puppet 学习记录

1. puppet之主动推送功能

使用puppet kick进行推送,但kick功能无法支撑大规模puppet agent同时并发请求,所以当agent规模较大时,请使用MCollective

1.1设置puppet agent所有节点的pupet.conf在【agent】增加“listen=true”

1.2开启防火墙8139端口

1.3在puppet agent的auth.conf的path /前加入如下配置

path /run

method save

auth any

allow puppetmaster_hostname

# deny everything else; this ACL is not strictly necessary, but

# illustrates the default policy.

path /

auth any

1.4重启agent

service puppet restart

1.5master端测试

cat puppet_kick.sh

#!/bin/sh

cat ./$1 | while read LINE

do

echo $LINE “puppet kick”

puppet kick –p 5 –-host $LINE

sleep 1

done

cat puppet_hostname.txt

salt-minion-1

salt-minion-2

测试结果:

Warning: Puppet kick is deprecated. See http://links.puppetlabs.com/puppet-kick-deprecation

Warning: Failed to load ruby LDAP library. LDAP functionality will not be available

Triggering salt-minion-1

Getting status

status is success

salt-minion-1 finished with exit code 0

Finished

salt-minion-2 puppet kick

Warning: Puppet kick is deprecated. See http://links.puppetlabs.com/puppet-kick-deprecation

Warning: Failed to load ruby LDAP library. LDAP functionality will not be available

Triggering salt-minion-2

Getting status

status is success

salt-minion-2 finished with exit code 0

Finished

1.6ldap错误

关于warning1,可以发现puppet kick被Mcollective方法替代,但仍可以使用。

[[email protected] puppet]# puppet kick --host salt-minion-1

Warning: Puppet kick is deprecated. See http://links.puppetlabs.com/puppet-kick-deprecation

Warning: Failed to load ruby LDAP library. LDAP functionality will not be available

2. 架构扩展之单台puppetmaster

由于puppet 3.X系列不支持mongrel,所以2.x版本可以采用Nginx+mongrel 模式,而3.x版本采用Nginx+Passenger模式(也支持apache,但是nginx处理能力会比较高一些)

Nginx + Passenger 模式:

master端配置:

2.1下载puppetlab软件包

rpm -Uvh https://yum.puppetlabs.com/el/6Server/products/x86_64/puppetlabs-release-6-10.noarch.rpm

yum clean all

2.2 在master端安装puppet-server

yum -y install puppet-server

[[email protected] yum.repos.d]# puppet -V

3.5.1

[[email protected] yum.repos.d]# facter -v

2.0.1

2.3安装Nginx和Passenger

yum -y install ruby-devel rubygems

gem install rake rack passenger

运行命令passenger-install-nginx-module会自动安装nginx和passenger

#命令给出两个选项,选择1自动安装即可

Automatically download and install Nginx?

Nginx doesn‘t support loadable modules such as some other web servers do,

so in order to install Nginx with Passenger support, it must be recompiled.

Do you want this installer to download, compile and install Nginx for you?

1. Yes: download, compile and install Nginx for me. (recommended)

The easiest way to get started. A stock Nginx 1.4.7 with Passenger

support, but with no other additional third party modules, will be

installed for you to a directory of your choice.

2. No: I want to customize my Nginx installation. (for advanced users)

Choose this if you want to compile Nginx with more third party modules

besides Passenger, or if you need to pass additional options to Nginx‘s

‘configure‘ script. This installer will  1) ask you for the location of

the Nginx source code,  2) run the ‘configure‘ script according to your

instructions, and  3) run ‘make install‘.

编译完成后会提示nginx加载passenger的用法:

Suppose you have a web application in /somewhere. Add a server block

to your Nginx configuration file, set its root to /somewhere/public, and set

‘passenger_enabled on‘, like this:

server {

listen 80;

server_name www.yourhost.com;

root /somewhere/public;   # <--- be sure to point to ‘public‘!

passenger_enabled on;

}

2.4创建rack目录并配置rack应用

mkdir -p /etc/puppet/rack/public

cp /usr/share/puppet/ext/rack/files/config.ru /etc/puppet/rack

chown -R puppet:puppet /etc/puppet/rack

2.5 配置Nginx

修改nginx.conf,添加passenger模块配置(默认已经添加进去)

passenger_root /usr/lib/ruby/gems/1.8/gems/passenger-4.0.41;

passenger_ruby /usr/bin/ruby;

include vhosts/*.conf   <=   手动添加虚拟主机,如果不添加,直接把虚拟主机信息写到nginx.conf也可以

2.6 创建虚拟主机文件

touch $NGINX_HOME/vhosts/puppet_master.conf

server {

listen                     8140 ssl;

server_name                salt-master;

passenger_enabled          on;

passenger_set_cgi_param    HTTP_X_CLIENT_DN $ssl_client_s_dn;

passenger_set_cgi_param    HTTP_X_CLIENT_VERIFY $ssl_client_verify;

access_log                 /usr/local/nginx/logs/puppet_access.log;

error_log                  /usr/local/nginx/logs/puppet_error.log;

root                       /etc/puppet/rack/public;

ssl_certificate       /var/lib/puppet/ssl/certs/salt-master.pem;

ssl_certificate_key   /var/lib/puppet/ssl/private_keys/salt-master.pem;

ssl_crl      /var/lib/puppet/ssl/ca/ca_crl.pem;

ssl_client_certificate /var/lib/puppet/ssl/certs/ca.pem;

ssl_ciphers     SSLv2:-LOW:-EXPORT:RC4+RSA;

ssl_prefer_server_ciphers on;

ssl_verify_client optional;

ssl_verify_depth1;

ssl_session_cacheshared:SSL:128m;

ssl_session_timeout 5m;

}

2.7 关闭puppetmaster随机启动

chkconfig puppetmaster off

2.8 启动nginx

检测nginx.conf语法

/usr/local/nginx/sbin/nginx -t

启动nginx

/usr/local/nginx/sbin/nginx

2.9 检测8140端口是否启动

netstat -an |grep 8140

agent 端配置

修改puppet.conf文件指定certname及server

[agent]

server = salt-master

[master]

certname = salt-master

验证:

agent端:

puppet agent --test

master端:

[[email protected] vhosts]# tail -f /usr/local/nginx/logs/puppet_access.log

X.X.X.X - - [17/Apr/2014:14:17:50 +0800] "GET /production/node/salt-minion-2? HTTP/1.1" 200 3524 "-" "-"

X.X.X.X - - [17/Apr/2014:14:17:50 +0800] "GET /production/file_metadatas/pluginfacts?checksum_type=md5&links=manage&recurse=true&ignore=.svn&ignore=CVS&ignore=.git HTTP/1.1" 200 283 "-" "-"

X.X.X.X - - [17/Apr/2014:14:17:50 +0800] "GET /production/file_metadatas/plugins?checksum_type=md5&links=manage&recurse=true&ignore=.svn&ignore=CVS&ignore=.git HTTP/1.1" 200 283 "-" "-"

X.X.X.X - - [17/Apr/2014:14:17:50 +0800] "POST /production/catalog/salt-minion-2 HTTP/1.1" 200 574 "-" "-"

X.X.X.X - - [17/Apr/2014:14:17:50 +0800] "PUT /production/report/salt-minion-2 HTTP/1.1" 200 9 "-" "-"

X.X.X.X - - [17/Apr/2014:14:20:06 +0800] "GET /production/node/salt-minion-1? HTTP/1.1" 200 3524 "-" "-"

X.X.X.X - - [17/Apr/2014:14:20:06 +0800] "GET /production/file_metadatas/pluginfacts?checksum_type=md5&links=manage&recurse=true&ignore=.svn&ignore=CVS&ignore=.git HTTP/1.1" 200 283 "-" "-"

X.X.X.X - - [17/Apr/2014:14:20:06 +0800] "GET /production/file_metadatas/plugins?checksum_type=md5&links=manage&recurse=true&ignore=.svn&ignore=CVS&ignore=.git HTTP/1.1" 200 283 "-" "-"

X.X.X.X - - [17/Apr/2014:14:20:06 +0800] "POST /production/catalog/salt-minion-1 HTTP/1.1" 200 574 "-" "-"

X.X.X.X - - [17/Apr/2014:14:20:06 +0800] "PUT /production/report/salt-minion-1 HTTP/1.1" 200 9 "-" "-"

时间: 2024-10-27 09:31:42

puppet 学习记录的相关文章

saltstack学习记录

安装 pip 安装 注意  依赖到zeromq3 minion过一段时间去请求master salt-api  可以访问salt去远程执行 ruby puppet   DSL配置   erb文件  模块  加载  模板支持最差 chef     定义直接是ruby代码   erb模板系统   原生支持 python saltstack   yaml配置文件    python程序模板   模板支持很好 python写模块 ipc 进程间通信 都使用key认证    安全 salt-key  -L

puppet学习之四 编写模块

puppet学习之四 编写模块 这里不赘述编写的语法,只是简单记录下一个模块编写的简单流程 [[email protected] ~]# cd /etc/puppet/modules/ [[email protected] modules]# mkdir puppet [[email protected] modules]# cd puppet/ [[email protected] puppet]# mkdir files manifests templates #创建模块目录结构 [[ema

Python学习记录-2016-12-17

今日学习记录 模块: import os#导入os模块 import sys#导入sys模块 os.system("df -h")#执行df -h命令 cmd_res = os.popen("df -h").read()#将命令的返回结果赋值给cmd_res,如果不加入.read()会显示命令的返回加过在内存的位置 print(sys.path)#显示系统变量路径,一般个人模块位于site-packages下,系统模块位于lib下 print(sys.argu[2]

Objc基础学习记录5

NSMutableString类继承的NSString类. NSMutableString是动态的字符串. 1.appendingString 方式: 向字符串尾部添加一个字符串. 2.appendingFormat:可以添加多个类型的字符串. int,chat float,double等 3.stringWithString 创建字符串, 4.rangeOfString 返回str1在另一个字符串中的位置. 5.NSMakeRange(0,3) 字符串0位到3位. 6.deleteCharac

Windows API 编程学习记录&lt;二&gt;

恩,开始写Windows API编程第二节吧. 上次介绍了几个关于Windows API编程最基本的概念,但是如果只是看这些概念,估计还是对Windows API不是很了解.这节我们就使用Windows API 让大家来了解下Windows API的用法. 第一个介绍的Windows API 当然是最经典的MessageBox,这个API 的作用就是在电脑上显示一个对话框,我们先来看看这个API的定义吧: int WINAPI MessageBox(HWND hWnd, LPCTSTR lpTe

Windows API 编程学习记录&lt;三&gt;

恩,开始写API编程的第三节,其实马上要考试了,但是不把这节写完,心里总感觉不舒服啊.写完赶紧去复习啊       在前两节中,我们介绍了Windows API 编程的一些基本概念和一个最基本API函数 MessageBox的使用,在这节中,我们就来正式编写一个Windows的窗口程序. 在具体编写代码之前,我们必须先要了解一下API 编写窗口程序具体的三个基本步骤:             1. 注册窗口类:             2.创建窗口:             3.显示窗口: 恩,

Python学习记录day6

Python学习记录day6 学习 python Python学习记录day6 1.反射 2.常用模块 2.1 sys 2.2 os 2.3 hashlib 2.3 re 1.反射 反射:利用字符串的形式去对象(默认)中操作(寻找)成员 cat commons.py #!/usr/bin/env python#_*_coding:utf-8_*_''' * Created on 2016/12/3 21:54. * @author: Chinge_Yang.''' def login(): pr

Python学习记录-2016-11-29

今日学习记录: 心灵鸡汤: 要有合适自己的目标,一个目标一个目标实现,切忌好高骛远: 最好的投资就是投资自己: 实现梦想 学习,学习,再学习: Talk is cheap. 从本身而言,余三十而立之年,从事测试行业7七年有余,一年半华为外包路由器,两年无线wifi测试,一年半网管软件测试,一年自动化测试经理,推行公司自动化测试进程,从开始的TCL,到现在的python,工欲善其事必先利其器,所以自己来学习,总体我认为我的目标是一直前进的,不断变化的,但是方向并没有大的错误,有些累,所以近期有些懈

程序的机械级表示学习记录

程序的机械级表示学习记录 X86的三代寻址方式 DOS时代的平坦模式,不区分用户空间和内核空间,很不安全. 8086的分段模式. IA32的带保护模式的平坦模式. 对于机械级编程的两种重要抽象 ISA:机械级程序的格式和行为,定义为指令集体系结构,它定义了处理器状态.指令的格式,以及每条指令对状态的影响. 虚拟地址:机器级程序使用的存储器地址,提供的存储器模型看上去是一个非常大的数组.存储器系统的实际实现是将多个硬件存储器和操作系统软件组合起来的. 在GCC中获得汇编代码与反汇编 获得汇编代码: