Pupet自动化管理环境部署记录(三)

查看证书

[root@Master-node ~]# puppet cert –list –all

+ “agent-node1” (SHA256) E0:57:E4:D4:2A:10:46:68:E7:58:DE:3C:6A:2C:9F:82:7B:5F:BC:6E:F9:84:E7:A2:F3:E3:9D:02:5E:CB:EC:80

+ “agent-node2” (SHA256) F8:6F:55:37:8C:4D:D0:33:A5:EA:5E:2D:1A:EA:3E:52:27:9F:0A:65:E2:81:56:2E:7A:EF:67:8A:F6:37:8D:50

+ “agent-node3” (SHA256) 50:9E:80:75:D8:13:2D:A4:CB:04:6C:2E:70:11:90:53:97:37:07:0D:F0:AB:66:40:60:87:4C:51:74:1A:00:ED

+ “master-node” (SHA256) 2A:EB:D3:60:C4:F6:57:12:9B:2E:7E:E8:3A:B8:11:B6:A4:57:F4:F9:91:7D:E7:E9:25:64:DD:51:C8:26:8E:75

 

6)然后把Master端预先生成的证书copy到agent端的各个节点上

[root@Agent-node1 ~]# mkdir -p /var/lib/puppet/ssl/private_keys

[root@Agent-node1 ~]# mkdir -p /var/lib/puppet/ssl/certs

[root@Agent-node1 ~]# rsync -e “ssh -p22” -avpgolr 182.48.115.233:/var/lib/puppet/ssl/private_keys/agent-node1.pem /var/lib/puppet/ssl/private_keys/

[root@Agent-node1 ~]# rsync -e “ssh -p22” -avpgolr 182.48.115.233:/var/lib/puppet/ssl/certs/agent-node1.pem /var/lib/puppet/ssl/certs/

[root@Agent-node1 ~]# rsync -e “ssh -p22” -avpgolr 182.48.115.233:/var/lib/puppet/ssl/certs/ca.pem /var/lib/puppet/ssl/certs/

 

[root@Agent-node2 ~]# mkdir -p /var/lib/puppet/ssl/private_keys

[root@Agent-node2 ~]# mkdir -p /var/lib/puppet/ssl/certs

[root@Agent-node2 ~]# rsync -e “ssh -p22” -avpgolr 182.48.115.233:/var/lib/puppet/ssl/private_keys/agent-node2.pem /var/lib/puppet/ssl/private_keys/

[root@Agent-node2 ~]# rsync -e “ssh -p22” -avpgolr 182.48.115.233:/var/lib/puppet/ssl/certs/agent-node2.pem /var/lib/puppet/ssl/certs/

[root@Agent-node2 ~]# rsync -e “ssh -p22” -avpgolr 182.48.115.233:/var/lib/puppet/ssl/certs/ca.pem /var/lib/puppet/ssl/certs/

 

[root@Agent-node3 ~]# mkdir -p /var/lib/puppet/ssl/private_keys

[root@Agent-node3 ~]# mkdir -p /var/lib/puppet/ssl/certs

[root@Agent-node3 ~]# rsync -e “ssh -p22” -avpgolr 182.48.115.233:/var/lib/puppet/ssl/private_keys/agent-node3.pem /var/lib/puppet/ssl/private_keys/

[root@Agent-node3 ~]# rsync -e “ssh -p22” -avpgolr 182.48.115.233:/var/lib/puppet/ssl/certs/agent-node3.pem /var/lib/puppet/ssl/certs/

[root@Agent-node3 ~]# rsync -e “ssh -p22” -avpgolr 182.48.115.233:/var/lib/puppet/ssl/certs/ca.pem /var/lib/puppet/ssl/certs/

 

最后在各个Agent节点测试

[root@Agent-node1 ~]# puppet agent -t

Info: Caching certificate_revocation_list for ca

Info: Retrieving pluginfacts

Info: Retrieving plugin

Info: Caching catalog for agent-node1

Info: Applying configuration version ‘1495896021’

Info: Creating state file /var/lib/puppet/state/state.yaml

Notice: Finished catalog run in 0.07 seconds

在Master端查看证书情况

[root@Master-node ~]# tree /var/lib/puppet/ssl/

/var/lib/puppet/ssl/

├── ca

│   ├── ca_crl.pem

│   ├── ca_crt.pem

│   ├── ca_key.pem

│   ├── ca_pub.pem

│   ├── inventory.txt

│   ├── private

│   │   └── ca.pass

│   ├── requests

│   ├── serial

│   └── signed

│       ├── agent-node1.pem

│       ├── agent-node2.pem

│       ├── agent-node3.pem

│       └── master-node.pem

├── certificate_requests

├── certs

│   ├── agent-node1.pem

│   ├── agent-node2.pem

│   ├── agent-node3.pem

│   ├── ca.pem

│   └── master-node.pem

├── crl.pem

├── private

├── private_keys

│   ├── agent-node1.pem

│   ├── agent-node2.pem

│   ├── agent-node3.pem

│   └── master-node.pem

└── public_keys

├── agent-node1.pem

├── agent-node2.pem

├── agent-node3.pem

└── master-node.pem

3)Puppet的Dashboard搭建

puppet dashboard是GUI(图形用户界面)方式管理puppet,可以分析puppet运行日志。

 

1)安装mysql

[root@Master-node ~]# yum install -y mysql mysql-devel mysql-server

[root@Master-node ~]# vim /etc/my.cnf              //在[mysqld]字段,增加下面一行内容

[mysqld]

……

max_allowed_packet = 32M

 

启动服务

[root@Master-node ~]# /etc/init.d/mysqld start

[root@Master-node ~]# chkconfig mysqld on

 

设置mysql密码为”password”

[root@Master-node ~]# mysqladmin -u root password ‘password’

 

创建一个dashboard数据库

[root@Master-node ~]# mysql -ppassword

mysql> CREATE DATABASE dashboard CHARACTER SET utf8;

mysql> CREATE USER ‘dashboard’@’localhost’ IDENTIFIED BY ‘password’;

mysql> GRANT ALL PRIVILEGES ON dashboard.* TO ‘dashboard’@’localhost’;

mysql> FLUSH PRIVILEGES;

 

2)安装Passenger+Apache+Dashboard

使用Apache+Passenger部署高性能PuppetMaster,代替原来的WEBrick,提高并发性能

 

让Apache支持ruby。通过ruby gem方式安装passenger

[root@Master-node ~]# gem install passenger

 

若是升级ruby,参考源码安装升级:http://www.cnblogs.com/kevingrace/p/5752382.html

 

3)配置Dashboard

[root@Master-node ~]# vim /usr/share/puppet-dashboard/config/database.yml

……..

production:

database: dashboard

username: dashboard

password: password

encoding: utf8

adapter: mysql

 

修改时区

[root@Master-node ~]# vim /usr/share/puppet-dashboard/config/environment.rb

…….

config.time_zone = ‘Beijing’

 

4)初始化数据库

[root@Master-node ~]# cd /usr/share/puppet-dashboard/

[root@Master-node puppet-dashboard]# rake RAILS_ENV=production db:migrate            //rake是ruby下自带的命令,可以使用find命令找出

 

5)配置Apache

配置passenger(选择http服务软件):

[root@Master-node ~]# passenger-install-apache2-module

 

[root@Master-node ~]# find / -name mod_passenger.so

/usr/local/ruby/lib/ruby/gems/2.4.0/gems/passenger-5.1.4/buildout/apache2/mod_passenger.so

 

[root@Master-node ~]# cp /usr/local/ruby/lib/ruby/gems/2.4.0/gems/passenger-5.1.4/buildout/apache2/mod_passenger.so /etc/httpd/modules/

 

整合Passenger和apache

[root@Master-node ~]# yum install curl-devel httpd-devel

[root@Master-node ~]# vim /etc/httpd/conf.d/passenger.conf

LoadModule passenger_module modules/mod_passenger.so

<IfModule mod_passenger.c>

PassengerRoot /usr/share/rubygems/gems/passenger-3.0.17

PassengerRuby /usr/bin/ruby

 

PassengerHighPerformance on

PassengerMaxPoolSize 12

PassengerPoolIdleTime 1500

PassengerStatThrottleRate 120

RailsAutoDetect On

</IfModule>

<VirtualHost *:80>

ServerName huanqiu.puppet.com

DocumentRoot “/usr/share/puppet-dashboard/public/”

<Directory “/usr/share/puppet-dashboard/public/”>

Options None

AllowOverride AuthConfig

Order allow,deny

allow from all

</Directory>

ErrorLog /var/log/httpd/huanqiu.puppet.com_error.log

LogLevel warn

CustomLog /var/log/httpd/huanqiu.puppet.com_access.log combined

ServerSignature On

</VirtualHost>

 

启动服务

[root@Master-node ~]# /etc/init.d/httpd start

[root@Master-node ~]# chkconfig httpd on

 

6)配置puppet

让Dashboard使用Reports,现在默认agent是已经启用Report的功能,所以就不需要设置agent,只需要设置Server端就可以!

[root@Master-node ~]# vim /etc/puppet/puppet.conf

…….

[master]

reports = store, http

reporturl = http://huanqiu.puppet.com:80/reports/upload

 

重启puppetmaster 服务

[root@Master-node ~]# /etc/init.d/puppetmaster restart

 

这时候可以直接用 http://ip 访问puppet Dashboard

***************

 

 

以下文章点击率最高

Loading…


发表评论

邮箱地址不会被公开。 必填项已用*标注