puppet实战之master-agent
author:JevonWei
版权声明:原创作品
blog:http://119.23.52.191/
master作为puppet模块的管理者,通过配置各agent节点的配置文件,使agent配置master的指定模块
环境
master 172.16.252.184
agent1 172.16.252.67
agent2 172.16.252.207
各主机时间同步及配置主机名互相通信
[root@master ~]# ntpdate 172.16.0.1
[root@master ~]# vim /etc/hosts
172.16.252.184 master
172.16.252.207 agent2
172.16.252.67 agent1
master定义puppet模块
编辑Tomcat模块
[root@master ~]# yum -y install puppet-server puppet
[root@master ~]# cd /etc/puppet/modeles
[root@master modules]# vim tomcat/manifests/init.pp
class tomcat {
package{'tomcat':
ensure => latest,
}
package{'tomcat-webapps':
ensure => latest,
}
file{'tomcat':
path => '/etc/sysconfig/tomcat',
source => 'puppet:///modules/tomcat/tomcat',
owner => root,
group => root,
mode => '644',
require => Package['tomcat'],
}
file{'server.xml':
path => '/etc/tomcat/server.xml',
source => 'puppet:///modules/tomcat/server.xml',
owner => root,
group => tomcat,
mode => '644',
require => Package['tomcat'],
}
service{'tomcat':
ensure => running,
enable => true,
subscribe => [ File['tomcat'], File['server.xml'] ],
}
}
[root@master modules]# vim tomcat/manifests/manager.pp
class tomcat::manager inherits tomcat {
package{'tomcat-admin-webapps':
ensure => latest
}
file{'tomcat-users.xml':
path => '/etc/tomcat/tomcat-users.xml',
source => 'puppet:///modules/tomcat/tomcat-users.xml',
owner => root,
group => tomcat,
mode => '640',
require => Package['tomcat']
}
Service['tomcat']{
subscribe +> File['tomcat-users.xml']
}
}
复制并编辑所需要的配置文件
[root@master modules]# scp 172.16.252.82:/etc/sysconfig/tomcat tomcat/files/
[root@master modules]# vim tomcat/files/tomcat 编辑修改tomcat的环境参数
JAVA_OPTS="-Xms512m -Xmx512M" 所使用的堆内存大小
[root@master modules]# scp 172.16.252.82:/etc/tomcat/{server.xml,tomcat-users.xml} tomcat/files/
[root@master modules]# vim tomcat/files/tomcat-users.xml \\定义manager的管理界面
<role rolename="manager-gui"/>
<user username="tomcat" password="tomcat" roles="manager-gui"/>
编辑Nginx模块
[root@master modules]# vim nginx/manifests/init.pp
class nginx {
package{'nginx':
ensure => latest
} ->
service{'nginx':
ensure => running,
enable => true
}
}
nginx的web页面模块
[root@master modules]# vim nginx/manifests/web.pp
[root@master modules]# vim nginx/manifests/web.pp
class nginx::web($port=8088) inherits nginx {
file{'web.conf':
path => '/etc/nginx/conf.d/web.conf',
content => template('nginx/web.conf.erb')
}
file{'/ngxdata/html':
ensure => directory
}
file{'index.html':
ensure => file,
path => '/ngxdata/html/index.html',
source => 'puppet:///modules/nginx/index.html',
require => File['/ngxdata/html']
}
Service['nginx'] {
subscribe => File['web.conf']
}
}
nginx的proxy模块
[root@master modules]# vim nginx/manifests/proxy.pp
class nginx::proxy($proxy_port=8088) inherits nginx {
file{'proxy.conf':
path => '/etc/nginx/conf.d/proxy.conf',
content => template('nginx/proxy.conf.erb'),
}
Service['nginx'] {
subscribe => File['proxy.conf']
}
}
编辑Nginx web应用的配置文件的模板文件
[root@master modules]# vim nginx/templates/web.conf.erb
server {
listen <%= @port %>;
server_name <%= @fqdn %>;
location /
root /ngxdata/html;
}
}
编辑web的测试页
[root@master modules]# vim nginx/files/index.html
<h1> Nginx ok </h1>
编辑Nginx proxy应用的配置文件的模板文件
[root@master modules]# vim nginx/templates/proxy.conf.erb
server {
listen <%= @proxy_port %>;
server_name <%= @fqdn %>;
location / {
proxy_pass http://172.16.252.184:8080/;
}
}
配置redis模块
[root@master modules]# mkdir redis/{manifests,files,templates} -pv
[root@master modules]# vim redis/manifests/init.pp
class redis {
package{'redis':
ensure => latest,
}
service{'redis':
ensure => running,
enable => true
}
}
单环境配置
agent2安装jdk tomcat:manager模块
启动puppetmaster
以非守护进程运行master程序(可查看详细的启动过程)
[root@master ~]# puppet master --no-daemonize -d -v
或systemctl启动master进程
[root@master ~]# systemctl start puppetmaster.service
[root@master ~]# ss -ntl 查看8140端口是否监听
agent2启动puppetagent
[root@agent2 ~]# puppet agent --server master.danran.com --no-daemonize -v 非守护进程运行agent程序,安装jdk和tomcat::manager模块
\\--server指定master server服务端,也可修改配置文件puppet config set server master.danran.com
或systemcal start puppetagent.service 启动agent进程
[root@agent2 ~]# systemctl start puppetagent.service
master签署证书和配置agent2节点
列出所有的带签署证书
[root@master ~]# puppet cert list
为agent2签署证书
[root@master ~]# puppet cert sign agent2.danran.com
Notice: Signed certificate request for agent2.danran.com
Notice: Removing file Puppet::SSL::CertificateRequest agent2.danran.com at '/var/lib/puppet/ssl/ca/requests/agent2.danran.com.pem'
[root@master ~]# puppet cert sign agent1.danran.com
Notice: Signed certificate request for agent1.danran.com
Notice: Removing file Puppet::SSL::CertificateRequest agent1.danran.com at '/var/lib/puppet/ssl/ca/requests/agent1.danran.com.pem'
定义agent2节点的配置
[root@master ~]# cd /etc/puppet/manifests/
[root@master manifests]# vim site.pp
node 'agent2.danran.com' {
include jdk
include tomcat::manager
}
因为agent2以puppet的身份去读取server.xml配置文件,故需要添加puppet用户读取server.xml的权限
[root@master files]# cd /etc/puppet/modules/tomcat/
[root@master files]# chmod o+r tomcat-users.xml
agent2查看模块安装结果
[root@agent2 ~]# ss -ntl 查看tomcat-manager的8080端口已监听
测试agent2的manager页面
浏览器输入http://172.16.252.207:8080/manager
agent1节点安装jdk nginx:proxy模块
master
master修改nginx的配置文件
[root@master ~]# cd /etc/puppet/modules/nginx/
[root@master nginx]# vim templates/proxy.conf.erb
server {
listen <%= @proxy_port %>;
server_name <%= @fqdn %>;
location / {
proxy_pass http://agent2.danran.com:8080/;
}
}
master编辑site.pp节点配置文件
[root@master manifests]# vim site.pp
node 'agent2.danran.com' {
include jdk
include tomcat::manager
}
node 'agent1.danran.com' {
include nginx::proxy
}
agent1
agent1安装配置nginx::proxy模块
[root@agent1 ~]# yum -y install puppet
[root@agent1 ~]# systemctl start puppetagent 启动puppetagent程序
master签署证书
[root@master manifests]# puppet cert sign -a 签署所有的证书
agent1启动puppetagent
[root@agent1 ~]# systemctl restart puppetagent
[root@agent1 ~]# ps -aux 查看nginx服务是否启动
测试
浏览器访问http://172.16.252.67:8088测试代理是否正常
agent1 agent3安装redis模块
master
[root@master manifests]# vim /etc/puppet/manifests/site.pp
node '/agent[13]\.danran\.com/' { \\agent1.danran.com和agent3.danran.com节点安装此配置
include jdk
include tomcat::manager
}
node 'agent2.danran.com' {
include nginx::proxy
include redis
}
agent1/3
[root@agent1 ~]# systemctl restart puppetagent
[root@agent1 ~]# ss -ntl 查看redis的端口6379是否监听
agent3继承agent1模块
- 配置agent3继承agent1的配置
master
[root@master manifests]# vim /etc/puppet/manifests/site.pp
#node 'base' { \\基本配置,各node都会配置
# include chrony
#}
node 'agent1.danran.com' { \\agent1.danran.com和agent3.danran.com节点安装此配置
include jdk
include tomcat::manager
}
node 'agent2.danran.com' {
include nginx::proxy
include redis
}
node 'agent3.danran.com' inherits 'agent1.danran.com' {
include redis
}
agent3
[root@agent3 ~]# systemctl restart puppetagent
agent修改server指向
agent2修改配置文件中的master服务端为master.danran.com
[root@agent2 ~]# puppet config set server master.danran.com
[root@agent2 ~]# puppet config print | grep server
ssl_server_ca_auth =
server_datadir = /var/lib/puppet/server_data
fileserverconfig = /etc/puppet/fileserver.conf
server = master.danran.com
ca_server = master.danran.com
report_server = master.danran.com
inventory_server = master.danran.com
archive_file_server = master.danran.com
smtpserver = none
dbserver = localhost
ldapserver = ldap
[root@agent2 ~]# cat /etc/puppet/puppet.conf
server = master.danran.com
多环境配置
[root@master ~]# mkdir /etc/puppet/enviroments \\设置多环境的路径为/etc/puppet/enviroments
[root@master ~]# puppet config set environmentpath '$confdir'/enviroments/
[root@master ~]# puppet config print --section master | grep environ
environment = production
environmentpath = /etc/puppet/enviroments
environment_timeout = 0
[root@master ~]# cat /etc/puppet/puppet.conf
[main]
environmentpath = $confdir/enviroments/
[root@master ~]# systemctl restart puppetmaster \\重启生效
创建production环境配置文件
[root@master ~]# cd /etc/puppet/enviroments/
[root@master enviroments]# mkdir production/{manifests,modules} -pv
[root@master enviroments]# cp -r /etc/puppet/modules/redis/ production/modules/
[root@master enviroments]# vim production/manifests/site.pp
node 'agent2.danran.com' {
include redis
}
[root@master enviroments]# tree
.
└── production
├── manifests
│ └── site.pp
└── modules
└── redis
├── files
├── manifests
│ └── init.pp
└── templates
创建testing环境配置文件
[root@master enviroments]# mkdir testing/{manifests,modules} -pv
mkdir: created directory ‘testing’
mkdir: created directory ‘testing/manifests’
mkdir: created directory ‘testing/modules’
[root@master enviroments]# cp -r /etc/puppet/modules/jdk/ testing/modules/
[root@master enviroments]# vim testing/manifests/site.pp
node 'agent2.danran.com' {
jdk
}
agent
非守护进程方式运行
[root@agent1 ~]# puppet agent -v --noop --no-daemonize --environment=testing \\指定使用的环境配置为testing
或
[root@agent1 ~]# puppet config set environment testing --section=agent 修改配置文件中的环境指向配置
默认的为main段
[root@agent1 ~]# puppet config print environment
production
agent环境为testing
[root@agent1 ~]# puppet config print environment --section=agent
testing
[root@agent1 ~]# cat /etc/puppet/puppet.conf
[agent]
environment = testing
启动puppetagent程序
[root@agent1 ~]# systemctl start puppetagent
puppet kick
- 通知推送机制
agent
[root@agent1 ~]# puppet config set listen true
[root@agent1 ~]# puppet config print listen
true
[root@agent1 ~]# systemctl start puppetagent.service
[root@agent1 ~]# ss -ntl \\查看8139端口是否监听
[root@agent1 ~]# vim /etc/puppet/auth.conf
path /run
method save
auth any
allow master.danran.com
\\以上配置放在此默认配置之前
path /
auth any
[root@agent1 ~]# systemctl restart puppetagent.service
master推送通知
master为agent1先配置一个模块,agent1收到通知则立即安装新模块
[root@master puppet]# cd /etc/puppet/enviroments/testing/
[root@master testing]# cp /etc/puppet/modules/redis/ modules/ -r
[root@master testing]# vim manifests/site.pp
node 'agent2.danran.com' {
jdk
redis
}
puppet kick agent1.danran.com 将agent1的配置推送给agent1.danrana.com节点
agent查看模块是否安装
puppet实战之master-agent的更多相关文章
- puppet(5)-master/agent模式
master/agent模式的工作流程 agent每隔固定时长会向master端发送nodename(自己的节点名,节点名至关重要)和 facts ,并且向服务器端请求自己的catalog. mast ...
- 部署puppet master/agent模型
自己画的一个简单的架构图 agent端每隔30分钟到master端请求与自己相关的catalog. 各节点时间要同步. 依赖DNS,各节点能通过主机名能解析. 1.同步时间 # yum install ...
- Puppet基于Master/Agent模式实现LNMP平台部署
前言 随着IT行业的迅猛发展,传统的运维方式靠大量人力比较吃力,运维人员面对日益增长的服务器和运维工作,不得不把很多重复的.繁琐的工作利用自动化处理.前期我们介绍了运维自动化工具ansible的简单应 ...
- puppet master/agent
puppet master/agent 配置 安装 master: yum install puppet-server agent: yum install puppet 自动签名 puppet的ma ...
- 自动化运维工具之Puppet master/agent模型、站点清单和puppet多环境设定
前文我们了解了puppe中模块的使用,回顾请参考https://www.cnblogs.com/qiuhom-1874/p/14086315.html:今天我来了解下puppet的master/age ...
- Puppet master/agent installation on RHEL7
==================================================================================================== ...
- CentOS7:Puppet推送Zabbix Agent
创建zabbix模块目录: $ mkdir -p /etc/puppet/modules/zabbix/{manifests,templates} 创建init.pp清单: $ cat /etc/pu ...
- puppet实现主从部署各种软件实战参考模型
puppet实现主从部署各种软件实战参考模型 实验要求: 1.我将准备三个节点 node2 , node3 , node4 2.我们想让节点node3部署ntp,nginx ;节点node ...
- 自动化运维工具——puppet详解(二)
一.class 类 1)什么是类? 类是puppet中命名的代码模块,常用于定义一组通用目标的资源,可在puppet全局调用: 类可以被继承,也可以包含子类: 具体定义的语法如下: class NAM ...
随机推荐
- python脚本执行报错:SyntaxError: Non-ASCII character '\xe6' in file ip.py on line 4...
报错信息 [root@chenbj ~]# python ip.py 192.168.1.1 File "ip.py", line 4 SyntaxError: Non-ASCII ...
- CopyOnWriteArrayList分析——能解决什么问题
CopyOnWriteArrayList主要可以解决的问题是并发遍历读取无锁(通过Iterator) 对比CopyOnWriteArrayList和ArrayList 假如我们频繁的读取一个可能会变化 ...
- vue实现tab切换功能精简版
<template> <div> <p class="tabs" v-for="(list,index) in lists" :c ...
- Java 窗体的基本操作语句 JFrame
package com.swift; import java.awt.Color; import java.awt.GridLayout; import java.util.Random; impor ...
- A1020 Tree Traversals (25 分)
Suppose that all the keys in a binary tree are distinct positive integers. Given the postorder and i ...
- js数据结构与算法--递归
递归,函数自己调用自己 return 返回值, 后面的代码不执行 function fn(num){ console.log(num) if(num == 0){ return; } fn(num-1 ...
- 多页应用 Webpack4 配置优化与踩坑记录
前言 最近新起了一个多页项目,之前都未使用 webpack4 ,于是准备上手实践一下.这篇文章主要就是一些配置介绍,对于正准备使用 webpack4 的同学,可以做一些参考. webpack4 相比之 ...
- Net core 轮子
.net core 使用的人渐渐多了起来,轮子也渐渐多了起来,为了避免重复造轮子,以下列举了一些造好的轮子 1. IP 请求频率限制 git: https://github.com/stefanpro ...
- JZOJ 5777. 【NOIP2008模拟】小x玩游戏
5777. [NOIP2008模拟]小x玩游戏 (File IO): input:game.in output:game.out Time Limits: 1000 ms Memory Limits ...
- JZOJ 5461. 【NOIP2017提高A组冲刺11.8】购物
5461. [NOIP2017提高A组冲刺11.8]购物 (File IO): input:shopping.in output:shopping.out Time Limits: 1000 ms ...