通过案例了解puppet创建虚拟资源解决资源冲突问题

简介:

1. 定义两个用户,puppet和root,并将其虚拟化

注意定义虚拟资源必须在全局作用域或者节点作用域中定义,简单的理解,以下目录中site.pp就是全局作用域,包含(site.pp中import了nodes目录),其他模块中的都属于局部作用域。

1.1 在全局作用域中创建对应的pp文件

1
2
3
4
5
6
7
8
[root@linuxmaster1poc testing]# tree manifests/
manifests/
├── nodes
│   ├── puppetclient.pp
│   ├── virtual_group.pp
│   └── virtual_user.pp
└── site.pp
1  directory,  4  files

1.2 创建虚拟用户puppet、root、xiaonuo

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
[root@linuxmaster1poc testing]# vim manifests/nodes/virtual_user.pp
class  alluser{
   include  alluser::puppet,alluser::root
}
class  alluser::puppet{
   @user {  'puppet' :
     ensure => present,
     uid    =>  '52' ,
     gid    =>  '52' ,
     home   =>  '/var/lib/puppet' ,
     shell  =>  '/sbin/nologin' ,
   }
}
class  alluser::root{
   @user {  'root' :
     ensure => present,
     uid    =>  '0' ,
     gid    =>  '0' ,
     home   =>  '/root' ,
     shell  =>  '/bin/bash' ,
   }
}
class  alluser::xiaonuo{
   @user {  'xiaonuo' :
     ensure => present,
     uid    =>  '600' ,
     gid    =>  '600' ,
     home   =>  '/home/xiaonuo' ,
     shell  =>  '/sbin/nologin' ,
   }
}

1.3 创建虚拟组puppet、root和xiaonuo

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
[root@linuxmaster1poc testing]# vim manifests/nodes/virtual_group.pp
class  allgroup{
   include  allgroup::puppet,allgroup::root
}
class  allgroup::puppet{
   @group {  'puppet' :
     ensure    => present,
     name      =>  'puppet' ,
     gid       =>  '52' ,
     allowdupe =>  false ,
     members   =>  'puppet' ,
   }
}
class  allgroup::root{
   @group {  'root' :
     ensure    => present,
     name      =>  'root' ,
     gid       =>  '0' ,
     allowdupe =>  false ,
     members   =>  'root' ,
   }
}
class  allgroup::xiaonuo{
   @group {  'xiaonuo' :
     ensure    => present,
     name      =>  'xiaonuo' ,
     gid       =>  '600' ,
     allowdupe =>  false ,
     members   =>  'xiaonuo' ,
   }
}

2. 编写puppet模块,将虚拟资源用户puppet和组puppet实化

2.1 编写pupppet模块

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
[root@linuxmaster1poc testing]# tree environment/modules/puppet
environment/modules/puppet
├── files
├── manifests
│   ├── config.pp
│   ├── init.pp
│   ├── install.pp
│   ├── params.pp
│   └── service.pp
├── README
└── templates
     ├── auth.conf.erb
     ├── namespaceauth.conf.erb
     └── puppet.conf.erb
3  directories,  9  files

2.2 编写puppet_linux57poc模块

1
2
3
4
5
6
7
8
9
[root@linuxmaster1poc testing]# tree agents/modules/puppet_linux57poc/
agents/modules/puppet_linux57poc/
├── files
├── manifests
│   └── init.pp
└── templates
     ├── facts.txt.erb
     └── motd.erb
3  directories,  3  files

2.3 实例化虚拟资源

2.3.1 在puppet模块中实例化

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
[root@linuxmaster1poc testing]# vim environment/modules/puppet/manifests/config.pp
class  puppet::config{
   include  puppet::params
   include  puppet::puppet_config,puppet::namespaceauth_config,puppet::auth_config,puppet::user,puppet::group
   include  alluser,allgroup #必须将节点作用域中的类包含进来
}
class  puppet::puppet_config{
   file {  '/etc/puppet/puppet.conf' :
     ensure  => present,
     content => template( 'puppet/puppet.conf.erb' ),
     owner   =>  'puppet' ,
     group   =>  'puppet' ,
     mode    =>  '0644' ,
     backup  => main,
     require => Class[ 'puppet::install' , 'puppet::user' , 'puppet::group' ],
     notify  => Class[ 'puppet::service' ],
   }
}
class  puppet::auth_config{
   file {  '/etc/puppet/auth.conf' :
     ensure  => present,
     content => template( 'puppet/auth.conf.erb' ),
     owner   =>  'puppet' ,
     group   =>  'puppet' ,
     mode    =>  '0644' ,
     backup  => main,
     require => Class[ 'puppet::install' , 'puppet::user' , 'puppet::group' ],
     notify  => Class[ 'puppet::service' ],
   }
}
class  puppet::namespaceauth_config{
   file {  '/etc/puppet/namespaceauth.conf' :
     ensure  => present,
     content => template( 'puppet/namespaceauth.conf.erb' ),
     owner   =>  'puppet' ,
     group   =>  'puppet' ,
     mode    =>  '0644' ,
     backup  => main,
     require => Class[ 'puppet::install' , 'puppet::user' , 'puppet::group' ],
     notify  => Class[ 'puppet::service' ],
   }
}
class  puppet::user{ #使用飞船语法实化用户puppet资源
#  realize User[ 'puppet' ]
   User <| title ==  'puppet'  |>
}
class  puppet::group{ #使用realize函数实化组puppet资源
   realize Group[ 'puppet' ]
#  Group <| title ==  'puppet'  |>
}

2.3.2 在puppet_linux57poc模块中实例化

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
[root@linuxmaster1poc testing]# cat agents/modules/puppet_linux57poc/manifests/init.pp
class  puppet_linux57poc{
   include  puppet_linux57poc::motd_install,puppet_linux57poc::motd_config,puppet_linux57poc::facts,puppet_linux57poc::user,puppet_linux57poc::group
   include  alluser,allgroup #必须将节点作用域中的类包含进来
}
class  puppet_linux57poc::motd_install{
   package { setup:
     ensure => present,
   }
}
class  puppet_linux57poc::motd_config{
   file{  "/etc/motd" :
     owner   =>  "xiaonuo" ,
     group   =>  "root" ,
     mode    =>  0440 ,
     content => template( "puppet_linux57poc/motd.erb" ),
     backup  =>  'main' ,
     require => Class[ 'puppet_linux57poc::motd_install' , 'puppet_linux57poc::user' , 'puppet_linux57poc::group' ]
   }
}
class  puppet_linux57poc::facts{
   file{  "/etc/mcollective/facts.txt" :
     owner   =>  "root" ,
     group   =>  "root" ,
     mode    =>  0400 ,
     content => template( "puppet_linux57poc/facts.txt.erb" ),
     backup  =>  'main' ,
     require => Class[ 'puppet_linux57poc::motd_install' , 'puppet_linux57poc::user' , 'puppet_linux57poc::group' ]
   }
}
class  puppet_linux57poc::user{  #使用realize函数实化用户xiaonuo和root资源
   realize( User[ 'xiaonuo' ],
            User[ 'root' ] )
}
class  puppet_linux57poc::group{ #使用realize函数实化组xiaonuo和root资源
   realize( Group[ 'xiaonuo' ],
            Group[ 'root' ] )
}

3. 测试

3.1 测试puppet模块(略)

3.2 测试puppet_linux57poc模块

3.2.1 查看当前系统是否有xiaonuo用户和组

1
2
3
4
5
6
[root@linux57poc puppet]# id xiaonuo
id: xiaonuo: No such user
[root@linux57poc puppet]# cat /etc/group | grep xiaonuo
[root@linux57poc puppet]#
[root@linux57poc puppet]# ll /etc/motd
-rwxrwxrwx  1  puppet puppet  313  Jan   2  06 : 17  /etc/motd

3.2.2 同步puppetmaster

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
[root@linux57poc puppet]# puppet agent -t --environment=testing
info: Retrieving plugin
info: Loading facts  in  / var /lib/puppet/lib/facter/fact_apply.rb
info: Caching catalog  for  puppet_linux57poc.dev.shanghaigm.com
info: Applying configuration version  '1389555288'
notice: /Stage[main]/Allservice::Lm_sensors_service/Service[lm_sensors]/ensure: ensure changed  'running'  to  'stopped'
notice: /Group[xiaonuo]/ensure: created
notice: /Stage[main]/Alluser::Xiaonuo/User[xiaonuo]/ensure: created
...
info: FileBucket adding {md5}b2090646c444c5ddf1533749743ebd71
info: /Stage[main]/Mcollective::Facter/File[/etc/mcollective/facts.yaml]: Filebucketed /etc/mcollective/facts.yaml to main  with  sum b2090646c444c5ddf1533749743ebd71
notice: /Stage[main]/Sysctl::Exec/Exec[sysctl -p >/dev/ null  &]/returns: executed successfully
notice: /Stage[main]/Puppet_linux57poc::Motd_config/File[/etc/motd]/owner: owner changed  'puppet'  to  'xiaonuo'
notice: /Stage[main]/Puppet_linux57poc::Motd_config/File[/etc/motd]/group: group changed  'puppet'  to  'root'
notice: /Stage[main]/Puppet_linux57poc::Motd_config/File[/etc/motd]/mode: mode changed  '0777'  to  '0440'
notice: /Stage[main]/Allservice::Bluetooth_service/Service[bluetooth]/ensure: ensure changed  'running'  to  'stopped'
notice: Finished catalog run  in  4.54  seconds

3.2.3 验证结果是否正确

1
2
3
4
5
6
7
[root@linux57poc puppet]# id xiaonuo
uid= 600 (xiaonuo) gid= 600 (xiaonuo) groups= 600 (xiaonuo)
[root@linux57poc puppet]# cat /etc/group | grep xiaonuo
xiaonuo:x: 600 :
[root@linux57poc puppet]# ll /etc/motd
-r--r-----  1  xiaonuo root  313  Jan   2  06 : 17  /etc/motd
[root@linux57poc puppet]#


本文转自凌激冰51CTO博客,原文链接:http://blog.51cto.com/dreamfire/1351173,如需转载请自行联系原作者
相关文章
|
1月前
|
运维 Linux Apache
【一键变身超人!】Puppet 自动化运维神器 —— 让你的服务器听话如婴儿,轻松管理资源不是梦!
【8月更文挑战第9天】随着云计算与容器化技术的发展,自动化运维已成为现代IT基础设施的核心部分。Puppet是一款强大的自动化工具,用于配置管理,确保系统保持预期状态。通过易于理解的配置文件定义资源及其依赖关系,Puppet实现了“基础设施即代码”的理念。本文简要介绍了Puppet的安装配置方法及示例,包括Puppet Agent与Master的安装、基本配置步骤和一个简单的Apache HTTP Server管理示例,展示了Puppet在实际应用中的强大功能与灵活性。
30 9
|
关系型数据库 MySQL Shell
puppet连载24:虚拟资源
class account::virtual { @user {"mysql": ensure => present, uid => 27, gid => 27, home => "/var/lib/mysql", shell => "/bin/bas...
769 0
puppet连载17:file资源详解
file {'/tmp/filetest': content => "aaa", ensure => file, } ensure => present file {'/tmp/filetest': content => "aaa", } file {...
867 0
|
网络安全 开发工具
|
应用服务中间件 Linux nginx

推荐镜像

更多