首页 > 代码库 > linux运维自动化之puppet简单应用(二)

linux运维自动化之puppet简单应用(二)

上篇博客介绍了在单机环境下的puppet应用,这次我们基于C/S模式来介绍下puppet!

一、实验环境

服务器角色IP地址安装软件主机名
服务器端172.16.8.1puppet-serverwww.gulong.com
客户机端172.16.8.2puppet node1.gulong.com
客户机端172.16.8.3puppet node2.gulong.com


三台主机时间同步:

#ntpdate 172.16.0.1


三台主机可以相互解析:

# vim /etc/hosts
172.16.8.1 www.gulong.com
172.16.8.2 node1.gulong.com
172.16.8.3 node2.gulong.com


二、master端的配置

1、安装puppet-server

puppet软件包

[root@www 2.7.25]# yum -y install facter-1.7.3-1.el6.x86_64.rpm puppet-server-2.7.25-1.el6.noarch.rpm


2、配置模板

  • 创建模板目录:

[root@www 2.7.25]# cd /etc/puppet/modules/
[root@www modules]# mkdir -pv nginx/{files,manifests,templates}

files/     : 文件存储目录
manifests/ : 清单存储目录
templates/ : 模板存储目录


  • 创建清单文件:

[root@www modules]# cd nginx/manifests/
[root@www manifests]# vim init.pp
//添加如下:
class nginx {
      package {‘nginx‘:
               ensure => present,
}
      file {‘nginx.conf‘:
             ensure => file,
             content => template(‘nginx/nginx.conf.erb‘),
             path    => ‘/etc/nginx/nginx.conf‘,
             require => Package[‘nginx‘],
             mode    => ‘0644‘,
}
}
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             
[root@www manifests]# vim web.pp
//添加如下:
class nginx::web inherits nginx {
    file {‘web.conf‘:
              ensure =>file,
              source =>"puppet:///modules/nginx/web.conf",
              path   =>‘/etc/nginx/conf.d/default.conf‘,
              require => Package[‘nginx‘],
              mode    => ‘0644‘,
              notify => Service [‘nginx‘],
}
    service {‘nginx‘:
                ensure => true,
                enable => true,
                restart => ‘/etc/init.d/nginx reload‘,
                require => File[‘nginx.conf‘,‘web.conf‘],
}
}
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             
[root@www manifests]# vim proxy.pp
//添加如下:
class nginx::proxy inherits nginx {
    file {‘web.proxy.conf‘:
              ensure =>file,
              source =>"puppet:///modules/nginx/web.proxy.conf",
              path   =>‘/etc/nginx/conf.d/default.conf‘,
              require => Package[‘nginx‘],
              mode    => ‘0644‘,
              notify => Service [‘nginx‘],
}
    service {‘nginx‘:
                ensure => true,
                enable => true,
                restart => ‘/etc/init.d/nginx reload‘,
                require => File[‘nginx.conf‘,‘web.proxy.conf‘],
}
}


  • 创建是需要的配置文件:

[root@www manifests]# cd ../files/
[root@www files]# vim web.conf
//添加如下:
#
# The default server
#
server {
    listen       80 default_server;
    server_name  www.gulong.com;
    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }
    error_page  404              /404.html;
    location = /404.html {
        root   /usr/share/nginx/html;
    }
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                
}
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 
[root@www files]# vim web.proxy.conf
//添加如下:
#
# The default server
#
server {
    listen       80 default_server;
    server_name  _;
    location / {
      proxy_pass http://172.16.0.1/;
    }
    error_page  404              /404.html;
    location = /404.html {
        root   /usr/share/nginx/html;
    }
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
}


  • 创建模板文件:

[root@www files]# cd ../templates/
[root@www templates]# vim nginx.conf.erb
//添加如下:
# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/
user              nginx;
worker_processes  <%= @processorcount %>;
error_log  /var/log/nginx/error.log;
#error_log  /var/log/nginx/error.log  notice;
#error_log  /var/log/nginx/error.log  info;
pid        /var/run/nginx.pid;
events {
    worker_connections  1024;
}
http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;
    log_format  main  ‘$remote_addr - $remote_user [$time_local] "$request" ‘
                      ‘$status $body_bytes_sent "$http_referer" ‘
                      ‘"$http_user_agent" "$http_x_forwarded_for"‘;
    access_log  /var/log/nginx/access.log  main;
    sendfile        on;
    #tcp_nopush     on;
    #keepalive_timeout  0;
    keepalive_timeout  65;
    #gzip  on;
    # Load config files from the /etc/nginx/conf.d directory
    # The default server is in conf.d/default.conf
    include /etc/nginx/conf.d/*.conf;
}


  • 将服务器端的配置信息输入puppet.conf文件中

[root@www templates]# puppet master --genconfig >> /etc/puppet/puppet.conf


  • 创建节点文件:

[root@www nginx]# cd /etc/puppet/manifests/
[root@www manifests]# vim site.pp
//添加如下:
import "*.gulong.com.pp"   //表示所有以gulong.com.pp结尾的清单都加载进来


  • 创建后端主机节点文件:

[root@www manifests]# vim node1.gulong.com.pp
//添加如下:
node ‘node1.gulong.com‘ {
include nginx::proxy
}
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   
[root@www manifests]# vim node2.gulong.com.pp
//添加如下:
node ‘node2.gulong.com‘ {
include nginx::web
}


  • 启动master服务:

[root@www manifests]# service puppetmaster start

wKiom1N4flCylttWAAGCk8ho6f4083.jpg


三、客户机端的配置

这里只以node1.gulong.com这个主机做演示

1、安装puppet客户端软件:

[root@mariadb 2.7.25]# yum -y install facter-1.7.3-1.el6.x86_64.rpm puppet-2.7.25-1.el6.noarch.rpm


2、修改puppet.conf配置文件

[root@mariadb 2.7.25]# vim /etc/puppet/puppet.conf
//在[agent]段添加如下:
server = www.gulong.com


3、启动puppet

[root@mariadb 2.7.25]# service puppet start


四、签署证书并测试

1、在服务器端所有此命令,查看申请签署的证书请求:

[root@www manifests]#  puppet cert list
  "node1.gulong.com" (C9:E5:D1:BD:8A:5F:58:A2:A8:7B:CB:F5:C5:30:81:5A)


2、使用此命令签署:

[root@www manifests]# puppet cert sign node1.gulong.com


也可以编辑配置文件,使之自动签署:

[root@www manifests]# echo "*.gulong.com" > /etc/puppet/autosign.conf


3、签署完成后,查看客户端是否自动安装nginx

wKiom1N4gWbQ6ok5AAHoOpuRgyg418.jpg

从图看出,已经自动安装nginx了!


4、puppet kick功能实现

puppet客户端默认每30分钟很服务器通讯一次,但是有时,我们希望服务器能够给客户端紧急推送一些事务,于是就有了puppet kick。

1、编辑客户端配置文件/etc/puppet/puppet.conf

[root@mariadb 2.7.25]# echo "listen=true" >> /etc/puppet/puppet.conf


2、在客户端编辑或创建新文件/etc/puppet/namespaceauth.conf,包含下面内容

[puppetrunner]
allow *.gulong.com


3、在客户端编辑文件auth.conf,添加如下内容

path    /run
  method  save
  auth    any
  allow   www.gulong.com


客户端重启puppet

[root@mariadb puppet]# service puppet restart


4、在服务器端运行推送命令

//为了演示效果,先修改下node1.gulong.com.pp
[root@www puppet]# vim manifests/node1.gulong.com.pp
//修改如下:
node ‘node1.gulong.com‘ {
include nginx::web
}
                                                                                                                                                                                                                        
[root@www puppet]# puppet kick -p 10 node1.gulong.com

wKiom1N4n8vwvp3AAACWCEhP98c499.jpg


5、在客户端查看配置文件是否改变

[root@mariadb puppet]# vim /etc/nginx/conf.d/default.conf

wKioL1N4oATjGSrnAAF78SQtibc139.jpg

从上图看出,已经推送成功!


5、安装配置puppet-dashboard

1、安装puppet-dashboard包

[root@localhost ~]# cd 2.7.25/
[root@localhost 2.7.25]# yum -y install puppet-dashboard-1.2.23-1.el6.noarch.rpm


2、安装rake

[root@localhost 2.7.25]# gem install rake

可能会出现以下错误:

wKiom1N4syDyPA3rAACrAQWi2Xk164.jpg

解决方法:此错误是网络故障,连不了外网,可以通过修改默认网关等方法来连接外网!


3、数据库授权

[root@localhost 2.7.25]#yum -y install mysql mysql-server
[root@localhost 2.7.25]# service mysqld start
[root@localhost 2.7.25]#mysql
mysql> create database dbdb character set utf8;
mysql> grant all on dbdb.* to ‘dbuser‘@‘172.16.%.%‘ identified by ‘dbpass‘;
mysql> grant all on dbdb.* to ‘dbuser‘@‘www.gulong.com‘ identified by ‘dbpass‘;
mysql> flush privileges;


4、修改dashboard配置文件

dashboard的配置文件为/usr/share/puppet-dashboard/config/database.yml,修改如下参数

production:
  host: 172.16.8.1
  database: dbdb
  username: dbuser
  password: dbpass
  encoding: utf8
  adapter: mysql


5、为dashboard导入依赖的数据表

[root@localhost 2.7.25]# cd /usr/share/puppet-dashboard/config/
[root@localhost config]# rake gems:refresh_specs
[root@localhost config]# rake RAILS_ENV=production db:migrate

wKioL1N4tJfzmkOTAAKLnI7f8lc114.jpg

wKiom1N4tNagsYt0AATNyCJmy0s425.jpg

出现上图即为导入成功!


6、测试服务器是否能正常工作

[root@localhost 2.7.25]# /usr/share/puppet-dashboard/script/server -e production

wKioL1N4tQ7CJlsaAAFsDGxLv2A141.jpg

默认其监听于3000/tcp端口,现在可以通过此端口访问相应的服务了。


wKioL1N4tUqzBSDTAAIMu4oZ3wA498.jpg

现在就可以在页面中添加节点和类文件!


至此,puppet的c/s模式应用已经介绍完毕,不足之处,请多加指点!