跳到主要內容

初探Puppet

Puppet是常見的DevOps管理工具,他具備強大且成熟的管理功能,並且支援客製化module的載入,是DevOps不可或缺的好工具..

使用Puppet in Docker建置環境

首先建立puppet連線使用的network
docker network create puppet

將puppt執行在standalone mode
docker run --net puppet --name puppet --hostname puppet puppet/puppetserver-standalone

執行puppet agent...
$ docker run --net puppet puppet/puppet-agent-ubuntu
Info: Creating a new SSL key for f406170f87f3
Info: Caching certificate for ca
Info: csr_attributes file loading from /etc/puppetlabs/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for f406170f87f3
Info: Certificate Request fingerprint (SHA256): 5E:11:85:D0:0E:7C:71:3F:2D:FB:C4:4C:39:DE:5F:CB:D4:14:BF:1A:47:0D:C8:4C:F0:87:7C:9B:44:FA:11:FB
Info: Caching certificate for f406170f87f3
Info: Caching certificate_revocation_list for ca
Info: Caching certificate for ca
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for f406170f87f3
Info: Applying configuration version '1508051547'
Info: Creating state file /opt/puppetlabs/puppet/cache/state/state.yaml
Notice: Applied catalog in 0.01 seconds
Changes:
Events:
Resources:
           Total: 7
Time:
        Schedule: 0.00
  Config retrieval: 0.76
           Total: 0.76
        Last run: 1508051547
      Filebucket: 0.00
Version:
          Config: 1508051547
          Puppet: 5.2.0

上面的puppet的部分,會直接在機器上執行列出summary的指令,指令如下:
puppet agent \
 --verbose \
 --onetime \
 --no-daemonize \
 --summarize

為了進行一些互動,我們可以使用interactive mode執行agent
docker run -it --net puppet \
 --entrypoint bash puppet/puppet-agent-ubuntu

接下來可以客製化agent連線的設定檔:
# sudo vim /etc/puppetlabs/puppet/puppet.conf

[main]
certname = ${client hostname}
server = puppet //server name
environment = production
runinterval = 2h

然後連線到agent端,透過"puppet agent"指令,即可啟動agent...,我們也可以強制把agent留在前景端,讓debug比較容易...
puppet agent --verbose --no-daemonize

範例一:為client增加一個檔案

接下來進入puppet server到/etc/puppetlabs/code/environments/production下,建立manifests/site.pp檔案,內容如下:
node default
{
   file
   {
       "/tmp/puppet_server.message":
       content => "Hello, Puppet Client!";
   }
}

然後,進入agent端,執行"puppet agent --test",即可同步server端的設定
root@0fa0658f528b:/etc/puppetlabs/puppet# puppet agent --test
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for 0fa0658f528b
Info: Applying configuration version '1508052730'
Notice: /Stage[main]/Main/Node[default]/File[/tmp/puppet_server.message]/ensure: defined content as '{md5}38febf090437aaf325733508da57a1cf'
Notice: Applied catalog in 0.02 seconds

同步完成後,可以檢查一下/tmp下,應該會出現"puppet_server.message"檔案,顯示Hello,Puppet Client!的內容...
root@0fa0658f528b:/etc/puppetlabs/puppet# ls -l /tmp/
total 4
-rw-r--r-- 1 root root 21 Oct 15 07:32 puppet_server.message 

範例二:自建module來安裝Apache HTTPD

root@puppet:/etc/puppetlabs/code# tree
.
|-- environments
|   `-- production
|       |-- data
|       |-- environment.conf
|       |-- hiera.yaml
|       |-- manifests
|       `-- modules
`-- modules

我們先建立apache module的目錄(/etc/puppetlabs/code/modules/apache),然後在該目錄下建立manifest與files資料夾... 然後到 /etc/puppetlabs/code/modules/apache/manifest下依序建立下面的設定檔...
── manifests
   ├── init.pp
   ├── install.pp
   ├── config.pp
   ├── service.pp

manitests/init.pp 是預設被讀取的檔案,通常用來定義變數、引用 class
class apache (
 String $package_name      = 'apache2',
 String $package_ensure    = 'installed',
 String $service_name      = 'apache2',
 String $service_ensure    = 'running',
 String $default_site_conf = '/etc/apache2/sites-enabled/default.conf',
 String $run_user          = 'www-data',
){
 contain apache::install
 contain apache::config
 contain apache::service

 Class['::apache::install']
 -> Class['::apache::config']
 ~> Class['::apache::service']
}

manitests/install.pp 用來定義如何安裝 package
class apache::install inherits apache {
 package { $apache::package_name:
   ensure => $apache::package_ensure
 }
}

manitests/service.pp 用來處理服務
class apache::service inherits apache {
 service {
   $apache::service_name:
   ensure => $apache::service_ensure,
   # subscribe => Package['apache'],
   require => Class['apache::install']
 }
}

manitests/config.pp 用來處理設定檔
class apache::config inherits apache {
 file { $apache::default_site_conf:
   ensure => file,
   owner  => $apache::run_user,
   source => "puppet:///modules/${module_name}/default.conf"
 }
}

files/default.conf 來描述apache的執行設定...

Timeout 60
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 5
UseCanonicalName Off
AccessFileName .htaccess
ServerTokens Full
ServerSignature Off
HostnameLookups Off

 RequestReadTimeout header=20-40,MinRate=500 body=20,MinRate=500


設定完成後,我們可以到agent的所在機器執行同步... 如果一切無誤,則client端會透過agent開始安裝與設定apache...

$ puppet agent --test
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for 0fa0658f528b
Info: Applying configuration version '1508075447'
Notice: /Stage[main]/Apache::Install/Package[apache2]/ensure: created
Notice: /Stage[main]/Apache::Config/File[/etc/apache2/sites-enabled/default.conf]/ensure: defined content as '{md5}0c72defe6a4e5486dffb8b38026bb3bf'
Info: Class[Apache::Config]: Scheduling refresh of Class[Apache::Service]
Info: Class[Apache::Service]: Scheduling refresh of Service[apache2]
Notice: /Stage[main]/Apache::Service/Service[apache2]/ensure: ensure changed 'stopped' to 'running'
Info: /Stage[main]/Apache::Service/Service[apache2]: Unscheduling refresh on Service[apache2]
Notice: Applied catalog in 261.30 seconds

參考網址

Puppet manage guide: https://shazi7804.gitbooks.io/puppet-manage-guide/

這個網誌中的熱門文章

使用 minikube 輕鬆上手 kubernetes

安裝minikube
macOS只需要透過brew即可快速安裝...
brew cask install minikube
Linux環境可以直接下載執行檔,放到環境變數可以吃到的路徑即可...
curl -Lo minikube https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64 && \ chmod +x minikube && \
sudo mv minikube /usr/local/bin/
Windows的下載網址如下: https://storage.googleapis.com/minikube/releases/latest/minikube-windows-amd64.exe
如果您的kubectl尚未安裝,可以直接使用google cloud sdk來安裝:
curl https://sdk.cloud.google.com | bash
gcloud components install kubectl
安裝完成後,原則上minikube會在本地端加入minikube的k8s context,我們可以透過下面指令來使用該context…
kubectl config use-context minikube
然後,可檢查一下您的minikube node是否正常運作....

Oracle LISTAGG

同事介紹的一個Oracle的好用查詢:LISTAGG
SELECT A.GROUP_ID,A.KEY, LISTAGG(A.VALUE,'; ')WITHINGROUP(ORDERBYA.VALUE)as GG  fromSYS_PROPERTIESaGROUP byA.GROUP_ID,A.KEY
LISTAGG可以將group後的結果會總顯示於一個欄位 上述SQL原本A.VALUE會是一個row一個row的排列 使用LISTAGG之後,可以將A.VALUE顯示在同一個row中 並且可以指定間隔符號(在此設定為';') 針對某一些報表查詢非常有用唷 :D

使用GCP Cloud Builder建置CI/CD Flow

服務的建置通常是持續性的作業,而部署則一般是專案初期建置一次,未來可以沿用該部署設定... 這樣的流程走向自動化,在Container的環境又更是重要... 本篇介紹一下,在Google雲端,我們可以搭配Source Repository與Build Trigger等服務來完成服務的自動建置與部屬,讓封裝Container與部署到Container Engine的動作可以一氣呵成...
首先幾單瞭解一下一個Container Engine服務的建置與部屬過程...
使先,建立Container Engine Cluster,透過GCP Winzard可以很快速地開立您的GKE Cluster…

假設您的cluster是叫做demo-cluster,則可以透過下面的指令來跟GKE建立連線
$ gcloud container clusters get-credentials demo-cluster --zone asia-east1-a
這串指令不用記ㄛ~可以在Cluster的頁面找到他...

點選複製,即可貼到您的Terminal執行...

跟GKE建立鏈結後,接下來可以部署您的城市,這邊我們以我的一個範例程式Demoweb (https://github.com/peihsinsu/demoweb) 為例,

這個專案中,包含幾個重要結構:
app/ : 放置您的程式,在Dockerfile中會將該資料匣複製到Docker Image中 k8s/ : 放置k8s的deployment與service描述檔 Dockerfile : 封裝docker的描述檔,會以node.js的image為基礎來建置執行環境 cloudbuild.yaml : Google Cloud Build Trigger的步驟描述檔