puppet 基于单节点master横向扩展

已于 2024-07-15 22:22:11 修改
阅读量646 收藏 6
点赞数 9
文章标签: puppet 运维 自动化 云计算
于 2024-07-15 22:17:10 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/weixin_46546303/article/details/140448703
版权

本章是基于单台master使用apache代理转发后端两台虚拟机
服务器系统:ubuntu16.04
安装软件包:puppetmaster-passenger (3.8.5-2ubuntu0.1)
###备注:
ubuntu 16 puppet服务由:puppetmaster 提供master服务,puppet软件包提供agent服务,所以如果需要部署基于webrick http服务的puppet master直接安装软件包即可

apt-get install puppetmaster

序言:

当我们使用包安装puppetmaster之后,启动puppet master服务后。默认情况下,puppet使用基于Ruby的Webrick http服务器,puppet自带的	Webrick模是用户不需要单独安装http服务器就能运行master服务。webrick虽然方便,但是不具备扩展能力,因而只适用于对puppet进行测试、评估和开发。生产环境中,需要使用更健壮的web服务器(如apahce或nginx)来处理大量用户请求。

服务部署

部署前准备:

如果在部署前已经安装puppetmaster,需要先把此服务停止

/etc/init.d/puppetmaster  stop

安装软件包

我是在未安装puppetmaster,所以直接安装puppetmaster-passenger

root@xxxx: apt-get install puppetmaster-passenger
........
apache2_invoke: Enable module passenger
Setting up ruby-augeas (1:0.5.0-3build4) ...
Setting up ruby-nokogiri (1.6.7.2-3ubuntu0.1) ...
Setting up ruby-rgen (0.7.0-2) ...
Setting up ruby-safe-yaml (1.0.4-1) ...
Setting up ruby-shadow (2.4.1-1build4) ...
Setting up puppet-common (3.8.5-2ubuntu0.1) ...
Setting up puppetmaster-common (3.8.5-2ubuntu0.1) ...
Setting up puppetmaster-passenger (3.8.5-2ubuntu0.1) ...
apache2_invoke: Enable module ssl
apache2_invoke: Enable module headers
Notice: Signed certificate request for ca
Notice: cnabdabpdu0e-12-37 has a waiting certificate request
Notice: Signed certificate request for cnabdabpdu0e-12-37
Notice: Removing file Puppet::SSL::CertificateRequest cnabdabpdu0e-12-37 at '/var/lib/puppet/ssl/ca/requests/cnabdabpdu0e-12-37.pem'
Notice: Removing file Puppet::SSL::CertificateRequest cnabdabpdu0e-12-37 at '/var/lib/puppet/ssl/certificate_requests/cnabdabpdu0e-12-37.pem'
apache2_invoke: Enable site puppetmaster
Setting up ruby-i18n (0.7.0-2) ...
Setting up ruby-atomic (1.1.16-2build5) ...
Setting up ruby-thread-safe (0.3.5-3) ...
Setting up ruby-tzinfo (1.2.2-1) ...
Setting up ruby-activesupport (2:4.2.6-1) ...
Setting up ruby-blankslate (3.1.3-1) ...
Setting up ruby-builder (3.2.2-4) ...
Setting up ruby-activemodel (2:4.2.6-1) ...
Setting up ruby-arel (6.0.3-2) ...
Setting up ruby-activerecord (2:4.2.6-1) ...
Setting up ruby-activerecord-deprecated-finders (1.0.4-1) ...
Setting up ruby-selinux (2.4-3build2) ...
Processing triggers for libc-bin (2.23-0ubuntu10) ...
Processing triggers for systemd (229-4ubuntu21.4) ...
Processing triggers for ureadahead (0.100.0-19) ...
Processing triggers for ufw (0.35-0ubuntu2) ...

######备注:
从安装软件包过程可以看出软件在安装时自动调用passenger、ssl模块,并为自己注册了证书。软件包安装完成之后会自动启动apache2服务,启动8140端口。

root@xxx~#: puppet  cert list -a
+ "xxxx" (SHA256) 76:72:24:FC:11:2A:BC:EE:B4:32:90:5C:86:80:DC:C6:F5:37:50:DE:BA:AF:99:FE:F6:92:B7:2F:E4:74:F7:47

业务场景

场景一:基础安装使用

当master安装好之后,服务自动启动,自动生成默认配置文件,服务就可以使用了

root@xxx:~# tree  /etc/puppet/
/etc/puppet/
├── auth.conf
├── etckeeper-commit-post
├── etckeeper-commit-pre
├── fileserver.conf
├── manifests
├── modules
└── puppet.conf

2 directories, 5 files

也可网页访问,返回如下界面:https://puppetmasterip:8140
在这里插入图片描述

场景二:基于场景一,修改数据存储目录

由于puppet存放认证文件和其他相关数据目录默认在/var/lib/puppet目录;数据存放在根目录下,由于业务特性puppet管理主机肯定不止几台或者几十台。所以需要提考虑存放数据的目录变更到空间更大的数据盘存放,最好不要存放在根目录。

停服务

未防止操作时有新的数据写入,所以先停止puppetmaster

root@xxx:~# /etc/init.d/apache2 stop                ##puppetmaster服务由apache启动,所以直接停止apache2即可
[ ok ] Stopping apache2 (via systemctl): apache2.service.
改配置
  • 修改puppet.conf
    配置文件如下:
root@xxx~#:  /etc/puppet# cat puppet.conf
[main]
#logdir=/var/log/puppet
logdir=/work/app/puppet/log

#vardir=/var/lib/puppet
vardir=/work/app/puppet

ssldir=/work/app/puppet/ssl
#ssldir=/var/lib/puppet/ssl

rundir=/run/puppet
factpath=$vardir/lib/facter
prerun_command=/etc/puppet/etckeeper-commit-pre
postrun_command=/etc/puppet/etckeeper-commit-post
autosign=true
autosign = /etc/puppet/autosign.conf
environmentpath = $confdir/environments       

[master]
# These are needed when the puppetmaster is run by passenger
# and can safely be removed if webrick is used.
ssl_client_header = SSL_CLIENT_S_DN 
ssl_client_verify_header = SSL_CLIENT_VERIFY
certname = pupprtmaster_hostname                                            ##这里需要修改成自己服务器主机名
ca      =  true
  • 修改主机名映射:
vim  /etc/hosts
.....
10.xx.xx.xx.xx   server_hostname
  • 修改rack配置文件config.ru
root@xxx~#: vim  /usr/share/puppet/rack/puppetmasterd/config.ru 
# a config.ru, for use with every rack-compatible webserver.
# SSL needs to be handled outside this, though.

# if puppet is not in your RUBYLIB:
# $LOAD_PATH.unshift('/opt/puppet/lib')

$0 = "master"

# if you want debugging:
# ARGV << "--debug"

ARGV << "--rack"

# Rack applications typically don't start as root.  Set --confdir and --vardir
# to prevent reading configuration from ~puppet/.puppet/puppet.conf and writing
# to ~puppet/.puppet
ARGV << "--confdir" << "/etc/puppet"
#ARGV << "--vardir"  << "/var/lib/puppet"
ARGV << "--vardir"  << "/work/app/puppet"         ###修改位置

# NOTE: it's unfortunate that we have to use the "CommandLine" class
#  here to launch the app, but it contains some initialization logic
#  (such as triggering the parsing of the config file) that is very
#  important.  We should do something less nasty here when we've
#  gotten our API and settings initialization logic cleaned up.
#
# Also note that the "$0 = master" line up near the top here is
#  the magic that allows the CommandLine class to know that it's
#  supposed to be running master.
#
# --cprice 2012-05-22

require 'puppet/util/command_line'
# we're usually running inside a Rack::Builder.new {} block,
# therefore we need to call run *here*.
run Puppet::Util::CommandLine.new.execute
  • 修改puppetmaster.conf
root@xxx~#: vim /etc/apache2/sites-available/puppetmaster.conf
# This Apache 2 virtual host config shows how to use Puppet as a Rack
# application via Passenger. See
# http://docs.puppetlabs.com/guides/passenger.html for more information.

# You can also use the included config.ru file to run Puppet with other Rack
# servers instead of Passenger.
#Add defaultCharset=utf-8

AddDefaultCharset utf8
# you probably want to tune these settings
PassengerHighPerformance on
PassengerMaxPoolSize 12
PassengerPoolIdleTime 1500
# PassengerMaxRequests 1000
PassengerStatThrottleRate 120

Listen 8140

<VirtualHost *:8140>
        SSLEngine on
        SSLProtocol             ALL -SSLv2 -SSLv3
        SSLCipherSuite          EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
        SSLHonorCipherOrder     on

#        SSLCertificateFile      /var/lib/puppet/ssl/certs/xxxxxx.pem            ####把xxxxxx替换成自己主机名
        SSLCertificateFile      /work/app/puppet/ssl/certs/xxxxxx.pem

#       SSLCertificateKeyFile   /var/lib/puppet/ssl/private_keys/xxxxxx.pem     
        SSLCertificateKeyFile   /work/app/puppet/ssl/private_keys/xxxxxx.pem

#        SSLCertificateChainFile /var/lib/puppet/ssl/certs/ca.pem
        SSLCertificateChainFile /work/app/puppet/ssl/certs/ca.pem

#        SSLCACertificateFile    /var/lib/puppet/ssl/certs/ca.pem
        SSLCACertificateFile    /work/app/puppet/ssl/certs/ca.pem

        # If Apache complains about invalid signatures on the CRL, you can try disabling
        # CRL checking by commenting the next line, but this is not recommended.
#        SSLCARevocationFile     /var/lib/puppet/ssl/ca/ca_crl.pem
        SSLCARevocationFile     /work/app/puppet/ssl/ca/ca_crl.pem

        # Apache 2.4 introduces the SSLCARevocationCheck directive and sets it to none
        # which effectively disables CRL checking; if you are using Apache 2.4+ you must
        # specify 'SSLCARevocationCheck chain' to actually use the CRL.
        # SSLCARevocationCheck chain
        SSLVerifyClient optional
        SSLVerifyDepth  1
        # The `ExportCertData` option is needed for agent certificate expiration warnings
        SSLOptions +StdEnvVars +ExportCertData

        # This header needs to be set if using a loadbalancer or proxy
        RequestHeader unset X-Forwarded-For

        RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
        RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
        RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e

        DocumentRoot /usr/share/puppet/rack/puppetmasterd/public/
        RackBaseURI /
        <Directory /usr/share/puppet/rack/puppetmasterd/>
                Options None
                AllowOverride None
                Order allow,deny
                allow from all
        </Directory>
</VirtualHost>
  • 创建数据路径
root@xxx~#: mkdir  -p /work/app/puppet
root@xxx~#: chown puppet:puppet   /work/app/puppet
root@xxx~#: mv /var/lib/puppet/*    /work/app/puppet
root@xxx~#:  /etc/init.d/apache2 start              ###重启验证服务
场景三,基于场景二扩展成代理+两个后端虚机
停服务
root@xxx~#: /etc/init.d/apache2 stop                ##puppetmaster服务由apache启动,所以直接停止apache2即可
[ ok ] Stopping apache2 (via systemctl): apache2.service.
创建配置文件
  • 创建proxy配置文件
root@xxx~#: vim /etc/apache2/sites-enabled/puppetmaster_proxy.conf
# This Apache 2 virtual host config shows how to use Puppet as a Rack
# application via Passenger. See
# http://docs.puppetlabs.com/guides/passenger.html for more information.

# You can also use the included config.ru file to run Puppet with other Rack
# servers instead of Passenger.

# you probably want to tune these settings

PassengerHighPerformance on
PassengerMaxPoolSize 108
PassengerPoolIdleTime 1500
PassengerMaxRequests 1000
PassengerStatThrottleRate 120



<Proxy balancer://puppetmaster>
  BalancerMember http://127.0.0.1:8141
  BalancerMember http://127.0.0.1:8142
</Proxy>

Listen 8140

<VirtualHost *:8140>
        SSLEngine on
        SSLProtocol             ALL -SSLv2 -SSLv3
        SSLCipherSuite          EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
        
        SSLHonorCipherOrder     on

#        SSLCertificateFile      /var/lib/puppet/ssl/certs/xxxxxx.pem      
        SSLCertificateFile      /work/app/puppet/ssl/certs/xxxxxx.pem   ##替换成自己的主机名

#       SSLCertificateKeyFile   /var/lib/puppet/ssl/private_keys/xxxxxx.pem
        SSLCertificateKeyFile   /work/app/puppet/ssl/private_keys/xxxxxx.pem

#        SSLCertificateChainFile /var/lib/puppet/ssl/certs/ca.pem
        SSLCertificateChainFile /work/app/puppet/ssl/certs/ca.pem

#        SSLCACertificateFile    /var/lib/puppet/ssl/certs/ca.pem
        SSLCACertificateFile    /work/app/puppet/ssl/certs/ca.pem

        # If Apache complains about invalid signatures on the CRL, you can try disabling
        # CRL checking by commenting the next line, but this is not recommended.

#        SSLCARevocationFile     /var/lib/puppet/ssl/ca/ca_crl.pem
        SSLCARevocationFile     /work/app/puppet/ssl/ca/ca_crl.pem

        # Apache 2.4 introduces the SSLCARevocationCheck directive and sets it to none
        # which effectively disables CRL checking; if you are using Apache 2.4+ you must
        # specify 'SSLCARevocationCheck chain' to actually use the CRL.
        
#        SSLCARevocationCheck none

        SSLVerifyClient optional
        SSLVerifyDepth  1
        # The `ExportCertData` option is needed for agent certificate expiration warnings
        SSLOptions +StdEnvVars +ExportCertData

        # This header needs to be set if using a loadbalancer or proxy
        RequestHeader unset X-Forwarded-For

        RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
        RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
        RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e


        <Location />
          SetHandler balancer-manager
          Order allow,deny
          Allow from all
        </Location>

       ProxyPass / balancer://puppetmaster/
       ProxyPassReverse / balancer://puppetmaster/
       ProxyPreserveHost On

  # log settings
       ErrorLog /var/log/apache2/balancer_error.log
       CustomLog /var/log/apache2/balancer_access.log combined
       CustomLog /var/log/apache2/balancer_ssl_requests.log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"



#        DocumentRoot /usr/share/puppet/rack/puppetmasterd/public/
#        RackBaseURI /
#        <Directory /usr/share/puppet/rack/puppetmasterd/>
#                Options None
#                AllowOverride None
#                Order allow,deny
#                allow from all
#        </Directory>
</VirtualHost>
  • 创建后端虚机
    backend1
root@xxx~#:  vim /etc/apache2/sites-enabled/puppetmaster_backend_8141.conf
Listen 8141

<VirtualHost 127.0.0.1:8141>
        SSLEngine off
        SetEnvIf X-Client-Verify "(.*)" SSL_CLIENT_VERIFY=$1
        SetEnvIf X-SSL-Client-DN "(.*)" SSL_CLIENT_S_DN=$1

        PassengerEnabled On
        DocumentRoot /usr/share/puppet/rack/puppetmasterd_backend_8141/public/
        RackBaseURI /
        <Directory /usr/share/puppet/rack/puppetmasterd_backend_8141/>
                Options None
                AllowOverride None
                Order allow,deny
                allow from all
        </Directory>
        # log settings
        ErrorLog /var/log/apache2/puppetmasterd_backend_8141.error.log
        CustomLog /var/log/apache2/puppetmasterd_backend_8141_access.log combined

</VirtualHost>

backend2

root@xxx~#:  vim /etc/apache2/sites-enabled/puppetmaster_backend_8142.conf
Listen 8142

<VirtualHost 127.0.0.1:8142>
        SSLEngine off
        SetEnvIf X-Client-Verify "(.*)" SSL_CLIENT_VERIFY=$1
        SetEnvIf X-SSL-Client-DN "(.*)" SSL_CLIENT_S_DN=$1

        PassengerEnabled On
        DocumentRoot /usr/share/puppet/rack/puppetmasterd_backend_8142/public/
        RackBaseURI /
        <Directory /usr/share/puppet/rack/puppetmasterd_backend_8142/>
                Options None
                AllowOverride None
                Order allow,deny
                allow from all
        </Directory>
        # log settings
        ErrorLog /var/log/apache2/puppetmasterd_backend_8142.error.log
        CustomLog /var/log/apache2/puppetmasterd_backend_8142_access.log combined

</VirtualHost>
  • 创建rack目录和配置文件
root@xxx~#:  mkdir -p /usr/share/puppet/rack/puppetmasterd_backend_814{1,2}/{public,tmp}
root@xxx~#:  cp  /usr/share/puppet/rack/puppetmasterd/config.ru /usr/share/puppet/rack/puppetmasterd_backend_814{1,2}/
root@xxx~#:  chown puppet:puppet   /usr/share/puppet/rack/puppetmasterd_backend_814{1,2}/config.ru
加载模块
root@xxx~#:   cd  /etc/apache2/mods-enabled
root@xxx~#:   ln -s ../mods-available/proxy.conf proxy.conf
root@xxx~#:   ln -s ../mods-available/proxy.load proxy.load
root@xxx~#:   ln -s ../mods-available/proxy_balancer.conf proxy_balancer.conf 
root@xxx~#:   ln -s ../mods-available/proxy_balancer.load proxy_balancer.load
root@xxx~#:   ln -s ../mods-available/proxy_http.load proxy_http.load
root@xxx~#:   ln -s ../mods-available/slotmem_shm.load  slotmem_shm.load
root@xxx~#:   ln -s ../mods-available/lbmethod_byrequests.load  lbmethod_byrequests.load
修改puppet.conf文件
root@xxx~#:  vim /etc/puppet/puppet.conf
[main]
#logdir=/var/log/puppet
logdir=/work/app/puppet/log

#vardir=/var/lib/puppet
vardir=/work/app/puppet

ssldir=/work/app/puppet/ssl
#ssldir=/var/lib/puppet/ssl

rundir=/run/puppet
factpath=$vardir/lib/facter
prerun_command=/etc/puppet/etckeeper-commit-pre
postrun_command=/etc/puppet/etckeeper-commit-post
autosign=true
autosign = /etc/puppet/autosign.conf
environmentpath = $confdir/environments       

[master]
# These are needed when the puppetmaster is run by passenger
# and can safely be removed if webrick is used.
#ssl_client_header = SSL_CLIENT_S_DN        ###注释这行
#ssl_client_verify_header = SSL_CLIENT_VERIFY  ###注释这行
certname = pupprtmaster_hostname                                            ##这里需要修改成自己服务器主机名
ca      =  true
启动服务
root@xxx~#:    /etc/init.d/apache2 start

问题分析

  1. 服务器无法启动
  • 日志显示报错:

apache2: Could not reliably determine the server’s fully qualified domain name, using 10.xx.xx.xx. Set the ‘ServerName’ directive globally to suppress this message

Output
● apache2.service - The Apache HTTP Server
   Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
  Drop-In: /lib/systemd/system/apache2.service.d
           └─apache2-systemd.conf
   Active: active (running) since Wed 2024-07-15 14:30:03 UTC; 33min ago
  Process: 34 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCESS)
 Main PID: 46 (apache2)
    Tasks: 55 (limit: 2344)
   CGroup: /system.slice/apache2.service
           ├─46 /usr/sbin/apache2 -k start
           ├─47 /usr/sbin/apache2 -k start
           └─48 /usr/sbin/apache2 -k start

Jul 15 14:30:03 68e2cf19f3f1 systemd[1]: Starting The Apache HTTP Server...
Jul  1514:30:03 68e2cf19f3f1 apachectl[34]: AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 10.xx.xx.xx. Set the 'ServerName' directive globally to suppress this message
Jul 15 14:30:03 68e2cf19f3f1 systemd[1]: Started The Apache HTTP Server.
  • 临时解决方案:
root@xxx~#: vim /etc/apache2/sites-enabled/puppetmaster_proxy.conf
ServerName  10.xx.xx.xx

2.模块缺失:

  • slotmem_shm
    日志显示报错:
    Failed to lookup provider ‘shm’ for ‘slotmem’: is mod_slotmem_shm loaded??

解决方案:

root@xxx~#:   cd  /etc/apache2/mods-enabled
root@xxx~#:   ln -s ../mods-available/slotmem_shm.load  slotmem_shm.load
  • byrequests
    日志显示报错:
    Cannot find LB Method: byrequests
    [proxy_balancer:emerg] [pid 503886:tid 140037069854592] (22)Invalid argument: AH01183: Cannot share balancer
  • 解决方案
root@xxx~#:   cd  /etc/apache2/mods-enabled
root@xxx~#:   ln -s ../mods-available/lbmethod_byrequests.load  lbmethod_byrequests.load

3.agent同步报错:

  • 报错信息:
    Error: Could not request certificate: Error 403 on SERVER: Forbidden request: localhost(127.0.0.1) access to /certificate_revocation_list/ca [find] at :122

  • 解决方案
    注释下边两行

root@xxx~#:  vim /etc/puppet/puppet.conf
[master]
#ssl_client_header = SSL_CLIENT_S_DN        ###注释这行
#ssl_client_verify_header = SSL_CLIENT_VERIFY  ###注释这行

root@xxx~#:   /etc/init.d/apache2  restart
weixin_46546303
关注
  • 9
    点赞
  • 6
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
深入理解容器技术:容器技术已经成为企业IT架构不可或缺的一部分。容器技术能够提供比虚拟机更轻量级的隔离环境,并
禅与计算机程序设计艺术
07-28 1130
容器技术已经成为企业IT架构不可或缺的一部分,并且在企业内部、外部、硬件设备上得到广泛应用。容器化技术是一种基于操作系统层面的虚拟化技术,它将应用程序和其运行环境打包成一个完整的镜像,通过容器引擎的管理,可以实现跨主机、跨网络的部署和资源隔离。随着容器技术越来越流行,国内外相关知识和产业也都在不断的变化之中。因此,了解容器技术,包括其基本概念、技术方案、生态系统等,对于架构师、运维工程师、开发工程师都非常重要。
《Gpu Gems》《Gpu Pro》《Gpu Zen》系列读书笔记
puppet_master的专栏
02-13 1万+
本篇blog简记录了一下最近一两年一直在读的一系列书目。《Gpu Gems》1-3三部,《Gpu Pro》1-7七部,《Gpu Zen》一部。针对每一项渲染技术,进行全系列书的总结,从这个角度来看,可以看到一项技术,近十五六年来的进化过程。
Puppet扩展篇6-通过横向扩展puppetmaster增加架构的灵活性
weixin_33916256的博客
11-15 149
零基础学习Puppet自动化配置管理系列文档 puppetmaster横向扩展将采用以下架构进行部署,也可以参考《puppet实战》第246页的内容。 puppet集群扩展架构图 主机IP地址信息机用途表 puppet集群扩展架构图 工作原理: 客户端通过配置ca_server指定CA服务器,以达到独立CA服务器的目的。 CA服务...
Advacned Puppet: Puppet Master性能调优
weixin_33972649的博客
08-28 114
本文是Advanced Puppet系列的第一篇:Puppet master性能调优,谈一谈如何优化和提高C/S架构下master端的性能。 故事情节往往惊人地类似:你是一名使用Puppet管理线上业务的DevOps工程师,随着公司的业务发展,你所管理的集群规模日益扩大。终于某一天,你突然发现执行一次puppet agent -vt的时间长得不可接受,多台agent并发运行时竟然会有节点运行失败...
从入门到精通Puppet的实践之路
weixin_33725272的博客
07-11 145
本文有感于《精通Puppet配置管理工具》在豆瓣上的某些差评而顺手写的书评。    半路出家       故事要从12年初说起。   某天,部门老大让我所在team的老大调研一下当下业界的配置管理工具。于是我的老大给我分配了一个棘手的任务,要求我转型去做devops,并尝试在本季度内使用Puppet来管理现有的IAAS内部平台上的所有业务,工作成果计入KPI。      于是,我半路出家从d...
【高级篇】第10章 Elasticsearch 集群管理与扩展
David的博客
07-04 887
至此,我们的旅程告一段落。从基础概念到高级应用,从数据管理策略到安全监控,再到集群的精细化管理,我们一同探索了Elasticsearch的广阔天地。希望这本书能够成为你掌握Elasticsearch的得力助手,助你在数据的海洋中扬帆远航,探索无限可能。记住,数据的力量在于驾驭,而驾驭数据的艺术,则在于不断学习与实践。愿你在未来的数据之旅中,乘风破浪,一往无前!
Puppetmaster高可用和可扩展的方案设计
weixin_34088598的博客
06-20 128
Puppet是当前devops中常用于管理系统配置和应用部署,多数会使用其C/S架构的方式来进行部署,其中puppetmaster是集群中配置管理的核心节点。在实际的生产环境中,如果因为master节点性能不够或者发生意外宕机,可能会影响到实际业务,因此维护一个高可用和可扩展puppetmaster池子是一个首要任务。 这里我使用了一种常规的方案:前端使用apache/nginx做负载均衡...
《Hadoop Operations》读书笔记 - 3 - 第四章 规划集群
热门推荐
好学若饥,谦卑若愚
06-03 4万+
选择 Hadoop 发布以及版本 计划部署 Hadoop 集群的第一件事情就是选择 Hadoop 的发布和版本。需要开发人员、分析师、以及BI类其他系统共同来决定。 一般提到 Hadoop 往往除了 Hadoop 核心外,还会需要其生态圈的其它组成部分。所有这些组成部分必须要考虑到兼容性的问题,包括二进制兼容和API兼容。 Apache Hadoop 在 1.0 以前,Apache 很久才
OpenStack在天河二号的大规模部署实践(转)
weixin_33700350的博客
03-29 186
2019独角兽企业重金招聘Python工程师标准>>> ...
puppet_master
07-11
Compile masters 包含 Puppet cataolg 编译服务和​​一个 ActiveMQ Spoke。 编译主机将所有证书流量重定向到 MOM。 特工永远不会与妈妈沟通! 代理仅与编译主机通信。 Compile masters 设计为位于具有公共 VIP ...
puppet-mesos:用于管理Mesos节点Puppet模块
03-02
Mesos人偶模块 兼容性注意:当前版本(0.6.x)要求puppetlabs-apt >= 2.1.0 ,该API... ' 192.168.1.2 ' , ' 192.168.1.3 ' ],}class { 'mesos::master' : work_dir => ' /var/lib/mesos ' , options => { quorum => 2
puppet_master_manager
06-11
puppet_master_manager 目录 概述 PE3.7.1 中管理主动/被动主对的模块。 模块说明 模块在 Active 上设置 incrond 和 Postgresql 转储。 模块管理被动的证书。 设置 puppet_master_manager 影响什么 Incrond 和 ...
puppet-sandbox:基于Vagrant的Puppet开发环境,用于创建新模块
05-02
Puppet Sandbox是一个基于多VM 的Puppet开发环境,用于在生产环境之外创建和测试新模块。 它比上游更受青睐,因为它为您提供了更大的灵活性,并允许您使用自己的本地编辑环境和工具。 Puppet Sandbox将设置三个独...
puppet-rundeck-python:使用Puppet节点饲料Rundeck
05-17
节点描述基于Puppet事实,并从puppet编写的yaml节点报告中读取。 输出文件遵循。 事实(自定义与否)可以随意添加,然后可以在Rundeck节点筛选器中使用。 最终的yaml文件应公开给内部地址,用作Rundeck项目节点...
使用Puppeteer进行数据抓取保存为JSON
Z_suger7的博客
07-09 667
Puppeteer是由Google Chrome团队开发的一个Node库,它提供了一个高级API来控制Chrome或Chromium的无头版本。Puppeteer能够执行各种任务,包括页面导航、内容抓取、屏幕截图、PDF生成等。本文介绍了使用Puppeteer进行网页内容的抓取,并通过日志记录和JSON文件保存的方式,展示了整个数据抓取过程的实现。Puppeteer的强大功能和灵活性使其成为自动化网页测试和数据抓取的理想选择。
高级Puppet manifest编写和模块化管理:构建高效可靠的自动化运维平台
最新发布
weixin_39372311的博客
07-13 710
Puppet manifest是使用Puppet语言编写的脚本,用于定义系统状态。Manifest包含资源、类和模块,用于描述系统配置、软件安装和服务管理等。Puppet是一种功能强大的开源自动化运维工具,可以帮助企业自动化IT基础设施的配置和管理。通过使用高级Puppet manifest编写技巧和模块化管理方法,我们可以构建高效可靠的自动化运维平台,提高IT系统的可用性和性能。通过遵循最佳实践,我们可以更有效地使用Puppet,提高自动化运维的效率和质量。
【持续集成_05课_Linux部署SonarQube及结合开发项目部署】
weixin_42333261的博客
07-12 157
前置条件:sonarQube不能使用root账号进行启动,所以需要创建普通用户及。3)CMD上传qube文件-不能传到home路径下哦。2)添加用户、组名、密码。4)检查并解压上传的包。
Nginx七层(应用层)反向代理:UWSGI代理uwsgi_pass篇
jclee95的个人博客
07-10 1099
Nginx提供了多种应用层反向代理支持,包括proxy_pass、uwsgi_pass、fastcgi_pass和scgi_pass等。其中,proxy_pass指令可以接受一个URL参数,用于实现对HTTP/HTTPS协议的反向代理;uwsgi_pass用于代理到uWSGI应用服务器;fastcgi_pass用于代理到FastCGI服务器;而scgi_pass则用于代理到SCGI(Simple Common Gateway Interface)应用。这些指令使Nginx能够灵活地处理不同类型的后端服务和应
puppetmaster端向客户端的推送命令,版本7版本
07-11
Puppet 7 版本中,Master 端向客户端推送命令的方法是使用 Bolt 工具。Bolt 是 Puppet 公司开发的一个轻量级的自动化工具,用于在分布式环境中执行任务和命令。 要向客户端推送命令,首先确保你已经正确安装了 Puppet 7 和 Bolt 工具。然后,按照以下步骤进行操作: 1. 创建一个 Bolt 项目目录: ``` mkdir my_bolt_project cd my_bolt_project ``` 2. 在项目目录下创建一个名为 `inventory.yaml` 的文件,用于定义客户端节点的信息。在该文件中,列出你想要推送命令的客户端节点的连接信息,例如: ``` version: 2 targets: - name: client1 uri: ssh://client1.example.com - name: client2 uri: ssh://client2.example.com ``` 3. 创建一个名为 `bolt-command.sh` 的 bash 脚本文件,用于在 Master 端执行推送的命令。在脚本文件中,可以使用 Bolt 提供的命令执行语法,例如: ``` #!/bin/bash bolt command run 'ls -l' --targets client1,client2 --inventoryfile inventory.yaml ``` 4. 在 Master 端运行该 bash 脚本: ``` bash bolt-command.sh ``` 这样,Master 端就会向指定的客户端节点推送命令,并在客户端上执行。你可以根据需要修改 `inventory.yaml` 文件和 `bolt-command.sh` 脚本文件,以适应你的实际情况。

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值