Foreman結合mcollective完成push動作 · Puppet運維實戰

### foreman架構的引入7-Foreman結合mcollective完成push動作 **注：**以下內容是在**foreman1.6.3+puppet2.6.2**環境下進行操作。更多配置請參考官網[http://theforeman.org/manuals/1.6/index.html](http://theforeman.org/manuals/1.6/index.html) 在foreman-proxy的1.6.3版本，至少提供了以下五種觸發puppet agent命令的工具，默認使用的是puppetrun，不過已經過時，這里介紹如何使用mcollective進行觸發，下個章節會介紹如何使用puppetssh觸發。 ~~~ # puppetrun (for puppetrun/kick, deprecated in Puppet 3) # mcollective (uses mco puppet) # puppetssh (run puppet over ssh) # salt (uses salt puppet.run) # customrun (calls a custom command with args) ~~~ 在整個測試之前，首先要保障你的mco+mq在命令行操作的情況下是OK的。如果沒有OK或者不懂什么是mco+mq，請參考之前的文章。如何是OK的？如下： ~~~ [root@puppetmaster162 yum.repos.d]# mco puppet -v runonce Discovering hosts using the mc method for 2 second(s) .... 1 * [ ============================================================> ] 1 / 1 puppetmaster162.kisspuppet.com : OK {:summary=> "Started a Puppet run using the 'puppet agent --test --color=false --splay --splaylimit 30' command"} ---- rpc stats ---- Nodes: 1 / 1 Pass / Fail: 1 / 0 Start Time: Wed Dec 17 16:22:15 +0800 2014 Discovery Time: 2004.22ms Agent Time: 71.49ms Total Time: 2075.70ms ~~~ ### 1、在Foreman中開啟puppet插件的puppetrun功能 ### 2、配置foreman-proxy代理的puppet的puppet_provider ~~~ [root@puppetmaster162 ~]# vim /etc/foreman-proxy/settings.d/puppet.yml --- # Puppet management :enabled: true :puppet_conf: /etc/puppet/puppet.conf # valid providers: # puppetrun (for puppetrun/kick, deprecated in Puppet 3) # mcollective (uses mco puppet) # puppetssh (run puppet over ssh) # salt (uses salt puppet.run) # customrun (calls a custom command with args) :puppet_provider: mcollective ... ~~~ ### 3、配置sudoer，添加mco命令 ~~~ [root@puppetmaster162 ~]# vim /etc/sudoers.d/foreman-proxy foreman-proxy ALL = NOPASSWD : /usr/bin/puppet cert *, /usr/bin/mco puppet runonce * Defaults:foreman-proxy !requiretty [root@puppetmaster162 ~]# /etc/init.d/foreman-proxy restart Stopping foreman-proxy: [ OK ] Starting foreman-proxy: [ OK ] ~~~ ### 4、頁面測試puppetrun按鈕成功之后的顯示 ### 5、查看報告看更詳細的信息 ~~~ #可以通過日志查看執行情況 [root@puppetmaster162 yum.repos.d]# tailf /var/log/foreman-proxy/proxy.log 192.168.20.11 - - [17/Dec/2014 16:25:36] "POST /run HTTP/1.1" 200 - 0.5454 以上 [root@puppetmaster162 ~]# cat /etc/foreman-proxy/settings.yml ... :log_file: /var/log/foreman-proxy/proxy.log # valid options are # WARN, DEBUG, Error, Fatal, INFO, UNKNOWN :log_level: DEBUG #開啟debug模式，顯示更詳細的信息，排錯的時候使用。1.5版本之前默認是開啟的 [root@puppetmaster162 yum.repos.d]# tailf /var/log/foreman-proxy/proxy.log I, [2014-12-17T16:27:43.148519 #24337] INFO -- : 'foreman_proxy' settings were initialized with default values: :enabled: true W, [2014-12-17T16:27:43.155592 #24337] WARN -- : Couldn't find settings file /etc/foreman-proxy/settings.d/facts.yml. Using default settings. I, [2014-12-17T16:27:43.155860 #24337] INFO -- : 'facts' settings were initialized with default values: :enabled: true I, [2014-12-17T16:27:43.163012 #24337] INFO -- : 'dns' module is disabled. I, [2014-12-17T16:27:43.163513 #24337] INFO -- : 'tftp' module is disabled. I, [2014-12-17T16:27:43.163933 #24337] INFO -- : 'dhcp' module is disabled. I, [2014-12-17T16:27:43.579571 #24337] INFO -- : 'puppet' settings were initialized with default values: :puppetdir: /etc/puppet I, [2014-12-17T16:27:43.583486 #24337] INFO -- : 'bmc' module is disabled. I, [2014-12-17T16:27:43.583655 #24337] INFO -- : 'chefproxy' module is disabled. I, [2014-12-17T16:27:43.583934 #24337] INFO -- : 'realm' module is disabled. D, [2014-12-17T16:28:15.059328 #24344] DEBUG -- : about to execute: /usr/bin/sudo -u root /usr/bin/mco puppet runonce -I puppetmaster162.kisspuppet.com 192.168.20.11 - - [17/Dec/2014 16:28:15] "POST /run HTTP/1.1" 200 - 0.5468 ~~~ 失敗的情況如下： ~~~ [root@puppetmaster162 ~]# tailf /var/log/foreman-proxy/proxy.log I, [2014-12-17T16:27:43.163933 #24337] INFO -- : 'dhcp' module is disabled. I, [2014-12-17T16:27:43.579571 #24337] INFO -- : 'puppet' settings were initialized with default values: :puppetdir: /etc/puppet I, [2014-12-17T16:27:43.583486 #24337] INFO -- : 'bmc' module is disabled. I, [2014-12-17T16:27:43.583655 #24337] INFO -- : 'chefproxy' module is disabled. I, [2014-12-17T16:27:43.583934 #24337] INFO -- : 'realm' module is disabled. D, [2014-12-17T16:28:15.059328 #24344] DEBUG -- : about to execute: /usr/bin/sudo -u root /usr/bin/mco puppet runonce -I puppetmaster162.kisspuppet.com 192.168.20.11 - - [17/Dec/2014 16:28:15] "POST /run HTTP/1.1" 200 - 0.5468 D, [2014-12-17T16:32:56.924849 #24344] DEBUG -- : about to execute: /usr/bin/sudo -u root /usr/bin/mco puppet runonce -I puppetmaster162.kisspuppet.com 192.168.20.11 - - [17/Dec/2014 16:32:57] "POST /run HTTP/1.1" 200 - 0.6095 D, [2014-12-17T16:32:57.878231 #24344] DEBUG -- : about to execute: /usr/bin/sudo -u root /usr/bin/mco puppet runonce -I foreman163.kisspuppet.com W, [2014-12-17T16:33:20.364704 #24344] WARN -- : Non-null exit code when executing '/usr/bin/sudo-uroot/usr/bin/mcopuppetrunonce-Iforeman163.kisspuppet.com' E, [2014-12-17T16:33:20.368673 #24344] ERROR -- : Failed puppet run: Check Log files 192.168.20.11 - - [17/Dec/2014 16:33:20] "POST /run HTTP/1.1" 500 34 22.4920 ~~~ **備注：**Foreman在命令執行后的顯示這塊做的其實很不好的，如何能夠將所有節點執行的情況動態或者顯示在界面上就更好了！