上篇博客介绍了在单机环境下的puppet应用,这次我们基于C/S模式来介绍下puppet!
一、实验环境
| 服务器角色 | IP地址 | 安装软件 | 主机名 |
| 服务器端 | 172.16.8.1 | puppet-server | www.gulong.com |
| 客户机端 | 172.16.8.2 | puppet | node1.gulong.com |
| 客户机端 | 172.16.8.3 | puppet | node2.gulong.com |
三台主机时间同步:
#ntpdate 172.16.0.1
三台主机可以相互解析:
# vim /etc/hosts 172.16.8.1 www.gulong.com 172.16.8.2 node1.gulong.com 172.16.8.3 node2.gulong.com
二、master端的配置
1、安装puppet-server
[root@www 2.7.25]# yum -y install facter-1.7.3-1.el6.x86_64.rpm puppet-server-2.7.25-1.el6.noarch.rpm
2、配置模板
创建模板目录:
[root@www 2.7.25]# cd /etc/puppet/modules/
[root@www modules]# mkdir -pv nginx/{files,manifests,templates}注:
files/ : 文件存储目录
manifests/ : 清单存储目录
templates/ : 模板存储目录
创建清单文件:
[root@www modules]# cd nginx/manifests/
[root@www manifests]# vim init.pp
//添加如下:
class nginx {
package {‘nginx‘:
ensure => present,
}
file {‘nginx.conf‘:
ensure => file,
content => template(‘nginx/nginx.conf.erb‘),
path => ‘/etc/nginx/nginx.conf‘,
require => Package[‘nginx‘],
mode => ‘0644‘,
}
}
[root@www manifests]# vim web.pp
//添加如下:
class nginx::web inherits nginx {
file {‘web.conf‘:
ensure =>file,
source =>"puppet:///modules/nginx/web.conf",
path =>‘/etc/nginx/conf.d/default.conf‘,
require => Package[‘nginx‘],
mode => ‘0644‘,
notify => Service [‘nginx‘],
}
service {‘nginx‘:
ensure => true,
enable => true,
restart => ‘/etc/init.d/nginx reload‘,
require => File[‘nginx.conf‘,‘web.conf‘],
}
}
[root@www manifests]# vim proxy.pp
//添加如下:
class nginx::proxy inherits nginx {
file {‘web.proxy.conf‘:
ensure =>file,
source =>"puppet:///modules/nginx/web.proxy.conf",
path =>‘/etc/nginx/conf.d/default.conf‘,
require => Package[‘nginx‘],
mode => ‘0644‘,
notify => Service [‘nginx‘],
}
service {‘nginx‘:
ensure => true,
enable => true,
restart => ‘/etc/init.d/nginx reload‘,
require => File[‘nginx.conf‘,‘web.proxy.conf‘],
}
}创建是需要的配置文件:
[root@www manifests]# cd ../files/
[root@www files]# vim web.conf
//添加如下:
#
# The default server
#
server {
listen 80 default_server;
server_name www.gulong.com;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
error_page 404 /404.html;
location = /404.html {
root /usr/share/nginx/html;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
[root@www files]# vim web.proxy.conf
//添加如下:
#
# The default server
#
server {
listen 80 default_server;
server_name _;
location / {
proxy_pass http://172.16.0.1/;
}
error_page 404 /404.html;
location = /404.html {
root /usr/share/nginx/html;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}创建模板文件:
[root@www files]# cd ../templates/
[root@www templates]# vim nginx.conf.erb
//添加如下:
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes <%= @processorcount %>;
error_log /var/log/nginx/error.log;
#error_log /var/log/nginx/error.log notice;
#error_log /var/log/nginx/error.log info;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main ‘$remote_addr - $remote_user [$time_local] "$request" ‘
‘$status $body_bytes_sent "$http_referer" ‘
‘"$http_user_agent" "$http_x_forwarded_for"‘;
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
# Load config files from the /etc/nginx/conf.d directory
# The default server is in conf.d/default.conf
include /etc/nginx/conf.d/*.conf;
}将服务器端的配置信息输入puppet.conf文件中
[root@www templates]# puppet master --genconfig >> /etc/puppet/puppet.conf
创建节点文件:
[root@www nginx]# cd /etc/puppet/manifests/ [root@www manifests]# vim site.pp //添加如下: import "*.gulong.com.pp" //表示所有以gulong.com.pp结尾的清单都加载进来
创建后端主机节点文件:
[root@www manifests]# vim node1.gulong.com.pp
//添加如下:
node ‘node1.gulong.com‘ {
include nginx::proxy
}
[root@www manifests]# vim node2.gulong.com.pp
//添加如下:
node ‘node2.gulong.com‘ {
include nginx::web
}启动master服务:
[root@www manifests]# service puppetmaster start
三、客户机端的配置
这里只以node1.gulong.com这个主机做演示
1、安装puppet客户端软件:
[root@mariadb 2.7.25]# yum -y install facter-1.7.3-1.el6.x86_64.rpm puppet-2.7.25-1.el6.noarch.rpm
2、修改puppet.conf配置文件
[root@mariadb 2.7.25]# vim /etc/puppet/puppet.conf //在[agent]段添加如下: server = www.gulong.com
3、启动puppet
[root@mariadb 2.7.25]# service puppet start
四、签署证书并测试
1、在服务器端所有此命令,查看申请签署的证书请求:
[root@www manifests]# puppet cert list "node1.gulong.com" (C9:E5:D1:BD:8A:5F:58:A2:A8:7B:CB:F5:C5:30:81:5A)
2、使用此命令签署:
[root@www manifests]# puppet cert sign node1.gulong.com
也可以编辑配置文件,使之自动签署:
[root@www manifests]# echo "*.gulong.com" > /etc/puppet/autosign.conf
3、签署完成后,查看客户端是否自动安装nginx
从图看出,已经自动安装nginx了!
4、puppet kick功能实现
puppet客户端默认每30分钟很服务器通讯一次,但是有时,我们希望服务器能够给客户端紧急推送一些事务,于是就有了puppet kick。
1、编辑客户端配置文件/etc/puppet/puppet.conf
[root@mariadb 2.7.25]# echo "listen=true" >> /etc/puppet/puppet.conf
2、在客户端编辑或创建新文件/etc/puppet/namespaceauth.conf,包含下面内容
[puppetrunner] allow *.gulong.com
3、在客户端编辑文件auth.conf,添加如下内容
path /run method save auth any allow www.gulong.com
客户端重启puppet
[root@mariadb puppet]# service puppet restart
4、在服务器端运行推送命令
//为了演示效果,先修改下node1.gulong.com.pp
[root@www puppet]# vim manifests/node1.gulong.com.pp
//修改如下:
node ‘node1.gulong.com‘ {
include nginx::web
}
[root@www puppet]# puppet kick -p 10 node1.gulong.com
5、在客户端查看配置文件是否改变
[root@mariadb puppet]# vim /etc/nginx/conf.d/default.conf
从上图看出,已经推送成功!
5、安装配置puppet-dashboard
1、安装puppet-dashboard包
[root@localhost ~]# cd 2.7.25/ [root@localhost 2.7.25]# yum -y install puppet-dashboard-1.2.23-1.el6.noarch.rpm
2、安装rake
[root@localhost 2.7.25]# gem install rake
可能会出现以下错误:
解决方法:此错误是网络故障,连不了外网,可以通过修改默认网关等方法来连接外网!
3、数据库授权
[root@localhost 2.7.25]#yum -y install mysql mysql-server [root@localhost 2.7.25]# service mysqld start [root@localhost 2.7.25]#mysql mysql> create database dbdb character set utf8; mysql> grant all on dbdb.* to ‘dbuser‘@‘172.16.%.%‘ identified by ‘dbpass‘; mysql> grant all on dbdb.* to ‘dbuser‘@‘www.gulong.com‘ identified by ‘dbpass‘; mysql> flush privileges;
4、修改dashboard配置文件
dashboard的配置文件为/usr/share/puppet-dashboard/config/database.yml,修改如下参数
production: host: 172.16.8.1 database: dbdb username: dbuser password: dbpass encoding: utf8 adapter: mysql
5、为dashboard导入依赖的数据表
[root@localhost 2.7.25]# cd /usr/share/puppet-dashboard/config/ [root@localhost config]# rake gems:refresh_specs [root@localhost config]# rake RAILS_ENV=production db:migrate
出现上图即为导入成功!
6、测试服务器是否能正常工作
[root@localhost 2.7.25]# /usr/share/puppet-dashboard/script/server -e production
默认其监听于3000/tcp端口,现在可以通过此端口访问相应的服务了。
现在就可以在页面中添加节点和类文件!
至此,puppet的c/s模式应用已经介绍完毕,不足之处,请多加指点!
linux运维自动化之puppet简单应用(二),布布扣,bubuko.com
原文:http://584014981.blog.51cto.com/8605371/1413332