|
|
puppet 原理和工作流程
puppet 一个为实现数据中心自动化管理而设计的配置管理软件
基于C/S架构
原理:S服务端保存着所有的对客户端服务器的配置代码,puppet里叫清单(manifest);c客户端下载清单后,根据清单对服务器进行配置
工作流程:客户端调用facter facter探测出主机的一些变量,puppetd 把这些信息通过SSL连接发送到服务器puppetmaster
服务器puppetmaster 检测客户端的主机名,然后找到manifest里面对应主机的配置,对其解析,让客户端执行。客户端每隔30分钟同步一次配置文件。
puppet安装
centos6.5 安装puppet
OS: Centos 6.5 x86_64
Puppet master: master.com (192.168.116.135)
Puppet clients: client1.com (192.168.116.136)
Puppet clients: client2.com (192.168.116.137)
一、先做好安装的准备工作:
1. 在master和client均关闭selinux,iptables:
停止iptables
[iyunv@master ~]# service iptables stop
[iyunv@master ~]# chkconfig ptables off
关闭selinux
[iyunv@master ~]# vim /etc/selinux/config
改成 SELINUX=disabled
2. 为了保证能向master主机申请到正确的有效证书,建议master和client设置ntp:
[iyunv@master ~]# yum -y install ntp
[iyunv@master ~]# ntpdate pool.ntp.org
[iyunv@master ~]# chkconfig ntpd on
[iyunv@master ~]# chkconfig --list|grep ntp
[iyunv@master ~]# service ntpd start
3. 在master和client端设置主机名和hosts
Puppet 要求所有机器有完整的域名,如果没有 DNS 服务器提供域名的话,可以在机器上设置主机名
[iyunv@master ~]# vim /etc/sysconfig/network
master.com
[iyunv@master ~]# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.116.135 master.com
192.168.116.136 client1.com
192.168.116.137 client2.com
4. 安装puppet官方源(都安装后,克隆改主机名)
[iyunv@master ~]# wget http://yum.puppetlabs.com/el/6/p ... ease-6-7.noarch.rpm
[iyunv@master ~]# rpm -ivh puppetlabs-release-6-7.noarch.rpm
[iyunv@master ~]# yum update
之上C/S都安装
二、Master端安装配置
1. 安装 puppet-server
[iyunv@master ~]# yum -y install puppet-server
2. 添加自动签发证书
编辑 /etc/puppet/puppet.conf 文件, 在[main]段内加入 autosign = true,server = master.com
[iyunv@master ~]# vim /etc/puppet/puppet.conf
[main]
# The Puppet log directory.
# The default value is '$vardir/log'.
logdir = /var/log/puppet
# Where Puppet PID files are kept.
# The default value is '$vardir/run'.
rundir = /var/run/puppet
# Where SSL certificates are kept.
# The default value is '$confdir/ssl'.
ssldir = $vardir/ssl
autosign = true
server = master.com
3. 启动Puppetmaster
[iyunv@master ~]# service puppetmaster start
[iyunv@master ~]# netstat -tunlp | grep :8140
tcp 0 0 0.0.0.0:8140 0.0.0.0:* LISTEN 9148/ruby
4. 开机启动
[iyunv@master ~]# chkconfig --list |grep puppet
[iyunv@master ~]# chkconfig puppetmaster on
[iyunv@master ~]# chkconfig --list |grep puppet
三、客户端安装配置
1. puppet 安装
[iyunv@client1 ~]# yum -y install puppet
2. 为客户端指定puppet服务器,并开启Master的推送功能
编辑 /etc/puppet/puppet.conf 文件,在[agent]段内加入 listen = true,server = master.com
[iyunv@client1 ~]# vim /etc/puppet/puppet.conf
[agent]
# The file in which puppetd stores a list of the classes
# associated with the retrieved configuratiion. Can be loaded in
# the separate ``puppet`` executable using the ``--loadclasses``
# option.
# The default value is '$confdir/classes.txt'.
classfile = $vardir/classes.txt
# Where puppetd caches the local configuration. An
# extension indicating the cache format is added automatically.
# The default value is '$confdir/localconfig'.
localconfig = $vardir/localconfig
listen = true
server = master.com
编辑 /etc/puppet/auth.conf 文件, 在 auth / 最下面加入以下语句
[iyunv@client1 ~]# vim /etc/puppet/auth.conf
path /run
method save
allow master.com
3. 启动client
[iyunv@client1 ~]# service puppet start
[iyunv@client1 ~]# netstat -tunlp | grep :8139
4. 开机启动
[iyunv@client1 ~]# chkconfig puppet on
[iyunv@client1 ~]# chkconfig --list |grep puppet
测试
[iyunv@client1 ~]#puppet agent --test
[iyunv@master ~]#puppet cert list --all
在服务端安装puppet的dashboard
安装mysql
[iyunv@master ~]# yum install ruby-mysql mysql-server puppet-dashboard
优化mysql设置
[iyunv@master ~]# cp /usr/share/mysql/my-large.cnf /etc/my.cnf
[iyunv@master ~]# vim /etc/my.cnf
[mysqld]
max_allowed_packet = 32M
启动Mysql服务
[iyunv@master ~]# service mysqld start
[iyunv@master ~]# chkconfig mysqld on
[iyunv@master ~]# chkconfig --list |grep mysqld
[iyunv@master ~]# mysqladmin -u root password '123456'
创建一个dashboard数据库
[iyunv@master ~]# mysql -uroot -p123456 <<EOF
> CREATE DATABASE dashboard CHARACTER SET utf8;
> CREATE USER 'dashboard'@'localhost' IDENTIFIED BY '123456';
> GRANT ALL PRIVILEGES ON dashboard.* TO 'dashboard'@'localhost';
> FLUSH PRIVILEGES;
> EOF
配置Dashboard
[iyunv@master ~]# vim /usr/share/puppet-dashboard/config/database.yml
production:
database: dashboard
username: dashboard
password: 123456
encoding: utf8
adapter: mysql
修改时区
[iyunv@master ~]# vim /usr/share/puppet-dashboard/config/environment.rb
config.time_zone='Beijing'
初始化数据库
[iyunv@master ~]# cd /usr/share/puppet-dashboard/
[iyunv@master puppet-dashboard]# rake RAILS_ENV=production db:migrate
[iyunv@master ~]# service httpd stop
[iyunv@master ~]# service puppetmaster start
[iyunv@master ~]# service puppet-dashboard start
访问http://master.com:3000
导入报告
cd /usr/share/puppet-dashboard
rake RAILS_ENV=production reports:import
执行报告
cd /usr/share/puppet-dashboard
rake jobs:work RAILS_ENV="production"
例子:
[iyunv@master ~]# mkdir -p /etc/puppet/modules/motd{files,manifests,templates}
[iyunv@master ~]# cd /etc/puppet/modules/motd/files
[iyunv@master ~]# mkdir etc
[iyunv@master ~]# vim motd
---puppet test ----
[iyunv@master ~]# vim /etc/puppet/modules/motd/manifests/init.pp
class motd{ #定义一个类叫motd
package{ 'setup': #定义package资源
ensure => present, #要求setup这个包处于被安装状态
}
file{ '/etc/motd': #定义file资源
ensure => present, #要求file文件处于存在状态
owner => 'root', #要求file文件属主为root
group => 'root', #要求file文件属组为root
mode => '0644', #要求file文件权限为644
source => "puppet://$puppetserver/modules/motd/etc/motd", #要求file文件从puppetmaster端服务器下载
require => Package['setup'], #要求文件被配置之前先执行package资源
}
}
[iyunv@master ~]# vim /etc/puppet/manifests/site.pp
$puppetserver = 'master.com' #设置全局变量
node 'client1.com'{
include motd
}
[iyunv@client1 ~]#puppet agent --test
puppet 部署tomcat
[iyunv@master ~]#mkdir –vp /etc/puppet/modules/java7/{files,templates,manifests}
[iyunv@master ~]# cd /etc/puppet/modules/java7/files
[iyunv@master files]# wget http://download.oracle.com/otn-p ... 71-linux-x64.tar.gz
[iyunv@master modules]vim java7/manifests/init.pp
class java7 {
include java7::install,java7::env
}
[iyunv@master modules]vim java7/manifests/install.pp
class java7::install {
file {
"/usr/jdk-7u79-linux-x64.tar.gz": #指明文件下载到客户端的哪个路径
source=> "puppet:///modules/java7/jdk-7u79-linux-x64.tar.gz", #服务器上被下载的源文件
owner => root,
group => root,
mode => 755
}
exec { "install jdk":
cwd => "/usr",
command => "tar -zxvf jdk-7u79-linux-x64.tar.gz",
user => "root",
group => "root",
path =>["/usr/bin:/usr/sbin:/bin:/sbin"],
creates =>"/usr/jdk1.7.0_79",
require =>File["/usr/jdk-7u79-linux-x64.tar.gz"]
}
}
files/env
export JAVA_HOME=/usr/jdk1.7.0_79
exprot PATH=$JAVA_HOME/bin:$PATH
export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
[iyunv@master modules]Vim java7/manifests/env.pp
class java7::env {
file {
"/usr/java/env":
owner => "root",
group => "root",
source =>"puppet:///modules/java7/env"
}
exec {
"set env": #set JAVA_HOME
command =>"cat /usr/java/env>>/etc/profile && source /etc/profile",
user => "root",
group => "root",
path =>["/usr/local/sbin","/usr/local/bin","/sbin","/bin","/usr/sbin","/usr/bin"],
unless => "grep -i java_home /etc/profile",#if the return value is 1,do this command.
require =>File["/usr/java/env"]
}
}
vi /etc/puppet/manifests/nodes.pp
node 'client1.com' {
include java7
}
site.pp导入 节点配置文件node.pp
vi /etc/puppet/manifests/site.pp
import "nodes.pp"
配置完成后,客户端执行puppet agent --test ,查看结果
vim /etc/puppet/modules/tomcat7/manifests/init.pp
class tomcat7 {
include tomcat7::install
}
class tomcat7::install {
file {
"/usr/apache-tomcat-7.0.63.tar.gz":
source =>"puppet:///modules/tomcat7/apache-tomcat-7.0.63.tar.gz",
owner => "root",
group => "root",
mode => 755
}
exec {"install tomcat":
cwd => "/usr",
command => "tar zxvfapache-tomcat-7.0.63.tar.gz && mv apache-tomcat-7.0.63 tomcat7",
user => "root",
group => "root",
path =>["/usr/bin:/usr/sbin:/bin:/sbin"],
creates => "/usr/tomcat7",
require => File["/usr/apache-tomcat-7.0.63.tar.gz"]
}
}
vi /etc/puppet/manifests/nodes.pp
node 'client1.com' {
include java7,tocamt7
}
配置完成后,客户端执行puppet agent --test ,查看结果
|
|
QQ群⑧:
窥视卡
雷达卡
发表于 2016-10-12 14:22:22
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡