Loading... <p> </p> <p>一、Puppet<span style="font-family:宋体">基础原理</span>:</p> <p>Puppet<span style="font-family:宋体">是一款使用</span>GPLV2X<span style="font-family:宋体">协议授权的开源管理配置工具,用</span>ruby<span style="font-family:宋体">语言开发,既可以通过客户端</span>—<span style="font-family:宋体">服务器的方式运行,也可以独立运行。</span>puppet<span style="font-family:宋体">可以为系统管理员提供方便,快捷的系统自动化管理。</span></p> <p> </p> <p>二、puppet<span style="font-family:宋体">工作流程</span></p> <p><img alt="[LZGXC485O2WCC`{HF(V74Y.png" src="//cto.wang/usr/uploads/2016/07/20160703180547-100.png" title="1446282231527793.png" /></p> <p><span style="font-family: 楷体,楷体_GB2312,SimKai">1. 客户端 puppet-client 向 puppet-master 发起认证请求,或使用带签名的证书。</span></p> <p><span style="font-family: 楷体,楷体_GB2312,SimKai">2. puppet-master 告诉 puppet-client 是合法的。</span></p> <p><span style="font-family: 楷体,楷体_GB2312,SimKai">3. puppet-client 调用 facter, Facter 探测出主机的一些变量, 例如主机名、 内存大小、 IP 地址等,puppet-client 将这些信息通过 SSL 连接发送到服务器端。</span></p> <p><span style="font-family: 楷体,楷体_GB2312,SimKai">4. puppet-master 服务器端检测客户端的主机名,然后找到 manifest 对应的 node 配置,并对该部分内容进行解析。facter 送过来的信息可以作为变量处理,node 牵涉到的代码才解析,其他没牵涉的代码不解析。解析分为几个阶段,首先是语法检查,如果语法错误就报错;如果语法没错,就继续解析,解析的结果生成一个中间的“伪代码”(catelog),然后把伪代码发给客户端。</span></p> <p><span style="font-family: 楷体,楷体_GB2312,SimKai">5. puppet-client 端接收到“伪代码”,并且执行。</span></p> <p><span style="font-family: 楷体,楷体_GB2312,SimKai">6. puppet-client 端在执行时判断有没有 file 文件,如果有,则向 fileserver 发起请求。</span></p> <p><span style="font-family: 楷体,楷体_GB2312,SimKai">7. puppet-client 端判断有没有配置 report,如果已配置,则把执行结果发送给服务器。</span></p> <p><span style="font-family: 楷体,楷体_GB2312,SimKai">8. puppet-server 端把 puppet-client 端的执行结果写入日志,并发送给报告系统。</span></p> <p> </p> <p>三、puppet<span style="font-family:宋体">安装</span></p> <p>1<span style="font-family:宋体">、直接通过</span>yum<span style="font-family:宋体">安装老系统自带版本。</span></p> <pre class="brush:bash;toolbar:false">yum install puppet -y</pre> <p>2<span style="font-family:宋体">、安装最新版本</span></p> <pre class="brush:bash;toolbar:false">sudo rpm -ivh https://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm</pre> <p>2.1<span style="font-family:宋体">、安装</span>puppet-server<span style="font-family:宋体">。</span></p> <pre class="brush:bash;toolbar:false">sudo puppet resource package puppet-server ensure=latest</pre> <p>2.2<span style="font-family:宋体">、安装</span>agent</p> <pre class="brush:bash;toolbar:false">sudo puppet resource package puppet ensure=latest</pre> <p><span style="font-family:宋体">四、</span>puppet<span style="font-family:宋体">资源管理</span></p> <p>Puppet<span style="font-family:宋体">中的资源是</span>puppet<span style="font-family:宋体">工具的核心,它是通过</span>puppet<span style="font-family:宋体">管理配置系统的最小单位。</span></p> <p><span style="font-family:宋体">1、查看资源类型</span></p> <pre class="brush:bash;toolbar:false">puppet describe -l</pre> <p><span style="font-family:宋体">2、查看资源摘要</span></p> <pre class="brush:bash;toolbar:false">puppet describe -s <resource_name></pre> <p><span style="font-family:宋体">3、查看资源详细用法</span></p> <pre class="brush:bash;toolbar:false">puppet describe <resource_name></pre> <p><span style="font-family:宋体">4、资源的基本格式</span></p> <pre class="brush:bash;toolbar:false">资源名 { '标题': 属性1 => '值', 属性2 => '值', } #以安装httpd为例 package { 'httpd': ensure => 'present', provider => 'rpm', }</pre> <p>puppet<span style="font-family:宋体">常用资源</span>:file,filebucket,host,group,package,service,exec,cron,notify <span style="font-family:宋体">等。</span></p> <p><span style="font-family:宋体">5、资源公有属性</span>:</p> <p>before :<span style="font-family: 宋体">指明资源要在某个资源之前运行</span></p> <p>require<span style="font-family: 宋体">:指明某个资源要在某个资源之后运行。</span></p> <p>notify: <span style="font-family: 宋体">主动通知其他资源,本资源的状态</span></p> <p>subscibe <span style="font-family: 宋体">:被动通知,当它检测到资源状态发生改变的时候,主动更新所在资源状态。</span></p> <p><span style="font-family:宋体">还可以使用</span></p> <p>-> <span style="font-family:宋体">表示资源前后关系</span></p> <p>~> <span style="font-family:宋体">表示资源之间的通知</span></p> <p><span style="font-family:宋体"><br /></span></p> <p>五、puppet<span style="font-family:宋体">语言</span></p> <p>1)、puppet<span style="font-family:宋体">变量:</span></p> <p> 1<span style="font-family:宋体">、名称之前必须以</span>$<span style="font-family:宋体">开头,赋值用</span>=<span style="font-family:宋体">,支持追加赋值</span>+=<span style="font-family:宋体">;</span></p> <p> 2<span style="font-family:宋体">、变量名称有两种格式,简短名称,</span>FQN($scope::variable)<span style="font-family:宋体">。</span></p> <p> $webserver = "httpd"</p> <p> package {"httpd":</p> <p> ensure => "present",</p> <p> name => $webserver</p> <p> }</p> <p> 3、作用域:top > node > local 作用域越小,优先级越高</p> <p><span style="font-family:宋体">2)、数据类型:</span></p> <p> 1<span style="font-family:宋体">、直接字串</span></p> <p> <span style="font-family:宋体">可以使用引号,也可以不用。</span></p> <p> <span style="font-family:宋体">换行符为</span>\n,windows<span style="font-family:宋体">中</span>\r\n</p> <p> 2<span style="font-family:宋体">、布尔型</span></p> <p> true,false</p> <p> <span style="font-family:宋体">其它类型会自动转换为布尔型。</span></p> <p> <span style="font-family:宋体">所有数字都是</span>true</p> <p> <span style="font-family:宋体">空字符串为</span>false<span style="font-family:宋体">,其它字符串为</span>true</p> <p> 3<span style="font-family:宋体">、数值</span></p> <p> <span style="font-family:宋体">整数</span></p> <p> <span style="font-family:宋体">浮点数</span></p> <p> 4<span style="font-family:宋体">、数组,逗号隔开</span></p> <p> $array = ['httpd','mysql','php']</p> <p> package {$array:ensure => installed} #<span style="font-family:宋体">依次安装包</span></p> <p> 5<span style="font-family:宋体">、</span>hash</p> <p> { key1 => value1,key2 => value2,…}</p> <p> 6<span style="font-family:宋体">、</span>undef<span style="font-family: 宋体">,声明未定义的东西不能加上引号的。</span></p> <p>3)、puppet<span style="font-family:宋体">支持的操作符和对应的表达式:</span></p> <p><span style="font-family: 楷体,楷体_GB2312,SimKai"> </span><span style="font-family: 楷体,楷体_GB2312,SimKai">比较操作符:</span></p> <p><span style="font-family: 楷体,楷体_GB2312,SimKai"> ==</span></p> <p><span style="font-family: 楷体,楷体_GB2312,SimKai"> !=</span></p> <p><span style="font-family: 楷体,楷体_GB2312,SimKai"> <,>,<=,>=,</span></p> <p><span style="font-family: 楷体,楷体_GB2312,SimKai"> =~ 正则匹配</span></p> <p><span style="font-family: 楷体,楷体_GB2312,SimKai"> !~ 正则不匹配</span></p> <p><span style="font-family: 楷体,楷体_GB2312,SimKai"> in</span></p> <p><span style="font-family: 楷体,楷体_GB2312,SimKai"> 布尔操作符:</span></p> <p><span style="font-family: 楷体,楷体_GB2312,SimKai"> and</span></p> <p><span style="font-family: 楷体,楷体_GB2312,SimKai"> or</span></p> <p><span style="font-family: 楷体,楷体_GB2312,SimKai"> !</span></p> <p><span style="font-family: 楷体,楷体_GB2312,SimKai"> 算术运算</span></p> <p><span style="font-family: 楷体,楷体_GB2312,SimKai"> +</span></p> <p><span style="font-family: 楷体,楷体_GB2312,SimKai"> –</span></p> <p><span style="font-family: 楷体,楷体_GB2312,SimKai"> /</span></p> <p><span style="font-family: 楷体,楷体_GB2312,SimKai"> *</span></p> <p><span style="font-family: 楷体,楷体_GB2312,SimKai"> << 左移</span></p> <p><span style="font-family: 楷体,楷体_GB2312,SimKai"> >> 右移</span> </p> <pre class="brush:bash;toolbar:false"> $osfamily == 'CentOS' $kernel in ['Linux','solaris','freebsd']</pre> <p>4)、puppet<span style="font-family:宋体">的条件判断语句:</span></p> <p> if ..elsif..else</p> <p> case</p> <p> selector<span style="font-family:宋体">语句</span> #<span style="font-family: 宋体">意思是在两个选项中任选其中一个赋值</span></p> <pre class="brush:bash;toolbar:false"> if $operationsystem == 'CentOS'{ notice("welcome to CentOS") } elsif $operationsystem == 'Redhat' { notice("Welcome to Redhat") } elsif $operationsystem == 'Fedora' { notice("Welcome to Fedora") } else{ notice('Welcome to ET') }</pre> <pre class="brush:bash;toolbar:false">case $operationsystem { 'Solaris': { include role::solaris } 'Redhat','CentOS' : { include role::redhat } /^(Debian|Ubuntu)$/ : { include role::debian } default : { include role::generic } }</pre> <p></p> <pre class="brush:bash;toolbar:false">$webserver = $operatingsystem ? { /(?i-mx:'ubuntu'|debian)/ => 'apache', /(?i-mx:redhat|centos|fedora)/ => 'httpd', default => 'httpd' } i:表示忽略大小写 - : 表示不使用某转移符号 m:表示把 "." 当做换行符使用 x :表示互略模式中空白字符和注释。</pre> <p>六、puppet<span style="font-family:宋体">类和模块</span></p> <p><span style="font-family:宋体">类是具有相同特性和行为的集合。就是一组代码块,在需要时可以通过名称进行调用。只定义类,并不会调用,需要声明才可以。</span></p> <p><span style="font-family:宋体">1)、语法:</span></p> <pre class="brush:bash;toolbar:false">class class_name [inherits] [base_class] { 正常的puppet代码 }</pre> <p>如果在同个模块定义了多个类, 可以采双冒号( :: ) 。 例如定义个nginx模块, 模块中 定义三个类: </p> <pre class="brush:bash;toolbar:false">class nginx { … } class nginx::config { … } class nginx::vhost { … }</pre> <p> <span style="font-family:宋体">2)、类的继承(基类不能有参数):</span></p> <p> 1<span style="font-family:宋体">、继承资源属性</span></p> <p> 2<span style="font-family:宋体">、覆盖资源属性</span></p> <p> =></p> <p> 3<span style="font-family:宋体">、追加资源属性</span></p> <p> +></p> <p>3)、 模块</p> <p> 模块结构</p> <pre class="brush:bash;toolbar:false">module name mainfests init.pp #必须至少声明一个类。类与模块名相同 *.pp # mudule_name::[subdirname]::mainfect_name files:包含的是一个静态文件。puppet的agentmaster模型。 puppet:///modles/module_name/[subdir_name/]file_name templates:模板文件 *.erb 用到ruby语言 template(''); content => template('模板文件'), lib #插件目录。 tests :当前模块的使用帮助或者实例文件 spec :为lib目录的插件提供使用说明,范例的。</pre> <p><span style="font-family:宋体"></span></p> <p><span style="font-size: 18px">七、事例,puppet部署LNMP</span></p> <p>1、假定已经安装好puppet-server。</p> <p>2、主机名通信</p> <pre class="brush:bash;toolbar:false">cat >> /etc/hosts <<EOF 192.168.198.139 puppet-server 192.168.198.160 puppet-client EOF</pre> <p>3、提供puppet文件</p> <pre class="brush:bash;toolbar:false">mkdir /etc/puppet/modules/lnmp/{manifests,files,templates,tests} -p</pre> <pre class="brush:bash;toolbar:false">vim /etc/puppet/modules/lnmp/manifests/init.pp class lnmp { include lnmp::nginx include lnmp::mysql include lnmp::php }</pre> <pre class="brush:bash;toolbar:false">vim /etc/puppet/modules/lnmp/manifests/nginx.pp class lnmp::nginx { package{'nginx': ensure => present, name => nginx, } file{'nginx.conf': ensure => file, source => 'puppet:///modules/lnmp/nginx.conf', path => '/etc/nginx/nginx.conf', require => Package['nginx'], } service{'nginx': ensure => true, enable => true, subscribe => File['nginx.conf'], } }</pre> <pre class="brush:bash;toolbar:false"> vim /etc/puppet/modules/lnmp/manifests/php.pp class lnmp::php { package{'php-fpm': ensure => present, name => php-fpm, } file{'www.conf': ensure => file, source => 'puppet:///modules/lnmp/www.conf', path => '/etc/php-fpm.d/www.conf', require => Package['php-fpm'], } service{'php-fpm': ensure => true, enable => true, subscribe => File['www.conf'], } }</pre> <p></p> <pre class="brush:bash;toolbar:false"> vim /etc/puppet/modules/lnmp/manifests/mysql.pp class lnmp::mysql { package{'mysql-server': ensure => present, name => 'mysql-server', } file{'my.cnf': ensure => file, source => 'puppet:///modules/lnmp/my.cnf', path => '/etc/my.cnf', require => Package['mysql-server'], } service{'mysqld': ensure => true, enable => true, subscribe => File['my.cnf'], } }</pre> <pre class="brush:bash;toolbar:false">vim /etc/puppet/manifests/site.pp node 'puppet-client' { include lnmp }</pre> <p>4、提供服务配置文件</p> <pre class="brush:bash;toolbar:false">cp /root/files/{nginx.conf,www.conf,my.cnf} /etc/puppet/modules/lnmp/files/</pre> <p>5、启动puppet服务</p> <pre class="brush:bash;toolbar:false">[root@puppet-server modules]# puppet master --verbose --no-daemonize #第一次启动以便观察信息 Info: Creating a new SSL key for ca Info: Creating a new SSL certificate request for ca Info: Certificate Request fingerprint (SHA256): 7B:A9:AB:84:C0:EB:DC:83:0E:EA:8C:81:1E:25:9A:47:5C:3F:10:31:6F:F7:5C:25:BE:B7:41:3C:B8:6B:35:38 .....</pre> <pre class="brush:bash;toolbar:false">[root@puppet-client ~]# puppet agent server --server puppet-server --verbose --no-daemonize #客户端申请证书</pre> <pre class="brush:bash;toolbar:false">[root@puppet-server ~]# puppet cert sign puppet-client #服务器签署证书</pre> <pre class="brush:bash;toolbar:false">#稍等一会 [root@puppet-client ~]# ss -tnl | egrep "80|3306|9000" LISTEN 0 128 *:9000 *:* LISTEN 0 50 *:3306 *:* LISTEN 0 128 *:80 *:*</pre> <p><strong><br /></strong>八、总结</p> <p>供自己以后参考。会不断完善</p> <p></p> <p></p> <p>参考:</p> <p>http://cuchadanfan.blog.51cto.com/9940284/d-11</p> <p>http://scholar.blog.51cto.com/9985645/1673562 </p> <p></p> 最后修改:2021 年 12 月 10 日 10 : 53 AM © 允许规范转载 赞赏 如果觉得我的文章对你有用,请随意赞赏 赞赏作者 支付宝微信