Puppet 更新方式

基于C/S架构的Puppet更新方式一般有两种,一种是Agent端设置同步时间主动去Puppet Master端拉取配置,另一种是通过Puppet Master端使用puppet kick命令或者借助mcollctive触发更新配置.

1.主动更新

优点：

节点定期主动更新，无论是谁将节点被puppet管理的配置更改了，都会在规定的时间内自动修复，无须管理员登录查看。

环境搭建简单，不需要很复杂的架构，puppet本身C/S架构便可以完成。

缺点：

节点数量过大的情况下同时会向puppetmaster端发起更新请求，会造成puppetmaster性能瓶颈。当然,也有一些解决方案比如设置任务计划，节点分批进行更新。

由于节点会定期向puppet master端提取配置进行更新，这要求puppet master端的环境要足够的安全.

不能手动控制哪些服务器需要更新，哪些不需要更新。

自动更新方式配置很简单，只需要在节点配置文件puppet.conf添加runinterval字段即可实现自动更新，以下步骤简单测试下
注：默认情况下，puppet.conf配置文件中是没有runinterval字段的,如果不配置，默认是每隔30分钟自动同步一次。

1).更改agent配置文件.添加runinterval字段.

[email protected]:puppet# cat puppet.conf
[main]
    # The Puppet log directory.
    # The default value is ‘$vardir/log‘.
    logdir = /var/log/puppet

    # Where Puppet PID files are kept.
    # The default value is ‘$vardir/run‘.
    rundir = /var/run/puppet

    # Where SSL certificates are kept.
    # The default value is ‘$confdir/ssl‘.
    ssldir = $vardir/ssl

[agent]
    # The file in which puppetd stores a list of the classes
    # associated with the retrieved configuratiion.  Can be loaded in
    # the separate ``puppet`` executable using the ``--loadclasses``
    # option.
    # The default value is ‘$confdir/classes.txt‘.
    classfile = $vardir/classes.txt

    # Where puppetd caches the local configuration.  An
    # extension indicating the cache format is added automatically.
    # The default value is ‘$confdir/localconfig‘.
    localconfig = $vardir/localconfig
    server = puppet.domain.com

    runinterval = 10

(2)重启客户端服务

[email protected]:puppet# /etc/init.d/puppet restart
Stopping puppet agent:                                     [  OK  ]
Starting puppet agent:                                     [  OK  ]

(3)查询日志,可以看出每隔10秒agent向puppet master同步一次

[email protected]:tmp# tail -f /var/log/messages
Dec 12 10:25:21 agent puppet-agent[12155]: Finished catalog run in 0.06 seconds
Dec 12 10:25:31 agent puppet-agent[12280]: Finished catalog run in 0.05 seconds
Dec 12 10:25:41 agent puppet-agent[12405]: Finished catalog run in 0.07 seconds
Dec 12 10:25:51 agent puppet-agent[12530]: Finished catalog run in 0.06 seconds
Dec 12 10:26:01 agent puppet-agent[12655]: Finished catalog run in 0.05 seconds
Dec 12 10:26:11 agent puppet-agent[12780]: Finished catalog run in 0.13 seconds

(4)还可以通过命名方式去测试.

[email protected]:puppet# /etc/init.d/puppet stop
Stopping puppet agent:                                     [  OK  ]
[email protected]:puppet#
[email protected]:puppet# puppet agent --verbose --no-daemonize
Notice: Starting Puppet client version 3.7.3
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for agent.domain.com
Info: Applying configuration version ‘1418292313‘
Notice: Finished catalog run in 0.07 seconds
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for agent.domain.com
Info: Applying configuration version ‘1418292313‘
Notice: Finished catalog run in 0.04 seconds
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for agent.domain.com
Info: Applying configuration version ‘1418292313‘
Notice: Finished catalog run in 0.10 seconds

2.推送更新

推送更新就是通过puppet kick或者mcollective来控制节点什么时候向puppetmaster端获取配置变更信息。这种方式比较容易控制，主要表现在以下几个方面：

优点:

非常容易控制节点的更新周期
安全性比较高，每次更新之前可先检查好代码后再更新
可以针对某一个cluster（一组服务器）进行推送更新，灵活性很强。
扩展性很强，可整合各种其他平台

缺点：
环境搭建比较复杂，需要部署N多东西
agent端配置被篡改后，需要手动触发才能够恢复，不能够及时恢复

1).puppet kick方式

puppet kick是是通过puppetmaster端的命令触发的方式进行更新的，由于其锁的问题很难解决外加上主机单元控制不是很灵活，逐渐被抛弃了，puppetlabs也看到了这一点，因此收购了mcollecitve。

2).mcollective触发方式 需要搭建mcollective+MQ架构，搭建好了之后通过mco命令将puppet命令传输至MQ分配到一组节点上去.

该方式后续会单独写一篇文档介绍.