网上资料比较多比较老,基本操作可以借鉴。安装Puppet最简单的方式就是用yum来安装(操作系统centos6),由于天朝的特殊环境最好建立本地仓库。本文记录我自己安装过程的过程,先介绍本地仓库创建,然后介绍Puppet环境的搭建。
操作系统:
1
2
[root@hadoop-master2 ~]# cat /etc/redhat-release
CentOS release 6.5 (Final)
更新
2016-4-28 15:42:32 - rpm强制安装puppetserver。依赖jdk8有点麻烦,自己安装jdk7就好了。
2016-5-3 09:39:40 - 更新puppetserver性能的部分,运行在Jetty之上不需要再折腾passenger了。见文章最后。
本地仓库搭建
Puppet4所有依赖都进行统一打包,其实通过rpm就能直接安装。为了体现下高大山、并且Puppet内部的项目之间是有依赖的。这里先使用createrepo创建本地库。
createrepo其实就是用来创建目录下rpm文件的索引数据(repodata)。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
[root@hadoop-master2 ~]# yum install createrepo
# 下载系统对应的puppet-pc1的包: https://yum.puppetlabs.com/el/6/PC1/x86_64/ 全部最新版本
[root@hadoop-master2 repo]# ls -1
puppet-agent-1.4.1-1.el6.x86_64.rpm
puppet-dashboard-1.2.23-0.1rc3.el6.noarch.rpm
puppetdb-4.0.0-1.el6.noarch.rpm
puppetdb-termini-3.2.4-1.el6.noarch.rpm
puppetdb-terminus-3-1.el6.noarch.rpm
puppetserver-2.3.1-1.el6.noarch.rpm
[root@hadoop-master2 repo]# createrepo .
Spawning worker 0 with 6 pkgs
Workers Finished
Gathering worker results
Saving Primary metadata
Saving file lists metadata
Saving other metadata
Generating sqlite DBs
Sqlite DBs complete
[root@hadoop-master2 puppetlabs]# cat /etc/yum.repos.d/puppet-local.repo
[puppet-local]
name=Puppet Local
baseurl=file:///opt/puppetlabs/repo
failovermethod=priority
enabled=1
gpgcheck=0
查看local下的rpm包:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
[root@hadoop-master2 repo]# yum clean all
Loaded plugins: fastestmirror, security
Cleaning repos: base epel extras pgdg94 puppet-local updates
Cleaning up Everything
[root@hadoop-master2 repo]# yum list all | grep "puppet-local"
puppet-agent.x86_64 1.4.1-1.el6 @puppet-local
puppet-dashboard.noarch 1.2.23-0.1rc3.el6 @puppet-local
puppetdb.noarch 4.0.0-1.el6 @puppet-local
puppetdb-termini.noarch 3.2.4-1.el6 @puppet-local
puppetserver.noarch 2.3.1-1.el6 @puppet-local
puppetdb-terminus.noarch 3-1.el6 puppet-local
[root@hadoop-master2 repo]# yum search puppet
网上资料还有安装 yum-priorities 来设置repo优先级的。我这里没有包冲突问题所以并没有安装这个。
单机安装
安装前翻一翻官网的文档: https://docs.puppet.com/puppetserver/latest/install_from_packages.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
# 先看看 puppet-agent 和 puppetserver 的依赖
[root@hadoop-master2 repo]# yum deplist puppet-agent
Loaded plugins: fastestmirror, security
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* epel: ftp.cuhk.edu.hk
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
Finding dependencies:
package: puppet-agent.x86_64 1.4.1-1.el6
dependency: tar
provider: tar.x86_64 2:1.23-13.el6
dependency: /bin/sh
provider: bash.x86_64 4.1.2-33.el6
provider: bash.x86_64 4.1.2-33.el6_7.1
dependency: readline
provider: readline.i686 6.0-4.el6
provider: readline.x86_64 6.0-4.el6
dependency: util-linux
provider: util-linux-ng.i686 2.17.2-12.18.el6
provider: util-linux-ng.x86_64 2.17.2-12.18.el6
dependency: chkconfig
provider: chkconfig.x86_64 1.3.49.3-5.el6
provider: chkconfig.x86_64 1.3.49.3-5.el6_7.2
[root@hadoop-master2 repo]# yum deplist puppetserver
Loaded plugins: fastestmirror, security
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* epel: ftp.cuhk.edu.hk
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
Finding dependencies:
package: puppetserver.noarch 2.3.1-1.el6
dependency: /bin/bash
provider: bash.x86_64 4.1.2-33.el6
provider: bash.x86_64 4.1.2-33.el6_7.1
dependency: java-1.8.0-openjdk-headless
provider: java-1.8.0-openjdk-headless.x86_64 1:1.8.0.45-35.b13.el6
provider: java-1.8.0-openjdk-headless.x86_64 1:1.8.0.51-0.b16.el6_6
provider: java-1.8.0-openjdk-headless.x86_64 1:1.8.0.51-1.b16.el6_7
provider: java-1.8.0-openjdk-headless.x86_64 1:1.8.0.51-3.b16.el6_7
provider: java-1.8.0-openjdk-headless.x86_64 1:1.8.0.65-0.b17.el6_7
provider: java-1.8.0-openjdk-headless.x86_64 1:1.8.0.71-1.b15.el6_7
provider: java-1.8.0-openjdk-headless.x86_64 1:1.8.0.77-0.b03.el6_7
dependency: puppet-agent >= 1.4.0
provider: puppet-agent.x86_64 1.4.1-1.el6
dependency: net-tools
provider: net-tools.x86_64 1.60-110.el6_2
dependency: /usr/bin/env
provider: coreutils.x86_64 8.4-37.el6
provider: coreutils.x86_64 8.4-37.el6_7.3
dependency: /bin/sh
provider: bash.x86_64 4.1.2-33.el6
provider: bash.x86_64 4.1.2-33.el6_7.1
dependency: chkconfig
provider: chkconfig.x86_64 1.3.49.3-5.el6
provider: chkconfig.x86_64 1.3.49.3-5.el6_7.2
# 安装
[root@hadoop-master2 repo]# yum install puppetserver
# jps查看进程,然后查看端口
[root@hadoop-master2 repo]# netstat -anp | grep 4526
tcp 0 0 :::8140 :::* LISTEN 4526/java
# 安装好后,查看各版本软件版本信息
[root@hadoop-master2 repo]# puppet -V
4.4.1
[root@hadoop-master2 repo]# facter -v
3.1.5 (commit b5c2cf9b2ac290cb17fcadea19b467a39e17c1fd)
[root@hadoop-master2 repo]# puppetserver -v
puppetserver version: 2.3.1
puppetserver依赖puppet-agent,而puppet-agent是一个all-in-one的assembly的包。所以服务端安装puppetserver就行了。客户端仅安装puppet-agent即可。
Puppet4的目录进行比较大的调整,程序路径为 /opt/puppetlabs ,配置路径为 /etc/puppetlabs 。如果你看的是puppet3资料,对照查看官网 Where Did Everything Go in Puppet 4.x? 了解各程序的目录位置。
如果你单独安装了jdk(依赖的是jdk8也是挺烦的),也可以使用rpm强制安装puppetserver,然后指定java程序的路径:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
bash-4.1# yum deplist puppetserver
Loaded plugins: fastestmirror, priorities
Loading mirror speeds from cached hostfile
* centos-local: 172.17.42.1:8888
Finding dependencies:
package: puppetserver.noarch 2.3.1-1.el6
dependency: /bin/bash
provider: bash.x86_64 4.1.2-29.el6
dependency: java-1.8.0-openjdk-headless
provider: java-1.8.0-openjdk-headless.x86_64 1.8.0.20-3.b26.el6
dependency: puppet-agent >= 1.4.0
provider: puppet-agent.x86_64 1.4.1-1.el6
dependency: net-tools
provider: net-tools.x86_64 1.60-110.el6_2
dependency: /usr/bin/env
provider: coreutils.x86_64 8.4-37.el6
dependency: /bin/sh
provider: bash.x86_64 4.1.2-29.el6
dependency: chkconfig
provider: chkconfig.x86_64 1.3.49.3-2.el6_4.1
bash-4.1# rpm -ivh http://172.17.42.1:8888/centos6/puppet/puppetserver-2.3.1-1.el6.noarch.rpm --nodeps --force
Retrieving http://172.17.42.1:8888/centos6/puppet/puppetserver-2.3.1-1.el6.noarch.rpm
warning: /var/tmp/rpm-tmp.7CAtn8: Header V4 RSA/SHA1 Signature, key ID 4bd6ec30: NOKEY
Preparing... ########################################### [100%]
usermod: no changes
1:puppetserver ########################################### [100%]
usermod: no changes
bash-4.1# chkconfig --list | grep puppetserver
puppetserver 0:off 1:off 2:on 3:on 4:on 5:on 6:off
bash-4.1# cat /etc/sysconfig/puppetserver
...
JAVA_BIN="/opt/jdk1.7.0_60/bin/java"
...
bash-4.1# netstat -a
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:8140 *:* LISTEN
...
单机版HelloWorld
单机模式不需要认证,当做学习调试环境挺好的:方便简单。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
[root@hadoop-master2 manifests]# vi helloworld.pp
notify { 'greeting':
message => 'Hello, world!'
}
[root@hadoop-master2 manifests]# puppet apply helloworld.pp
Notice: Compiled catalog for hadoop-master2.localdomain in environment production in 0.03 seconds
Notice: Hello, world!
Notice: /Stage[main]/Main/Notify[greeting]/message: defined 'message' as 'Hello, world!'
Notice: Applied catalog in 0.04 seconds
# 可以用resource根据当前环境生成配置
[root@hadoop-master2 manifests]# puppet resource user hadoop
user { 'hadoop':
ensure => 'present',
gid => '500',
home => '/home/hadoop',
password => 'XXXXXX',
password_max_age => '99999',
password_min_age => '0',
shell => '/bin/bash',
uid => '500',
}
# 状态变更
[root@hadoop-master2 puppetlabs]# bin/puppet resource service puppet ensure=running enable=false
Notice: /Service[puppet]/enable: enable changed 'true' to 'false'
service { 'puppet':
ensure => 'running',
enable => 'false',
}
[root@hadoop-master2 puppetlabs]# chkconfig --list | grep puppet
puppet 0:off 1:off 2:off 3:off 4:off 5:off 6:off
puppetserver 0:off 1:off 2:on 3:on 4:on 5:on 6:off
CS模式配置
这里完全模拟生产环境情况(内网),首先搭建两个本地仓库:centos,puppet。puppet依赖RPM根据具体情况下载即可,我这里用的是centos6.5。
搭建私有仓库:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
增加 java-1.8.0-openjdk-headless 和 tzdata-java-2014g(iso带的2013g不适配)
[root@hadoop-master2 repo]# ll
total 142344
-rw-r--r-- 1 root root 33135156 Apr 9 21:47 java-1.8.0-openjdk-headless-1.8.0.51-3.b16.el6_7.x86_64.rpm
-rw-r--r-- 1 root root 26740012 Apr 9 11:29 puppet-agent-1.4.1-1.el6.x86_64.rpm
-rw-r--r-- 1 root root 4509000 Apr 9 11:29 puppet-dashboard-1.2.23-0.1rc3.el6.noarch.rpm
-rw-r--r-- 1 root root 21866876 Apr 9 11:29 puppetdb-4.0.0-1.el6.noarch.rpm
-rw-r--r-- 1 root root 25516 Apr 9 11:29 puppetdb-termini-3.2.4-1.el6.noarch.rpm
-rw-r--r-- 1 root root 3676 Apr 9 11:29 puppetdb-terminus-3-1.el6.noarch.rpm
-rw-r--r-- 1 root root 33412844 Apr 9 11:29 puppetserver-2.3.1-1.el6.noarch.rpm
drwxr-xr-x 2 root root 4096 Apr 9 22:56 repodata
-rw-r--r-- 1 root root 181196 Sep 17 2014 tzdata-java-2014g-1.el6.noarch.rpm
[root@hadoop-master2 ~]# mount -t iso9660 -o loop CentOS-6.5-x86_64-bin-DVD1.iso /mnt/cdrom
# httpd 我的系统已经安装了
[root@hadoop-master2 ~]# cd /var/www/html/
[root@hadoop-master2 html]# ll
total 820
lrwxrwxrwx 1 root root 10 Apr 9 21:54 centos6_5 -> /mnt/cdrom
lrwxrwxrwx 1 root root 20 Mar 30 17:11 puppet -> /opt/puppetlabs/repo
启动docker实例,参考 docker的安装 。由于centos和puppet中有包冲突,需要安装 yum-priorities 。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
[root@hadoop-master2 repo]# docker run -i -t centos:centos6 /bin/bash
bash-4.1# cat /etc/redhat-release
CentOS release 6.5 (Final)
bash-4.1# yum install yum-plugin-priorities-1.1.30-30.el6.noarch.rpm
# 把默认的repo清理掉,添加puppet和centos
bash-4.1# cat /etc/yum.repos.d/puppet-local.repo
[puppet-local]
name=Puppet Local
baseurl=http://172.17.42.1/puppet
failovermethod=priority
enabled=1
gpgcheck=0
priority=1
bash-4.1# cat /etc/yum.repos.d/centos-local.repo
[centos-local]
name=Centos Local
baseurl=http://172.17.42.1/centos6_5
failovermethod=priority
enabled=1
gpgcheck=0
priority=2
bash-4.1# yum install puppetserver
# 加载环境变量
bash-4.1# source /etc/profile.d/puppet-agent.sh
# 查看puppet各程序版本
bash-4.1# puppet -V
4.4.1
bash-4.1# puppetserver -v
puppetserver version: 2.3.1
bash-4.1# facter -v
3.1.5 (commit b5c2cf9b2ac290cb17fcadea19b467a39e17c1fd)
Agent安装:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
bash-4.1# cat /etc/yum.repos.d/puppet-local.repo
[puppet-local]
name=Puppet Local
baseurl=http://172.17.42.1/puppet
failovermethod=priority
enabled=1
gpgcheck=0
[centos-local]
name=Centos Local
baseurl=http://172.17.42.1/centos6_5
failovermethod=priority
enabled=1
gpgcheck=0
bash-4.1# yum install puppet-agent -y
配置:
1
2
3
4
bash-4.1# cat /etc/hosts
172.17.0.4 puppet
172.17.0.5 agent1
172.17.0.6 agent2
1
2
3
4
5
6
7
8
bash-4.1# puppet agent -t
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for 3e4b2ba27563.localdomain
Info: Applying configuration version '1460222292'
Info: Creating state file /opt/puppetlabs/puppet/cache/state/state.yaml
Notice: Applied catalog in 0.01 seconds
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
bash-4.1# puppet agent -t
Info: Creating a new SSL key for 5a56be361905.localdomain
Info: Caching certificate for ca
Info: csr_attributes file loading from /etc/puppetlabs/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for 5a56be361905.localdomain
Info: Certificate Request fingerprint (SHA256): 58:1A:2E:28:D3:D7:C5:7B:E3:1A:C2:0F:70:D0:46:C0:34:39:7F:EC:98:65:B1:09:96:D3:4B:A7:4B:32:A6:C6
Info: Caching certificate for ca
Exiting; no certificate found and waitforcert is disabled
# master查看/认证
bash-4.1# puppet cert list
"5a56be361905.localdomain" (SHA256) 58:1A:2E:28:D3:D7:C5:7B:E3:1A:C2:0F:70:D0:46:C0:34:39:7F:EC:98:65:B1:09:96:D3:4B:A7:4B:32:A6:C6
"6516b8d0538b.localdomain" (SHA256) F7:49:CC:93:EA:5D:D9:A2:90:33:01:A9:74:86:97:0C:20:0C:EB:24:3A:13:85:64:5C:32:A8:D7:36:91:3C:77
bash-4.1# puppet cert sign --all
Notice: Signed certificate request for 6516b8d0538b.localdomain
Notice: Removing file Puppet::SSL::CertificateRequest 6516b8d0538b.localdomain at '/etc/puppetlabs/puppet/ssl/ca/requests/6516b8d0538b.localdomain.pem'
Notice: Signed certificate request for 5a56be361905.localdomain
Notice: Removing file Puppet::SSL::CertificateRequest 5a56be361905.localdomain at '/etc/puppetlabs/puppet/ssl/ca/requests/5a56be361905.localdomain.pem'
# agent再连
bash-4.1# puppet agent -t
Info: Caching certificate for 5a56be361905.localdomain
Info: Caching certificate_revocation_list for ca
Info: Caching certificate for 5a56be361905.localdomain
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for 5a56be361905.localdomain
Info: Applying configuration version '1460222614'
Info: Creating state file /opt/puppetlabs/puppet/cache/state/state.yaml
Notice: Applied catalog in 0.02 seconds
相比puppet那么多配置项,安装还是相对简单的。安装写到这些也差不多了,接下来要研究下监控和puppet的配置。
安装过程中也遇到一些问题,主要都是DNS导致。一开始 直接用hosts 来配置是最简便的,把server的ip指定为puppet域名。
再来个Hello:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
# master
bash-4.1# cd /etc/puppetlabs/code/environments/production/
bash-4.1# ls
environment.conf hieradata manifests modules
bash-4.1# cd manifests/
bash-4.1# cat helloworld.pp
notify { 'Hello World' :
}
# agent
bash-4.1# puppet agent -t
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for 5a56be361905.localdomain
Info: Applying configuration version '1460223248'
Notice: Hello World
Notice: /Stage[main]/Main/Notify[Hello World]/message: defined 'message' as 'Hello World'
Notice: Applied catalog in 0.02 seconds
bash-4.1#
最后说说PuppetServer性能
晚上很多资料都是旧的,一般都是 puppetmaster + apache/nginx + passenger 。新版本使用puppetserver后,服务运行在JVM之上( Puppet Server is hosted by a Jetty web server ),性能比原来ruby的方式更好(反正官网是这么说的 )。所以没必要折腾其他ruby的东西了。
题外话 :搭上JVM(java)的车,对于大家都好^_^,现在大数据HADOOP都是基于java的,spark的scala也是运行在JVM之上。
Because Puppet Server runs on the JVM, it takes a bit longer than the Apache/Passenger stack to start and get ready to accept HTTP connections.
Overall, Puppet Server performance is significantly better than a Puppet master running on the Apache/Passenger stack, but the initial startup is definitely slower.
参考
–END