零基础学习Puppet自动化配置管理系列文档
存在这样一种场景,当你的puppet基于mcollective环境搭建完成之后,需要考虑MQ的高可用,否则,MQ挂掉之后就不能用mco命令进行推送了哦。 如何做MQ的高可用呢,其实有两种方法: 方法一:两台MQ做集群,通过复制队列信息进行同步,节点访问可通过浮动IP进行。 方法二:两台MQ独立,在MC Server端做failover,通过rabbtimq的plugins参数实现,可设置自动检测,切换时间等等。
一、配置Rabbitmq
安装(略),可参考或
1. 开启插件rabbitmq_stomp
[root@linuxmaster1poc ~]# rabbitmq-plugins enable rabbitmq_stompThe following plugins have been enabled: rabbitmq_stompPlugin configuration has changed. Restart RabbitMQ for changes to take effect.
2. 添加tcp监听端口和范围
[root@linuxmaster1poc ~]# vim /etc/rabbitmq/rabbitmq.config[ {rabbitmq_stomp, [{tcp_listeners, [61613]}]}]. 备注:可参考
3. 创建账户并设置权限
如果你以前配置过,建议将配置清空
[root@linuxmaster1poc ~]# rabbitmqctl stop_appStopping node rabbit@linuxmaster1poc ......done.[root@linuxmaster1poc ~]# rabbitmqctl resetResetting node rabbit@linuxmaster1poc ......done.[root@linuxmaster1poc ~]# rabbitmqctl start_appStarting node rabbit@linuxmaster1poc ......done.
删除默认用户guest,添加三个用户(web_admin-http访问用,admin--管理员,mc_rabbitmq--mcollective链接用)
[root@linuxmaster1poc ~]# rabbitmqctl list_usersListing users ...guest [administrator]...done.[root@linuxmaster1poc ~]# rabbitmqctl delete_user guestDeleting user "guest" ......done.[root@linuxmaster1poc ~]# rabbitmqctl add_user mc_rabbitmq 123.comCreating user "mc_rabbitmq" ......done.[root@linuxmaster1poc ~]# rabbitmqctl add_user admin password=123.com Creating user "admin" ......done.[root@linuxmaster1poc ~]# rabbitmqctl add_user web_admin 123.comCreating user "web_admin" ......done.
设置用户的角色
[root@linuxmaster1poc ~]# rabbitmqctl set_user_tags admin administratorSetting tags for user "admin" to [administrator] ......done.[root@linuxmaster1poc ~]# rabbitmqctl set_user_tags web_admin monitoringSetting tags for user "web_admin" to [monitoring] ......done.
创建虚拟主机组
[root@linuxmaster1poc ~]# rabbitmqctl add_vhost /mcollectiveCreating vhost "/mcollective" ......done.
设置用户访问虚拟主机组的权限
[root@linuxmaster1poc ~]# rabbitmqctl set_permissions -p "/mcollective" mc_rabbitmq ".*" ".*" ".*"Setting permissions for user "mc_rabbitmq" in vhost "/mcollective" ......done.[root@linuxmaster1poc ~]# rabbitmqctl set_permissions -p "/mcollective" admin ".*" ".*" ".*"Setting permissions for user "admin" in vhost "/mcollective" ......done.[root@linuxmaster1poc ~]# rabbitmqctl set_permissions -p "/mcollective" web_admin ".*" ".*" ".*"Setting permissions for user "web_admin" in vhost "/mcollective" ......done.
重启rabbitmq-server服务
[root@linuxmaster1poc ~]# /etc/init.d/rabbitmq-server restartRestarting rabbitmq-server: SUCCESSrabbitmq-server.
查看用户以及角色是否创建成功
[root@linuxmaster1poc ~]# rabbitmqctl list_usersListing users ...admin [administrator]mc_rabbitmq []web_admin [monitoring]...done.
查看虚拟主机组“/mcollective”中所有用户的权限
[root@linuxmaster1poc ~]# rabbitmqctl list_permissions -p "/mcollective"Listing permissions in vhost "/mcollective" ...admin .* .* .*mc_rabbitmq .* .* .*web_admin .* .* .*...done.[root@linuxmaster1poc ~]#
4、登录
默认配置
[root@linuxmaster1poc ~]# rabbitmqctl list_exchanges -p "/mcollective"Listing exchanges ... directamq.direct directamq.fanout fanoutamq.headers headersamq.match headersamq.rabbitmq.trace topicamq.topic topic...done.
exchanges设置
设置后更新配置
exchanges设置
[root@linuxmaster1poc ~]# rabbitmqctl list_exchanges -p "/mcollective"Listing exchanges ... directamq.direct directamq.fanout fanoutamq.headers headersamq.match headersamq.rabbitmq.trace topicamq.topic topicmcollective_broadcast topicmcollective_directed direct...done.
备注:可参考官网设置
二、 配置MCollective:
1. 配置mcollective client端
[root@linuxmaster1poc testing]# cat /etc/mcollective/client.cfg topicprefix = /topic/main_collective = mcollectivecollectives = mcollectivelibdir = /usr/libexec/mcollectivelogger_type = console#loglevel = debugloglevel = warn# Pluginssecurityprovider = pskplugin.psk = a36cd839414370e10fd281b8a38a4f48direct_addressing = 1connector = rabbitmqplugin.rabbitmq.vhost = /mcollective #虚拟主机plugin.rabbitmq.pool.size = 2 #设置地址池里有两个mqplugin.rabbitmq.initial_reconnect_delay = 0.01plugin.rabbitmq.max_reconnect_delay = 30.0 #重连时间plugin.rabbitmq.use_exponential_back_off = trueplugin.rabbitmq.back_off_multiplier = 2plugin.rabbitmq.max_reconnect_attempts = 0plugin.rabbitmq.randomize = falseplugin.rabbitmq.timeout = -1plugin.rabbitmq.pool.1.host = 192.168.100.120plugin.rabbitmq.pool.1.port = 61613plugin.rabbitmq.pool.1.user = mc_rabbitmqplugin.rabbitmq.pool.1.password = 123.complugin.rabbitmq.pool.1.ssl = false plugin.rabbitmq.pool.2.host = 192.168.100.121plugin.rabbitmq.pool.2.port = 61613plugin.rabbitmq.pool.2.user = mc_rabbitmqplugin.rabbitmq.pool.2.password = 123.complugin.rabbitmq.pool.2.ssl = false # Factsfactsource = yamlplugin.yaml = /etc/mcollective/facts.yaml
2. 配置mcollective server端
[root@linux57poc tmp]# cat /etc/mcollective/server.cfg# --Global--topicprefix = /topic/main_collective = mcollectivecollectives = mcollectivelibdir = /usr/libexec/mcollectivelogfile = /var/log/puppet/mcollective.logloglevel = infodaemonize = 1# --rabbitmq Plugins--securityprovider = pskplugin.psk = a36cd839414370e10fd281b8a38a4f48direct_addressing = 1connector = rabbitmqplugin.rabbitmq.vhost = /mcollective plugin.rabbitmq.pool.size = 2plugin.rabbitmq.initial_reconnect_delay = 0.01plugin.rabbitmq.max_reconnect_delay = 30.0plugin.rabbitmq.use_exponential_back_off = trueplugin.rabbitmq.back_off_multiplier = 2plugin.rabbitmq.max_reconnect_attempts = 0plugin.rabbitmq.randomize = falseplugin.rabbitmq.timeout = -1plugin.rabbitmq.pool.1.host = 192.168.100.120plugin.rabbitmq.pool.1.port = 61613plugin.rabbitmq.pool.1.user = mc_rabbitmqplugin.rabbitmq.pool.1.password = 123.complugin.rabbitmq.pool.1.ssl = false plugin.rabbitmq.pool.2.host = 192.168.100.121plugin.rabbitmq.pool.2.port = 61613plugin.rabbitmq.pool.2.user = mc_rabbitmqplugin.rabbitmq.pool.2.password = 123.complugin.rabbitmq.pool.2.ssl = false # --Puppet provider specific options--plugin.service.provider = puppetplugin.service.puppet.hasstatus = trueplugin.service.puppet.hasrestart = trueplugin.puppet.command = puppet agentplugin.puppet.splay = trueplugin.puppet.splaylimit = 30plugin.puppet.config = /etc/puppet/puppet.conf# --Facts--factsource = yaml##factsource = facterplugin.yaml = /etc/mcollective/facts.yaml
三、高可用测试
特别注意: 节点mcollective的server.cfg中pool是有优先级的,默认数字小的生效,这点需要注意,也就是说当所有节点都连接在MQ2上的时候,启动MQ1,mco命令是无法使用的,因为它在运行的时候连接的是MQ1,而所有节点都连接在MQ2上。
1. 停止MQ1,查看切换状态
1.1 先看当前的节点连接状态
[root@linuxmaster1poc ~]# mco ping #查看连接的节点linux57poc time=69.46 mslinux58poc time=70.05 mslinux64poc time=70.59 ms---- ping statistics ----3 replies max: 70.59 min: 69.46 avg: 70.03 [root@linuxmaster1poc ~]# mco shell "lsof -i:61613" #查看所有节点监听的端口情况,可以看到目前都连接在linuxmaster1poc上。Do you really want to send this command unfiltered? (y/n): yDiscovering hosts using the mc method for 2 second(s) .... 3Host: linux64pocStatuscode: 0Output:COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAMEruby 36625 root 6u IPv4 27771 0t0 TCP linux64poc:40493->linuxmaster1poc:61613 (ESTABLISHED)Host: linux58pocStatuscode: 0Output:COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAMEruby 11060 root 6u IPv4 34046 0t0 TCP linux58poc:36295->linuxmaster1poc:61613 (ESTABLISHED)Host: linux57pocStatuscode: 0Output:COMMAND PID USER FD TYPE DEVICE SIZE NODE NAMEruby 18076 root 6u IPv4 1351365 TCP linux57poc:24698->linuxmaster1poc:61613 (ESTABLISHED)[root@linuxmaster1poc ~]# /etc/init.d/rabbitmq-server stopStopping rabbitmq-server: rabbitmq-server.
1.2 再次运行mco查看切换状态
[root@linuxmaster1poc ~]# mco pinglinux58poc time=73.54 mslinux64poc time=74.61 mslinux57poc time=75.39 ms---- ping statistics ----3 replies max: 75.39 min: 73.54 avg: 74.51 [root@linuxmaster1poc ~]# mco shell "lsof -i:61613" Do you really want to send this command unfiltered? (y/n): yDiscovering hosts using the mc method for 2 second(s) .... 3Host: linux58pocStatuscode: 0Output:COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAMEruby 11060 root 6u IPv4 34046 0t0 TCP linux58poc:36295->linuxmaster1poc:61613 (CLOSE_WAIT)ruby 11060 root 9u IPv4 34137 0t0 TCP linux58poc:47200->linuxmaster2poc:61613 (ESTABLISHED)Host: linux64pocStatuscode: 0Output:COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAMEruby 36625 root 6u IPv4 27771 0t0 TCP linux64poc:40493->linuxmaster1poc:61613 (CLOSE_WAIT)ruby 36625 root 8u IPv4 27877 0t0 TCP linux64poc:37472->linuxmaster2poc:61613 (ESTABLISHED)Host: linux57pocStatuscode: 0Output:COMMAND PID USER FD TYPE DEVICE SIZE NODE NAMEruby 18076 root 9u IPv4 1351484 TCP linux57poc:9309->linuxmaster2poc:61613 (ESTABLISHED)
通过日志查看
[root@linuxmaster1poc ~]# mco shell "lsof -i:61613"Do you really want to send this command unfiltered? (y/n): yDiscovering hosts using the mc method for 2 second(s) .... 3Host: linux58pocStatuscode: 0Output:COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAMEruby 11428 root 6u IPv4 34283 0t0 TCP linux58poc:36300->linuxmaster1poc:61613 (CLOSE_WAIT)ruby 11428 root 8u IPv4 34338 0t0 TCP linux58poc:47205->linuxmaster2poc:61613 (ESTABLISHED)Host: linux57pocStatuscode: 0Output:COMMAND PID USER FD TYPE DEVICE SIZE NODE NAMEruby 18447 root 6u IPv4 1351559 TCP linux57poc:59343->linuxmaster1poc:61613 (CLOSE_WAIT)ruby 18447 root 8u IPv4 1351622 TCP linux57poc:29757->linuxmaster2poc:61613 (ESTABLISHED)Host: linux64pocStatuscode: 0Output:COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAMEruby 37054 root 4u IPv4 28036 0t0 TCP linux64poc:37476->linuxmaster2poc:61613 (ESTABLISHED)ruby 37054 root 6u IPv4 27990 0t0 TCP linux64poc:40497->linuxmaster1poc:61613 (CLOSE_WAIT)
总结:可以看到之前的连接已经变成CLOSE_WAIT,新的连接被建立
2. 停止MQ2,启动MQ1 查看切换状态
[root@linuxmaster2poc rabbitmq]# /etc/init.d/rabbitmq-server stopStopping rabbitmq-server: rabbitmq-server.[root@linux57poc service]# lsof -i:61613COMMAND PID USER FD TYPE DEVICE SIZE NODE NAMEruby 18447 root 6u IPv4 1351559 TCP linux57poc:59343->linuxmaster1poc:61613 (CLOSE_WAIT)ruby 18447 root 8u IPv4 1351622 TCP linux57poc:29757->linuxmaster2poc:61613 (CLOSE_WAIT)[root@linux58poc ~]# lsof -i:61613COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAMEruby 11428 root 6u IPv4 34283 0t0 TCP linux58poc:36300->linuxmaster1poc:61613 (CLOSE_WAIT)ruby 11428 root 8u IPv4 34338 0t0 TCP linux58poc:47205->linuxmaster2poc:61613 (CLOSE_WAIT)[root@linux64poc ~]# lsof -i:61613COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAMEruby 37054 root 4u IPv4 28036 0t0 TCP linux64poc:37476->linuxmaster2poc:61613 (CLOSE_WAIT)ruby 37054 root 6u IPv4 27990 0t0 TCP linux64poc:40497->linuxmaster1poc:61613 (CLOSE_WAIT)[root@linuxmaster1poc ~]# /etc/init.d/rabbitmq-server startStarting rabbitmq-server: SUCCESSrabbitmq-server.
根据 plugin.rabbitmq.max_reconnect_delay = 30.0,需要过最多30秒,mcollective服务端会重新建立连接请求
[root@linuxmaster1poc ~]# tailf /var/log/rabbitmq/rabbit\@linuxmaster1poc.log=INFO REPORT==== 24-Dec-2013::11:00:45 ===accepting STOMP connection <0.332.0> (192.168.100.126:36316 -> 192.168.100.120:61613)=INFO REPORT==== 24-Dec-2013::11:00:45 ===accepting STOMP connection <0.348.0> (192.168.100.125:18945 -> 192.168.100.120:61613)=INFO REPORT==== 24-Dec-2013::11:00:45 ===accepting STOMP connection <0.382.0> (192.168.100.127:40513 -> 192.168.100.120:61613)[root@linuxmaster1poc ~]# mco pinglinux58poc time=70.60 mslinux57poc time=71.32 mslinux64poc time=111.56 ms---- ping statistics ----3 replies max: 111.56 min: 70.60 avg: 84.49 [root@linuxmaster1poc ~]# mco shell "lsof -i:61613"Do you really want to send this command unfiltered? (y/n): yDiscovering hosts using the mc method for 2 second(s) .... 3Host: linux58pocStatuscode: 0Output:COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAMEruby 11428 root 6u IPv4 34283 0t0 TCP linux58poc:36300->linuxmaster1poc:61613 (CLOSE_WAIT)ruby 11428 root 8u IPv4 34338 0t0 TCP linux58poc:47205->linuxmaster2poc:61613 (CLOSE_WAIT)ruby 11428 root 10u IPv4 34444 0t0 TCP linux58poc:36316->linuxmaster1poc:61613 (ESTABLISHED)Host: linux57pocStatuscode: 0Output:COMMAND PID USER FD TYPE DEVICE SIZE NODE NAMEruby 18447 root 10u IPv4 1351723 TCP linux57poc:18945->linuxmaster1poc:61613 (ESTABLISHED)Host: linux64pocStatuscode: 0Output:COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAMEruby 37054 root 4u IPv4 28036 0t0 TCP linux64poc:37476->linuxmaster2poc:61613 (CLOSE_WAIT)ruby 37054 root 6u IPv4 27990 0t0 TCP linux64poc:40497->linuxmaster1poc:61613 (CLOSE_WAIT)ruby 37054 root 9u IPv4 28206 0t0 TCP linux64poc:40513->linuxmaster1poc:61613 (ESTABLISHED)