Puppet
2018-05-18 本文已影响14人
Miracle001
DevOps介绍
image.png
image.png
系统运维
主机运维 OS Provision cobbler/pxe
网络运维
应用运维HAProxy/varnish/tomcat/nginx
数据库运维DBA
Application Server:Deployment
puppet work
image.png
puppet的master/agent
image.png
puppet 3层代理
image.png
rubby环境
agent进程自身的认证连接master
agent--https协议连接(ssl)--master--自建ca--puppet的openssl
栈点清单--类似ansible的hosts
资源清单--类似ansible的模块
依赖主机名(百台以上节点才会使用puppet)
内网dns服务器--主机名键明之意--服务名称/运营商/城市/机房/机架号
mysql1-rack2-telecom-yz-bj-fgq.com
繁重--写模块/资源清单/playbook(ansible)--结合配置信息
puppet--多环境配置,可隔离,对同一服务在不同环境可使用不同配置
不关心主机系统/API类型(centos/windos/debian...)
如:安装Linux的nginx,只指明安装安装nginx,不用指明系统类型(可自动识别)
https://puppet.com/products/platform/core-components 组件介绍
node4
yum info puppet
yum list puppet*
yum -y install puppet
puppet help 具体参考文档
puppet help describe 资源类型
puppet describe --list 列出所有类型 类似ansible-doc
puppet describe package
puppet describe -m package 显示元参数
puppet describe -m -s package 显示简短格式信息
puppet describe -p package 显示详细信息
https://puppet.com/docs/puppet/5.5/cheatsheet_core_types.html 核心资源类型8种
puppet describe group
mkdir manifests
vim manifests/first.pp
group{'mygrp':
ensure => present,
gid => 3000, 省略--即默认gid(此处不写了)
provider => groupadd, 省略--不用关心平台架构(此处不写了)
}
puppet apply --help 单机应用
puppet apply -v -d --noop manifests/first.pp
-v 详细信息
-d 调试信息
--noop dry run
puppet apply -v --noop manifests/first.pp
puppet apply -v manifests/first.pp
tail /etc/group
puppet describe user
puppet describe -s user
vim manifests/first.pp
group{'mygrp':
ensure => present,
}
user{'csn':
ensure => present,
groups => mygrp,
shell => '/bin/tcsh', 引号可省
comment => 'test user', 引号可省
managehome => true, 是否创建家目录,创建/删除用户时,一并创建/删除
systemc => true, 是否为系统用户,不写--有默认值(此处不写了)
}
puppet apply -v --noop manifests/first.pp
groupdel mygrp
puppet apply -v --noop manifests/first.pp
puppet apply -v manifests/first.pp
tail -n 2 /etc/{passwd,group}
vim manifests/first.pp
user{'csn':
ensure => present,
groups => mygrp,
shell => '/bin/tcsh',
comment => 'test user',
managehome => true,
# require => Group['mygrp'], 资源依赖关系设定:方法1--csn需要mygrp
}
group{'mygrp':
ensure => present,
# before => User['csn'], 资源依赖关系设定:方法2--mygrp在csn之前
}
Group['mygrp'] -> User['csn'] 资源依赖关系设定:方法3--mygrp在csn之前
资源依赖关系设定--此处都是csn依赖mygrp--#表示注释
puppet describe package
vim manifests/package.pp
package{'redis':
ensure => present,
}
puppet apply -v --noop manifests/package.pp
显示Warning,可不管
puppet apply -v manifests/package.pp
rpm -q redis
rz 上传rpm包:jdk-8u171-linux-x64.rpm
vim manifests/package.pp
package{'redis':
ensure => present,
}
package{'jdk':
ensure => present,
source => '/root/jdk-8u171-linux-x64.rpm', 指明包来源
provider => rpm, 指明rpm安装方式
}
此时title和包名可以不一样
如果rpm包有依赖关系,provider可以指明yum,下载依赖的包
puppet apply -v --noop manifests/package.pp
puppet apply -v manifests/package.pp
ls /usr/java
puppet describe service
vim manifests/service.pp
service{'redis':
ensure => true,
enable => true,
hasrestart => true,
}
puppet apply -v --noop manifests/service.pp
puppet apply -v manifests/service.pp
ss -ntl 6379端口
systemctl is-enabled redis; systemctl status redis
puppet describe file
cp /etc/redis.conf manifests/
vim manifests/redis.conf
bind 0.0.0.0
vim manifests/file.pp
file{'/etc/redis.conf':
source => '/root/manifests/redis.conf',
owner => redis,
group => root,
ensure => file,
}
puppet apply -v --noop manifests/file.pp
puppet apply -v manifests/file.pp
less /etc/redis.conf /root/manifests/redis.conf已经替换了原来的配置文件
此时redis没有重启,ss -ntl 显示127.0.0.1:6379
需要触发条件
cat manifests/file.pp >> manifests/service.pp
vim manifests/service.pp
service{'redis':
ensure => true,
enable => true,
hasrestart => true,
# subcribe => File['/etc/redis.conf'], 通知关系设定:法1:service接受file的触发
}
file{'/etc/redis.conf':
source => '/root/manifests/redis.conf',
owner => redis,
group => root,
ensure => file,
# notify => Service['redis'], 通知关系设定:法2:file改变触发service
}
File['/etc/redis.conf'] ~> Service['redis'] 通知关系设定:法3:file改变触发service
通知关系设定:此处,service依赖file
vim manifests/redis.conf
bind 192.168.1.10 配置更改才会触发条件
puppet apply -v --noop manifests/service.pp
puppet apply -v manifests/service.pp
ss -ntl 显示192.168.1.10:6379
vim manifests/file2.pp
file{'test.txt':
path => '/tmp/test.txt', 新文件名称
content => "Hello,World\n", 生成新文件的内容,使用双引号--生效换行符
ensure => file,
}
puppet apply -v --noop manifests/file2.pp
puppet apply -v manifests/file2.pp
vim manifests/file3.pp
file{'/tmp/pam.d':
source => '/etc/pam.d',
ensure => 'directory',
recurse => true,
}
puppet apply -v --noop manifests/file3.pp
puppet apply -v manifests/file3.pp
ls /tmp/pam.d/
vim manifests/file4.pp
file{'/tmp/test.link':
ensure => link,
path => '/tmp/test.link', 可以省略继承title--符号文件
target => '/tmp/test.txt', 原文件
}
puppet apply -v --noop manifests/file4.pp
puppet apply -v manifests/file4.pp
ll /tmp/test.link
puppet describe exec
vim manifests/exec.pp
exec{'mktemp':
command => 'mktemp -d /tmp/dir.XXXX', 执行n次,创建n个不同的文件夹
path => '/bin:/sbin:/usr/bin:/usr/sbin', 搜索命令行
}
命令幂等(执行n次结果相同),无需指明条件
puppet apply -v manifests/exec.pp 显示 returns: executed successfully
ls /tmp/dir.I7Wu/
puppet apply -v manifests/exec.pp 显示 returns: executed successfully
ls /tmp/dir.I7Wu/; ls /tmp/dir.IIBc/
vim manifests/exec.pp
exec{'mktemp':
command => 'mktemp -d /tmp/dir.XXXX',
path => '/bin:/sbin:/usr/bin:/usr/sbin',
}
exec{'mkdir':
command => 'mkdir /tmp/mydir',
path => '/bin:/sbin:/usr/bin:/usr/sbin',
# create => '/tmp/mydir', 条件判定:文件不存在,才执行command的命令
unless => 'test -d /tmp/mydir', 条件判定:返回值非0(文件不存在),才执行command的命令
}
puppet apply -v manifests/exec.pp
puppet apply -v manifests/exec.pp 条件不满足,第二个命令没有执行
判断用户不存咋,就创建--unless
puppet describe cron
vim manifests/cron.pp
cron{'timesync':
command => '/usr/sbin/ntpdate ntp1.aliyun.com',
ensure => present,
minute => '*/3',
user => 'root',
}
puppet apply -v manifests/cron.pp 显示created
crontab -l
vim manifests/cron.pp
cron{'timesync':
command => '/usr/sbin/ntpdate ntp1.aliyun.com',
ensure => absent, 删除此任务
minute => '*/3',
user => 'root',
}
puppet apply -v manifests/cron.pp 显示removed
crontab -l
puppet describe notify
vim manifests/notify.pp
notify {'msg':
message => 'Hello,Puppet',
}
puppet apply -v manifests/notify.pp
变量
vim manifests/redis.pp
方法1:数组类型
package{'redis':
ensure => latest,
}
file{'redis.conf':
path => '/etc/redis.conf',
ensure => file,
owner => redis,
group => root,
require => Package['redis'], 依赖关系
}
service{'redis':
ensure => true,
enable => true,
require => [ Package['redis'], File['redis.conf'] ], 依赖关系--数组
}
方法2:
package{'redis':
ensure => latest,
} -> 依赖关系
file{'redis.conf':
path => '/etc/redis.conf',
ensure => file,
owner => redis,
group => root,
} ~> 通知关系
service{'redis':
ensure => true,
enable => true,
}
#Package['redis'] -> File['redis.conf'] ~> Service['redis'] 方法3文件最后直接定义
puppet apply -v --noop manifests/redis.pp
vim manifests/mysrv.pp
自定义变量
$pkg = 'varnish'
package{"$pkg":
ensure => latest,
} ->
service{"$pkg":
ensure => true,
enable => true,
}
puppet apply -v --noop manifests/mysrv.pp
puppet apply -v manifests/mysrv.pp
ss -ntl 6081监听端口/6082管理接口
rpm -q facter
facter -p 环境信息
vim manifests/facter.pp
notify{'facter':
message => "$osfamily",
}
puppet apply -v manifests/facter.pp 显示Notice: RedHat
scope
image.png
任何给定的scope都可以访问它自己的内容,以及接收来自于其父scope/节点scope/topscope的内容
如图:top scope仅能访问自己变量和属性默认值;
节点scope能访问自己的及top scope的变量和属性默认值
example::parent,example::other和example::four能访问自己及节点scope和top scope的变量和默认值
如果要访问非当前scope中的变量,则需要通过完全限制名称进行,
如$vhostdir = $apache::params::vhostdir
需要注意的是,top scope的名称为空,因此,如若要引用其变量,
则需要使用类似"$::osfamily"的方式进行
top scope master+agents集群
node scope 节点作用域 仅当前主机有效
class scope fqn
$vhostdir = $apache::var_name
$::var_name
变量
if条件
vim manifests/if.pp
if $osfamily == 'RedHat' {
package{'httpd':
ensure => latest,
}
} elsif $osfamily == 'Debian' {
package{'apache2':
ensure => latest,
}
} else {
notify{'warning':
message => 'et',
}
}
puppet apply -v --noop manifests/if.pp
vim manifests/if2.pp
正则表达式模式匹配
if $osfamily =~ /(?i-mx:redhat)/ {
package{'httpd':
ensure => latest,
}
} elsif $osfamily =~ /(?i-mx:debian)/ {
package{'apache2':
ensure => latest,
}
} else {
notify{'warning':
message => 'et',
}
}
puppet apply -v --noop manifests/if2.pp
case条件
vim manifests/case.pp
case $osfamily {
/(?i-mx:redhat)/: { $webpkg = 'httpd' }
'Debian': { $webpkg = 'apache2' }
default: { $webpkg = 'httpd' }
}
package{"$webpkg":
ensure => latest,
}
puppet apply -v --noop manifests/case.pp
selector语句
vim manifests/selector.pp
$webpkg = $osfamilly ? {
/(?i-mx:redhat)/ => 'httpd',
'Debian' => 'apache2',
default => 'httpd',
}
package{"$webpkg":
ensure => latest,
}
puppet apply -v --noop manifests/selector.pp
类
vim manifests/memcached.pp
class memcached {
package{'memcached':
ensure => latest,
}
service{'memcached':
ensure => true,
}
}
include memcached 不能少,声明后,才可以调用
puppet apply -v --noop manifests/memcached.pp
vim manifests/install.pp
默认参数
class instpkg($pkgname='memcached') {
package{"$pkgname":
ensure => latest,
}
}
include instpkg
puppet apply -v --noop manifests/install.pp
vim manifests/install.pp
传递参数
class instpkg($pkgname='memcached') {
package{"$pkgname":
ensure => latest,
}
}
class{'instpkg':
pkgname => 'haproxy',
}
puppet apply -v --noop manifests/install.pp
子类
vim manifests/redis_rpl.pp
class redis {
package{'redis':
ensure => latest,
}
service{'redis':
ensure => true,
enable => true,
}
}
class redis::master inherits redis {
file{'/etc/redis.conf':
ensure => file,
source => '/root/manifests/redis-master.conf',
owner => redis,
group => root,
}
Service['redis'] { 使用上面的service并添加一个新的属性
subscribe => File['/etc/redis.conf'],
}
}
class redis::slave inherits redis {
file{'/etc/redis.conf':
ensure => file,
source => '/root/manifests/redis-slave.conf',
owner => redis,
group => root,
}
Service['redis'] {
subscribe => File['/etc/redis.conf'],
}
}
include redis::master 声明master子类
cp manifests/redis.conf manifests/redis-master.conf
vim manifests/redis-master.conf
bind 0.0.0.0
puppet apply -v --noop manifests/redis_rpl.pp
cp manifests/redis.conf manifests/redis-slave.conf
vim manifests/redis-slave.conf
搜索/slaveof
slaveof master-redis.fgq.com 6379
masterauth qianggedu
vim manifests/redis_rpl.pp
class redis {
package{'redis':
ensure => latest,
}
service{'redis':
ensure => true,
enable => true,
}
}
class redis::master inherits redis {
file{'/etc/redis.conf':
ensure => file,
source => '/root/manifests/redis-master.conf',
owner => redis,
group => root,
}
Service['redis'] {
subscribe => File['/etc/redis.conf'],
}
}
class redis::slave inherits redis {
file{'/etc/redis.conf':
ensure => file,
source => '/root/manifests/redis-slave.conf',
owner => redis,
group => root,
}
Service['redis'] {
subscribe => File['/etc/redis.conf'],
}
}
include redis::slave 声明slave子类
puppet apply -v --noop manifests/redis_rpl.pp
模板
facter -p |grep ipaddress*
cp manifests/redis.conf manifests/redis.conf.erb
vim manifests/redis.conf.erb
bind <%= ipaddress_ens34 %> 网卡对应的IP
vim manifests/template.pp
file{'/tmp/redis.conf':
ensure => file,
content => template('/root/manifests/redis.conf.erb'),
owner => redis,
group => root,
mode => '644',
}
puppet apply -v --noop manifests/template.pp
puppet apply -v manifests/template.pp
less /tmp/redis.conf 显示bind 192.168.1.10
ll /tmp/redis.conf 属主和属组
puppet help module
search Search the Puppet Forge for a module
puppet module search redis
puppet module install example42-redis
puppet module list
cd /etc/puppet/modules/;ls
tree redis 具体内容参考文档
puppet help config
puppet config print
puppet config print modulepath
显示模块路径:/etc/puppet/modules:/usr/share/puppet/modules
创建模块放在此目录下
mkdir -pv /etc/puppet/modules/jdk/{manifests,files,templates,spec,lib,tests}
vim /etc/puppet/modules/jdk/manifests/init.pp
class jdk {
}
类为空
puppet module list 显示有jdk
less /etc/puppet/modules/redis/metadata.json
cp /etc/puppet/modules/redis/metadata.json /etc/puppet/modules/jdk/
vim /etc/puppet/modules/jdk/metadata.json
仅更改以下内容,其他不变
"name": "jdk",
"version": "0.0.1",
"author": "Fgq",
"summary": "Puppet module for jdk",
"license": "Apache2",
"source": "https://github.com/jdk/puppet-jdk",
"project_page": "http://www.fgq.com",
puppet module list 显示jdk (v0.0.1)
vim /etc/puppet/modules/jdk/manifests/init.pp
class jdk($version = '1.8.0') {
package{'jdk':
name => "java-$version-openjdk",
ensure => latest,
}
}
vim /etc/puppet/modules/jdk/manifests/devel.pp
class jdk::devel inherits jdk {
package{'jdk-devel':
name => "java-$version-openjdk-devel",
ensure => latest,
}
}
不能在模块中声明,需要在要应用此模块的主机上声明
也可以直接声明类 -e选项--直接声明类
puppet apply --help
puppet apply -v --noop -e "include jdk"
puppet apply -v --noop -e "include jdk::devel"
也可以设置调用参数,如:安装1.7.0版本(此处不做)
rpm -q java-1.8.0-openjdk-devel 显示未安装
puppet apply -v -e "include jdk::devel"
rpm -q java-1.8.0-openjdk-devel 显示未安装
----------------------------------------------------------------------
构建nt
配置tomcat
node1 192.168.1.5
yum -y install tomcat
ls -l /etc/sysconfig/tomcat
ls -l /etc/tomcat/ 权限/属主/属组
vim /etc/sysconfig/tomcat
JAVA_OPTS="-Xms512m -Xmx512M" 自己设置内存大小,不用默认值
node4
mkdir -pv /etc/puppet/modules/{nginx,tomcat}/{manifests,files,templates,spec,lib,tests}
vim /etc/puppet/modules/tomcat/manifests/init.pp
分析:
此文件可以自动生成,获取当前主机的真实内存
facter -p:memorysize
真实内存除以2--当作java虚拟机的真实内存
memorysize变量的值除以2即可
也可以使用模板来生成所定义的配置文件
或者判断当前主机的内存为64g,可以直接分给它32g
vim /etc/puppet/modules/tomcat/manifests/init.pp
class tomcat {
package{'tomcat':
ensure => latest,
}
package{'tomcat-webapps': 为了访问时显示主页面才安装
ensure => latest,
}
file{'tomcat':
path => '/etc/sysconfig/tomcat',
source => 'puppet:///modules/tomcat/tomcat', puppet协议应用文件
owner => root,
group => root,
mode => '644',
require => Package['tomcat'],
}
file{'server.xml':
path => '/etc/tomcat/server.xml',
source => 'puppet:///modules/tomcat/server.xml', 可以使用模板文件创建,此处使用的是静态文件
owner => root,
group => tomcat,
mode => '644',
require => Package['tomcat'],
}
service{'tomcat':
ensure => true,
enable => true,
subscribe => [ File['tomcat'], File['server.xml'] ],
}
}
vim /etc/puppet/modules/tomcat/manifests/manager.pp
定义子类,使用用户名和口令登陆管理界面
class tomcat::manager inherits tomcat {
package{'tomcat-admin-webapps':
ensure => latest,
}
file{'tomcat-users.xml':
path => '/etc/tomcat/tomcat-users.xml',
source => 'puppet:///modules/tomcat/tomcat-users.xml', 可以使用模板文件定义,此处使用的是静态文件
owner => root,
group => tomcat,
mode => '640',
require => Package['tomcat'],
}
Service['tomcat'] {
subscribe +> File['tomcat-users.xml'], 如果此配置文件改变,主类中的service需要重新加载
}
}
scp 192.168.1.5:/etc/sysconfig/tomcat /etc/puppet/modules/tomcat/files/
scp 192.168.1.5:/etc/tomcat/{server.xml,tomcat-users.xml} /etc/puppet/modules/tomcat/files/
vim /etc/puppet/modules/tomcat/files/tomcat-users.xml
<role rolename="manager-gui"/>
<user username="tomcat" password="tomcat" roles="manager-gui"/>
vim /etc/puppet/modules/tomcat/files/server.xml(不改了)
如果有必要,可以增加一个虚拟主机,虚拟主机名与当前主机名,保持一致,最后用模板文件生成,此处不定义那么复杂了
puppet apply -v --noop -e "include tomcat::manager"
puppet apply -v -e "include tomcat::manager"
ss -ntl 8080/8009/8005端口出现
浏览器:192.168.1.10:8080 输入账号和密码,直接登陆
配置nginx
vim /etc/puppet/modules/nginx/manifests/init.pp
class nginx {
package{'nginx':
ensure => latest,
} ->
service{'nginx':
ensure => running,
enable => true,
}
}
vim /etc/puppet/modules/nginx/manifests/web.pp
class nginx::web($port=8088) inherits nginx {
file{'web.conf':
path => '/etc/nginx/conf.d/web.conf',
content => template('nginx/web.conf.erb'), 使用模板文件(注意格式:模块名/模板文件名),传递参数--默认port8088
}
file{'/ngxdata/html':
ensure => directory,
}
file{'index.html':
ensure => file,
path => '/ngxdata/html/index.html',
source => 'puppet:///modules/nginx/index.html',
require => File['/ngxdata/html'],
}
Service['nginx'] {
subscribe => File['web.conf'], 应该定义主配置文件,并在此处定义,此处不做了
}
}
vim /etc/puppet/modules/nginx/manifests/proxy.pp
class nginx::proxy($proxy_port=8088) inherits nginx {
file{'proxy.conf':
path => '/etc/nginx/conf.d/proxy.conf',
content => template('nginx/proxy.conf.erb'), 使用模板文件
}
Service['nginx'] {
subscribe => File['proxy.conf'],
}
}
vim /etc/puppet/modules/nginx/templates/web.conf.erb 定义模板文件
server {
listen <%= @port %>;
server_name <%= @fqdn %>;
location / {
root /ngxdata/html;
}
}
vim /etc/puppet/modules/nginx/templates/proxy.conf.erb
server {
listen <%= @proxy_port %>;
server_name <%= @fqdn %>;
location / {
proxy_pass http://127.0.0.1:8080/;
}
}
vim /etc/puppet/modules/nginx/files/index.html 定义测试页面
<h1>Nginx Running</h1>
puppet apply -v --noop -e 'include nginx::proxy'
puppet apply -v -e 'include nginx::proxy'
此处只测试proxy,web就不测试了(需要自己定义/ngxdata/html)
ss -ntl 8088端口
less /etc/nginx/conf.d/proxy.conf
浏览器:192.168.1.10:8088 输入账号和密码,直接登陆 ok
master/agent
image.png
master/agent 如上图
puppet config print modulepath 模块仓库路径
puppet help config
set 设置配置
声明类,调用类(区别ansible:调用模块roles)
node1:192.168.1.8 agent
node2:192.168.1.5 agent
node3:192.168.1.6 agent
node4:192.168.1.9 master 之前做的实验为基础
时间同步(配置时间服务器/做成模块)
主机名解析
vim /etc/host(最好使用私网dns服务器)
192.168.1.8 node1.fgq.com
192.168.1.5 node2.fgq.com
192.168.1.6 node3.fgq.com
192.168.1.9 node4.fgq.com
node1/2/3:agent
yum -y install puppet
node4:master
yum list puppet*
yum -y install puppet-server
rpm -ql puppet-server
/etc/puppet/fileserver.conf 将mastera的静态/模板文件传递给agent
/etc/puppet/manifests 主机清单
/usr/lib/systemd/system/puppetmaster.service 服务脚本
puppet module list
puppet config print 配置参数
puppet master --genconfig|less 生成master配置文件(知道即可)
puppet agent --genconfig|less 生成agent配置文件(知道即可)
默认读取配置文件/etc/puppet/puppet.conf
[main]--通用 [agent]--agent [master]--可自定义
puppet help master
puppet master --no-daemonize -d -v; ss -ntlp 显示过程,8140端口
或 systemctl start puppetmaster.service; ss -ntlp 8140端口
node1/2/3
puppet help agent
puppet agent --server node4.fgq.com --no-daemonize -d -v --noop
太low了,可以直接设定,后面有
指明master是谁
等待ca给自己签证,master没有签发,会等到超时为止
node4.fgq.com主机名最好改成master(此处不做了)
node4
puppet help ca; puppet ca list
puppet help cert; puppet cert list
puppet cert list -a 列出所有证书,包括已签和未签
puppet cert sign node3.fgq.com 签发某个证书
puppet cert sign -a 待签的证书--都签上
systemctl start puppetmaster.service; ss -ntlp 8140端口
node1/2/3
显示已经收到master签发的证书了
puppet agent --server node4.fgq.com --no-daemonize -v 真正执行,但没必要手动启动
puppet config print |grep server 显示:server = puppet
puppet config set server node4.fqg.com 设定master是谁
puppet config print |grep server
其他server也会发生改变
server = node4.fqg.com
ca_server = node4.fqg.com
report_server = node4.fqg.com
inventory_server = node4.fqg.com
archive_file_server = node4.fqg.com
cat /etc/puppet/puppet.conf 配置文件也会自动添加server信息
暂时先不启动,等master上的"类"定义完再启动agent
systemctl start puppetagent.service; ps aux |grep puppet
node3安装安装jdk和tomcat
node4
vim /etc/puppet/manifests/site.pp
node 'node3.fgq.com' {
include jdk
include tomcat::manager
}
chmod o+r /etc/puppet/modules/tomcat/files/tomcat-users.xml
给puppet用户读取权限
systemctl restart puppetmaster.service; ss -ntlp 8140端口
node3
puppet agent --server node4.fgq.com --no-daemonize -v 显示过程,会更加清晰点
或者 systemctl start puppetagent.service; ps aux |grep puppet
ss -ntl 8080端口
浏览器:192.168.1.6:8080 输入账号和密码登陆manager
node2安装nginx代理
node4
vim /etc/puppet/modules/nginx/templates/proxy.conf.erb
server {
listen <%= @proxy_port %>;
server_name <%= @fqdn %>;
location / {
proxy_pass http://node2.fgq.com:8080/; 最好把主机名写成变量
}
}
vim /etc/puppet/manifests/site.pp
node 'node3.fgq.com' {
include jdk
include tomcat::manager
}
node 'node2.fgq.com' {
include nginx::proxy
}
node2
systemctl start puppetagent.service
systemctl status puppetagent.service
ps aux |grep nginx
ss -ntl 80端口 8088--代理端口
浏览器:192.168.1.5:8088
node2安装redis
node4
先移除之前安装的example
puppet module uninstall example42-redis
有依赖关系--依次卸载:example42-firewall example42-iptables example42-monitor example42-puppi
puppet module list
mkdir -pv /etc/puppet/modules/redis/{manifests,files,templates,spec,tests,lib}
vim /etc/puppet/modules/redis/manifests/init.pp
class redis {
package{'redis':
ensure => latest,
} ->
service{'redis':
ensure => true,
enable => true,
}
}
vim /etc/puppet/manifests/site.pp
node 'node3.fgq.com' {
include jdk
include tomcat::manager
}
node 'node2.fgq.com' {
include nginx::proxy
include redis
}
node2
systemctl restart puppetagent.service 重启激活,可让master修改的配置快速传递给agent(否则,可能等30分钟)
ps aux |grep redis
ss -ntl 127.0.0.1:6379
node1安装jdk和tomcat(与node3相同配置)
node4
vim /etc/puppet/manifests/site.pp
多个主机相同配置--主机名统配--详细参考文档
node /node[13]\.fgq\.com/ {
include jdk
include tomcat::manager
}
node 'node2.fgq.com' {
include nginx::proxy
include redis
}
node1
puppet agent -v --noop --no-daemonize 不真正安装,看结果配置是否生效
node1继承node3,并声明额外的类
node4
vim /etc/puppet/manifests/site.pp
node 'node3.fgq.com' {
include jdk
include tomcat::manager
}
node 'node2.fgq.com' {
include nginx::proxy
}
node 'node1.fgq.com' inherits 'node3.fgq.com' {
include redis
}
node1
puppet agent -v --noop --no-daemonize
显示:Could not run: Could not create PID file: /var/run/puppet/agent.pid
rm -rf /var/run/puppet/agent.pid
puppet agent -v --noop --no-daemonize 继承生效
定义基础节点(所有节点都可以从此处继承)
所有节点-->时间服务器
所有节点-->dns服务器--指向内网dns
node4
vim /etc/puppet/manifests/site.pp (不操作,知道就行)
基节点主机名是base
node 'base' {
include chrony
include dns
}
node 'node3.fgq.com' {
include jdk
include tomcat::manager
}
node 'node2.fgq.com' {
include nginx::proxy
}
node 'node1.fgq.com' inherits 'node3.fgq.com' {
include redis
}
不同服务的站点清单--分开写--清单配置信息可模块化组织
mkdir /etc/puppet/manifests/{tcsrvs.d,redis.d}(不操作)
vim /etc/puppet/manifests/redis.d/redis.pp 某节点的redis配置(node#_redis.pp?)
node ... 谁要安装redis
vim /etc/puppet/manifests/site.pp(不操作)
node 'node3.fgq.com' {
include jdk
include tomcat::manager
}
node 'node2.fgq.com' {
include nginx::proxy
}
node 'node1.fgq.com' inherits 'node3.fgq.com' {
include redis
}
import 'redis.d/*.pp' 导入不同服务的站点清单--结果清晰
多环境
image.png
环境详解
image.png
puppet master 负载均衡
image.png
多环境 如上图
线上环境--自建本地机房/云主机
环境共用的模块--放在共用仓库中
每模块的路径可能多个
node4
puppet config print |grep envir
puppet master -V 程序版本不同配置不同
puppet config print confdir
/etc/puppet
$confdir是puppet的配置变量,区别bash中的变量,引用需要加单引号
mkdir /etc/puppet/environments
puppet config set environmentpath '$confdir/environments' --section=master
puppet config print --section master|grep envir
cat /etc/puppet/puppet.conf 自动添加environmentpath信息到配置文件中
puppet config set environmentpath '$confdir/environments' 全局定义
puppet config print |grep envir
systemctl restart puppetmaster.service 多环境生效了
node1
puppet agent -v --no-daemonize --noop
puppet config print --section agent|grep envir
node4
mkdir -pv /etc/puppet/environments/{production,testing,development}/{manifests,modules}
cp -r /etc/puppet/modules/redis/ /etc/puppet/environments/production/modules/
vim /etc/puppet/environments/production/manifests/site.pp
node 'node1.fgq.com' {
include redis
}
node1
puppet agent -v --no-daemonize --noop
node4
cp -r /etc/puppet/modules/jdk/ /etc/puppet/environments/testing/modules/
vim /etc/puppet/environments/testing/manifests/site.pp
node 'node1.fgq.com' {
include jdk
}
node1
puppet agent -v --no-daemonize --noop --environment=testing
模块名一样,模块配置不同
主机名一样,最后应用的配置也可能不同
puppet config set environment testing --section=agent
puppet config print environment 显示 production--main段
puppet agent -v --no-daemonize --noop
此时应用的是agent段--jdk--覆盖了公共配置段--有自己的配置
给production环境的主机提供zabbix agent模块
安装zabbix,提供配置文件,启动服务
yum list all zabbix* 安装zabbix22-agent
node4
kick 通知/推送机制
cat /etc/puppet/environments/auth.conf 参考文档
puppet config print listen 显示false
node1
puppet config set listen true
puppet config print listen
cat /etc/puppet/puppet.conf 是否写入配置文件
vim /etc/puppet/auth.conf
在最后的默认配置之前添加
path /run
method save
auth any
allow node4.fgq.com
systemctl restart puppetagent.service;ss -ntl 8139端口
node4
cp -r /etc/puppet/modules/redis/ /etc/puppet/environments/testing/modules/
vim /etc/puppet/environments/testing/manifests/site.pp
node 'node1.fgq.com' {
include jdk
include redis
}
puppet help kick
node1: yum -y remove redis 卸载redis,测试node4是否可以推送过来
node4: puppet kick node1.fgq.com
node1: ss -ntl 6379端口--推从过来了
架构测试1
image.png
架构测试2
image.png
