准备Puppet6需要的包
- 登录一台能够连接互联网的centos6机器,依次执行以下命令
yum install yum-plugin-downloadonly
rpm -Uvh https://yum.puppet.com/puppet6/puppet6-release-el-6.noarch.rpm
yum install --downloadonly --downloaddir=/home/ puppetserver
2. 进入/home/下面,应该能看到puppet6安装需要的包
安装puppet-server
Puppet架构由server和client组成,下面的例子使用了2台机器,分别作server何client。
192.168.121.129
192.168.121.130
Hosts文件内容如下:
- 在192.168.121.129上安装puppet-server
rpm -ivh java-1.8.0-openjdk-headless-1.8.0.191.b12-0.el6_10.x86_64.rpm
rpm -ivh puppet-agent-6.1.0-1.el6.x86_64.rpm
rpm -ivh puppetserver-6.1.0-1.el6.noarch.rpm
2. 启动puppet-server
service puppetserver start
安装puppet-client
- 在192.168.121.130上安装puppet-client
rpm -ivh puppet-agent-6.1.0-1.el6.x86_64.rpm
2. 将puppet命令添加至path,在/etc/profile中追加:
export PATH=/opt/puppetlabs/bin:$PATH
3. 配置client
puppet config set server es-node1.localdomain
puppet config set certname es-node2
管理证书签名请求
- 在puppet-client上执行 puppet agent -t
- 在puppet-server上执行puppetserver ca list,能够显示请求的证书
3. 在puppet-server上执行puppetserver ca sign --certname es-node2,显示成功签名证书:
4. 在puppet-client上再次执行puppet agent -t,显示下面的信息
至此,puppet6已经搭建完成。
安装puppet-elasticsearch
登录puppet forge网站,
- 下载puppet-elasticsearch模块:https://forge.puppet.com/elastic/elasticsearch/6.2.2
- 下载datacat模块:https://forge.puppet.com/richardc/datacat
- 下载java_ks模块:https://forge.puppetlabs.com/puppetlabs/java_ks
在puppet-server上执行以下命令安装模块:
puppet module install elastic-elasticsearch-6.2.2.tar.gz --ignore-dependencies
puppet module install puppetlabs-java_ks-2.3.0.tar.gz --ignore-dependencies
puppet module install richardc-datacat-0.6.2.tar.gz --ignore-dependencies
自动化部署elasticsearch
- 去elasticsearch官网下载elasticsearch-6.1.3.rpm以及x-pack-6.1.3.zip,并拷贝至puppet-server上的
/etc/puppetlabs/code/environments/production/modules/elasticsearch/files目录下。
2. 创建CA、node certificate以及private key文件,将其拷贝至上一步中的目录下
3. 在/etc/puppetlabs/code/environments/production/manifests目录,创建site.pp文件:
class { 'elasticsearch':
package_url => 'puppet:///modules/elasticsearch/elasticsearch-6.1.3.rpm',
restart_config_change => true,
security_plugin => 'x-pack'
}
file { "/path/to/ca.crt":
mode => '777',
owner => root,
group => root,
source => "puppet:///modules/elasticsearch/ca.crt",
}
file { "/path/to/instance.crt":
mode => '777',
owner => root,
group => root,
source => "puppet:///modules/elasticsearch/instance.crt",
}
file { "/path/to/instance.key":
mode => '777',
owner => root,
group => root,
source => "puppet:///modules/elasticsearch/instance.key",
}
elasticsearch::instance { 'es-01':
config => {
'cluster.name' => 'es-test',
'network.host' => '0.0.0.0',
'bootstrap.system_call_filter' => 'false',
'discovery.zen.ping.unicast.hosts' => ["192.168.121.129:9300","192.168.121.130:9300"],
'xpack.security.transport.ssl.verification_mode' => 'certificate',
'xpack.security.transport.ssl.enabled' => true,
'xpack.security.http.ssl.enabled' => false,
'http.cors.enabled' => true,
'http.cors.allow-origin' => "*",
'http.cors.allow-credentials' => true,
'http.cors.allow-headers' => 'Authorization, X-Requested-With,X-Auth-Token,Content-Type, Content-Length'
},
ssl => true,
ca_certificate => '/path/to/ca.crt',
certificate => '/path/to/instance.crt',
private_key => '/path/to/instance.key',
keystore_password => '123456'
}
elasticsearch::instance { 'es-02':
config => {
'cluster.name' => 'es-test',
'network.host' => '0.0.0.0',
'bootstrap.system_call_filter' => 'false',
'discovery.zen.ping.unicast.hosts' => ["192.168.121.129:9300","192.168.121.130:9300"],
'xpack.security.transport.ssl.verification_mode' => 'certificate',
'xpack.security.transport.ssl.enabled' => true,
'xpack.security.http.ssl.enabled' => false
},
ssl => true,
ca_certificate => '/path/to/ca.crt',
certificate => '/path/to/instance.crt',
private_key => '/path/to/instance.key',
keystore_password => '123456'
}
elasticsearch::plugin { 'x-pack':
instances => ['es-01','es-02'],
source => 'puppet:///modules/elasticsearch/x-pack-6.1.3.zip'
}
elasticsearch::user { 'wangqh':
password => '123456',
roles => ['superuser'],
}
- 登录puppet-agent,执行puppet agent -t命令。
- 检查es是否安装并且运行。使用wangqh/123456登录es修改内置的elastic用户的密码。
- 注册license:
curl -XPUT -u elastic 'http://192.168.121.129:9200/_xpack/license' -H "Content-Type: application/json" -d @license.json