這篇博文主要介紹puppet在實際生產環境下的master/agent模型的使用;
===================================================================
1 原理介紹
1.1 原理圖
1.2 詳細說明
2 配置實例
2.0 準備
2.1 master配置
2.2 agent配置
2.3 master簽署證書
2.4 agent一次完整的同步案例
===================================================================
1 原理介紹
1.1 原理圖
1.2 詳細說明
puppet agent通常運行爲一個服務進程,其默認每隔半個小時向master發出一次連接請求;
puppet agent並不直接訪問任何manifest,而是向master請求一個預編譯的catalog文件;
puppet master會爲發出請求的agent讀取一個名爲“site manifest”的特殊manifest文件,並基於此編譯一個catalog後發送給agent;
puppet agent在獲取到catalog後應用於本地;
因此,基於此種工作架構,僅在master端提供一個或少量幾個manifest即可實現管理大量的節點,並能提供更加安全的工作過程;
2 配置實例
2.0 準備
puppet利用主機名識別不同的節點,故需保證master和agent的主機名都可解析,生產環境下使用DNS解析,測試環境使用hosts文件即可;
2.1 master配置
# 安裝puppet-server程序包 yum localinstall facter-1.7.3-1.el6.x86_64.rpm puppet-2.7.25-1.el6.noarch.rpm puppet-server-2.7.25-1.el6.noarch.rpm # 生成master配置文件: puppet master --genconfig >> /etc/puppet/puppet.conf # 啓動puppetmaster服務 puppetmasterd -v -d --no-daemonize # 前臺測試啓動 service puppetmaster start # 正式啓動服務 # 服務驗證:ss -antupl |grep 8140
2.2 agent配置
# 安裝puppet程序包 yum localinstall facter-1.7.3-1.el6.x86_64.rpm puppet-2.7.25-1.el6.noarch.rpm # 編輯配置文件 vi /ect/puppet/puppet.conf # 在[agent]段添加server=Puppetmaster_Hostname,如 server = master.lamp.com # 啓動puppet服務 puppet agent --server mem.lamp.com -v -d --noop --test # 測試啓動,不實際應用配置 service puppet start # 正式啓動agent服務 chkconfig puppet on # 配置開啓啓動
2.3 master簽署證書
# 手動簽發: puppet cert list # 顯示待簽發節點的證書請求 puppet cert sign Node_Name # 簽署某一agent的請求 puppet cert sign --all # 一次性簽署全部請求 # 自動簽發: cat > /ect/puppet/autosign.conf << EOF *.lamp.com EOF # 會對所有來自lamp.com的主機請求都自動簽發 # 注:master端的任何修改,都要重新裝載puppetmaster服務,即執行如下命令即可 service puppetmaster reload
2.4 agent一次完整的同步案例
[root@nginx1 ~]# puppet agent -v -t info: Caching catalog for nginx1.lamp.com info: Applying configuration version '1400402077' notice: /Stage[main]/Nginx::Package::Redhat/Package[nginx]/ensure: created notice: /Stage[main]/Nginx::Config/File[/etc/nginx/nginx.conf]/content: --- /etc/nginx/nginx.conf 2013-04-27 04:36:51.000000000 +0800 +++ /tmp/puppet-file20140518-5216-1feu0op-0 2014-05-18 16:34:51.566999838 +0800 @@ -1,42 +1,31 @@ -# For more information on configuration, see: -# * Official English Documentation: http://nginx.org/en/docs/ -# * Official Russian Documentation: http://nginx.org/ru/docs/ - -user nginx; -worker_processes 1; +user nginx; +worker_processes 1; error_log /var/log/nginx/error.log; -#error_log /var/log/nginx/error.log notice; -#error_log /var/log/nginx/error.log info; - pid /var/run/nginx.pid; - events { - worker_connections 1024; + worker_connections 1024; + } - http { - include /etc/nginx/mime.types; - default_type application/octet-stream; + include /etc/nginx/mime.types; + default_type application/octet-stream; + + access_log /var/log/nginx/access.log; + + sendfile on; + + + + keepalive_timeout 65; + tcp_nodelay on; - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - access_log /var/log/nginx/access.log main; - - sendfile on; - #tcp_nopush on; - - #keepalive_timeout 0; - keepalive_timeout 65; - - #gzip on; - - # Load config files from the /etc/nginx/conf.d directory - # The default server is in conf.d/default.conf - include /etc/nginx/conf.d/*.conf; + + gzip on; + gzip_disable "MSIE [1-6]\.(?!.*SV1)"; + + include /etc/nginx/conf.d/*.conf; } info: FileBucket got a duplicate file {md5}d9dfc198c249bb4ac341198a752b9458 info: /Stage[main]/Nginx::Config/File[/etc/nginx/nginx.conf]: Filebucketed /etc/nginx/nginx.conf to puppet with sum d9dfc198c249bb4ac341198a752b9458 notice: /Stage[main]/Nginx::Config/File[/etc/nginx/nginx.conf]/content: content changed '{md5}d9dfc198c249bb4ac341198a752b9458' to '{md5}df69537f815f9aacfe6dd6a439a7ba06' notice: /Stage[main]/Nginx::Config/File[/etc/nginx/conf.d/proxy.conf]/ensure: defined content as '{md5}530e67c1708924887565ce91f2c5b9f8' info: Class[Nginx::Config]: Scheduling refresh of Class[Nginx::Service] info: Class[Nginx::Service]: Scheduling refresh of Service[nginx] info: Class[Nginx::Service]: Scheduling refresh of Exec[rebuild-nginx-vhosts] notice: /Stage[main]/Nginx::Service/Exec[rebuild-nginx-vhosts]: Triggered 'refresh' from 1 events info: /Stage[main]/Nginx::Service/Exec[rebuild-nginx-vhosts]: Scheduling refresh of Service[nginx] notice: /Stage[main]/Nginx::Service/Service[nginx]/ensure: ensure changed 'stopped' to 'running' notice: /Stage[main]/Nginx::Service/Service[nginx]: Triggered 'refresh' from 2 events notice: Finished catalog run in 5.06 seconds # 特別注意notice的輸出內容,分別完成了nginx程序的安裝,配置文件的生成,服務的啓動等操作;