Automated O & M: svn + puppet implements version control and automatic deployment of the monitoring system

Previously, I published an article titled "Automated O & M using PHP + MYSQL + SHELL to build a private monitoring system.

Before you describe the process, let us know the process:

650) this. width = 650; "border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131228/03192263D-0.jpg "/>

The overall process is as follows: 1. When modifying the monitoring system, O & M personnel must first log on to the svn server to modify the monitoring configuration; 2. Modify the monitoring configuration in svn, when an update is selected, the content in post-commit in the svn hook will be triggered. According to the content in the script, the latest svn copy will be left in the/usr/local/monitor/shell directory of the puppet master server; 3. The time interval for connecting to the puppet master set by the puppet client is 300 seconds, therefore, after 300 seconds, we can find that the puppet client will obtain the latest configuration from the puppet master and update its local configuration. Such an automated monitoring system is deployed and updated.

The following is a detailed description of svn and puppet.

I. svn is installed mainly for Version Control of the monitoring script. If no version control is implemented, for example, if I want to modify a certain part of the configuration of Gansu web, in a few days, I modified the configuration again. What about 2 weeks? Can I remember what I modified before? I guess I can't remember it, and I am in charge of too many platforms, with more than 100 servers directly maintained. The platform is updated frequently, and according to user requirements, the modified content is also different, so it is necessary to implement version control. If you do not need to talk about it, configure svn. I will not describe the installation of the svn server. I have released an article titled "automatically creating the svn server. My svn is mainly used to configure the SHELL script and the following puppet configuration section in my previous post titled "O & M automation using PHP + MYSQL + shell to build a private monitoring system, use the hookpost-commit function of svn. When svn is updated, set the hook and update it to the directory I know. Then puppet obtains the configuration from this directory, connect the puppet client to the server and set the connection to 300 seconds, that is, 5 minutes. In this case, only when I update my svn, the puppet client will update the configuration in 5 minutes to reduce manual operations and implement version control. Below is the post-commit configuration REPOS = "$1" REV = "$2" export LANG = zh_CN.UTF-8exec/usr/bin/svn update/usr/local in my svn hook /monitor/shell -- username *** -- password ** -- no-auth-cacheecho "please check client config after in the 300 s" |/bin/mail-s "svn has been update "denglei@ctfo.com now shows my svn interface and content

650) this. width = 650; "border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131228/0319222617-1.jpg "/>

View my update records

650) this. width = 650; "border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131228/03192232Z-2.jpg "/>

This svn is newly created, so there are few updated logs. Ii. puppet part. to install the latest puppe, if you want to use yum for installation, you need to add the epel Library to the host.

If the source fails, you can use

Next, install puppet server and client. 1. log on to server. 1) Use yum to install puppet.

2) Enable the puppet Server Service

3) Add to start

4) Add the Host Name and IP address of the client machine that contains itself and requires automation to the hosts.

5) Next, you need to install puppet on the client, start the service, and perform authentication.

2. on the client

Then perform authentication with the server

3. perform authentication on the server.

In this way, the authentication is completed, and then the server configuration can be obtained in the puppet client and automatically updated on the local machine.

The following is my configuration. For more information, see puppet in Guizhou)

The puppet structure in Guizhou is as follows:

The slave server in Guizhou is puppetmaster.

Guizhou web, Guizhou engine, Guizhou engine, and Guizhou standby are the clients. Guizhou standby is both a server and a client)

Let's take a look at the backup file structure of my puppet server in Guizhou.

Client Connection sequence: site. pp = "*. pp

For example, the receiving sequence of web in Guizhou is: site. pp =, guizhou_web.pp

First, slave initiates a master connection request for certificate verification;

After the certificate is verified, the master will directly find the site under the manifests directory of the entry file. pp file. This file may contain some global variables. The default values of parameters are the default values when these parameters are not set in each module.) In this example, call other pp files, will call various pp files under manifests );

Then, the master locates the module site. pp to be executed by the slave through the pp files under manifests, which is the entry of each module), and summarizes the module code and returns it to the slave;

Finally, slave configures the information based on the manifest sent by the master.

Note: Before configuration, the time required for the server must be the same as that for the client, and the ip address and host name of each other are added to the hosts and can be pinged to each other, it is recommended that you restart the server after modifying the hosts file and disable selinux and iptables.

4. Let's take a look at my fileserver settings.

 
 

  
  
[root@beiyong /]# cat /etc/puppet/fileserver.conf  
  
  
# This file consists of arbitrarily named sections/modules 
  
  
# defining where files are served from and to whom 
  
  
 
  
  
# Define a section 'files' 
  
  
# Adapt the allow/deny settings to your needs. Order 
  
  
# for allow/deny does not matter, allow always takes precedence 
  
  
# over deny 
  
  
# [files] 
  
  
#  path /var/lib/puppet/files 
  
  
#  allow *.example.com 
  
  
#  deny *.evil.example.com 
  
  
#  allow 192.168.0.0/24 
  
  
[puppet] 
  
  
path /usr/local/monitor/shell 
  
  
allow 172.16.6.0/24 
 
 

This path is the address of the client transmitter from the puppet master configuration file, and also the post-commit update address in the svn hook.

The CIDR block behind allow is the ip segment of the NIC of my server, that is, the ip address of this CIDR block can be obtained from this path or program.

5. web configuration in Guizhou

6. Guizhou exchange configuration

7. Guizhou engine configuration

8. Backup configuration in Guizhou

9. Check the configuration of a site. pp.

Now the server configuration has been displayed. Go to the client to check whether the configuration has taken effect.

1. Guizhou web

2. Guizhou exchange

3. Guizhou Engine

Because the Guizhou engine has a root account and lbs user configuration, we first check

View

4. Guizhou backup

Now the puppet configuration has been completed, and the current configuration has been deployed on our production server.

If you want to set a time in the puppe of the client to connect to puppetmaster to obtain the file?

You can add the following to the/etc/puppet. conf file on the client:

The default value is 30 minutes. You can modify the value here, in seconds. After modification, restart the service. Note: 1. When applying for a certificate from the client, we recommend that you change the time between the client and the server to the same time zone. You can use ntpdate 210.72.145.44 for updates; 2. in/etc/resolv. in conf, you must deregister the line # search localdomain. Otherwise, when applying for a certificate. localdomain: when the certificate application is complete and the server authorizes you to obtain resources, the hostname not match with the server certificate error occurs. Add the Host Name and IP address of the server that includes itself and requires automation in hosts. 3. You may find that the resource configuration in puppet I wrote is very simple, it is not so fancy and dependent on various modules. My explanation for this is: you can understand simple configurations. If there is a problem during running, it is also very easy to troubleshoot, only a smooth operation is a good resource configuration. 4. Use the host name. We recommend that you use the FQDN method. 5. The IDS of each generated certificate are different. Because the script content of this article too much, so the installation and running of puppet FAQ on the next page, the name is: O & M automation of puppet automation deployment FAQ address: http://dl528888.blog.51cto.com/2382721/1040569

BTW: If you think I write well, I hope to vote for my blog. Thank you!

Http://blog.51cto.com/contest2012/2382721

This article is from the "Yin-Technical Exchange" blog, please be sure to keep this source http://dl528888.blog.51cto.com/2382721/1040552