:C3:F9:3C:7D:73:0B:08:CF:C4:1E:B6:71:7B:9C:A7)
[root@lianglab puppet-2.7.14]#
--------------------------------------------------------------------------------------------------
若是要批准所有证书
puppetca -s -a
也能够在puppetmaster端的puppet.conf加入这行:
autosign = true
服务端就自动签证书
--------------------------------------------------------------------------------------------------
C:回到客户端操做,从服务端取回已批准的证书
[root@lianglab4 puppet-2.7.14]# puppetd --test --server lianglab.com
warning: peer certificate won't be verified in this SSL session
info: Caching certificate for
lianglab4.com
info: Caching certificate_revocation_list for ca
info: Caching catalog for
lianglab4.com
info: Applying configuration version '1371275671'
info: Creating state file /var/lib/puppet/state/state.yaml
notice: Finished catalog run in 0.15 seconds
[root@lianglab4 puppet-2.7.14]#
注意:上文中的红色部分,生成证书时主界面会写入证书,若是生成证书后再更改主机名证书就失效了。
并且请不要用cliens相似简称名字,而应该用lianglab4.com这样全名申请证书,从新审批旧机器的新证书,
当申请到证书之后咱们对比下这两个文件,他们的MD5值是同样的。
验证证书是否正确
服务端:
[root@lianglab puppet-2.7.14]# md5sum /var/lib/puppet/ssl/ca/signed/lianglab4.com.pem
4b059e3937cfee49ff98d5bd5557b2db /var/lib/puppet/ssl/ca/signed/lianglab4.com.pem
[root@lianglab puppet-2.7.14]#
客户端:
[root@lianglab4 puppet]# md5sum /md5sum /var/lib/puppet/ssl/certs/lianglab4.com.pem
4b059e3937cfee49ff98d5bd5557b2db /var/lib/puppet/ssl/certs/lianglab4.com.pem
------------------------------------------------------------------------------------------------
其实申请证书的过程就是服务器端生成证书,并发送到客户端的过程。
若是由于意外要从新给旧机器审批证书,咱们须要作如下两点才能够从新注册。
出现修改主机名问题引发没法认证,须要从新申请证书,操做如下两个步骤:
puppetca --clean lianglab4.com #清除服务端的证书。
或者rm -rf /var/lib/puppet/ssl/ca/signed/lianglab4.com.pem删除已经注册给客户机“client.gongchang.com”的证书;
rm -rf /var/lib/puppet/ssl/ #客户端要删掉ssl目录。而后执行a、b、c三步。
服务端:
[root@server ca]# rm -rf /var/lib/puppet/ssl/ca/signed/client1.viong.com.pem
客户端:
[root@client1 puppet-2.7.14]# rm -rf /var/lib/puppet/ssl/
------------------------------------------------------------------------------------------------
功能测试-------------------------------------------------------
在服务器端新建一个/etc/puppet/manifests/site.pp文件,新建pp文件测试,puppet的第一个执行的代码是在/etc/puppet/manifest/site.pp所以这个文件必须存在,并且其余的代码也要经过代码来调用.
[root@lianglab puppet-2.7.14]# vi /etc/puppet/manifests/site.pp
node default {
file {"/tmp/Puppet_test.txt": #这是文件路径名;
content=>"This is test of PUPPET"; } #这是文件的内容;
}
上面的代码对默认连入的puppet客户端执行一个操做,在/tmp目录生成一个Puppet_test.txt文件,内容是goThis is test of PUPPET! 并自动回车换行
初次建立pp文件,须要重启puppetmaster
[root@lianglab puppet-2.7.14]# /etc/init.d/puppetmaster restart
中止 puppetmaster:[肯定]
启动 puppetmaster:[肯定]
[root@lianglab puppet-2.7.14]#
[root@lianglab puppet-2.7.14]# puppet /etc/puppet/manifests/site.pp #执行此命令使site.pp配置生效;
warning: Implicit invocation of 'puppet apply' by passing files (or flags) directly
to 'puppet' is deprecated, and will be removed in the 2.8 series. Please
invoke 'puppet apply' directly in the future.
notice: /Stage[main]//Node[default]/File[/tmp/Puppet_test.txt]/ensure: defined content as '{md5}d395f8aa0b8a631c726a9a3f411093c6'
notice: Finished catalog run in 0.04 seconds
[root@lianglab puppet-2.7.14]#
咱们在回到客户端执行命令会获得以下提示信息:
[root@lianglab4 puppet]# puppetd --test --server lianglab.com
info: Caching catalog for lianglab4.com
info: Applying configuration version '1371277359'
notice: /Stage[main]//Node[default]/File[
/tmp/Puppet_test.txt]/ensure: defined content as '{md5}d395f8aa0b8a631c726a9a3f411093c6'
notice: Finished catalog run in 0.05 seconds
[root@lianglab4 puppet]#
[root@lianglab4 puppet]# cat /tmp/Puppet_test.txt
This is test of PUPPET
[root@lianglab4 puppet]#
设置客户端的守护进程
[root@lianglab4 puppet]# service puppet stop
[root@lianglab4 puppet]# puppetd --test --server lianglab.com --verbose --waitforcert 100
info: Caching catalog for lianglab4.com
info: Applying configuration version '1371277359'
notice: Finished catalog run in 0.03 seconds
[root@lianglab4 puppet]#
--server 服务端FQDN –-verbose 输出冗余信息 –-waitforcert 超时100
部分状况下puppet服务会没法启动,且提示puppet已经启动,这个时候须要删除一个文件:
[root@client ~]#/usr/sbin/puppetd --test --server master.gongchang.com
notice: Run of Puppet configuration client already in progress; skipping
[root@client ~]#rm /var/lib/puppet/state/puppetdlock
Puppet C/S环境搭建完毕。
文档先整理到这来,资源管理这块涉及到不少内容须要花时间慢慢研究的,
文章整理共计花费4个小时多,可是仍是挺顺利的。
感谢这个博主:
http://viong.blog.51cto.com
相关文章
- 1. puppet部署二 安装puppet
- 2. Puppet的安装部署
- 3. Puppet安装及部署
- 4. Puppet安装部署篇(二)
- 5. Puppet安装部署篇(一)
- 6. Linux puppet的安装配置部署
- 7. puppet的安装部署实例
- 8. puppet部署三 配置puppet
- 9. puppet部署
- 10. puppet彻底攻略(一)puppet应用原理及安装部署
- 更多相关文章...
- • Eclipse 安装(Neon 版本) - Eclipse 教程
- • Maven 自动化部署 - Maven教程
- • Composer 安装与使用
- • YAML 入门教程
相关标签/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
欢迎关注本站公众号,获取更多信息
相关文章
- 1. puppet部署二 安装puppet
- 2. Puppet的安装部署
- 3. Puppet安装及部署
- 4. Puppet安装部署篇(二)
- 5. Puppet安装部署篇(一)
- 6. Linux puppet的安装配置部署
- 7. puppet的安装部署实例
- 8. puppet部署三 配置puppet
- 9. puppet部署
- 10. puppet彻底攻略(一)puppet应用原理及安装部署