puppet 原理和工作流程
puppet 一個為實作資料中心自動化管理而設計的配置管理軟體
基于C/S架構
原理:S服務端儲存着所有的對用戶端伺服器的配置代碼,puppet裡叫清單(manifest);c用戶端下載下傳清單後,根據清單對伺服器進行配置
工作流程:用戶端調用facter facter探測出主機的一些變量,puppetd 把這些資訊通過SSL連接配接發送到伺服器puppetmaster
伺服器puppetmaster 檢測用戶端的主機名,然後找到manifest裡面對應主機的配置,對其解析,讓用戶端執行。用戶端每隔30分鐘同步一次配置檔案。
puppet安裝
centos6.5 安裝puppet
OS: Centos 6.5 x86_64
Puppet master: master.com (192.168.116.135)
Puppet clients: client1.com (192.168.116.136)
Puppet clients: client2.com (192.168.116.137)
一、先做好安裝的準備工作:
1. 在master和client均關閉selinux,iptables:
停止iptables
[root@master ~]# service iptables stop
[root@master ~]# chkconfig ptables off
關閉selinux
[root@master ~]# vim /etc/selinux/config
改成 SELINUX=disabled
2. 為了保證能向master主機申請到正确的有效證書,建議master和client設定ntp:
[root@master ~]# yum -y install ntp
[root@master ~]# ntpdate pool.ntp.org
[root@master ~]# chkconfig ntpd on
[root@master ~]# chkconfig --list|grep ntp
[root@master ~]# service ntpd start
3. 在master和client端設定主機名和hosts
Puppet 要求所有機器有完整的域名,如果沒有 DNS 伺服器提供域名的話,可以在機器上設定主機名
[root@master ~]# vim /etc/sysconfig/network
master.com
[root@master ~]# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.116.135 master.com
192.168.116.136 client1.com
192.168.116.137 client2.com
4. 安裝puppet官方源(都安裝後,克隆改主機名)
[root@master ~]# wget http://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-7.noarch.rpm
[root@master ~]# rpm -ivh puppetlabs-release-6-7.noarch.rpm
[root@master ~]# yum update
之上C/S都安裝
二、Master端安裝配置
1. 安裝 puppet-server
[root@master ~]# yum -y install puppet-server
2. 添加自動簽發證書
編輯 /etc/puppet/puppet.conf 檔案, 在[main]段内加入 autosign = true,server = master.com
[root@master ~]# vim /etc/puppet/puppet.conf
[main]
# The Puppet log directory.
# The default value is '$vardir/log'.
logdir = /var/log/puppet
# Where Puppet PID files are kept.
# The default value is '$vardir/run'.
rundir = /var/run/puppet
# Where SSL certificates are kept.
# The default value is '$confdir/ssl'.
ssldir = $vardir/ssl
autosign = true
server = master.com
3. 啟動Puppetmaster
[root@master ~]# service puppetmaster start
[root@master ~]# netstat -tunlp | grep :8140
tcp 0 0 0.0.0.0:8140 0.0.0.0:* LISTEN 9148/ruby
4. 開機啟動
[root@master ~]# chkconfig --list |grep puppet
[root@master ~]# chkconfig puppetmaster on
三、用戶端安裝配置
1. puppet 安裝
[root@client1 ~]# yum -y install puppet
2. 為用戶端指定puppet伺服器,并開啟Master的推送功能
編輯 /etc/puppet/puppet.conf 檔案,在[agent]段内加入 listen = true,server = master.com
[root@client1 ~]# vim /etc/puppet/puppet.conf
[agent]
# The file in which puppetd stores a list of the classes
# associated with the retrieved configuratiion. Can be loaded in
# the separate ``puppet`` executable using the ``--loadclasses``
# option.
# The default value is '$confdir/classes.txt'.
classfile = $vardir/classes.txt
# Where puppetd caches the local configuration. An
# extension indicating the cache format is added automatically.
# The default value is '$confdir/localconfig'.
localconfig = $vardir/localconfig
listen = true
編輯 /etc/puppet/auth.conf 檔案, 在 auth / 最下面加入以下語句
[root@client1 ~]# vim /etc/puppet/auth.conf
path /run
method save
allow master.com
3. 啟動client
[root@client1 ~]# service puppet start
[root@client1 ~]# netstat -tunlp | grep :8139
[root@client1 ~]# chkconfig puppet on
[root@client1 ~]# chkconfig --list |grep puppet
測試
[root@client1 ~]#puppet agent --test
[root@master ~]#puppet cert list --all
在服務端安裝puppet的dashboard
安裝mysql
[root@master ~]# yum install ruby-mysql mysql-server puppet-dashboard
優化mysql設定
[root@master ~]# cp /usr/share/mysql/my-large.cnf /etc/my.cnf
[root@master ~]# vim /etc/my.cnf
[mysqld]
max_allowed_packet = 32M
啟動Mysql服務
[root@master ~]# service mysqld start
[root@master ~]# chkconfig mysqld on
[root@master ~]# chkconfig --list |grep mysqld
[root@master ~]# mysqladmin -u root password '123456'
建立一個dashboard資料庫
[root@master ~]# mysql -uroot -p123456 <<EOF
> CREATE DATABASE dashboard CHARACTER SET utf8;
> CREATE USER 'dashboard'@'localhost' IDENTIFIED BY '123456';
> GRANT ALL PRIVILEGES ON dashboard.* TO 'dashboard'@'localhost';
> FLUSH PRIVILEGES;
> EOF
配置Dashboard
[root@master ~]# vim /usr/share/puppet-dashboard/config/database.yml
production:
database: dashboard
username: dashboard
password: 123456
encoding: utf8
adapter: mysql
修改時區
[root@master ~]# vim /usr/share/puppet-dashboard/config/environment.rb
config.time_zone='Beijing'
初始化資料庫
[root@master ~]# cd /usr/share/puppet-dashboard/
[root@master puppet-dashboard]# rake RAILS_ENV=production db:migrate
[root@master ~]# service httpd stop
[root@master ~]# service puppetmaster start
[root@master ~]# service puppet-dashboard start
通路http://master.com:3000
導入報告
cd /usr/share/puppet-dashboard
rake RAILS_ENV=production reports:import
執行報告
rake jobs:work RAILS_ENV="production"
例子:
[root@master ~]# mkdir -p /etc/puppet/modules/motd{files,manifests,templates}
[root@master ~]# cd /etc/puppet/modules/motd/files
[root@master ~]# mkdir etc
[root@master ~]# vim motd
---puppet test ----
[root@master ~]# vim /etc/puppet/modules/motd/manifests/init.pp
class motd{ #定義一個類叫motd
package{ 'setup': #定義package資源
ensure => present, #要求setup這個包處于被安裝狀态
}
file{ '/etc/motd': #定義file資源
ensure => present, #要求file檔案處于存在狀态
owner => 'root', #要求file檔案屬主為root
group => 'root', #要求file檔案屬組為root
mode => '0644', #要求file檔案權限為644
source => "puppet://$puppetserver/modules/motd/etc/motd", #要求file檔案從puppetmaster端伺服器下載下傳
require => Package['setup'], #要求檔案被配置之前先執行package資源
}
[root@master ~]# vim /etc/puppet/manifests/site.pp
$puppetserver = 'master.com' #設定全局變量
node 'client1.com'{
include motd
puppet 部署tomcat
[root@master ~]#mkdir –vp /etc/puppet/modules/java7/{files,templates,manifests}
[root@master ~]# cd /etc/puppet/modules/java7/files
[root@master files]# wget http://download.oracle.com/otn-pub/java/jdk/7u71-b14/jdk-7u71-linux-x64.tar.gz
[root@master modules]vim java7/manifests/init.pp
class java7 {
include java7::install,java7::env
}
[root@master modules]vim java7/manifests/install.pp
class java7::install {
file {
"/usr/jdk-7u79-linux-x64.tar.gz": #指明檔案下載下傳到用戶端的哪個路徑
source=> "puppet:///modules/java7/jdk-7u79-linux-x64.tar.gz", #伺服器上被下載下傳的源檔案
owner => root,
group => root,
mode => 755
}
exec { "install jdk":
cwd => "/usr",
command => "tar -zxvf jdk-7u79-linux-x64.tar.gz",
user => "root",
group => "root",
path =>["/usr/bin:/usr/sbin:/bin:/sbin"],
creates =>"/usr/jdk1.7.0_79",
require =>File["/usr/jdk-7u79-linux-x64.tar.gz"]
}
files/env
export JAVA_HOME=/usr/jdk1.7.0_79
exprot PATH=$JAVA_HOME/bin:$PATH
export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
[root@master modules]Vim java7/manifests/env.pp
class java7::env {
file {
"/usr/java/env":
owner => "root",
group => "root",
source =>"puppet:///modules/java7/env"
exec {
"set env": #set JAVA_HOME
command =>"cat /usr/java/env>>/etc/profile && source /etc/profile",
user => "root",
path =>["/usr/local/sbin","/usr/local/bin","/sbin","/bin","/usr/sbin","/usr/bin"],
unless => "grep -i java_home /etc/profile",#if the return value is 1,do this command.
require =>File["/usr/java/env"]
}
vi /etc/puppet/manifests/nodes.pp
node 'client1.com' {
include java7
}
site.pp導入 節點配置檔案node.pp
vi /etc/puppet/manifests/site.pp
import "nodes.pp"
配置完成後,用戶端執行puppet agent --test ,檢視結果
vim /etc/puppet/modules/tomcat7/manifests/init.pp
class tomcat7 {
include tomcat7::install
class tomcat7::install {
file {
"/usr/apache-tomcat-7.0.63.tar.gz":
source =>"puppet:///modules/tomcat7/apache-tomcat-7.0.63.tar.gz",
owner => "root",
group => "root",
mode => 755
}
exec {"install tomcat":
cwd => "/usr",
command => "tar zxvfapache-tomcat-7.0.63.tar.gz && mv apache-tomcat-7.0.63 tomcat7",
user => "root",
path =>["/usr/bin:/usr/sbin:/bin:/sbin"],
creates => "/usr/tomcat7",
require => File["/usr/apache-tomcat-7.0.63.tar.gz"]
include java7,tocamt7