|
|
这篇博文主要介绍puppet在实际生产环境下的master/agent模型的使用;
===================================================================
1 原理介绍
1.1 原理图
1.2 详细说明
2 配置实例
2.0 准备
2.1 master配置
2.2 agent配置
2.3 master签署证书
2.4 agent一次完整的同步案例
===================================================================
1 原理介绍
1.1 原理图
1.2 详细说明
- puppet agent通常运行为一个服务进程,其默认每隔半个小时向master发出一次连接请求;
- puppet agent并不直接访问任何manifest,而是向master请求一个预编译的catalog文件;
- puppet master会为发出请求的agent读取一个名为“site manifest”的特殊manifest文件,并基于此编译一个catalog后发送给agent;
- puppet agent在获取到catalog后应用于本地;
- 因此,基于此种工作架构,仅在master端提供一个或少量几个manifest即可实现管理大量的节点,并能提供更加安全的工作过程;
2 配置实例
2.0 准备
puppet利用主机名识别不同的节点,故需保证master和agent的主机名都可解析,生产环境下使用DNS解析,测试环境使用hosts文件即可;
2.1 master配置
yum localinstall facter-1.7.3-1.el6.x86_64.rpm puppet-2.7.25-1.el6.noarch.rpm puppet-server-2.7.25-1.el6.noarch.rpm
# 生成master配置文件:
puppet master --genconfig >> /etc/puppet/puppet.conf
# 启动puppetmaster服务
puppetmasterd -v -d --no-daemonize # 前台测试启动
service puppetmaster start # 正式启动服务
# 服务验证:ss -antupl |grep 8140
2.2 agent配置
# 安装puppet程序包
yum localinstall facter-1.7.3-1.el6.x86_64.rpm puppet-2.7.25-1.el6.noarch.rpm
# 编辑配置文件
vi /ect/puppet/puppet.conf # 在[agent]段添加server=Puppetmaster_Hostname,如
server = master.lamp.com
# 启动puppet服务
puppet agent --server mem.lamp.com -v -d --noop --test # 测试启动,不实际应用配置
service puppet start # 正式启动agent服务
chkconfig puppet on # 配置开启启动
2.3 master签署证书
# 手动签发:
puppet cert list # 显示待签发节点的证书请求
puppet cert sign Node_Name # 签署某一agent的请求
puppet cert sign --all # 一次性签署全部请求
# 自动签发:
cat > /ect/puppet/autosign.conf << EOF *.lamp.com EOF # 会对所有来自lamp.com的主机请求都自动签发
# 注:master端的任何修改,都要重新装载puppetmaster服务,即执行如下命令即可
service puppetmaster reload
2.4 agent一次完整的同步案例
[iyunv@nginx1 ~]# puppet agent -v -t
info: Caching catalog for nginx1.lamp.com
info: Applying configuration version '1400402077'
notice: /Stage[main]/Nginx::Package::Redhat/Package[nginx]/ensure: created
notice: /Stage[main]/Nginx::Config/File[/etc/nginx/nginx.conf]/content:
--- /etc/nginx/nginx.conf 2013-04-27 04:36:51.000000000 +0800
+++ /tmp/puppet-file20140518-5216-1feu0op-0 2014-05-18 16:34:51.566999838 +0800
@@ -1,42 +1,31 @@
-# For more information on configuration, see:
-# * Official English Documentation: http://nginx.org/en/docs/
-# * Official Russian Documentation: http://nginx.org/ru/docs/
-
-user nginx;
-worker_processes 1;
+user nginx;
+worker_processes 1;
error_log /var/log/nginx/error.log;
-#error_log /var/log/nginx/error.log notice;
-#error_log /var/log/nginx/error.log info;
-
pid /var/run/nginx.pid;
-
events {
- worker_connections 1024;
+ worker_connections 1024;
+
}
-
http {
- include /etc/nginx/mime.types;
- default_type application/octet-stream;
+ include /etc/nginx/mime.types;
+ default_type application/octet-stream;
+
+ access_log /var/log/nginx/access.log;
+
+ sendfile on;
+
+
+
+ keepalive_timeout 65;
+ tcp_nodelay on;
- log_format main '$remote_addr - $remote_user [$time_local] "$request" '
- '$status $body_bytes_sent "$http_referer" '
- '"$http_user_agent" "$http_x_forwarded_for"';
-
- access_log /var/log/nginx/access.log main;
-
- sendfile on;
- #tcp_nopush on;
-
- #keepalive_timeout 0;
- keepalive_timeout 65;
-
- #gzip on;
-
- # Load config files from the /etc/nginx/conf.d directory
- # The default server is in conf.d/default.conf
- include /etc/nginx/conf.d/*.conf;
+
+ gzip on;
+ gzip_disable "MSIE [1-6].(?!.*SV1)";
+
+ include /etc/nginx/conf.d/*.conf;
}
info: FileBucket got a duplicate file {md5}d9dfc198c249bb4ac341198a752b9458
info: /Stage[main]/Nginx::Config/File[/etc/nginx/nginx.conf]: Filebucketed /etc/nginx/nginx.conf to puppet with sum d9dfc198c249bb4ac341198a752b9458
notice: /Stage[main]/Nginx::Config/File[/etc/nginx/nginx.conf]/content: content changed '{md5}d9dfc198c249bb4ac341198a752b9458' to '{md5}df69537f815f9aacfe6dd6a439a7ba06'
notice: /Stage[main]/Nginx::Config/File[/etc/nginx/conf.d/proxy.conf]/ensure: defined content as '{md5}530e67c1708924887565ce91f2c5b9f8'
info: Class[Nginx::Config]: Scheduling refresh of Class[Nginx::Service]
info: Class[Nginx::Service]: Scheduling refresh of Service[nginx]
info: Class[Nginx::Service]: Scheduling refresh of Exec[rebuild-nginx-vhosts]
notice: /Stage[main]/Nginx::Service/Exec[rebuild-nginx-vhosts]: Triggered 'refresh' from 1 events
info: /Stage[main]/Nginx::Service/Exec[rebuild-nginx-vhosts]: Scheduling refresh of Service[nginx]
notice: /Stage[main]/Nginx::Service/Service[nginx]/ensure: ensure changed 'stopped' to 'running'
notice: /Stage[main]/Nginx::Service/Service[nginx]: Triggered 'refresh' from 2 events
notice: Finished catalog run in 5.06 seconds
# 特别注意notice的输出内容,分别完成了nginx程序的安装,配置文件的生成,服务的启动等操作;
|
|
|
|
|
|
|
|
|
QQ群⑧:
窥视卡
雷达卡
发表于 2014-5-19 14:22:42
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡