初探Puppet
Puppet是常見的DevOps管理工具,他具備強大且成熟的管理功能,並且支援客製化module的載入,是DevOps不可或缺的好工具..
使用Puppet in Docker建置環境
首先建立puppet連線使用的network
docker network create puppet
|
將puppt執行在standalone mode
docker run --net puppet --name puppet --hostname puppet puppet/puppetserver-standalone
|
執行puppet agent...
$ docker run --net puppet puppet/puppet-agent-ubuntu
Info: Creating a new SSL key for f406170f87f3 Info: Caching certificate for ca Info: csr_attributes file loading from /etc/puppetlabs/puppet/csr_attributes.yaml Info: Creating a new SSL certificate request for f406170f87f3 Info: Certificate Request fingerprint (SHA256): 5E:11:85:D0:0E:7C:71:3F:2D:FB:C4:4C:39:DE:5F:CB:D4:14:BF:1A:47:0D:C8:4C:F0:87:7C:9B:44:FA:11:FB Info: Caching certificate for f406170f87f3 Info: Caching certificate_revocation_list for ca Info: Caching certificate for ca Info: Using configured environment 'production' Info: Retrieving pluginfacts Info: Retrieving plugin Info: Caching catalog for f406170f87f3 Info: Applying configuration version '1508051547' Info: Creating state file /opt/puppetlabs/puppet/cache/state/state.yaml Notice: Applied catalog in 0.01 seconds Changes: Events: Resources: Total: 7 Time: Schedule: 0.00 Config retrieval: 0.76 Total: 0.76 Last run: 1508051547 Filebucket: 0.00 Version: Config: 1508051547 Puppet: 5.2.0 |
上面的puppet的部分,會直接在機器上執行列出summary的指令,指令如下:
puppet agent \
--verbose \ --onetime \ --no-daemonize \ --summarize |
為了進行一些互動,我們可以使用interactive mode執行agent
docker run -it --net puppet \
--entrypoint bash puppet/puppet-agent-ubuntu |
接下來可以客製化agent連線的設定檔:
# sudo vim /etc/puppetlabs/puppet/puppet.conf
[main] certname = ${client hostname} server = puppet //server name environment = production runinterval = 2h |
然後連線到agent端,透過"puppet agent"指令,即可啟動agent...,我們也可以強制把agent留在前景端,讓debug比較容易...
puppet agent --verbose --no-daemonize
|
範例一:為client增加一個檔案
接下來進入puppet server到/etc/puppetlabs/code/environments/production下,建立manifests/site.pp檔案,內容如下:
node default
{ file { "/tmp/puppet_server.message": content => "Hello, Puppet Client!"; } } |
然後,進入agent端,執行"puppet agent --test",即可同步server端的設定
root@0fa0658f528b:/etc/puppetlabs/puppet# puppet agent --test
Info: Using configured environment 'production' Info: Retrieving pluginfacts Info: Retrieving plugin Info: Caching catalog for 0fa0658f528b Info: Applying configuration version '1508052730' Notice: /Stage[main]/Main/Node[default]/File[/tmp/puppet_server.message]/ensure: defined content as '{md5}38febf090437aaf325733508da57a1cf' Notice: Applied catalog in 0.02 seconds |
同步完成後,可以檢查一下/tmp下,應該會出現"puppet_server.message"檔案,顯示Hello,Puppet Client!的內容...
root@0fa0658f528b:/etc/puppetlabs/puppet# ls -l /tmp/
total 4 -rw-r--r-- 1 root root 21 Oct 15 07:32 puppet_server.message |
範例二:自建module來安裝Apache HTTPD
root@puppet:/etc/puppetlabs/code# tree
. |-- environments | `-- production | |-- data | |-- environment.conf | |-- hiera.yaml | |-- manifests | `-- modules `-- modules |
我們先建立apache module的目錄(/etc/puppetlabs/code/modules/apache),然後在該目錄下建立manifest與files資料夾... 然後到 /etc/puppetlabs/code/modules/apache/manifest下依序建立下面的設定檔...
── manifests
├── init.pp ├── install.pp ├── config.pp ├── service.pp |
manitests/init.pp 是預設被讀取的檔案,通常用來定義變數、引用 class
class apache (
String $package_name = 'apache2', String $package_ensure = 'installed', String $service_name = 'apache2', String $service_ensure = 'running', String $default_site_conf = '/etc/apache2/sites-enabled/default.conf', String $run_user = 'www-data', ){ contain apache::install contain apache::config contain apache::service Class['::apache::install'] -> Class['::apache::config'] ~> Class['::apache::service'] } |
manitests/install.pp 用來定義如何安裝 package
class apache::install inherits apache {
package { $apache::package_name: ensure => $apache::package_ensure } } |
manitests/service.pp 用來處理服務
class apache::service inherits apache {
service { $apache::service_name: ensure => $apache::service_ensure, # subscribe => Package['apache'], require => Class['apache::install'] } } |
manitests/config.pp 用來處理設定檔
class apache::config inherits apache {
file { $apache::default_site_conf: ensure => file, owner => $apache::run_user, source => "puppet:///modules/${module_name}/default.conf" } } |
files/default.conf 來描述apache的執行設定...
Timeout 60
KeepAlive On MaxKeepAliveRequests 100 KeepAliveTimeout 5 UseCanonicalName Off AccessFileName .htaccess ServerTokens Full ServerSignature Off HostnameLookups Off RequestReadTimeout header=20-40,MinRate=500 body=20,MinRate=500 |
設定完成後,我們可以到agent的所在機器執行同步... 如果一切無誤,則client端會透過agent開始安裝與設定apache...
$ puppet agent --test
Info: Using configured environment 'production' Info: Retrieving pluginfacts Info: Retrieving plugin Info: Caching catalog for 0fa0658f528b Info: Applying configuration version '1508075447' Notice: /Stage[main]/Apache::Install/Package[apache2]/ensure: created Notice: /Stage[main]/Apache::Config/File[/etc/apache2/sites-enabled/default.conf]/ensure: defined content as '{md5}0c72defe6a4e5486dffb8b38026bb3bf' Info: Class[Apache::Config]: Scheduling refresh of Class[Apache::Service] Info: Class[Apache::Service]: Scheduling refresh of Service[apache2] Notice: /Stage[main]/Apache::Service/Service[apache2]/ensure: ensure changed 'stopped' to 'running' Info: /Stage[main]/Apache::Service/Service[apache2]: Unscheduling refresh on Service[apache2] Notice: Applied catalog in 261.30 seconds |
參考網址
- Puppet in Docker: https://github.com/puppetlabs/puppet-in-docker