通过部署MCollective+ActiveMQ模块更安全高效的触发puppet更新

转载 2016年06月01日 17:56:22
通过部署MCollective+ActiveMQ模块更安全高效的触发puppet更新
2013-08-26 13:47:22
原创作品,允许转载,转载时请务必以超链接形式标明文章 原始出处 、作者信息和本声明。否则将追究法律责任。http://dreamfire.blog.51cto.com/418026/1282735

如果需要交流puppet 可加入puppet技术交流QQ群 296934942

实验环境:

puppetserver.rsyslog.org

MCollective客户端+ACtiveMQ服务端+Puppet服务端


agent1.rsyslog.org

MCollective服务端+Puppet客户端

应用:apache


agent2.rsyslog.org

MCollective服务端+Puppet客户端

应用:apache+mysql


agent3.rsyslog.org

MCollective服务端+Puppet客户端

应用:php


实验步骤:

一、在Puppetserver端部署RabbitMQ
1、安装ACtiveMQ
[root@puppetserver yum.repos.d]# yum install tanukiwrapper activemq activemq-info-provider

2、配置ActiveMQ
         <simpleAuthenticationPlugin>
           <users>
             <authenticationUser username="admin" password="123.com" groups="mcollective,admins,everyone"/>
             <authenticationUser username="mcollective" password="secret" groups="mcollective,admins,everyone"/>  
           </users>
         </simpleAuthenticationPlugin>

       <transportConnectors>
           <transportConnector name="openwire" uri="tcp://0.0.0.0:61616"/>
<!--            <transportConnector name="stomp+nio" uri="stomp+nio://0.0.0.0:61613"/> -->
           <transportConnector name="stomp" uri="stomp://0.0.0.0:61613"/>
       </transportConnectors>
此配置文件中的:用户名和密码配置,在ActiveMQ 5.9.1 中,配置改到 credentials.properties文件里了!上面的配置不用更改。
3、启动ActiveMQ
[root@puppetserver activemq]# /etc/rc.d/init.d/activemq restart
Stopping ActiveMQ Broker...
ActiveMQ Broker was not running.
Starting ActiveMQ Broker...
[root@puppetserver activemq]# chkconfig activemq on
[root@puppetserver activemq]# netstat -nlatp | grep 61613
tcp        0      0 :::61613                    :::*                        LISTEN      3098/java

二、在Puppetserver端部署MCollective客户端
1、安装stomp gem包(也可以通过yum安装rubygem-stomp包)
[root@puppetserver ~]# gem install stomp
Successfully installed stomp-1.2.14
1 gem installed
Installing ri documentation for stomp-1.2.14...
Installing RDoc documentation for stomp-1.2.14...
2、安装Mcollective客户端
[root@puppetserver activemq]# yum install mcollective-common  mcollective-client
3、配置Mcollective连接ACtiveMQ
[root@puppetserver ~]# cat /etc/mcollective/client.cfg
topicprefix = /topic/
main_collective = mcollective
collectives = mcollective
libdir = /usr/libexec/mcollective
logger_type = console
loglevel = warn

# Plugins
securityprovider = psk
plugin.psk = 456.com

connector = stomp
#plugin.stomp.host = localhost
plugin.stomp.host = 172.16.200.100
plugin.stomp.port = 61613
plugin.stomp.user = mcollective
plugin.stomp.password = secret

# Facts
factsource = yaml
plugin.yaml = /etc/mcollective/facts.yaml


三、在所有节点上部署MCollective服务端
1、安装stomp gem包

[root@agent1 mcollective]# gem install stomp
Successfully installed stomp-1.2.14
1 gem installed
Installing ri documentation for stomp-1.2.14...
Installing RDoc documentation for stomp-1.2.14...
2、安装MCollective服务端
[root@agent1 yum.repos.d]# yum install mcollective  mcollective-common
 Installing     : ruby-irb                                                                                          1/6 
 Installing     : ruby-rdoc                                                                                         2/6 
 Installing     : rubygems                                                                                          3/6 
 Installing     : rubygem-stomp                                                                                     4/6 
 Installing     : mcollective-common                                                                                5/6 
 Installing     : mcollective

2、配置MCollective服务端连接到ACtiveMQ
[root@agent1 yum.repos.d]# cat /etc/mcollective/server.cfg
topicprefix = /topic/
main_collective = mcollective
collectives = mcollective
libdir = /usr/libexec/mcollective
logfile = /var/log/mcollective.log
loglevel = info
daemonize = 1

# Plugins
securityprovider = psk
plugin.psk = 456.com

connector = stomp
plugin.stomp.host = 172.16.200.100
plugin.stomp.port = 61613
plugin.stomp.user = mcollective
plugin.stomp.password = secret

# Facts
factsource = yaml
plugin.yaml = /etc/mcollective/facts.yaml  
[root@agent1 rpms]# /etc/rc.d/init.d/mcollective restart
Shutting down mcollective: 
Starting mcollective:                                      [  OK  ]

四、测试MCollective通讯是否正常
[root@puppetserver activemq]# mco help
The Marionette Collective version 2.2.4

 completion      Helper for shell completion systems
 facts           Reports on usage for a specific fact
 find            Find hosts using the discovery system matching filter criteria
 help            Application list and help
 inventory       General reporting tool for nodes, collectives and subcollectives
 ping            Ping all nodes
 plugin          MCollective Plugin Application
 rpc             Generic RPC agent client application

[root@puppetserver activemq]# mco ping  #测试和MC服务器端通讯是否正常
agent1.rsyslog.org                      time=118.40 ms
agent1.rsyslog.org                      time=158.20 ms
agent1.rsyslog.org                      time=158.99 ms  
---- ping statistics ----
3 replies max: 158.99 min: 118.40 avg: 145.20

[root@puppetserver activemq]# mco inventory agent1.rsyslog.org  #查看某一个MC服务器端MC的相关信息
Inventory for agent1.rsyslog.org:

  Server Statistics:
                     Version: 2.2.4
                  Start Time: Sun Aug 25 12:36:25 +0800 2013
                 Config File: /etc/mcollective/server.cfg
                 Collectives: mcollective
             Main Collective: mcollective
                  Process ID: 8304
              Total Messages: 3
     Messages Passed Filters: 3
           Messages Filtered: 0
            Expired Messages: 0
                Replies Sent: 2
        Total Processor Time: 0.02 seconds
                 System Time: 0.0 seconds

  Agents:
     discovery       rpcutil                        

  Data Plugins:
     agent           fstat                          

  Configuration Management Classes:
     No classes applied

  Facts:
     mcollective => 1

[root@puppetserver activemq]# mco rpc rpcutil agent_inventory -I agent1.rsyslog.org

* [ ============================================================> ] 1 / 1


agent1.rsyslog.org                      
  Agents: [{:author=>"R.I.Pienaar <rip@devco.net>",
            :agent=>"discovery",
            :version=>"2.2.4",
            :license=>"Apache License, Version 2",
            :name=>"Discovery Agent",
            :timeout=>5,
            :description=>"MCollective Discovery Agent",
            :url=>"http://www.marionette-collective.org"},
           {:author=>"R.I.Pienaar <rip@devco.net>",
            :agent=>"rpcutil",
            :version=>"1.0",
            :license=>"Apache License, Version 2.0",
            :name=>"rpcutil",
            :timeout=>10,
            :description=>
             "General helpful actions that expose stats and internals to SimpleRPC clients",
            :url=>"http://marionette-collective.org/"}]



Finished processing 1 / 1 hosts in 87.23 ms

[root@puppetserver activemq]# mco help inventory  #查看某一个命令下的参数

General reporting tool for nodes, collectives and subcollectives
       --script SCRIPT              Script to run
       --list-collectives, --lc     List all known collectives
       --collective-graph, --cg, --map MAP
                                    Create a DOT graph of all collectives

       --np, --no-progress          Do not show the progress bar
   -1, --one                        Send request to only one discovered nodes
       --batch SIZE                 Do requests in batches
       --batch-sleep SECONDS        Sleep time between batches
       --limit-seed NUMBER          Seed value for deterministic random batching
       --limit-nodes, --ln, --limit COUNT
                                    Send request to only a subset of nodes, can be a percentage
   -j, --json                       Produce JSON output
       --display MODE               Influence how results are displayed. One of ok, all or failed
   -c, --config FILE                Load configuratuion from file rather than default
   -v, --verbose                    Be verbose
   -h, --help                       Display this screen

Common Options
   -T, --target COLLECTIVE          Target messages to a specific sub collective
       --dt, --discovery-timeout SECONDS
                                    Timeout for doing discovery
   -t, --timeout SECONDS            Timeout for calling remote agents
   -q, --quiet                      Do not be verbose
       --ttl TTL                    Set the message validity period
       --reply-to TARGET            Set a custom target for replies
       --dm, --disc-method METHOD   Which discovery method to use
       --do, --disc-option OPTION   Options to pass to the discovery method
       --nodes FILE                 List of nodes to address

Host Filters
   -W, --with FILTER                Combined classes and facts filter
   -S, --select FILTER              Compound filter combining facts and classes
   -F, --wf, --with-fact fact=val   Match hosts with a certain fact
   -C, --wc, --with-class CLASS     Match hosts with a certain config management class
   -A, --wa, --with-agent AGENT     Match hosts with a certain agent
   -I, --wi, --with-identity IDENT  Match hosts with a certain configured identity

The Marionette Collective 2.2.4

五、部署MCollective-puppet插件
1、安装puppet插件

#[root@agent1 ~]# yum install mcollective-package-agent mcollective-package-common
[root@agent1 ~]# yum install mcollective-puppet-agent mcollective-puppet-common
#[root@puppetserver ~]# yum install mcollective-package-client mcollective-package-common
[root@puppetserver ~]# yum install mcollective-puppet-client mcollective-puppet-common

2、载入agent插件
[root@agent1 ~]# /etc/rc.d/init.d/mcollective reload-agents
Reloading mcollective agents:                              [  OK  ]

3、查看插件是否载入成功
[root@puppetserver sbin]# mco inventory agent1.rsyslog.org
Inventory for agent1.rsyslog.org:

  Server Statistics:
                     Version: 2.2.4
                  Start Time: Sun Aug 25 14:37:59 +0800 2013
                 Config File: /etc/mcollective/server.cfg
                 Collectives: mcollective
             Main Collective: mcollective
                  Process ID: 11978
              Total Messages: 13
     Messages Passed Filters: 13
           Messages Filtered: 0
            Expired Messages: 0
                Replies Sent: 12
        Total Processor Time: 2.49 seconds
                 System Time: 0.47 seconds

  Agents:
     discovery       package         puppet         #插件已经载入
     rpcutil                                        

  Data Plugins:
     agent           fstat           puppet         
     resource                                       

  Configuration Management Classes:
     No classes applied

  Facts:
     mcollective => 1
4、从MCollective中运行puppet进行测试(触发节点agent运行一次)
注意:所有节点puppetd服务必须关闭
[root@puppetserver sbin]# mco puppet -v runonce   #失败运行的结果
Discovering hosts using the mc method for 2 second(s) .... 0

No request sent, we did not discover any nodes.




---- rpc stats ----
          Nodes: 0 / 0
    Pass / Fail: 0 / 0
     Start Time: Sun Aug 25 14:55:29 +0800 2013
 Discovery Time: 2003.59ms
     Agent Time: 0.00ms
     Total Time: 2003.59ms

[root@puppetserver sbin]# mco puppet -v runonce #更新所有节点

[root@puppetserver sbin]#mco puppet -v runonce agent_client_host1 #更新指定节点 
#成功运行的结果

Discovering hosts using the mc method for 2 second(s) .... 1

* [ ============================================================> ] 1 / 1


agent1.rsyslog.org                     : OK  #成功启动了节点的puppetd进程
   {:summary=>      "Started a background Puppet run using the 'puppet agent --onetime --daemonize --color=false --splay --splaylimit 30' command"}



---- rpc stats ----
          Nodes: 1 / 1
    Pass / Fail: 1 / 0
     Start Time: Sun Aug 25 14:46:04 +0800 2013
 Discovery Time: 2003.13ms
     Agent Time: 1534.35ms
     Total Time: 3537.49ms

[root@agent1 ~]# tailf /var/log/messages   #查看同步情况
[root@agent1 ~]# watch -d /etc/rc.d/init.d/puppet status  #查看节点puppet服务变化情况

六、部署MCollective-facter插件
1、安装facter插件

[root@agent1 ~]# yum install mcollective-facter-facts
[root@agent1 ~]# ll /usr/libexec/mcollective/mcollective/facts/
total 24
-rw-r--r-- 1 root root  422 Feb 21  2013 facter_facts.ddl
-rw-r--r-- 1 root root  945 Feb 21  2013 facter_facts.rb
-rw-r--r-- 1 root root 1530 May 21 01:34 yaml_facts.rb

2、配置MCollective的facter插件
[root@agent1 ~]# vim /etc/mcollective/server.cfg
# Facts
#factsource = yaml
factsource = facter
plugin.yaml = /etc/mcollective/facts.yaml

3、重新启动MCollective服务激活facter
[root@agent1 ~]# /etc/rc.d/init.d/mcollective restart
Shutting down mcollective: 
Starting mcollective:                                      [  OK  ]

4、测试facter插件
[root@puppetserver ~]# mco facts hostname -v  #查看所有节点的主机名
Discovering hosts using the mc method for 2 second(s) .... 3
Report for fact: hostname

       agent1                                  found 1 times

           agent1.rsyslog.org


---- rpc stats ----
          Nodes: 3 / 3
    Pass / Fail: 3 / 0
     Start Time: Sun Aug 25 16:03:36 +0800 2013
 Discovery Time: 2003.23ms
     Agent Time: 55.57ms
     Total Time: 2058.81ms
[root@puppetserver ~]# mco facts operatingsystem -v   #查看所有节点的系统类型
Discovering hosts using the mc method for 2 second(s) .... 3
Report for fact: operatingsystem

       RedHat                                  found 1 times

           agent1.rsyslog.org


---- rpc stats ----
          Nodes: 3 / 3
    Pass / Fail: 3 / 0
     Start Time: Sun Aug 25 16:03:48 +0800 2013
 Discovery Time: 2003.28ms
     Agent Time: 92.51ms
     Total Time: 2095.79ms

[root@puppetserver ~]# mco facts -v --with-fact hostname='agent1' memoryfree  #查看agent1节点的剩余内存
Discovering hosts using the mc method for 2 second(s) .... 1
Report for fact: memoryfree

       1.54 GB                                 found 1 times

           agent1.rsyslog.org


---- rpc stats ----
          Nodes: 1 / 1
    Pass / Fail: 1 / 0
     Start Time: Sun Aug 25 16:05:15 +0800 2013
 Discovery Time: 2001.67ms
     Agent Time: 54.73ms
     Total Time: 2056.40ms

[root@puppetserver ~]# mco facts -v --with-fact  operatingsystem='RedHat' kernelrelease  #查看所有节点系统为RedHat的内核版本信息
Discovering hosts using the mc method for 2 second(s) .... 1
Report for fact: kernelrelease

       2.6.18-308.el5                          found 1 times

           agent1.rsyslog.org


---- rpc stats ----
          Nodes: 1 / 1
    Pass / Fail: 1 / 0
     Start Time: Sun Aug 25 16:09:28 +0800 2013
 Discovery Time: 2003.23ms
     Agent Time: 53.57ms
     Total Time: 2056.80ms

operatingsystemrelease

**********************************************************************************
附加测试:部署多个节点一起测试

1、运行所有系统为RedHat,版本为6的所有节点puppetd服务
[root@puppetserver rhel5]# mco puppet -v runonce   rpc --np -F  lsbmajdistrelease='6' -F operatingsystem='RedHat'  
Discovering hosts using the mc method for 2 second(s) .... 1

agent3.rsyslog.org                     : OK
   {:summary=>      "Started a background Puppet run using the 'puppet agent --onetime --daemonize --color=false --splay --splaylimit 30' command"}



---- rpc stats ----
          Nodes: 1 / 1
    Pass / Fail: 1 / 0
     Start Time: Sun Aug 25 18:39:23 +0800 2013
 Discovery Time: 2003.41ms
     Agent Time: 1353.21ms
     Total Time: 3356.62ms

2、运行所有系统为RedHat,kernel版本为2.6.18的所有节点puppetd服务
[root@puppetserver rhel5]# mco puppet -v runonce   rpc --np -F  kernelversion='2.6.18'  - -F operatingsystem='RedHat'
Discovering hosts using the mc method for 2 second(s) .... 2

agent2.rsyslog.org                     : OK
   {:summary=>      "Started a background Puppet run using the 'puppet agent --onetime --daemonize --color=false --splay --splaylimit 30' command"}

agent1.rsyslog.org                     : OK
   {:summary=>      "Started a background Puppet run using the 'puppet agent --onetime --daemonize --color=false --splay --splaylimit 30' command"}



---- rpc stats ----
          Nodes: 2 / 2
    Pass / Fail: 2 / 0
     Start Time: Sun Aug 25 18:44:58 +0800 2013
 Discovery Time: 2003.31ms
     Agent Time: 1470.12ms
     Total Time: 3473.43ms


相关文章推荐

PUPPET安装配置MCollective+ActiveMQ——实际部署案例

序:     基于Puppet安装完成后,安装配置MCollective+ActiveMQ,本篇文章适合直接上手操作,提供详细命令复制执行即可。     关于部署的详细理论指导,可以查看本博客中《P...

通过MCollective更加安全地实现puppet的推送更新功能

1 介绍 1.1 Mcollective介绍 MCollective 是一个构建服务器编排(Server Orchestration)和并行工作执行系统的框架。 首先,MCollective 是...

puppet结合Mcollective + activemq

Mcollecitve+activemq安装配置比较繁琐,本来想在windowshan

记录puppet mcollective 构建过程

配置activemq用数字代表对应的主,客户端 1 ===> master 2 ===> agent 查看配置信息 1. sudo puppet master –configpri...

更安全的部署SSL证书

更安全的部署SSL证书 关于SSL证书安装部署指南通过搜索引擎能找出很多,大家认为现在SSL部署变得越来越简单,一些技术人员写的博客基本上都可以完成一个SSL证书在各类服务器上的部署。尽管SSL与H...

更安全的部署SSL证书

关于SSL证书安装部署指南通过搜索引擎能找出很多,大家认为现在SSL部署变得越来越简单,一些技术人员写的博客基本上都可以完成一个SSL证书在各类服务器上的部署。尽管SSL与HTTPS服务于各行业站点做...

如何部署SSL服务器证书更安全

 很多人经常跟我提起,现在SSL部署变得越来越简单,大部分的时候通过搜索引擎或者通过阅读一些技术人员写的博客基本上都可以完成一个SSL证书在各类服务器上的部署。尽管SSL与HTTPS服务于各行业...

LocalBroadcastManager—创建更高效、更安全的广播

前言在写Android应用时候,有时候或多或少的需要运用广播来解决某些需求,我们知道广播有一个特性,就是使用sendBroadcast(intent);发送广播时,手机内所有注册了BroadcastR...

使用puppet 部署elk

  • 2017-04-27 11:12
  • 1.28MB
  • 下载

第一篇,初识puppet,安装部署

现如今puppet已经是运用比较广泛的配置管理工具,具体的我就不去复制网上的信息了,这在百度百科讲解的很是完全:http://baike.baidu.com/view/1794764.htm 在这里...
内容举报
返回顶部
收藏助手
不良信息举报
您举报文章:深度学习:神经网络中的前向传播和反向传播算法推导
举报原因:
原因补充:

(最多只允许输入30个字)