利用puppet实现自动化部署
配置前准备:
图中:蓝线表示各个服务器之间通信
红线表示puppetmaster主机向各个agent主机部署信道
A主机puppet-master主机:192.168.126.129
B主机做两种服务:keepalived高性能和nginx反代
192.168.126.130
C主机做两种服务:keepalived高性能和nginx反代
192.168.126.131
D主机tomcat服务:192.168.126.132
E主机tomcat服务:192.168.126.133
F主机memcached服务:192.168.126.134
G主机memcached服务:192.168.126.135
注意:各个主机必须时间同步
此次安装puppet版本为3.8.7
一、配置puppet:master/agent建立安全通信
1、将各个主机的主机名写入到/etc/hosts文件中,以便于域名解析
注意:将此文件内容分别写入各个主机的/etc/hosts文件中
2、安装puppet服务所需要的包
(1)在master主机上安装以下包
facter-2.4.6-1.el7.x86_64.rpm
puppet-3.8.7-1.el7.noarch.rpm
puppet-server-3.8.7-1.el7.noarch.rpm
(2)在各个agent主机上安装以下包
facter-2.4.6-1.el7.x86_64.rpm
puppet-3.8.7-1.el7.noarch.rpm
3、修改配置文件
(1)配置master主机:/etc/puppet/puppet.conf
[main]
…
environmentpath = $confdir/environments(此配置文件只加上此句就行了)
…
[agent]
…
(2)配置agent主机:/etc/puppet/puppet.conf
[main]
…
listen = true(开启监听端口默认为8139)
environmet = production(运行于production环境,)
…
[agent]
…
server = node1.zq.com(设定以node1.zq.com主机位puppetmaster)
…
注意: environmet指令有三个值分别为:production,testing,development
Agent主机设置的为那个环境,那么在master主机的/etc/puppet/environment/目录下必须有与环境名相同名字的目录。并且此目录下必须包含manifests和modules两个目录,在manitests目下有site.pp文件,里面包含向各个agent主机需要部署的服务,而modules目录下就各个服务的模块
(3)配置agent主机:/etc/puppet/auth.conf
加入以下段落:(表示允许master主机可以部署服务)
path /run
method save
auth any
allow node1.zq.com
注意:这几句指令必须在“path /”指令的前面
4、签署CA认证,建立安全通信
(1)master主机
启动服务
Systemctl start puppetmaster.service
查看8140端口已开启
(2)在agent主机
启动服务
Systemctl start puppetagent.service
(3)签署认证
在master主机上认证
执行:puppet cert list –all (查看agent的证书签署请求)
执行:puppet cert sign –all ((签署所有的请求)
二、创建模块
注意:我的此次试验是在production环境下作的
创建前配置:
创建目录文件
mkdir -pv /etc/puppet/environments/production /{manifests,modules}
1、创建模块memcached
(1)cd /etc/puppet/environments/production/modules
(2)mkdir ./memcached/memcached/{manifests,templates,files,spec.lib,tests}
(3)Vim ./manifests/init.pp(每一个模块中都必须含此文件)添加内容如下:
class memcached {
package{‘memcached’:
ensure => latest,
} ->
service{‘memcached’:
ensure => running,
enable => true,
}
}
2、创建tomcat模块
注意:为测试我为两台tomcat主机分别放了不同主页面
(1)cd /etc/puppet/environments/production/modules/
(2)mkdir ./tomcat/{manifests,templates,files,spec.lib,tests}
(3)Vim ./tomcat/manifests/init.pp添加内容如下:
class tomcat {
package{[‘tomcat’,’tomcat-admin-webapps’,’tomcat-docs-webapp’,’tomcat-webapps’,’java-1.8.0-openjdk’]:
ensure => latest,
} ->
exec{‘mkdir’:
command => ‘mkdir -pv /var/lib/tomcat/webapps/test/{classes,lib,WEB_INF}’,
path => ‘/bin:/sbin:/usr/bin:/usr/sbin’,
creats => ‘/var/lib/tomcat/webapps/test’,
} ->
service{‘tomcat’:
ensure => running,
enable => true,
}
}
(4)创建子类(子类文件名必须和子类名相同)
Vim ./tomcat/manfests/mem.pp内容如下:
class tomcat::mem inherits tomcat{
file{‘server.xml’:
path => ‘/etc/tomcat/server.xml’,
source => ‘puppet:///modules/tomcat/server_memcached.xml’,
} ->
file{‘javolution-5.4.3.1.jar’:
path => ‘/usr/share/tomcat/lib/javolution-5.4.3.1.jar’,
source => ‘puppet:///modules/tomcat/javolution-5.4.3.1.jar’,
} ->
file{‘memcached-session-manager-tc7-2.1.1.jar’:
path => ‘/usr/share/tomcat/lib/memcached-session-manager-tc7-2.1.1.jar’,
source => ‘puppet:///modules/tomcat/memcached-session-manager-tc7-2.1.1.jar’,
} ->
file{‘spymemcached-2.11.1.jar’:
path => ‘/usr/share/tomcat/lib/spymemcached-2.11.1.jar’,
source => ‘puppet:///modules/tomcat/spymemcached-2.11.1.jar’,
} ->
file{‘memcached-session-manager-2.1.1.jar’:
path => ‘/usr/share/tomcat/lib/memcached-session-manager-2.1.1.jar’,
source => ‘puppet:///modules/tomcat/memcached-session-manager-2.1.1.jar’,
} ->
file{‘msm-javolution-serializer-2.1.1.jar’:
path => ‘/usr/share/tomcat/lib/msm-javolution-serializer-2.1.1.jar’,
source => ‘puppet:///modules/tomcat/msm-javolution-serializer-2.1.1.jar’,
}
case $ipaddress_ens32 {
‘192.168.126.132’: { $i = tomcata.jsp }
‘192.168.126.133’: { $i = tomcatb.jsp }
default: { $i = tomcata.jsp }
} ->
file{‘index.jsp’:
path => ‘/var/lib/tomcat/webapps/test/index.jsp’,
source => “puppet:///modules/tomcat/$i”,
}
}
(5)放置文件cd ./tomcat/files/
javolution-5.4.3.1.jar
msm-javolution-serializer-2.1.1.jar
spymemcached-2.11.1.jar
memcached-session-manager-2.1.1.jar
memcached-session-manager-tc7-2.1.1.jar
上面的文件问做session-server所需要的类文件
server_memcached.xml(主配置文件)在此文件中加入session配置
tomcata.jsp(tomcat1主机上的主页面)内容如下:
tomcatb.jsp(tomcat2主机上的主页面)
3、创建nginx模块
(1)cd /etc/puppet/environments/production/modules/
(2)mkdir ./nginx/{manifests,templates,files,spec.lib,tests}
(3)Vim ./nginx/manifests/init.pp添加内容如下:
class nginx {
package{‘nginx’:
ensure => latest,
} ->
service{‘nginx’:
ensure => running,
enable => true,
}
}
(4)创建子类Vim ./nginx/manifests/proxy.pp添加内容如下:
class nginx::proxy inherits nginx{
file{‘nginx.conf’:
path => ‘/etc/nginx/nginx.conf’,
source => ‘puppet:///modules/nginx/proxy.conf’,
}
Package[‘nginx’] -> File[‘nginx.conf’] ~> Service[‘nginx’]
}
(5)放置文件
cd ./nginx/files/
proxy.conf
4、创建keepalived模块(设置其虚拟IP:192.168.126.110)
(1)cd /etc/puppet/environments/production/modules/
(2)mkdir ./keepalived/{manifests,templates,files,spec.lib,tests}
(3)Vim ./keepalived/manifests/init.pp添加内容如下:
class keepalived {
package{‘keepalived’:
ensure => latest,
} ->
service{‘keepalived’:
ensure => running,
enable => true,
}
}
(4)子类 vim ./keepalived/manifests/vip.pp内容如下:
class keepalived::vip inherits keepalived{
if $ipaddress_ens32 == ‘192.168.126.130’ {
file{‘keepalived.conf’:
path => ‘/etc/keepalived/keepalived.conf’,
source => “puppet:///modules/keepalived/keepaliveda.conf”,
}
} else {
file{‘keepalived.conf’:
path => ‘/etc/keepalived/keepalived.conf’,
source => “puppet:///modules/keepalived/keepalivedb.conf”,
}
}
file{‘notify.sh’:
path => ‘/etc/keepalived/notify.sh’,
source => ‘puppet:///modules/keepalived/notify.sh’,
}
}
(5)放置文件
keepaliveda.conf(keepalived主节点配置文件)
keepalivedb.conf (keepalived次节点配置文件)
notify.sh(通知脚本)
三、在puppet-master主机部署
1、创建部署文件
vim /etc/puppet/environment/production/manifets/site.pp内容如下:
node ‘node2.zq.com’ {
include nginx::proxy
include keepalived::vip
}
node ‘node3.zq.com’ {
include nginx::proxy
include keepalived::vip
}
node ‘node4.zq.com’ {
include tomcat::mem
}
node ‘node5.zq.com’ {
include tomcat::mem
}
node ‘node6.zq.com’ {
include memcached
}
node ‘node7.zq.com’ {
include memcached
}
2、执行部署
puppet kick node2.zq.com
puppet kick node3.zq.com
puppet kick node4.zq.com
puppet kick node5.zq.com
puppet kick node6.zq.com
puppet kick node7.zq.com
四、测试:
在测试主机的hosts文件中加入一条解析:
192.168.126.110 www.zq.com
输入URL:www.zq.com/test
puppet部署成功
原创文章,作者:zq,如若转载,请注明出处:http://www.178linux.com/82554
