1. 環境準備
OS:CentOS 6.4
關閉selinux和iptables
部署Puppet:1.0 Puppet 3.7部署
安裝Puppet源:http://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm
完成PuppetMaster/Agent的部署,證書籤署...
PuppetDB是一個數據倉庫,可以通過RESTful HTTP的方式查詢nodes、facter、report、catalog、resources等信息..
2. 安裝PuppetDB
以下操作在Puppet Master執行
yum install puppetdb puppetdb-terminus -y /etc/init.d/puppetdb start #在Puppet Master的配置中增加. /etc/puppet/puppet.conf [master] storeconfigs = true storeconfigs_backend = puppetdb cat > /etc/puppet/puppetdb.conf <<EOF [main] server = master.dbsa.cn port = 8081 soft_write_failure = false EOF cat > /etc/puppet/routes.yaml <<EOF --- master: facts: terminus: puppetdb cache: yaml EOF
查看日誌..,PuppetDB 啓動是比較慢的,要耐心等待。。。
[root@master puppet]# tail -f /var/log/puppetdb/puppetdb.log 2014-12-03 23:46:50,620 INFO [c.p.p.command] [5145b424-a8a2-45c9-8859-19a6b8afbd9f] [replace facts] agent1.dbsa.cn 2014-12-03 23:46:50,857 INFO [c.p.p.command] [b95dbbce-0d08-45f1-9db6-ed1e19aac8e7] [replace catalog] agent1.dbsa.cn
生產數據庫建議將PuppetDB的內存使用加大到1G左右..
cat /etc/sysconfig/puppetdb |grep -E '(JAVA_ARGS|Xmx)' --color
3. 更換數據庫爲PostgreSQL。
默認的KahaDB之適合100個左右的節點連接
yum install postgresql-server -y sed -i '/^classname/ s/org.hsqldb.jdbcDriver/org.postgresql.Driver/' /etc/puppetdb/conf.d/database.ini sed -i '/^subprotocol/ s/hsqldb/postgresql/' /etc/puppetdb/conf.d/database.ini sed -i '/^subname/ s@= .*@= //localhost:5432/puppetdb@' /etc/puppetdb/conf.d/database.ini sed -i 's/# username =.*/username = puppetdb/' /etc/puppetdb/conf.d/database.ini sed -i 's/# password =.*/password = #你的密碼#/' /etc/puppetdb/conf.d/database.ini service postgresql initdb /etc/init.d/postgresql start #創建用戶,輸入密碼<就是上面的密碼..>..然後創建一個庫 sudo -u postgres sh createuser -DRSP puppetdb createdb -E UTF8 -O puppetdb puppetdb exit #如果使用PostgreSQL 9.3 sudo -u postgres sh psql puppetdb -c 'create extension pg_trgm' exit #更改爲允許網絡連接使用MD5認證 sed -i '/^local/ s/ident/md5/' /var/lib/pgsql/data/pg_hba.conf sed -i '/^host/ s/ident/md5/' /var/lib/pgsql/data/pg_hba.conf psql -h localhost puppetdb puppetdb service puppetdb restart
4. 查詢PuppetDB
通過HTTPS方式查詢..
#通過facter接口:查詢所有的facts curl -X GET -k --key /var/lib/puppet/ssl/private_keys/$HOSTNAME.pem --cert /var/lib/puppet/ssl/certs/$HOSTE.pem 'https://master.dbsa.cn:8081/v4/facts' #通過facter接口:查詢指定主機的指定facters curl -X GET --key /var/lib/puppet/ssl/private_keys/$HOSTNAME.pem --cert /var/lib/puppet/ssl/certs/$HOSTNAMem -k 'https://master.dbsa.cn:8081/v4/facts/architecture' --data-urlencode 'query=["=", "certname", "agent1.dbsa.cn"]' #通過nodes接口:查詢所有主機 curl -X GET --key /var/lib/puppet/ssl/private_keys/$HOSTNAME.pem --cert /var/lib/puppet/ssl/certs/$HOSTNAMem -k 'https://master.dbsa.cn:8081/v4/nodes' #更多API信息請查看: https://docs.puppetlabs.com/puppetdb/2.2/api/