预计阅读本页时间:-
5.5.6 如何快速同步Puppet-Server端的www目录文件
当有大规模的Web集群时,所有服务器上/var/www/html的数据要求迅速统一,那么该如何实现这一点呢?比如,server.cn7788.com 机器下的/data/svn/resource目录文件或子目录发生改变时,要求nginx.cn7788.com 、client.cn7788.com 及fabric.cn7788.com 的/var/www/html对应目录也发生改变。
前面已经提到了,Puppet对大文件和海量图片小文件进行分发的效果并不好,但其实可以用rsync+Puppet的方式来实现相应的需求。这里要用到Puppet kick的知识点,即Puppet-Server端使用puppet kick命令强制Puppet Agent节点机器运行puppet agent命令,从而达到立即更新或同步文件的目的,当然也可以用puppet rsync模块,但笔者觉得使用这个太麻烦了,所以还是采用自己摸索出来的方法,具体步骤如下(这里以client.cn7788.com 节点机器为例进行说明,其他Puppet客户端操作类似,就不再一一列举了)。
广告:个人专属 VPN,独立 IP,无限流量,多机房切换,还可以屏蔽广告和恶意软件,每月最低仅 5 美元
1)在所有Puppet-Client机上配置puppet.conf文件,使其固定使用8139端口,然后在其/etc/puppet/puppet.conf文件下添加如下内容:
listen = true
server=server.cn7788.com
其中,listen=true选项将使puppet agnet监听8139端口;server=server.cn7788.com 选项也必须要配置,经过测试可发现,如果无此选项,Puppet-Client会连接不到Puppet-Server机器,从而导致文件同步不过去。
2)修改客户机端的/etc/puppet/auth.conf,允许server.cn7788.com 的服务器端进行推送。
在auth.conf文件的最末行path/之后添加allow*,保证代码内容相同:
path /run
auth any
allow *
如果不进行此项操作的话,会有如下报错:
Debug: /File[/var/lib/puppet/ssl/private]: Autorequiring File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/ssl/certs/server.cn7788.com.pem]: Autorequiring File[/var/lib/puppet/ssl/certs]
Debug: /File[/var/lib/puppet/ssl/private_keys]: Autorequiring File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet]
Debug: /File[/var/lib/puppet/ssl/private_keys/server.cn7788.com.pem]: Autorequiring File[/var/lib/puppet/ssl/private_keys]
Debug: /File[/var/lib/puppet/ssl/certificate_requests]: Autorequiring File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/puppet]
Debug: /File[/var/lib/puppet/ssl]: Autorequiring File[/var/lib/puppet]
Debug: /File[/var/lib/puppet/ssl/crl.pem]: Autorequiring File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/facts.d]: Autorequiring File[/var/lib/puppet]
Debug: /File[/var/lib/puppet/ssl/certs]: Autorequiring File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/ssl/public_keys]: Autorequiring File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/preview]: Autorequiring File[/var/lib/puppet]
Debug: /File[/var/lib/puppet/ssl/certs/ca.pem]: Autorequiring File[/var/lib/puppet/ssl/certs]
Debug: Finishing transaction 69854562006000
Debug: Creating new connection for https://client.cn7788.com:8139
Error: Host client.cn7788.com failed: Error 403 on SERVER: Forbidden request: server.cn7788.com(192.168.1.205) access to /run/client.cn7788.com [save] authenticated at :119
最后,在Puppet-Client端重启puppet服务,命令如下:
service puppet restart
3)在server.cn7788.com 机器的/etc目录下建立rsyncd.pass文件并分配内容。注意,这个是推送到客户端的文件,需要与/etc/rsyncd.password文件进行区分,/etc/rsyncd.pass文件只需要指定同步用户的密码即可。/etc/rsyncd.password的文件内容如下:
test:test101
/etc/rsyncd.pass的文件内容如下:
test101
4)配置Puppet-Server端的rsync服务,/etc/rsyncd.conf的文件内容如下:
uid = www
gid = www
user chroot= no
max connections =200
timeout = 600
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsyncd.lock
log file = /var/log/rsyncd.log
[www]
path=/var/www/html/
ignore errors
read only = no
list = no
hosts allow = 192.168.1.0/255.255.255.0
auth users = test
secrets file = /etc/rsyncd.password
因为Apache服务的属主和属组是www:www,故而让rsync也以www用户运行,这样可以保证通过rsync同步过去的文件的属性。这里采用xinetd管理的rsync,将其中的disable改为no,然后重启xinetd进程,命令如下所示:
service xinetd restart
到了这一步其实还要仔细检查一下,有时会因为存在配置文件的错误或文件权限分配的错误,导致rsync进程并没有正确启动,可用如下命令来检查:
lsof -i:873
命令显示结果如下,这个结果表明rsync进程已经在监听873端口了,服务已被正确启动了。
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
xinetd 7008 root 5u IPv4 24249 0t0 TCP *:rsync (LISTEN)
5)创建名为wwwrsync的模块,命令如下:
mkdir -p /etc/puppet/modules/wwwrsync/{manifests,files,templates}
然后将/etc/rsyncd.pass复制至/etc/puppet/modules/wwwrsync/files目录下,命令如下所示:
cp /etc/rsyncd.pass /etc/puppet/modules/wwwrsync/files/
6)在/etc/puppet/modules/wwwrsync/manifests/init.pp里定义一个名为wwwrsync的类,init.pp的文件内容如下:
class wwwrsync{
package { httpd:
ensure => present,
}
file {
"/etc/rsyncd.pass":
source =>"puppet://server.cn7788.com/modules/wwwrsync/rsyncd.pass",
owner =>"root",
group =>"root",
mode =>"600",
}
exec {
"auto rsync web directory":
command =>"rsync -vzrtopg --delete test@192.168.1.205::www /var/www/html --password-file=/etc/rsyncd.pass",
user =>"root",
path => ["/usr/bin","/usr/sbin","/bin","/bin/sh">,
}
}
init.pp文件中包含了wwwrsync的类,此类又包含了3个资源,第一个是名为httpd的package资源包,如果没有安装此服务,Puppet客户端会自行安装httpd服务,保证在本机上自动生成/var/www/htnl目录;第二个是file资源,它会将/etc/puppet/modules/wwwrsync/files/rsyncd.pass文件推送到Puppet-Client端,第三个是exec命令,它会在Puppet-Client端执行rsync同步命令,达到同步/var/www/html目录的目的,所以rsync命令后面应该接rsync服务器地址,即192.168.1.205,这点请大家注意不要弄混淆了。
注意
wwwrsync模块中定义的wwwrsync类要跟wwwrsync模块同名,不然Puppet-Client端在连接服务器端时会产生找不到wwwrsync类名的报错,实验过程中如果遇到错误,请注意多查看Puppet和系统日志。
7)接着在/etc/puppet/manifetes/site.pp中定义一个default的特殊节点,这是一个默认节点,它会将wwwrsync类中的内容应用到所有主机上面,其内容如下所示:
node default {
include wwwrsync
}
8)在server.cn7788.com 上面执行推送命令,命令如下:
puppet kick -d --host `cat /etc/puppet/iplist.txt`
命令结果显示如下所示(这里只截取部分结果):
Debug: /File[/var/lib/puppet/ssl/certs]/selrange: Found selrange default 's0' for /var/lib/puppet/ssl/certs
Debug: /File[/var/lib/puppet/ssl/certs/ca.pem]: Autorequiring File[/var/lib/puppet/ssl/certs]
Debug: /File[/var/lib/puppet/ssl/public_keys/server.cn7788.com.pem]: Autorequiring File[/var/lib/puppet/ssl/public_keys]
Debug: /File[/var/lib/puppet/ssl/certs/server.cn7788.com.pem]: Autorequiring File[/var/lib/puppet/ssl/certs]
Debug: /File[/var/lib/puppet/ssl/private_keys]: Autorequiring File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet]
Debug: /File[/var/lib/puppet/ssl/private_keys/server.cn7788.com.pem]: Autorequiring File[/var/lib/puppet/ssl/private_keys]
Debug: /File[/var/lib/puppet/ssl/private]: Autorequiring File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/ssl/crl.pem]: Autorequiring File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/ssl/certificate_requests]: Autorequiring File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/puppet]
Debug: /File[/var/lib/puppet/ssl]: Autorequiring File[/var/lib/puppet]
Debug: /File[/var/lib/puppet/ssl/certs]: Autorequiring File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/facts.d]: Autorequiring File[/var/lib/puppet]
Debug: /File[/var/lib/puppet/ssl/public_keys]: Autorequiring File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/preview]: Autorequiring File[/var/lib/puppet]
Debug: Finishing transaction 69995814564700
Debug: Creating new connection for https://client.cn7788.com:8139
Getting status
status is success
client.cn7788.com finished with exit code 0
/etc/puppet/iplist.txt的文件内容如下:
client.cn7788.com
nginx.cn7788.com
fabric.cn7788.com
如果观察名为client.cn7788.com 的节点机器,会发现它的/var/www/html文件也立即跟server.cn7788.com 的/var/www/html目录同步了,从而实现了此需求,用tail命令观察client.cn7788.com 机器的messages日志,结果如下所示:
Nov 5 03:26:46 client puppet-agent[27782]: (/Stage[main]/wwwrsync/Exec[auto rsync web directory]/returns) executed successfully
Nov 5 03:26:47 client puppet-agent[27782]: Finished catalog run in 0.74 seconds
Nov 5 03:41:50 client puppet-agent[28422]: (/Stage[main]/wwwrsync/Exec[auto rsync web directory]/returns) executed successfully
Nov 5 03:41:51 client puppet-agent[28422]: Finished catalog run in 1.32 seconds
Nov 5 04:11:50 client puppet-agent[28690]: (/Stage[main]/wwwrsync/Exec[auto rsync web directory]/returns) executed successfully
Nov 5 04:11:50 client puppet-agent[28690]: (/Stage[main]/wwwrsync/File[/etc/ rsyncd.pass]/content) content changed '{md5}d8e8fca2dc0f896fd7cb4cb0031ba249' to '{md5}93412aea2e70977a362530b0dba2498a'
Nov 5 04:11:52 client puppet-agent[28690]: Finished catalog run in 1.97 seconds
Nov 5 04:14:17 client puppet-agent[27782]: triggered run
Nov 5 04:14:25 client puppet-agent[27782]: (/Stage[main]/wwwrsync/Exec[auto rsync web directory]/returns) executed successfully
Nov 5 04:14:26 client puppet-agent[27782]: Finished catalog run in 1.69 seconds
