puppet自動化安裝服務
puppet自動化部署
主機環境:
server(master)端:172.25.7.1(server1.example.com)
client(agent)端:172.25.7.2 172.25.7.3
實驗前提:server端和client端互相有主機名解析(當主機數不少時能夠在dns服務器上完成主機名解析),時間一致
注意在作實驗時不要打開client端的puppet服務!
(一)裝包
server端:puppet-server-3.8.1-1.el6.noarch.rpm
依賴性:puppet-3.8.1-1.el6.noarch.rpm facter-2.4.4-1.el6.x86_64.rpm hiera-1.3.4-1.el6.noarch.rpm rubygem-json-1.5.5-3.el6.x86_64.rpm ruby-shadow-2.2.0-2.el6.x86_64.rpm ruby-augeas-0.4.1-3.el6.x86_64.rpm rubygems-1.3.7-5.el6.noarch.rpm
客戶端:puppet-3.8.1-1.el6.noarch.rpm
依賴性:facter-2.4.4-1.el6.x86_64.rpm hiera-1.3.4-1.el6.noarch.rpm rubygem-json-1.5.5-3.el6.x86_64.rpm ruby-shadow-2.2.0-2.el6.x86_64.rpm ruby-augeas-0.4.1-3.el6.x86_64.rpm rubygems-1.3.7-5.el6.noarch.rpm
聯網時,把如下條目加入yum倉庫:html
[puppet] name=puppet baseurl=http://yum.puppetlabs.com/el/6Server/products/x86_64/ gpgcheck=0 [ruby] name=ruby baseurl=http://yum.puppetlabs.com/el/6Server/dependencies/x86_64/ gpgcheck=0
(二)啓動服務
server端:
/etc/init.d/puppetmaster start
偵聽TCP/8140端口
lient端:
不能啓動puppet服務,不然會將進程打到後臺,看不到報錯,因此在實驗時不要打開puppet服務,用如下兩條任一條命令測試:
puppet agent --server server1.example.com --test
測試,讓客戶端鏈接到puppet master,client向master發出證書驗證請求,而後等待master簽名並返回證書。參數--server 指定了須要鏈接的 puppet master 的名字或是地址,默認鏈接名爲「puppet」的主機如要修改默認鏈接主機能夠修改/etc/sysconfig/puppet 文件中的PUPPET_SERVER=puppet 選項參數--no-daemonize 是 puppet 客戶端運行在前臺參數--verbose 使客戶端輸出詳細的日誌
puppet agent --server server1.example.com --no-deamonize --verbose
手工簽名node
puppet cert list ##顯示全部等待簽名的證書 # puppet cert list --all # puppet cert sign server2.example.com ##給server2簽名證書 如要同時簽名全部證書,執行如下命令: # puppet cert sign --all
自動簽名mysql
vim /etc/puppet/puppet.conf 1 [main] 2 autosign = true ##打開自動簽名功能 vim /etc/puppet/autosign.conf ##此文件自行建立 1 *.example.com /etc/init.d/puppetmaster reload
(三)puppet資源定義nginx
/etc/pupppet配置目錄結構: ├── auth.conf ├── autosign.conf ├── environments │ └── example_env │ ├── manifests │ ├── modules │ └── README.environment ├── files │ └── vsftpd.conf ├── fileserver.conf ├── manifests #節點的存儲目錄(puppet會首先加載site.pp)文件 │ ├── nodes │ │ ├── server4.pp │ │ └── server5.pp │ └── site.pp ├── modules #模塊的配置目錄 │ │ └── nginx │ ├── files │ │ ├── nginx-1.6.2.tar.gz │ │ ├── nginx.conf │ │ └── nginx-install.sh │ └── manifests #模塊的主配置文件,定義類的相關信息 │ ├── config.pp │ ├── init.pp │ ├── install.pp │ ├── nginx.install │ └── service.pp └── puppet.conf puppet的主配置文件
puppet的第一個執行的代碼是在/etc/pupppet/manifest/site.pp,因策這個文件必須存在,且其餘的代碼也要經過該文件來調用
如下資源均定義在/etc/puppet/manifests/site.pp文件中,在沒有指定節點的狀況下,對全部已經驗證的client都生效c++
建立目錄/文件
在client端建立文件且輸入內容
server端:web
vim /etc/puppet/manifests/site.pp
1 file {
2 "/tmp/testfile":
3 content => "hahahaha" ##默認就是建立文件
4 }
向client端建立目錄
server端:sql
vim /etc/puppet/manifests/site.pp
1 file {
2 "/mnt/haha":
3 ensure => "directory" ##建立目錄
4 }
不一樣節點佈置資源
vim /etc/puppet/manifests/site.pp 1 import "nodes/*.pp"
mkdir /etc/puppet/manifests/nodes
vim /etc/puppet/manifests/nodes/server3.pp
1 node 'server3.example.com' {
2 file {
3 "/tmp/lala":
4 content => "lalala~~~~\n"
5 }
6 }
client端:數據庫
編寫模塊(以httpd服務爲例)
mkdir -p /etc/puppet/modules/httpd/{files,manifests,templates}
httpd的部署包括下載軟件包,配置,開啓服務json
vim /etc/puppet/modules/httpd/manifests/init.pp ##加載httpd模塊讀取的文件
1 class httpd {
2 include httpd::install,httpd::config,httpd::service
3 }
vim /etc/puppet/modules/httpd/manifests/install.pp
1 class httpd::install {
2 package {
3 "httpd":
4 ensure => present
5 }
6 {
vim /etc/puppet/modules/httpd/manifests/config.pp
1 class httpd::config {
2 file {
3 "/etc/httpd/conf/httpd.conf":
4 source => "puppet:///modules/httpd/httpd.conf",
require => Class["httpd::install"],
6 notify => Class["httpd::service"]
7 }
8 }
etc/puppet/modules/httpd/files/httpd.conf文件要在本機存在vim
vim /etc/puppet/modules/httpd/manifests/service.pp
1 class httpd::service {
2 service {
3 "httpd":
4 ensure => running
5 }
6 }
讓server3執行此模塊:
vim /etc/puppet/manifests/nodes/server3.pp
1 node 'server3.example.com' {
2 include httpd
3 }
client端:
模版應用
添加虛擬主機配置:文件存放在templates目錄中,以*.erb結尾
vim /etc/puppet/modules/httpd/templates/vhost.erb 1 <VirtualHost *:80> 2 ServerName <%= domainname %> 3 DocumentRoot /var/www/<%= domainname %> 4 ErrorLog logs/<%= domainname %>_error.log 5 CustomLog logs/<%= domainname %>_access.log common 6 </VirtualHost>
注意上傳的配置文件:
vim /etc/puppet/modules/httpd/files/httpd.conf Listen 80 NameVirtualHost *:80 ##使用虛擬主機所要打開的參數
vim /etc/puppet/modules/httpd/manifests/init.pp
1 class httpd {
2 include httpd::install,httpd::config,httpd::service
3 }
4 define httpd::vhost($domainname) {
5 file {
6 "/etc/httpd/conf.d/${domainname}_vhost.conf":
7 content => template("httpd/vhost.erb"),
8 require => Class["httpd::install"],
9 notify => Class["httpd::service"]
10 }
11 file {
12 "/var/www/$domainname":
13 ensure => directory
14 }
15 file {
16 "/var/www/$domainname/index.html":
17 content => $domainname
18 }
19 }
將模塊添加到server3節點上:
vim /etc/puppet/manifests/nodes/server3.pp
1 node 'server3.example.com' {
2 include httpd
3 httpd::vhost {
4 'server3.example.com':
5 domainname => "server3.example.com"
6 }
7 httpd::vhost {
8 'www.example.com':
9 domainname => "www.example.com"
10 }
11 }
client端(server3上):
puppet agent --server server1.example.com --test
驗證一下
puppet dashboard安裝(以web方式管理puppet)
在server端:
安裝包:puppet-dashboard-1.2.23-1.el6.noarch.rpm
依賴性:ruby-mysql-2.8.2-1.el6.x86_64.rpm rubygem-rake-0.8.7-2.1.el6.noarch.rpm
json (1.5.5) rake (0.8.7) gem install passenger-5.0.15.gem rack-1.6.4.gem vim /usr/share/puppet-dashboard/config/add.sql 1 CREATE DATABASE dashboard_production CHARACTER SET utf8; 2 CREATE USER 'dashboard'@'localhost' IDENTIFIED BY 'dashboard'; 3 GRANT ALL PRIVILEGES ON dashboard_production.* TO 'dashboard'@'localhost'; yum install -y mysql-server /etc/init.d/mysqld start mysql_secure_installation mysql -predhat < /usr/share/puppet-dashboard/config/add.sql vim d/usr/share/puppet-dashboard/config/database.yml ##只留下生產環境配置,此時和開發環境刪掉 46 production: 47 database: dashboard_production 48 username: dashboard 49 password: dashboard 50 encoding: utf8 51 adapter: mysql rake gems:refresh_specs rake time:zones:local
puppet默認時區不正確,須要修改:
vim /usr/share/puppet-dashboard/config/settings.yml 65 time_zone: 'Beijing' rake RAILS_ENV=production db:migrate ##創建dashboard所需的數據庫和表 chmod 666 /usr/share/puppet-dashboard/log/production.log /etc/init.d/puppet-dashboard start /etc/init.d/puppet-dashboard-workers start vim /etc/puppet/puppet.conf 1 [main] 2 autosign = true 3 reports = http 4 reporturl = http://172.25.7.1:3000/reports /etc/init.d/puppetmaster reload
在客戶端安裝完 puppet 後,而且認證完後,咱們能夠看到效果,那怎樣讓它自動與服務器同步
呢?默認多少分鐘跟服務器同步呢?怎樣修改同步的時間呢,這時候咱們須要配置客戶端:
(1) 配置 puppet 相關參數和同步時間:
vi /etc/sysconfig/puppet PUPPET_SERVER=puppet.example.com puppet master 的地址 PUPPET_PORT=8140 puppet 監聽端口 PUPPET_LOG=/var/log/puppet/puppet.log puppet 本地日誌 PUPPET_EXTRA_OPTS=--waitforcert=500 【默認同步的時間,我這裏不修改這行參數】
(2) 默認配置完畢後,客戶端會半個小時跟服務器同步一次,咱們能夠修改這個時間。
/etc/puppet/puppet.conf [agent] runinterval = 60 表明 60 秒跟服務器同步一次
client端:
server2上:
vim /etc/sysconfig/puppet 2 PUPPET_SERVER=server1.example.com 5 PUPPET_PORT=8140 8 PUPPET_LOG=/var/log/puppet/puppet.log vim /etc/puppet/puppet.conf 14 [agent] 15 report = true 16 runinterval = 300 ##設置更新時間爲300s;server3上能夠將更新時間與server2叉開如 runinterval = 600,下降master的訪問壓力 /etc/init.d/puppet start ##作好一切配置後啓動puppet服務
結果驗證:
3000端口併發只有20個,做測試用
http://172.25.7.1:3000
看日誌:
【nginx+passenger】提升併發量
puppet 默認使用基於 Ruby 的 WEBRickHTTP 來處理 HTTPS 請求,單個服務器使用Apache/Nginx+Passenger 替換掉 WEBRickHTTP,Passenger 是用於將 Ruby 程序進行嵌入執行的Apache 模塊,實現對 puppet 的負載均衡。
參考:https://docs.puppetlabs.com/guides/passenger.html
server端:
> get nginx-1.8.0.tar.gz tar zxf nginx-1.8.0.tar.gz passenger-config --root /usr/lib/ruby/gems/1.8/gems/passenger-5.0.15 解決依賴性: yum install -y gcc gcc-c++ curl-devel openssl-devel zlib-devel ruby-devel pcre-devel passenger-install-nginx-module
腳本會自動安裝 nginx 支持,按提示操做,基本就是一路回車。
nginx 默認安裝在/opt/nginx 目錄:
vim /opt/nginx/conf/nginx.conf
1 #user nobody;
2 worker_processes 1;
3
4 #error_log logs/error.log;
5 #error_log logs/error.log notice;
6 #error_log logs/error.log info;
7
8 #pid logs/nginx.pid;
9
10
11 events {
12 use epoll;
13 worker_connections 1024;
14 }
15
16
17 http {
18 passenger_root /usr/lib/ruby/gems/1.8/gems/passenger-5.0.15;
19 passenger_ruby /usr/bin/ruby;
20
21 include mime.types;
22 default_type application/octet-stream;
23
24 #log_format main '$remote_addr - $remote_user [$time_local] "$request" '
25 # '$status $body_bytes_sent "$http_referer" '
26 # '"$http_user_agent" "$http_x_forwarded_for"';
27
28 #access_log logs/access.log main;
29
30 sendfile on;
31 #tcp_nopush on;
32
33 #keepalive_timeout 0;
34 keepalive_timeout 65;
35
36 #gzip on;
37 server {
38 listen 8140;
39 server_name server1.example.com;
40
41 root /etc/puppet/rack/public;
42
43 passenger_enabled on;
44 passenger_set_header X_CLIENT_DN $ssl_client_s_dn;
45 passenger_set_header X_CLIENT_VERIFY $ssl_client_verify;
46 ssl on;
47 ssl_session_timeout 5m;
48 ssl_certificate /var/lib/puppet/ssl/certs/server1.example.com.pem;
49 ssl_certificate_key /var/lib/puppet/ssl/private_keys/server1.example .com.pem;
50 ssl_client_certificate /var/lib/puppet/ssl/ca/ca_crt.pem;
51 ssl_crl /var/lib/puppet/ssl/ca/ca_crl.pem;
52 ssl_verify_client optional;
53 ssl_ciphers SSLv2:-LOW:-EXPORT:RC4+RSA;
54 ssl_prefer_server_ciphers on;
55 ssl_verify_depth 1;
56 ssl_session_cache shared:SSL:128m;
57 }
58 }
# /opt/nginx/sbin/nginx -t
# /opt/nginx/sbin/nginx
# mkdir /etc/puppet/rack/{public,tmp} -p
# cp /usr/share/puppet/ext/rack/config.ru /etc/puppet/rack/# chown puppet.puppet /etc/puppet/rack/config.ru
# chkconfig puppetmaster off
# service puppetmaster stop
# /opt/nginx/sbin/nginx -t
# /opt/nginx/sbin/nginx
#檢測 nginx
puppetmaster 不須要啓動 , nginx 啓動時會自動調用 puppet。
- 1. [自動化]Puppet服務安裝和部署
- 2. puppet自動化運維之puppet安裝篇
- 3. Cobbler自動化安裝(linux)服務器
- 4. 自動化運維之puppet
- 5. 【自動化運維之puppet】
- 6. puppet自動化部署
- 7. Puppet自動化部署-安裝及配置(3)
- 8. 自動化運維工具puppet安裝配置
- 9. puppet運維自動化配置安裝學習
- 10. 自動化運維工具 puppet安裝部署
- 更多相關文章...
- • 啓動MySQL服務 - MySQL教程
- • Maven 自動化部署 - Maven教程
- • Spring Cloud 微服務實戰(三) - 服務註冊與發現
- • IntelliJ IDEA安裝代碼格式化插件
-
每一个你不满意的现在,都有一个你没有努力的曾经。