|
|
........
http://yooke.blog.iyunv.com/4472498/1158831
原创作品,允许转载,转载时请务必以超链接形式标明文章 原始出处 、作者信息和本声明。否则将追究法律责任。http://yooke.blog.iyunv.com/4472498/1158831
2013/3/19 10:28
系统环境:
Centos6.2_x86_64
puppet-3.0.2
一、安装puppet-dashboard
yum install rubygem-rake ruby-mysql mysql-server puppet-dashboard
二、修改mysql配置
1. 修改单行最大容量
vim /etc/my.cnf
max_allowed_packet = 32M #[mysqld]内加入
2. 配置默认字符集为utf8
defalut-character-set = utf8 #[mysqld]和[client]内加入
3. 创建mysql数据库和用户
create database dashboard;
grant all on dashboard.* to puppet@'localhost' identified by 'centos';
flush privileges;
三、配置puppet-dashboard
1. 修改database.yml
vim /usr/share/puppet-dashboard/config/database.yml
production:
database: dashboard
username: puppet
password: centos
encoding: utf8
adapter: mysql
2. 导入表结构,依次执行如下命令
cd /usr/share/puppet-dashboard
rake gems:refresh_specs
rake RAILS_ENV=production db:migrate
3. 测试puppet-dashboard能否工作
/usr/share/puppet-dashboard/script/server -e production
4. 启动完成后访问http://ip:3000测试
四、配置puppet服务端和客户端
- 服务器端配置
vim /etc/puppet/puppet.conf #在[main]内添加
reports = http,store
reporturl = http://IP:3000/reports/upload
修改完毕后重启puppetmaster服务
- 在客户端配置
vim /etc/puppet/puppet.conf #在[agent]内添加
report = true
修改完毕后重启puppet服务
五、dashboard相关命令
- 导入已有的报告
cd /usr/share/puppet-dashboard
rake RAILS_ENV=production reports:import
- 运行分析报告进程
env RAILS_ENV=production /usr/share/puppet-dashboard/script/delayed_job -p dashboard -n 4 -m start #-n 指定启动多少个进程,-m stop 停止分析进程,-m start 启动分析进程
- 后台运行dashboard
/usr/share/puppet-dashboard/script/server -e production -d
六、puppet-dashboard+apache配置
- 解决依赖关系yum install httpd mod_passenger
- 配置apache
vim /etc/httpd/conf.d/passenger.conf
LoadModule passenger_module modules/mod_passenger.so
<IfModule mod_passenger.c>
PassengerRoot /usr/share/rubygems/gems/passenger-3.0.17
PassengerRuby /usr/bin/ruby
PassengerHighPerformance on
PassengerMaxPoolSize 12
PassengerPoolIdleTime 1500
PassengerStatThrottleRate 120
RailsAutoDetect On
</IfModule>
<VirtualHost *:8001>
DocumentRoot "/usr/share/puppet-dashboard/public/"
<Directory "/usr/share/puppet-dashboard/public/">
Options None
AllowOverride AuthConfig
Order allow,deny
allow from all
</Directory>
ErrorLog /var/log/httpd/dashboard.error.log
LogLevel warn
CustomLog /var/log/httpd/dashboard.access.log combined
ServerSignature On
</VirtualHost>
七、整合puppetmaster到apache
- 解决依赖关系yum install mod_ssl
- 创建apache配置
cp /usr/share/puppet/ext/rack/files/apache2.conf /etc/httpd/conf.d/rack.conf
mkdir -p /etc/puppet/rack/public
cp /usr/share/puppet/ext/rack/files/config.ru /etc/puppet/rack/
- 修改apache配置
vim /etc/httpd/conf.d/rack.conf
# you probably want to tune these settings #注释这些配置,因为已经在passenger.conf中定义
#PassengerHighPerformance on
#PassengerMaxPoolSize 12
#PassengerPoolIdleTime 1500
# PassengerMaxRequests 1000
#PassengerStatThrottleRate 120
#RackAutoDetect Off
#RailsAutoDetect Off
Listen 8140
<VirtualHost *:8140>
SSLEngine on
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
SSLCertificateFile /var/lib/puppet/ssl/certs/puppet.server.cihi.cn.pem #修改这里对应的路径
SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/puppet.server.cihi.cn.pem
SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem
SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem
SSLVerifyClient optional
SSLVerifyDepth 1
. . .
- 验证测试
八、puppet dashboard常用操作命令如下:
当puppet dashboard数据量过多的时候,需要优化数据库,可使用命令:
rake RAILS_ENV=production db:raw:optimize
清量dashborad一个月之前的数据。可以使用
rake RAILS_ENV=production reports:prune upto=1 unit=mon
备份puppet dashborad数据库,可以使用如下命令:
rake RAILS_ENV=production db:raw:dump
备份sql并输出到文件:
rake RAILS_ENV=production FILE=/my/backup/file.sql db:raw:dump
恢复puppet dashboard数据库,可以使用如下命令:
rake RAILS_ENV=production FILE=production.sql db:raw:restore
本文出自 “夜,幕” 博客,请务必保留此出处http://yooke.blog.iyunv.com/4472498/1158831
http://www.jsxubar.info/tag/puppet-dashboard/
puppet dashboard 是 puppet 的 web 管理端,可以查看报告、添加节点、添加组和添加类。除了能查看 puppet 的信息之后,还能做出修改。因此对 puppet dashboard 添加认证是必须的,防止未授权用户查看和修改信息。
puppet dashboard 认证
本文的 puppet dashboard 的版本是puppet-dashboard-1.2.23。web 服务器 apache。 是在 apache 上添加访问控制,在 /nodes 和 /reports/upload 目录只允许 puppet master 本机访问,对于根目录 / 则使用用户名加密码的认证方式。
配置文件的关键在于以下两点:
- 配置基本认证
- 允许 puppet master 的直接访问
1. 配置 apache 虚拟主机
配置文件如下:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
|
# passenger and ruby path
PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-3.0.19
PassengerRuby /usr/bin/ruby
PassengerTempDir /var/run/passenger
# you may want to tune these settings
PassengerHighPerformance on
PassengerMaxPoolSize 12
PassengerPoolIdleTime 1500
# PassengerMaxRequests 1000
PassengerStatThrottleRate 120
RailsAutoDetect On
Listen 80
<VirtualHost *:80>
#ServerName dashboard.example.com # UPDATE THIS TO YOUR FQDN
DocumentRoot /usr/share/puppet-dashboard/public/
<Directory /usr/share/puppet-dashboard/public/>
Options None
Order allow,deny
allow from all
</Directory>
ErrorLog logs/puppetdashboard_error.log
LogLevel warn
CustomLog logs/puppetdashboard_access.log combined
ServerSignature On
# Uncomment this section to enable basic auth. This section can also be copied
# to the HTTPS VirtualHost example below.
# For report submission from masters.
<Location /reports/upload>
<Limit POST>
# Configuration restricts HTTP actions to POST only
Order allow,deny
Allow from localhost
Allow from localhost.localdomain
Allow from 127.0.0.1
# This can be locked down to just your puppet master if required
# See examples above, or http://httpd.apache.org/docs/2.2/howto/access.html
Allow from all
Satisfy any
</Limit>
</Location>
#
# # For node definitions from masters.
<Location /nodes>
<Limit GET>
# Configuration restricts HTTP actions to GET only
Order allow,deny
Allow from localhost.localdomain
Allow from localhost
Allow from 127.0.0.1
# This can be locked down to just your puppet master if required
# See examples above, or http://httpd.apache.org/docs/2.2/howto/access.html
Allow from all
Satisfy any
</Limit>
</Location>
#
# # For web access by humans.
<Location "/">
AuthType basic
AuthName "Puppet Dashboard"
Require valid-user
AuthBasicProvider file
# Change to your preferred password file location
AuthUserFile /usr/share/puppet-dashboard/.htaccess
</Location>
</VirtualHost>
# Uncomment this section to enable HTTPS (SSL)
#Listen 443
#<VirtualHost *:443>
# SSLEngine on
# SSLProtocol -ALL +SSLv3 +TLSv1
# SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
#
# SSLCertificateFile /usr/share/puppet-dashboard/certs/dashboard.cert.pem
# SSLCertificateKeyFile /usr/share/puppet-dashboard/certs/dashboard.private_key.pem
# SSLCACertificateFile /usr/share/puppet-dashboard/certs/dashboard.ca_cert.pem
#
# # If Apache complains about invalid signatures on the CRL, you can try disabling
# # CRL checking by commenting the next line, but this is not recommended.
# SSLCARevocationFile /usr/share/puppet-dashboard/certs/dashboard.ca_crl.pem
#
# SSLVerifyClient optional
# SSLVerifyDepth 1
# SSLOptions +StdEnvVars
#
# ServerName dashboard.example.com # UPDATE THIS TO YOUR FQDN
# DocumentRoot /usr/share/puppet-dashboard/public
# <Directory /usr/share/puppet-dashboard/public>
# Options None
# AllowOverride None
# Order allow,deny
# allow from all
# </Directory>
# <Location / >
# Order deny,allow
# Allow from ALL
# # Enable this to require client-side certificates for Dashboard connections
# #SSLVerifyClient require
# </Location>
#</VirtualHost>
|
2. 添加 apache 密码文件
1
|
htpasswd -b -m -d -c /usr/share/puppet-dashboard/.htaccess username strong_password
|
3. 重启 apache
这样就行了。
有一条评论
Puppet dashboard 安装
(2 votes, average: 5.00 out of 5)
841 views2012 年 3 月 4 日Puppet、运维dashboard、master、puppet、puppet dashboardjsxubar
Puppet dashboard 是Puppet Master的一个组件, 用于更好的管理Puppet,预定义了很多任务,且有一个Web控制台,可以通过Web界面查看当前信息和进行管理。
在CentOS安装 Puppet dashboard 中讲到了使用yum安装Puppet dashboard。
整了一天的dashboard,终于能用了,把整个过程分享一下。安装完看到下面的界面真是太高兴了。
一、 Puppet Dashboard 安装环境
1
2
|
master 192.168.254.11 server.com
client 192.168.254.12 client.com
|
操作系统: rhel 5.3
ruby版本: ruby 1.8.5 (2006-08-25) [i386-linux]
已安装好puppet,且配置好了master和client,详情可见”安装Puppet“一文
二、 Puppet dashboard 安装过程
以下过程如无特别说明,都是指在master上操作
1. 安装依赖包
安装ruby
ruby版本太低,下载企业版ruby-enterprise-1.8.7-2011.03.tar.gz
1
2
3
4
|
wget http://rubyenterpriseedition.googlecode.com/files/ruby-enterprise-1.8.7-2011.03.tar.gz
tar zxvf ruby-enterprise-1.8.7-2011.03.tar.gz
cd ruby-enterprise-1.8.7
ruby installer.rb # 进入一个菜单,按Enter继续
|
# 默认安装在/opt/ruby-enterprise-1.8.7-2011.03/
安装rake
安装ruby-enterprise会安装自动rake
1
2
3
4
|
wget http://files.rubyforge.vm.bytemark.co.uk/rake/rake-0.8.7.tgz
tar zxvf rake-0.8.7.tgz
cd rake-0.8.7
ruby install.rb
|
安装rubygems
安装ruby-enterprise时就会安装rubygems,如果能运行gem则已安装
# 这里还是给出单独安装说明
1
2
3
4
|
wget http://files.rubyforge.vm.bytemark.co.uk/rubygems/rubygems-1.8.11.tgz
tar zxvf rubygems-1.8.11.tgz
cd rubygems-1.8.11
/opt/ruby-enterprise-1.8.7-2011.03/bin/ruby setup.rb
|
安装mysql
这里就不说明了
安装Ruby-MySQL
1
2
3
|
gem install mysql
# 如果你的mysql安装的不是默认位置,则使用以下命令:
env ARCHFLAGS="-arch x86_64" gem install mysql -- --with-mysql-config=/path/to/your/mysql_config --with-mysql-dir=/path/of/mysql
|
# 可利用以下命令找出mysql和mysql_config
1
2
|
updatedb
locate mysql_config
|
2. 安装dashboard
1
2
3
4
5
6
7
8
9
|
wget http://puppetlabs.com/downloads/dashboard/puppet-dashboard-1.2.0.tar.gz
tar xzvf puppet-dashboard-1.2.0.tar.gz
mv puppet-dashboard-1.2.0 /opt/puppet-dashboard
groupadd puppet-dashboard
useradd -g puppet-dashboard puppet-dashboard
chown -R puppet-dashboard:puppet-dashboard /opt/puppet-dashboard
cd /opt/puppet-dashboard/config
cp database.yml{.example,}
cp settings.yml{.example,}
|
创建数据库
1
2
|
mysql -uroot -p
# 连上数据库后,运行以下命令:
|
1
2
3
4
|
CREATE DATABASE dashboard CHARACTER SET utf8;
CREATE USER 'dashboard'@'localhost' IDENTIFIED BY 'my_password';
GRANT ALL PRIVILEGES ON dashboard.* TO 'dashboard'@'localhost';
exit
|
# 测试一下,能连上就OK了
1
|
mysql -udashboard -pmy_password
|
修改datebase.yml
vim database.yml # 修改以下内容
———————————-
1
2
3
4
5
6
|
production:
database: dashboard
username: dashboard
password: my_password
encoding: utf8
adapter: mysql
|
———————————-
修改mysql配置
# 修改单行最大容量
# [mysqld] 下加入下面这行
1
|
max_allowed_packet = 32M
|
重启mysqld
1
|
/etc/init.d/mysqld restart
|
# 创建数据库表,注意当前目录仍然是/opt/puppet-dashboard/config
1
|
rake RAILS_ENV=production db:migrate
|
3. 测试dashboard能否工作
1
2
|
cd ..
script/server -e production
|
# 找个浏览器,输入:
# 里面是空的,什么都显示0
三、 管理Puppet dashboard
1. 配置Puppet向dashboard提交数据
# 注意puppet版本,使用puppet help,在最下面有版本
# 我的版本是2.7.6, 2.6.0或更新的版本照以下提示操作
# 在客户端,也就是 192.168.254.12 , client.com上
# 修改配置文件
vim /etc/puppet/puppet.conf
1
2
|
[agent]
report = true
|
# 服务器端修改配置文件
vim /etc/puppet/puppet.conf
1
2
3
|
[master]
reports = store, http
reporturl = http://localhost:3000/reports/upload
|
# 配置ENC
1
2
3
|
[master]
node_terminus = exec
external_nodes = /usr/bin/env PUPPET_DASHBOARD_URL=http://localhost:3000 /opt/puppet-dashboard/bin/external_node
|
# 重启一下服务器daemon
1
|
service puppetmasterd restart
|
# 在客户端,我也重启了一下
1
2
|
pkill puppet
puppet --agent --server server.com
|
# 刷新一下浏览器,可以在puppet dashboard上看到:
1
2
|
Backgroud Tasks
1 pending tasks
|
2. 监控
1
|
env RAILS_ENV=production script/delayed_job -p dashboard -n 1 -m start
|
# 运行任务
1
|
rake RAILS_ENV=production jobs:work
|
# 重新查看浏览器,发现有一个report了
如果使用rpm安装,则dashboard位置为/usr/share/puppet-dashboard
3. 查看预定义任务
查看所有预设的rake脚本:
1
2
|
cd dashboard-dir
rake --task
|
四、 参考文章
http://www.mysqlops.com/2011/10/28/puppet-dashboard.html
puppet dashboard是GUI(图形用户界面)方式管理puppet,可以查看puppet运行日志,之前puppet dashboard也安装,配置过,相对过程比较简单,QQ群里有还是有人反应安装了好几次puppet dashboard,都没有成功,本文是sky在虚拟机中安装的dashboard笔记,以供参考。
【配置前准备】:
1 确认ruby版本(官方要求的版本1.8.4到1.8.7):
#ruby -v
ruby 1.8.5 (2006-08-25) [x86_64-linux]
注:后面会安装rake,它会提示我们的ruby版本要>1.8.6。(本文主要针对编译安装,对于yum安装直接yum install rubygems即可)
先升级ruby,步骤如下:
- wget ftp://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.1-p376.tar.gz
- cd ruby-1.9.1-p376
- ./configure –prefix=/usr/local/ruby/
- make -j5 && make install
- export PATH=/usr/local/ruby/bin/:$PATH ##设置环境变量
- export PATH=/usr/local/ruby/bin/:$PATH 添加到/etc/profile ##修改系统变量
现在查看:#which ruby
/usr/local/ruby/bin/ruby
# ruby -v
ruby 1.9.1p376 (2009-12-07 revision 26041) [x86_64-linux]
2 . 安装相关依赖包
yum install -y mysql mysql-devel mysql-server ruby ruby-devel ruby-irb ruby-mysql \
ruby-rdoc ruby-ri
备注:如果是自己编译好的mysql,可以指定gem install mysql -- --with-mysql-config=/usr/local/mysql/bin/mysql_config
3 . 启动数据库服务
chkconfig mysqld on && service mysqld start
4 .安装GEM软件包安装器
查看本机的gem 版本
gem -v
1.3.1
需要更新到rubygems到1.3.5版本,
更新步骤如下:
#wget http://production.cf.rubygems.org/rubygems/rubygems-1.3.5.tgz
注:1.3.5版本以上和centos5.5不兼容。
# tar zxvf rubygems-1.3.5.tgz
# cd rubygems-1.3.5
# ruby setup.rb
# update-alternatives –install /usr/bin/gem gem /usr/local/ruby/bin/gem ##替换系统原有gem
再查看gem 版本:
#gem -v
1.3.5
注:也可以使用gem install update system或者update_rubygems 进行更新。
升级到最新可使用:gem install –system
5 .安装rake
#gem install rake
6 下载安装Dashboard:
#wget http://downloads.puppetlabs.com/dashboard/puppet-dashboard-1.2.2.tar.gz
#tar zxvf puppet-dashboard-1.2.2.tgz –C /usr/local/puppet-dashboard
也可以使用puppetlabs实验室的源,使用yum安装,简单步骤如下:
[puppetlabs]
name=Puppet Labs Packages
baseurl=http://yum.puppetlabs.com/base/
enabled=1
gpgcheck=1
gpgkey=http://yum.puppetlabs.com/RPM-GPG-KEY-puppetlabs
把以上保存在/etc/yum.repos.d/puppetlabs.repo
再执行#yum update
#yum install puppet-dashboard
至此puppet-dashboard安装完成。
7. 给mysql创建一个mysql数据库,并且指定用户给puppet
创建一个软连接(根据个人配置):
#ln -s /tmp/mysql.sock /var/lib/mysql/mysql.sock
#mysql -uroot -p(密码)
mysql> create database dashboard default charset utf8;
Query OK, 1 row affected (0.00 sec)
mysql> use dashboard
Database changed
mysql> grant all on dashboard.* to dashboard@localhost identified by ‘dashboard’ ;
Query OK, 0 rows affected (0.02 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
8 下面的重点:先进入面板的安装目录,在进行下面的操作:
#cd /usr/local/puppet-dashboard
9 给面板建立一个数据库的Yml文件,因为有默认的database.yml.example 复制一下。
# cp config/database.yml.example config/database.yml
10 修改database.yml,我们使用生产环境,所以在以下位置修改:
production:
database: dashboard
username: dashboard
password: dashboard
encoding: utf8
adapter: mysql
host: 填写mysql的ip,如是本机,可直接写localhost
使用rake任务创建刚从在config / database.yml文件设置的数据库
# rake RAILS_ENV=production db:create
出现如下:
(in /usr/local/puppet-dashboard)
!!! The bundled mysql.rb driver has been removed from Rails 2.2. Please install the mysql gem and try again: gem install mysql.
rake aborted!
no such file to load – mysql(没有安装mysql的问题,下面执行前确保先安装mysql-devel)
# gem install mysql
# rake RAILS_ENV=production db:migrate(为典型的生产环境配置)
11 .这个面板是使用内置的Webrick的作为web服务器,不需要再安装apache或者nginx.
现在可以启动了,
#cd /usr/local/puppet-dashboard
# script/server -p 3000 -d (“-d”表示后台运行)
假设我们使用3000端口(默认3000)
可以使用script/server –help查看更详细的用法
12.可以使用http://ip:3000进行查看,ip为安装dashboard的机器更多操作的图就不显示出来了。
可以自己体验劳动成果。
13.为方便puppet dashboad的启动与停止,我写好了相应的shell脚本,在本文后面提供下载。
【puppet dashboard配置】:
Server端配置:
注:yum安装puppet的版本号是0.25.X,编译安装的版本号是2.6.X,配置略有不同请注意,
以下是2.7版本的配置。
# puppetmasterd –configprint libdir
# vi /etc/puppet/puppet.conf
在【main】添加以下内容:
reports = http, store
启动puppetmaster
/etc/init.d/puppetmaster restart
client端配置:
# vi /etc/puppet/puppet.conf
在【agent】添加以下内容:
report = true
启动puppet:
/etc/init.d/puppet restart
————————————————————————
2.6版本的配置
Server端配置:
# vi /etc/puppet/puppet.conf
在[main]段添加如下内容
reports=http
client端配置:
在[puppetd] 段添加如下内容
report = true
——————————————————-
在dashboard主机上再执行
cp /usr/local/puppet-dashboard/ext/puppet/puppet_dashboard.rb /usr/lib/ruby/site_ruby/1.8/puppet/reports/
rake RAILS_ENV=production reports:import 导入日志
rake RAILS_ENV=production reports:import EPORT_DIR=/path/to/your/reports
puppet dashboard常用操作命令如下:
当puppet dashboard数据量过多的时候,需要优化数据库,可使用命令:
rake RAILS_ENV=production db:raw:optimize
清量dashborad一个月之前的数据。可以使用
rake RAILS_ENV=production reports:prune upto=1 unit=mon
备份puppet dashborad数据库,可以使用如下命令:
rake RAILS_ENV=production db:raw:dump
备份sql并输出到文件:
rake RAILS_ENV=production FILE=/my/backup/file.sql db:raw:dump
恢复puppet dashboard数据库,可以使用如下命令:
rake RAILS_ENV=production FILE=production.sql db:raw:restore
【配置puppet dashboard总结】:
puppet dashboard安装,还是比较简单,本文档也是参考pro puppet一书中的。在QQ群共享里有
,QQ群号:179750784.puppet dashboad很直观,符合大部人的习惯,可通过数据库查询,
可以查看puppet report.但我还是不太适应在上面操作。本次puppet dashboard安装与配置到此结束。
puppet dashboard下载地址:http://vdisk.weibo.com/s/WBfh,下载后放到/etc/init.d/puppet-dashboard ,
并执行chmod 755,即可。
本文参考以下官方puppet dashboard 参考文档:
http://docs.puppetlabs.com/dashboard/manual/1.2/bootstrapping.html
http://docs.puppetlabs.com/dashboard/manual/1.2/configuring.html
http://docs.puppetlabs.com/dashboard/manual/1.2/upgrading.html
http://docs.puppetlabs.com/dashboard/manual/1.2/maintaining.html
原创文章,转载请注明: 文章地址puppet dashboard安装配置教程
#########################################################
http://ulinux.pro/centos-puppet-foreman-%E5%AE%89%E8%A3%85%E6%96%B9%E6%B3%95.html
puppet是一种Linux、Unix平台的集中配置管理系统,,可管理配置文件、用户、cron任务、软件包、系统服务等。puppet的设计目标是简化对这些资源的管理以及妥善处理资源间的依赖关系。
foreman是一个puppet的生命周期管理系统,类似puppet-dashboard,通过它可以很直观的查看puppet所有客户端的同步状态与facter参数。下面就有关CentOS puppet foreman 安装方法做出具体介绍。
foreman 和 dashboard 一样。可以直观地查看puppet client 同步状态等。详细情况看官方的截图:
http://theforeman.org/projects/foreman/wiki/Screenshots
简单说下安装的顺序:
1. 安装puppet
2. 升级ruby 至 1.8.6
3. 安装相关的依赖 gem rake rails i18n
4. 创建库和用户并授权
5. 安装foreman
6. 修改database.yml
7. 创建foreman表
8. 配置 foreman.rb 文件,并放至puppet reports目录
9. 配置 puppet server client 配置文件
10. 启动
注意版本的要求。特别是ruby 只能是1.8 升级ruby 参考: http://bubbyroom.com/2011/01/centos-yum-update-ruby/
Ruby 1.9 is not supported yet. You have to use Ruby 1.8.x as stated above.
RubyGems 1.3.1 or higher is requiredRake 0.8.3 or higher is requiredRack 1.0.1 is required.
If you don't have this exact version, database migration would fail.I18n 0.4.2 is required for Redmine >= 1.0.5
1
2
|
rpm-Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-3.noarch.rpm
yum install-ymysql mysql-devel mysql-server ruby ruby-devel ruby-irb ruby-mysql ruby-rdoc ruby-ri
|
如果MYSQL 是源码包安装则:
1
|
yum install-yruby ruby-devel ruby-irb ruby-mysql ruby-rdoc ruby-ri
|
安装rubygem 1.3.5
1
|
http://production.cf.rubygems.org/rubygems/rubygems-1.3.5.tgztarxfz rubygems-1.3.5.tgzcdrubygems-1.3.5rubysetup.rb
|
安装rails 和rack
1
2
3
|
gem install rails-v=2.3.5
gem install rack-v=1.0.1
gem install-v=0.4.2i18n
|
下载foreman
地址:http://www.redmine.org/projects/redmine/wiki/Download
我喜欢用GIT下载:
有人问过我git 怎么安装:
1
2
|
yum-yinstall git
git clone git://github.com/edavis10/redmine.git
|
源码包地址:
1
|
wget http://rubyforge.org/frs/download.php/73900/redmine-1.1.0.tar.gz
|
下载 后解压。可以放在/usr/local/redmine 目录
Mysql 配置: 创建库和用户
1
2
|
create database redmine character setutf8;
create user'redmine'@'localhost'identified by'my_password';<br/>grant all privileges on redmine.*to'redmine'@'localhost';
|
mysql 5 以上
1
|
grant all privileges on redmine.*to'redmine'@'localhost'identified by'my_password';
|
进去foreman配置 database.yml
config/database.yml
1
2
|
production:adapter:mysqldatabase:redminehost:localhostusername:redmine
password:my_password
|
建表:
1
|
RAILS_ENV=production rake db:migrate
|
启动:
1
|
ruby script/server webrick-eproduction
|
库备份:
1
2
|
/usr/bin/mysqldump-u-p
|gzip>/path/to/backup/db/redmine_`date+%y_%m_%d`.gz
|
puppet master配置
puppet client 配置
配置puppet 提交至foreman
1
2
3
4
|
#cp extras/puppet/foreman/files/foreman-report.rb/usr/lib/ruby/site_ruby/1.8/puppet/reports/foreman.rb
#chmod644/usr/lib/ruby/site_ruby/1.8/puppet/reports/foreman.rb
#vim/usr/lib/ruby/site_ruby/1.8/puppet/reports/foreman.rb
#URL of your Foreman installation$foreman_url="http://"+`hostname`.strip+":8000"
|
cron 清数据:
1
|
rake reports:expire days=7RAILS_ENV="production"
|
###########################################################
foreman 可以采用yum 安装
配置源:
1
2
3
|
cat>/etc/yum.repos.d/foreman.repo<<EOF[foreman]name=Foreman Repo
baseurl=http://theforeman.org/repogpgcheck=0enabled=1EOF
yum install foreman
|
使用yum 安装后会产生/etc/init.d/foreman 配置文件也在/etc/foreman 目录 。其它的配置一样。
我在安装时遇到过一些错误,但主要是ruby 版本 和mysql 依赖 建议都用yum 来安装
原文链接:http://bubbyroom.com/2011/01/centos-puppet-foreman-instal/
#########################################################
http://www.jsxubar.info/tag/puppet-2/
centos 5/6 安装 puppet foreman
(3 votes, average: 5.00 out of 5)
206 views2013 年 4 月 24 日Puppet、运维foreman、puppetjsxubar
puppet foreman 是一个puppet 的web管理端。今天就介绍 centos 5/6 安装 puppet foreman 的整个过程。
centos 5/6 安装 puppet foreman
环境
操作系统: CentOS 6 x86_64 ( 使用 yum update -y 升级到最新版本 )
主机名: agent1.example.com
IP: 192.168.254.198
预备操作
1. 设置主机名
1
2
3
4
5
6
7
8
9
10
11
|
hostname agent1.example.com
cat >/etc/hosts <<EOF
192.168.254.198 agent1.example.com agent1
127.0.0.1 agent1.example.com agent1
127.0.0.1 localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6
EOF
cat >/etc/sysconfig/network <<EOF
NETWORKING=yes
HOSTNAME=agent1.example.com
EOF
|
2. 升级系统到最新版本
3. 禁用防火墙和SELinux
1
2
3
4
5
6
7
|
service iptables stop
chkconfig iptables off
setenforce 0
cat /etc/sysconfig/selinux <<EOF
SELINUX=disabled
SELINUXTYPE=targeted
EOF
|
1. 安装 yum 源
1
2
3
|
rpm -ivh http://yum.theforeman.org/releases/1.1/el6/x86_64/foreman-release-1.1stable-3.el6.noarch.rpm
rpm -ivh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
rpm -ivh http://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-7.noarch.rpm
|
2. 安装 puppet server
1
|
yum install puppet-server
|
# 测试 puppet server 是否正常
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
service puppetmaster start
cat >/etc/puppet/manifests/site.pp <<EOF
import 'nodes.pp'
EOF
cat >/etc/puppet/manifests/nodes.pp <<EOF
node 'agent1.example.com' {
include testm
}
node default {
}
EOF
mkdir -p /etc/puppet/modules/testm/manifests
cat >/etc/puppet/modules/testm/manifests/init.pp <<EOF
class testm {
notify { 'my first test module':
}
}
EOF
puppet agent --server agent1.example.com -t
|
3. 安装 foreman
1
|
yum -y install foreman foreman-proxy foreman-sqlite
|
4. 配置 foreman-proxy
# 设置 trusted_hosts
# 启用 puppet, puppetca, tftp , 将false改成true
1
2
3
|
vim /usr/share/foreman-proxy/config/settings.yml
# :trusted_hosts:
# - agent1.example.com
|
# 启动foreman-proxy
1
|
/etc/init.d/foreman-proxy start
|
# 检查是否成功, 监听了8443端口即可
5. 初始化foreman
# 修改目录权限
1
|
chown -R foreman.foreman /usr/share/foreman/
|
# 初始化数据库
1
2
3
|
cd /usr/share/foreman
RAILS_ENV=production rake db:migrate
rake puppet:import:hosts_and_facts dir=/var/lib/puppet/yaml/facts/ RAILS_ENV=production
|
# 启动 foreman 服务
# 检查, 监听了3000端口即可
# 检查
# 使用浏览器打开 http://192.168.254.198:3000
# 使用 admin/changeme 登录
# 现在在 Dashboard, Hosts, Facts 应该能看到数据了
6. 配置 foreman 的Smart Proxies
# 打开 more – Configuration – Smart Proxies
# 添加 Smart Proxy
# name: foreman-proxy
# url: http://agent1.example.com:8443
7. 配置 foreman report 功能
# 修改 puppet agent 节点的 /etc/puppet/puppet.conf
# 添加以下片段:
1
2
|
[agent]
report = true
|
# 修改 puppet master 节点的 /etc/puppet/puppet.conf
# 添加如下片段:
1
2
|
[master]
reports = foreman, log
|
# 添加 report 脚本 foreman.rb
1
2
3
|
cd /usr/lib/ruby/site_ruby/1.8/puppet/reports
wget https://raw.github.com/theforeman/puppet-foreman/master/templates/foreman-report.rb.erb
cp foreman-report.rb.erb foreman.rb
|
# 修改 foreman url
# $foreman_url=’http://agent1.example.com:3000′
# 重启 puppetmaster 和foreman
1
2
|
service foreman restart
service puppetmaster restart
|
# 运行 puppet agent 测试
1
|
puppet agent --server agent1.example.com -t
|
# 在 foreman Reports 中应该会出现数据.
高级设置
1. foreman-proxy ssl 设置
步骤如下:
a. 修改 foreman-proxy 设置
1
2
3
4
5
6
7
8
9
|
vim /usr/share/foreman-proxy/config/settings.yml
# 设置以下值
:ssl_certificate: /var/lib/puppet/ssl/certs/FQDN.pem
:ssl_ca_file: /var/lib/puppet/ssl/certs/ca.pem
:ssl_private_key: /var/lib/puppet/ssl/private_keys/FQDN.pem
# 以上值的内容可以在 foreman - More - Settings - Provisioning 中查看
# 信任的主机设置
:trusted_hosts:
- agent1.example.com
|
b. 修改 puppet 配置
1
2
3
4
5
|
vim /etc/puppet/puppet.conf
# 添加以下内容
[main]
privatekeydir = $ssldir/private_keys { group = service }
hostprivkey = $privatekeydir/$certname.pem { mode = 640 }
|
c. 设置用户组
1
2
3
|
vim /etc/group
# 将 foreman 和 foreman-proxy 添加到 puppet 组中
puppet:x:52:foreman,foreman-proxy
|
d. 重启服务
1
2
|
service puppetmaster restart
service foreman-proxy restart
|
e. 在 foreman 中将 Smart Proxies 中的 http 改为 htttps 即可
2. 将 puppetmaster 转移到 apache
步骤如下:
a. 安装 apache
b. 安装和配置 mod_passenger
1
2
3
4
|
gem install passenger
# 安装 apache 模块
passenger-install-apache2-module
# 如果提示缺少组件, 按提示的安装即可
|
passenger-install-apache2-module 命令运行完成后会提示mod_passenger的信息
配置 mod_passenger 模块
1
2
3
4
5
|
cat >/etc/httpd/conf.d/passenger.conf <<EOF
LoadModule passenger_module /usr/lib/ruby/gems/1.8/gems/passenger-4.0.1/libout/apache2/mod_passenger.so
PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-4.0.1
PassengerDefaultRuby /usr/bin/ruby
EOF
|
c. 配置 ssl 模块
d. 配置 puppetmaster vhost
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
|
cat >/etc/httpd/conf.d/puppet.conf <<EOF
Listen 8140
<VirtualHost *:8140>
SSLEngine on
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
SSLCertificateFile /var/lib/puppet/ssl/certs/agent1.example.com.pem
SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/agent1.example.com.pem
SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem
# CRL checking should be enabled; if you have problems with Apache complaining about the CRL, disable the next line
SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars +ExportCertData
# The following client headers allow the same configuration to work with Pound.
RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
RequestHeader unset X-Forwarded-For
# you probably want to tune these settings
PassengerHighPerformance on
PassengerMaxPoolSize 12
PassengerPoolIdleTime 1500
# PassengerMaxRequests 1000
PassengerStatThrottleRate 120
#RackAutoDetect On
DocumentRoot /etc/puppet/rack/public/
<Directory /etc/puppet/rack>
Options None
AllowOverride None
Order allow,deny
allow from all
</Directory>
ErrorLog "logs/puppet_error.log"
CustomLog "logs/puppet_access.log" common
</VirtualHost>
EOF
|
e. 配置目录
1
2
3
4
5
6
7
8
9
10
|
mkdir -p /etc/puppet/rack/public
cat >/etc/puppet/rack/config.ru <<EOF
$0 = "master"
ARGV << "--rack"
ARGV << "--confdir" << "/etc/puppet"
ARGV << "--vardir" << "/var/lib/puppet"
require 'puppet/util/command_line'
run Puppet::Util::CommandLine.new.execute
EOF
chown -R puppet.root /etc/puppet/rack
|
f. 启动 httpd 服务和停止 puppetmaster 服务
1
2
|
service puppetmaster stop
service httpd start
|
3. 将 foreman 迁移到 apache, 同时开启 ssl
这个步骤好像在 CentOS 6.4 上面会出错. CentOS 5 上可以. 步骤如下:
a. 配置 apache vhost
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
cat >/etc/httpd/conf.d/foreman.conf <<EOF
ServerName agent1.example.com
ServerAlias foreman
DocumentRoot /usr/share/foreman/public
PassengerAppRoot /usr/share/foreman
#RailsAutoDetect On
AddDefaultCharset UTF-8
ServerName agent1.example.com
ServerAlias foreman
#RailsAutoDetect On
DocumentRoot /usr/share/foreman/public
PassengerAppRoot /usr/share/foreman
# Use puppet certificates for SSL
SSLEngine On
SSLCertificateFile /var/lib/puppet/ssl/certs/agent1.example.com.pem
SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/agent1.example.com.pem
SSLCertificateChainFile /var/lib/puppet/ssl/certs/ca.pem
SSLCACertificateFile /var/lib/puppet/ssl/certs/ca.pem
SSLVerifyClient optional
SSLOptions +StdEnvVars
SSLVerifyDepth 3
EOF
|
b. 配置 reports 的 foreman.rb
1
2
3
4
5
6
|
vim /usr/lib/ruby/site_ruby/1.8/puppet/reports/foreman.rb
# 设置以下值
$foreman_url='https://agent1.example.com'
$foreman_ssl_ca = "/var/lib/puppet/ssl/certs/ca.pem"
$foreman_ssl_cert = "/var/lib/puppet/ssl/certs/agent1.example.com.pem"
$foreman_ssl_key = "/var/lib/puppet/ssl/private_keys/agent1.example.com.pem"
|
c. 配置 foreman
1
2
3
|
vim /usr/share/foreman/config/settings.yaml
# 设置以下值:
:require_ssl: true
|
d. 重启服务
1
2
|
service foreman stop
service httpd restart
|
4. 配置 ENC
步骤如下:
a. 设置 ENC 脚本
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
|
cat >/etc/puppet/node.rb <<EOF
#!/usr/bin/env ruby
### File managed with puppet ###
## Served by: ''
## Module: 'foreman'
## Template source: 'MODULES/foreman/templates/external_node.rb.erb'
SETTINGS = {
:url => "https://master.example.com",
:puppetdir => "/var/lib/puppet",
:facts => true,
:storeconfigs => false,
:timeout => 3,
# if CA is specified, remote Foreman host will be verified
:ssl_ca => "/var/lib/puppet/ssl/certs/ca.pem",
# ssl_cert and key are required if require_ssl_puppetmasters is enabled in Foreman
:ssl_cert => "/var/lib/puppet/ssl/certs/master.example.com.pem",
:ssl_key => "/var/lib/puppet/ssl/private_keys/master.example.com.pem"
}
# Script usually acts as an ENC for a single host, with the certname supplied as argument
# if 'facts' is true, the YAML facts for the host are uploaded
# ENC output is printed and cached
#
# If --push-facts is given as the only arg, it uploads facts for all hosts and then exits.
# Useful in scenarios where the ENC isn't used.
### Do not edit below this line
def url
SETTINGS[:url] || raise("Must provide URL - please edit file")
end
def puppetdir
SETTINGS[:puppetdir] || raise("Must provide puppet base directory - please edit file")
end
def stat_file(certname)
FileUtils.mkdir_p "#{puppetdir}/yaml/foreman/"
"#{puppetdir}/yaml/foreman/#{certname}.yaml"
end
def tsecs
SETTINGS[:timeout] || 3
end
require 'net/http'
require 'net/https'
require 'fileutils'
require 'timeout'
def upload_all_facts
Dir["#{puppetdir}/yaml/facts/*.yaml"].each do |f|
certname = File.basename(f, ".yaml")
upload_facts(certname, f)
end
end
def upload_facts(certname, filename)
# Temp file keeping the last run time
stat = stat_file(certname)
last_run = File.exists?(stat) ? File.stat(stat).mtime.utc : Time.now - 365*24*60*60
last_fact = File.stat(filename).mtime.utc
if last_fact > last_run
fact = File.read(filename)
begin
uri = URI.parse("#{url}/fact_values/create?format=yml")
req = Net::HTTP::Post.new(uri.path)
req.set_form_data('facts' => fact)
res = Net::HTTP.new(uri.host, uri.port)
res.use_ssl = uri.scheme == 'https'
if res.use_ssl?
if SETTINGS[:ssl_ca]
res.ca_file = SETTINGS[:ssl_ca]
res.verify_mode = OpenSSL::SSL::VERIFY_PEER
else
res.verify_mode = OpenSSL::SSL::VERIFY_NONE
end
if SETTINGS[:ssl_cert] and SETTINGS[:ssl_key]
res.cert = OpenSSL::X509::Certificate.new(File.read(SETTINGS[:ssl_cert]))
res.key = OpenSSL::PKey::RSA.new(File.read(SETTINGS[:ssl_key]), nil)
end
end
res.start { |http| http.request(req) }
rescue => e
raise "Could not send facts to Foreman: #{e}"
end
end
end
def cache(certname, result)
File.open(stat_file(certname), 'w') {|f| f.write(result) }
end
def read_cache(certname)
File.read(stat_file(certname))
rescue => e
raise "Unable to read from Cache file: #{e}"
end
def enc(certname)
foreman_url = "#{url}/node/#{certname}?format=yml"
uri = URI.parse(foreman_url)
req = Net::HTTP::Get.new(foreman_url)
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = uri.scheme == 'https'
if http.use_ssl?
if SETTINGS[:ssl_ca]
http.ca_file = SETTINGS[:ssl_ca]
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
else
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
end
if SETTINGS[:ssl_cert] and SETTINGS[:ssl_key]
http.cert = OpenSSL::X509::Certificate.new(File.read(SETTINGS[:ssl_cert]))
http.key = OpenSSL::PKey::RSA.new(File.read(SETTINGS[:ssl_key]), nil)
end
end
res = http.start { |http| http.request(req) }
raise "Error retrieving node #{certname}: #{res.class}" unless res.code == "200"
res.body
end
# Actual code starts here
begin
if ARGV.delete("--push-facts")
# push all facts files to Foreman and don't act as an ENC
upload_all_facts
else
certname = ARGV[0] || raise("Must provide certname as an argument")
# send facts to Foreman - enable 'facts' setting to activate
# if you use this option below, make sure that you don't send facts to foreman via the rake task or push facts alternatives.
#
if SETTINGS[:facts] && !SETTINGS[:storeconfigs]
upload_facts certname, "#{puppetdir}/yaml/facts/#{certname}.yaml"
end
#
# query External node
begin
result = ""
timeout(tsecs) do
result = enc(certname)
cache(certname, result)
end
rescue TimeoutError, SocketError, Errno::EHOSTUNREACH
# Read from cache, we got some sort of an error.
result = read_cache(certname)
ensure
puts result
end
end
rescue => e
warn e
exit 1
end
EOF
|
b. 配置 puppet
1
2
3
4
5
|
vim /etc/puppet/puppet.conf
# 添加以下内容
[master]
external_nodes = /etc/puppet/node.rb
node_terminus = exec
|
若出现以下类似的错误:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: Error 400 on SERVER: Failed to find master.example.com via exec: Execution of '/etc/puppet/node.rb master.example.com' returned 1: ---
environment: production
parameters:
root_pw: xybxa6JUkz63w
foreman_env: production
puppetmaster: ""
classes: {}
Info: Retrieving plugin
Info: Loading facts in /etc/puppet/modules/ssh/lib/facter/hello.rb
Info: Loading facts in /etc/puppet/modules/repo_epel/lib/facter/os_maj_version.rb
Info: Loading facts in /var/lib/puppet/lib/facter/hello.rb
Info: Loading facts in /var/lib/puppet/lib/facter/os_maj_version.rb
Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Failed when searching for node master.example.com: Failed to find master.example.com via exec: Execution of '/etc/puppet/node.rb master.example.com' returned 1: ---
environment: production
parameters:
root_pw: xybxa6JUkz63w
foreman_env: production
puppetmaster: ""
classes: {}
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
|
使用以下命令即可:
1
|
chown -R puppet.puppet /var/lib/puppet/yaml/foreman
|
有一条评论
puppet + mcollective 安装使用
(3 votes, average: 5.00 out of 5)
261 views2013 年 3 月 28 日Puppet、运维mcollective、puppetjsxubar
好久没更新 puppet 的文章了,近期重新拾起 puppet 这个工具,看了 puppet cookbook 一书,强化了 mcollective 的使用,分享一下。
一、puppet agent 调度方式
puppet agent 有三种调度方式:
- 后台进程: 这种方式就是通过服务脚本来控制,也可以手动运行 puppet agent ,加上 –no-daemonize 这个参数即可保持在前台,以交互的方式运行。
- cron: 定义系统自带的周期性任务来运行 puppet agent。
- mcollective:这种方式是采用中心调度式,从控制端发出指令到被控制端执行相应的操作,puppet agent 只是这些操作之一。
mcollective 与前两种方式的差别在于 mcollective 更主动,前两种方式都是隔一段时间运行一次,而不管配置是否需要发生变更,而 mcollectvice 则是在配置需要发生变更时从控制端发出puppet agent 命令到被控制端,这样不会浪费系统资源,而且在需要的时候能立即发生变更。
二、mcollective 消息流程
为什么先讲消息流程呢? 因为只有在明白了mcollective的信息如何流动之后,你才知道如何安装。
mcollective-message
步骤及描述
- client 是控制端,从 client 发出指令,如 puppet agent
- client 发出指令后, middleware 接收到指令,将这些指令广播到各个节点,这些节点一般称为服务器端
- 服务器端接收到指令,同时对照指令中指定的筛选条件,如果符合则执行指令,并将结果返回给中间件
- 中间件将结果返回给 client
三、mcollective 安装和配置
我的系统是 CentOS 5,puppet 版本是 3.1.0 。所有软件均使用 yum 安装。安装前添加puppetlabs和epel源。
我会提供两种安装方式,一种即普通方法,一种则通过 puppet 模块实现,安装时只需在相应节点添加模块即可。
1. 普通安装方法
安装主要分为三部分:
- 安装rabbitmq ,这是中间件,中间件还可以选择 activemq 。选择在mcollective client和server端都能连接的服务器上安装,建议可以安装在 puppet master 上,puppet master 同样需要被所有主机连接。运行以下命令进行安装:
1
2
3
4
5
6
7
8
9
10
11
12
13
|
# install
yum install erlang
wget http://www.rabbitmq.com/releases/rabbitmq-server/v3.0.4/rabbitmq-server-3.0.4-1.noarch.rpm
rpm -ivh rabbitmq-server-3.0.4-1.noarch.rpm
rm rabbitmq-server-3.0.4-1.noarch.rpm
service rabbitmq-server start
# config user
rabbitmqctl add_user user password
rabbitmqctl set_permissions -p / user "^amq.gen-.*" ".*" ".*"
rabbitmqctl delete_user guest
# config plugins
rabbitmq-plugins enable rabbitmq_stomp
service rabbitmq-server restart
|
- 安装 mcollective ,这是服务器端,在每一台需要被控制的服务器中安装。添加 puppet 源之后运行以下命令安装:
1
|
yum install mcollective
|
安装后需要在所有安装的服务器修改配置文件 /etc/mcollective/server.cfg 中的 stomp 的信息,即中间件的信息。
1
2
3
4
5
6
7
8
9
|
# Plugins
securityprovider = psk
plugin.psk = 123456
connector = stomp
plugin.stomp.host = master.example.com
plugin.stomp.port = 61613
plugin.stomp.user = user
plugin.stomp.password = password
|
- 安装 mcollective-client ,这个client端,只需要安装在一台服务器即可。运行以下命令安装:
1
|
yum install mcollective-client
|
安装完成后同样修改配置文件 /etc/mcollective/client.cfg, 要修改的内容与 server.cfg 的一致,参考上一步即可。
- 安装 mcollective 插件,在所有安装了 mcollective 的服务器,安装以下插件:
1
2
3
|
yum install mcollective-puppet-agent mcollective-puppet-client mcollective-facter-facts
# 安装完成后修改 /etc/mcollective/server.cfg 的 factsource = facter
/etc/init.d/mcollective restart
|
使用以下命令检查是安装成功:
2. puppet 模块安装方法
- 下载附件内容(mcollective.tar.gz)后,解压到 puppet 模块目录下
- 修改 mcollective 模块中的 params.pp 文件
- 在中间件服务器上包含 rabbitmq 和 repo::epel 模块
1
2
|
include repo::epel
include rabbitmq
|
- 在 mcollective 服务器端包含 mcollective 模块
1
2
|
include repo::puppetlabs
include mcollective
|
- 在 mcollective client 端包含 mcollective::client 模块
1
2
|
include repo::puppetlabs
include mcollective::client
|
- 在所有服务器上运行 puppet agent 来应用配置
OK,在 mcollective client 运行 mco ping ,如果正常则能看到所有 mcollective 服务器端节点。
四、mcollective 术语
mcollective 术语有蛮多的,稍微介绍一下。
最重要的概念是server,client。这与C/S架构中客户端/服务器端没有必然关系,在MCollective中是多个server<—–>一个client的结构
服务端,简单说就是数据提供方。它是mcollective守护进程,一个负责托管代理和管理中间件连接的应用程序服务器。
客户端,简单说是数据/信息接收方。它是创建命令让代理去执行的应用程序,特别地这会是一台安装有客户端程序的机器用户可以使用像mco ping这样的命令来与代理交互。通常客户端会使用MCollective::Client库来与Collective通信。
节点,server运行的计算机或操作系统
代理,Ruby代码块,执行一个特定的角色,mcollective主要用来托管代理。代理可以执行防火墙操作、服务管理、包管理等任务。它在所有 的‘server’节点上执行命令,将返回传递给‘client’。MCollective提供内建的过滤机制来选择执行代理。
动作,代理执行的任务称为动作。每个代理就像exim队列管理代理可能执行mailq, rm, retry等任务一样。这些动作由代理提供。
插件,ruby代码块,位于server机器并且执行像安全,连接处理,代理等的特定角色。按照维基百科解释就是一系列增强/提高其他软件应用程序的软件并且通常不能独立运行。
中间件,这里仅指类似Apache ActiveMQ这样的发布/订阅中间件
处理服务间通信的软件,这个服务传输请求消息和回复消息。可以看成是一个有着路由规则的邮件服务器。
消息队列,可以从中读取或向里写入的数据存储应用程序。就像SMTP服务器中的邮件队列。
连接器,MCollective::Connector类型的插件,处理与所选中间件的连接
命名空间,当前发送到中间件的消息直接在名为/topic/mcollective.package.command的主题下(topics)而回复则在/topic/mcollective.package.reply
这个例子中命名空间是”mcollective”,所有的servers和clients如果想形成同一个collective的一部分就必须使用相同命名空间。
中间件通常能够携带不同命名空间因此有多个collectives。
在同一个命名空间下操作的servers,nodes和中间件的组合
多个colletives能够通过使用不同命名空间共享同一中间件
一个server可以属于多个命名空间。一个subcollective就是一个命名空间,这个subcollective属于这个server所属全部collectives的子集
subcollectives用于在高流量网络中网络分区和控制广播域
节点信息,比如域名,国家,角色,操作系统版本等等
facts由MCollective::Facts类型的插件提供
注册,server向代理发送的信息称为注册。发送注册消息的代码是MCollective::Registration类型的插件。
安全,MCollective::Security类型的插件来负责加密、验证和消息在传给connector时的编码。
用户,servers和clients都向中间件验证,用户一般指的是用于中间件验证的用户名
审计,与SimpleRPC相关,审计动作指将请求落到磁盘日志或者相关动作
授权,与SimpleRPC相关,授权过程就是根据请求者的验证信息对请求进行允许或取消操作
通过队列发送和接收消息的软件,代理在系统上执行的动作依赖消息的内容。就像是你的邮件客户端和你或者是人在聊天室里。
五、 mcollective 目录简介
在了解术语并安装 mcollective 之后,我们可以简单介绍下 mcollective 下的各个目录的作用。
在 Redhat 或 CentOS 上 mcollective 安装在 /usr/libexec/mcollective/mcollective 目录下,包含以下子目录,各子目录内的文件的说明如下:
- agent: 代理,Ruby代码块,执行一个特定的角色,mcollective主要用来托管代理。代理可以执行防火墙操作、服务管理、包管理等任务。它在所有 的‘server’节点上执行命令,将返回传递给‘client’。这些文件对应mco plugin doc 命令输出中的 Agents 中所列的内容。文件一般由 common 和 agent 包提供,如:
1
2
3
4
5
|
mcollective-common-2.2.3-1.el5 discovery.rb
mcollective-puppet-common-1.5.1-1 puppet.ddl
mcollective-puppet-agent-1.5.1-1 puppet.rb
mcollective-common-2.2.3-1.el5 rpcutil.ddl
mcollective-common-2.2.3-1.el5 rpcutil.rb
|
- aggregate:提供一些聚合函数,用于生成报告时使用。文件一般由 common 和 client 包提供,如:
1
2
3
4
5
|
mcollective-common-2.2.3-1.el5 average.rb
mcollective-puppet-client-1.5.1-1 boolean_summary.ddl
mcollective-puppet-client-1.5.1-1 boolean_summary.rb
mcollective-common-2.2.3-1.el5 summary.rb
mcollective-common-2.2.3-1.el5 sum.rb
|
- application:提供 mco 可供执行的命令,每个文件对应一个命令,即与 mco help 输出的内容对应。文件一般由 client 包和 comon 包提供,如:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
mcollective-common-2.2.3-1.el5
mcollective-client-2.2.3-1.el5 completion.rb
mcollective-common-2.2.3-1.el5
mcollective-client-2.2.3-1.el5 facts.rb
mcollective-common-2.2.3-1.el5
mcollective-client-2.2.3-1.el5 find.rb
mcollective-common-2.2.3-1.el5
mcollective-client-2.2.3-1.el5 help.rb
mcollective-common-2.2.3-1.el5
mcollective-client-2.2.3-1.el5 inventory.rb
mcollective-common-2.2.3-1.el5
mcollective-client-2.2.3-1.el5 ping.rb
mcollective-common-2.2.3-1.el5
mcollective-client-2.2.3-1.el5 plugin.rb
mcollective-puppet-client-1.5.1-1 puppet.rb
mcollective-common-2.2.3-1.el5
mcollective-client-2.2.3-1.el5 rpc.rb
|
- audit:审计,与SimpleRPC相关,审计动作指将请求落到磁盘日志或者相关动作。
- connector:连接器,在 server.cfg 和 client.cfg 中的 connector 即是指这个。默认 mcollective-common 包提供了三个连接器: activemq, rabbitmq, stomp 。
- data:数据查询, 对应 mco plugin doc 中的 Data Queries 中的条目。一般由 common 包提供,如:
1
2
3
4
5
6
7
8
|
mcollective-common-2.2.3-1.el5 agent_data.ddl
mcollective-common-2.2.3-1.el5 agent_data.rb
mcollective-common-2.2.3-1.el5 fstat_data.ddl
mcollective-common-2.2.3-1.el5 fstat_data.rb
mcollective-puppet-common-1.5.1-1 puppet_data.ddl
mcollective-puppet-common-1.5.1-1 puppet_data.rb
mcollective-puppet-common-1.5.1-1 resource_data.ddl
mcollective-puppet-common-1.5.1-1 resource_data.rb
|
- discovery:节点发现方法,与 mco plugin doc 中的 Discovery Methods 相对应,现提供 mc (基于广播)和 flatfile (基于文件)的方式来发现节点。这两种方法的文件由 mcollective-common 包提供。
- facts: facter 提供,与 server.cfg 和 client.cfg 中 factsource 配置对应,默认方式为yaml,facter在 /etc/mcollective/facts.yaml 文件中定义,安装 mcollective-facter-facts 插件后 factsource 可以由 facter 软件提供。文件由以下包提供:
1
2
3
|
mcollective-facter-facts-1.0.0-1 facter_facts.ddl
mcollective-facter-facts-1.0.0-1 facter_facts.rb
mcollective-common-2.2.3-1.el5 yaml_facts.rb
|
- pluginpackager:插件打包方式,目前有 deb 和 rpm 方式。文件由以下包提供:
1
2
3
4
5
6
7
8
9
10
11
|
mcollective-common-2.2.3-1.el5
mcollective-client-2.2.3-1.el5 debpackage_packager.rb
mcollective-common-2.2.3-1.el5
mcollective-client-2.2.3-1.el5 ospackage_packager.rb
mcollective-common-2.2.3-1.el5
mcollective-client-2.2.3-1.el5 rpmpackage_packager.rb
mcollective-common-2.2.3-1.el5
mcollective-client-2.2.3-1.el5 templates
|
- registration:这个文件夹的作用不清楚。默认里面有一个 agentlist.rb 文件,该文件作用在于:
1
|
A registration plugin that simply sends in the list of agents we have
|
- security:安全,负责与安全相关的内容。由 mcollective-common 提供,包括aes_security.rb,psk.rb,ssl.rb。
- util:工具。puppet 插件提供了一些工具,如:
1
2
|
mcollective-puppet-common-1.5.1-1 puppet_agent_mgr.rb
mcollective-puppet-common-1.5.1-1 puppetrunner.rb
|
- validator:验证插件,一般由 common 包提供,对应 mco plugin doc 中 Validator Plugins 。在安装了 puppet 插件之后,包含以下文件:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
mcollective-common-2.2.3-1.el5 any_validator.ddl
mcollective-common-2.2.3-1.el5 any_validator.rb
mcollective-common-2.2.3-1.el5 array_validator.ddl
mcollective-common-2.2.3-1.el5 array_validator.rb
mcollective-common-2.2.3-1.el5 ipv4address_validator.ddl
mcollective-common-2.2.3-1.el5 ipv4address_validator.rb
mcollective-common-2.2.3-1.el5 ipv6address_validator.ddl
mcollective-common-2.2.3-1.el5 ipv6address_validator.rb
mcollective-common-2.2.3-1.el5 length_validator.ddl
mcollective-common-2.2.3-1.el5 length_validator.rb
mcollective-puppet-common-1.5.1-1 puppet_resource_validator.ddl
mcollective-puppet-common-1.5.1-1 puppet_resource_validator.rb
mcollective-puppet-common-1.5.1-1 puppet_server_address_validator.ddl
mcollective-puppet-common-1.5.1-1 puppet_server_address_validator.rb
mcollective-puppet-common-1.5.1-1 puppet_tags_validator.ddl
mcollective-puppet-common-1.5.1-1 puppet_tags_validator.rb
mcollective-puppet-common-1.5.1-1 puppet_variable_validator.ddl
mcollective-puppet-common-1.5.1-1 puppet_variable_validator.rb
mcollective-common-2.2.3-1.el5 regex_validator.ddl
mcollective-common-2.2.3-1.el5 regex_validator.rb
mcollective-common-2.2.3-1.el5 shellsafe_validator.ddl
mcollective-common-2.2.3-1.el5 shellsafe_validator.rb
mcollective-common-2.2.3-1.el5 typecheck_validator.ddl
mcollective-common-2.2.3-1.el5 typecheck_validator.rb
|
六、 mcollective 插件介绍
1. 插件包组成
一般的插件包含3个包, 包命名类似:
- mcollective-plugin_name-client:提供 mcollective client 需要的文件,一般文件放在 application 目录下
- mcollective-plugin_name-common:提供插件的client和agent包所依赖的文件。
- mocllective-plugin_name-agent:提供 mcollective server 需要的文件,一般文件放在 agent 目录下
2. 插件类型
常见插件类型有以下:data plugins(数据插件), discovery plugins(发现插件), result aggregation plugins(结果聚类插件), registration plugins(注册插件), fact source plugins(事实源插件)。
更多关于各种类型的插件的使用参考 Common Plugin 。
3. 文件类型组成
一般由以下两种程序组成:
- ddl : 数据定义语言文件。同其他远程过程调用系统,MCollective有一个DDL来定义可用远程方法以及需要的输入和产生的输出。除了这些过程定义同样提供关于作者,版本等其他关键数据点的元数据。DDL在以下场景使用:
1
2
3
4
5
6
|
作为用户帮助页面来使用
作为自动生成用户接口的方式
RPC客户端在等待回复时自动配置合理的超时时间
在发送之前验证网络输入以避免向远程节点发送不必要数据
模块仓库可以使用元数据来展示可用模块的标准视图帮助用户选择合适模块
server将在发送给代理之前验证传入的请求
|
- rb:可执行文件。
七、mcollective cli
mcollective 使用命令操作。这里没有介绍的操作就查看命令帮助吧。
1. 筛选模式使用介绍
mco-cli
2. rpc 介绍
应用程序rpc是一个主要的应用程序用于向所有的server发出请求。它能够与很多标准远程过程调用(RPC)代理交互。
rpc请求详解
1
|
mco rpc service start service=httpd
|
请求会被发送到广播域中所有拥有service代理的机器。
MCollective代理被分解为一个个动作(action)和每个动作需要传入的参数(arguments)有时候有些动作也不需要参数.上面这条命令与下面这条完全等同:
1
|
mco rpc --agent service --action start --argument service=httpd
|
通过以下命令查看提供的代理:
通过以下命令查看所提供的动作:
1
2
|
mco plugin doc rpcutil
mco plugin doc agent/puppet
|
七、参考文档
这篇文章是综合多个地方写出来的,谢谢他们:
- mcollective-puppet-agent:puppet 插件的github
- Mcollective系列:这个博主非常厉害,非常非常感谢它
- Puppet Cookbook
- Installing Plugins:插件安装方法
- Managing Puppet Using MCollective
有一条评论
扩展Puppet – 迁移Puppet Master到apache
(1 votes, average: 5.00 out of 5)
520 views2012 年 3 月 4 日Puppet、运维apache、master、puppet、扩展jsxubar
扩展Puppet的方法有很多,本文将Puppet Master服务器从自带的Webrick服务器迁移到apache httpd server,因为apache httpd server能处理比webbrick更多的请求,因此可以实现Puppet的性能提升。
Puppet默认是使用Ruby的Webrick作为服务器,这个服务器是个轻量级的,架设简单,但不能处理太大的负载,不能管理太多的节点,因此需要扩展。
扩展Puppet主要包括两方面:扩展传输和扩展ssl,都是通过建立Web服务器集群来进行。
扩展Puppet - 准备条件
以主机puppet.example.com(以后称master指该主机)为master,其它为client.
配置IP和主机名,假设为以下:
1
2
3
4
5
6
|
# add to /etc/hosts
192.168.254.181 puppet.example.com
192.168.254.182 www.example.com
192.168.254.183 mail.example.com
192.168.254.184 mailtest.example.com
# end
|
在master安装Apache
安装rubygem-passenger
其实就是mod_passengre
参考: http://www.modrails.com/install.html
1
2
3
4
5
|
yum install http://passenger.stealthymonkeys.com/rhel/6/passenger-release.noarch.rpm
yum install mod_passenger
gem install rack
gem install passenger
passenger-install-apache2-module
|
配置passenger模块
1
|
cat /etc/httpd/conf.d/passenger.conf
|
1
2
3
4
5
6
7
8
9
10
11
12
13
|
# start
LoadModule passenger_module modules/mod_passenger.so
PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-3.0.11
PassengerRuby /usr/bin/ruby
PassengerTempDir /var/run/passenger
PassengerHighPerformance on
PassengerUseGlobalQueue on
PassengerMaxPoolSize 6
PassengerMaxRequests 4000
PassengerPoolIdleTime 1800
# end
|
配置apache虚拟主机
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
cat /etc/httpd/conf.d/20_puppetmaster.conf
# /etc/httpd/conf.d/20_puppetmaster.conf
# Apache handles the SSL encryption and decryption. It replaces webrick and listens by default on 8140
Listen 8140
SSLEngine on
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
# Puppet master should generate initial CA certificate.
# ensure certs are located in /var/lib/puppet/ssl
# Change puppet.example.com to the fully qualified domain name of the Puppet master, i.e. $(facter fqdn)
SSLCertificateFile /var/lib/puppet/ssl/certs/puppet.example.com.pem
SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/puppet.example.com.pem
SSLCertificateChainFile /var/lib/puppet/ssl/certs/ca.pem
SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem
# CRL checking should be enabled
# disable next line if Apache complains about CRL
SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem
# optional to allow CSR request, required if certificates distributed to client during provisioning.
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars
# The following client headers record authentication information for down stream workers.
RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
RackAutoDetect On
DocumentRoot /etc/puppet/rack/puppetmaster/public/
Options None
AllowOverride None
Order allow,deny
allow from all
# /etc/httpd/conf.d/20_puppetmaster.conf
|
建立虚拟主机目录
1
2
3
4
5
6
7
8
9
10
11
12
13
14
|
mkdir -p /etc/puppet/rack/puppetmaster/{public,tmp}
cat /etc/puppet/rack/puppetmaster/config.ru
# config.ru在/usr/share/puppet/ext/rack/files/config.ru有
# /etc/puppet/rack/puppetmaster/config.ru
# a config.ru, for use with every rack-compatible webserver.
$0 = "master"
# if you want debugging:
# ARGV << "--debug"
ARGV << "--rack"
require 'puppet/application/master'
run Puppet::Application[:master].run
# EOF /etc/puppet/rack/puppetmaster/config.ru
chown puppet.puppet /etc/puppet/rack/puppetmaster/config.ru
|
启动apache
OK,完成
注意: 迁移到apache之后,就不用再运行puppetmasterd进程,因为client连接过来后apache会处理连接请求,如果授权通过,则会调用puppet master.
参考文章
文章含有html标签,而wordpress本身会解析html标签,因此博客可能显示错误。下载word版本,下载地址:
- 扩展Puppet – 将Puppet Master移到apache.doc
发表回复
扩展Puppet – 建立Puppet Master集群
(1 votes, average: 5.00 out of 5)
696 views2012 年 3 月 4 日Puppet、运维master、puppet、扩展、集群jsxubar
建立Puppet Master集群来扩展Puppet 。这样将负载分配到多个服务器,从而提升Puppet Master的吞吐量。
本教程是上一个教程:扩展Puppet – 迁移Puppet Master到apache的继续。
我们要建立一种这样的架构,即:
Request --> Load Balancer ---> Puppet Master Worker 1
---> Puppet Master Worker 2
其中Load Balancer使用master的8140端口,这样对客户端不会有任何影响
Puppet Master Worker 1和Puppet Master Worker 2使用端口8141和18141
在同一主机不同端口建立Puppet Master集群
建立虚拟主机
# /etc/httpd/conf.d/8141_puppetmaster_worker.conf
Listen 8141
SSLEngine off
# Obtain Authentication Information from Client Request Headers SetEnvIf X-Client-Verify "(.*)" SSL_CLIENT_VERIFY=$1 SetEnvIf X-SSL-Client-DN "(.*)" SSL_CLIENT_S_DN=$1
ErrorLog /var/log/httpd/8141_puppetmaster_worker_error.log CustomLog /var/log/httpd/8141_puppetmaster_worker_access.log combined
RackAutoDetect On DocumentRoot /etc/puppet/rack/8141_puppetmaster/public/
Options None
AllowOverride None
Order allow,deny
allow from all
创建另一个虚拟主机
# /etc/httpd/conf.d/18141_puppetmaster_worker.conf
Listen 18141
SSLEngine off
ErrorLog /var/log/httpd/18141_puppetmaster_worker_error.log
CustomLog /var/log/httpd/18141_puppetmaster_worker_access.log combined
# Obtain Authentication Information from Client Request Headers
SetEnvIf X-Client-Verify "(.*)" SSL_CLIENT_VERIFY=$1
SetEnvIf X-SSL-Client-DN "(.*)" SSL_CLIENT_S_DN=$1
RackAutoDetect On
DocumentRoot /etc/puppet/rack/18141_puppetmaster/public/
Options None
AllowOverride None
Order allow,deny
allow from all
创建虚拟主机的目录
rsync -avxH /etc/puppet/rack/{,8141_}puppetmaster/
rsync -avxH /etc/puppet/rack/{,18141_}puppetmaster/
配置Load Balancer
# /etc/httpd/conf.d/30_puppetmaster_frontend_8140.conf
# Available back-end worker virtual hosts
# NOTE the use of cleartext unencrypted HTTP.
BalancerMember http://127.0.0.1:8141
BalancerMember http://127.0.0.1:18141
Listen 8140
SSLEngine on
# SSLCipherSuite SSLv2:-LOW:-EXPORT:RC4+RSA
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
# Puppet master should generate initial CA certificate.
# ensure certs are located in /var/lib/puppet/ssl
SSLCertificateFile /var/lib/puppet/ssl/certs/puppet.example.com.pem
SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/puppet.example.com.pem
SSLCertificateChainFile /var/lib/puppet/ssl/certs/ca.pem
SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem
# CRL checking should be enabled
# disable next line if Apache complains about CRL
SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem
# optional to allow CSR request, required if certificates distributed to client during provisioning.
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars
# The following client headers record authentication information for down stream workers.
RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
SetHandler balancer-manager
Order allow,deny
Allow from all
ProxyPass / balancer://puppetmaster/
ProxyPassReverse / balancer://puppetmaster/
ProxyPreserveHost On
# The load balancer log
ErrorLog /var/log/httpd/balancer_error.log
CustomLog /var/log/httpd/balancer_access.log combined
CustomLog /var/log/httpd/balancer_ssl_requests.log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x "%r" %b"
这里的关键就在于Proxy部分,里面包含的主机为负载均衡主机
重启httpd服务
server httpd restart
测试是否成功
puppet agent –test –verbose –no-daemonize是否成功,如果成功,将/etc/httpd/conf.d/18141_puppetmaster_worker.conf或/etc/httpd/conf.d/8141_puppetmaster_worker.conf文件名改成后面加.disabled,也就是取消虚拟主机,取消任何一个,puppetd是否成功,/var/log/httpd/balancer_error.log是否有记录,如果两种都取消,是否失败
不同主机相同端口建立Puppet Master集群
将18141转移到mailtest.example.com(192.168.254.184)的8141端口上
取消18141虚拟主机
mv /etc/httpd/conf.d/18141_puppetmaster_worker.conf{,.disabled}
service httpd restart
更改/etc/httpd/conf.d/30_puppetmaster_frontend_8140.conf代理:
将BalancerMember http://127.0.0.1:18141 改成
BalancerMember http://192.168.254.184:8141
注: 以下操作均在mailtest.example.com中进行
在mailtest.example.com中安装puppet master,apache,passenger
yum install apache
yum install puppet-server
yum install http://passenger.stealthymonkeys.com/rhel/6/passenger-release.noarch.rpm
yum install mod_passenger
gem install rack
gem install passenger
passenger-install-apache2-module
建立虚拟主机配置和passenger配置
# /etc/httpd/conf.d/8141_puppetmaster_worker.conf
Listen 8141
SSLEngine off
# Obtain Authentication Information from Client Request Headers
SetEnvIf X-Client-Verify "(.*)" SSL_CLIENT_VERIFY=$1
SetEnvIf X-SSL-Client-DN "(.*)" SSL_CLIENT_S_DN=$1
ErrorLog /var/log/httpd/8141_puppetmaster_worker_error.log
CustomLog /var/log/httpd/8141_puppetmaster_worker_access.log combined
RackAutoDetect On
DocumentRoot /etc/puppet/rack/8141_puppetmaster/public/
Options None
AllowOverride None
Order allow,deny
allow from all
passenger配置
cat /etc/httpd/conf.d/passenger.conf
# start
LoadModule passenger_module modules/mod_passenger.so
PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-3.0.11
PassengerRuby /usr/bin/ruby
PassengerTempDir /var/run/passenger
PassengerHighPerformance on
PassengerUseGlobalQueue on
PassengerMaxPoolSize 6
PassengerMaxRequests 4000
PassengerPoolIdleTime 1800
建立虚拟目录
rsync -avxH root@192.168.254.181:/etc/puppet/rack/8141_puppetmaster/ /etc/puppet/rack/puppetmaster/
注意检查/etc/puppet/rack/puppetmaster/config.ru的所有者和所有组是否为puppet
同步manifests和modules目录
rsync -avxH root@192.168.254.181:/etc/puppet/manifests /etc/puppet/manifests
rsync -avxH root@192.168.254.181:/etc/puppet/modules /etc/puppet/modules
启动httpd服务
按前面的方法测试一下
其实Puppet Master集群部署在不同的主机上与相同主机相差很小。
SSL授权检查仍然是放在Load Balancer进行.
在mailtest中进行的只是进行puppet master处理.而且是基于本机的manifests和modules进行处理,所以我们需要将puppet.example.com上的这两个目录同步过来
文章下载
文章含有html标签,而wordpress本身会解析html标签,因此博客可能显示错误。下载word版本,下载地址:
- 扩展Puppet – 建立Puppet Master集群
查看所有4评论
扩展Puppet – 建立Puppet CA集群
(1 votes, average: 5.00 out of 5)
395 views2012 年 3 月 4 日Puppet、运维ca、master、puppet、集群jsxubar
扩展Puppet的一种方式是将Puppet Master的CA功能分离出去,建立Puppet CA集群,集中处理CA的任务,从而提高整个Puppet系统的吞吐量。
本教程是上一个教程:扩展Puppet – 建立Puppet Master集群的继续。
我们要实现这样一种架构:
Request --> Load Balancer ---> Puppet CA 1 ---> Puppet Master Worker
---> Puppet CA 2
与上个教程类似,我们将CA 1和CA 2先放在8142和18142端口
相同主机不同端口建立Puppet CA集群
建立虚拟主机配置
sed s/8141/8142/ 8141_puppetmaster_worker.conf >8142_puppetmaster_worker.conf
sed s/8141/18142/ 8141_puppetmaster_worker.conf >18142_puppetmaster_worker.conf
建立虚拟主机目录
rsync -avxH /etc/puppet/rack/{,8142_}puppetmaster/
rsync -avxH /etc/puppet/rack/{,18142_}puppetmaster/
复制ca目录
rsync -axH /var/lib/puppet/ssl/ca{,.standby}/
并将/etc/puppet/18142_puppetmaster/config.ru修改为:
$0 = "master"
# if you want debugging:
# ARGV << "--debug"
ARGV << "--cadir" << "/var/lib/puppet/ssl/ca.standby" # add this line
ARGV << "--rack"
require 'puppet/application/master'
run Puppet::Application[:master].run
修改Load Balancer配置
# /etc/httpd/conf.d/30_puppetmaster_frontend_8140.conf
# /etc/httpd/conf.d/30_puppetmaster_frontend_8140.conf
# Available back-end worker virtual hosts
# NOTE the use of cleartext unencrypted HTTP.
<Proxy balancer://puppetmaster>
BalancerMember http://127.0.0.1:8141
BalancerMember http://192.168.254.184:8141
</Proxy>
<Proxy balancer://puppetmasterca>
# Puppet CA Active Worker
BalancerMember http://127.0.0.1:8142
# Puppet CA Hot Standby
BalancerMember http://127.0.0.1:18142 status=+H
# BalancerMember http://192.168.254.184:8142 status=+H
</Proxy>
Listen 8140
<VirtualHost *:8140>
SSLEngine on
# SSLCipherSuite SSLv2:-LOW:-EXPORT:RC4+RSA
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
# Puppet master should generate initial CA certificate.
# ensure certs are located in /var/lib/puppet/ssl
SSLCertificateFile /var/lib/puppet/ssl/certs/puppet.example.com.pem
SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/puppet.example.com.pem
SSLCertificateChainFile /var/lib/puppet/ssl/certs/ca.pem
SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem
# CRL checking should be enabled
# disable next line if Apache complains about CRL
SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem
# optional to allow CSR request, required if certificates distributed to client during provisioning.
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars
# The following client headers record authentication information for down stream workers.
RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
<Location />
SetHandler balancer-manager
Order allow,deny
Allow from all
</Location>
# Ordering of ProxyPass directives is important
# Direct all Puppet agent CA requests to a specific set of workers.
ProxyPassMatch ^(/.*?)/(certificate.*?)/(.*)$ balancer://puppetmasterca
ProxyPassReverse ^(/.*?)/(certificate.*?)/(.*)$ balancer://puppetmasterca
# Direct all other Puppet agent requests to the default set of workers.
ProxyPass / balancer://puppetmaster/
ProxyPassReverse / balancer://puppetmaster/
ProxyPreserveHost On
# The load balancer log
ErrorLog /var/log/httpd/balancer_error.log
CustomLog /var/log/httpd/balancer_access.log combined
CustomLog /var/log/httpd/balancer_ssl_requests.log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x "%r" %b"
</VirtualHost>
# BalancerMember http://127.0.0.1:18142 status=+H +H表示在主机没响应时再使用备机
# 只有一个在工作
重启httpd服务,测试
不同主机相同端口建立Puppet CA集群
将18142转移到mailtest的8142端口
在/etc/httpd/conf.d/30_puppetmaster_frontend_8140.conf文件添加以下行:
BalancerMember http://192.168.254.184:8142 status=+H
下面步骤在mailtest.example.com上进行
建立虚拟主机配置
sed s/8141/8142/ 8141_puppetmaster_worker.conf >8142_puppetmaster_worker.conf
建立虚拟目录
rsync -avxH /etc/puppet/rack/{,8142_}puppetmaster/
与前面类似,同样的,config.ru文件添加以下行:
ARGV << "--cadir" << "/var/lib/puppet/ssl/ca.standby"
使用rsync同步ca.standby目录
rsync -axH root@192.168.254.181:/var/lib/puppet/ssl/ca.standby/ /var/lib/puppet/ssl/ca.standby/
重启httpd服务
测试发现,如果一个新主机申请证书,而请求已经到了CA 1,但是没有签署,这时CA 1出问题了,将CA 1的ca目录同步到CA 2,然后就可以在CA 2上进行签署了。
注意此处的CA处理的只是第一次请求证书时的证书签署工作,并不处理签署过的证书的验证工作.也就是说已经签署证书的主机运行puppet agent时并不需要CA 1和CA 2的处理。
参考文章
文章含有html标签,而wordpress本身会解析html标签,因此博客可能显示错误。下载word版本,下载地址:
- 扩展Puppet – 建立Puppet CA集群.doc
发表回复
测试Puppet的性能
(1 votes, average: 5.00 out of 5)
274 views2012 年 3 月 4 日Puppet、运维puppet、性能、测试jsxubar
测试Puppet系统的性能,方法很简单,就是使用curl观察响应时间。
可以从balancer_access.log中获得请求的地址,如下:
# tail balancer_access.log
127.0.0.1 - - [05/Dec/2010:05:41:41 -0800] "GET
/production/catalog/test.example.lan?facts_format=b64_zlib_yaml&facts=eNqdVVt… HTTP/1.1"
200 944 "-" "-"
然后对日志中获取到的URL自行进行连接,并计算时间:
time curl -v -H "Accept: pson, yaml"
-H "X-Client-DN: /CN=test.example.com"
-H "X-Client-Verify: SUCCESS"
'http://127.0.0.1:8141/production/catalog/test.example.com?facts=…&facts_format=b64_zlib_yaml'
这种方式是一种非常简单的方式,并未测试puppet master的吞吐量等信息。
文章含有html标签,而wordpress本身会解析html标签,因此博客可能显示错误。下载word版本,下载地址:
发表回复
CentOS安装Puppet dashboard
(1 votes, average: 5.00 out of 5)
895 views2012 年 3 月 4 日Puppet、运维dashboard、master、puppetjsxubar
Puppet dashboard是一个管理puppet系统的组件,在Puppet Master安装之后可以通过web界面对puppet进行管理和信息查看。本文使用yum的方式进行安装,也可以使用源码方式安装Puppet dashboard。
一、安装Puppet dashboard
1
2
3
4
|
yum install mysql-server
gem update --system 1.3.7 # 只能安装这个版本,最新版本会出错
gem install rake
yum install puppet-dashboard
|
二、配置 puppet dashboard
1
2
3
4
5
6
7
8
|
cd /usr/share/puppet-dashboard
vim config/database.yaml
production:
database: dashboard
username: dashboard
password: dashboard
encoding: utf8
adapter: mysql
|
三、数据库配置
1. 创建数据库
# 连上数据库后,运行以下命令:
1
2
3
4
|
mysql>CREATE DATABASE dashboard CHARACTER SET utf8;
mysql>CREATE USER 'dashboard'@'localhost' IDENTIFIED BY 'dashboard';
mysql>GRANT ALL PRIVILEGES ON dashboard.* TO 'dashboard'@'localhost';
mysql>exit
|
2. 创建表
1
2
|
cd /usr/share/puppet-dashboard
rake RAILS_ENV=production db:migrate
|
四、启动dashboard
1
|
./script/server -e production
|
五、维护
1. 迁移Puppet dashboard到apache
这是用Webrick做Web服务器的,可以迁移到apache。迁移方法如下
a. 安装apache,passenger和mod_passenger
参考扩展Puppet – 迁移Puppet Master到apache。
b. apache建立虚拟主机配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
|
# /etc/httpd/conf.d/dashboard.conf
PassengerHighPerformance on
PassengerMaxPoolSize 12
PassengerPoolIdleTime 1500
PassengerStatThrottleRate 120
RailsAutoDetect On
Listen 3000
<VirtualHost *:3000>
ServerName dashboard.example.com
DocumentRoot /usr/share/puppet-dashboard/public/
<Directory /usr/share/puppet-dashboard/public/>
Options None
AllowOverride AuthConfig
Order allow,deny
allow from all
</Directory>
ErrorLog /var/log/httpd/dashboard.example.com_error.log
LogLevel warn
CustomLog /var/log/httpd/dashboard.example.com_access.log combined
ServerSignature On
</VirtualHost>
|
c. 重启httpd服务
使用浏览器访问http://your_ip:3000即可
2. 整合dashboard
a. 导入已存在的报告
1
2
|
rake RAILS_ENV=production reports:import
env RAILS_ENV=production script/delayed_job -p dashboard -n 1 -m start
|
b. 向dashboard提交报告
在客户端修改配置文件
1
2
|
[agent]
report = true
|
# 服务器端修改配置文件
1
2
3
4
|
vim /etc/puppet/puppet.conf
[master]
reports = store, http
reporturl = http://localhost:3000/reports/upload
|
c. 使用ENC,也就是使用dashboard来定义节点,类等信息
在服务器端
1
2
3
|
[master]
node_terminus = exec
external_nodes = /usr/share/puppet-dashboard/bin/external_node
|
3. 查看预定义任务
1
2
|
cd /usr/share/puppet-dashboard
rake --task
|
六、文章下载
文章含有html标签,而wordpress本身会解析html标签,因此博客可能显示错误。可下载word版本,下载地址:
发表回复
安装Puppet Foreman
(2 votes, average: 5.00 out of 5)
1,145 views2012 年 3 月 4 日Puppet、运维foreman、master、puppetjsxubar
Puppet Foreman是一个Puppet系统的管理组件, 在Master上安装Foreman之后,即可在Web管理台对Puppet进行管理和信息的查看。
Foreman的安装和配置方法与dashboard类似,puppet的dashboard软件安装见文:安装Puppet dashboard。
安装puppet foreman软件包
1
2
3
4
|
gem install rubygem-sqlite3-ruby
yum install foreman
yum install mysql-server mysql-devel
gem install ruby-mysql
|
创建数据库和用户
1
2
3
4
5
6
|
mysql -uroot -p
# 连上数据库后,运行以下命令:
CREATE DATABASE foreman CHARACTER SET utf8;
CREATE USER 'foreman'@'localhost' IDENTIFIED BY 'foreman';
GRANT ALL PRIVILEGES ON foreman.* TO 'foreman'@'localhost';
exit
|
# 测试一下,能连上就OK了
1
|
mysql -udashboard -pforeman
|
配置Foreman
# 修改datebase.yml
1
2
3
4
5
6
7
8
9
|
vim database.yml # 修改以下内容
----------------------------------
production:
database: foreman
username: foreman
password: foreman
encoding: utf8
adapter: mysql
----------------------------------
|
创建表
1
|
RAILS_ENV=production rake db:migrate
|
整合foreman
1
2
|
RAILS_ENV=production rake puppet:import:hosts_and_facts
RAILS_ENV=production rake puppet:import:puppet_classes
|
启动foreman,默认运行在3000端口
1
|
./script/server -e production
|
这是用Webrick做Web服务器的,可以迁移到apache
迁移Foreman到apache
安装apache,passenger和mod_passenger,之前的教程已有提及,此处不再说明
建立虚拟主机配置:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
PassengerHighPerformance on
PassengerMaxPoolSize 12
PassengerPoolIdleTime 1500
PassengerStatThrottleRate 120
RailsAutoDetect On
Listen 4000
<VirtualHost *:4000>
ServerName foreman.example.com
DocumentRoot /usr/share/foreman/public/
<Directory /usr/share/foreman/public/>
Options None
AllowOverride AuthConfig
Order allow,deny
allow from all
</Directory>
ErrorLog /var/log/httpd/foreman.example.com_error.log
LogLevel warn
CustomLog /var/log/httpd/foreman.example.com_access.log combined
ServerSignature On
</VirtualHost>
|
ENC配置
建立/usr/share/foreman/extras/puppet/foreman/files/external_node.rb文件,内容如下:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
|
#! /usr/bin/ruby
# a simple script which fetches external nodes from Foreman
# you can basically use anything that knows how to get http data, e.g. wget/curl
etc.
# Foreman url
foreman_url="http://localhost:4000"
require 'net/http'
foreman_url += "/node/#{ARGV[0]}?format=yml"
url = URI.parse(foreman_url)
req = Net::HTTP::Get.new(foreman_url)
res = Net::HTTP.start(url.host, url.port) { |http|
http.request(req)
}
case res
when Net::HTTPOK
puts res.body
else
$stderr.puts "Error retrieving node %s: %s" % [ARGV[0], res.class]
end
|
修改配置文件
1
2
3
|
[master]
node_terminus = exec
external_nodes = /usr/share/foreman/extras/puppet/foreman/files/external_node.rb
|
Report配置:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
# /usr/lib/ruby/site_ruby/1.8/puppet/reports/foreman.rb
# copy this file to your report dir - e.g. /usr/lib/ruby/1.8/puppet/reports/
# add this report in your puppetmaster reports - e.g, in your puppet.conf add:
# reports=log, foreman # (or any other reports you want)
# URL of your Foreman installation
$foreman_url="http://localhost:4000"
require 'puppet'
require 'net/http'
require 'uri'
Puppet::Reports.register_report(:foreman) do
Puppet.settings.use(:reporting)
desc "Sends reports directly to Foreman"
def process
begin
uri = URI.parse($foreman_url)
http = Net::HTTP.new(uri.host, uri.port)
if uri.scheme == 'https' then
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
end
req = Net::HTTP::Post.new("/reports/create?format=yml")
req.set_form_data({'report' => to_yaml})
response = http.request(req)
rescue Exception => e
raise Puppet::Error, "Could not send report to Foreman at #{$foreman_url}/reports/create?format=yml: #{e}"
end
end
end
|
客户端:
1
2
|
[agent]
report = true
|
服务器端:
1
2
|
[main]
reports = log, foreman
|
参考文章
文章含有html标签,而wordpress本身会解析html标签,因此博客可能显示错误。下载word版本,下载地址:
#########################################################
http://www.oschina.net/p/foreman/similar_projects?lang=21&sort=view&p=5
Foreman是一个集成的数据中心生命周期管理工具,提供了服务开通,配置管理以及报告 功能,和Puppet Dahboard一样,Foreman也是一个Ruby on Rails程序.Foreman和 Dashboard不同的地方是在于,Foreman更多的关注服务开通和管理数据中心的能力,例如和引导工具,PXE启动服务器,DHCP服务器及服务 器开通工具进行集成.
Foreman 机器统一管理平台
- Foreman可以与Puppet集成使用,通常是作为puppet的前端接入.
- Foreman takes care of provisioning until the point puppet is running, allowing Puppet to do what it does best.(太难翻了 -_-!!)
- Foreman能够通过Facter组件显示系统目录信息,并且可以从Puppet主机报表中提供实时信息
- Foreman能够准备你管理新机器的所有工作.它的设计目标是能够自动化的完成所有手工管理的工作,通过Foreman可以重新配置机器.
- Foreman能够管理大规模(当然也包括小规模)的,企业级的的网络,可能有很多域,子网和很多puppet master节点.Foreman也可以实现配置版本的回溯.
- 授权协议: GPL
- 开发语言: Ruby
- 操作系统: 跨平台
- 收录时间: hongshenghe -> 2012年10月24日
..........
http://itnihao.blog.iyunv.com/1741976/1143208
foreman概述
Foreman是一个集成的数据中心生命周期管理工具,提供了服务开通,配置管理以及报告 功能,和Puppet Dahboard一样,Foreman也是一个Ruby on Rails程序.Foreman和 Dashboard不同的地方是在于,Foreman更多的关注服务开通和管理数据中心的能力,例如和引导工具,PXE启动服务器,DHCP服务器及服务 器开通工具进行集成.
Foreman 机器统一管理平台
- Foreman可以与Puppet集成使用,通常是作为puppet的前端接入.
- Foreman takes care of provisioning until the point puppet is running, allowing Puppet to do what it does best.(太难翻了 -_-!!)
- Foreman能够通过Facter组件显示系统目录信息,并且可以从Puppet主机报表中提供实时信息
- Foreman能够准备你管理新机器的所有工作.它的设计目标是能够自动化的完成所有手工管理的工作,通过Foreman可以重新配置机器.
- Foreman能够管理大规模(当然也包括小规模)的,企业级的的网络,可能有很多域,子网和很多puppet master节点.Foreman也可以实现配置版本的回溯.
- 上述内容引自oschina
- foreman架构
安装配置过程
一,操作系统环境
- Centos6.3_X64
- 主机名的配置
- [iyunv@test puppet]#cat /etc/hosts
- puppet.test.com 192.168.1.89
- [iyunv@test puppet]#hostname
- puppet.test.com
- 注意:此处的主机名必须要设置,且可以解析,至于是用DNS解析,还是hosts解析,可以自己选择
- 由于puppet采用证书验证,所以主机名不要轻易改动,否则会造成一些麻烦,证书存储目录为/var/lib/puppet/ssl/
- 如果你想重新生成证书,可以删除此目录下面的文件,服务端重启puppetmaster进程会重新生成证书,客户端如重新获取
- 证书,删除此目录下文件,会重新从客户端获取。证书不成功会报N多错误,此处不列举了。
- 2.配置yum源 【epel源,puppet官方源】
- rpm -ivh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
- rpm -ivh http://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-6.noarch.rpm
- 注意:
- 由于epel目前只提供了2.X的源,而此处想采用最新的3.X版本,所以下面指定了安装版本
- 3.安装puppet-server
- yum install puppet-3.1.0-1 puppet-server-3.1.0-1
- 注意:
- 本文只会讲解基本的foreman,不涉及整合passenger,在玩会基本的功能后,再去研究passenger就比较容易了
- 4.安装foreman foreman-proxy
- yum -y install http://yum.theforeman.org/releases/1.1/el6/x86_64/foreman-release-1.1stable-3.el6.noarch.rpm
- yum -y install foreman-installer
- ruby /usr/share/foreman-installer/generate_answers.rb
- [iyunv@test puppet]# ruby /usr/share/foreman-installer/generate_answers.rb
- Welcome to the Foreman Installer!
- ---------------------------------
-
- This installer will help you set up Foreman and the associated extra
- configuration necessary to get you up and running. There is an interactive shell
- which will ask you questions, but if you just want to get up and running as fast
- as possible, answer 'yes' to the all-in-one install at the beginning
-
-
- Ready to start? (y/n)
- y 输入y
- Do you want to use the default all-in-one setup?
- This will configure Foreman, Foreman-Proxy, Puppet (including a puppetmaster),
- several puppet environments, TFTP (for provisioning) and sudo (for puppet
- certificate management) (y/n)
- y 输入y
- Do you want to run Puppet now with these settings? (y/n)
- y 输入y
-
-
- [iyunv@test ~]# ls /usr/share/ |grep fore
- foreman-installer
-
- [iyunv@test ~]# rpm -qa|grep foreman
- foreman-installer-1.1.1-1.noarch
-
- ==========================================================
- yum install ruby-mysql
- yum -y install foreman foreman-proxy
-
- ********************************************************************************
- chown foreman.foreman -R /usr/share/foreman
- chown foreman.foreman -R /usr/share/foreman/db/schema.rb
-
-
- su - foreman -s /bin/bash -c /usr/share/foreman/extras/dbmigrate
- ********************************************************************************
-
- vim /usr/share/foreman/config/database.yml
- 原文件为sqllite的配置,此处改为mysql作为数据库存储
- =================================================
- production:
- adapter: mysql
- database: puppet
- username: puppet
- password: puppet
- host: localhost
- socket: "/var/lib/mysql/mysql.sock"
- =================================================
- mysql> create database puppet CHARACTER SET utf8;
- mysql> grant all privileges on puppet.* to puppet@'localhost' identified by 'puppet';
- mysql> flush privileges;
-
- cd /usr/share/foreman/
- RAILS_ENV=production rake db:migrate
- rake puppet:migrate:populate_hosts RAILS_ENV=production
-
- chown foreman.foreman /usr/share/foreman/tmp/secret_token
- vim /etc/foreman-proxy/settings.yml
- ==========================================================
- :trusted_hosts:
- - puppet.test.com
- :puppetca: true
- :puppet: true
- :puppet_conf: /etc/puppet/puppet.conf
- ===========================================================
-
- /etc/init.d/puppetmaster restart
- /etc/init.d/foreman restart
- /etc/init.d/foreman-proxy restart
-
- http://192.168.1.89:3000/users/login登陆
- 用户admin 密码changeme
- 进入之后配置more-configureation-smart proxies----
- name 名称
- proxy的地址 http://puppet.test.com:8443
- 注意:此处必须要foreman-proxy服务器上面可以解析的地址
- 可以在本机添加hosts
- 导入puppet存在的模板
- RAILS_ENV=production rake puppet:import:puppet_classes
- rake puppet:migrate:populate_hosts RAILS_ENV=production
- 请注意此处的顺序,当时我配置的时候,在网上上参考2.X的方法,结果一直提示proxy功能没有打开
- #vim /etc/puppet/node.rb
- :url => "http://puppet.test.com:3000",
- 【注意:此处也可以采用https】
-
-
-
- 打开报告功能
- 服务器端#cp /usr/share/foreman-installer/foreman/templates/foreman-report.rb.erb /usr/lib/ruby/site_ruby/1.8/puppet/reports/foreman.rb
- 客户端需修改
- agent配置如下
- [agent]
- classfile = $vardir/classes.txt
- localconfig = $vardir/localconfig
- report = true
- pluginsync = true
- masterport = 8140
- environment = production
- certname = puppet.test.com
- server = puppet.test.com
- listen = true
-
- #vim /usr/lib/ruby/site_ruby/1.8/puppet/reports/foreman.rb
- $foreman_url='http://puppet.test.com:3000'
- chown foreman.foreman -R /usr/share/foreman/
- /etc/init.d/puppetmaster restart
- /etc/init.d/foreman restart
- /etc/init.d/foreman-proxy restart
- 在客户端测试
- #puppet agent --verbose --test
后续的web界面管理和功能使用不再介绍,参考官方文档
界面如下
官方文档为http://theforeman.org/manuals/1.1/index.html
总结一下:
虽然用yum安装,但是会遇到各种问题,官方手册也没有详细的说明,以上细节为本人安装配置过程的简单总结,各位可能会遇到其他问题。
foreman功能并没有想象中的强大,无法代替命令行编辑的功能,很多底层的功能还是要用命令行完成。不过其web界面功能提供了很好的交互式操作,让puppet展示的具体,一目了然。
注意:本文只是一个简单的安装应用概述,更多功能请大家阅读官方原文。
================================================================================
更正一下:由于之前文档的步骤是在安装成功后写的,存在顺序问题
今天重新整理并截图,文档为install_foreman_on_centos6.4_X64.pdf,见附件
2013-04-15
================================================================================
本文出自 “itnihao的运维技术博客” 博客,转载请与作者联系!
|
|
QQ群⑧:
窥视卡
雷达卡
发表于 2015-9-16 10:31:40
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡