1. puppet之主动推送功能
使用puppet kick进行推送,但kick功能无法支撑大规模puppet agent同时并发请求,所以当agent规模较大时,请使用MCollective
1.1设置puppet agent所有节点的pupet.conf在【agent】增加“listen=true”
1.2开启防火墙8139端口
1.3在puppet agent的auth.conf的path /前加入如下配置
path /run
method save
auth any
allow puppetmaster_hostname
# deny everything else; this ACL is not strictly necessary, but
# illustrates the default policy.
path /
auth any
1.4重启agent
service puppet restart
1.5master端测试
cat puppet_kick.sh
#!/bin/sh
cat ./$1 | while read LINE
do
echo $LINE “puppet kick”
puppet kick –p 5 –-host $LINE
sleep 1
done
cat puppet_hostname.txt
salt-minion-1
salt-minion-2
测试结果:
Warning: Puppet kick is deprecated. See http://links.puppetlabs.com/puppet-kick-deprecation
Warning: Failed to load ruby LDAP library. LDAP functionality will not be available
Triggering salt-minion-1
Getting status
status is success
salt-minion-1 finished with exit code 0
Finished
salt-minion-2 puppet kick
Warning: Puppet kick is deprecated. See http://links.puppetlabs.com/puppet-kick-deprecation
Warning: Failed to load ruby LDAP library. LDAP functionality will not be available
Triggering salt-minion-2
Getting status
status is success
salt-minion-2 finished with exit code 0
Finished
1.6ldap错误
关于warning1,可以发现puppet kick被Mcollective方法替代,但仍可以使用。
[root@salt-master puppet]# puppet kick --host salt-minion-1
Warning: Puppet kick is deprecated. See http://links.puppetlabs.com/puppet-kick-deprecation
Warning: Failed to load ruby LDAP library. LDAP functionality will not be available
2. 架构扩展之单台puppetmaster
由于puppet 3.X系列不支持mongrel,所以2.x版本可以采用Nginx+mongrel 模式,而3.x版本采用Nginx+Passenger模式(也支持apache,但是nginx处理能力会比较高一些)
Nginx + Passenger 模式:
master端配置:
2.1下载puppetlab软件包
rpm -Uvh https://yum.puppetlabs.com/el/6Server/products/x86_64/puppetlabs-release-6-10.noarch.rpm
yum clean all
2.2 在master端安装puppet-server
yum -y install puppet-server
[root@salt-master yum.repos.d]# puppet -V
3.5.1
[root@salt-master yum.repos.d]# facter -v
2.0.1
2.3安装Nginx和Passenger
yum -y install ruby-devel rubygems
gem install rake rack passenger
运行命令passenger-install-nginx-module会自动安装nginx和passenger
#命令给出两个选项,选择1自动安装即可
Automatically download and install Nginx?
Nginx doesn't support loadable modules such as some other web servers do,
so in order to install Nginx with Passenger support, it must be recompiled.
Do you want this installer to download, compile and install Nginx for you?
1. Yes: download, compile and install Nginx for me. (recommended)
The easiest way to get started. A stock Nginx 1.4.7 with Passenger
support, but with no other additional third party modules, will be
installed for you to a directory of your choice.
2. No: I want to customize my Nginx installation. (for advanced users)
Choose this if you want to compile Nginx with more third party modules
besides Passenger, or if you need to pass additional options to Nginx's
'configure' script. This installer will 1) ask you for the location of
the Nginx source code, 2) run the 'configure' script according to your
instructions, and 3) run 'make install'.
编译完成后会提示nginx加载passenger的用法:
Suppose you have a web application in /somewhere. Add a server block
to your Nginx configuration file, set its root to /somewhere/public, and set
'passenger_enabled on', like this:
server {
listen 80;
server_name www.yourhost.com;
root /somewhere/public; # <--- be sure to point to 'public'!
passenger_enabled on;
}
2.4创建rack目录并配置rack应用
mkdir -p /etc/puppet/rack/public
cp /usr/share/puppet/ext/rack/files/config.ru /etc/puppet/rack
chown -R puppet:puppet /etc/puppet/rack
2.5 配置Nginx
修改nginx.conf,添加passenger模块配置(默认已经添加进去)
passenger_root /usr/lib/ruby/gems/1.8/gems/passenger-4.0.41;
passenger_ruby /usr/bin/ruby;
include vhosts/*.conf <= 手动添加虚拟主机,如果不添加,直接把虚拟主机信息写到nginx.conf也可以
2.6 创建虚拟主机文件
touch $NGINX_HOME/vhosts/puppet_master.conf
server {
listen 8140 ssl;
server_name salt-master;
passenger_enabled on;
passenger_set_cgi_param HTTP_X_CLIENT_DN $ssl_client_s_dn;
passenger_set_cgi_param HTTP_X_CLIENT_VERIFY $ssl_client_verify;
access_log /usr/local/nginx/logs/puppet_access.log;
error_log /usr/local/nginx/logs/puppet_error.log;
root /etc/puppet/rack/public;
ssl_certificate /var/lib/puppet/ssl/certs/salt-master.pem;
ssl_certificate_key /var/lib/puppet/ssl/private_keys/salt-master.pem;
ssl_crl /var/lib/puppet/ssl/ca/ca_crl.pem;
ssl_client_certificate /var/lib/puppet/ssl/certs/ca.pem;
ssl_ciphers SSLv2:-LOW:-EXPORT:RC4+RSA;
ssl_prefer_server_ciphers on;
ssl_verify_client optional;
ssl_verify_depth1;
ssl_session_cacheshared:SSL:128m;
ssl_session_timeout 5m;
}
2.7 关闭puppetmaster随机启动
chkconfig puppetmaster off
2.8 启动nginx
检测nginx.conf语法
/usr/local/nginx/sbin/nginx -t
启动nginx
/usr/local/nginx/sbin/nginx
2.9 检测8140端口是否启动
netstat -an |grep 8140
agent 端配置
修改puppet.conf文件指定certname及server
[agent]
server = salt-master
[master]
certname = salt-master
验证:
agent端:
puppet agent --test
master端:
[root@salt-master vhosts]# tail -f /usr/local/nginx/logs/puppet_access.log
X.X.X.X - - [17/Apr/2014:14:17:50 +0800] "GET /production/node/salt-minion-2? HTTP/1.1" 200 3524 "-" "-"
X.X.X.X - - [17/Apr/2014:14:17:50 +0800] "GET /production/file_metadatas/pluginfacts?checksum_type=md5&links=manage&recurse=true&ignore=.svn&ignore=CVS&ignore=.git HTTP/1.1" 200 283 "-" "-"
X.X.X.X - - [17/Apr/2014:14:17:50 +0800] "GET /production/file_metadatas/plugins?checksum_type=md5&links=manage&recurse=true&ignore=.svn&ignore=CVS&ignore=.git HTTP/1.1" 200 283 "-" "-"
X.X.X.X - - [17/Apr/2014:14:17:50 +0800] "POST /production/catalog/salt-minion-2 HTTP/1.1" 200 574 "-" "-"
X.X.X.X - - [17/Apr/2014:14:17:50 +0800] "PUT /production/report/salt-minion-2 HTTP/1.1" 200 9 "-" "-"
X.X.X.X - - [17/Apr/2014:14:20:06 +0800] "GET /production/node/salt-minion-1? HTTP/1.1" 200 3524 "-" "-"
X.X.X.X - - [17/Apr/2014:14:20:06 +0800] "GET /production/file_metadatas/pluginfacts?checksum_type=md5&links=manage&recurse=true&ignore=.svn&ignore=CVS&ignore=.git HTTP/1.1" 200 283 "-" "-"
X.X.X.X - - [17/Apr/2014:14:20:06 +0800] "GET /production/file_metadatas/plugins?checksum_type=md5&links=manage&recurse=true&ignore=.svn&ignore=CVS&ignore=.git HTTP/1.1" 200 283 "-" "-"
X.X.X.X - - [17/Apr/2014:14:20:06 +0800] "POST /production/catalog/salt-minion-1 HTTP/1.1" 200 574 "-" "-"
X.X.X.X - - [17/Apr/2014:14:20:06 +0800] "PUT /production/report/salt-minion-1 HTTP/1.1" 200 9 "-" "-"
QQ群⑧:
窥视卡
雷达卡
发表于 2018-8-2 11:26:20
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡