zoukankan      html  css  js  c++  java
  • 1、puppet基础

    Puppet:IT基础设施自动化管理工具

    参考文章:

    https://yq.aliyun.com/articles/120228

    http://www.51niux.com/?id=105

    http://www.zsythink.net/archives/category/%E8%BF%90%E7%BB%B4%E7%9B%B8%E5%85%B3/puppet/

    可以管理整个生命周期:

    provisioning:自动化安装系统

    configuration:配置

    orchestration:编排 

    reporting:报告

    Puppet是C/S架构的,所以需要在client端安装agent,那么在安装agent之前,client是不受server端控制的,那么该如何在大量的client上安装agent呢?

    可以在自动部署系统的时候直接把puppet的agent加入到系统中,当部署好的系统启动时,client会自动去查找server端。

    master/agent

    master:puppet server

    agent:接受每一个master发来的指令,接受指令后完成操作,agent端拥有管控功能,几乎可以实现所有功能;

          所以只要将需要实现的功能扔到master端,master就会分发到agent端,agent就会实现大部分功能,所以puppet的中心在agent上;

       所以agent是真正执行相应管理操作的核心部件。但是agent只能管理单个节点,所以需要master协调、管理agent端;

       agent会周期性的去master端请求与自己相关的配置,并根据master端提供的配置,确保本地(agent)的配置符合master端的要求;

    master和agent两端通过逻辑认证,就可以通信,agent在本地(即client端)拥有权限。

    puppet的工作模式:

    声明性、基于模型的配置语言:

    • 定义:puppet的master端要指明每一个agent,为每个agent提供配置,管理员使用puppet配置语言定义基础配置信息
    • 模拟:master端定义完配置信息,puppet的agent就会在本地模拟、此时运行,没有错误后再执行;
    • 强制:强制当前节点与定义的目标状态保持一致;
    • 报告:执行完成后,agent端通过puppet api将执行结果发送给接收者

    Puppet是如何工作的:

    Configuration Language:配置语言

    Transactional Layer:事务层,资源之间可能会有依赖关系

    Resource Abstration Layer:资源抽象层

    资源类型:例如用户、组、文件、服务、cron任务等等;

    属性及状态 与 其实现方式是分离的:

    期望状态: 

    puppet的核心组件:资源

    资源清单:manifests

    资源清单及清单中的资源定义的所依赖文件、模板等数据按特定结构组织起即为"模板"

    Puppet本地工作模式

    Puppet的masteragent工作模式

    站点清单是为一个主机所定义的清单,即一个站点相当于一个主机; 

    清单主要是用来放资源的,

    Puppet是如何工作的?

    这里大致分为三个模块,紫色模块、黄色模块、蓝色模块

    第一个主机用到了两个蓝色模块,说明这台主机用到了蓝色模块中的不同的资源资源清单

    每一个agent到master端去请求与自己相关的配置的时候,将会将请求发送给master端,发送时还会报告自己的facter,master端收到报告后会查找此主机的名称,并找与主机名称相对应的站点清单文件,站点清单定义了这个主机需要的清单,master会把这些清单调出来进行编译,然后发给agent。

    m

    定义模块是为了代码重用的,模块可以理解为是清单的组合

    学习puppet主要学习它的配置语言是如何使用的。puppet也可以在单机模式进行使用,即在agent上配置资源清单,直接在agent上执行

    puppet的agent端安装配置

    单机安装puppet时:

    agent端需要安装puppet和facter,因为agent端链接master端需要报告自己的facter。

    如果是C/S架构的话,master端则需要安装puppet-server,如果master端需要跟自己交互,也需要安装puppet

    # yum list all | grep -i "puppet"   //查看epel源中收录的rpm包

    https://yum.puppet.com/index_by_lastModified_reverse.html

     

    yum.repos.d]# wget https://yum.puppet.com/puppet-release-el-7.noarch.rpm

    yum.repos.d]# rpm -ivh puppet-release-el-7.noarch.rpm 
    warning: puppet-release-el-7.noarch.rpm: Header V4 RSA/SHA256 Signature, key ID ef8d349f: NOKEY
    Preparing...                          ################################# [100%]
    Updating / installing...
       1:puppet-release-1.0.0-7.el7       ################################# [100%]

    yum.repos.d]# yum install puppet

    # rpm -ql puppet-agent

    # puppet help   //查看命令的用法格式

    Usage: puppet <subcommand> [options] <action> [options]
    
    Available subcommands:
        
      agent             The puppet agent daemon
      apply             Apply Puppet manifests locally
      ca                Local Puppet Certificate Authority management.
      catalog           Compile, save, view, and convert catalogs.
      cert              Manage certificates and requests
      certificate       Provide access to the CA for certificate management.
      certificate_request  Manage certificate requests.
      certificate_revocation_list  Manage the list of revoked certificates.
      config            Interact with Puppet's settings.
      describe          Display help about resource types
      device            Manage remote network devices
      doc               Generate Puppet documentation and references
      facts             Retrieve and store facts.
      file              Retrieve and store files in a filebucket
      filebucket        Store and retrieve files in a filebucket
      help              Display Puppet help.
      inspect           Send an inspection report
      instrumentation_data  Manage instrumentation listener accumulated data.
      instrumentation_listener  Manage instrumentation listeners.
      instrumentation_probe  Manage instrumentation probes.
      key               Create, save, and remove certificate keys.
      kick              Remotely control puppet agent
      man               Display Puppet manual pages.
      master            The puppet master daemon
      module            Creates, installs and searches for modules on the Puppet Forge.
      node              View and manage node definitions.
      parser            Interact directly with the parser.
      plugin            Interact with the Puppet plugin system.
      queue             Deprecated queuing daemon for asynchronous storeconfigs
      report            Create, display, and submit reports.
      resource          The resource abstraction layer shell
      resource_type     View classes, defined resource types, and nodes from all manifests.
      secret_agent      Mimics puppet agent.
      status            View puppet server status.
    
    See 'puppet help <subcommand> <action>' for help on a specific subcommand action.
    See 'puppet help <subcommand>' for help on a specific subcommand.
    Puppet v3.6.2

    # puppet describe -l

    # puppet describe RESOURCE_TYPE 

    These are the types known to puppet:
    augeas          - Apply a change or an array of changes to the  ...
    computer        - Computer object management using DirectorySer ...
    cron            - Installs and manages cron jobs
    exec            - Executes external commands
    file            - Manages files, including their content, owner ...
    filebucket      - A repository for storing and retrieving file  ...
    group           - Manage groups
    host            - Installs and manages host entries
    interface       - This represents a router or switch interface
    k5login         - Manage the `.k5login` file for a user
    macauthorization - Manage the Mac OS X authorization database
    mailalias       - .. no documentation ..
    maillist        - Manage email lists
    mcx             - MCX object management using DirectoryService  ...
    mount           - Manages mounted filesystems, including puttin ...
    nagios_command  - The Nagios type command
    nagios_contact  - The Nagios type contact
    nagios_contactgroup - The Nagios type contactgroup
    nagios_host     - The Nagios type host
    nagios_hostdependency - The Nagios type hostdependency
    nagios_hostescalation - The Nagios type hostescalation
    nagios_hostextinfo - The Nagios type hostextinfo
    nagios_hostgroup - The Nagios type hostgroup
    nagios_service  - The Nagios type service
    nagios_servicedependency - The Nagios type servicedependency
    nagios_serviceescalation - The Nagios type serviceescalation
    nagios_serviceextinfo - The Nagios type serviceextinfo
    nagios_servicegroup - The Nagios type servicegroup
    nagios_timeperiod - The Nagios type timeperiod
    notify          - .. no documentation ..
    package         - Manage packages
    resources       - This is a metatype that can manage other reso ...
    router          - .. no documentation ..
    schedule        - Define schedules for Puppet
    scheduled_task  - Installs and manages Windows Scheduled Tasks
    selboolean      - Manages SELinux booleans on systems with SELi ...
    selmodule       - Manages loading and unloading of SELinux poli ...
    service         - Manage running services
    ssh_authorized_key - Manages SSH authorized keys
    sshkey          - Installs and manages ssh host keys
    stage           - A resource type for creating new run stages
    tidy            - Remove unwanted files based on specific crite ...
    user            - Manage users
    vlan            - .. no documentation ..
    whit            - Whits are internal artifacts of Puppet's curr ...
    yumrepo         - The client-side description of a yum reposito ...
    zfs             - Manage zfs
    zone            - Manages Solaris zones
    zpool           - Manage zpools
  • 相关阅读:
    nacos + seata 报错 endpoint format should like ip:port
    Error creating bean with name 'com.example.demo.ProviderFacade': Requested bean is currently in creation: Is there an unresolvable circular reference?
    leetcode 剑指 Offer 65不用加减乘除做加法
    vscode使用spring boot配置详解
    使用springmvc中视图解析器InternalResourceViewResolver遇到访问出错
    docker tomcat修改时区有效方法
    wsl2 docker mysql重启之后无法连接问题
    docker tomcat部署应用并且连接到docker mysql数据库
    vscode git使用
    vscode wsl2使用maven操作{添加包到meavn,测试操作}
  • 原文地址:https://www.cnblogs.com/hanshanxiaoheshang/p/11070361.html
Copyright © 2011-2022 走看看