• MCollective架构篇4-MCollective各种插件的部署及测试
  • 1、在mcollective client端和server端安装各种官网plugins
  • 2、安装shell插件
  • 3、组合mcollective各种plugins完成各种任务组合

    MCollective架构篇4-MCollective各种插件的部署及测试

    MCollective只是一个框架,如果需要在上面发挥各种作用,那就需要各种插件的支持。官方提供了很多这方面的插件,除此之外,还有第三方的插件,比如shell插件等,下面会介绍各种插件的安装,以及插件之间如何组合进行使用。

    1、在mcollective client端和server端安装各种官网plugins

    首先去官网下载各个插件 http://yum.puppetlabs.com

    1.1 下载collective-client端

    1. [root@linuxmaster1poc ~]# rpm -qa | grep mco
    2. mcollective-service-common-3.1.2-1.noarch
    3. mcollective-client-2.2.4-1.el6.noarch
    4. mcollective-service-client-3.1.2-1.noarch
    5. mcollective-common-2.2.4-1.el6.noarch
    6. mcollective-iptables-common-3.0.1-1.noarch
    7. mcollective-filemgr-client-1.0.1-1.noarch
    8. mcollective-nrpe-client-3.0.2-1.noarch
    9. mcollective-puppet-client-1.6.0-1.noarch
    10. mcollective-nrpe-common-3.0.2-1.noarch
    11. mcollective-filemgr-common-1.0.1-1.noarch
    12. mcollective-iptables-client-3.0.1-1.noarch
    13. mcollective-puppet-common-1.6.0-1.noarch
    14. mcollective-facter-facts-1.0.0-1.noarch
    15. mcollective-package-client-4.2.0-1.noarch
    16. mcollective-package-common-4.2.0-1.noarch

    1.2 下载mcollecitve-server端

    1. [root@linux57poc ~]# rpm -qa | grep mco
    2. mcollective-nrpe-common-3.0.2-1
    3. mcollective-puppet-common-1.6.0-1
    4. mcollective-iptables-common-3.0.1-1
    5. mcollective-iptables-agent-3.0.1-1
    6. mcollective-2.2.4-1.el5
    7. mcollective-package-common-4.2.0-1
    8. mcollective-service-common-3.1.2-1
    9. mcollective-service-agent-3.1.2-1
    10. mcollective-puppet-agent-1.6.0-1
    11. mcollective-package-agent-4.2.0-1
    12. mcollective-filemgr-common-1.0.1-1
    13. mcollective-common-2.2.4-1.el5
    14. mcollective-facter-facts-1.0.0-1
    15. mcollective-filemgr-agent-1.0.1-1
    16. mcollective-nrpe-agent-3.0.2-1

    以上安装可写个package模块执行,以下只针对mcollective server端,安装完成之后记得重启服务,如果写了service模块可以自动刷新

    1.3 编写plugins.pp

    1. class mcollective::plugins{
    2. include mcollective::plugins_puppet,
    3. mcollective::plugins_facter,
    4. mcollective::plugins_filemgr,
    5. mcollective::plugins_iptables,
    6. # mcollective::plugins_nettest, #这个安装需要依赖包 ruby-net-ping,没找到
    7. mcollective::plugins_nrpe,
    8. mcollective::plugins_package,
    9. mcollective::plugins_service
    10. }
    11. #mco-client need install mcollective-puppet-client and mcollective-puppet-common
    12. class mcollective::plugins_puppet{
    13. package { ['mcollective-puppet-agent','mcollective-puppet-common']:
    14. ensure => installed,
    15. require => Class["mcollective::install"]
    16. }
    17. }
    18. #mco-client need install mcollective-facter-facts
    19. class mcollective::plugins_facter{
    20. package { 'mcollective-facter-facts':
    21. ensure => installed,
    22. require => Class["mcollective::install"]
    23. }
    24. }
    25. #mco-client need install mcollective-filemgr-client and mcollective-filemgr-common
    26. class mcollective::plugins_filemgr{
    27. package { ['mcollective-filemgr-agent','mcollective-filemgr-common']:
    28. ensure => installed,
    29. require => Class["mcollective::install"]
    30. }
    31. }
    32. #mco-client need install mcollective-iptables-client and mcollective-iptables-common
    33. class mcollective::plugins_iptables{
    34. package { ['mcollective-iptables-agent','mcollective-iptables-common']:
    35. ensure => installed,
    36. require => Class["mcollective::install"]
    37. }
    38. }
    39. #mco-client need install mcollective-nettest-client and mcollective-nettest-common
    40. class mcollective::plugins_nettest{
    41. package { ['mcollective-nettest-agent','mcollective-nettest-common']:
    42. ensure => installed,
    43. require => Class["mcollective::install"]
    44. }
    45. }
    46. #mco-client need install mcollective-nrpe-client and mcollective-nrpe-common
    47. class mcollective::plugins_nrpe{
    48. package { ['mcollective-nrpe-agent','mcollective-nrpe-common']:
    49. ensure => installed,
    50. require => Class["mcollective::install"]
    51. }
    52. }
    53. #mco-client need install mcollective-package-client and mcollective-package-common
    54. class mcollective::plugins_package{
    55. package { ['mcollective-package-agent','mcollective-package-common']:
    56. ensure => installed,
    57. require => Class["mcollective::install"]
    58. }
    59. }
    60. #mco-client need install mcollective-service-client and mcollective-service-common
    61. class mcollective::plugins_service{
    62. package { ['mcollective-service-agent','mcollective-service-common']:
    63. ensure => installed,
    64. require => Class["mcollective::install"]
    65. }
    66. }

    1.4 编写conf.pp

    1. class mcollective::service{
    2. service { 'mcollective':
    3. ensure => running,
    4. hasstatus => true,
    5. hasrestart => true,
    6. enable => true,
    7. subscribe => Class['mcollective::config'],
    8. }
    9. }

    1.5 mcollective-client端安装好之后,可通过mco命令查看

    1. [root@linuxmaster1poc ~]# mco
    2. The Marionette Collective version 2.2.4
    3. usage: /usr/bin/mco command <options>
    4. Known commands:
    5. completion facts filemgr
    6. find help inventory
    7. iptables nrpe package
    8. ping plugin puppet
    9. rpc service shell
    10. Type '/usr/bin/mco help' for a detailed list of commands and '/usr/bin/mco help command'
    11. to get detailed help for a command

    1.6 mcollective-server端安装好之后,可在mco-client端查看

    1. [root@linuxmaster1poc ~]# mco inventory linux57poc
    2. Inventory for linux57poc:
    3. Server Statistics:
    4. Version: 2.2.4
    5. Start Time: Fri Dec 13 08:15:46 +0800 2013
    6. Config File: /etc/mcollective/server.cfg
    7. Collectives: mcollective
    8. Main Collective: mcollective
    9. Process ID: 23268
    10. Total Messages: 16
    11. Messages Passed Filters: 16
    12. Messages Filtered: 0
    13. Expired Messages: 0
    14. Replies Sent: 15
    15. Total Processor Time: 0.71 seconds
    16. System Time: 0.15 seconds
    17. Agents: #都加载上了
    18. discovery filemgr nrpe
    19. package puppet rpcutil
    20. service shell
    21. Data Plugins:
    22. agent fstat nrpe
    23. puppet resource service
    24. Configuration Management Classes:
    25. No classes applied
    26. Facts:
    27. architecture => x86_64
    28. augeasversion => 0.10.0
    29. bios_release_date => 06/22/2012
    30. bios_vendor => Phoenix Technologies LTD
    31. bios_version => 6.00
    32. blockdevice_fd0_size => 4096
    33. blockdevice_hdc_size => 3834736640
    34. 。。。

    注意: 接下来测试各种命令的操作组合,这里只举一些例子,更多信息可参考—help或者参考官网

    2、安装shell插件

    插件下载地址:https://github.com/kisspuppet/mcollective-plugins,有github客户端的童鞋可直接clone https://github.com/kisspuppet/mcollective-plugins.git

    2.1、下载插件放在对应的目录里即可

    1. mcollective-client
    2. [root@linuxmaster1poc ~]# ll /usr/libexec/mcollective/mcollective/application/ | grep shell
    3. -rw-r--r-- 1 root root 1601 Aug 6 06:36 shell.rb
    4. [root@linuxmaster1poc ~]# ll /usr/libexec/mcollective/mcollective/agent/ | grep shell
    5. -rw-r--r-- 1 root root 1017 Aug 6 06:36 shell.ddl
    6. -rw-r--r-- 1 root root 862 Aug 6 06:36 shell.rb
    7. mcollective-server
    8. [root@linux57poc agent]# ll /usr/libexec/mcollective/mcollective/agent/ | grep shell
    9. -rw-r--r-- 1 root root 1017 Aug 6 06:36 shell.ddl
    10. -rw-r--r-- 1 root root 862 Aug 6 06:36 shell.rb

    备注:mcollective-server端部署完成之后,记得重启mcollective服务。

    2.2、 查看shell插件是否加载成功

    从下面可以看出mcollective-client端shell插件已经有了

    1. [root@linuxmaster1poc ~]# mco The Marionette Collective version 2.2.4 usage: /usr/bin/mco command Known commands: completion facts find
    2. help inventory ping
    3. plugin puppet rpc
    4. shell #shell插件加载OK
    5. Type '/usr/bin/mco help' for a detailed list of commands and '/usr/bin/mco help command' to get detailed help for a command

    从下面可以看出mcollective-server端shell插件也加载了

    1. [root@linuxmaster1poc ~]# mco inventory linux57poc
    2. Inventory for linux57poc:
    3. Server Statistics:
    4. Version: 2.2.4
    5. Start Time: Fri Dec 13 01:14:14 +0800 2013
    6. Config File: /etc/mcollective/server.cfg
    7. Collectives: mcollective
    8. Main Collective: mcollective
    9. Process ID: 23898
    10. Total Messages: 10
    11. Messages Passed Filters: 10
    12. Messages Filtered: 0
    13. Expired Messages: 0
    14. Replies Sent: 9
    15. Total Processor Time: 0.73 seconds
    16. System Time: 0.17 seconds
    17. Agents:
    18. discovery puppet rpcutil
    19. shell #shell插件加载OK
    20. Data Plugins:
    21. agent fstat puppet
    22. resource
    23. Configuration Management Classes:
    24. No classes applied
    25. Facts:
    26. architecture => x86_64
    27. augeasversion => 0.10.0
    28. bios_release_date => 06/22/2012
    29. bios_vendor => Phoenix Technologies LTD
    30. bios_version => 6.00
    31. blockdevice_fd0_size => 4096
    32. blockdevice_hdc_size => 3834736640
    33. blockdevice_sda_model => Virtual disk
    34. blockdevice_sda_size => 42949672960
    35. 。。。

    2.3、通过shell插件执行shell命令

    1. mco shell帮助信息
    2. [root@linuxmaster1poc ~]# mco shell --help
    3. MCollective Distributed Shell
    4. Usage: mco shell <CMD>
    5. The CMD is a string
    6. EXAMPLES:
    7. mco shell uptime
    8. --np, --no-progress Do not show the progress bar
    9. -1, --one Send request to only one discovered nodes
    10. --batch SIZE Do requests in batches
    11. --batch-sleep SECONDS Sleep time between batches
    12. --limit-seed NUMBER Seed value for deterministic random batching
    13. --limit-nodes, --ln, --limit COUNT
    14. Send request to only a subset of nodes, can be a percentage
    15. -j, --json Produce JSON output
    16. --display MODE Influence how results are displayed. One of ok, all or failed
    17. -c, --config FILE Load configuratuion from file rather than default
    18. -v, --verbose Be verbose
    19. -h, --help Display this screen
    20. Common Options
    21. -T, --target COLLECTIVE Target messages to a specific sub collective
    22. --dt, --discovery-timeout SECONDS
    23. Timeout for doing discovery
    24. -t, --timeout SECONDS Timeout for calling remote agents
    25. -q, --quiet Do not be verbose
    26. --ttl TTL Set the message validity period
    27. --reply-to TARGET Set a custom target for replies
    28. --dm, --disc-method METHOD Which discovery method to use
    29. --do, --disc-option OPTION Options to pass to the discovery method
    30. --nodes FILE List of nodes to address
    31. Host Filters
    32. -W, --with FILTER Combined classes and facts filter
    33. -S, --select FILTER Compound filter combining facts and classes
    34. -F, --wf, --with-fact fact=val Match hosts with a certain fact
    35. -C, --wc, --with-class CLASS Match hosts with a certain config management class
    36. -A, --wa, --with-agent AGENT Match hosts with a certain agent
    37. -I, --wi, --with-identity IDENT Match hosts with a certain configured identity
    38. The Marionette Collective 2.2.4

    显示对端uptime命令负载情况

    1. [root@linuxmaster1poc ~]# mco shell "uptime"
    2. Do you really want to send this command unfiltered? (y/n): y
    3. Discovering hosts using the mc method for 2 second(s) .... 3
    4. Host: linux58poc
    5. Statuscode: 0
    6. Output:
    7. 02:45:02 up 21:10, 2 users, load average: 0.00, 0.00, 0.00
    8. Host: linux64poc
    9. Statuscode: 0
    10. Output:
    11. 02:45:02 up 20:59, 1 user, load average: 0.00, 0.00, 0.00
    12. Host: linux57poc
    13. Statuscode: 0
    14. Output:
    15. 02:45:02 up 21:04, 3 users, load average: 0.00, 0.00, 0.00

    显示所有节点/etc/password文件中puppet用户哪一行

    1. [root@linuxmaster1poc ~]# mco shell "cat /etc/passwd | grep puppet"
    2. Do you really want to send this command unfiltered? (y/n): y
    3. Discovering hosts using the mc method for 2 second(s) .... 3
    4. Host: linux58poc
    5. Statuscode: 0
    6. Output:
    7. puppet:x:52:52:Puppet:/var/lib/puppet:/sbin/nologin
    8. Host: linux64poc
    9. Statuscode: 0
    10. Output:
    11. puppet:x:52:52:Puppet:/var/lib/puppet:/sbin/nologin
    12. Host: linux57poc
    13. Statuscode: 0
    14. Output:
    15. puppet:x:52:52:Puppet:/var/lib/puppet:/sbin/nologin

    修改其中一台主机的root密码

    1. [root@linuxmaster1poc ~]# mco shell "echo redhat | passwd root --stdin" -I linux57poc
    2. Host: linux57poc
    3. Statuscode: 0
    4. Output:
    5. Changing password for user root.
    6. passwd: all authentication tokens updated successfully.

    备注:更多操作步骤可参考mco shell —help帮助。

    警告:基于mcollective的shell插件虽然功能很强大,除了动态显示的命令之外,其它root能操作的,它基本上都能操作。所以操作也非常危险,可根据生产环境实际情况而定。

    注意: 接下来测试各种命令的操作组合,这里只举一些例子,更多信息可参考—help或者参考官网

    3、组合mcollective各种plugins完成各种任务组合

    3.1、停止操作系统为RHEL5.x服务器的crond任务

    先查看5.x系统crond的状态,使用插件 service、facts

    1. [root@linuxmaster1poc ~]# mco service crond status -F operatingsystemmajrelease=5
    2. * [ ============================================================> ] 2 / 2
    3. linux57poc: running
    4. linux58poc: running
    5. Summary of Service Status:
    6. running = 2
    7. Finished processing 2 / 2 hosts in 184.79 ms

    然后通过service插件停止服务,使用插件 service、facts

    1. [root@linuxmaster1poc ~]# mco service crond stop -F operatingsystemmajrelease=5
    2. * [ ============================================================> ] 2 / 2
    3. Summary of Service Status:
    4. stopped = 2
    5. Finished processing 2 / 2 hosts in 914.76 ms

    再次查看过滤的主机crond服务是否被停掉,使用插件 service、facts

    1. [root@linuxmaster1poc ~]# mco service crond status -F operatingsystemmajrelease=5
    2. * [ ============================================================> ] 2 / 2
    3. linux57poc: stopped
    4. linux58poc: stopped
    5. Summary of Service Status:
    6. stopped = 2
    7. Finished processing 2 / 2 hosts in 125.87 ms

    也可以通过shell插件实现,使用到插件为shell、service、facts

    1. [root@linuxmaster1poc ~]# mco shell "service crond status" -F operatingsystemmajrelease=5
    2. Discovering hosts using the mc method for 2 second(s) .... 2
    3. Host: linux57poc
    4. Statuscode: 3
    5. Output:
    6. crond is stopped
    7. Host: linux58poc
    8. Statuscode: 3
    9. Output:
    10. crond is stopped

    3.2、使用mco对自定义fact_apply4=app的主机做一次变更,要求环境为testing,模式为noop

    首先查看下那些主机具备有这个自定义fact,使用的插件为find、inventory

    1. [root@linuxmaster1poc ~]# for i in `mco find` ; do echo $i; mco inventory $i | grep fact_apply4; done
    2. linux58poc
    3. fact_apply4 => app
    4. linux57poc
    5. linux64poc
    6. fact_apply4 => app

    其次按要求做变更即可,使用到的插件为puppet,facts

    1. [root@linuxmaster1poc ~]# mco puppet -v runonce --environment=testing --noop -F fact_apply4=app
    2. Discovering hosts using the mc method for 2 second(s) .... 2
    3. * [ ============================================================> ] 2 / 2
    4. linux64poc : OK
    5. {:summary=> "Started a background Puppet run using the 'puppet agent --onetime --daemonize --color=false --splay --splaylimit 30 --noop --environment testing' command"}
    6. linux58poc : OK
    7. {:summary=> "Started a background Puppet run using the 'puppet agent --onetime --daemonize --color=false --splay --splaylimit 30 --noop --environment testing' command"}
    8. ---- rpc stats ----
    9. Nodes: 2 / 2
    10. Pass / Fail: 2 / 0
    11. Start Time: Fri Dec 13 09:10:50 +0800 2013
    12. Discovery Time: 2003.32ms
    13. Agent Time: 884.34ms
    14. Total Time: 2887.67ms

    变更完成后,迅速查看节点运行情况,使用到的插件为puppet

    1. [root@linuxmaster1poc ~]# mco puppet status
    2. * [ ============================================================> ] 3 / 3
    3. linux64poc: Currently idling; last completed run 54 seconds ago
    4. linux58poc: Currently applying a catalog; last completed run 1 minutes 12 seconds ago
    5. linux57poc: Currently stopped; last completed run 22 minutes 57 seconds ago
    6. Summary of Applying:
    7. false = 2
    8. true = 1
    9. Summary of Daemon Running:
    10. running = 2
    11. stopped = 1
    12. Summary of Enabled:
    13. enabled = 3
    14. Summary of Idling:
    15. false = 2
    16. true = 1
    17. Summary of Status:
    18. idling = 1
    19. stopped = 1
    20. applying a catalog = 1
    21. Finished processing 3 / 3 hosts in 263.72 ms

    3.3、远程改所有系统为RHEL6.4主机root的密码,使用到的插件为shell,facts

    1. [root@linuxmaster1poc ~]# mco shell "echo redhat | passwd root --stdin" -F operatingsystemrelease=6.4
    2. Discovering hosts using the mc method for 2 second(s) .... 1
    3. Host: linux64poc
    4. Statuscode: 0
    5. Output:
    6. Changing password for user root.
    7. passwd: all authentication tokens updated successfully.

    3.4、查看所有节点puppet和facter安装包的版本信息,使用到的插件为package

    1. [root@linuxmaster1poc ~]# mco package status puppet
    2. * [ ============================================================> ] 3 / 3
    3. linux64poc: puppet-2.7.23-1.el6.noarch
    4. linux57poc: puppet-2.7.23-1.el5.noarch
    5. linux58poc: puppet-2.7.23-1.el5.noarch
    6. Summary of Arch:
    7. noarch = 3
    8. Summary of Ensure:
    9. 2.7.23-1.el5 = 2
    10. 2.7.23-1.el6 = 1
    11. Finished processing 3 / 3 hosts in 635.21 ms
    12. [root@linuxmaster1poc ~]# mco package status facter
    13. * [ ============================================================> ] 3 / 3
    14. linux58poc: facter-1.7.3-1.el5.x86_64
    15. linux64poc: facter-1.7.3-1.el6.x86_64
    16. linux57poc: facter-1.7.3-1.el5.x86_64
    17. Summary of Arch:
    18. x86_64 = 3
    19. Summary of Ensure:
    20. 1.7.3-1.el5 = 2
    21. 1.7.3-1.el6 = 1
    22. Finished processing 3 / 3 hosts in 124.99 ms

    更多的功能可通过以下方式查看:

    1. [root@linuxmaster1poc ~]# mco puppet -h
    2. Schedule runs, enable, disable and interrogate the Puppet Agent
    3. Usage: mco puppet [OPTIONS] [FILTERS] <ACTION> [CONCURRENCY|MESSAGE]
    4. Usage: mco puppet <count|enable|status|summary>
    5. Usage: mco puppet disable [message]
    6. Usage: mco puppet runonce [PUPPET OPTIONS]
    7. Usage: mco puppet resource type name property1=value property2=value
    8. Usage: mco puppet runall [--rerun SECONDS] [PUPPET OPTIONS]
    9. The ACTION can be one of the following:
    10. count - return a total count of running, enabled, and disabled nodes
    11. enable - enable the Puppet Agent if it was previously disabled
    12. disable - disable the Puppet Agent preventing catalog from being applied
    13. resource - manage individual resources using the Puppet Type (RAL) system
    14. runall - invoke a puppet run on matching nodes, making sure to only run
    15. CONCURRENCY nodes at a time
    16. runonce - invoke a Puppet run on matching nodes
    17. status - shows a short summary about each Puppet Agent status
    18. summary - shows resource and run time summaries
    19. --force Bypass splay options when running
    20. --server SERVER Connect to a specific server or port
    21. --tags, --tag TAG Restrict the run to specific tags
    22. --noop Do a noop run
    23. --no-noop Do a run with noop disabled
    24. --environment ENVIRONMENT Place the node in a specific environment for this run
    25. --splay Splay the run by up to splaylimit seconds
    26. --no-splay Do a run with splay disabled
    27. --splaylimit SECONDS Maximum splay time for this run if splay is set
    28. --ignoreschedules Disable schedule processing
    29. --rerun SECONDS When performing runall do so repeatedly with a minimum run time of SECONDS
    30. --np, --no-progress Do not show the progress bar
    31. -1, --one Send request to only one discovered nodes
    32. --batch SIZE Do requests in batches
    33. --batch-sleep SECONDS Sleep time between batches
    34. --limit-seed NUMBER Seed value for deterministic random batching
    35. --limit-nodes, --ln, --limit COUNT
    36. Send request to only a subset of nodes, can be a percentage
    37. -j, --json Produce JSON output
    38. --display MODE Influence how results are displayed. One of ok, all or failed
    39. -c, --config FILE Load configuratuion from file rather than default
    40. -v, --verbose Be verbose
    41. -h, --help Display this screen
    42. Common Options
    43. -T, --target COLLECTIVE Target messages to a specific sub collective
    44. --dt, --discovery-timeout SECONDS
    45. Timeout for doing discovery
    46. -t, --timeout SECONDS Timeout for calling remote agents
    47. -q, --quiet Do not be verbose
    48. --ttl TTL Set the message validity period
    49. --reply-to TARGET Set a custom target for replies
    50. --dm, --disc-method METHOD Which discovery method to use
    51. --do, --disc-option OPTION Options to pass to the discovery method
    52. --nodes FILE List of nodes to address
    53. Host Filters
    54. -W, --with FILTER Combined classes and facts filter
    55. -S, --select FILTER Compound filter combining facts and classes
    56. -F, --wf, --with-fact fact=val Match hosts with a certain fact
    57. -C, --wc, --with-class CLASS Match hosts with a certain config management class
    58. -A, --wa, --with-agent AGENT Match hosts with a certain agent
    59. -I, --wi, --with-identity IDENT Match hosts with a certain configured identity
    60. The Marionette Collective 2.2.4