标签:style io ar os 使用 sp for on 文件
基于C/S架构的Puppet更新方式一般有两种,一种是Agent端设置同步时间主动去Puppet Master端拉取配置,另一种是通过Puppet Master端使用puppet kick命令或者借助mcollctive触发更新配置.
1.主动更新
优点:
节点定期主动更新,无论是谁将节点被puppet管理的配置更改了,都会在规定的时间内自动修复,无须管理员登录查看。
环境搭建简单,不需要很复杂的架构,puppet本身C/S架构便可以完成。
缺点:
节点数量过大的情况下同时会向puppetmaster端发起更新请求,会造成puppetmaster性能瓶颈。当然,也有一些解决方案比如设置任务计划,节点分批进行更新。
由于节点会定期向puppet master端提取配置进行更新,这要求puppet master端的环境要足够的安全.
不能手动控制哪些服务器需要更新,哪些不需要更新。
自动更新方式配置很简单,只需要在节点配置文件puppet.conf添加runinterval字段即可实现自动更新,以下步骤简单测试下
注:默认情况下,puppet.conf配置文件中是没有runinterval字段的,如果不配置,默认是每隔30分钟自动同步一次。
1).更改agent配置文件.添加runinterval字段.
root@10.1.1.34:puppet# cat puppet.conf
[main]
# The Puppet log directory.
# The default value is ‘$vardir/log‘.
logdir = /var/log/puppet
# Where Puppet PID files are kept.
# The default value is ‘$vardir/run‘.
rundir = /var/run/puppet
# Where SSL certificates are kept.
# The default value is ‘$confdir/ssl‘.
ssldir = $vardir/ssl
[agent]
# The file in which puppetd stores a list of the classes
# associated with the retrieved configuratiion. Can be loaded in
# the separate ``puppet`` executable using the ``--loadclasses``
# option.
# The default value is ‘$confdir/classes.txt‘.
classfile = $vardir/classes.txt
# Where puppetd caches the local configuration. An
# extension indicating the cache format is added automatically.
# The default value is ‘$confdir/localconfig‘.
localconfig = $vardir/localconfig
server = puppet.domain.com
runinterval = 10
(2)重启客户端服务
root@10.1.1.34:puppet# /etc/init.d/puppet restart Stopping puppet agent: [ OK ] Starting puppet agent: [ OK ](3)查询日志,可以看出每隔10秒agent向puppet master同步一次
root@10.1.1.34:tmp# tail -f /var/log/messages Dec 12 10:25:21 agent puppet-agent[12155]: Finished catalog run in 0.06 seconds Dec 12 10:25:31 agent puppet-agent[12280]: Finished catalog run in 0.05 seconds Dec 12 10:25:41 agent puppet-agent[12405]: Finished catalog run in 0.07 seconds Dec 12 10:25:51 agent puppet-agent[12530]: Finished catalog run in 0.06 seconds Dec 12 10:26:01 agent puppet-agent[12655]: Finished catalog run in 0.05 seconds Dec 12 10:26:11 agent puppet-agent[12780]: Finished catalog run in 0.13 seconds(4)还可以通过命名方式去测试.
root@10.1.1.34:puppet# /etc/init.d/puppet stop Stopping puppet agent: [ OK ] root@10.1.1.34:puppet# root@10.1.1.34:puppet# puppet agent --verbose --no-daemonize Notice: Starting Puppet client version 3.7.3 Info: Retrieving pluginfacts Info: Retrieving plugin Info: Caching catalog for agent.domain.com Info: Applying configuration version ‘1418292313‘ Notice: Finished catalog run in 0.07 seconds Info: Retrieving pluginfacts Info: Retrieving plugin Info: Caching catalog for agent.domain.com Info: Applying configuration version ‘1418292313‘ Notice: Finished catalog run in 0.04 seconds Info: Retrieving pluginfacts Info: Retrieving plugin Info: Caching catalog for agent.domain.com Info: Applying configuration version ‘1418292313‘ Notice: Finished catalog run in 0.10 seconds
2.推送更新
推送更新就是通过puppet kick或者mcollective来控制节点什么时候向puppetmaster端获取配置变更信息。这种方式比较容易控制,主要表现在以下几个方面:
优点:
非常容易控制节点的更新周期
安全性比较高,每次更新之前可先检查好代码后再更新
可以针对某一个cluster(一组服务器)进行推送更新,灵活性很强。
扩展性很强,可整合各种其他平台
缺点:
环境搭建比较复杂,需要部署N多东西
agent端配置被篡改后,需要手动触发才能够恢复,不能够及时恢复
1).puppet kick方式
puppet kick是是通过puppetmaster端的命令触发的方式进行更新的,由于其锁的问题很难解决外加上主机单元控制不是很灵活,逐渐被抛弃了,puppetlabs也看到了这一点,因此收购了mcollecitve。
2).mcollective触发方式 需要搭建mcollective+MQ架构,搭建好了之后通过mco命令将puppet命令传输至MQ分配到一组节点上去.
该方式后续会单独写一篇文档介绍.
标签:style io ar os 使用 sp for on 文件
原文地址:http://my.oschina.net/davehe/blog/355282
