ThinkChat2.0新版上线,更智能更精彩,支持会话、画图、阅读、搜索等,送10W Token,即刻开启你的AI之旅 广告
#### MCollective架构篇4-MCollective各种插件的部署及测试 MCollective只是一个框架,如果需要在上面发挥各种作用,那就需要各种插件的支持。官方提供了很多这方面的插件,除此之外,还有第三方的插件,比如shell插件等,下面会介绍各种插件的安装,以及插件之间如何组合进行使用。 ### 1、在mcollective client端和server端安装各种官网plugins 首先去官网下载各个插件 [http://yum.puppetlabs.com](http://yum.puppetlabs.com) **1.1 下载collective-client端** ~~~ [root@linuxmaster1poc ~]# rpm -qa | grep mco mcollective-service-common-3.1.2-1.noarch mcollective-client-2.2.4-1.el6.noarch mcollective-service-client-3.1.2-1.noarch mcollective-common-2.2.4-1.el6.noarch mcollective-iptables-common-3.0.1-1.noarch mcollective-filemgr-client-1.0.1-1.noarch mcollective-nrpe-client-3.0.2-1.noarch mcollective-puppet-client-1.6.0-1.noarch mcollective-nrpe-common-3.0.2-1.noarch mcollective-filemgr-common-1.0.1-1.noarch mcollective-iptables-client-3.0.1-1.noarch mcollective-puppet-common-1.6.0-1.noarch mcollective-facter-facts-1.0.0-1.noarch mcollective-package-client-4.2.0-1.noarch mcollective-package-common-4.2.0-1.noarch ~~~ **1.2 下载mcollecitve-server端** ~~~ [root@linux57poc ~]# rpm -qa | grep mco mcollective-nrpe-common-3.0.2-1 mcollective-puppet-common-1.6.0-1 mcollective-iptables-common-3.0.1-1 mcollective-iptables-agent-3.0.1-1 mcollective-2.2.4-1.el5 mcollective-package-common-4.2.0-1 mcollective-service-common-3.1.2-1 mcollective-service-agent-3.1.2-1 mcollective-puppet-agent-1.6.0-1 mcollective-package-agent-4.2.0-1 mcollective-filemgr-common-1.0.1-1 mcollective-common-2.2.4-1.el5 mcollective-facter-facts-1.0.0-1 mcollective-filemgr-agent-1.0.1-1 mcollective-nrpe-agent-3.0.2-1 ~~~ **以上安装可写个package模块执行,以下只针对mcollective server端,安装完成之后记得重启服务,如果写了service模块可以自动刷新** **1.3 编写plugins.pp** ~~~ class mcollective::plugins{ include mcollective::plugins_puppet, mcollective::plugins_facter, mcollective::plugins_filemgr, mcollective::plugins_iptables, # mcollective::plugins_nettest, #这个安装需要依赖包 ruby-net-ping,没找到 mcollective::plugins_nrpe, mcollective::plugins_package, mcollective::plugins_service } #mco-client need install mcollective-puppet-client and mcollective-puppet-common class mcollective::plugins_puppet{ package { ['mcollective-puppet-agent','mcollective-puppet-common']: ensure => installed, require => Class["mcollective::install"] } } #mco-client need install mcollective-facter-facts class mcollective::plugins_facter{ package { 'mcollective-facter-facts': ensure => installed, require => Class["mcollective::install"] } } #mco-client need install mcollective-filemgr-client and mcollective-filemgr-common class mcollective::plugins_filemgr{ package { ['mcollective-filemgr-agent','mcollective-filemgr-common']: ensure => installed, require => Class["mcollective::install"] } } #mco-client need install mcollective-iptables-client and mcollective-iptables-common class mcollective::plugins_iptables{ package { ['mcollective-iptables-agent','mcollective-iptables-common']: ensure => installed, require => Class["mcollective::install"] } } #mco-client need install mcollective-nettest-client and mcollective-nettest-common class mcollective::plugins_nettest{ package { ['mcollective-nettest-agent','mcollective-nettest-common']: ensure => installed, require => Class["mcollective::install"] } } #mco-client need install mcollective-nrpe-client and mcollective-nrpe-common class mcollective::plugins_nrpe{ package { ['mcollective-nrpe-agent','mcollective-nrpe-common']: ensure => installed, require => Class["mcollective::install"] } } #mco-client need install mcollective-package-client and mcollective-package-common class mcollective::plugins_package{ package { ['mcollective-package-agent','mcollective-package-common']: ensure => installed, require => Class["mcollective::install"] } } #mco-client need install mcollective-service-client and mcollective-service-common class mcollective::plugins_service{ package { ['mcollective-service-agent','mcollective-service-common']: ensure => installed, require => Class["mcollective::install"] } } ~~~ **1.4 编写conf.pp** ~~~ class mcollective::service{ service { 'mcollective': ensure => running, hasstatus => true, hasrestart => true, enable => true, subscribe => Class['mcollective::config'], } } ~~~ **1.5 mcollective-client端安装好之后,可通过mco命令查看** ~~~ [root@linuxmaster1poc ~]# mco The Marionette Collective version 2.2.4 usage: /usr/bin/mco command <options> Known commands: completion facts filemgr find help inventory iptables nrpe package ping plugin puppet rpc service shell Type '/usr/bin/mco help' for a detailed list of commands and '/usr/bin/mco help command' to get detailed help for a command ~~~ **1.6 mcollective-server端安装好之后,可在mco-client端查看** ~~~ [root@linuxmaster1poc ~]# mco inventory linux57poc Inventory for linux57poc: Server Statistics: Version: 2.2.4 Start Time: Fri Dec 13 08:15:46 +0800 2013 Config File: /etc/mcollective/server.cfg Collectives: mcollective Main Collective: mcollective Process ID: 23268 Total Messages: 16 Messages Passed Filters: 16 Messages Filtered: 0 Expired Messages: 0 Replies Sent: 15 Total Processor Time: 0.71 seconds System Time: 0.15 seconds Agents: #都加载上了 discovery filemgr nrpe package puppet rpcutil service shell Data Plugins: agent fstat nrpe puppet resource service Configuration Management Classes: No classes applied Facts: architecture => x86_64 augeasversion => 0.10.0 bios_release_date => 06/22/2012 bios_vendor => Phoenix Technologies LTD bios_version => 6.00 blockdevice_fd0_size => 4096 blockdevice_hdc_size => 3834736640 。。。 ~~~ **注意:** 接下来测试各种命令的操作组合,这里只举一些例子,更多信息可参考--help或者参考官网 ### 2、安装shell插件 插件下载地址:[https://github.com/kisspuppet/mcollective-plugins,有github客户端的童鞋可直接clone](https://github.com/kisspuppet/mcollective-plugins,有github客户端的童鞋可直接clone)[https://github.com/kisspuppet/mcollective-plugins.git](https://github.com/kisspuppet/mcollective-plugins.git) **2.1、下载插件放在对应的目录里即可** ~~~ mcollective-client端 [root@linuxmaster1poc ~]# ll /usr/libexec/mcollective/mcollective/application/ | grep shell -rw-r--r-- 1 root root 1601 Aug 6 06:36 shell.rb [root@linuxmaster1poc ~]# ll /usr/libexec/mcollective/mcollective/agent/ | grep shell -rw-r--r-- 1 root root 1017 Aug 6 06:36 shell.ddl -rw-r--r-- 1 root root 862 Aug 6 06:36 shell.rb mcollective-server端 [root@linux57poc agent]# ll /usr/libexec/mcollective/mcollective/agent/ | grep shell -rw-r--r-- 1 root root 1017 Aug 6 06:36 shell.ddl -rw-r--r-- 1 root root 862 Aug 6 06:36 shell.rb ~~~ 备注:mcollective-server端部署完成之后,记得重启mcollective服务。 **2.2、 查看shell插件是否加载成功** 从下面可以看出mcollective-client端shell插件已经有了 ~~~ [root@linuxmaster1poc ~]# mco The Marionette Collective version 2.2.4 usage: /usr/bin/mco command Known commands: completion facts find help inventory ping plugin puppet rpc shell #shell插件加载OK Type '/usr/bin/mco help' for a detailed list of commands and '/usr/bin/mco help command' to get detailed help for a command ~~~ 从下面可以看出mcollective-server端shell插件也加载了 ~~~ [root@linuxmaster1poc ~]# mco inventory linux57poc Inventory for linux57poc: Server Statistics: Version: 2.2.4 Start Time: Fri Dec 13 01:14:14 +0800 2013 Config File: /etc/mcollective/server.cfg Collectives: mcollective Main Collective: mcollective Process ID: 23898 Total Messages: 10 Messages Passed Filters: 10 Messages Filtered: 0 Expired Messages: 0 Replies Sent: 9 Total Processor Time: 0.73 seconds System Time: 0.17 seconds Agents: discovery puppet rpcutil shell #shell插件加载OK Data Plugins: agent fstat puppet resource Configuration Management Classes: No classes applied Facts: architecture => x86_64 augeasversion => 0.10.0 bios_release_date => 06/22/2012 bios_vendor => Phoenix Technologies LTD bios_version => 6.00 blockdevice_fd0_size => 4096 blockdevice_hdc_size => 3834736640 blockdevice_sda_model => Virtual disk blockdevice_sda_size => 42949672960 。。。 ~~~ **2.3、通过shell插件执行shell命令** ~~~ mco shell帮助信息 [root@linuxmaster1poc ~]# mco shell --help MCollective Distributed Shell Usage: mco shell <CMD> The CMD is a string EXAMPLES: mco shell uptime --np, --no-progress Do not show the progress bar -1, --one Send request to only one discovered nodes --batch SIZE Do requests in batches --batch-sleep SECONDS Sleep time between batches --limit-seed NUMBER Seed value for deterministic random batching --limit-nodes, --ln, --limit COUNT Send request to only a subset of nodes, can be a percentage -j, --json Produce JSON output --display MODE Influence how results are displayed. One of ok, all or failed -c, --config FILE Load configuratuion from file rather than default -v, --verbose Be verbose -h, --help Display this screen Common Options -T, --target COLLECTIVE Target messages to a specific sub collective --dt, --discovery-timeout SECONDS Timeout for doing discovery -t, --timeout SECONDS Timeout for calling remote agents -q, --quiet Do not be verbose --ttl TTL Set the message validity period --reply-to TARGET Set a custom target for replies --dm, --disc-method METHOD Which discovery method to use --do, --disc-option OPTION Options to pass to the discovery method --nodes FILE List of nodes to address Host Filters -W, --with FILTER Combined classes and facts filter -S, --select FILTER Compound filter combining facts and classes -F, --wf, --with-fact fact=val Match hosts with a certain fact -C, --wc, --with-class CLASS Match hosts with a certain config management class -A, --wa, --with-agent AGENT Match hosts with a certain agent -I, --wi, --with-identity IDENT Match hosts with a certain configured identity The Marionette Collective 2.2.4 ~~~ 显示对端uptime命令负载情况 ~~~ [root@linuxmaster1poc ~]# mco shell "uptime" Do you really want to send this command unfiltered? (y/n): y Discovering hosts using the mc method for 2 second(s) .... 3 Host: linux58poc Statuscode: 0 Output: 02:45:02 up 21:10, 2 users, load average: 0.00, 0.00, 0.00 Host: linux64poc Statuscode: 0 Output: 02:45:02 up 20:59, 1 user, load average: 0.00, 0.00, 0.00 Host: linux57poc Statuscode: 0 Output: 02:45:02 up 21:04, 3 users, load average: 0.00, 0.00, 0.00 ~~~ 显示所有节点/etc/password文件中puppet用户哪一行 ~~~ [root@linuxmaster1poc ~]# mco shell "cat /etc/passwd | grep puppet" Do you really want to send this command unfiltered? (y/n): y Discovering hosts using the mc method for 2 second(s) .... 3 Host: linux58poc Statuscode: 0 Output: puppet:x:52:52:Puppet:/var/lib/puppet:/sbin/nologin Host: linux64poc Statuscode: 0 Output: puppet:x:52:52:Puppet:/var/lib/puppet:/sbin/nologin Host: linux57poc Statuscode: 0 Output: puppet:x:52:52:Puppet:/var/lib/puppet:/sbin/nologin ~~~ 修改其中一台主机的root密码 ~~~ [root@linuxmaster1poc ~]# mco shell "echo redhat | passwd root --stdin" -I linux57poc Host: linux57poc Statuscode: 0 Output: Changing password for user root. passwd: all authentication tokens updated successfully. ~~~ **备注:**更多操作步骤可参考mco shell --help帮助。 **警告:**基于mcollective的shell插件虽然功能很强大,除了动态显示的命令之外,其它root能操作的,它基本上都能操作。所以操作也非常危险,可根据生产环境实际情况而定。 **注意:** 接下来测试各种命令的操作组合,这里只举一些例子,更多信息可参考--help或者参考官网 ### 3、组合mcollective各种plugins完成各种任务组合 **3.1、停止操作系统为RHEL5.x服务器的crond任务** 先查看5.x系统crond的状态,使用插件 service、facts ~~~ [root@linuxmaster1poc ~]# mco service crond status -F operatingsystemmajrelease=5 * [ ============================================================> ] 2 / 2 linux57poc: running linux58poc: running Summary of Service Status: running = 2 Finished processing 2 / 2 hosts in 184.79 ms ~~~ 然后通过service插件停止服务,使用插件 service、facts ~~~ [root@linuxmaster1poc ~]# mco service crond stop -F operatingsystemmajrelease=5 * [ ============================================================> ] 2 / 2 Summary of Service Status: stopped = 2 Finished processing 2 / 2 hosts in 914.76 ms ~~~ 再次查看过滤的主机crond服务是否被停掉,使用插件 service、facts ~~~ [root@linuxmaster1poc ~]# mco service crond status -F operatingsystemmajrelease=5 * [ ============================================================> ] 2 / 2 linux57poc: stopped linux58poc: stopped Summary of Service Status: stopped = 2 Finished processing 2 / 2 hosts in 125.87 ms ~~~ 也可以通过shell插件实现,使用到插件为shell、service、facts ~~~ [root@linuxmaster1poc ~]# mco shell "service crond status" -F operatingsystemmajrelease=5 Discovering hosts using the mc method for 2 second(s) .... 2 Host: linux57poc Statuscode: 3 Output: crond is stopped Host: linux58poc Statuscode: 3 Output: crond is stopped ~~~ **3.2、使用mco对自定义fact_apply4=app的主机做一次变更,要求环境为testing,模式为noop** 首先查看下那些主机具备有这个自定义fact,使用的插件为find、inventory ~~~ [root@linuxmaster1poc ~]# for i in `mco find` ; do echo $i; mco inventory $i | grep fact_apply4; done linux58poc fact_apply4 => app linux57poc linux64poc fact_apply4 => app ~~~ 其次按要求做变更即可,使用到的插件为puppet,facts ~~~ [root@linuxmaster1poc ~]# mco puppet -v runonce --environment=testing --noop -F fact_apply4=app Discovering hosts using the mc method for 2 second(s) .... 2 * [ ============================================================> ] 2 / 2 linux64poc : OK {:summary=> "Started a background Puppet run using the 'puppet agent --onetime --daemonize --color=false --splay --splaylimit 30 --noop --environment testing' command"} linux58poc : OK {:summary=> "Started a background Puppet run using the 'puppet agent --onetime --daemonize --color=false --splay --splaylimit 30 --noop --environment testing' command"} ---- rpc stats ---- Nodes: 2 / 2 Pass / Fail: 2 / 0 Start Time: Fri Dec 13 09:10:50 +0800 2013 Discovery Time: 2003.32ms Agent Time: 884.34ms Total Time: 2887.67ms ~~~ 变更完成后,迅速查看节点运行情况,使用到的插件为puppet ~~~ [root@linuxmaster1poc ~]# mco puppet status * [ ============================================================> ] 3 / 3 linux64poc: Currently idling; last completed run 54 seconds ago linux58poc: Currently applying a catalog; last completed run 1 minutes 12 seconds ago linux57poc: Currently stopped; last completed run 22 minutes 57 seconds ago Summary of Applying: false = 2 true = 1 Summary of Daemon Running: running = 2 stopped = 1 Summary of Enabled: enabled = 3 Summary of Idling: false = 2 true = 1 Summary of Status: idling = 1 stopped = 1 applying a catalog = 1 Finished processing 3 / 3 hosts in 263.72 ms ~~~ **3.3、远程改所有系统为RHEL6.4主机root的密码,使用到的插件为shell,facts** ~~~ [root@linuxmaster1poc ~]# mco shell "echo redhat | passwd root --stdin" -F operatingsystemrelease=6.4 Discovering hosts using the mc method for 2 second(s) .... 1 Host: linux64poc Statuscode: 0 Output: Changing password for user root. passwd: all authentication tokens updated successfully. ~~~ **3.4、查看所有节点puppet和facter安装包的版本信息,使用到的插件为package** ~~~ [root@linuxmaster1poc ~]# mco package status puppet * [ ============================================================> ] 3 / 3 linux64poc: puppet-2.7.23-1.el6.noarch linux57poc: puppet-2.7.23-1.el5.noarch linux58poc: puppet-2.7.23-1.el5.noarch Summary of Arch: noarch = 3 Summary of Ensure: 2.7.23-1.el5 = 2 2.7.23-1.el6 = 1 Finished processing 3 / 3 hosts in 635.21 ms [root@linuxmaster1poc ~]# mco package status facter * [ ============================================================> ] 3 / 3 linux58poc: facter-1.7.3-1.el5.x86_64 linux64poc: facter-1.7.3-1.el6.x86_64 linux57poc: facter-1.7.3-1.el5.x86_64 Summary of Arch: x86_64 = 3 Summary of Ensure: 1.7.3-1.el5 = 2 1.7.3-1.el6 = 1 Finished processing 3 / 3 hosts in 124.99 ms ~~~ 更多的功能可通过以下方式查看: ~~~ [root@linuxmaster1poc ~]# mco puppet -h Schedule runs, enable, disable and interrogate the Puppet Agent Usage: mco puppet [OPTIONS] [FILTERS] <ACTION> [CONCURRENCY|MESSAGE] Usage: mco puppet <count|enable|status|summary> Usage: mco puppet disable [message] Usage: mco puppet runonce [PUPPET OPTIONS] Usage: mco puppet resource type name property1=value property2=value Usage: mco puppet runall [--rerun SECONDS] [PUPPET OPTIONS] The ACTION can be one of the following: count - return a total count of running, enabled, and disabled nodes enable - enable the Puppet Agent if it was previously disabled disable - disable the Puppet Agent preventing catalog from being applied resource - manage individual resources using the Puppet Type (RAL) system runall - invoke a puppet run on matching nodes, making sure to only run CONCURRENCY nodes at a time runonce - invoke a Puppet run on matching nodes status - shows a short summary about each Puppet Agent status summary - shows resource and run time summaries --force Bypass splay options when running --server SERVER Connect to a specific server or port --tags, --tag TAG Restrict the run to specific tags --noop Do a noop run --no-noop Do a run with noop disabled --environment ENVIRONMENT Place the node in a specific environment for this run --splay Splay the run by up to splaylimit seconds --no-splay Do a run with splay disabled --splaylimit SECONDS Maximum splay time for this run if splay is set --ignoreschedules Disable schedule processing --rerun SECONDS When performing runall do so repeatedly with a minimum run time of SECONDS --np, --no-progress Do not show the progress bar -1, --one Send request to only one discovered nodes --batch SIZE Do requests in batches --batch-sleep SECONDS Sleep time between batches --limit-seed NUMBER Seed value for deterministic random batching --limit-nodes, --ln, --limit COUNT Send request to only a subset of nodes, can be a percentage -j, --json Produce JSON output --display MODE Influence how results are displayed. One of ok, all or failed -c, --config FILE Load configuratuion from file rather than default -v, --verbose Be verbose -h, --help Display this screen Common Options -T, --target COLLECTIVE Target messages to a specific sub collective --dt, --discovery-timeout SECONDS Timeout for doing discovery -t, --timeout SECONDS Timeout for calling remote agents -q, --quiet Do not be verbose --ttl TTL Set the message validity period --reply-to TARGET Set a custom target for replies --dm, --disc-method METHOD Which discovery method to use --do, --disc-option OPTION Options to pass to the discovery method --nodes FILE List of nodes to address Host Filters -W, --with FILTER Combined classes and facts filter -S, --select FILTER Compound filter combining facts and classes -F, --wf, --with-fact fact=val Match hosts with a certain fact -C, --wc, --with-class CLASS Match hosts with a certain config management class -A, --wa, --with-agent AGENT Match hosts with a certain agent -I, --wi, --with-identity IDENT Match hosts with a certain configured identity The Marionette Collective 2.2.4 ~~~