puppet实战之master-agent
author:JevonWei
版权声明:原创作品
blog:http://119.23.52.191/
master作为puppet模块的管理者,通过配置各agent节点的配置文件,使agent配置master的指定模块
环境
master 172.16.252.184agent1 172.16.252.67agent2 172.16.252.207
各主机时间同步及配置主机名互相通信
[root@master ~]# ntpdate 172.16.0.1[root@master ~]# vim /etc/hosts172.16.252.184 master172.16.252.207 agent2172.16.252.67 agent1
master定义puppet模块
编辑Tomcat模块
[root@master ~]# yum -y install puppet-server puppet[root@master ~]# cd /etc/puppet/modeles[root@master modules]# vim tomcat/manifests/init.ppclass tomcat {package{'tomcat':ensure => latest,}package{'tomcat-webapps':ensure => latest,}file{'tomcat':path => '/etc/sysconfig/tomcat',source => 'puppet:///modules/tomcat/tomcat',owner => root,group => root,mode => '644',require => Package['tomcat'],}file{'server.xml':path => '/etc/tomcat/server.xml',source => 'puppet:///modules/tomcat/server.xml',owner => root,group => tomcat,mode => '644',require => Package['tomcat'],}service{'tomcat':ensure => running,enable => true,subscribe => [ File['tomcat'], File['server.xml'] ],}}[root@master modules]# vim tomcat/manifests/manager.ppclass tomcat::manager inherits tomcat {package{'tomcat-admin-webapps':ensure => latest}file{'tomcat-users.xml':path => '/etc/tomcat/tomcat-users.xml',source => 'puppet:///modules/tomcat/tomcat-users.xml',owner => root,group => tomcat,mode => '640',require => Package['tomcat']}Service['tomcat']{subscribe +> File['tomcat-users.xml']}}复制并编辑所需要的配置文件[root@master modules]# scp 172.16.252.82:/etc/sysconfig/tomcat tomcat/files/[root@master modules]# vim tomcat/files/tomcat 编辑修改tomcat的环境参数JAVA_OPTS="-Xms512m -Xmx512M" 所使用的堆内存大小[root@master modules]# scp 172.16.252.82:/etc/tomcat/{server.xml,tomcat-users.xml} tomcat/files/[root@master modules]# vim tomcat/files/tomcat-users.xml \\定义manager的管理界面<role rolename="manager-gui"/><user username="tomcat" password="tomcat" roles="manager-gui"/>
编辑Nginx模块
[root@master modules]# vim nginx/manifests/init.ppclass nginx {package{'nginx':ensure => latest} ->service{'nginx':ensure => running,enable => true}}nginx的web页面模块[root@master modules]# vim nginx/manifests/web.pp[root@master modules]# vim nginx/manifests/web.ppclass nginx::web($port=8088) inherits nginx {file{'web.conf':path => '/etc/nginx/conf.d/web.conf',content => template('nginx/web.conf.erb')}file{'/ngxdata/html':ensure => directory}file{'index.html':ensure => file,path => '/ngxdata/html/index.html',source => 'puppet:///modules/nginx/index.html',require => File['/ngxdata/html']}Service['nginx'] {subscribe => File['web.conf']}}nginx的proxy模块[root@master modules]# vim nginx/manifests/proxy.ppclass nginx::proxy($proxy_port=8088) inherits nginx {file{'proxy.conf':path => '/etc/nginx/conf.d/proxy.conf',content => template('nginx/proxy.conf.erb'),}Service['nginx'] {subscribe => File['proxy.conf']}}编辑Nginx web应用的配置文件的模板文件[root@master modules]# vim nginx/templates/web.conf.erbserver {listen <%= @port %>;server_name <%= @fqdn %>;location /root /ngxdata/html;}}编辑web的测试页[root@master modules]# vim nginx/files/index.html<h1> Nginx ok </h1>编辑Nginx proxy应用的配置文件的模板文件[root@master modules]# vim nginx/templates/proxy.conf.erbserver {listen <%= @proxy_port %>;server_name <%= @fqdn %>;location / {proxy_pass http://172.16.252.184:8080/;}}
配置redis模块
[root@master modules]# mkdir redis/{manifests,files,templates} -pv[root@master modules]# vim redis/manifests/init.ppclass redis {package{'redis':ensure => latest,}service{'redis':ensure => running,enable => true}}
单环境配置
agent2安装jdk tomcat:manager模块
启动puppetmaster
以非守护进程运行master程序(可查看详细的启动过程)[root@master ~]# puppet master --no-daemonize -d -v或systemctl启动master进程[root@master ~]# systemctl start puppetmaster.service[root@master ~]# ss -ntl 查看8140端口是否监听
agent2启动puppetagent
[root@agent2 ~]# puppet agent --server master.danran.com --no-daemonize -v 非守护进程运行agent程序,安装jdk和tomcat::manager模块\\--server指定master server服务端,也可修改配置文件puppet config set server master.danran.com或systemcal start puppetagent.service 启动agent进程[root@agent2 ~]# systemctl start puppetagent.service
master签署证书和配置agent2节点
列出所有的带签署证书[root@master ~]# puppet cert list为agent2签署证书[root@master ~]# puppet cert sign agent2.danran.comNotice: Signed certificate request for agent2.danran.comNotice: Removing file Puppet::SSL::CertificateRequest agent2.danran.com at '/var/lib/puppet/ssl/ca/requests/agent2.danran.com.pem'[root@master ~]# puppet cert sign agent1.danran.comNotice: Signed certificate request for agent1.danran.comNotice: Removing file Puppet::SSL::CertificateRequest agent1.danran.com at '/var/lib/puppet/ssl/ca/requests/agent1.danran.com.pem'定义agent2节点的配置[root@master ~]# cd /etc/puppet/manifests/[root@master manifests]# vim site.ppnode 'agent2.danran.com' {include jdkinclude tomcat::manager}因为agent2以puppet的身份去读取server.xml配置文件,故需要添加puppet用户读取server.xml的权限[root@master files]# cd /etc/puppet/modules/tomcat/[root@master files]# chmod o+r tomcat-users.xml
agent2查看模块安装结果
[root@agent2 ~]# ss -ntl 查看tomcat-manager的8080端口已监听
测试agent2的manager页面
浏览器输入http://172.16.252.207:8080/manager
agent1节点安装jdk nginx:proxy模块
master
master修改nginx的配置文件
[root@master ~]# cd /etc/puppet/modules/nginx/[root@master nginx]# vim templates/proxy.conf.erbserver {listen <%= @proxy_port %>;server_name <%= @fqdn %>;location / {proxy_pass http://agent2.danran.com:8080/;}}
master编辑site.pp节点配置文件
[root@master manifests]# vim site.ppnode 'agent2.danran.com' {include jdkinclude tomcat::manager}node 'agent1.danran.com' {include nginx::proxy}
agent1
agent1安装配置nginx::proxy模块
[root@agent1 ~]# yum -y install puppet[root@agent1 ~]# systemctl start puppetagent 启动puppetagent程序
master签署证书
[root@master manifests]# puppet cert sign -a 签署所有的证书
agent1启动puppetagent
[root@agent1 ~]# systemctl restart puppetagent[root@agent1 ~]# ps -aux 查看nginx服务是否启动
测试
浏览器访问http://172.16.252.67:8088测试代理是否正常
agent1 agent3安装redis模块
master
[root@master manifests]# vim /etc/puppet/manifests/site.ppnode '/agent[13]\.danran\.com/' { \\agent1.danran.com和agent3.danran.com节点安装此配置include jdkinclude tomcat::manager}node 'agent2.danran.com' {include nginx::proxyinclude redis}
agent1/3
[root@agent1 ~]# systemctl restart puppetagent[root@agent1 ~]# ss -ntl 查看redis的端口6379是否监听
agent3继承agent1模块
- 配置agent3继承agent1的配置
master
[root@master manifests]# vim /etc/puppet/manifests/site.pp#node 'base' { \\基本配置,各node都会配置# include chrony#}node 'agent1.danran.com' { \\agent1.danran.com和agent3.danran.com节点安装此配置include jdkinclude tomcat::manager}node 'agent2.danran.com' {include nginx::proxyinclude redis}node 'agent3.danran.com' inherits 'agent1.danran.com' {include redis}
agent3
[root@agent3 ~]# systemctl restart puppetagent
agent修改server指向
agent2修改配置文件中的master服务端为master.danran.com
[root@agent2 ~]# puppet config set server master.danran.com[root@agent2 ~]# puppet config print | grep serverssl_server_ca_auth =server_datadir = /var/lib/puppet/server_datafileserverconfig = /etc/puppet/fileserver.confserver = master.danran.comca_server = master.danran.comreport_server = master.danran.cominventory_server = master.danran.comarchive_file_server = master.danran.comsmtpserver = nonedbserver = localhostldapserver = ldap[root@agent2 ~]# cat /etc/puppet/puppet.confserver = master.danran.com
多环境配置
[root@master ~]# mkdir /etc/puppet/enviroments \\设置多环境的路径为/etc/puppet/enviroments[root@master ~]# puppet config set environmentpath '$confdir'/enviroments/[root@master ~]# puppet config print --section master | grep environenvironment = productionenvironmentpath = /etc/puppet/enviromentsenvironment_timeout = 0[root@master ~]# cat /etc/puppet/puppet.conf[main]environmentpath = $confdir/enviroments/[root@master ~]# systemctl restart puppetmaster \\重启生效
创建production环境配置文件
[root@master ~]# cd /etc/puppet/enviroments/[root@master enviroments]# mkdir production/{manifests,modules} -pv[root@master enviroments]# cp -r /etc/puppet/modules/redis/ production/modules/[root@master enviroments]# vim production/manifests/site.ppnode 'agent2.danran.com' {include redis}[root@master enviroments]# tree.└── production├── manifests│ └── site.pp└── modules└── redis├── files├── manifests│ └── init.pp└── templates
创建testing环境配置文件
[root@master enviroments]# mkdir testing/{manifests,modules} -pvmkdir: created directory ‘testing’mkdir: created directory ‘testing/manifests’mkdir: created directory ‘testing/modules’[root@master enviroments]# cp -r /etc/puppet/modules/jdk/ testing/modules/[root@master enviroments]# vim testing/manifests/site.ppnode 'agent2.danran.com' {jdk}
agent
非守护进程方式运行[root@agent1 ~]# puppet agent -v --noop --no-daemonize --environment=testing \\指定使用的环境配置为testing或[root@agent1 ~]# puppet config set environment testing --section=agent 修改配置文件中的环境指向配置默认的为main段[root@agent1 ~]# puppet config print environmentproductionagent环境为testing[root@agent1 ~]# puppet config print environment --section=agenttesting[root@agent1 ~]# cat /etc/puppet/puppet.conf[agent]environment = testing启动puppetagent程序[root@agent1 ~]# systemctl start puppetagent
puppet kick
- 通知推送机制
agent
[root@agent1 ~]# puppet config set listen true[root@agent1 ~]# puppet config print listentrue[root@agent1 ~]# systemctl start puppetagent.service[root@agent1 ~]# ss -ntl \\查看8139端口是否监听[root@agent1 ~]# vim /etc/puppet/auth.confpath /runmethod saveauth anyallow master.danran.com\\以上配置放在此默认配置之前path /auth any[root@agent1 ~]# systemctl restart puppetagent.service
master推送通知
master为agent1先配置一个模块,agent1收到通知则立即安装新模块
[root@master puppet]# cd /etc/puppet/enviroments/testing/[root@master testing]# cp /etc/puppet/modules/redis/ modules/ -r[root@master testing]# vim manifests/site.ppnode 'agent2.danran.com' {jdkredis}puppet kick agent1.danran.com 将agent1的配置推送给agent1.danrana.com节点
agent查看模块是否安装
puppet实战之master-agent的更多相关文章
- puppet(5)-master/agent模式
master/agent模式的工作流程 agent每隔固定时长会向master端发送nodename(自己的节点名,节点名至关重要)和 facts ,并且向服务器端请求自己的catalog. mast ...
- 部署puppet master/agent模型
自己画的一个简单的架构图 agent端每隔30分钟到master端请求与自己相关的catalog. 各节点时间要同步. 依赖DNS,各节点能通过主机名能解析. 1.同步时间 # yum install ...
- Puppet基于Master/Agent模式实现LNMP平台部署
前言 随着IT行业的迅猛发展,传统的运维方式靠大量人力比较吃力,运维人员面对日益增长的服务器和运维工作,不得不把很多重复的.繁琐的工作利用自动化处理.前期我们介绍了运维自动化工具ansible的简单应 ...
- puppet master/agent
puppet master/agent 配置 安装 master: yum install puppet-server agent: yum install puppet 自动签名 puppet的ma ...
- 自动化运维工具之Puppet master/agent模型、站点清单和puppet多环境设定
前文我们了解了puppe中模块的使用,回顾请参考https://www.cnblogs.com/qiuhom-1874/p/14086315.html:今天我来了解下puppet的master/age ...
- Puppet master/agent installation on RHEL7
==================================================================================================== ...
- CentOS7:Puppet推送Zabbix Agent
创建zabbix模块目录: $ mkdir -p /etc/puppet/modules/zabbix/{manifests,templates} 创建init.pp清单: $ cat /etc/pu ...
- puppet实现主从部署各种软件实战参考模型
puppet实现主从部署各种软件实战参考模型 实验要求: 1.我将准备三个节点 node2 , node3 , node4 2.我们想让节点node3部署ntp,nginx ;节点node ...
- 自动化运维工具——puppet详解(二)
一.class 类 1)什么是类? 类是puppet中命名的代码模块,常用于定义一组通用目标的资源,可在puppet全局调用: 类可以被继承,也可以包含子类: 具体定义的语法如下: class NAM ...
随机推荐
- file - 确定文件类型
总览 file [ -bcnsvzL ] [ -f 命名文件 ] [ -m 幻数文件 ] file ... 描述 本手册页说明了3.27版本 file 命令的使用. File 命令试图检查每个参数以判 ...
- ubuntu安装R时候增加软件源到sources.list,sudo apt-get update不能更新
http://forum.ubuntu.org.cn/viewtopic.php?t=401717 ubuntu安装R时候增加软件源到sources.list,sudo apt-get update不 ...
- 初尝微信小程序1-特点
微信小程序特点:1.不需要下载安装即可使用 2.用户用完即走,不用关心是否安装太多应用 3.应用将无处不在,随时可用 适合开发的小程序类型:1.简单的用完即走的应用 2.低频的应用 3.性能要求不高的 ...
- 1061: [Noi2008]志愿者招募
Time Limit: 20 Sec Memory Limit: 162 MBSubmit: 5742 Solved: 3449[Submit][Status][Discuss] Descript ...
- cf550D. Regular Bridge(构造)
题意 给出一个$k$,构造一个无向图,使得每个点的度数为$k$,且存在一个桥 Sol 神仙题 一篇写的非常好的博客:http://www.cnblogs.com/mangoyang/p/9302269 ...
- python 实现剪刀石头布(三局两胜)
# -*- coding:utf-8 -*- import random # best of three def finger_guess(): rule = {1:'rock', 2:'paper' ...
- UC浏览器打开首页显示:显示此网页时出了点问题
使用UC浏览器打开网页的时候显示出错,如下图所示.但是用其他浏览器都很正常 我自己用的解决方法:最近刚下载了驱动精灵,听同学的把驱动精灵卸载了就恢复正常了
- Python基础学习总结__Day1
一.Python是一门什么类型语言 1.解释型:一边编译一边执行,劣势是运行速度慢,但通过运用PyPy交互解释器(JIT技术)会让python程序执行速度快很多.优势是可移植性强. 2.强类型:即类型 ...
- 使用python3下载网易云音乐歌单歌曲,附源代码
""" 用selenium+PhantomJS配合,不需要进行逆向工程 python 3下的selenium不能默认安装,需要指定版本2.48.0 "" ...
- POJ3436------ACM Computer Factory
题目链接 ACM Computer Factory Description As you know, all the computers used for ACM contests must be i ...