这篇博文主要介绍puppet在实际生产环境下的master/agent模型的使用;
===================================================================
1 原理介绍
1.1 原理图
1.2 详细说明
2 配置实例
2.0 准备
2.1 master配置
2.2 agent配置
2.3 master签署证书
2.4 agent一次完整的同步案例
===================================================================
1 原理介绍
1.1 原理图
1.2 详细说明
puppet agent通常运行为一个服务进程,其默认每隔半个小时向master发出一次连接请求;
puppet agent并不直接访问任何manifest,而是向master请求一个预编译的catalog文件;
puppet master会为发出请求的agent读取一个名为“site manifest”的特殊manifest文件,并基于此编译一个catalog后发送给agent;
puppet agent在获取到catalog后应用于本地;
因此,基于此种工作架构,仅在master端提供一个或少量几个manifest即可实现管理大量的节点,并能提供更加安全的工作过程;
2 配置实例
2.0 准备
puppet利用主机名识别不同的节点,故需保证master和agent的主机名都可解析,生产环境下使用DNS解析,测试环境使用hosts文件即可;
2.1 master配置
1
2
3
4
5
6
7
8
|
# 安装puppet-server程序包
yum localinstall facter-1.7.3-1.el6.x86_64.rpm puppet-2.7.25-1.el6.noarch.rpm puppet-server-2.7.25-1.el6.noarch.rpm
# 生成master配置文件:
puppet master --genconfig >>
/etc/puppet/puppet
.conf
# 启动puppetmaster服务
puppetmasterd -
v
-d --no-daemonize
# 前台测试启动
service puppetmaster start
# 正式启动服务
# 服务验证:ss -antupl |grep 8140
|
2.2 agent配置
1
2
3
4
5
6
7
8
9
|
# 安装puppet程序包
yum localinstall facter-1.7.3-1.el6.x86_64.rpm puppet-2.7.25-1.el6.noarch.rpm
# 编辑配置文件
vi
/ect/puppet/puppet
.conf
# 在[agent]段添加server=Puppetmaster_Hostname,如
server = master.lamp.com
# 启动puppet服务
puppet agent --server mem.lamp.com -
v
-d --noop --
test
# 测试启动,不实际应用配置
service puppet start
# 正式启动agent服务
chkconfig puppet on
# 配置开启启动
|
2.3 master签署证书
1
2
3
4
5
6
7
8
|
# 手动签发:
puppet cert list
# 显示待签发节点的证书请求
puppet cert sign Node_Name
# 签署某一agent的请求
puppet cert sign --all
# 一次性签署全部请求
# 自动签发:
cat
>
/ect/puppet/autosign
.conf << EOF *.lamp.com EOF
# 会对所有来自lamp.com的主机请求都自动签发
# 注:master端的任何修改,都要重新装载puppetmaster服务,即执行如下命令即可
service puppetmaster reload
|
2.4 agent一次完整的同步案例
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
|
[root@nginx1 ~]
# puppet agent -v -t
info: Caching catalog
for
nginx1.lamp.com
info: Applying configuration version
'1400402077'
notice:
/Stage
[main]
/Nginx
::Package::Redhat
/Package
[nginx]
/ensure
: created
notice:
/Stage
[main]
/Nginx
::Config
/File
[
/etc/nginx/nginx
.conf]
/content
:
---
/etc/nginx/nginx
.conf 2013-04-27 04:36:51.000000000 +0800
+++
/tmp/puppet-file20140518-5216-1feu0op-0
2014-05-18 16:34:51.566999838 +0800
@@ -1,42 +1,31 @@
-
# For more information on configuration, see:
-
# * Official English Documentation: http://nginx.org/en/docs/
-
# * Official Russian Documentation: http://nginx.org/ru/docs/
-
-user nginx;
-worker_processes 1;
+user nginx;
+worker_processes 1;
error_log
/var/log/nginx/error
.log;
-
#error_log /var/log/nginx/error.log notice;
-
#error_log /var/log/nginx/error.log info;
-
pid
/var/run/nginx
.pid;
-
events {
- worker_connections 1024;
+ worker_connections 1024;
+
}
-
http {
- include
/etc/nginx/mime
.types;
- default_type application
/octet-stream
;
+ include
/etc/nginx/mime
.types;
+ default_type application
/octet-stream
;
+
+ access_log
/var/log/nginx/access
.log;
+
+ sendfile on;
+
+
+
+ keepalive_timeout 65;
+ tcp_nodelay on;
- log_format main
'$remote_addr - $remote_user [$time_local] "$request" '
-
'$status $body_bytes_sent "$http_referer" '
-
'"$http_user_agent" "$http_x_forwarded_for"'
;
-
- access_log
/var/log/nginx/access
.log main;
-
- sendfile on;
-
#tcp_nopush on;
-
-
#keepalive_timeout 0;
- keepalive_timeout 65;
-
-
#gzip on;
-
-
# Load config files from the /etc/nginx/conf.d directory
-
# The default server is in conf.d/default.conf
- include
/etc/nginx/conf
.d/*.conf;
+
+
gzip
on;
+ gzip_disable
"MSIE [1-6]\.(?!.*SV1)"
;
+
+ include
/etc/nginx/conf
.d/*.conf;
}
info: FileBucket got a duplicate
file
{md5}d9dfc198c249bb4ac341198a752b9458
info:
/Stage
[main]
/Nginx
::Config
/File
[
/etc/nginx/nginx
.conf]: Filebucketed
/etc/nginx/nginx
.conf to puppet with
sum
d9dfc198c249bb4ac341198a752b9458
notice:
/Stage
[main]
/Nginx
::Config
/File
[
/etc/nginx/nginx
.conf]
/content
: content changed
'{md5}d9dfc198c249bb4ac341198a752b9458'
to
'{md5}df69537f815f9aacfe6dd6a439a7ba06'
notice:
/Stage
[main]
/Nginx
::Config
/File
[
/etc/nginx/conf
.d
/proxy
.conf]
/ensure
: defined content as
'{md5}530e67c1708924887565ce91f2c5b9f8'
info: Class[Nginx::Config]: Scheduling refresh of Class[Nginx::Service]
info: Class[Nginx::Service]: Scheduling refresh of Service[nginx]
info: Class[Nginx::Service]: Scheduling refresh of Exec[rebuild-nginx-vhosts]
notice:
/Stage
[main]
/Nginx
::Service
/Exec
[rebuild-nginx-vhosts]: Triggered
'refresh'
from 1 events
info:
/Stage
[main]
/Nginx
::Service
/Exec
[rebuild-nginx-vhosts]: Scheduling refresh of Service[nginx]
notice:
/Stage
[main]
/Nginx
::Service
/Service
[nginx]
/ensure
: ensure changed
'stopped'
to
'running'
notice:
/Stage
[main]
/Nginx
::Service
/Service
[nginx]: Triggered
'refresh'
from 2 events
notice: Finished catalog run
in
5.06 seconds
# 特别注意notice的输出内容,分别完成了nginx程序的安装,配置文件的生成,服务的启动等操作;
|
本文转自 xxrenzhe11 51CTO博客,原文链接:http://blog.51cto.com/xxrenzhe/1413189,如需转载请自行联系原作者