puppet工做原理及部署redis主從篇
1、簡介
一、國際慣例什麼是puppet
puppet是一種Linux、Unix、windows平臺的集中配置管理系統,使用自有的puppet描述語言,可管理配置文件、用戶、cron任務、軟件包、系統服務等。puppet把這些系統實體稱之爲資源,puppet的設計目標是簡化對這些資源的管理以及妥善處理資源間的依賴關係。html
puppet採用C/S星狀的結構,全部的客戶端和一個或幾個服務器交互。每一個客戶端週期的(默認半個小時)向服務器發送請求,得到其最新的配置信息,保證和該配置信息同步。每一個puppet客戶端每半小時(能夠設置)鏈接一次服務器端, 下載最新的配置文件,而且嚴格按照配置文件來配置客戶端. 配置完成之後,puppet客戶端能夠反饋給服務器端一個消息. 若是出錯,也會給服務器端反饋一個消息node
網上資料不少,能夠自行查看其實就是一個自動化工具,好比咱們平時須要部署軟件服務帳號等,確定不能手動去作這些事情,自動部署就能夠了,puppet就是爲了知足這個需求的一種軟件,有人說puppet本質就是對catalog的配置進行編譯和應用。python
常見的自動化工具還有不少好比saltstack、ansible、chef等,功能相似,puppet算是起步最先,最成熟,普遍用在google、twitter、redhat、cisco等公司,其軟件是使用ruby研發的,ansible及saltstack是python研發的。linux
二、生命週期(四個維度)
provisioning-服務開通ios
configuration-配置web
orchestration-編排redis
reporting-報告shell
三、三個層次,也能夠叫三層模型
配置語言 configuration languagejson
事務層 transactional layer
windows
資源抽象層 resource abstraction layer
資源類型:用戶、組、文件、服務、cron任務等
四、名詞
1)puppet核心組件
資源清單:manifests
資源清單及清單中的資源定義的所依賴文件、模板等數據按特定機構組織起來即爲模塊。
agent和agent之間經過ssh協議,master和agent之間經過https協議基於證書ca,master自帶證書,簽署能夠自動能夠一個一個確認
2)類:一組資源清單
3)模塊:包含多個類,至關於ansible中得角色
4)站點清單:以主機爲核心應用哪些模塊
5)catalog就是被管理服務器對應的配置文件(通過處理的配置文件),服務端master收到agent請求,而後找對應被管理的站點清單
五、組織結構
版本3+
[root@web1 ~]# tree /etc/puppet /etc/puppet ├── auth.conf ├── fileserver.conf ├── manifests ├── modules └── puppet.conf
版本 5+
[root@web1 yum.repos.d]# tree /etc/puppet /etc/puppet [error opening dir] 0 directories, 0 files [root@web1 yum.repos.d]# tree /etc/puppetlabs/ /etc/puppetlabs/ ├── code │ ├── environments │ │ └── production │ │ ├── data │ │ ├── environment.conf │ │ ├── hiera.yaml │ │ ├── manifests │ │ └── modules │ └── modules ├── mcollective │ ├── client.cfg │ ├── data-help.erb │ ├── discovery-help.erb │ ├── facts.yaml │ ├── metadata-help.erb │ ├── rpc-help.erb │ └── server.cfg ├── puppet │ ├── auth.conf │ ├── hiera.yaml │ ├── puppet.conf │ └── ssl ├── puppetserver │ ├── conf.d │ │ ├── auth.conf │ │ ├── ca.conf │ │ ├── global.conf │ │ ├── metrics.conf │ │ ├── puppetserver.conf │ │ ├── web-routes.conf │ │ └── webserver.conf │ ├── logback.xml │ ├── request-logging.xml │ └── services.d │ └── ca.cfg └── pxp-agent └── modules 15 directories, 22 files
2、puppet工做原理
一、puppet是如何工做的
1)、定義:使用puppet特定語言定義基礎配置信息,這些信息能夠放在moules裏
2)、模擬:在配置執行以前檢測代碼,但並非真正執行
3)、執行:強制當前與定義得目標狀態保持一致
4)、報告:經過puppet api將執行結果發送給接收者
二、原理框架圖:
三、工做流程圖:
1)puppet客戶端agent將節點名與facts信息發送master
2)puppet服務端master經過分類判斷請求的客戶端是誰,他將要作什麼,這個判斷是經過site.pp中包含的node.pp配置定義的
3)puppet服務端master將所須要的class類信息進行編譯後存入catalog併發送給puppet客戶端agent,這一步就是下面的文件編譯過程
4)puppet客戶端agent對catalog進行代碼驗證並執行,主要是代碼的驗證,並將執行過程的信息及結果寫入日誌
5)puppet客戶端agent最終達到最開始所定義的狀態,並將結果及任何執行數據經過開放api的形式發送給puppet服務端master
四、文件編譯過程,也能夠稱做單機模型
1)puppet經過編譯manifest中的內容,將編譯好的代碼存入catalog
2)在執行前先進行代碼的驗證,在執行,完成最開始所定義好的狀態
五、master/agent模式工做原理圖
1)agent像master請求catalog併發送主機名及facts
2)master接收到請求,查詢請求者的站點清單
3)master經過編譯manifest中的內容,將編譯好的代碼存入catalog
4)在執行前先進行代碼的驗證,在執行,完成最開始所定義好的狀態
六、非master/agent模式工做
也能夠叫agent模式
運行pp文件
puppet apply -v test1.pp
七、puppet help apply命令
[root@web1 ~]# puppet help Usage: puppet <subcommand> [options] <action> [options] Available subcommands: agent The puppet agent daemon apply Apply Puppet manifests locally ca Local Puppet Certificate Authority management. catalog Compile, save, view, and convert catalogs. cert Manage certificates and requests certificate Provide access to the CA for certificate management. certificate_request Manage certificate requests. certificate_revocation_list Manage the list of revoked certificates. config Interact with Puppet's settings. describe Display help about resource types device Manage remote network devices doc Generate Puppet documentation and references facts Retrieve and store facts. file Retrieve and store files in a filebucket filebucket Store and retrieve files in a filebucket help Display Puppet help. inspect Send an inspection report instrumentation_data Manage instrumentation listener accumulated data. instrumentation_listener Manage instrumentation listeners. instrumentation_probe Manage instrumentation probes. key Create, save, and remove certificate keys. kick Remotely control puppet agent man Display Puppet manual pages. master The puppet master daemon module Creates, installs and searches for modules on the Puppet Forge. node View and manage node definitions. parser Interact directly with the parser. plugin Interact with the Puppet plugin system. queue Deprecated queuing daemon for asynchronous storeconfigs report Create, display, and submit reports. resource The resource abstraction layer shell resource_type View classes, defined resource types, and nodes from all manifests. secret_agent Mimics puppet agent. status View puppet server status. See 'puppet help <subcommand> <action>' for help on a specific subcommand action. See 'puppet help <subcommand>' for help on a specific subcommand. Puppet v3.6.2
3、語法及資源簡介
一、語法用法
puppet <subcommand> [options] <action>[options]
二、查看資源
獲取所支持得全部資源類型
puppet describe -l
[root@web1 ~]# puppet describe -l These are the types known to puppet: augeas - Apply a change or an array of changes to the ... computer - Computer object management using DirectorySer ... cron - Installs and manages cron jobs exec - Executes external commands file - Manages files, including their content, owner ... filebucket - A repository for storing and retrieving file ... group - Manage groups host - Installs and manages host entries interface - This represents a router or switch interface k5login - Manage the `.k5login` file for a user macauthorization - Manage the Mac OS X authorization database mailalias - .. no documentation .. maillist - Manage email lists mcx - MCX object management using DirectoryService ... mount - Manages mounted filesystems, including puttin ... nagios_command - The Nagios type command nagios_contact - The Nagios type contact nagios_contactgroup - The Nagios type contactgroup nagios_host - The Nagios type host nagios_hostdependency - The Nagios type hostdependency nagios_hostescalation - The Nagios type hostescalation nagios_hostextinfo - The Nagios type hostextinfo nagios_hostgroup - The Nagios type hostgroup nagios_service - The Nagios type service nagios_servicedependency - The Nagios type servicedependency nagios_serviceescalation - The Nagios type serviceescalation nagios_serviceextinfo - The Nagios type serviceextinfo nagios_servicegroup - The Nagios type servicegroup nagios_timeperiod - The Nagios type timeperiod notify - .. no documentation .. package - Manage packages resources - This is a metatype that can manage other reso ... router - .. no documentation .. schedule - Define schedules for Puppet scheduled_task - Installs and manages Windows Scheduled Tasks selboolean - Manages SELinux booleans on systems with SELi ... selmodule - Manages loading and unloading of SELinux poli ... service - Manage running services ssh_authorized_key - Manages SSH authorized keys sshkey - Installs and manages ssh host keys stage - A resource type for creating new run stages tidy - Remove unwanted files based on specific crite ... user - Manage users vlan - .. no documentation .. whit - Whits are internal artifacts of Puppet's curr ... yumrepo - The client-side description of a yum reposito ... zfs - Manage zfs zone - Manages Solaris zones zpool - Manage zpools
三、資源定義方法
參考鏈接:puppet資源定義方法及示例 待更新
4、安裝實戰
m/a模型完成redis主從架構
redis原理請見連接:
一、環境
web1.zxg.com master 192.168.216.51 puppet-maser
web2.zxg.com agent 192.168.216.52 puppet-agent,redis-master
web3.zxg.com agent 192.168.216.53 puppet-agent,redis-slave
注意:請準備好主機關閉selinux,關閉firewalld
系統:
[root@web1 ~]# cat /etc/redhat-release CentOS Linux release 7.3.1611 (Core) [root@web1 ~]# cat /proc/version Linux version 3.10.0-514.el7.x86_64 (builder@kbuilder.dev.centos.org) (gcc version 4.8.5 20150623 (Red Hat 4.8.5-11) (GCC) ) #1 SMP Tue Nov 22 16:42:41 UTC 2016 [root@web1 ~]#
軟件:
puppet-server-3.6.2-3
puppet-3.6.2-3
二、配置軟件源
很簡單有epel源便可,或者puppet官方源,這裏使用得epel,puppet版本爲3+
epel:rpm -ivh http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
puppet:rpm -ivh https://yum.puppetlabs.com/puppet5/puppet5-release-el-7.noarch.rpm
三、安裝puppet
agent:puppet,facter
master:puppet-server
web1安裝master,web2/web3安裝agent
yum安裝會安裝以下依賴:
Dependencies Resolved ==================================================================================================================== Package Arch Version Repository Size ==================================================================================================================== Installing: facter x86_64 2.4.1-1.el7 epel 101 k puppet noarch 3.6.2-3.el7 epel 1.2 M puppet-server noarch 3.6.2-3.el7 epel 24 k Installing for dependencies: hiera noarch 1:1.3.4-5.el7 epel 25 k libselinux-ruby x86_64 2.5-14.1.el7 base 121 k libyaml x86_64 0.1.4-11.el7_0 base 55 k ruby x86_64 2.0.0.648-35.el7_6 updates 72 k ruby-augeas x86_64 0.5.0-1.el7 epel 23 k ruby-irb noarch 2.0.0.648-35.el7_6 updates 93 k ruby-libs x86_64 2.0.0.648-35.el7_6 updates 2.8 M ruby-shadow x86_64 1.4.1-23.el7 epel 14 k rubygem-bigdecimal x86_64 1.2.0-35.el7_6 updates 84 k rubygem-io-console x86_64 0.4.2-35.el7_6 updates 55 k rubygem-json x86_64 1.7.7-35.el7_6 updates 80 k rubygem-psych x86_64 2.0.0-35.el7_6 updates 83 k rubygem-rdoc noarch 4.0.0-35.el7_6 updates 322 k rubygem-rgen noarch 0.6.6-2.el7 epel 84 k rubygems noarch 2.0.14.1-35.el7_6 updates 220 k Transaction Summary ==================================================================================================================== Install 3 Packages (+15 Dependent packages)
四、實現時間同步
方法1:systemctl start chronyd.service/systemctl enable chronyd.service #推薦
方法2:配置ntp yum ntp,ntpdate 120.25.108.11
五、m/a模型的實現
1)、開啓puppetmaster
[root@web1 ~]# systemctl start puppetmaster [root@web1 ~]# netstat -untlop |grep puppet [root@web1 ~]# netstat -untlop |grep 8140 tcp 0 0 0.0.0.0:8140 0.0.0.0:* LISTEN 3399/ruby off (0.00/0/0)
2)、配置agent指定master
sed -i '/ssldir/aserver = web1.zxg.com' /etc/puppet/puppet.conf
指定後能夠打印server能夠看到master域名了
[root@web2 ~]# puppet config print server
web1.zxg.com
3)、等待簽署ca
web2/web3上執行 puppet agent -v --noop --no-daemonize,而後就是等待簽署
[root@web2 ~]# puppet agent -v --noop --no-daemonize Info: Caching certificate for ca Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml Info: Creating a new SSL certificate request for web2.zxg.com Info: Certificate Request fingerprint (SHA256): 48:A3:7C:A1:88:26:FC:80:A0:61:78:DE:BA:6F:CC:27:F5:A6:88:1A:9E:DC:D2:7A:AB:E3:DF:D4:3D:9B:1D:15 Info: Caching certificate for ca Notice: Did not receive certificate Notice: Did not receive certificate
master上籤署ca
[root@web1 ~]# puppet cert list "web2.zxg.com" (SHA256) 48:A3:7C:A1:88:26:FC:80:A0:61:78:DE:BA:6F:CC:27:F5:A6:88:1A:9E:DC:D2:7A:AB:E3:DF:D4:3D:9B:1D:15 "web3.zxg.com" (SHA256) E1:12:BC:C6:C8:BF:E6:62:FE:E3:59:D3:C2:35:72:72:C2:F0:AE:E8:2B:7E:93:01:B3:C4:8F:CF:3F:96:0B:AD [root@web1 ~]# puppet cert sign web2.zxg.com Notice: Signed certificate request for web2.zxg.com Notice: Removing file Puppet::SSL::CertificateRequest web2.zxg.com at '/var/lib/puppet/ssl/ca/requests/web2.zxg.com.pem' [root@web1 ~]# puppet cert sign web3.zxg.com Notice: Signed certificate request for web3.zxg.com Notice: Removing file Puppet::SSL::CertificateRequest web3.zxg.com at '/var/lib/puppet/ssl/ca/requests/web3.zxg.com.pem'
web2得簽署過程
[root@web2 ~]# puppet agent -v --noop --no-daemonize Info: Caching certificate for ca Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml Info: Creating a new SSL certificate request for web2.zxg.com Info: Certificate Request fingerprint (SHA256): 48:A3:7C:A1:88:26:FC:80:A0:61:78:DE:BA:6F:CC:27:F5:A6:88:1A:9E:DC:D2:7A:AB:E3:DF:D4:3D:9B:1D:15 Info: Caching certificate for ca #這裏在等待證書得簽署 Notice: Did not receive certificate Notice: Did not receive certificate Notice: Did not receive certificate Info: Caching certificate for web2.zxg.com #已經簽署成正常走下去最後finished Notice: Starting Puppet client version 3.6.2 Info: Caching certificate_revocation_list for ca Info: Retrieving pluginfacts Info: Retrieving plugin Info: Caching catalog for web2.zxg.com Info: Applying configuration version '1560169273' Info: Creating state file /var/lib/puppet/state/state.yaml Notice: Finished catalog run in 0.02 seconds #退出後在此運行,看效果 [root@web2 ~]# puppet agent -v --noop --no-daemonize Notice: Starting Puppet client version 3.6.2 Info: Retrieving pluginfacts Info: Retrieving plugin Info: Caching catalog for web2.zxg.com Info: Applying configuration version '1560169273' Notice: Finished catalog run in 0.03 seconds
puppet-ca得管理
puppet cert <action> [-all|-a] [<host>]
action:
list:列出證書請求
sign :簽署證書
revoke:吊銷證書
clean:清楚客戶端證書,記得客戶端也須要刪除/var/lib/puppet/ssl/目錄全部文件
六、配置站點清單
1)、站點清單
1.一、查詢清單目錄
[root@web1 ~]# puppet config print |grep manifest genmanifest = false manifestdir = /etc/puppet/manifests manifest = /etc/puppet/manifests/site.pp
1.二、編輯清單
[root@web1 manifests]# cat site.pp node 'web2.zxg.com' { include redis::master } node 'web3.zxg.com' { class{'redis::slave': master_ip => 'web2.zxg.com' } } [root@web1 manifests]# pwd /etc/puppet/manifests [root@web1 manifests]#
七、這裏引用模塊,請參考鏈接puppet模塊篇
puppet工做原理之模塊使用 此鏈接有redis模塊製做步驟
八、開啓相關服務
web1:sytemctl start puppetmaster
web2:systemctl start puppetagent
web3:systemctl start puppetagent
九、驗證
root@web2 ~]# redis-cli -a keerya info replication # Replication role:master connected_slaves:1 slave0:ip=192.168.216.53,port=6379,state=online,offset=85,lag=0 master_repl_offset:85 repl_backlog_active:1 repl_backlog_size:1048576 repl_backlog_first_byte_offset:2 repl_backlog_histlen:84 [root@web2 ~]# [root@web3 ~]# redis-cli -a keerya info replication # Replication role:slave master_host:192.168.216.52 master_port:6379 master_link_status:up master_last_io_seconds_ago:6 master_sync_in_progress:0 slave_repl_offset:71 slave_priority:100 slave_read_only:1 connected_slaves:0 master_repl_offset:0 repl_backlog_active:0 repl_backlog_size:1048576 repl_backlog_first_byte_offset:0 repl_backlog_histlen:0 [root@web3 ~]#
感謝:
參考:http://www.javashuo.com/article/p-toyjqaqx-eu.html
puppet官方文檔:https://puppet.com/sitemap
轉載請註明出處:http://www.javashuo.com/article/p-nbqgyesd-m.html
- 1. puppet徹底攻略(一)puppet應用原理及安裝部署
- 2. win7部署redis及主從複製
- 3. Redis部署及主從集羣架構
- 4. Redis 主從及哨兵模式部署
- 5. puppet入門與掌握之puppet工作原理(原理篇)
- 6. Puppet安裝部署篇(二)
- 7. Puppet安裝部署篇(一)
- 8. Redis部署主從關係
- 9. redis 主從原理
- 10. Puppet擴展篇8-Puppet dashboard的部署及測試
- 更多相關文章...
- • MyBatis的工作原理 - MyBatis教程
- • Maven 自動化部署 - Maven教程
- • 使用阿里雲OSS+CDN部署前端頁面與加速靜態資源
- • ☆技術問答集錦(13)Java Instrument原理
-
每一个你不满意的现在,都有一个你没有努力的曾经。