puppet-dashboard安装配置过程详解
目 录一、 前期准备 11. 系统环境 12. 服务器时间同步 23. 规划服务器主机名 21) 服务器和客户端hosts文件 22) 主机名配置 24. 安装ruby 2二、 Puppet、Facter安装 21. 创建所需用户 32. 安装软件 3三、 开启puppet服务对证书请求进行签名 3四、 配置文件服务器 51. 客户端拉取同步 52. 服务器推送同步 7五、 Puppet dashboard 配置安装 81. 安装相关软件包 82. 升级ruby 83. 安装依赖包 94. 下载安装dashboard 115. 将Puppet报告导入Puppet Dashboard 136. 服务器配置,配置完成后需要重启服务 添加红色粗体字 137. 启动管理 delayed job workers 148. 启动服务及参数. 149. Dashboard FAQ 141) Dashboard 安装过程中遇到的问题 14六、 合理规划Puppet目录 16七、 常用命令 16八、 Puppet 企业版本与开源版本区别 18九、 以上内容是个人搭建过程总结。 19一、 前期准备1. 系统环境 Vmware 8.0.0CentOS 5.5 两台2. 服务器时间同步
ntpdate 210.72.145.44 && hwclock –w
修改时区
cp–r /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && hwclock
3. 规划服务器主机名1) 服务器和客户端hosts文件
cat /etc/hosts 127.0.0.1 localhost.localdomain localhost puppet ::1 localhost6.localdomain6 localhost6 192.168.1.123 puppet.test.cn puppet192.168.1.222 b-01.test.cn
1) 主机名配置 /etc/sysconfig/network服务器端
NETWORKING=yes NETWORKING_IPV6=no HOSTNAME=puppet.test.cn
客户端cat /etc/sysconfig/network
NETWORKING=yesNETWORKING_IPV6=noHOSTNAME=web-01.test.cn
4. 安装ruby
# yum install –y ruby
二、 Puppet、Facter安装 服务器和客户端安装方法一样.1. 创建所需用户
# useradd -s /sbin/nologin puppet
5. 安装软件
wget http://downloads.puppetlabs.com/facter/facter-1.6.7.tar.gztar zxf facter-1.6.7.tar.gz&&cd facter-1.6.7./install.rb&&echo $?
#返回0 表示成功
wget http://puppetlabs.com/downloads/puppet/puppet-latest.tgztar zxf puppet-latest.tgz&&cd puppet-2.7.9./install.rb&&echo $?
#返回0 表示成功
# cp conf/redhat/puppet.conf /etc/puppet/# cp conf/redhat/fileserver.conf/etc/puppet/# pwd/soft/puppet-2.7.9#
三、 开启puppet服务对证书请求进行签名 服务器 调试命令为puppetmasterd --verbose --no-daemonize --debug
# puppetmasterd # netstat -lnptActive Internet connections (only servers)Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:8140 0.0.0.0:* LISTEN 4384/ruby
客户端发签名请求
puppetd --server puppet --waitforcert 5 –test
服务器查看证书请求并对证书请求签名
# puppetca --listweb-01.test.cn (36:CD:8B:9B:7B:48:D7:59:77:B0:B9:1D:C4:A9:50:DA)# puppetca -s web-01.test.cnnotice: Signed certificate request for web-01.test.cnnotice: Removing file Puppet::SSL::CertificateRequest web-01.test.cn at '/var/lib/puppet/ssl/ca/requests/web-01.test.cn.pem'#
客户端签名成功,应返回类似以下信息
# puppetd --server puppet --waitforcert 5 --testinfo: Creating a new SSL key for web-01.test.cnwarning: peer certificate won't be verified in this SSL sessioninfo: Caching certificate for cawarning: peer certificate won't be verified in this SSL sessionwarning: peer certificate won't be verified in this SSL sessioninfo: Creating a new SSL certificate request for web-01.test.cninfo: Certificate Request fingerprint (md5): 10:2D:7B:94:AE:EB:47:58:99:44:DD:18:4E:FE:5D:41warning: peer certificate won't be verified in this SSL sessionwarning: peer certificate won't be verified in this SSL sessionwarning: peer certificate won't be verified in this SSL sessionwarning: peer certificate won't be verified in this SSL sessionnotice: Did not receive certificatewarning: peer certificate won't be verified in this SSL sessioninfo: Caching certificate for web-01.test.cninfo: Caching certificate_revocation_list for cainfo: Caching catalog for web-01.test.cninfo: Applying configuration version '1345278559'info: Creating state file /var/lib/puppet/state/state.yamlnotice: Finished catalog run in 0.08 seconds#
注意事项:当请求证书失败后需要删除服务器和客户端的证书后,在客户端重新请求证书签名
删除方法服务器端
find /var/lib/puppet -name "web-01.test.cn*" -exec rm -rf {} \;
客户端
# pwd/var/lib# rm -rf puppet
四、 配置文件服务器1. 客户端拉取同步 /etc/puppet 下目录结构. 在以后篇幅会详细介绍各目录作用
# ll -R.:total 56-rw-r--r-- 1 root root 2552 Aug 14 10:31 auth.confdrwxr-xr-x 4 root root 4096 Aug 19 12:03 files-rw-r--r-- 1 root root424 Aug 19 10:58 fileserver.confdrwxr-xr-x 2 root root 4096 Aug 19 11:53 manifestsdrwxr-xr-x 3 root root 4096 Aug 18 23:20 modules-rw-r--r-- 1 root root853 Aug 14 10:46 puppet.conf-rw-r--r-- 1 root root806 Aug 19 12:00 puppetmasterd.sh
./files:total 16drwxr-xr-x 2 root root 4096 Aug 19 12:08 web-01drwxr-xr-x 2 root root 4096 Aug 19 09:53 web-02
./files/web-01:total 8-rw-r--r-- 1 root root 14 Aug 19 12:08 hosts
./files/web-02:total 8-rw-r--r-- 1 root root 7 Aug 19 09:53 hosts
./manifests:total 8-rw-r--r-- 1 root root 124 Aug 19 11:53 site.pp
./modules:total 12drwxr-xr-x 2 root root 4096 Aug 18 17:47 files-rw------- 1 root root 0 Aug 18 23:20 site.pp
./modules/files:total 8-rw-r--r-- 1 root root 36 Aug 18 17:47 puppet.test.file#
实现web-01 同步目录/etc/puppet/files/web-01/hosts这个文件配置fileserver.conf
# cat fileserver.conf path /etc/puppet/files/%hallow *.test.cn
注:path中可以包含%h,%d和%H,它们分别代表客户端的主机名, 域名,严格的域名
当启动Puppet master守护进程的时候,site manifest文件默认存储在/etc/puppet/manifest/site.pp这个文件中,需要依照site.pp句法判定配置是否正确。
site.pp配置
# cat manifests/site.pp node "web-01.test.cn" {file {"/tmp/puppet/hosts":source => "puppet://puppet/files/hosts",}}node default {
}
第二种写法
node "web-01.test.cn"{file { "hosts":name => "/tmp/puppet/hosts",source => "puppet://puppet/files/hosts",}group {"dba": gid=>"4000",}}
node default {
}
node default 定义一个默认节点匹配的规则,除了指定节点,其余都会执行。注: 两个节点可写成 node "web-01.test.cn","web-02.test.cn"{ Site.pp配置文件修改无需重启服务6. 服务器推送同步 客户端auth.conf配置只加入 allow 192.168.1.123 (服务器ip地址)
# cat auth.conf |grep -v ^#|sed /^$/dpath ~ ^/catalog/([^/]+)$method findallow $1path ~ ^/node/([^/]+)$method findallow $1path /certificate_revocation_list/camethod findallow *path /reportmethod saveallow *path /fileallow *path /certificate/caauth anymethod findallow *path /certificate/auth anymethod findallow *path /certificate_requestauth anymethod find, saveallow *path /auth anyallow 192.168.1.123 #
客户端puppet.conf配置,加入红色部分
# cat puppet.conf|grep -v '^ #'|sed '/^$/d' logdir = /var/log/puppet rundir = /var/run/puppet ssldir = $vardir/ssl classfile = $vardir/classes.txt localconfig = $vardir/localconfig listen = true report = true#
服务器端执行
# puppet kick -d --host web-01.test.cn --debugTriggering web-01.test.cnGetting statusstatus is successweb-01.test.cn finished with exit code 0Finished#
五、 Puppet dashboard 配置安装 Ruby 或Ruby Enterprise Edition 1.8.7 版本,dashboard不在支持旧的版本。Ruby 1.9.2不完全支持。Rake 0.8.3 a或更新版本Mysql 5.x 版本Ruby-mysql binding 版本2.7或2.8
1. 安装相关软件包
yum install -y mysql mysql-devel mysql-server ruby ruby-devel ruby-irb ruby-mysql ruby-rdoc ruby-ri
开启mysql服务
# chkconfig --list mysqldmysqld 0:off 1:off 2:off 3:off 4:off 5:off 6:off# chkconfig mysqld on# service mysqld start
7. 升级ruby
Wgetftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-p370.tar.gztar zxfruby-1.8.7-p370.tar.gz&&cdruby-1.8.7-p370./configure --prefix=/usr/local/ruby&&make&& make install
配置环境变量
# tail -n 2 /etc/profileexport PATH=/usr/local/ruby/bin/:$PATHexport PATH=/usr/local/ruby/bin/:$PATH# source /etc/profile
验证
# ruby -vruby 1.8.7 (2012-06-29 patchlevel 370) #
8. 安装依赖包 安装gem
# gem-v1.3.1
wget http://production.cf.rubygems.org/rubygems/rubygems-1.3.5.tgztar zxf rubygems-1.3.5.tgz&&cd rubygems-1.3.5ruby setup.rbupdate-alternatives --install /usr/bin/gem gem /usr/bin/gem1.8 1
验证
# gem-v1.3.5#
# gem list
*** LOCAL GEMS ***
#
为解决以上 gem list 为空问题,做操作gem update --system更新gem到最新版本
# gem update --systemUpdating RubyGemsUpdating rubygems-updateSuccessfully installed rubygems-update-1.8.24Updating RubyGems to 1.8.24Installing RubyGems 1.8.24RubyGems 1.8.24 installed
== 1.8.24 / 2012-04-27
* 1 bug fix:
* Install the .pem files properly. Fixes #320* Remove OpenSSL dependency from the http code path
------------------------------------------------------------------------------
RubyGems installed the following executables:/usr/local/ruby/bin/gem
#
可参考 gem update --system 1.5.3
相关操作:
这个是ruby mysql api模块.参考命令Gem install mysql -- --with-mysql-config=/usr/bin/mysql_config
# geminstall mysqlFetching: mysql-2.8.1.gem (100%)Building native extensions.This could take a while...Successfully installed mysql-2.8.11 gem installedInstalling ri documentation for mysql-2.8.1...Updating class cache with 1523 classes...Installing RDoc documentation for mysql-2.8.1...
安装rake注: Rake 此软件包包含rake。使简单的 ruby 生成程序类似make。Rake 有下面的特性:Rakefiles(makefiles的文件版本)是完全在ruby标准方法中定义的. 没有要编辑的 XML 文件。没有古怪的 Makefile 语法可以指定任务的前提条件、Rake 支持规则模板、支持并行执行任务。安装可参考https://github.com/jimweirich/rake
# gem install rakeFetching: rake-0.9.2.2.gem (100%)Successfully installed rake-0.9.2.21 gem installedInstalling ri documentation for rake-0.9.2.2...Updating class cache with 1532 classes...Installing RDoc documentation for rake-0.9.2.2...#
安装 rails
gem install rails
9. 下载安装dashboard
wget http://downloads.puppetlabs.com/dashboard/puppet-dashboard-1.2.2.tar.gztar zxf puppet-dashboard-1.2.2.tar.gz mv puppet-dashboard-1.2.2 /usr/local/ puppet-dashboardchown puppet-dashboard. puppet-dashboard puppet-dashboardcd /usr/local/puppet-dashboard/configcp database.yml.example database.yml
用于rake RAILS_ENV=production db:create创建数据库这里采取了手动创建数据库
/usr/local/mysql/bin/mysqlCREATE DATABASE dashboard CHARACTER SET utf8;GRANT ALL PRIVILEGES ON dashboard.* TO 'dashboard'@'localhost' identified by 'dashboard';
Database.yml内容
# cat database.yml|grep -v ^#production:database: dashboardusername: dashboardpassword: dashboardencoding: utf8adapter: mysqlhost: 127.0.0.1
development:database: dashboard_developmentusername: dashboardpassword:encoding: utf8adapter: mysql
test:database: dashboard_testusername: dashboardpassword:encoding: utf8adapter: mysql
#
执行rake RAILS_ENV=production db:migrate出现下面部分错误信息
puppet dashboard Could not find rack (~> 1.1.0) amongst
总之错误信息中缺什么包就安装什么包。
解决方法:
gem install rack --version=1.1.2
可参考gem install rails -v=2.3.5 gem install rack -v=1.0.1
再次安装
# rake RAILS_ENV=production db:migrate --traceNOTE: Gem.source_index is deprecated, use Specification. It will be removed on or after 2011-11-01.Gem.source_index called from /usr/local/puppet-dashboard/config/../vendor/rails/railties/lib/rails/gem_dependeNOTE: Gem::SourceIndex#initialize is deprecated with no replacement. It will be removed on or after 2011-11-01Gem::SourceIndex#initialize called from /usr/local/puppet-dashboard/config/../vendor/rails/railties/lib/rails/rb:100.NOTE: Gem::SourceIndex#add_spec is deprecated, use Specification.add_spec. It will be removed on or after 2011Gem::SourceIndex#add_spec called from /usr/local/ruby/lib/ruby/site_ruby/1.8/rubygems/source_index.rb:91.NOTE: Gem::SourceIndex#add_spec is deprecated, use Specification.add_spec. It will be removed on or after 2011Gem::SourceIndex#add_spec called from /usr/local/ruby/lib/ruby/site_ruby/1.8/rubygems/source_index.rb:91.NOTE: Gem::SourceIndex#add_spec is deprecated, use Specification.add_spec. It will be removed on or after 2011略去部分信息………………………………………..==CreateDelayedJobFailures: migrated (0.0193s) ==============================
==AddNodeHostUniquenessConstraint: migrating ================================-- execute(" ALTER TABLE nodes\n ADD CONSTRAINT uc_node_name UNIQUE (name)\n") -> 0.0641s==AddNodeHostUniquenessConstraint: migrated (0.0644s) =======================
==AddDelayedJobFailureBacktrace: migrating ==================================-- add_column(:delayed_job_failures, :backtrace, :text) -> 0.0328s==AddDelayedJobFailureBacktrace: migrated (0.0329s) =========================
** Invoke db:schema:dump (first_time)** Invoke environment ** Execute db:schema:dump# echo $?0#
10. 将Puppet报告导入Puppet Dashboard
# rake RAILS_ENV=production reports:import# pwd/usr/local/puppet-dashboard
11. 服务器配置,配置完成后需要重启服务 添加红色粗体字
reports = store,http reporturl = http://192.168.1.123:3000/reports reportdir = /var/lib/puppet/reports node_terminus = exec external_nodes = /usr/bin/env PUPPET_DASHBOARD_URL=http://localhost:3000 /usr/local/puppet-dashboard/bin/external_node logdir = /var/log/puppet rundir = /var/run/puppet ssldir = $vardir/ssl classfile = $vardir/classes.txt localconfig = $vardir/localconfig
客户端配置,配置完成后需要重启服务。
# cat /etc/puppet/puppet.conf |grep -v '^ #' | sed'/^$/d' logdir = /var/log/puppet rundir = /var/run/puppet ssldir = $vardir/ssl runinterval = 900 classfile = $vardir/classes.txt localconfig = $vardir/localconfig server = puppet listen = true report = true#
12. 启动管理 delayed job workers Dashboard 使用dalayed_job 的队列以异步方式处理密集型任务.-p 指定进程名字-n 指定cpu 核心数
env RAILS_ENV=production script/delayed_job -p dashboard -n 2 -m start
13. 启动服务及参数.
–e 指定模式 –p 指定端口 –d放入后台,端口不指定默认为3000
./script/server-e production -p 3000 -d
以上执行完成之后,应该可以看到下图
14. Dashboard FAQ1) Dashboard 安装过程中遇到的问题 rake RAILS_ENV=production db:create 执行这个命令出现以下错误
# rake RAILS_ENV=production db:createrake aborted!no such file to load -- rdoc/task
(See full trace by running task with --trace)#
gem install rdoc
# gem install rdocBuilding native extensions.This could take a while...Depending on your version of ruby, you may need to install ruby rdoc/ri data:
<= 1.8.6 : unsupported= 1.8.7 : gem install rdoc-data; rdoc-data --install= 1.9.1 : gem install rdoc-data; rdoc-data --install>= 1.9.2 : nothing to do! Yay!Successfully installed json-1.7.5Successfully installed rdoc-3.122 gems installedInstalling ri documentation for json-1.7.5...Installing ri documentation for rdoc-3.12...Installing RDoc documentation for json-1.7.5...Installing RDoc documentation for rdoc-3.12...#
rake RAILS_ENV=production db:create出现下面信息
# rake RAILS_ENV=production db:createrake aborted!no such file to load -- ftools
(See full trace by running task with --trace)#
解决方法:安装上了rails 没有在出现这样的问题
六、 合理规划Puppet目录 七、 常用命令 puppet 主要用于从服务器上取回并且应用到本地配置.puppet agent 如果不加任何参数和配置,客户端默认30分钟进行一次和服务器更新. --test 是将后台转到控制台一个详细信息 puppet 元素是tagged, tagged包括所有定义的类或定义的名,可以使用tags 来指定一个其中的一个名字.只能配置元素包含在类或定义的内部使用. 这个当你有一个新的配置是非常有用的. fingerprint 主要用来冲校验证书. --digest 更改证书的算法. 默认是md5 --disable 在本地禁止puppet工作. 将锁定一个文件在一个地方,可以使puppet agent不系统上不在工作,止到锁被删除.在本地进行修改配置,不想让中心服务器更改就可以 使用这个选项. --enable --logdest 往那里发送日志文件,默认是syslog --onetime 作为一个标准的normally daemonized,和--no-daemonize一起使用puppet agent进行一个交互式运行. --serve --test --noop不会真正运行 --waitforcert指定一个时间,0 “就是随叫随到”表示不等候.puppet apply puppet一个单独执行工具.应用到一单的manifests 提供一个modulpath 时, 通过命令行和配置文件,puppet apply 能有效模仿这个目录, 将通过puppet master访问相同的模块.虽然有稍微不同…………………………puppet certpuppet describe显示有关资源类型puppet doc puppet doc /etc/puppet/manifests/site.pppuppet filebucket 存储和取回文件在filebucketpuppet inspect 发送一个检查报告puppet kick 远程控制puppet agent 这个选项可连接控制一组puppet agent并触发他们运行配置. 最常用的是指定一类主机和一组tags. puppet kick将在LDAP中的主机查找所的的类,然后连接每个主机并触发运行关于指定的的tags对象. --all 连接所有可用的主机.这个节点需要支持LDAP. --class 指定一个机器的类进行连接,目前只支持在LDAP配置. --debug 激活所有debug --foreground 运行在前台配置.止到一个主机没有返回. 这个默认是false。 --help --host 指定连接的主机.这个选项可以指定更多的主机 --ignoreschedules 客户端忽略schedules,这能强制客户端执行,默认是false --parallel 进行并行连接.并行是由foring为每个客户端进行连接.默认为1 ,进行连接执行. --tag 指定一个tag 选择的对象到应用,不工作和--test一起用. --test 打印主机将连接到.但不实际连接.这个选项需要LDAP的支持. --ping example: puppet kick -p 10 -t remotefile -t webserver host1 host2puppet master puppet的主后台程序puppet queue 从一个队列和处理过程中取回连续的存储配置记录.puppet resource
参考网站:http://docs.puppetlabs.com/dashboard/manual/1.2/bootstrapping.html#installing-dependencieshttp://www.mysqlops.com/2011/10/28/puppet-dashboard.htmlhttp://dongwm.blog.51cto.com/2621371/475403八、 Puppet 企业版本与开源版本区别
很可惜puppet企业版只能免费管理10个节点!
页:
[1]