puppet的多环境配置

puppet的多环境配置

任总
2018.11.29 16:43:06字数 567阅读 1,171

一、puppet的多环境

实际环境配置应用架构
  • 实际应用中标准的架构应该由开发、测试、生产三个组成,对应到puppetmaster里面应该有3套配置和代码。而且每套配置和代码都应该对应到自己的环境中,而配置和代码的变更更应该通过版本控制工具进行管理,比如svn、git等。 接下来我们为puppetmaster创造3个环境,生产production,开发development,测试testing
  • puppet的默认环境是production;
  • 更改环境,修改配置文件puppet.conf中的

environmentpath = production | development | testing

二、puppet 3.4 之前的版本配置多环境的方法:

  • puppet 3.4特点:各环境配置:都有自己的模块和站点清单目录
创建目录
/etc/puppet/environments/{production,development,testing}

master支持多环境:puppet.conf
[master]
# modulepath=
# manifest=
environments = production, development, testing

[production]
modulepath=/etc/puppet/environments/production/modules/
manifest=/etc/puppet/environments/production/manifests/site.pp

[development]
modulepath=/etc/puppet/environments/development/modules/
manifest=/etc/puppet/environments/development/manifests/site.pp

[testing]
modulepath=/etc/puppet/environments/testing/modules/
manifest=/etc/puppet/environments/testing/manifests/site.pp

三、puppet 3.6之后的版本配置多环境的方法:

*特点:master支持多环境:只要指明环境目录即可,每一个子目录就是一个环境

1、master端配置

(1)、 master配置文件puppet.conf

vim /etc/puppet/puppet.conf
      [main]
      environmentpath = $confdir/environments

(2)、 在多环境配置目录下为每个环境准备一个子目录

[root@master63 ~]# cd /etc/puppet/environments/
[root@master63 environments]# tree
.
├── development     #开发环境目录
│   ├── manifests
│   └── modules
│       └── nginx
│           ├── files
│           ├── lib
│           ├── manifests
│           ├── spec
│           ├── templates
│           └── tests
├── production      #生产环境目录
│   ├── manifests
│   └── modules
│       └── nginx
│           ├── files
│           ├── lib
│           ├── manifests
│           ├── spec
│           ├── templates
│           └── tests
└── testing           #测试环境目录
    ├── manifests
    └── modules
        └── nginx
            ├── files
            ├── lib
            ├── manifests
            ├── spec
            ├── templates
            └── tests

2、agent端配置:

(1)、 agent配置文件puppet.conf,指明是哪一个环境

vim /etc/puppet/puppet.conf
      [agent]
      environment = { production|development | testing }

3、额外配置文件:

文件系统fileserver.conf和认证(URL)auth.conf,这两个文件定义那些资源可以被访问。

4、GUI:图形界面工具有dashboard和foreman。

四、应用示例

  • 实验目的:不同环境使用不同的Nginx配置文件,生产环境nginx为4个线程,开发环境nginx为1个线程。

1、master端配置

#停止服务
[root@master63 ~]# systemctl stop puppetmaster

#创建多环境目录,生产,测试,开发
[root@master63 ~]# cd /etc/puppet/environments
[root@master63 environments]# mkdir -pv {production,development,testing}/{manifests,modules}
(1)production生产环境
#编辑nginx父类
[root@master63 ~]# vim /etc/puppet/environments/production/modules/nginx/manifests/init.pp 

class nginx{
      package{'nginx':
           ensure => latest,
    } ->
      service{'nginx':
           ensure => running,
           enable => true,
    }

}
#编辑nginx的web子类
[root@master63 ~]# vim /etc/puppet/environments/production/modules/nginx/manifests/web.pp 

class nginx::web inherits nginx {
            file{'nginx.conf':
               path => '/etc/nginx/nginx.conf',
               source => 'puppet:///modules/nginx/nginx.conf',
               }
         Package['nginx'] -> File['nginx.conf'] ~> Service['nginx']
}
#编辑生产环境nginx配置文件,启动线程为4个
#此配置文件可从其他nginx主机拷贝
[root@master63 ~]# vim /etc/puppet/environments/production/modules/nginx/files/nginx.conf 
.......
user nginx;
worker_processes 4;

#编辑主机清单
[root@master63 ~]# vim /etc/puppet/environments/production/manifests/site.pp
node 'agent61.localdomain' {
              include nginx::web
         }
(2)development开发环境
#编辑nginx父类
[root@master63 ~]# vim /etc/puppet/environments/development/modules/nginx/manifests/init.pp 

class nginx{
      package{'nginx':
           ensure => latest,
    } ->
      service{'nginx':
           ensure => running,
           enable => true,
    }

}

#编辑nginx的web子类
[root@master63 ~]# vim /etc/puppet/environments/development/modules/nginx/manifests/web.pp 

class nginx::web inherits nginx {
            file{'nginx.conf':
               path => '/etc/nginx/nginx.conf',
               source => 'puppet:///modules/nginx/nginx.conf',
               }
         Package['nginx'] -> File['nginx.conf'] ~> Service['nginx']
}

#编辑开发环境nginx配置文件,启动线程为1
#此配置文件可从其他nginx主机拷贝
[root@master63 ~]# vim /etc/puppet/environments/development/modules/nginx/files/nginx.conf 
.......
user nginx;
worker_processes 1;

#编辑主机清单
[root@master63 ~]# vim /etc/puppet/environments/development/manifests/site.pp
node 'agent61.localdomain' {
              include nginx::web
         }

(3)master节点主机修改配置文件,查询环境
#编辑puppet-master配置文件,使其适用多环境
[root@master63 ~]# vim /etc/puppet/puppet.conf 
............
[main]
       environmentpath = $confdir/environments

#查询当前环境为产品环境,默认环境是production产品环境
[root@master63 ~]# puppet config print | grep environment
environment = production
environmentpath = /etc/puppet/environments
environment_timeout = 0
manifest = /etc/puppet/environments/production/manifests
disable_per_environment_manifest = false
modulepath = /etc/puppet/environments/production/modules:/etc/puppet/modules:/usr/share/puppet/modules

#启动master服务
[root@master63 ~]# systemctl start puppetmaster

2、agent端production生产环境

[root@agent61 ~]# systemctl stop puppetagent
[root@agent61 ~]# vim /etc/puppet/puppet.conf 
[agent]
.......
server = master63.localdomain
 environment = production    #设置为production环境

[root@agent61 ~]# systemctl start puppetagent

生产环境nginx按照配置文件产生4个进程

3、agent端development开发环境

[root@agent61 ~]# systemctl stop puppetagent
[root@agent61 ~]# vim /etc/puppet/puppet.conf 
[agent]
.......
server = master63.localdomain
 environment = development    #设置为development环境

[root@agent61 ~]# systemctl start puppetagent

开发环境nginx按照配置文件产生1个进程

五、master端的推送方式

  • master端:把配置资源推送到agent端,配置文件添加main部分添加 listen=true,启用监听端口8139
    命令格式:puppet kick

puppet kick [--host <HOST>] [--all]

1、agent端启用接收推送,设置监听状态配置

#agent端
[root@agent61 ~]# systemctl stop puppetagent
[root@agent61 ~]# vim /etc/puppet/puppet.conf 
[main]
.....
    listen= true
[agent]
.......
 environment = production

[root@agent61 ~]# vim /etc/puppet/auth.conf
# allow nodes to request a new certificate
path /certificate_request
auth any
method find, save
allow *

path /v2.0/environments
method find
allow *
#添加
path /run
method save
auth any
allow master63.localdomain  #基于主机名允许那些主机访问
[root@agent61 ~]# systemctl start puppetagent
[root@agent61 ~]# ss -tnl
State      Recv-Q Send-Q Local Address:Port               Peer Address:Port              
LISTEN     0      128            *:8139                       *:*       

#查询监听状态
[root@agent61 ~]# puppet config print listen
true

2、master端nginx配置改变后,推送到agent端

#master端修改nginx配置进程数量
[root@master63 ~]# vim /etc/puppet/environments/production/modules/nginx/files/nginx.conf 
user nginx;
worker_processes 2;
#推送到agent端
[root@master63 ~]# puppet kick agent61.localdomain
Warning: Puppet kick is deprecated. See http://links.puppetlabs.com/puppet-kick-deprecation
Warning: Failed to load ruby LDAP library. LDAP functionality will not be available
Triggering agent61.localdomain
Getting status
status is success
agent61.localdomain finished with exit code 0
Finished
agent端收到推送后,按照配置文件进程由原来的4个变为2个
posted @   ianCloud  阅读(120)  评论(0编辑  收藏  举报
编辑推荐:
· 没有源码,如何修改代码逻辑?
· 一个奇形怪状的面试题:Bean中的CHM要不要加volatile?
· [.NET]调用本地 Deepseek 模型
· 一个费力不讨好的项目,让我损失了近一半的绩效!
· .NET Core 托管堆内存泄露/CPU异常的常见思路
阅读排行:
· DeepSeek “源神”启动!「GitHub 热点速览」
· 微软正式发布.NET 10 Preview 1:开启下一代开发框架新篇章
· C# 集成 DeepSeek 模型实现 AI 私有化(本地部署与 API 调用教程)
· DeepSeek R1 简明指南:架构、训练、本地部署及硬件要求
· NetPad:一个.NET开源、跨平台的C#编辑器
点击右上角即可分享
微信分享提示