author:JevonWei
版权声明:原创作品
blog:http://119.23.52.191/
master作为puppet模块的管理者,通过配置各agent节点的配置文件,使agent配置master的指定模块
环境
master 172.16.252.184
agent1 172.16.252.67
agent2 172.16.252.207
各主机时间同步及配置主机名互相通信
[root@master ~]# ntpdate 172.16.0.1
[root@master ~]# vim /etc/hosts
172.16.252.184 master
172.16.252.207 agent2
172.16.252.67 agent1
master定义puppet模块
编辑Tomcat模块
[root@master ~]# yum -y install puppet-server puppet
[root@master ~]# cd /etc/puppet/modeles
[root@master modules]# vim tomcat/manifests/init.pp
class tomcat {
package{'tomcat':
ensure => latest,
}
package{'tomcat-webapps':
ensure => latest,
}
file{'tomcat':
path => '/etc/sysconfig/tomcat',
source => 'puppet:///modules/tomcat/tomcat',
owner => root,
group => root,
mode => '644',
require => Package['tomcat'],
}
file{'server.xml':
path => '/etc/tomcat/server.xml',
source => 'puppet:///modules/tomcat/server.xml',
owner => root,
group => tomcat,
mode => '644',
require => Package['tomcat'],
}
service{'tomcat':
ensure => running,
enable => true,
subscribe => [ File['tomcat'], File['server.xml'] ],
}
}
[root@master modules]# vim tomcat/manifests/manager.pp
class tomcat::manager inherits tomcat {
package{'tomcat-admin-webapps':
ensure => latest
}
file{'tomcat-users.xml':
path => '/etc/tomcat/tomcat-users.xml',
source => 'puppet:///modules/tomcat/tomcat-users.xml',
owner => root,
group => tomcat,
mode => '640',
require => Package['tomcat']
}
Service['tomcat']{
subscribe +> File['tomcat-users.xml']
}
}
复制并编辑所需要的配置文件
[root@master modules]# scp 172.16.252.82:/etc/sysconfig/tomcat tomcat/files/
[root@master modules]# vim tomcat/files/tomcat 编辑修改tomcat的环境参数
JAVA_OPTS="-Xms512m -Xmx512M" 所使用的堆内存大小
[root@master modules]# scp 172.16.252.82:/etc/tomcat/{server.xml,tomcat-users.xml} tomcat/files/
[root@master modules]# vim tomcat/files/tomcat-users.xml \定义manager的管理界面
<role rolename="manager-gui"/>
<user username="tomcat" password="tomcat" roles="manager-gui"/>
编辑Nginx模块
[root@master modules]# vim nginx/manifests/init.pp
class nginx {
package{'nginx':
ensure => latest
} ->
service{'nginx':
ensure => running,
enable => true
}
}
nginx的web页面模块
[root@master modules]# vim nginx/manifests/web.pp
[root@master modules]# vim nginx/manifests/web.pp
class nginx::web($port=8088) inherits nginx {
file{'web.conf':
path => '/etc/nginx/conf.d/web.conf',
content => template('nginx/web.conf.erb')
}
file{'/ngxdata/html':
ensure => directory
}
file{'index.html':
ensure => file,
path => '/ngxdata/html/index.html',
source => 'puppet:///modules/nginx/index.html',
require => File['/ngxdata/html']
}
Service['nginx'] {
subscribe => File['web.conf']
}
}
nginx的proxy模块
[root@master modules]# vim nginx/manifests/proxy.pp
class nginx::proxy($proxy_port=8088) inherits nginx {
file{'proxy.conf':
path => '/etc/nginx/conf.d/proxy.conf',
content => template('nginx/proxy.conf.erb'),
}
Service['nginx'] {
subscribe => File['proxy.conf']
}
}
编辑Nginx web应用的配置文件的模板文件
[root@master modules]# vim nginx/templates/web.conf.erb
server {
listen <%= @port %>;
server_name <%= @fqdn %>;
location /
root /ngxdata/html;
}
}
编辑web的测试页
[root@master modules]# vim nginx/files/index.html
<h1> Nginx ok </h1>
编辑Nginx proxy应用的配置文件的模板文件
[root@master modules]# vim nginx/templates/proxy.conf.erb
server {
listen <%= @proxy_port %>;
server_name <%= @fqdn %>;
location / {
proxy_pass http://172.16.252.184:8080/;
}
}
配置redis模块
[root@master modules]# mkdir redis/{manifests,files,templates} -pv
[root@master modules]# vim redis/manifests/init.pp
class redis {
package{'redis':
ensure => latest,
}
service{'redis':
ensure => running,
enable => true
}
}
单环境配置
agent2安装jdk tomcat:manager模块
启动puppetmaster
以非守护进程运行master程序(可查看详细的启动过程)
[root@master ~]# puppet master --no-daemonize -d -v
或systemctl启动master进程
[root@master ~]# systemctl start puppetmaster.service
[root@master ~]# ss -ntl 查看8140端口是否监听
agent2启动puppetagent
[root@agent2 ~]# puppet agent --server master.danran.com --no-daemonize -v 非守护进程运行agent程序,安装jdk和tomcat::manager模块
\--server指定master server服务端,也可修改配置文件puppet config set server master.danran.com
或systemcal start puppetagent.service 启动agent进程
[root@agent2 ~]# systemctl start puppetagent.service
master签署证书和配置agent2节点
列出所有的带签署证书
[root@master ~]# puppet cert list
为agent2签署证书
[root@master ~]# puppet cert sign agent2.danran.com
Notice: Signed certificate request for agent2.danran.com
Notice: Removing file Puppet::SSL::CertificateRequest agent2.danran.com at '/var/lib/puppet/ssl/ca/requests/agent2.danran.com.pem'
[root@master ~]# puppet cert sign agent1.danran.com
Notice: Signed certificate request for agent1.danran.com
Notice: Removing file Puppet::SSL::CertificateRequest agent1.danran.com at '/var/lib/puppet/ssl/ca/requests/agent1.danran.com.pem'
定义agent2节点的配置
[root@master ~]# cd /etc/puppet/manifests/
[root@master manifests]# vim site.pp
node 'agent2.danran.com' {
include jdk
include tomcat::manager
}
因为agent2以puppet的身份去读取server.xml配置文件,故需要添加puppet用户读取server.xml的权限
[root@master files]# cd /etc/puppet/modules/tomcat/
[root@master files]# chmod o+r tomcat-users.xml
agent2查看模块安装结果
[root@agent2 ~]# ss -ntl 查看tomcat-manager的8080端口已监听
测试agent2的manager页面
浏览器输入http://172.16.252.207:8080/manager
agent1节点安装jdk nginx:proxy模块
master
master修改nginx的配置文件
[root@master ~]# cd /etc/puppet/modules/nginx/
[root@master nginx]# vim templates/proxy.conf.erb
server {
listen <%= @proxy_port %>;
server_name <%= @fqdn %>;
location / {
proxy_pass http://agent2.danran.com:8080/;
}
}
master编辑site.pp节点配置文件
[root@master manifests]# vim site.pp
node 'agent2.danran.com' {
include jdk
include tomcat::manager
}
node 'agent1.danran.com' {
include nginx::proxy
}
agent1
agent1安装配置nginx::proxy模块
[root@agent1 ~]# yum -y install puppet
[root@agent1 ~]# systemctl start puppetagent 启动puppetagent程序
master签署证书
[root@master manifests]# puppet cert sign -a 签署所有的证书
agent1启动puppetagent
[root@agent1 ~]# systemctl restart puppetagent
[root@agent1 ~]# ps -aux 查看nginx服务是否启动
测试
浏览器访问http://172.16.252.67:8088测试代理是否正常
agent1 agent3安装redis模块
master
[root@master manifests]# vim /etc/puppet/manifests/site.pp
node '/agent[13].danran.com/' { \agent1.danran.com和agent3.danran.com节点安装此配置
include jdk
include tomcat::manager
}
node 'agent2.danran.com' {
include nginx::proxy
include redis
}
agent1/3
[root@agent1 ~]# systemctl restart puppetagent
[root@agent1 ~]# ss -ntl 查看redis的端口6379是否监听
agent3继承agent1模块
- 配置agent3继承agent1的配置
master
[root@master manifests]# vim /etc/puppet/manifests/site.pp
#node 'base' { \基本配置,各node都会配置
# include chrony
#}
node 'agent1.danran.com' { \agent1.danran.com和agent3.danran.com节点安装此配置
include jdk
include tomcat::manager
}
node 'agent2.danran.com' {
include nginx::proxy
include redis
}
node 'agent3.danran.com' inherits 'agent1.danran.com' {
include redis
}
agent3
[root@agent3 ~]# systemctl restart puppetagent
agent修改server指向
agent2修改配置文件中的master服务端为master.danran.com
[root@agent2 ~]# puppet config set server master.danran.com
[root@agent2 ~]# puppet config print | grep server
ssl_server_ca_auth =
server_datadir = /var/lib/puppet/server_data
fileserverconfig = /etc/puppet/fileserver.conf
server = master.danran.com
ca_server = master.danran.com
report_server = master.danran.com
inventory_server = master.danran.com
archive_file_server = master.danran.com
smtpserver = none
dbserver = localhost
ldapserver = ldap
[root@agent2 ~]# cat /etc/puppet/puppet.conf
server = master.danran.com
多环境配置
[root@master ~]# mkdir /etc/puppet/enviroments \设置多环境的路径为/etc/puppet/enviroments
[root@master ~]# puppet config set environmentpath '$confdir'/enviroments/
[root@master ~]# puppet config print --section master | grep environ
environment = production
environmentpath = /etc/puppet/enviroments
environment_timeout = 0
[root@master ~]# cat /etc/puppet/puppet.conf
[main]
environmentpath = $confdir/enviroments/
[root@master ~]# systemctl restart puppetmaster \重启生效
创建production环境配置文件
[root@master ~]# cd /etc/puppet/enviroments/
[root@master enviroments]# mkdir production/{manifests,modules} -pv
[root@master enviroments]# cp -r /etc/puppet/modules/redis/ production/modules/
[root@master enviroments]# vim production/manifests/site.pp
node 'agent2.danran.com' {
include redis
}
[root@master enviroments]# tree
.
└── production
├── manifests
│ └── site.pp
└── modules
└── redis
├── files
├── manifests
│ └── init.pp
└── templates
创建testing环境配置文件
[root@master enviroments]# mkdir testing/{manifests,modules} -pv
mkdir: created directory ‘testing’
mkdir: created directory ‘testing/manifests’
mkdir: created directory ‘testing/modules’
[root@master enviroments]# cp -r /etc/puppet/modules/jdk/ testing/modules/
[root@master enviroments]# vim testing/manifests/site.pp
node 'agent2.danran.com' {
jdk
}
agent
非守护进程方式运行
[root@agent1 ~]# puppet agent -v --noop --no-daemonize --environment=testing \指定使用的环境配置为testing
或
[root@agent1 ~]# puppet config set environment testing --section=agent 修改配置文件中的环境指向配置
默认的为main段
[root@agent1 ~]# puppet config print environment
production
agent环境为testing
[root@agent1 ~]# puppet config print environment --section=agent
testing
[root@agent1 ~]# cat /etc/puppet/puppet.conf
[agent]
environment = testing
启动puppetagent程序
[root@agent1 ~]# systemctl start puppetagent
puppet kick
- 通知推送机制
agent
[root@agent1 ~]# puppet config set listen true
[root@agent1 ~]# puppet config print listen
true
[root@agent1 ~]# systemctl start puppetagent.service
[root@agent1 ~]# ss -ntl \查看8139端口是否监听
[root@agent1 ~]# vim /etc/puppet/auth.conf
path /run
method save
auth any
allow master.danran.com
\以上配置放在此默认配置之前
path /
auth any
[root@agent1 ~]# systemctl restart puppetagent.service
master推送通知
master为agent1先配置一个模块,agent1收到通知则立即安装新模块
[root@master puppet]# cd /etc/puppet/enviroments/testing/
[root@master testing]# cp /etc/puppet/modules/redis/ modules/ -r
[root@master testing]# vim manifests/site.pp
node 'agent2.danran.com' {
jdk
redis
}
puppet kick agent1.danran.com 将agent1的配置推送给agent1.danrana.com节点