一、简介

  1、国际惯例什么是puppet

    puppet是一种Linux、Unix、windows平台的集中配置管理系统,使用自有的puppet描述语言,可管理配置文件、用户、cron任务、软件包、系统服务等。puppet把这些系统实体称之为资源,puppet的设计目标是简化对这些资源的管理以及妥善处理资源间的依赖关系。

    puppet采用C/S星状的结构,所有的客户端和一个或几个服务器交互。每个客户端周期的(默认半个小时)向服务器发送请求,获得其最新的配置信息,保证和该配置信息同步。每个puppet客户端每半小时(可以设置)连接一次服务器端, 下载最新的配置文件,并且严格按照配置文件来配置客户端. 配置完成以后,puppet客户端可以反馈给服务器端一个消息. 如果出错,也会给服务器端反馈一个消息

    

    网上资料很多,可以自行查看其实就是一个自动化工具,比如我们平时需要部署软件服务账号等,肯定不能手动去做这些事情,自动部署就可以了,puppet就是为了满足这个需求的一种软件,有人说puppet本质就是对catalog的配置进行编译和应用。

    常见的自动化工具还有很多比如saltstack、ansible、chef等,功能类似,puppet算是起步最早,最成熟,广泛用在google、twitter、redhat、cisco等公司,其软件是使用ruby研发的,ansible及saltstack是python研发的。

  2、生命周期(四个维度)

    provisioning-服务开通

    configuration-配置

    orchestration-编排

    reporting-报告

  3、三个层次,也可以叫三层模型

    配置语言 configuration language

    事务层 transactional layer

    资源抽象层 resource abstraction layer

      资源类型:用户、组、文件、服务、cron任务等

  4、名词

    1)puppet核心组件

      资源清单:manifests

        资源清单及清单中的资源定义的所依赖文件、模板等数据按特定机构组织起来即为模块。

        agent和agent之间通过ssh协议,master和agent之间通过https协议基于证书ca,master自带证书,签署可以自动可以一个一个确认

    2)类:一组资源清单

    3)模块:包含多个类,相当于ansible中得角色

    4)站点清单:以主机为核心应用哪些模块

    5)catalog就是被管理服务器对应的配置文件(经过处理的配置文件),服务端master收到agent请求,然后找对应被管理的站点清单

  5、组织结构

     版本3+

[root@web1 ~]# tree /etc/puppet
/etc/puppet
├── auth.conf
├── fileserver.conf
├── manifests
├── modules
└── puppet.conf

    版本 5+

[root@web1 yum.repos.d]# tree /etc/puppet
/etc/puppet [error opening dir] directories, files
[root@web1 yum.repos.d]# tree /etc/puppetlabs/
/etc/puppetlabs/
├── code
│   ├── environments          
│   │   └── production
│   │   ├── data
│   │   ├── environment.conf
│   │   ├── hiera.yaml
│   │   ├── manifests
│   │   └── modules
│   └── modules
├── mcollective
│   ├── client.cfg
│   ├── data-help.erb
│   ├── discovery-help.erb
│   ├── facts.yaml
│   ├── metadata-help.erb
│   ├── rpc-help.erb
│   └── server.cfg
├── puppet
│   ├── auth.conf
│   ├── hiera.yaml
│   ├── puppet.conf
│   └── ssl
├── puppetserver
│   ├── conf.d
│   │   ├── auth.conf
│   │   ├── ca.conf
│   │   ├── global.conf
│   │   ├── metrics.conf
│   │   ├── puppetserver.conf
│   │   ├── web-routes.conf
│   │   └── webserver.conf
│   ├── logback.xml
│   ├── request-logging.xml
│   └── services.d
│   └── ca.cfg
└── pxp-agent
└── modules directories, files

二、puppet工作原理

  1、puppet是如何工作的

      1)、定义:使用puppet特定语言定义基础配置信息,这些信息可以放在moules里

      2)、模拟:在配置执行之前检测代码,但并不是真正执行

      3)、执行:强制当前与定义得目标状态保持一致

      4)、报告:通过puppet api将执行结果发送给接收者

  2、原理框架图:

    

  3、工作流程图:

    1)puppet客户端agent将节点名与facts信息发送master

    2)puppet服务端master通过分类判断请求的客户端是谁,他将要做什么,这个判断是通过site.pp中包含的node.pp配置定义的

    3)puppet服务端master将所需要的class类信息进行编译后存入catalog并发送给puppet客户端agent,这一步就是下面的文件编译过程

    4)puppet客户端agent对catalog进行代码验证并执行,主要是代码的验证,并将执行过程的信息及结果写入日志

    5)puppet客户端agent最终达到最开始所定义的状态,并将结果及任何执行数据通过开放api的形式发送给puppet服务端master

  

  4、文件编译过程,也可以称作单机模型

   1)puppet通过编译manifest中的内容,将编译好的代码存入catalog

   2)在执行前先进行代码的验证,在执行,完成最开始所定义好的状态

  5、master/agent模式工作原理图

    1)agent像master请求catalog并发送主机名及facts

     2)master接收到请求,查询请求者的站点清单

     3)master通过编译manifest中的内容,将编译好的代码存入catalog

     4)在执行前先进行代码的验证,在执行,完成最开始所定义好的状态

  6、非master/agent模式工作

    也可以叫agent模式

    运行pp文件

      puppet apply -v test1.pp

  7、puppet help apply命令

[root@web1 ~]# puppet help

Usage: puppet <subcommand> [options] <action> [options]

Available subcommands:

  agent             The puppet agent daemon
apply Apply Puppet manifests locally
ca Local Puppet Certificate Authority management.
catalog Compile, save, view, and convert catalogs.
cert Manage certificates and requests
certificate Provide access to the CA for certificate management.
certificate_request Manage certificate requests.
certificate_revocation_list Manage the list of revoked certificates.
config Interact with Puppet's settings.
describe Display help about resource types
device Manage remote network devices
doc Generate Puppet documentation and references
facts Retrieve and store facts.
file Retrieve and store files in a filebucket
filebucket Store and retrieve files in a filebucket
help Display Puppet help.
inspect Send an inspection report
instrumentation_data Manage instrumentation listener accumulated data.
instrumentation_listener Manage instrumentation listeners.
instrumentation_probe Manage instrumentation probes.
key Create, save, and remove certificate keys.
kick Remotely control puppet agent
man Display Puppet manual pages.
master The puppet master daemon
module Creates, installs and searches for modules on the Puppet Forge.
node View and manage node definitions.
parser Interact directly with the parser.
plugin Interact with the Puppet plugin system.
queue Deprecated queuing daemon for asynchronous storeconfigs
report Create, display, and submit reports.
resource The resource abstraction layer shell
resource_type View classes, defined resource types, and nodes from all manifests.
secret_agent Mimics puppet agent.
status View puppet server status. See 'puppet help <subcommand> <action>' for help on a specific subcommand action.
See 'puppet help <subcommand>' for help on a specific subcommand.
Puppet v3.6.2

三、语法及资源简介

  1、语法用法  

    puppet  <subcommand> [options] <action>[options]   

  2、查看资源

    获取所支持得所有资源类型

    puppet describe -l

[root@web1 ~]# puppet describe -l
These are the types known to puppet:
augeas - Apply a change or an array of changes to the ...
computer - Computer object management using DirectorySer ...
cron - Installs and manages cron jobs
exec - Executes external commands
file - Manages files, including their content, owner ...
filebucket - A repository for storing and retrieving file ...
group - Manage groups
host - Installs and manages host entries
interface - This represents a router or switch interface
k5login - Manage the `.k5login` file for a user
macauthorization - Manage the Mac OS X authorization database
mailalias - .. no documentation ..
maillist - Manage email lists
mcx - MCX object management using DirectoryService ...
mount - Manages mounted filesystems, including puttin ...
nagios_command - The Nagios type command
nagios_contact - The Nagios type contact
nagios_contactgroup - The Nagios type contactgroup
nagios_host - The Nagios type host
nagios_hostdependency - The Nagios type hostdependency
nagios_hostescalation - The Nagios type hostescalation
nagios_hostextinfo - The Nagios type hostextinfo
nagios_hostgroup - The Nagios type hostgroup
nagios_service - The Nagios type service
nagios_servicedependency - The Nagios type servicedependency
nagios_serviceescalation - The Nagios type serviceescalation
nagios_serviceextinfo - The Nagios type serviceextinfo
nagios_servicegroup - The Nagios type servicegroup
nagios_timeperiod - The Nagios type timeperiod
notify - .. no documentation ..
package - Manage packages
resources - This is a metatype that can manage other reso ...
router - .. no documentation ..
schedule - Define schedules for Puppet
scheduled_task - Installs and manages Windows Scheduled Tasks
selboolean - Manages SELinux booleans on systems with SELi ...
selmodule - Manages loading and unloading of SELinux poli ...
service - Manage running services
ssh_authorized_key - Manages SSH authorized keys
sshkey - Installs and manages ssh host keys
stage - A resource type for creating new run stages
tidy - Remove unwanted files based on specific crite ...
user - Manage users
vlan - .. no documentation ..
whit - Whits are internal artifacts of Puppet's curr ...
yumrepo - The client-side description of a yum reposito ...
zfs - Manage zfs
zone - Manages Solaris zones
zpool - Manage zpools

  3、资源定义方法

参考连接:puppet资源定义方法及示例 待更新

四、安装实战

  m/a模型完成redis主从架构

    redis原理请见链接:

     redis原理及集群主从配置

  1、环境

  web1.zxg.com master  192.168.216.51   puppet-maser

  web2.zxg.com agent  192.168.216.52      puppet-agent,redis-master

  web3.zxg.com agent 192.168.216.53  puppet-agent,redis-slave

    注意:请准备好主机关闭selinux,关闭firewalld

        系统:

  

[root@web1 ~]# cat /etc/redhat-release
CentOS Linux release 7.3. (Core)
[root@web1 ~]# cat /proc/version
Linux version 3.10.-.el7.x86_64 (builder@kbuilder.dev.centos.org) (gcc version 4.8. (Red Hat 4.8.-) (GCC) ) # SMP Tue Nov :: UTC
[root@web1 ~]#

  

      软件:

      puppet-server-3.6.2-3

      puppet-3.6.2-3

  2、配置软件源

  很简单有epel源即可,或者puppet官方源,这里使用得epel,puppet版本为3+

  epel:rpm -ivh http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

  puppet:rpm -ivh https://yum.puppetlabs.com/puppet5/puppet5-release-el-7.noarch.rpm

  

  3、安装puppet

    agent:puppet,facter

    master:puppet-server

    web1安装master,web2/web3安装agent

    yum安装会安装如下依赖:

Dependencies Resolved

====================================================================================================================
Package Arch Version Repository Size
====================================================================================================================
Installing:
facter x86_64 2.4.-.el7 epel k
puppet noarch 3.6.-.el7 epel 1.2 M
puppet-server noarch 3.6.-.el7 epel k
Installing for dependencies:
hiera noarch :1.3.-.el7 epel k
libselinux-ruby x86_64 2.5-14.1.el7 base k
libyaml x86_64 0.1.-.el7_0 base k
ruby x86_64 2.0.0.648-.el7_6 updates k
ruby-augeas x86_64 0.5.-.el7 epel k
ruby-irb noarch 2.0.0.648-.el7_6 updates k
ruby-libs x86_64 2.0.0.648-.el7_6 updates 2.8 M
ruby-shadow x86_64 1.4.-.el7 epel k
rubygem-bigdecimal x86_64 1.2.-.el7_6 updates k
rubygem-io-console x86_64 0.4.-.el7_6 updates k
rubygem-json x86_64 1.7.-.el7_6 updates k
rubygem-psych x86_64 2.0.-.el7_6 updates k
rubygem-rdoc noarch 4.0.-.el7_6 updates k
rubygem-rgen noarch 0.6.-.el7 epel k
rubygems noarch 2.0.14.1-.el7_6 updates k Transaction Summary
====================================================================================================================
Install Packages (+ Dependent packages)

  4、实现时间同步

    方法1:systemctl start chronyd.service/systemctl enable chronyd.service  #推荐

    方法2:配置ntp yum ntp,ntpdate 120.25.108.11

  5、m/a模型的实现

    1)、开启puppetmaster

[root@web1 ~]# systemctl start puppetmaster
[root@web1 ~]# netstat -untlop |grep puppet
[root@web1 ~]# netstat -untlop |grep
tcp 0.0.0.0: 0.0.0.0:* LISTEN /ruby off (0.00//)

    2)、配置agent指定master

    

    sed -i '/ssldir/aserver = web1.zxg.com' /etc/puppet/puppet.conf

      指定后可以打印server可以看到master域名了

[root@web2 ~]# puppet config print server
web1.zxg.com

    3)、等待签署ca

      web2/web3上执行 puppet agent -v --noop --no-daemonize,然后就是等待签署

[root@web2 ~]# puppet agent -v --noop --no-daemonize
Info: Caching certificate for ca
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for web2.zxg.com
Info: Certificate Request fingerprint (SHA256): :A3:7C:A1:::FC::A0:::DE:BA:6F:CC::F5:A6::1A:9E:DC:D2:7A:AB:E3:DF:D4:3D:9B:1D:
Info: Caching certificate for ca
Notice: Did not receive certificate
Notice: Did not receive certificate

      master上签署ca

[root@web1 ~]# puppet cert list
"web2.zxg.com" (SHA256) :A3:7C:A1:::FC::A0:::DE:BA:6F:CC::F5:A6::1A:9E:DC:D2:7A:AB:E3:DF:D4:3D:9B:1D:
"web3.zxg.com" (SHA256) E1::BC:C6:C8:BF:E6::FE:E3::D3:C2::::C2:F0:AE:E8:2B:7E:::B3:C4:8F:CF:3F::0B:AD
[root@web1 ~]# puppet cert sign web2.zxg.com
Notice: Signed certificate request for web2.zxg.com
Notice: Removing file Puppet::SSL::CertificateRequest web2.zxg.com at '/var/lib/puppet/ssl/ca/requests/web2.zxg.com.pem'
[root@web1 ~]# puppet cert sign web3.zxg.com
Notice: Signed certificate request for web3.zxg.com
Notice: Removing file Puppet::SSL::CertificateRequest web3.zxg.com at '/var/lib/puppet/ssl/ca/requests/web3.zxg.com.pem'

    web2得签署过程

[root@web2 ~]# puppet agent -v --noop --no-daemonize
Info: Caching certificate for ca
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for web2.zxg.com
Info: Certificate Request fingerprint (SHA256): :A3:7C:A1:::FC::A0:::DE:BA:6F:CC::F5:A6::1A:9E:DC:D2:7A:AB:E3:DF:D4:3D:9B:1D:
Info: Caching certificate for ca #这里在等待证书得签署
Notice: Did not receive certificate
Notice: Did not receive certificate
Notice: Did not receive certificate
Info: Caching certificate for web2.zxg.com  #已经签署成正常走下去最后finished
Notice: Starting Puppet client version 3.6.
Info: Caching certificate_revocation_list for ca
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for web2.zxg.com
Info: Applying configuration version ''
Info: Creating state file /var/lib/puppet/state/state.yaml
Notice: Finished catalog run in 0.02 seconds #退出后在此运行,看效果
[root@web2 ~]# puppet agent -v --noop --no-daemonize
Notice: Starting Puppet client version 3.6.
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for web2.zxg.com
Info: Applying configuration version ''
Notice: Finished catalog run in 0.03 seconds

      

      puppet-ca得管理

          puppet cert <action> [-all|-a] [<host>]

             action:

                list:列出证书请求

                sign :签署证书

                revoke:吊销证书

                clean:清楚客户端证书,记得客户端也需要删除/var/lib/puppet/ssl/目录所有文件

  6、配置站点清单

   1)、站点清单

      1.1、查询清单目录

[root@web1 ~]# puppet config print |grep manifest
genmanifest = false
manifestdir = /etc/puppet/manifests
manifest = /etc/puppet/manifests/site.pp

      1.2、编辑清单

[root@web1 manifests]# cat site.pp
node 'web2.zxg.com' {
include redis::master
} node 'web3.zxg.com' {
class{'redis::slave':
master_ip => 'web2.zxg.com'
}
}
[root@web1 manifests]# pwd
/etc/puppet/manifests
[root@web1 manifests]#

  7、这里引用模块,请参考连接puppet模块篇

     puppet工作原理之模块使用   此连接有redis模块制作步骤

  8、开启相关服务

    web1:sytemctl start puppetmaster

    web2:systemctl start puppetagent

    web3:systemctl start puppetagent

  9、验证

root@web2 ~]# redis-cli -a keerya info replication
# Replication
role:master
connected_slaves:
slave0:ip=192.168.216.53,port=,state=online,offset=,lag=
master_repl_offset:
repl_backlog_active:
repl_backlog_size:
repl_backlog_first_byte_offset:
repl_backlog_histlen:
[root@web2 ~]# [root@web3 ~]# redis-cli -a keerya info replication
# Replication
role:slave
master_host:192.168.216.52
master_port:
master_link_status:up
master_last_io_seconds_ago:
master_sync_in_progress:
slave_repl_offset:
slave_priority:
slave_read_only:
connected_slaves:
master_repl_offset:
repl_backlog_active:
repl_backlog_size:
repl_backlog_first_byte_offset:
repl_backlog_histlen:
[root@web3 ~]#

感谢:

参考:https://www.cnblogs.com/keerya/p/8087675.html#_label4

puppet官方文档:https://puppet.com/sitemap

转载请注明出处:https://www.cnblogs.com/zhangxingeng/p/10743382.html 

    

puppet工作原理及部署redis主从篇的更多相关文章

  1. SaltStack入门篇(六)之部署Redis主从实现和Job管理

    一.部署Redis主从 需求: 192.168.56.11是主,192.168.56.12是从 redis监听自己的ip地址,而不是0.0.0.0 分析: linux-node1 安装 配置 启动 l ...

  2. SaltStack部署redis主从

    需求: 一,部署redis主从,一台主一台从 二,redis监听自己的IP地址,而不是0.0.0.0 主:安装,配置,启动 从:安装,配置,启动,主从

  3. docker部署redis主从和哨兵

    docker部署redis主从和哨兵 原文地址:https://www.jianshu.com/p/72ee9568c8ea 1主2从3哨兵 一.前期准备工作 1.电脑装有docker 2.假设本地i ...

  4. kubernetes部署redis主从高可用集群

    1.redis主从高可用集群结构 2.k8s部署有状态的服务选择 对于K8S集群有状态的服务,我们可以选择deployment和statefulset statefulset service& ...

  5. puppet工作原理之模块使用

    一.模块介绍 1.什么是模块 通常情况把manifest文件分解成易于理解得结构,例如类文件,配置文件分类存放,并通过某种机制整合使用,这种机制就是模块,有助于结构化.层次化的方式使用puppet,p ...

  6. centos部署redis主从

    安装环境 CentOS 6.5 .CentOS 7.4 主Redis:10.159.44.175 从Redis: 10.159.44.176.10.159.44.177 Redis下载和安装 在3台机 ...

  7. 单机部署redis主从备份

    redis为了避免单点故障,也支持主从备份.个人在做主从备份的实验时,因为机器数量有限,一般非常少有多台机器做支撑. 本文就将叙述怎样在一台电脑上实现redis的主从备份. 同一台机器上部署多个red ...

  8. 如果有人问你 Dubbo 中注册中心工作原理,就把这篇文章给他

    注册中心作用 开篇首先想思考一个问题,没有注册中心 Dubbo 还能玩下去吗? 当然可以,只要知道服务提供者地址相关信息,消费者配置之后就可以调用.如果只有几个服务,这么玩当然没问题.但是生产服务动辄 ...

  9. puppet 工作原理

    Puppet的工作细节分成如下几个步骤: 1.客户端puppetd调用facter,facter会探测出这台主机的一些变量如主机名.内存大小.IP地址等.然后puppetd把这些信息发送到服务器端. ...

随机推荐

  1. JVM常量的含义与反编译助记符详解

    1.定义一个常量 public class MyTest2 { public static void main(String[] args) { System.out.println(MyParent ...

  2. windows下更改Apache以fastcgi方式运行php

    Apache 默认 apache2handler 方式运行处理php. 下面说切换方法: 1.下载fastcgi模块,打开https://www.apachelounge.com/download/选 ...

  3. Linux安装Windows字体

    Linux系统使用Windows系统字体的方法 2017年12月26日 09:35:54 知行合一2018 阅读数 1989更多 分类专栏: 杂项   版权声明:本文为博主原创文章,遵循CC 4.0 ...

  4. Chaos Engineering 混沌工程 Chaos Monkey vs Chaos xxx vs Chaos Blade

    Chaos Engineering的历史.原则以及实践https://www.infoq.cn/article/chaos-engineering-the-history-principles-and ...

  5. ubuntu下搭建nfs服务

    1. 安装nfs服务端 $ sudo apt install nfs-kernel-server -y 2. 创建目录 $ sudo mkdir -p /mnt/sharefolder 3. 使任何客 ...

  6. Siamese Net

    参考博客:https://blog.csdn.net/ybdesire/article/details/84072339

  7. 【计算机视觉】OpenCV篇(6) - 平滑图像(卷积/滤波/模糊/降噪)

    平滑滤波 平滑滤波是低频增强的空间域滤波技术.空间域滤波技术即不经由傅立叶转换,直接处理影像中的像素,它的目的有两类:一类是模糊:另一类是消除噪音.空间域的平滑滤波一般采用简单平均法进行,就是求邻近像 ...

  8. Dockerfile-server1

    [root@lab2 docker-file]# cd server1/ [root@lab2 server1]# ls a.sh ddbes-server1-0.0.1-SNAPSHOT.jar D ...

  9. 【TensorRT】自定义网络层的实现custom layers

    参考 1. Extending TensorRT With Custom Layers; 2. TensorRT Samples: MNIST(Plugin, add a custom layer); ...

  10. Nginx负载均衡-如何自定义URL中的hash key

    "例如请求的url为http://www.a.com/{path_var1}/{path_var2}path_var1和path_var2是两个path variable如果现在只想根据pa ...