puppet工作原理及部署redis主從篇
一、簡介
1、國際慣例什麼是puppet
puppet是一種Linux、Unix、windows平臺的集中配置管理系統,使用自有的puppet描述語言,可管理配置檔案、使用者、cron任務、軟體包、系統服務等。puppet把這些系統實體稱之為資源,puppet的設計目標是簡化對這些資源的管理以及妥善處理資源間的依賴關係。
puppet採用C/S星狀的結構,所有的客戶端和一個或幾個伺服器互動。每個客戶端週期的(預設半個小時)向伺服器傳送請求,獲得其最新的配置資訊,保證和該配置資訊同步。每個puppet客戶端每半小時(可以設定)連線一次伺服器端, 下載最新的配置檔案,並且嚴格按照配置檔案來配置客戶端. 配置完成以後,puppet客戶端可以反饋給伺服器端一個訊息. 如果出錯,也會給伺服器端反饋一個訊息
網上資料很多,可以自行檢視其實就是一個自動化工具,比如我們平時需要部署軟體服務賬號等,肯定不能手動去做這些事情,自動部署就可以了,puppet就是為了滿足這個需求的一種軟體,有人說puppet本質就是對catalog的配置進行編譯和應用。
常見的自動化工具還有很多比如saltstack、ansible、chef等,功能類似,puppet算是起步最早,最成熟,廣泛用在google、twitter、redhat、cisco等公司,其軟體是使用ruby研發的,ansible及saltstack是python研發的。
2、生命週期(四個維度)
provisioning-服務開通
configuration-配置
orchestration-編排
reporting-報告
3、三個層次,也可以叫三層模型
配置語言 configuration language
事務層 transactional layer
資源抽象層 resource abstraction layer
資源型別:使用者、組、檔案、服務、cron任務等
4、名詞
1)puppet核心元件
資源清單:manifests
資源清單及清單中的資源定義的所依賴檔案、模板等資料按特定機構組織起來即為模組。
agent和agent之間通過ssh協議,master和agent之間通過https協議基於證書ca,master自帶證書,簽署可以自動可以一個一個確認
2)類:一組資源清單
3)模組:包含多個類,相當於ansible中得角色
4)站點清單:以主機為核心應用哪些模組
5)catalog就是被管理伺服器對應的配置檔案(經過處理的配置檔案),服務端master收到agent請求,然後找對應被管理的站點清單
5、組織結構
版本3+
[root@web1 ~]# tree /etc/puppet /etc/puppet ├── auth.conf ├── fileserver.conf ├── manifests ├── modules └── puppet.conf
版本 5+
[root@web1 yum.repos.d]# tree /etc/puppet
/etc/puppet [error opening dir]
0 directories, 0 files
[root@web1 yum.repos.d]# tree /etc/puppetlabs/
/etc/puppetlabs/
├── code
│ ├── environments
│ │ └── production
│ │ ├── data
│ │ ├── environment.conf
│ │ ├── hiera.yaml
│ │ ├── manifests
│ │ └── modules
│ └── modules
├── mcollective
│ ├── client.cfg
│ ├── data-help.erb
│ ├── discovery-help.erb
│ ├── facts.yaml
│ ├── metadata-help.erb
│ ├── rpc-help.erb
│ └── server.cfg
├── puppet
│ ├── auth.conf
│ ├── hiera.yaml
│ ├── puppet.conf
│ └── ssl
├── puppetserver
│ ├── conf.d
│ │ ├── auth.conf
│ │ ├── ca.conf
│ │ ├── global.conf
│ │ ├── metrics.conf
│ │ ├── puppetserver.conf
│ │ ├── web-routes.conf
│ │ └── webserver.conf
│ ├── logback.xml
│ ├── request-logging.xml
│ └── services.d
│ └── ca.cfg
└── pxp-agent
└── modules
15 directories, 22 files
二、puppet工作原理
1、puppet是如何工作的
1)、定義:使用puppet特定語言定義基礎配置資訊,這些資訊可以放在moules裡
2)、模擬:在配置執行之前檢測程式碼,但並不是真正執行
3)、執行:強制當前與定義得目標狀態保持一致
4)、報告:通過puppet api將執行結果傳送給接收者
2、原理框架圖:
3、工作流程圖:
1)puppet客戶端agent將節點名與facts資訊傳送master
2)puppet服務端master通過分類判斷請求的客戶端是誰,他將要做什麼,這個判斷是通過site.pp中包含的node.pp配置定義的
3)puppet服務端master將所需要的class類資訊進行編譯後存入catalog併發送給puppet客戶端agent,這一步就是下面的檔案編譯過程
4)puppet客戶端agent對catalog進行程式碼驗證並執行,主要是程式碼的驗證,並將執行過程的資訊及結果寫入日誌
5)puppet客戶端agent最終達到最開始所定義的狀態,並將結果及任何執行資料通過開放api的形式傳送給puppet服務端master
4、檔案編譯過程,也可以稱作單機模型
1)puppet通過編譯manifest中的內容,將編譯好的程式碼存入catalog
2)在執行前先進行程式碼的驗證,在執行,完成最開始所定義好的狀態
5、master/agent模式工作原理圖
1)agent像master請求catalog併發送主機名及facts
2)master接收到請求,查詢請求者的站點清單
3)master通過編譯manifest中的內容,將編譯好的程式碼存入catalog
4)在執行前先進行程式碼的驗證,在執行,完成最開始所定義好的狀態
6、非master/agent模式工作
也可以叫agent模式
執行pp檔案
puppet apply -v test1.pp
7、puppet help apply命令
[root@web1 ~]# puppet help
Usage: puppet <subcommand> [options] <action> [options]
Available subcommands:
agent The puppet agent daemon
apply Apply Puppet manifests locally
ca Local Puppet Certificate Authority management.
catalog Compile, save, view, and convert catalogs.
cert Manage certificates and requests
certificate Provide access to the CA for certificate management.
certificate_request Manage certificate requests.
certificate_revocation_list Manage the list of revoked certificates.
config Interact with Puppet's settings.
describe Display help about resource types
device Manage remote network devices
doc Generate Puppet documentation and references
facts Retrieve and store facts.
file Retrieve and store files in a filebucket
filebucket Store and retrieve files in a filebucket
help Display Puppet help.
inspect Send an inspection report
instrumentation_data Manage instrumentation listener accumulated data.
instrumentation_listener Manage instrumentation listeners.
instrumentation_probe Manage instrumentation probes.
key Create, save, and remove certificate keys.
kick Remotely control puppet agent
man Display Puppet manual pages.
master The puppet master daemon
module Creates, installs and searches for modules on the Puppet Forge.
node View and manage node definitions.
parser Interact directly with the parser.
plugin Interact with the Puppet plugin system.
queue Deprecated queuing daemon for asynchronous storeconfigs
report Create, display, and submit reports.
resource The resource abstraction layer shell
resource_type View classes, defined resource types, and nodes from all manifests.
secret_agent Mimics puppet agent.
status View puppet server status.
See 'puppet help <subcommand> <action>' for help on a specific subcommand action.
See 'puppet help <subcommand>' for help on a specific subcommand.
Puppet v3.6.2
三、語法及資源簡介
1、語法用法
puppet <subcommand> [options] <action>[options]
2、檢視資源
獲取所支援得所有資源型別
puppet describe -l
[root@web1 ~]# puppet describe -l These are the types known to puppet: augeas - Apply a change or an array of changes to the ... computer - Computer object management using DirectorySer ... cron - Installs and manages cron jobs exec - Executes external commands file - Manages files, including their content, owner ... filebucket - A repository for storing and retrieving file ... group - Manage groups host - Installs and manages host entries interface - This represents a router or switch interface k5login - Manage the `.k5login` file for a user macauthorization - Manage the Mac OS X authorization database mailalias - .. no documentation .. maillist - Manage email lists mcx - MCX object management using DirectoryService ... mount - Manages mounted filesystems, including puttin ... nagios_command - The Nagios type command nagios_contact - The Nagios type contact nagios_contactgroup - The Nagios type contactgroup nagios_host - The Nagios type host nagios_hostdependency - The Nagios type hostdependency nagios_hostescalation - The Nagios type hostescalation nagios_hostextinfo - The Nagios type hostextinfo nagios_hostgroup - The Nagios type hostgroup nagios_service - The Nagios type service nagios_servicedependency - The Nagios type servicedependency nagios_serviceescalation - The Nagios type serviceescalation nagios_serviceextinfo - The Nagios type serviceextinfo nagios_servicegroup - The Nagios type servicegroup nagios_timeperiod - The Nagios type timeperiod notify - .. no documentation .. package - Manage packages resources - This is a metatype that can manage other reso ... router - .. no documentation .. schedule - Define schedules for Puppet scheduled_task - Installs and manages Windows Scheduled Tasks selboolean - Manages SELinux booleans on systems with SELi ... selmodule - Manages loading and unloading of SELinux poli ... service - Manage running services ssh_authorized_key - Manages SSH authorized keys sshkey - Installs and manages ssh host keys stage - A resource type for creating new run stages tidy - Remove unwanted files based on specific crite ... user - Manage users vlan - .. no documentation .. whit - Whits are internal artifacts of Puppet's curr ... yumrepo - The client-side description of a yum reposito ... zfs - Manage zfs zone - Manages Solaris zones zpool - Manage zpools
3、資源定義方法
參考連線:puppet資源定義方法及示例 待更新
四、安裝實戰
m/a模型完成redis主從架構
redis原理請見連結:
redis原理及叢集主從配置 #未完成
1、環境
web1.zxg.com master 192.168.216.51 puppet-maser
web2.zxg.com agent 192.168.216.52 puppet-agent,redis-master
web3.zxg.com agent 192.168.216.53 puppet-agent,redis-slave
注意:請準備好主機關閉selinux,關閉firewalld
系統:
[root@web1 ~]# cat /etc/redhat-release CentOS Linux release 7.3.1611 (Core) [root@web1 ~]# cat /proc/version Linux version 3.10.0-514.el7.x86_64 ([email protected]) (gcc version 4.8.5 20150623 (Red Hat 4.8.5-11) (GCC) ) #1 SMP Tue Nov 22 16:42:41 UTC 2016 [root@web1 ~]#
軟體:
puppet-server-3.6.2-3
puppet-3.6.2-3
2、配置軟體源
很簡單有epel源即可,或者puppet官方源,這裡使用得epel,puppet版本為3+
epel:rpm -ivh http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
puppet:rpm -ivh https://yum.puppetlabs.com/puppet5/puppet5-release-el-7.noarch.rpm
3、安裝puppet
agent:puppet,facter
master:puppet-server
web1安裝master,web2/web3安裝agent
yum安裝會安裝如下依賴:
Dependencies Resolved ==================================================================================================================== Package Arch Version Repository Size ==================================================================================================================== Installing: facter x86_64 2.4.1-1.el7 epel 101 k puppet noarch 3.6.2-3.el7 epel 1.2 M puppet-server noarch 3.6.2-3.el7 epel 24 k Installing for dependencies: hiera noarch 1:1.3.4-5.el7 epel 25 k libselinux-ruby x86_64 2.5-14.1.el7 base 121 k libyaml x86_64 0.1.4-11.el7_0 base 55 k ruby x86_64 2.0.0.648-35.el7_6 updates 72 k ruby-augeas x86_64 0.5.0-1.el7 epel 23 k ruby-irb noarch 2.0.0.648-35.el7_6 updates 93 k ruby-libs x86_64 2.0.0.648-35.el7_6 updates 2.8 M ruby-shadow x86_64 1.4.1-23.el7 epel 14 k rubygem-bigdecimal x86_64 1.2.0-35.el7_6 updates 84 k rubygem-io-console x86_64 0.4.2-35.el7_6 updates 55 k rubygem-json x86_64 1.7.7-35.el7_6 updates 80 k rubygem-psych x86_64 2.0.0-35.el7_6 updates 83 k rubygem-rdoc noarch 4.0.0-35.el7_6 updates 322 k rubygem-rgen noarch 0.6.6-2.el7 epel 84 k rubygems noarch 2.0.14.1-35.el7_6 updates 220 k Transaction Summary ==================================================================================================================== Install 3 Packages (+15 Dependent packages)
4、實現時間同步
方法1:systemctl start chronyd.service/systemctl enable chronyd.service #推薦
方法2:配置ntp yum ntp,ntpdate 120.25.108.11
5、m/a模型的實現
1)、開啟puppetmaster
[root@web1 ~]# systemctl start puppetmaster [root@web1 ~]# netstat -untlop |grep puppet [root@web1 ~]# netstat -untlop |grep 8140 tcp 0 0 0.0.0.0:8140 0.0.0.0:* LISTEN 3399/ruby off (0.00/0/0)
2)、配置agent指定master
sed -i '/ssldir/aserver = web1.zxg.com' /etc/puppet/puppet.conf
指定後可以列印server可以看到master域名了
[root@web2 ~]# puppet config print server web1.zxg.com
3)、等待簽署ca
web2/web3上執行 puppet agent -v --noop --no-daemonize,然後就是等待簽署
[root@web2 ~]# puppet agent -v --noop --no-daemonize Info: Caching certificate for ca Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml Info: Creating a new SSL certificate request for web2.zxg.com Info: Certificate Request fingerprint (SHA256): 48:A3:7C:A1:88:26:FC:80:A0:61:78:DE:BA:6F:CC:27:F5:A6:88:1A:9E:DC:D2:7A:AB:E3:DF:D4:3D:9B:1D:15 Info: Caching certificate for ca Notice: Did not receive certificate Notice: Did not receive certificate
master上籤署ca
[root@web1 ~]# puppet cert list "web2.zxg.com" (SHA256) 48:A3:7C:A1:88:26:FC:80:A0:61:78:DE:BA:6F:CC:27:F5:A6:88:1A:9E:DC:D2:7A:AB:E3:DF:D4:3D:9B:1D:15 "web3.zxg.com" (SHA256) E1:12:BC:C6:C8:BF:E6:62:FE:E3:59:D3:C2:35:72:72:C2:F0:AE:E8:2B:7E:93:01:B3:C4:8F:CF:3F:96:0B:AD [root@web1 ~]# puppet cert sign web2.zxg.com Notice: Signed certificate request for web2.zxg.com Notice: Removing file Puppet::SSL::CertificateRequest web2.zxg.com at '/var/lib/puppet/ssl/ca/requests/web2.zxg.com.pem' [root@web1 ~]# puppet cert sign web3.zxg.com Notice: Signed certificate request for web3.zxg.com Notice: Removing file Puppet::SSL::CertificateRequest web3.zxg.com at '/var/lib/puppet/ssl/ca/requests/web3.zxg.com.pem'
web2得簽署過程
[root@web2 ~]# puppet agent -v --noop --no-daemonize Info: Caching certificate for ca Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml Info: Creating a new SSL certificate request for web2.zxg.com Info: Certificate Request fingerprint (SHA256): 48:A3:7C:A1:88:26:FC:80:A0:61:78:DE:BA:6F:CC:27:F5:A6:88:1A:9E:DC:D2:7A:AB:E3:DF:D4:3D:9B:1D:15 Info: Caching certificate for ca #這裡在等待證書得簽署 Notice: Did not receive certificate Notice: Did not receive certificate Notice: Did not receive certificate Info: Caching certificate for web2.zxg.com #已經簽署成正常走下去最後finished Notice: Starting Puppet client version 3.6.2 Info: Caching certificate_revocation_list for ca Info: Retrieving pluginfacts Info: Retrieving plugin Info: Caching catalog for web2.zxg.com Info: Applying configuration version '1560169273' Info: Creating state file /var/lib/puppet/state/state.yaml Notice: Finished catalog run in 0.02 seconds #退出後在此執行,看效果 [root@web2 ~]# puppet agent -v --noop --no-daemonize Notice: Starting Puppet client version 3.6.2 Info: Retrieving pluginfacts Info: Retrieving plugin Info: Caching catalog for web2.zxg.com Info: Applying configuration version '1560169273' Notice: Finished catalog run in 0.03 seconds
puppet-ca得管理
puppet cert <action> [-all|-a] [<host>]
action:
list:列出證書請求
sign :簽署證書
revoke:吊銷證書
clean:清楚客戶端證書,記得客戶端也需要刪除/var/lib/puppet/ssl/目錄所有檔案
6、配置站點清單
1)、站點清單
1.1、查詢清單目錄
[root@web1 ~]# puppet config print |grep manifest genmanifest = false manifestdir = /etc/puppet/manifests manifest = /etc/puppet/manifests/site.pp
1.2、編輯清單
[root@web1 manifests]# cat site.pp
node 'web2.zxg.com' {
include redis::master
}
node 'web3.zxg.com' {
class{'redis::slave':
master_ip => 'web2.zxg.com'
}
}
[root@web1 manifests]# pwd
/etc/puppet/manifests
[root@web1 manifests]#
7、這裡引用模組,請參考連線puppet模組篇
puppet工作原理之模組使用 此連線有redis模組製作步驟
8、開啟相關服務
web1:sytemctl start puppetmaster
web2:systemctl start puppetagent
web3:systemctl start puppetagent
9、驗證
root@web2 ~]# redis-cli -a keerya info replication # Replication role:master connected_slaves:1 slave0:ip=192.168.216.53,port=6379,state=online,offset=85,lag=0 master_repl_offset:85 repl_backlog_active:1 repl_backlog_size:1048576 repl_backlog_first_byte_offset:2 repl_backlog_histlen:84 [root@web2 ~]# [root@web3 ~]# redis-cli -a keerya info replication # Replication role:slave master_host:192.168.216.52 master_port:6379 master_link_status:up master_last_io_seconds_ago:6 master_sync_in_progress:0 slave_repl_offset:71 slave_priority:100 slave_read_only:1 connected_slaves:0 master_repl_offset:0 repl_backlog_active:0 repl_backlog_size:1048576 repl_backlog_first_byte_offset:0 repl_backlog_histlen:0 [root@web3 ~]#
感謝:
參考:https://www.cnblogs.com/keerya/p/8087675.html#_label4
puppet官方文件:https://puppet.com/sitemap
轉載請註明出處:https://www.cnblogs.com/zhangxingeng/p/10743382.html