puppet的多环境配置
2018-11-29 本文已影响6人
任总
一、puppet的多环境
实际环境配置应用架构
- 实际应用中标准的架构应该由开发、测试、生产三个组成,对应到puppetmaster里面应该有3套配置和代码。而且每套配置和代码都应该对应到自己的环境中,而配置和代码的变更更应该通过版本控制工具进行管理,比如svn、git等。 接下来我们为puppetmaster创造3个环境,生产production,开发development,测试testing
- puppet的默认环境是production;
- 更改环境,修改配置文件puppet.conf中的
environmentpath = production | development | testing
二、puppet 3.4 之前的版本配置多环境的方法:
- puppet 3.4特点:各环境配置:都有自己的模块和站点清单目录
创建目录
/etc/puppet/environments/{production,development,testing}
master支持多环境:puppet.conf
[master]
# modulepath=
# manifest=
environments = production, development, testing
[production]
modulepath=/etc/puppet/environments/production/modules/
manifest=/etc/puppet/environments/production/manifests/site.pp
[development]
modulepath=/etc/puppet/environments/development/modules/
manifest=/etc/puppet/environments/development/manifests/site.pp
[testing]
modulepath=/etc/puppet/environments/testing/modules/
manifest=/etc/puppet/environments/testing/manifests/site.pp
三、puppet 3.6之后的版本配置多环境的方法:
*特点:master支持多环境:只要指明环境目录即可,每一个子目录就是一个环境
1、master端配置
(1)、 master配置文件puppet.conf
vim /etc/puppet/puppet.conf
[main]
environmentpath = $confdir/environments
(2)、 在多环境配置目录下为每个环境准备一个子目录
[root@master63 ~]# cd /etc/puppet/environments/
[root@master63 environments]# tree
.
├── development #开发环境目录
│ ├── manifests
│ └── modules
│ └── nginx
│ ├── files
│ ├── lib
│ ├── manifests
│ ├── spec
│ ├── templates
│ └── tests
├── production #生产环境目录
│ ├── manifests
│ └── modules
│ └── nginx
│ ├── files
│ ├── lib
│ ├── manifests
│ ├── spec
│ ├── templates
│ └── tests
└── testing #测试环境目录
├── manifests
└── modules
└── nginx
├── files
├── lib
├── manifests
├── spec
├── templates
└── tests
2、agent端配置:
(1)、 agent配置文件puppet.conf,指明是哪一个环境
vim /etc/puppet/puppet.conf
[agent]
environment = { production|development | testing }
3、额外配置文件:
文件系统fileserver.conf和认证(URL)auth.conf,这两个文件定义那些资源可以被访问。
4、GUI:图形界面工具有dashboard和foreman。
四、应用示例
- 实验目的:不同环境使用不同的Nginx配置文件,生产环境nginx为4个线程,开发环境nginx为1个线程。
1、master端配置
#停止服务
[root@master63 ~]# systemctl stop puppetmaster
#创建多环境目录,生产,测试,开发
[root@master63 ~]# cd /etc/puppet/environments
[root@master63 environments]# mkdir -pv {production,development,testing}/{manifests,modules}
(1)production生产环境
#编辑nginx父类
[root@master63 ~]# vim /etc/puppet/environments/production/modules/nginx/manifests/init.pp
class nginx{
package{'nginx':
ensure => latest,
} ->
service{'nginx':
ensure => running,
enable => true,
}
}
#编辑nginx的web子类
[root@master63 ~]# vim /etc/puppet/environments/production/modules/nginx/manifests/web.pp
class nginx::web inherits nginx {
file{'nginx.conf':
path => '/etc/nginx/nginx.conf',
source => 'puppet:///modules/nginx/nginx.conf',
}
Package['nginx'] -> File['nginx.conf'] ~> Service['nginx']
}
#编辑生产环境nginx配置文件,启动线程为4个
#此配置文件可从其他nginx主机拷贝
[root@master63 ~]# vim /etc/puppet/environments/production/modules/nginx/files/nginx.conf
.......
user nginx;
worker_processes 4;
#编辑主机清单
[root@master63 ~]# vim /etc/puppet/environments/production/manifests/site.pp
node 'agent61.localdomain' {
include nginx::web
}
(2)development开发环境
#编辑nginx父类
[root@master63 ~]# vim /etc/puppet/environments/development/modules/nginx/manifests/init.pp
class nginx{
package{'nginx':
ensure => latest,
} ->
service{'nginx':
ensure => running,
enable => true,
}
}
#编辑nginx的web子类
[root@master63 ~]# vim /etc/puppet/environments/development/modules/nginx/manifests/web.pp
class nginx::web inherits nginx {
file{'nginx.conf':
path => '/etc/nginx/nginx.conf',
source => 'puppet:///modules/nginx/nginx.conf',
}
Package['nginx'] -> File['nginx.conf'] ~> Service['nginx']
}
#编辑开发环境nginx配置文件,启动线程为1
#此配置文件可从其他nginx主机拷贝
[root@master63 ~]# vim /etc/puppet/environments/development/modules/nginx/files/nginx.conf
.......
user nginx;
worker_processes 1;
#编辑主机清单
[root@master63 ~]# vim /etc/puppet/environments/development/manifests/site.pp
node 'agent61.localdomain' {
include nginx::web
}
(3)master节点主机修改配置文件,查询环境
#编辑puppet-master配置文件,使其适用多环境
[root@master63 ~]# vim /etc/puppet/puppet.conf
............
[main]
environmentpath = $confdir/environments
#查询当前环境为产品环境,默认环境是production产品环境
[root@master63 ~]# puppet config print | grep environment
environment = production
environmentpath = /etc/puppet/environments
environment_timeout = 0
manifest = /etc/puppet/environments/production/manifests
disable_per_environment_manifest = false
modulepath = /etc/puppet/environments/production/modules:/etc/puppet/modules:/usr/share/puppet/modules
#启动master服务
[root@master63 ~]# systemctl start puppetmaster
2、agent端production生产环境
[root@agent61 ~]# systemctl stop puppetagent
[root@agent61 ~]# vim /etc/puppet/puppet.conf
[agent]
.......
server = master63.localdomain
environment = production #设置为production环境
[root@agent61 ~]# systemctl start puppetagent
生产环境nginx按照配置文件产生4个进程
3、agent端development开发环境
[root@agent61 ~]# systemctl stop puppetagent
[root@agent61 ~]# vim /etc/puppet/puppet.conf
[agent]
.......
server = master63.localdomain
environment = development #设置为development环境
[root@agent61 ~]# systemctl start puppetagent
开发环境nginx按照配置文件产生1个进程
五、master端的推送方式
- master端:把配置资源推送到agent端,配置文件添加main部分添加 listen=true,启用监听端口8139
命令格式:puppet kick
puppet kick [--host <HOST>] [--all]
1、agent端启用接收推送,设置监听状态配置
#agent端
[root@agent61 ~]# systemctl stop puppetagent
[root@agent61 ~]# vim /etc/puppet/puppet.conf
[main]
.....
listen= true
[agent]
.......
environment = production
[root@agent61 ~]# vim /etc/puppet/auth.conf
# allow nodes to request a new certificate
path /certificate_request
auth any
method find, save
allow *
path /v2.0/environments
method find
allow *
#添加
path /run
method save
auth any
allow master63.localdomain #基于主机名允许那些主机访问
[root@agent61 ~]# systemctl start puppetagent
[root@agent61 ~]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:8139 *:*
#查询监听状态
[root@agent61 ~]# puppet config print listen
true
2、master端nginx配置改变后,推送到agent端
#master端修改nginx配置进程数量
[root@master63 ~]# vim /etc/puppet/environments/production/modules/nginx/files/nginx.conf
user nginx;
worker_processes 2;
#推送到agent端
[root@master63 ~]# puppet kick agent61.localdomain
Warning: Puppet kick is deprecated. See http://links.puppetlabs.com/puppet-kick-deprecation
Warning: Failed to load ruby LDAP library. LDAP functionality will not be available
Triggering agent61.localdomain
Getting status
status is success
agent61.localdomain finished with exit code 0
Finished
agent端收到推送后,按照配置文件进程由原来的4个变为2个
