puppet一键部署lnmt
安装包下载路径http://down.51cto.com/data/2290539
yum install ./*.rpm
puppet模块文件路径
|
1
2
|
mkdir
-pv
/etc/puppet/modules/
{openjdk,nginx,tomcat,mariadb}/{manifests,files,templates,lib,tests,spec}
cd
/etc/puppet/modules
|
openjdk模块
|
1
2
3
4
5
6
7
8
9
10
11
|
vim openjdk
/manifests/init
.pp
class openjdk($version=
'1.8.0'
) {
package{
"java-$version-openjdk-devel"
:
ensure => installed,
}
file
{
'javahome'
:
ensure =>
file
,
path =>
'/etc/profile.d/javahome.sh'
,
source
=>
'puppet:///modules/openjdk/javahome.sh'
,
}
}
|
java运行路径文件
|
1
2
|
vim
/etc/puppet/modules/openjdk/files/javahome
.sh
export
JAVA_HOME=
/usr
|
puppet apply -v -e 'include openjdk'
这一步就提供完了openjdk
Tomcat服务模块
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
|
vim tomcat
/manifests/init
.pp
class tomcat{
package{
'tomcat'
:
ensure => installed,
} ->
service{
'tomcat'
:
ensure => running,
enable
=>
true
,
restart =>
'/usr/bin/systemctl restart tomcat'
,
}
}
class tomcat::tomcatweb inherits tomcat {
package{
'tomcat-webapps'
:
ensure => installed,
}
package{
'tomcat-admin-webapps'
:
ensure => installed,
}
Service[
'tomcat'
]{
subscribe => [ Package[
'tomcat-webapps'
],Package[
'tomcat-admin-webapps'
] ],
}
}
|
puppet apply -v -e 'include tomcat::tomcatweb'
这一步这个执行完之后可以打开浏览器访问http://ip:8080,查看页面
facter查看支持全部变量
文本文件中内嵌变量替换机制:
<%= @VARIABLE_NAME %>
获取安装包和配置文件
|
1
2
3
|
cd
/etc/puppet/modules/nginx/files
wget http:
//nginx
.org
/packages/centos/7/x86_64/RPMS/nginx-1
.10.2-1.el7.ngx.x86_64.rpm
yum
install
.
/nginx-1
.10.2-1.el7.ngx.x86_64.rpm
|
获取default.conf配置文件,并修改代理配置
|
1
2
|
cp
/etc/nginx/conf
.d
/default
.conf ./
sed
-i
's@.*/usr/share/nginx/html;@proxy_pass http://127.0.0.1:8080;@'
nginx
/files/default
.conf
|
获取nginx.conf.erb模板,并配置worker进程数量等于cpu的数量
|
1
2
3
|
cd
..
/templates/
cp
/etc/nginx/nginx
.conf ./
sed
-i
's@worker_processes.*@worker_processes <%= processorcount %>;@'
nginx.conf.erb
|
Nginx服务器模块
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
vim nginx
/manifests/init
.pp
class nginx{
file
{
'nginxpkg'
:
path =>
'/tmp/nginx-1.10.2-1.el7.ngx.x86_64.rpm'
,
ensure =>
file
,
} ->
exec
{
'nginx'
:
unless =>
'/usr/bin/rpm -q nginx'
,
user =>
'root'
,
} ->
file
{
'nginx.conf'
:
path =>
'/etc/nginx/nginx.conf'
,
ensure =>
file
,
content => template(
'nginx/nginx.conf.erb'
),
require => Exec[
'nginx'
],
}
service{
'nginx'
:
ensure => running,
enable
=>
true
,
restart =>
'/usr/sbin/nginx -s reload'
,
}
}
class nginx::proxy inherits nginx{
file
{
'default.conf'
:
path =>
'/etc/nginx/conf.d/default.conf'
,
ensure =>
file
,
source
=>
'puppet:///modules/nginx/default.conf'
,
require => Exec[
'nginx'
],
}
Service[
'nginx'
]{
subscribe => [ File[
'nginx.conf'
],File[
'default.conf'
] ],
}
}
|
puppet apply -v -e 'include nginx::proxy'
这一步就提供好了Nginx的反向代理,可以打开浏览器访问http://ip,查看页面
数据库节点模块
|
1
2
3
4
5
6
7
8
9
10
11
|
vim mariadb
/manifests/init
.pp
class mariadb{
package{
'mariadb-server'
:
ensure => installed,
} ->
service{
'mariadb'
:
ensure => running,
enable
=>
true
,
restart =>
'/usr/bin/yum restart mariadb.service'
,
}
}
|
puppet apply -v -e 'include mariadb'
部署大量节点配置
puppet是强依赖于域名解析的,我的hosts文件内容如下
|
1
2
3
4
5
6
7
8
9
|
vim
/etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.16.29.1 centos6.org c6
172.16.29.2 centos7.org c7
172.16.29.10 node1.org n1
172.16.29.20 node2.org n2
172.16.29.30 node3.org n3
172.16.29.40 node4.org n4
|
主节点
开启服务器
|
1
|
systemctl start puppetmaster.service
|
添加配置文件
|
1
2
3
4
5
6
7
8
9
|
vim
/etc/puppet/manifests/site
.pp
#这个配置可以匹配一个主机centos7.oeg
node
'centos7.org'
{
include nginx::proxy
}
#这个配置可以配置多个node主机
node
/node
[12]\.org/' {
include tomcat::tomcatweb
}
|
从节点启动从节点服务
|
1
|
puppet agent --server node3.org -
v
|
主节点查看证书
|
1
|
puppet cert list
|
主节点签署证书
|
1
2
3
|
puppet cert sign centos7.org
puppet cert sign node1.org
puppet cert sign node2.org
|
从节点重启从节点服务
|
1
|
puppet agent --server node3.org -
v
|
从节点永久自动连接master的方法,在agent配置段中添加一行
|
1
2
|
vim
/etc/puppet/puppet
.conf
master = node3.org
|
多环境配置
多环境的意思是,打个比方一个公司有三个环境,一个开发人员测试自己程序的环境,一个测试人员测试程序的环境,还有一个是提供业务的环境。每个环境的配置可能不一样,这里我们使用puppet提供三种不同的环境。
master节点node3提供多环境需要的文件及目录
|
1
2
3
4
5
6
|
cd
/etc/puppet
mkdir
-pv environment/{production,development,testing}/{manifests,moudules}
cp
-a modules/* environments
/production/moudules/
cp
-a modules/* environments
/development/moudules/
cp
-a modules/* environments
/testing/moudules/
#每个环境使用模块时,使用的是/etc/puppet/modules/目录下的模块,所以我们定义模块时要定义的灵活一些
|
master节点node3 在main配置段中添加如下内容,重启puppetmaster
|
1
2
3
|
vim
/etc/puppet/puppet
.conf
environmentpath = $confdir
/environments
systemctl restart puppetmaster.service
|
master节点提供安装哪些模块
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
vim environments
/production/manifests/site
.pp
node
'node2.org'
{
include nginx::proxy
}
vim environments
/development/manifests/site
.pp
node
'node2.org'
{
include openjdk
include tomcat::tomcatweb
}
vim environments
/development/manifests/site
.pp
node
'node1.org'
{
include openjdk
include tomcat::tomcatweb
}
vim environments
/testing/manifests/site
.pp
node
'centos7.org'
{
include mariadb
}
|
node2的agent配置段中添加如下内容,并启动
|
1
2
3
4
5
|
vim
/etc/puppet/puppet
.conf
#指向主节点
server = node3.org
listen =
true
systemctl start puppetagent.service
|
安装后的截图如下,只监听了80端口说明,使用了production配置环境,若使用development环境会监听80,8080
node1的agent配置段中添加如下内容,并启动
|
1
2
3
4
5
6
|
vim
/etc/puppet/puppet
.conf
#指向主节点
server = node3.org
listen =
true
environment = development
systemctl start puppetagent.service
|
centos7的agent配置段中添加如下内容,并启动
|
1
2
3
4
5
6
|
vim
/etc/puppet/puppet
.conf
#指向主节点
server = node3.org
listen =
true
environment = testing
systemctl start puppetagent.service
|
puppet的kick的使用
之前puppet工作时都是agent向master请求数据,并且是每30min请求一次,当我们遇到紧急情况,需要立即变更线上业务的时候,我们就需要使用kick,由master主动通知agent,获取配置信息。
从节点node2在path /之前添加一个认证配置段
|
1
2
3
4
5
|
vim
/etc/puppet/auth
.conf
path
/run
method save
auth any
allow node3.org
|
从节点node2 在agent配置段中添加监听
|
1
2
3
4
|
vim
/etc/puppet/
puppet.conf
[agent]
listen =
true
server = node3.org
|
主节点编辑
|
1
2
3
4
5
|
vim environments
/production/manifests/site
.pp
node
'node2.org'
{
include nginx::proxy
include mariadb
}
|
主节点推服务
|
1
|
puppet kick node2.org
|
node2又监听3306
总结
puppetmater首先提供多个主机需要的模块,各个模块,每个模块中有多个类,类中定义多个服务;然后同时还提供每个主机使用不同的模块提供不同的服务,并且可以把主机分类体提供配置。同时还可以使用master使用kick主动通知agent安装特定的模块。
本文转自Ailu0li 51CTO博客,原文链接:http://blog.51cto.com/oldking/1903395,如需转载请自行联系原作者
