Puppet master/agent模型詳解
1、Puppet master/agent模型node
puppet經過在master端啓動puppetmaster服務來接受agent客戶端的請,在/etc/puppet/manifest/site.pp中經過客戶端的FQDN來定義每一個agent全部應用的class,首次啓動puppet守護進程時,其會自動進行運行環境的初始化,建立一個本地CA及服務器端相關的證書和密鑰等。初始化操做完成後,puppet就會監聽指定的套接字並等待客戶端的鏈接請求。默認狀況下,其證書和密鑰等文件位於/var/lib/puppet/ssl/目錄中。mysql
MCollective簡介linux
MCollective是一個調度器,能夠解決多個puppet agent同時向master提出請求形成性能,速度降低的問題,它能夠根據不一樣的屬性對節點進行分類,對不一樣的分類執行不一樣的任務;它是一個控制終端,可使用它控制客戶端和服務器,所以不須要puppet agent定時運行了。nginx
MCollective也是C/S架構,並且client和server使用Midware(中間件)進行通訊web
Puppet架構與集羣sql
Puppet一般部署爲C/S架構,當agent過多時會面臨性能問題數據庫
常見的集羣方案:apache
puppet + nginx瀏覽器
puppet + passenger + apacheruby
Puppet集羣的構建機制
puppetmaster集羣:
Active/Active模式高可用集羣,分攤puppetmaster上來自於agent的請求壓力
反向代理模式,將針對於8140端口請求分散到多臺puppetmaster
下面是master/agent模型的原理圖:
2、實驗環境
192.168.30.116 OS:CentOS 6.4 x86_64 node1.luojianlong.com
192.168.30.117 OS:CentOS 6.4 x86_64 node2.luojianlong.com
192.168.30.119 OS:CentOS 6.4 x86_64 node3.luojianlong.com
須要的軟件包:
puppet-2.7.23-1.el6.noarch.rpm
puppet-server-2.7.23-1.el6.noarch.rpm
facter-1.7.3-1.el6.x86_64.rpm
puppet-dashboard-1.2.23-1.el6.noarch.rpm
mysql-5.5.33-linux2.6-x86_64.tar.gz
首先在node1安裝master端
#設置各節點的hosts文件 [root@node1 ~]# cat /etc/hosts 192.168.30.116 node1.luojianlong.com 192.168.30.117 node2.luojianlong.com 192.168.30.119 node3.luojianlong.com # 更新facter [root@node1 ~]# rpm -Uvh facter-1.7.3-1.el6.x86_64.rpm # 配置epel源 [root@node1 ~]# cat /etc/yum.repos.d/epel.repo [epel] name=epel baseurl=http://mirrors.sohu.com/fedora-epel/6/$basearch/ gpgcheck=1 gpgkey=http://mirrors.sohu.com/fedora-epel/RPM-GPG-KEY-EPEL-6 # 安裝puppet,puppet-server [root@node1 ~]# yum -y localinstall puppet-2.7.23-1.el6.noarch.rpm [root@node1 ~]# yum -y localinstall puppet-server-2.7.23-1.el6.noarch.rpm
在node2,node3安裝puppet-agent
[root@node2 ~]# rpm -Uvh facter-1.7.3-1.el6.x86_64.rpm [root@node2 ~]# yum -y localinstall puppet-2.7.23-1.el6.noarch.rpm [root@node3 ~]# rpm -Uvh facter-1.7.3-1.el6.x86_64.rpm [root@node3 ~]# yum -y localinstall puppet-2.7.23-1.el6.noarch.rpm
在node1建立並配置模塊
[root@node1 ~]# mkdir -pv /etc/puppet/modules/nginx/{manifests,files,lib,templates,tests,spec}
mkdir: created directory `/etc/puppet/modules/nginx'
mkdir: created directory `/etc/puppet/modules/nginx/manifests'
mkdir: created directory `/etc/puppet/modules/nginx/files'
mkdir: created directory `/etc/puppet/modules/nginx/lib'
mkdir: created directory `/etc/puppet/modules/nginx/templates'
mkdir: created directory `/etc/puppet/modules/nginx/tests'
mkdir: created directory `/etc/puppet/modules/nginx/spec'
[root@node1 ~]# puppet module list
/etc/puppet/modules
└── nginx (???)
/usr/share/puppet/modules (no modules installed)
# 在nginx模塊中定義init.pp
[root@node1 ~]# vi /etc/puppet/modules/nginx/manifests/init.pp
class nginx {
package {'nginx':
ensure => installed,
}
}
# 定義nginx_web.pp文件
[root@node1 ~]# vi /etc/puppet/modules/nginx/manifests/nginx_web.pp
class nginx::nginx_web inherits nginx {
file {'/etc/nginx/nginx.conf':
ensure => file,
source => 'puppet:///modules/nginx/nginx-web.conf',
mode => '0644',
owner => 'root',
group => 'root',
notify => Service['nginx'],
require => Package['nginx'],
}
service {'nginx':
ensure => running,
}
}
# 準備source文件
[root@node1 ~]# cp /tmp/nginx.conf /etc/puppet/modules/nginx/files/nginx-web.conf
# 建立site.pp文件調用前面定義的class
[root@node1 ~]# vi /etc/puppet/manifests/site.pp
node 'node2.luojianlong' {
include nginx::nginx_web
}
node 'node3.luojianlong' {
include nginx::nginx_web
}
首次啓動puppet服務進程能夠以非守護進程方式進行,並讓其輸出詳解信息以便於觀察初始化過程。以下所示過程,其逐步展現了建立本地CA、做爲puppet服務器的本地主機向CA申請證書、得到證書以及CA移出證書籤署請求的過程等,然後啓動服務進程並準備接受各agent的鏈接請求。爲下面的命令額外使用--debug選項,還能夠得到更爲詳細的輸出信息。
[root@node1 ~]# puppet master --verbose --no-daemonize info: Creating a new SSL key for ca info: Creating a new SSL certificate request for ca info: Certificate Request fingerprint (md5): E0:74:ED:BA:83:EC:6E:A7:1A:1F:89:B1:CC:81:C3:CE notice: Signed certificate request for ca notice: Rebuilding inventory file info: Creating a new certificate revocation list info: Creating a new SSL key for node1.luojianlong.com info: Creating a new SSL certificate request for node1.luojianlong.com info: Certificate Request fingerprint (md5): 05:F1:37:DE:6E:13:CA:32:46:5B:07:2A:05:DE:D1:12 notice: node1.luojianlong.com has a waiting certificate request notice: Signed certificate request for node1.luojianlong.com notice: Removing file Puppet::SSL::CertificateRequest node1.luojianlong.com at '/var/lib/puppet/ssl/ca/requests/node1.luojianlong.com.pem' notice: Removing file Puppet::SSL::CertificateRequest node1.luojianlong.com at '/var/lib/puppet/ssl/certificate_requests/node1.luojianlong.com.pem' notice: Starting Puppet master version 2.7.23
注意:若是此前曾以其它主機名或各類緣由啓動過puppet客戶端進程並完成過初始化,其證書文件將沒法符合本此啓動的須要;此時,須要先清空/var/lib/puppet/ssl/目錄方可完成後續的初始化操做。
若是上述的測試啓動沒有問題,可停止當前的啓動後將之啓動守護進程了,在CentOS6上,一般會使用以下命令進行。
[root@node1 ~]# service puppetmaster start Starting puppetmaster: [ OK ] [root@node1 ~]# chkconfig puppetmaster on
啓動puppet客戶端
puppet agent在首次啓動時,會向爲其指定的puppet server申請證書,並完成後續鏈接請求。一樣地理由,出於測試的目的,接入當前puppet集羣中的首個agent節點能夠以非守護進程的方式進行,以觀察其初始化過程,以下面的命令所示
[root@node2 ~]# puppet agent --server=node1.luojianlong.com --no-daemonize --verbose info: Creating a new SSL key for node2.luojianlong.com info: Caching certificate for ca info: Creating a new SSL certificate request for node2.luojianlong.com info: Certificate Request fingerprint (md5): 11:56:36:0D:A5:92:11:69:AC:66:46:1B:86:D9:B4:ED [root@node3 ~]# puppet agent --server=node1.luojianlong.com --no-daemonize --verbose info: Creating a new SSL key for node3.luojianlong.com info: Caching certificate for ca info: Creating a new SSL certificate request for node3.luojianlong.com info: Certificate Request fingerprint (md5): A3:70:BF:52:F9:11:DA:0F:09:8B:35:C6:FC:EB:87:14
此時,在puppet服務器端使用puppet cert命令管理客戶端的證書請求,其--list選項可以查看等待簽署證書的客戶端列表,而--sign選項可用於爲指定指定節點簽署證書,若是要一次性地爲多個節點的證書申請進行簽署可同時使用--all選項。
[root@node1 ~]# puppet cert --list "node2.luojianlong.com" (11:56:36:0D:A5:92:11:69:AC:66:46:1B:86:D9:B4:ED) "node3.luojianlong.com" (A3:70:BF:52:F9:11:DA:0F:09:8B:35:C6:FC:EB:87:14) [root@node1 ~]# puppet cert --sign node2.luojianlong.com notice: Signed certificate request for node2.luojianlong.com notice: Removing file Puppet::SSL::CertificateRequest node2.luojianlong.com at '/var/lib/puppet/ssl/ca/requests/node2.luojianlong.com.pem' [root@node1 ~]# puppet cert --sign node3.luojianlong.com notice: Signed certificate request for node3.luojianlong.com notice: Removing file Puppet::SSL::CertificateRequest node3.luojianlong.com at '/var/lib/puppet/ssl/ca/requests/node3.luojianlong.com.pem'
一旦agent節點收到簽署過的證書時,其就會顯示相似以下信息。
[root@node2 ~]# puppet agent --server=node1.luojianlong.com --no-daemonize --verbose info: Creating a new SSL key for node2.luojianlong.com info: Caching certificate for ca info: Creating a new SSL certificate request for node2.luojianlong.com info: Certificate Request fingerprint (md5): 11:56:36:0D:A5:92:11:69:AC:66:46:1B:86:D9:B4:ED info: Caching certificate for node2.luojianlong.com notice: Starting Puppet client version 2.7.23 info: Caching certificate_revocation_list for ca info: Caching catalog for node2.luojianlong.com info: Applying configuration version '1389325340' notice: /Stage[main]/Nginx/Package[nginx]/ensure: created notice: /Stage[main]/Nginx::Nginx_web/Service[nginx]/ensure: ensure changed 'stopped' to 'running' info: Creating state file /var/lib/puppet/state/state.yaml notice: Finished catalog run in 10.22 seconds [root@node3 ~]# puppet agent --server=node1.luojianlong.com --no-daemonize --verbose info: Creating a new SSL key for node3.luojianlong.com info: Caching certificate for ca info: Creating a new SSL certificate request for node3.luojianlong.com info: Certificate Request fingerprint (md5): A3:70:BF:52:F9:11:DA:0F:09:8B:35:C6:FC:EB:87:14 info: Caching certificate for node3.luojianlong.com notice: Starting Puppet client version 2.7.23 info: Caching certificate_revocation_list for ca info: Caching catalog for node3.luojianlong.com info: Applying configuration version '1389325340' notice: /Stage[main]/Nginx/Package[nginx]/ensure: created notice: /Stage[main]/Nginx::Nginx_web/Service[nginx]/ensure: ensure changed 'stopped' to 'running' info: Creating state file /var/lib/puppet/state/state.yaml notice: Finished catalog run in 17.83 seconds
確保上述agent相關的操做不存在問題後,即可以將--server選項指定的信息存儲於agent的配置文件中,並以服務進程的方式啓動puppet agent了。其配置文件爲/etc/puppet/puppet.conf,server指令定義於[main]段中。配置完成,便可以服務方式啓動puppet。
[root@node2 ~]# vi /etc/puppet/puppet.conf server = node1.luojianlong.com [root@node3 ~]# vi /etc/puppet/puppet.conf server = node1.luojianlong.com [root@node2 ~]# service puppet start Starting puppet: [ OK ] [root@node3 ~]# service puppet start Starting puppet: [ OK ]
再次經過客戶端測試。
[root@node2 ~]# puppet agent --server=node1.luojianlong.com --no-daemonize --verbose --test info: Caching catalog for node2.luojianlong.com info: Applying configuration version '1389325340' notice: Finished catalog run in 0.97 seconds [root@node3 ~]# puppet agent --server=node1.luojianlong.com --no-daemonize --verbose --test info: Caching catalog for node3.luojianlong.com info: Applying configuration version '1389325340' notice: Finished catalog run in 0.95 seconds
如上的信息顯示其已經能正常與master創建鏈接
查看node2,node3 nginx是否安裝並啓動
[root@node2 ~]# rpm -q nginx nginx-1.0.15-5.el6.x86_64 [root@node2 ~]# ps aux | grep nginx root 19233 0.0 0.0 96432 1968 ? Ss 12:18 0:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf nginx 19234 0.0 0.0 96780 2612 ? S 12:18 0:00 nginx: worker process root 19515 0.0 0.0 103248 820 pts/0 S+ 12:22 0:00 grep nginx [root@node3 ~]# rpm -q nginx nginx-1.0.15-5.el6.x86_64 [root@node3 ~]# ps aux | grep nginx root 3082 0.0 0.0 96432 1968 ? Ss 12:18 0:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf nginx 3083 0.0 0.0 96780 2612 ? S 12:18 0:00 nginx: worker process root 3242 0.0 0.0 103248 824 pts/0 S+ 12:22 0:00 grep nginx
正常安裝啓動
自動簽發證書
能夠設置master自動簽發全部的證書,咱們只須要在/etc/puppet 目錄下建立 autosign.conf 文件,修改 /etc/puppet/puppet.conf文件
[root@node1 ~]# cat > /etc/puppet/autosign.conf << EOF > *.luojianlong.com > EOF
[root@node1 ~]# vi /etc/puppet/puppet.conf # 添加[master] [master] autosign = /etc/puppet/autosign.conf [root@node1 ~]# service puppetmaster restart Stopping puppetmaster: [ OK ] Starting puppetmaster: [ OK ]
這樣就會對全部來自luojianlong.com 的機器的請求,都自動簽名,puppet每半個小時檢查一次更新,若是想修改檢查時間,能夠修改客戶端配置文件/etc/puppet/puppet.conf,在[agent]中添加runinterval的值,而後重啓puppet默認爲600,單位秒。
在node1上安裝配置puppet-dashboard:
[root@node1 ~]# yum -y install rubygem-rake ruby-mysql [root@node1 ~]# yum localinstall puppet-dashboard-1.2.23-1.el6.noarch.rpm -y [root@node1 ~]# gem install rake
在node1上安裝mysql
[root@node1 ~]# tar zxvf mysql-5.5.33-linux2.6-x86_64.tar.gz -C /usr/local/ [root@node1 ~]# ln -s /usr/local/mysql-5.5.33-linux2.6-x86_64 /usr/local/mysql [root@node1 ~]# cd /usr/local/mysql [root@node1 mysql]# useradd -r mysql [root@node1 mysql]# mkdir /mydata/data -p [root@node1 mysql]# chown -R root.mysql ./* [root@node1 mysql]# chown -R mysql.mysql /mydata/data/ [root@node1 mysql]# cp support-files/mysql.server /etc/rc.d/init.d/mysqld [root@node1 mysql]# chkconfig --add mysqld [root@node1 mysql]# chkconfig mysqld on [root@node1 mysql]# cp support-files/my-large.cnf /etc/my.cnf [root@node1 mysql]# ./scripts/mysql_install_db --user=mysql --datadir=/mydata/data [root@node1 mysql]# vi /etc/profile.d/mysql.sh export PATH=/usr/local/mysql/bin:$PATH [root@node1 mysql]# . /etc/profile.d/mysql.sh [root@node1 mysql]# vi /etc/my.cnf datadir = /mydata/data innodb_file_per_table = 1 [root@node1 mysql]# service mysqld start Starting MySQL..... SUCCESS!
建立數據庫並完成受權
mysql> create database dashboard character set utf8; Query OK, 1 row affected (0.00 sec) mysql> grant all privileges on dashboard.* to 'dashboard'@'localhost' identified by '123456'; Query OK, 0 rows affected (0.00 sec) mysql> flush privileges; Query OK, 0 rows affected (0.00 sec)
修改/usr/share/puppet-dashboard/config/database.yml中的production段。
[root@node1 ~]# vi /usr/share/puppet-dashboard/config/database.yml production: host: 127.0.0.1 database: dashboard username: dashboard password: 123456 encoding: utf8 adapter: mysql [root@node1 ~]# cd /usr/share/puppet-dashboard/ [root@node1 puppet-dashboard]# rake gems:refresh_specs # 爲dashboard依賴的數據庫導入所須要的表: [root@node1 puppet-dashboard]# rake RAILS_ENV=production db:migrate
測試服務器是否能正常工做
[root@node1 ~]# /usr/share/puppet-dashboard/script/server -e production => Booting WEBrick => Rails 2.3.17 application starting on http://0.0.0.0:3000 => Call with -d to detach => Ctrl-C to shutdown server [2014-01-10 12:37:34] INFO WEBrick 1.3.1 [2014-01-10 12:37:34] INFO ruby 1.8.7 (2011-06-30) [x86_64-linux] [2014-01-10 12:37:34] INFO WEBrick::HTTPServer#start: pid=20641 port=3000
打開瀏覽器訪問http://192.168.30.116:3000
配置puppet服務端和客戶端
[root@node1 ~]# vi /etc/puppet/puppet.conf #在[master]段中添加 reports = store, http reporturl = http://192.168.30.116:3000/reports/upload [root@node1 ~]# service puppetmaster restart Stopping puppetmaster: [ OK ] Starting puppetmaster: [ OK ] [root@node2 ~]# vi /etc/puppet/puppet.conf # 在[agent]段中添加 report = true [root@node2 ~]# service puppet restart Stopping puppet: [ OK ] Starting puppet: [ OK ] # node3也同樣,添加並重啓puppet
而後啓動dashboard
[root@node1 ~]# /usr/share/puppet-dashboard/script/server -e production -d
打開瀏覽器訪問http://192.168.30.116:3000/
看到「# pending task」類的信息,且數字大於0,則表示已經正常接收報告了,一旦有用戶任務延遲就會記錄在dashboard中。
puppet kick 功能實現
puppet客戶端默認每30分鐘跟服務器通信一次,可是有時,咱們但願服務端能給客戶端緊急推送一些任務,因而就有了puppet kick(puppet 2.6之前叫puppetrun)。
編輯客戶端/etc/puppet/puppet.conf
[root@node2 ~]# vi /etc/puppet/puppet.conf # 在[agent]段中添加 listen = true # 編輯或新建文件/etc/puppet/namespaceauth.conf [root@node2 ~]# vi /etc/puppet/namespaceauth.conf [puppetrunner] allow *.luojianlong.com
編輯文件auth.conf
[root@node2 ~]# vi /etc/puppet/auth.conf # 添加以下幾行 path /run method save allow node1.luojianlong.com [root@node2 ~]# service puppet restart Stopping puppet: [ OK ] Starting puppet: [ OK ] [root@node2 ~]# netstat -anptl | grep ruby tcp 0 0 0.0.0.0:8139 0.0.0.0:* LISTEN 27053/ruby
node3作上述同樣的操做
在服務端運行命令
[root@node1 ~]# puppet kick -a --host=node2.luojianlong.com Triggering node2.luojianlong.com Getting status status is success node2.luojianlong.com finished with exit code 0 Finished [root@node1 ~]# puppet kick -a --host=node3.luojianlong.com Triggering node3.luojianlong.com Getting status status is success node3.luojianlong.com finished with exit code 0 Finished
發現能夠正常推送
相關文章
- 1. puppet之master/agent模型詳解
- 2. puppet 命令詳解
- 3. Puppet控制檯:Puppet Dashboard 搭建詳解
- 4. puppet之service資源詳解
- 5. puppet kick使用詳解
- 6. puppet 基礎應用詳解
- 7. puppet之cron資源詳解
- 8. SqueezeNet模型詳解
- 9. transformer模型詳解
- 10. LSTM模型詳解
- 更多相關文章...
- • ASP.NET MVC - 模型 - ASP.NET 教程
- • 免費ARP詳解 - TCP/IP教程
- • 委託模式
- • Flink 數據傳輸及反壓詳解
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
- 1. 外部其他進程嵌入到qt FindWindow獲得窗口句柄 報錯無法鏈接的外部符號 [email protected] 無法被([email protected]@[email protected]@@引用
- 2. UVa 11524 - InCircle
- 3. The Monocycle(bfs)
- 4. VEC-C滑窗
- 5. 堆排序的應用-TOPK問題
- 6. 實例演示ElasticSearch索引查詢term,match,match_phase,query_string之間的區別
- 7. 數學基礎知識 集合
- 8. amazeUI 復擇框問題解決
- 9. 揹包問題理解
- 10. 算數平均-幾何平均不等式的證明,從麥克勞林到柯西
歡迎關注本站公眾號,獲取更多信息
相關文章