自己画的一个简单的架构图

agent端每隔30分钟到master端请求与自己相关的catalog。

各节点时间要同步。

依赖DNS,各节点能通过主机名能解析。

1、同步时间

# yum install -y ntp ntpdate

# ntpdate pool.ntp.org

2、修改hosts(仅在测试时使用,大规模场景下请使用dns解析)

# vim /etc/hosts

3、安装程序包,master端安装puppet、puppet-server,agent端安装puppet即可

# yum install -y puppet puppet-server

# rpm -ql puppet-server

/etc/puppet/fileserver.conf

/etc/puppet/manifests

/usr/lib/systemd/system/puppetmaster.service

# rpm -ql puppet

/etc/puppet/modules

/etc/puppet/puppet.conf

/usr/bin/puppet

/usr/lib/systemd/system/puppet.service

/usr/lib/systemd/system/puppetagent.service

/var/lib/puppet

/var/log/puppet

/var/run/puppet

4、初始化master(这里仅是测试查看运行过程,实际上可以直接启动服务)

# puppet help master

--daemonize:Send the process into the background. This is the default.

--no-daemonize:Do not send the process into the background.

# puppet master --no-daemonize --verbose

Info: Creating a new SSL key for ca

Info: Creating a new SSL certificate request for ca

Info: Certificate Request fingerprint (SHA256): 9A:66:76:76:2F:B0:86:8E:25:7F:24:B6:A5:09:44:3E:F4:2C:DB:37:24:CC:0C:4E:40:C7:C0:81:64:1B:06:61

Notice: Signed certificate request for ca

Info: Creating a new certificate revocation list

Info: Creating a new SSL key for aliyun

Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml

Info: Creating a new SSL certificate request for aliyun

Info: Certificate Request fingerprint (SHA256): C2:59:1A:9D:63:1C:6E:6D:93:68:C9:2C:B7:FD:99:8C:95:9D:D9:C5:7F:D7:38:87:3D:86:68:99:A9:D2:EB:EE

Notice: aliyun has a waiting certificate request

Notice: Signed certificate request for aliyun

Notice: Removing file Puppet::SSL::CertificateRequest aliyun at '/var/lib/puppet/ssl/ca/requests/aliyun.pem'

Notice: Removing file Puppet::SSL::CertificateRequest aliyun at '/var/lib/puppet/ssl/certificate_requests/aliyun.pem'

Notice: Starting Puppet master version 3.6.2

# netstat -tnlp      默认监听在tcp/8140端口

5、启动master服务

# systemctl start puppetmaster

# systemctl enable puppetmaster

可以删除证书重新生成

# rm -rf /var/lib/puppet/ssl/*

# puppet master --no-daemonize --verbose

6、修改master的配置文件,这里提供的是一个ini风格的配置文件,main段是公共配置、master段是matser的配置、agent段是agent的配置

# puppet help master

# puppet man master

See the configuration file documentation at http://docs.puppetlabs.com/references/stable/configuration.html for the full list of acceptable settings.

A commented list of all settings can also be generated by running puppet master with '--genconfig'.

# vim /etc/puppet/puppet.conf

生成完整的配置列表

# puppet help config

puppet config <action> [--section SECTION_NAME]

print    Examine Puppet's current setting.

set      Set Puppet's settings.

# puppet master --genconfig > /etc/puppet/test.conf

# puppet agent --genconfig >> /etc/puppet/test.conf

# vim /etc/puppet/test.conf

替换现有的配置文件

# cp test.conf /etc/puppet/puppet.conf

# systemctl restart puppetmaster

7、修改agent的配置文件

# vim /etc/puppet/puppet.conf

server = puppetmaster.oupeng.com

# puppet help agent

# puppet man agent

--daemonize

--no-daemonize

--noop:Use 'noop' mode where the daemon runs in a no-op or dry-run mode.

-v|--verbose:Turn on verbose reporting.

-V|--version:Print the puppet version number and exit.

-t|--test:Enable the most common options used for testing. These are 'onetime','verbose','ignorecache','no-daemonize','no-usecacheonfailure','detailed-exitcodes','no-splay',and 'show_diff'.

--onetime:Run the configuration once. Runs a single (normally daemonized) Puppet run.

--detailed-exitcodes:Provide transaction information via exit codes. If this is enabled, an exit code of '2' means there were changes, an exit code of '4' means there were failures during the transaction, and an exit code of '6' means there were both changes and failures.

# puppet agent -t

# systemctl start puppet

# systemctl enable puppet

打印当前配置

# puppet config print

# puppet config print --section master

# puppet config print --section agent

获取模块位置

# puppet config print modulepath

/etc/puppet/environments/production/modules:/etc/puppet/modules:/usr/share/puppet/modules

8、在master端管理证书签署和请求

# puppet help cert

Manage certificates and requests.

list:List outstanding certificate requests. If '--all' is specified, signed certificates are also listed, prefixed by '+', and revoked or invalid certificates are prefixed by '-'. 列出证书请求,加--all可以显示所以证书,包括未签署的和已经签署的。

sign:Sign an outstanding certificate request. 签署证书请求

revoke:Revoke the certificate of a client. 吊销证书,需重启master生效

clean:Revoke a host's certificat e and remove all files related to that host from puppet cert's storage.

--all:Operate on all items. Currently only makes sense with the 'sign', 'clean', 'list', and 'fingerprint' actions.


# puppet cert list

# puppet cert list --all

# puppet cert sign --all

9、示例,定义站点清单

# cd /etc/puppet/manifests/

# vim site.pp

  node "agent1.oupeng.com" {

    include mariadb

  }

# puppet agent --no-daemonize -v --noop

# systemctl restart puppet

到这里,基础环境就部署完成了。

部署puppet master/agent模型的更多相关文章

  1. 自动化运维工具之Puppet master/agent模型、站点清单和puppet多环境设定

    前文我们了解了puppe中模块的使用,回顾请参考https://www.cnblogs.com/qiuhom-1874/p/14086315.html:今天我来了解下puppet的master/age ...

  2. puppet master/agent

    puppet master/agent 配置 安装 master: yum install puppet-server agent: yum install puppet 自动签名 puppet的ma ...

  3. Puppet master/agent installation on RHEL7

    ==================================================================================================== ...

  4. puppet(5)-master/agent模式

    master/agent模式的工作流程 agent每隔固定时长会向master端发送nodename(自己的节点名,节点名至关重要)和 facts ,并且向服务器端请求自己的catalog. mast ...

  5. Puppet基于Master/Agent模式实现LNMP平台部署

    前言 随着IT行业的迅猛发展,传统的运维方式靠大量人力比较吃力,运维人员面对日益增长的服务器和运维工作,不得不把很多重复的.繁琐的工作利用自动化处理.前期我们介绍了运维自动化工具ansible的简单应 ...

  6. Advacned Puppet: Puppet Master性能调优

    本文是Advanced Puppet系列的第一篇:Puppet master性能调优,谈一谈如何优化和提高C/S架构下master端的性能. 故事情节往往惊人地类似:你是一名使用Puppet管理线上业 ...

  7. Configure Puppet Master with Passenger and Apache on Centos

    What is Passenger? Passenger (AKA mod_rails or mod_rack) is an Apache 2.x module which lets you run ...

  8. WEBrick/Rack Puppet Master

    Puppet's Services: The WEBrick Puppet Master Puppet master is the application that compiles configur ...

  9. puppet master 用 nginx + unicorn 作为前端

    目录 1. 概要 2. nginx + unicorn 配置 2.1. package 安装 2.2. 配置文件设置 2.2.1. 配置 unicorn 2.2.2. 配置nginx 2.3. 测试配 ...

随机推荐

  1. 402. Remove K Digits/738.Monotone Increasing Digits/321. Create Maximum Number

    Given a non-negative integer num represented as a string, remove k digits from the number so that th ...

  2. Docker--Dockerfile引用及指令集的功能用法

    Dockerfile引用的官网文档:https://docs.docker.com/engine/reference/builder/ 编写Dockerfiles的最佳实践的官网文档:https:// ...

  3. 搭建Harbor私有镜像仓库--v1.5.1

     搭建Harbor私有镜像仓库--v1.5.1 1.介绍 Docker容器应用的开发和运行离不开可靠的镜像管理,虽然Docker官方也提供了公共的镜像仓库,但是从安全和效率等方面考虑,部署我们私有环境 ...

  4. 10款常见MySQL高可用方案选型解读

    一.概述 我们在考虑MySQL数据库的高可用架构时,主要考虑如下几方面: 如果数据库发生了宕机或者意外中断等故障,能尽快恢复数据库的可用性,尽可能的减少停机时间,保证业务不会因为数据库的故障而中断. ...

  5. [!] Attempt to read non existent folder `***********`

    以前遇到过的问题,最近又出现了,问题单独列出,容易查找: $ pod install [!] Attempt to read non existent folder `/Users/galahad/D ...

  6. 网页调起App之应用实践

    声明:本文由入驻搜狐公众平台的作者撰写,除搜狐官方账号外,观点仅代表作者本人,不代表搜狐立场.举报 新春佳节即将到来,北京的上地&西二旗.望京&国贸.五道口&中关村地区等程序员 ...

  7. Daily Scrum4 11.6

    昨天的任务按时完成了,但是通过不到两周的时间,我们的工作依旧停留在修改上届学长代码中.今天上课和老师提出了这样的问题,助教在TFS上重新加载了10级学长的代码. 从上届学长代码那里我们发现,他们没有实 ...

  8. 45度炸队Alpha冲刺博客集

    博客集如下: Alpha冲刺Day1:第一天冲刺记录 Alpha冲刺Day2:第二天冲刺记录 Alpha冲刺Day3:第三天冲刺记录 Alpha冲刺Day4:第四天冲刺记录 Alpha冲刺Day5:第 ...

  9. b5

    吴晓晖(组长) 过去两天完成了哪些任务 完善推荐算法 展示GitHub当日代码/文档签入记录 接下来的计划 推荐算法 还剩下哪些任务 组员:刘帅珍 过去两天完成了哪些任务: 修改原型,整理背景 明日计 ...

  10. “吃神么,买神么”的第二个Sprint计划

    “吃神么,买神么”的第二个Sprint计划   一.现状   前台布局设计完成一个主页,可以让浏览者了解我们网站的功能,这是第一个阶段的Spring完成的事情.由于没有实际的功能体现,所以第二阶段开始 ...