一步一步學會puppet(四)--master/agent模型

這篇博文主要介紹puppet在實際生產環境下的master/agent模型的使用；

===================================================================

1 原理介紹

   1.1 原理圖

   1.2 詳細說明

2 配置實例

   2.0 準備

   2.1 master配置

   2.2 agent配置

   2.3 master簽署證書

   2.4 agent一次完整的同步案例

===================================================================

1 原理介紹

1.1 原理圖

1.2 詳細說明

• puppet agent通常運行爲一個服務進程，其默認每隔半個小時向master發出一次連接請求；

• puppet agent並不直接訪問任何manifest，而是向master請求一個預編譯的catalog文件；

• puppet master會爲發出請求的agent讀取一個名爲“site manifest”的特殊manifest文件，並基於此編譯一個catalog後發送給agent；

• puppet agent在獲取到catalog後應用於本地；

• 因此，基於此種工作架構，僅在master端提供一個或少量幾個manifest即可實現管理大量的節點，並能提供更加安全的工作過程；

2 配置實例

2.0 準備

puppet利用主機名識別不同的節點，故需保證master和agent的主機名都可解析，生產環境下使用DNS解析，測試環境使用hosts文件即可；

2.1 master配置

# 安裝puppet-server程序包
yum localinstall facter-1.7.3-1.el6.x86_64.rpm puppet-2.7.25-1.el6.noarch.rpm puppet-server-2.7.25-1.el6.noarch.rpm
# 生成master配置文件：
puppet master --genconfig >> /etc/puppet/puppet.conf
# 啓動puppetmaster服務
puppetmasterd -v -d --no-daemonize # 前臺測試啓動
service puppetmaster start # 正式啓動服務
# 服務驗證：ss -antupl |grep 8140

2.2 agent配置

# 安裝puppet程序包
yum localinstall facter-1.7.3-1.el6.x86_64.rpm puppet-2.7.25-1.el6.noarch.rpm
# 編輯配置文件
vi /ect/puppet/puppet.conf # 在[agent]段添加server=Puppetmaster_Hostname，如
    server = master.lamp.com
# 啓動puppet服務
puppet agent --server mem.lamp.com -v -d --noop --test # 測試啓動，不實際應用配置
service puppet start # 正式啓動agent服務
chkconfig puppet on # 配置開啓啓動

2.3 master簽署證書

# 手動簽發：
puppet cert list # 顯示待簽發節點的證書請求
puppet cert sign Node_Name # 簽署某一agent的請求
puppet cert sign --all # 一次性簽署全部請求
# 自動簽發：
cat > /ect/puppet/autosign.conf << EOF  *.lamp.com  EOF  # 會對所有來自lamp.com的主機請求都自動簽發
# 注：master端的任何修改，都要重新裝載puppetmaster服務，即執行如下命令即可
service puppetmaster reload

2.4 agent一次完整的同步案例

[root@nginx1 ~]# puppet agent -v -t
info: Caching catalog for nginx1.lamp.com
info: Applying configuration version '1400402077'
notice: /Stage[main]/Nginx::Package::Redhat/Package[nginx]/ensure: created
notice: /Stage[main]/Nginx::Config/File[/etc/nginx/nginx.conf]/content:
--- /etc/nginx/nginx.conf   2013-04-27 04:36:51.000000000 +0800
+++ /tmp/puppet-file20140518-5216-1feu0op-0 2014-05-18 16:34:51.566999838 +0800
@@ -1,42 +1,31 @@
-# For more information on configuration, see:
-#   * Official English Documentation: http://nginx.org/en/docs/
-#   * Official Russian Documentation: http://nginx.org/ru/docs/
-
-user              nginx;
-worker_processes  1;
+user nginx;
+worker_processes 1;
 error_log  /var/log/nginx/error.log;
-#error_log  /var/log/nginx/error.log  notice;
-#error_log  /var/log/nginx/error.log  info;
-
 pid        /var/run/nginx.pid;
-
 events {
-    worker_connections  1024;
+  worker_connections 1024;
+
 }
-
 http {
-    include       /etc/nginx/mime.types;
-    default_type  application/octet-stream;
+  include       /etc/nginx/mime.types;
+  default_type  application/octet-stream;
+
+  access_log  /var/log/nginx/access.log;
+
+  sendfile    on;
+
+
+
+  keepalive_timeout  65;
+  tcp_nodelay        on;
-    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
-                      '$status $body_bytes_sent "$http_referer" '
-                      '"$http_user_agent" "$http_x_forwarded_for"';
-
-    access_log  /var/log/nginx/access.log  main;
-
-    sendfile        on;
-    #tcp_nopush     on;
-
-    #keepalive_timeout  0;
-    keepalive_timeout  65;
-
-    #gzip  on;
-
-    # Load config files from the /etc/nginx/conf.d directory
-    # The default server is in conf.d/default.conf
-    include /etc/nginx/conf.d/*.conf;
+
+  gzip         on;
+  gzip_disable "MSIE [1-6]\.(?!.*SV1)";
+
+  include /etc/nginx/conf.d/*.conf;
 }
info: FileBucket got a duplicate file {md5}d9dfc198c249bb4ac341198a752b9458
info: /Stage[main]/Nginx::Config/File[/etc/nginx/nginx.conf]: Filebucketed /etc/nginx/nginx.conf to puppet with sum d9dfc198c249bb4ac341198a752b9458
notice: /Stage[main]/Nginx::Config/File[/etc/nginx/nginx.conf]/content: content changed '{md5}d9dfc198c249bb4ac341198a752b9458' to '{md5}df69537f815f9aacfe6dd6a439a7ba06'
notice: /Stage[main]/Nginx::Config/File[/etc/nginx/conf.d/proxy.conf]/ensure: defined content as '{md5}530e67c1708924887565ce91f2c5b9f8'
info: Class[Nginx::Config]: Scheduling refresh of Class[Nginx::Service]
info: Class[Nginx::Service]: Scheduling refresh of Service[nginx]
info: Class[Nginx::Service]: Scheduling refresh of Exec[rebuild-nginx-vhosts]
notice: /Stage[main]/Nginx::Service/Exec[rebuild-nginx-vhosts]: Triggered 'refresh' from 1 events
info: /Stage[main]/Nginx::Service/Exec[rebuild-nginx-vhosts]: Scheduling refresh of Service[nginx]
notice: /Stage[main]/Nginx::Service/Service[nginx]/ensure: ensure changed 'stopped' to 'running'
notice: /Stage[main]/Nginx::Service/Service[nginx]: Triggered 'refresh' from 2 events
notice: Finished catalog run in 5.06 seconds
# 特別注意notice的輸出內容，分別完成了nginx程序的安裝，配置文件的生成，服務的啓動等操作；