1. puppet之主动推送功能

使用puppet kick进行推送,但kick功能无法支撑大规模puppet agent同时并发请求,所以当agent规模较大时,请使用MCollective

1.1设置puppet agent所有节点的pupet.conf在【agent】增加“listen=true”

1.2开启防火墙8139端口

1.3在puppet agent的auth.conf的path /前加入如下配置

path /run

method save

auth any

allow puppetmaster_hostname 


# deny everything else; this ACL is not strictly necessary, but

# illustrates the default policy.

path /

auth any

1.4重启agent

service puppet restart

1.5master端测试

cat puppet_kick.sh

#!/bin/sh

cat ./$1 | while read LINE

do

echo $LINE “puppet kick”

puppet kick –p 5 –-host $LINE

sleep 1

done

cat puppet_hostname.txt

salt-minion-1

salt-minion-2

测试结果:

Warning: Puppet kick is deprecated. See http://links.puppetlabs.com/puppet-kick-deprecation

Warning: Failed to load ruby LDAP library. LDAP functionality will not be available

Triggering salt-minion-1

Getting status

status is success

salt-minion-1 finished with exit code 0

Finished

salt-minion-2 puppet kick

Warning: Puppet kick is deprecated. See http://links.puppetlabs.com/puppet-kick-deprecation

Warning: Failed to load ruby LDAP library. LDAP functionality will not be available

Triggering salt-minion-2

Getting status

status is success

salt-minion-2 finished with exit code 0

Finished

1.6ldap错误

关于warning1,可以发现puppet kick被Mcollective方法替代,但仍可以使用。

[root@salt-master puppet]# puppet kick --host salt-minion-1

Warning: Puppet kick is deprecated. See http://links.puppetlabs.com/puppet-kick-deprecation

Warning: Failed to load ruby LDAP library. LDAP functionality will not be available

2. 架构扩展之单台puppetmaster

由于puppet 3.X系列不支持mongrel,所以2.x版本可以采用Nginx+mongrel 模式,而3.x版本采用Nginx+Passenger模式(也支持apache,但是nginx处理能力会比较高一些)

Nginx + Passenger 模式:

master端配置:

2.1下载puppetlab软件包

rpm -Uvh https://yum.puppetlabs.com/el/6Server/products/x86_64/puppetlabs-release-6-10.noarch.rpm

yum clean all

2.2 在master端安装puppet-server

yum -y install puppet-server

[root@salt-master yum.repos.d]# puppet -V

3.5.1

[root@salt-master yum.repos.d]# facter -v

2.0.1

2.3安装Nginx和Passenger

yum -y install ruby-devel rubygems

gem install rake rack passenger

运行命令passenger-install-nginx-module会自动安装nginx和passenger

#命令给出两个选项,选择1自动安装即可

Automatically download and install Nginx?


Nginx doesn't support loadable modules such as some other web servers do,

so in order to install Nginx with Passenger support, it must be recompiled.


Do you want this installer to download, compile and install Nginx for you?


 1. Yes: download, compile and install Nginx for me. (recommended)

    The easiest way to get started. A stock Nginx 1.4.7 with Passenger

    support, but with no other additional third party modules, will be

    installed for you to a directory of your choice.


 2. No: I want to customize my Nginx installation. (for advanced users)

    Choose this if you want to compile Nginx with more third party modules

    besides Passenger, or if you need to pass additional options to Nginx's

    'configure' script. This installer will  1) ask you for the location of

    the Nginx source code,  2) run the 'configure' script according to your

    instructions, and  3) run 'make install'.

编译完成后会提示nginx加载passenger的用法:

Suppose you have a web application in /somewhere. Add a server block

to your Nginx configuration file, set its root to /somewhere/public, and set

'passenger_enabled on', like this:


   server {

      listen 80;

      server_name www.yourhost.com;

      root /somewhere/public;   # <--- be sure to point to 'public'!

      passenger_enabled on;

   }

2.4创建rack目录并配置rack应用

mkdir -p /etc/puppet/rack/public

cp /usr/share/puppet/ext/rack/files/config.ru /etc/puppet/rack

chown -R puppet:puppet /etc/puppet/rack

2.5 配置Nginx

修改nginx.conf,添加passenger模块配置(默认已经添加进去)

passenger_root /usr/lib/ruby/gems/1.8/gems/passenger-4.0.41;

passenger_ruby /usr/bin/ruby;

include vhosts/*.conf   <=   手动添加虚拟主机,如果不添加,直接把虚拟主机信息写到nginx.conf也可以

2.6 创建虚拟主机文件

touch $NGINX_HOME/vhosts/puppet_master.conf

server {

  listen                     8140 ssl;

  server_name                salt-master;


  passenger_enabled          on;

  passenger_set_cgi_param    HTTP_X_CLIENT_DN $ssl_client_s_dn;

  passenger_set_cgi_param    HTTP_X_CLIENT_VERIFY $ssl_client_verify;


  access_log                 /usr/local/nginx/logs/puppet_access.log;

  error_log                  /usr/local/nginx/logs/puppet_error.log;


  root                       /etc/puppet/rack/public;


  ssl_certificate       /var/lib/puppet/ssl/certs/salt-master.pem;

  ssl_certificate_key   /var/lib/puppet/ssl/private_keys/salt-master.pem;

  ssl_crl      /var/lib/puppet/ssl/ca/ca_crl.pem;

  ssl_client_certificate /var/lib/puppet/ssl/certs/ca.pem;

  ssl_ciphers     SSLv2:-LOW:-EXPORT:RC4+RSA;

  ssl_prefer_server_ciphers on;

  ssl_verify_client optional;

  ssl_verify_depth1;

  ssl_session_cacheshared:SSL:128m;

  ssl_session_timeout 5m;

}

2.7 关闭puppetmaster随机启动

chkconfig puppetmaster off

2.8 启动nginx

检测nginx.conf语法

/usr/local/nginx/sbin/nginx -t

启动nginx

/usr/local/nginx/sbin/nginx

2.9 检测8140端口是否启动

netstat -an |grep 8140

agent 端配置

修改puppet.conf文件指定certname及server

[agent]

server = salt-master

[master]

certname = salt-master

验证:

agent端:

puppet agent --test

master端:

[root@salt-master vhosts]# tail -f /usr/local/nginx/logs/puppet_access.log

X.X.X.X - - [17/Apr/2014:14:17:50 +0800] "GET /production/node/salt-minion-2? HTTP/1.1" 200 3524 "-" "-"

X.X.X.X - - [17/Apr/2014:14:17:50 +0800] "GET /production/file_metadatas/pluginfacts?checksum_type=md5&links=manage&recurse=true&ignore=.svn&ignore=CVS&ignore=.git HTTP/1.1" 200 283 "-" "-"

X.X.X.X - - [17/Apr/2014:14:17:50 +0800] "GET /production/file_metadatas/plugins?checksum_type=md5&links=manage&recurse=true&ignore=.svn&ignore=CVS&ignore=.git HTTP/1.1" 200 283 "-" "-"

X.X.X.X - - [17/Apr/2014:14:17:50 +0800] "POST /production/catalog/salt-minion-2 HTTP/1.1" 200 574 "-" "-"

X.X.X.X - - [17/Apr/2014:14:17:50 +0800] "PUT /production/report/salt-minion-2 HTTP/1.1" 200 9 "-" "-"

X.X.X.X - - [17/Apr/2014:14:20:06 +0800] "GET /production/node/salt-minion-1? HTTP/1.1" 200 3524 "-" "-"

X.X.X.X - - [17/Apr/2014:14:20:06 +0800] "GET /production/file_metadatas/pluginfacts?checksum_type=md5&links=manage&recurse=true&ignore=.svn&ignore=CVS&ignore=.git HTTP/1.1" 200 283 "-" "-"

X.X.X.X - - [17/Apr/2014:14:20:06 +0800] "GET /production/file_metadatas/plugins?checksum_type=md5&links=manage&recurse=true&ignore=.svn&ignore=CVS&ignore=.git HTTP/1.1" 200 283 "-" "-"

X.X.X.X - - [17/Apr/2014:14:20:06 +0800] "POST /production/catalog/salt-minion-1 HTTP/1.1" 200 574 "-" "-"

X.X.X.X - - [17/Apr/2014:14:20:06 +0800] "PUT /production/report/salt-minion-1 HTTP/1.1" 200 9 "-" "-"