|
前文我們了解了puppe中模塊的使用�,回顧請參考https://www.cnblogs.com/qiuhom-1874/p/14086315.html����;今天我來了解下puppet的master/agent模型以及站點(diǎn)清單的相關(guān)話題;
在說puppet的master/agent模型前���,我們要先來回顧下master/agent的工作過程
如上圖所示,puppet的master/agent模型的工作過程����;首先agent向master發(fā)送自己的主機(jī)名和facts信息��,然后對應(yīng)的master收到信息后�����,會根據(jù)對應(yīng)的主機(jī)名來查找和agent相關(guān)的配置,然后把對應(yīng)的配置(主要是類和模塊中的資源清單內(nèi)容)編譯好,master把編譯好的catalog發(fā)送給agent��;agent收到master發(fā)送到catalog后,首先要在本機(jī)查找相關(guān)資源的狀態(tài),如果對應(yīng)資源的狀態(tài)和編譯好的catalog中的狀態(tài)一樣,則不改變其狀態(tài)或者跳過�;如果對應(yīng)的資源狀態(tài)和catalog中的狀態(tài)不一樣��,此時(shí)agent就會應(yīng)用catalog��,把對應(yīng)資源強(qiáng)制更改為和catalog中的狀態(tài)一樣;最后agent把應(yīng)用報(bào)告發(fā)送給master;此時(shí)agent就變成了我們在資源清單中定義的系統(tǒng)狀態(tài)���;這里需要注意一點(diǎn)catalog是一個(gè)二進(jìn)制文件�����,不能直接查看,這個(gè)二進(jìn)制文件是通過master上定義的模塊����,或類等資源清單中的內(nèi)容編譯而成;
master和agent的通信
在puppet的master/agent模型中����,master和agent通信是以https協(xié)議通信;使用https通信就意味著要有證書驗(yàn)證���,有證書就會有ca;在puppet的master/agent模型中,它內(nèi)置了ca���,意思就是我們不需要再手動搭建ca��;對應(yīng)master的證書,私鑰文件以及ca的證書私鑰文件���,puppet master都會自動生成�;對于agent的私鑰和證書簽署文件也會由puppet agent自動生成;并且在第一次啟動agent時(shí)�,它默認(rèn)會把生成的證書簽發(fā)文件發(fā)送給master�,等待master簽發(fā)證書�����;在master上簽發(fā)證書���,這一步需要人工手動干預(yù)��;證書簽發(fā)好以后�,master和agent才可以正常通信��;默認(rèn)情況下agent是每30分鐘到master上拉取一次相關(guān)配置����,這也就意味著我們在master端上的資源清單內(nèi)容最多不超過30分鐘就能在對應(yīng)的agent上得到應(yīng)用�;
站點(diǎn)清單
在上述master/agent模型的工作過程中�����,agent向master發(fā)送主機(jī)名和facts,然后對應(yīng)master把對應(yīng)主機(jī)名的配置進(jìn)行編譯然后發(fā)送給對應(yīng)agent�;這里master根據(jù)什么來查找對應(yīng)主機(jī)名的對應(yīng)配置呢���?通常情況下如果我們在master端上不定義站點(diǎn)清單�,對應(yīng)的agent就無法獲取到對應(yīng)的配置����;也就說站點(diǎn)清單是用來定義哪些agent上���,應(yīng)該跑哪些資源或模塊;這個(gè)邏輯和我們在使用ansible一樣�����,定義好角色以后,還需要額外的playbook來定義那些主機(jī)上應(yīng)該應(yīng)用那些角色���;對于puppet也是一樣���,我們定義好模塊以后����,至于哪些主機(jī)應(yīng)用哪些模塊這個(gè)是需要我們定義站點(diǎn)清單���;
puppet的master/agent模型的搭建
部署master端
配置主機(jī)名解析
[root@master ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.16.151 master.test.org master
192.168.16.152 node01.test.org node01
192.168.16.153 node02.test.org node02
[root@master ~]#
提示:除了各服務(wù)器之間的主機(jī)名解析,我們還需要注意確保各服務(wù)器時(shí)間同步�,關(guān)閉selinux�,確保iptables是關(guān)閉狀態(tài);
安裝puppet-server包
[root@master ~]# yum install -y puppet-server
提示:在master端安裝puppet-server這個(gè)包默認(rèn)會把puppet當(dāng)作依賴包一并安裝����;
啟動服務(wù)
[root@master ~]# systemctl start puppetmaster.service
[root@master ~]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 *:8140 *:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 100 [::1]:25 [::]:*
[root@master ~]#
提示:puppet master默認(rèn)會監(jiān)聽在tcp的8140端口�,用于接收agent來master獲取配置;所以請確保master端的8140端口能夠正常處于監(jiān)聽狀態(tài)���;
部署agent端
安裝puppet
[root@node01 ~]# yum install -y puppet
編輯配置文件��,配置puppet server的地址
提示:編輯/etc/puppet/puppet.conf文件����,將server=puppetmaster主機(jī)的主機(jī)名配置上,如上��;如果使用主機(jī)名的形式,請確保對應(yīng)agent能夠正常解析��;
啟動服務(wù)
[root@node01 ~]# systemctl start puppet
[root@node01 ~]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 100 [::1]:25 [::]:*
[root@node01 ~]# ps aux |grep puppet
root 1653 0.0 0.0 115404 1436 ? Ss 15:27 0:00 /bin/sh /usr/bin/start-puppet-agent agent --no-daemonize
root 1654 26.7 2.2 317640 41888 ? Sl 15:27 0:02 /usr/bin/ruby /usr/bin/puppet agent --no-daemonize
root 1680 0.0 0.0 112808 968 pts/0 S+ 15:28 0:00 grep --color=auto puppet
[root@node01 ~]#
提示:puppet agent雖然也是一個(gè)守護(hù)進(jìn)程工作���,但它主要不是對外提供服務(wù)��,它之所以要工作為守護(hù)進(jìn)程,是因?yàn)樗芷谛缘牡絤aster端拉取和自己相關(guān)的配置��;所以它不會監(jiān)聽任何端口;
在master端查看未簽發(fā)證書列表
[root@master ~]# puppet cert list
"node01.test.org" (SHA256) AD:01:59:E7:6C:97:E7:5E:67:09:B9:52:94:0D:37:89:82:8B:EE:49:BB:4D:FC:E1:51:64:BE:EF:71:47:15:11
"node02.test.org" (SHA256) E1:EC:5B:0C:BF:B7:4C:B9:4F:10:A9:12:34:8B:7A:36:E3:A1:D4:EC:DD:DD:DC:F4:05:48:0B:85:B5:70:AC:28
[root@master ~]#
提示:puppet默認(rèn)會自己維護(hù)一個(gè)ca�,我們只需要用對應(yīng)的子命令進(jìn)行管理即可��;以上命令表示列出未簽發(fā)的證書列表(即收到的agent證書簽發(fā)文件列表)�����;從上面的信息可以看到現(xiàn)在node01和node02都沒有簽發(fā)證書���;
在master端簽發(fā)證書
[root@master ~]# puppet cert list
"node01.test.org" (SHA256) AD:01:59:E7:6C:97:E7:5E:67:09:B9:52:94:0D:37:89:82:8B:EE:49:BB:4D:FC:E1:51:64:BE:EF:71:47:15:11
"node02.test.org" (SHA256) E1:EC:5B:0C:BF:B7:4C:B9:4F:10:A9:12:34:8B:7A:36:E3:A1:D4:EC:DD:DD:DC:F4:05:48:0B:85:B5:70:AC:28
[root@master ~]# puppet cert sign node01.test.org
Notice: Signed certificate request for node01.test.org
Notice: Removing file Puppet::SSL::CertificateRequest node01.test.org at '/var/lib/puppet/ssl/ca/requests/node01.test.org.pem'
[root@master ~]# puppet cert list
"node02.test.org" (SHA256) E1:EC:5B:0C:BF:B7:4C:B9:4F:10:A9:12:34:8B:7A:36:E3:A1:D4:EC:DD:DD:DC:F4:05:48:0B:85:B5:70:AC:28
[root@master ~]# puppet cert sign --all
Notice: Signed certificate request for node02.test.org
Notice: Removing file Puppet::SSL::CertificateRequest node02.test.org at '/var/lib/puppet/ssl/ca/requests/node02.test.org.pem'
[root@master ~]# puppet cert list
[root@master ~]# puppet cert list --all
+ "master.test.org" (SHA256) 0C:CC:20:EE:F5:FC:73:21:0B:15:73:EF:A5:0B:3A:F8:01:DB:F7:07:7C:DB:78:87:80:87:FC:F2:BF:E7:2F:30 (alt names: "DNS:master.test.org", "DNS:puppet", "DNS:puppet.test.org")
+ "node01.test.org" (SHA256) 34:BE:E1:1E:26:15:56:56:C3:A0:0D:FB:7F:01:B1:80:35:EC:1D:07:26:C7:05:CA:6E:19:8C:75:9A:A4:67:4E
+ "node02.test.org" (SHA256) E7:B6:B0:FD:04:61:A8:87:D9:E5:DA:51:8B:1D:E0:AD:11:F0:A2:65:43:6D:C4:8D:54:C8:75:8B:DF:CC:51:93
[root@master ~]#
提示:簽發(fā)證書需要用cert sign+對應(yīng)要簽發(fā)的證書的主機(jī)名�����;如果不想一個(gè)一個(gè)指定來簽發(fā)���,也可以使用--all選項(xiàng)來簽發(fā)所有未簽發(fā)的證書��;到此puppet的master/agent模型就搭建好了����;后續(xù)我們只需要在master端上定義模塊和站點(diǎn)清單即可���;
示例:在master上創(chuàng)建redis模塊��,主要功能是安裝啟動redis���,并讓其配置為主從復(fù)制模式����;
在master端上創(chuàng)建模塊目錄結(jié)構(gòu)
[root@master ~]# mkdir -pv /etc/puppet/modules/redis/{manifests,files,templates,lib,spec,tests}
mkdir: created directory '/etc/puppet/modules/redis’
mkdir: created directory '/etc/puppet/modules/redis/manifests’
mkdir: created directory '/etc/puppet/modules/redis/files’
mkdir: created directory '/etc/puppet/modules/redis/templates’
mkdir: created directory '/etc/puppet/modules/redis/lib’
mkdir: created directory '/etc/puppet/modules/redis/spec’
mkdir: created directory '/etc/puppet/modules/redis/tests’
[root@master ~]# tree /etc/puppet/modules/redis/
/etc/puppet/modules/redis/
├── files
├── lib
├── manifests
├── spec
├── templates
└── tests
6 directories, 0 files
[root@master ~]#
在/etc/puppet/modules/redis/manifests/目錄下創(chuàng)建資源清單
[root@master ~]# cat /etc/puppet/modules/redis/manifests/init.pp
class redis{
package{"redis":
ensure => installed,
}
service{"redis":
ensure => running,
enable => true,
hasrestart => true,
restart => 'service redis restart',
}
}
[root@master ~]# cat /etc/puppet/modules/redis/manifests/master.pp
class redis::master($masterport='6379',$masterpass='admin') inherits redis {
file{"/etc/redis.conf":
ensure => file,
content => template('redis/redis-master.conf.erb'),
owner => 'redis',
group => 'root',
mode => '0644',
}
Service["redis"]{
subscribe => File["/etc/redis.conf"],
restart => 'systemctl restart redis'
}
}
[root@master ~]# cat /etc/puppet/modules/redis/manifests/slave.pp
class redis::slave($masterip,$masterport='6379',$masterpass='admin') inherits redis {
file{"/etc/redis.conf":
ensure => file,
content => template('redis/redis-slave.conf.erb'),
owner => 'redis',
group => 'root',
mode => '0644',
}
Service["redis"]{
subscribe => File["/etc/redis.conf"],
restart => 'systemctl restart redis'
}
}
[root@master ~]#
在templates目錄創(chuàng)建對應(yīng)的模版文件
redis-master.conf.erb文件內(nèi)容
 
[root@master ~]# cat /etc/puppet/modules/redis/templates/redis-master.conf.erb
bind 0.0.0.0
protected-mode yes
port <%= @masterport %>
tcp-backlog 511
timeout 0
tcp-keepalive 300
daemonize no
supervised no
pidfile /var/run/redis_6379.pid
loglevel notice
logfile /var/log/redis/redis.log
databases 16
requirepass <%= @masterpass %>
save 900 1
save 300 10
save 60 10000
stop-writes-on-bgsave-error yes
rdbcompression yes
rdbchecksum yes
dbfilename dump.rdb
dir /var/lib/redis
slave-serve-stale-data yes
slave-read-only yes
repl-diskless-sync no
repl-diskless-sync-delay 5
repl-disable-tcp-nodelay no
slave-priority 100
appendonly no
appendfilename "appendonly.aof"
appendfsync everysec
no-appendfsync-on-rewrite no
auto-aof-rewrite-percentage 100
auto-aof-rewrite-min-size 64mb
aof-load-truncated yes
lua-time-limit 5000
slowlog-log-slower-than 10000
slowlog-max-len 128
latency-monitor-threshold 0
notify-keyspace-events ""
hash-max-ziplist-entries 512
hash-max-ziplist-value 64
list-max-ziplist-size -2
list-compress-depth 0
set-max-intset-entries 512
zset-max-ziplist-entries 128
zset-max-ziplist-value 64
hll-sparse-max-bytes 3000
activerehashing yes
client-output-buffer-limit normal 0 0 0
client-output-buffer-limit slave 256mb 64mb 60
client-output-buffer-limit pubsub 32mb 8mb 60
hz 10
aof-rewrite-incremental-fsync yes
[root@master ~]#
View Code redis-slave.conf.erb文件內(nèi)容
[root@master ~]# cat /etc/puppet/modules/redis/templates/redis-slave.conf.erb
bind 0.0.0.0
protected-mode yes
port 6379
tcp-backlog 511
timeout 0
tcp-keepalive 300
daemonize no
supervised no
pidfile /var/run/redis_6379.pid
loglevel notice
logfile /var/log/redis/redis.log
databases 16
slaveof <%= @masterip %> <%= @masterport %>
masterauth <%= @masterpass %>
save 900 1
save 300 10
save 60 10000
stop-writes-on-bgsave-error yes
rdbcompression yes
rdbchecksum yes
dbfilename dump.rdb
dir /var/lib/redis
slave-serve-stale-data yes
slave-read-only yes
repl-diskless-sync no
repl-diskless-sync-delay 5
repl-disable-tcp-nodelay no
slave-priority 100
appendonly no
appendfilename "appendonly.aof"
appendfsync everysec
no-appendfsync-on-rewrite no
auto-aof-rewrite-percentage 100
auto-aof-rewrite-min-size 64mb
aof-load-truncated yes
lua-time-limit 5000
slowlog-log-slower-than 10000
slowlog-max-len 128
latency-monitor-threshold 0
notify-keyspace-events ""
hash-max-ziplist-entries 512
hash-max-ziplist-value 64
list-max-ziplist-size -2
list-compress-depth 0
set-max-intset-entries 512
zset-max-ziplist-entries 128
zset-max-ziplist-value 64
hll-sparse-max-bytes 3000
activerehashing yes
client-output-buffer-limit normal 0 0 0
client-output-buffer-limit slave 256mb 64mb 60
client-output-buffer-limit pubsub 32mb 8mb 60
hz 10
aof-rewrite-incremental-fsync yes
[root@master ~]#
View Code
redis模塊目錄和文件存放情況�����,以及模版文件中需要傳遞參數(shù)
[root@master ~]# tree /etc/puppet/modules/redis/
/etc/puppet/modules/redis/
├── files
├── lib
├── manifests
│ ├── init.pp
│ ├── master.pp
│ └── slave.pp
├── spec
├── templates
│ ├── redis-master.conf.erb
│ └── redis-slave.conf.erb
└── tests
6 directories, 5 files
[root@master ~]# grep -Ei "^port|requirepass|masterauth|slaveof" /etc/puppet/modules/redis/templates/redis-master.conf.erb
port <%= @masterport %>
requirepass <%= @masterpass %>
[root@master ~]# grep -Ei "^port|requirepass|masterauth|slaveof" /etc/puppet/modules/redis/templates/redis-slave.conf.erb
port 6379
slaveof <%= @masterip %> <%= @masterport %>
masterauth <%= @masterpass %>
[root@master ~]#
提示:到此redis模塊就準(zhǔn)備好了���;
定義站點(diǎn)清單文件
[root@master ~]# cat /etc/puppet/manifests/site.pp
node 'node01.test.org'{
class{"redis::master":
masterport => "6379",
masterpass => "admin123.com"
}
}
node 'node02.test.org'{
class{"redis::slave":
masterip => '192.168.16.152',
masterport => '6379',
masterpass => 'admin123.com'
}
}
[root@master ~]#
提示:站點(diǎn)清單必須是在/etc/puppet/manifests/目錄下,名字必須為site.pp�,其內(nèi)容必須由關(guān)鍵字node來定義對應(yīng)一個(gè)主機(jī)或一類主機(jī)要應(yīng)用的資源;站點(diǎn)清單也可以使用類的繼承和我們在定義類時(shí)的使用差不多;
在node01上獲取自己相關(guān)的配置
提示:可以看到在node01上手動拉取配置能夠獲取到對應(yīng)到配置�����;
取消--noop 選項(xiàng)跑一遍��,看看對應(yīng)到redis是否啟動����?配置文件是否上我們指定到就配置?
[root@node01 ~]# puppet agent -v --no-daemonize
Notice: Starting Puppet client version 3.6.2
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for node01.test.org
Warning: The package type's allow_virtual parameter will be changing its default value from false to true in a future release. If you do not want to allow virtual packages, please explicitly set allow_virtual to false.
(at /usr/share/ruby/vendor_ruby/puppet/type.rb:816:in `set_default')
Info: Applying configuration version '1607328529'
Info: /Stage[main]/Redis::Master/File[/etc/redis.conf]: Filebucketed /etc/redis.conf to puppet with sum d43fae161baaf47638d0bb571785974d
Notice: /Stage[main]/Redis::Master/File[/etc/redis.conf]/content: content changed '{md5}d43fae161baaf47638d0bb571785974d' to '{md5}32a39b519eb7a9f70a4bdf4705a7afc0'
Notice: /Stage[main]/Redis::Master/File[/etc/redis.conf]/mode: mode changed '0640' to '0644'
Info: /Stage[main]/Redis::Master/File[/etc/redis.conf]: Scheduling refresh of Service[redis]
Info: /Stage[main]/Redis::Master/File[/etc/redis.conf]: Scheduling refresh of Service[redis]
Notice: /Stage[main]/Redis/Service[redis]/ensure: ensure changed 'stopped' to 'running'
Info: /Stage[main]/Redis/Service[redis]: Unscheduling refresh on Service[redis]
Notice: Finished catalog run in 0.32 seconds
^CNotice: Caught INT; calling stop
[root@node01 ~]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 *:6379 *:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 100 [::1]:25 [::]:*
[root@node01 ~]# grep -Ei "^port|bind|requirepass" /etc/redis.conf
bind 0.0.0.0
port 6379
requirepass admin123.com
[root@node01 ~]#
提示:可以看到node01上的reids已經(jīng)正常啟動,并且配置文件中的內(nèi)容也是我們傳遞參數(shù)的內(nèi)容;
在node02上手動拉取配置并運(yùn)行����,看看對應(yīng)redis是否正常運(yùn)行�����?配置文件下是否是我們指定傳遞的參數(shù)的配置文件?
[root@node02 ~]# puppet agent -v --no-daemonize
Notice: Starting Puppet client version 3.6.2
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for node02.test.org
Warning: The package type's allow_virtual parameter will be changing its default value from false to true in a future release. If you do not want to allow virtual packages, please explicitly set allow_virtual to false.
(at /usr/share/ruby/vendor_ruby/puppet/type.rb:816:in `set_default')
Info: Applying configuration version '1607328529'
Notice: /Stage[main]/Redis/Package[redis]/ensure: created
Info: FileBucket got a duplicate file {md5}d98629fded012cd2a25b9db0599a9251
Info: /Stage[main]/Redis::Slave/File[/etc/redis.conf]: Filebucketed /etc/redis.conf to puppet with sum d98629fded012cd2a25b9db0599a9251
Notice: /Stage[main]/Redis::Slave/File[/etc/redis.conf]/content: content changed '{md5}d98629fded012cd2a25b9db0599a9251' to '{md5}d1f0efeaee785f0d26eb2cd82acaf1f9'
Notice: /Stage[main]/Redis::Slave/File[/etc/redis.conf]/mode: mode changed '0640' to '0644'
Info: /Stage[main]/Redis::Slave/File[/etc/redis.conf]: Scheduling refresh of Service[redis]
Info: /Stage[main]/Redis::Slave/File[/etc/redis.conf]: Scheduling refresh of Service[redis]
Notice: /Stage[main]/Redis/Service[redis]/ensure: ensure changed 'stopped' to 'running'
Info: /Stage[main]/Redis/Service[redis]: Unscheduling refresh on Service[redis]
Notice: Finished catalog run in 10.62 seconds
^CNotice: Caught INT; calling stop
[root@node02 ~]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 *:6379 *:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 100 [::1]:25 [::]:*
[root@node02 ~]# grep -Ei "^port|requirepass|slaveof|masterauth" /etc/redis.conf
port 6379
slaveof 192.168.16.152 6379
masterauth admin123.com
[root@node02 ~]#
提示:可以看到node02上的redis已經(jīng)正常跑起來了,并且配置文件中的對應(yīng)參數(shù)也是為指定傳入的參數(shù)����;
驗(yàn)證:在node01上登陸redis���,創(chuàng)建一個(gè)key,看看對應(yīng)node02上的redis是否正常將node01上創(chuàng)建的key同步到node02上的redis上���?
[root@node01 ~]# redis-cli
127.0.0.1:6379> AUTH admin123.com
OK
127.0.0.1:6379> set test test
OK
127.0.0.1:6379> get test
"test"
127.0.0.1:6379> exit
[root@node01 ~]# redis-cli -h node02.test.org -a admin123.com
node02.test.org:6379> get test
"test"
node02.test.org:6379>
提示:可以看到在node01上的redis上寫入一個(gè)key在node02上能夠看到對應(yīng)key的值��,說明redis的主從復(fù)制正常�����;以上就是puppet master/agent模型上安裝啟動redis主從的簡單示例�����;
puppet多環(huán)境設(shè)定
所謂多環(huán)境指一個(gè)agent通過指定不同的環(huán)境名稱��,可以在master上獲取不同環(huán)境的配置清單�����,從而實(shí)現(xiàn)在不同的環(huán)境中,對應(yīng)的agent拉取不同的配置到本地應(yīng)用��;默認(rèn)不配置多環(huán)境����,在agent來master拉取配置都是拉取的生產(chǎn)環(huán)境的配置(production);
示例:在master端上配置多個(gè)環(huán)境����,對應(yīng)節(jié)點(diǎn)使用傳遞不同環(huán)境來獲取不同環(huán)境的配置
提示:在master端端配置文件中新整以上master配置段,并指明environmentpath位置����;這里需要注意��,更改了配置文件需要重啟服務(wù)才可生效�����;
查看confdir的位置
[root@master ~]# puppet config print |grep confdir
confdir = /etc/puppet
[root@master ~]#
在/etc/puppet目錄下創(chuàng)建environments目錄,并在其下創(chuàng)建對應(yīng)環(huán)境名的目錄以及子目錄
[root@master ~]# mkdir -pv /etc/puppet/environments/{testing,development,production}/{manifests,modules}
mkdir: created directory '/etc/puppet/environments’
mkdir: created directory '/etc/puppet/environments/testing’
mkdir: created directory '/etc/puppet/environments/testing/manifests’
mkdir: created directory '/etc/puppet/environments/testing/modules’
mkdir: created directory '/etc/puppet/environments/development’
mkdir: created directory '/etc/puppet/environments/development/manifests’
mkdir: created directory '/etc/puppet/environments/development/modules’
mkdir: created directory '/etc/puppet/environments/production’
mkdir: created directory '/etc/puppet/environments/production/manifests’
mkdir: created directory '/etc/puppet/environments/production/modules’
[root@master ~]# tree /etc/puppet/environments/
/etc/puppet/environments/
├── development
│ ├── manifests
│ └── modules
├── production
│ ├── manifests
│ └── modules
└── testing
├── manifests
└── modules
9 directories, 0 files
[root@master ~]#
提示:在每個(gè)環(huán)境目錄下必須創(chuàng)建manifests和modules目錄��,manifests目錄用于存放站點(diǎn)清單���,modules用于存放模塊����;
在testing環(huán)境下創(chuàng)建安裝memcached,并指定監(jiān)聽在11211端口的模塊和站點(diǎn)清單����,配置development環(huán)境下的memcached監(jiān)聽在11212端口�����,配置prediction環(huán)境的memcached監(jiān)聽在11213端口
創(chuàng)建memcached模塊目錄結(jié)構(gòu)
[root@master ~]# mkdir -pv /etc/puppet/environments/testing/modules/memcached/{manifests,templates,files,lib,spec,tests}
mkdir: created directory '/etc/puppet/environments/testing/modules/memcached’
mkdir: created directory '/etc/puppet/environments/testing/modules/memcached/manifests’
mkdir: created directory '/etc/puppet/environments/testing/modules/memcached/templates’
mkdir: created directory '/etc/puppet/environments/testing/modules/memcached/files’
mkdir: created directory '/etc/puppet/environments/testing/modules/memcached/lib’
mkdir: created directory '/etc/puppet/environments/testing/modules/memcached/spec’
mkdir: created directory '/etc/puppet/environments/testing/modules/memcached/tests’
[root@master ~]# tree /etc/puppet/environments/testing/modules/memcached/
/etc/puppet/environments/testing/modules/memcached/
├── files
├── lib
├── manifests
├── spec
├── templates
└── tests
6 directories, 0 files
[root@master ~]#
在testing環(huán)境下的manifests目錄下創(chuàng)建init.pp文件
[root@master ~]# cat /etc/puppet/environments/testing/modules/memcached/manifests/init.pp
class memcached{
package{"memcached":
ensure => installed,
} ->
file{"/etc/sysconfig/memcached":
ensure => file,
source => 'puppet:///modules/memcached/memcached',
owner => 'root',
group => 'root',
mode => '0644',
} ~>
service{"memcached":
ensure => running,
enable => true
}
}
[root@master ~]#
在testing環(huán)境下的files目錄提供memcached配置文件
[root@master ~]# cat /etc/puppet/environments/testing/modules/memcached/files/memcached
PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE="64"
OPTIONS=""
[root@master ~]#
在testing環(huán)境下的manifests目錄下創(chuàng)建站點(diǎn)文件site.pp
[root@master ~]# cat /etc/puppet/environments/testing/manifests/site.pp
node 'node02.test.org'{
include memcached
}
[root@master ~]#
提示:到此testing環(huán)境的memcached模塊的配置和站點(diǎn)清單就配置好了�;
配置development環(huán)境下的memcached模塊和站點(diǎn)清單
復(fù)制testing環(huán)境下的模塊到development
[root@master ~]# cp -a /etc/puppet/environments/testing/modules/memcached/ /etc/puppet/environments/development/modules/
[root@master ~]# tree /etc/puppet/environments/development/modules/
/etc/puppet/environments/development/modules/
└── memcached
├── files
│ └── memcached
├── lib
├── manifests
│ └── init.pp
├── spec
├── templates
└── tests
7 directories, 2 files
[root@master ~]#
編輯files目錄下的memcached配置文件,修改監(jiān)聽端口為11212
[root@master ~]# cat /etc/puppet/environments/development/modules/memcached/files/memcached
PORT="11212"
USER="memcached"
MAXCONN="1024"
CACHESIZE="64"
OPTIONS=""
[root@master ~]#
提示:testing和development環(huán)境下的memcached除了配置文件不同�����,站點(diǎn)清單一樣;
復(fù)制testing環(huán)境下的站點(diǎn)清單到development環(huán)境下
[root@master ~]# cp /etc/puppet/environments/testing/manifests/site.pp /etc/puppet/environments/development/manifests/
[root@master ~]# cat /etc/puppet/environments/development/manifests/site.pp
node 'node02.test.org'{
include memcached
}
[root@master ~]#
提示:到此development環(huán)境下到memcached模塊和站點(diǎn)清單文件就配置好了�����;
配置production環(huán)境下的memcached模塊和站點(diǎn)清單
復(fù)制testing環(huán)境下到memcached模塊
[root@master ~]# cp -a /etc/puppet/environments/testing/modules/memcached/ /etc/puppet/environments/production/modules/
[root@master ~]# tree /etc/puppet/environments/production/modules/
/etc/puppet/environments/production/modules/
└── memcached
├── files
│ └── memcached
├── lib
├── manifests
│ └── init.pp
├── spec
├── templates
└── tests
7 directories, 2 files
[root@master ~]#
編輯files目錄下的memcached配置文件���,修改監(jiān)聽端口為11213
[root@master ~]# cat /etc/puppet/environments/production/modules/memcached/files/memcached
PORT="11213"
USER="memcached"
MAXCONN="1024"
CACHESIZE="64"
OPTIONS=""
[root@master ~]#
復(fù)制站點(diǎn)文件到production環(huán)境下
[root@master ~]# cp /etc/puppet/environments/testing/manifests/site.pp /etc/puppet/environments/production/manifests/
[root@master ~]# cat /etc/puppet/environments/production/manifests/site.pp
node 'node02.test.org'{
include memcached
}
[root@master ~]#
提示:到此三個(gè)環(huán)境到memcached模塊和站點(diǎn)清單都準(zhǔn)備好了����;
在node02上使用不同的環(huán)境來啟動監(jiān)聽不同的端口的memcached
使用testing環(huán)境
[root@node02 ~]# puppet agent -v --no-daemonize --environment=testing
Notice: Starting Puppet client version 3.6.2
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for node02.test.org
Warning: The package type's allow_virtual parameter will be changing its default value from false to true in a future release. If you do not want to allow virtual packages, please explicitly set allow_virtual to false.
(at /usr/share/ruby/vendor_ruby/puppet/type.rb:816:in `set_default')
Info: Applying configuration version '1607334372'
Notice: /Stage[main]/Memcached/Service[memcached]/ensure: ensure changed 'stopped' to 'running'
Info: /Stage[main]/Memcached/Service[memcached]: Unscheduling refresh on Service[memcached]
Notice: Finished catalog run in 0.29 seconds
^CNotice: Caught INT; calling stop
[root@node02 ~]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 *:11211 *:*
LISTEN 0 128 *:6379 *:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 100 [::1]:25 [::]:*
LISTEN 0 128 [::]:11211 [::]:*
[root@node02 ~]#
提示:可以看到在node02上使用--envrionment選項(xiàng)指定為testing環(huán)境,對應(yīng)啟動的memcached的端口為11211�����;
使用development環(huán)境
[root@node02 ~]# puppet agent -v --no-daemonize --environment=development
Notice: Starting Puppet client version 3.6.2
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for node02.test.org
Warning: The package type's allow_virtual parameter will be changing its default value from false to true in a future release. If you do not want to allow virtual packages, please explicitly set allow_virtual to false.
(at /usr/share/ruby/vendor_ruby/puppet/type.rb:816:in `set_default')
Info: Applying configuration version '1607334662'
Info: /Stage[main]/Memcached/File[/etc/sysconfig/memcached]: Filebucketed /etc/sysconfig/memcached to puppet with sum 05503957e3796fbe6fddd756a7a102a0
Notice: /Stage[main]/Memcached/File[/etc/sysconfig/memcached]/content: content changed '{md5}05503957e3796fbe6fddd756a7a102a0' to '{md5}b69eb8ec579bb28f4140f7debf17f281'
Info: /Stage[main]/Memcached/File[/etc/sysconfig/memcached]: Scheduling refresh of Service[memcached]
Notice: /Stage[main]/Memcached/Service[memcached]: Triggered 'refresh' from 1 events
Notice: Finished catalog run in 0.34 seconds
^CNotice: Caught INT; calling stop
[root@node02 ~]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 *:6379 *:*
LISTEN 0 128 *:11212 *:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 100 [::1]:25 [::]:*
LISTEN 0 128 [::]:11212 [::]:*
[root@node02 ~]#
提示:可以看到使用development環(huán)境���,對應(yīng)啟動的memcached的端口就是11212;
使用production環(huán)境
[root@node02 ~]# puppet agent -v --no-daemonize --environment=production
Notice: Starting Puppet client version 3.6.2
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for node02.test.org
Warning: The package type's allow_virtual parameter will be changing its default value from false to true in a future release. If you do not want to allow virtual packages, please explicitly set allow_virtual to false.
(at /usr/share/ruby/vendor_ruby/puppet/type.rb:816:in `set_default')
Info: Applying configuration version '1607334761'
Info: /Stage[main]/Memcached/File[/etc/sysconfig/memcached]: Filebucketed /etc/sysconfig/memcached to puppet with sum b69eb8ec579bb28f4140f7debf17f281
Notice: /Stage[main]/Memcached/File[/etc/sysconfig/memcached]/content: content changed '{md5}b69eb8ec579bb28f4140f7debf17f281' to '{md5}f7cdb226870b0164bbdb8671eb11e433'
Info: /Stage[main]/Memcached/File[/etc/sysconfig/memcached]: Scheduling refresh of Service[memcached]
Notice: /Stage[main]/Memcached/Service[memcached]: Triggered 'refresh' from 1 events
Notice: Finished catalog run in 0.33 seconds
^CNotice: Caught INT; calling stop
[root@node02 ~]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 *:6379 *:*
LISTEN 0 128 *:11213 *:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 100 [::1]:25 [::]:*
LISTEN 0 128 [::]:11213 [::]:*
[root@node02 ~]#
提示:可以看到memcached監(jiān)聽地址就變?yōu)榱?1213;如以上測試沒有任何問題���,接下來就可以確定對應(yīng)agent的環(huán)境����,配置agent的環(huán)境;
配置agent端的環(huán)境
提示:在agent的配置文件中使用environment指定對應(yīng)的環(huán)境名稱,保存退出重啟puppetagent服務(wù)�����,現(xiàn)在這臺agent就會周期性的到master端拉取testing環(huán)境的相關(guān)配置;
以上就是puppet的master/agent模型以及多環(huán)境相關(guān)配置的使用和測試;
|
