puppet成长日记一 file资源详细介绍及案例分析
一、系统环境
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
|
1
、puppet服务端
Release:RHEL6.
4
HOSTNAME: puppetserver.rsyslog.org
TCP/IP:
172.16
.
200.100
/
24
Packages:
puppet-server-
2.7
.
21
-
1
.el6.noarch
mcollective-client-
2.2
.
4
activemq-
5.5
.
0
2
、puppet节点
Release: RHEL5.
8
HOSTNAME: agent1.rsyslog.org
TCP/IP:
172.16
.
200.101
/
24
Packages:
puppet-
2.7
.
21
-
1
.el5
mcollective-
2.2
.
4
-
1
.el5
3
、puppet节点
Release: RHEL6.
4
HOSTNAME: agent3.rsyslog.org
TCP/IP:
172.16
.
200.103
/
24
Packages:
puppet-
2.7
.
21
-
1
.el6
mcollective-
2.2
.
4
-
1
.el6
|
二、资源介绍
1、实现功能
1.1、支持文件和目录
1.2、设置文件及目录的所有者及权限
1.3、恢复文件(包括文件的内容、权限及所有者)
1.4、清理目录以及子目录
2、支持参数
2.1 ensure => {present|absent|directory|file|link}, 指定文件的目标状态
=> present, 检查文件是否存在,不存在则新建之
=> absent, 检查文件是否存在,存在则删除之
=> directory, 指定这是一个目录,不存在则创建
2.2 owner|user => root, 所属用户,也可以用UID
2.3 group => puppet, 所属用户组,也可以用GID
2.4 mode => 0644, 权限属性,四位八进制数
2.5 source => "puppet:///modules/ssh/etc/ssh/sshd_config" | soure => "/etc/passwd" 文件获取地址,以puppet:///开头为从master下载,正常路径则在agent本地读取
备注:"puppet://"等价于主配置文件puppet.config中的modulepath值
2.6 path => "/etc/postfix/main.cf", 文件完整路径。默认与title相同可不写
eg.
file { "main.cf":
path => "/etc/postfix/main.cf",
2.7 content => "hello",|content => template("postfix/main.cf.erb"), 文件的具体内容,亦可由erb模板生成,选择这个可不写资源source
2.8 backup => 'main',| backup => ".$backup_date.bak", 节点更新之前上一个版本备份方式;backup => 'main',需要结合资源filebucket实现
2.9 recurse => '{true|false|inf|remote}', 对目录是(true)否(false)递归(ensure => directory时有效)
2.10 puppet依赖关系资源有三个,分别为require,before,after
require => Class["mysql::install"], | require => Package["setup"], 当前资源或者类被要求的资源或者类所依赖,需要被要求的资源或者类先执行成功后在执行自己的资源或者类
before 在某个资源之前执行
package { "openssh-server":
...
before => File["/etc/ssh/sshd_config"],
}
after 在某个资源之后执行
file {"/etc/ssh/sshd_config":
...
after => Package["openssh-server"],
}
2.11 puppet触发更新有两个,分别为notify,subscribe,写的位置不同。
notify {"operatingsystem is $operatingsystem": 将输出内容记录到日志里面,可在调试的时候查看。
withpath => true|false, #是否打印全路径
}
notify => Class["mysql::service"], 当前类或者资源的文件被改动后通知服务重启。
subscribe => Class["ssh::config"], 该资源有更新时,通知另一个资源执行相应的动作。目前支持subscribe只有exec、service、mount
2.12 link软连接设置 /etc/file2 -> /etc/passwd
file{ "/etc/file2":
...
ensure => link,
target => "/etc/passwd",
}
2.13 purge => true 清理目录下面没有被资源被管理的文件都会被清除
force => true 和purge => true配合使用才能删除目录,mode => 0700保证具有删除权限
ignore => file|directory, 忽略某一个目录或者文件做任何操作
三、资源示例
1、示例一
1.1 实现功能
*要求从服务器指定路径下载motd文件
*要求文件权限为700,属组和属主都为puppet
*要求setup包在motd文件下载之前被安装
1.2 配置说明
1
2
3
4
5
6
7
8
9
10
11
|
class
motd::motd {
package
{ setup:
ensure => present,
}
file{
"/etc/motd"
:
owner =>
"puppet"
,
group =>
"puppet"
,
mode =>
0700
,
source =>
"puppet://$puppetserver/modules/motd/etc/motd"
,
require => Package[
"setup"
],
}
|
1.3 客户端agent1上测试
1
2
3
4
5
6
7
|
[root@agent1 ~]# puppet agent --test
info: Caching catalog
for
agent1.rsyslog.org
info: Applying configuration version
'1378193573'
notice: /File[/etc/motd]/ensure: defined content
as
'{md5}0acb622c16dbdecb670d8920d96bdd30'
notice: Finished catalog run
in
0.41
seconds
[root@agent1 ~]# ll /etc/motd
-rwx------
1
puppet puppet
82
Sep
3
15
:
33
/etc/motd
|
2、示例二
2.1 实现功能
*在节点上创建/etc/passwd的软连接为/etc/file2
2.2 配置说明
1
2
3
4
5
6
7
8
|
class
motd::file2 {
file{
"/etc/file2"
:
owner =>
"puppet"
,
group =>
"puppet"
,
ensure => link,
target =>
"/etc/passwd"
,
}
}
|
2.3 客户端agent1上测试
1
2
3
4
5
6
7
|
[root@agent1 ~]# puppet agent --test
info: Caching catalog
for
agent1.rsyslog.org
info: Applying configuration version
'1378194373'
notice: /File[/etc/file2]/ensure: created
notice: Finished catalog run
in
0.07
seconds
[root@agent1 ~]# ll /etc/file2
lrwxrwxrwx
1
puppet puppet
11
Sep
3
15
:
46
/etc/file2 -> /etc/passwd
|
3、示例三
3.1 实现功能
*在节点上创建/etc/dir1目录
*要求目录下面除了dir2外的所有目录及文件的权限为0700,所有者为puppet
*要求每次更新将"This is dir1!"写入日志里面
3.2 配置说明
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
class
motd::dir1 {
file{
"/etc/dir1"
:
owner =>
"puppet"
,
group =>
"puppet"
,
mode =>
0700
,
ensure => directory,
recurse =>
true
,
purge =>
true
,
force =>
true
,
ignore =>
"dir2"
,
}
notify {
"This is dir1!"
:
# withpath =>
true
,
}
}
|
3.3 客户端agent1上测试
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
[root@agent1 ~]# puppet agent --test
info: Caching catalog
for
agent1.rsyslog.org
info: Applying configuration version
'1378195554'
notice: This
is
dir1!
notice: /Stage[main]/Motd::Dir1/Notify[This
is
dir1!]/message: defined
'message'
as
'This is dir1!'
notice: /File[/etc/dir1/dir3]/owner: owner changed
'root'
to
'puppet'
notice: /File[/etc/dir1/dir3]/group: group changed
'root'
to
'puppet'
notice: /File[/etc/dir1/dir3]/mode: mode changed
'0755'
to
'0700'
notice: /File[/etc/dir1/dir3]/seluser: seluser changed
'root'
to
'system_u'
notice: /File[/etc/dir1/dir3/file3]/owner: owner changed
'root'
to
'puppet'
notice: /File[/etc/dir1/dir3/file3]/group: group changed
'root'
to
'puppet'
notice: /File[/etc/dir1/dir3/file3]/mode: mode changed
'0644'
to
'0700'
notice: /File[/etc/dir1/dir3/file3]/seluser: seluser changed
'root'
to
'system_u'
notice: Finished catalog run
in
0.11
seconds
[root@agent1 ~]#
[root@agent1 ~]#
[root@agent1 ~]# ll /etc/dir1/
total
16
drwxrwxrwx
2
puppet puppet
4096
Sep
3
16
:
00
dir2
drwx------
2
puppet puppet
4096
Sep
3
16
:
06
dir3
|
4、示例四
4.1 实现功能
*在节点上创建/etc/dir2目录,权限为0700,所有者为puppet
*要求目录下面只允许有dir1目录,并且dir1目录及下一级目录或文件权限属性保持原有不变
4.2 配置说明
1
2
3
4
5
6
7
8
9
10
11
12
|
class
motd::dir2 {
file{
"/etc/dir2"
:
owner =>
"puppet"
,
group =>
"puppet"
,
mode =>
0700
,
ensure => directory,
recurse =>
true
,
purge =>
true
,
force =>
true
,
ignore =>
"dir1"
,
}
}
|
4.3 客户端agent1上测试
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
[root@agent1 ~]# puppet agent --test
info: Retrieving plugin
info: Loading facts
in
/
var
/lib/puppet/lib/facter/my_apply2.rb
info: Loading facts
in
/
var
/lib/puppet/lib/facter/my_apply1.rb
info: Loading facts
in
/
var
/lib/puppet/lib/facter/my_apply3.rb
info: Loading facts
in
/
var
/lib/puppet/lib/facter/backup_date.rb
info: Caching catalog
for
agent1.rsyslog.org
info: Applying configuration version
'1378195951'
notice: /File[/etc/dir2]/ensure: created
notice: Finished catalog run
in
0.05
seconds
[root@agent1 ~]# mkdir /etc/dir2/dir1
[root@agent1 ~]# mkdir /etc/dir2/dir2
[root@agent1 ~]# touch /etc/dir2/dir1/file1
[root@agent1 ~]# touch /etc/dir2/dir2/file2
[root@agent1 ~]# puppet agent --test
info: Retrieving plugin
info: Loading facts
in
/
var
/lib/puppet/lib/facter/my_apply2.rb
info: Loading facts
in
/
var
/lib/puppet/lib/facter/my_apply1.rb
info: Loading facts
in
/
var
/lib/puppet/lib/facter/my_apply3.rb
info: Loading facts
in
/
var
/lib/puppet/lib/facter/backup_date.rb
info: Caching catalog
for
agent1.rsyslog.org
info: Applying configuration version
'1378195951'
info: /File[/etc/dir2/dir2]: Recursively backing up to filebucket
info: FileBucket adding {md5}d41d8cd98f00b204e9800998ecf8427e
info: /File[/etc/dir2/dir2]: Filebucketed /etc/dir2/dir2/file2 to puppet
with
sum d41d8cd98f00b204e9800998ecf8427e
notice: /File[/etc/dir2/dir2]/ensure: removed
notice: Finished catalog run
in
0.09
seconds
[root@agent1 ~]# ll /etc/dir2/
total
8
drwxr-xr-x
2
root root
4096
Sep
3
16
:
13
dir1
[root@agent1 ~]#
|
本文转自凌激冰51CTO博客,原文链接:http://blog.51cto.com/dreamfire/1287912,如需转载请自行联系原作者