Puppet 资源公有属性的其他描述方式
puppet的资源公有属性中还可以通过"->"和"~>"两种特殊符号来描述资源与资源之间的关系.
->:用于表示资源与资源之间的先后关系,等同于before和require两个资源公有属性.
~>:用于表示资源之间的通知,等同于notify和subscribe练个资源公有属性.
示例: "->"用法
安装httpd并运行httpd服务的puppet代码如下:
1
2
3
4
5
6
7
8
9
10
|
[root@sh-web1 ~]
# cat httpd2.pp
package {
"httpd"
:
ensure => present,
provider =>
'yum'
,
}
service {
"httpd"
:
ensure => running,
enable
=>
true
,
}
Package[
"httpd"
] -> Service[
"httpd"
]
|
运行结果:
1
2
3
4
5
6
7
|
[root@sh-web1 ~]
# puppet apply httpd2.pp
Notice: Compiled catalog
for
sh-web1.localdomain
in
environment production
in
0.06 seconds
Notice:
/Stage
[main]
/Main/Package
[httpd]
/ensure
: created
Notice:
/Stage
[main]
/Main/Service
[httpd]
/ensure
: ensure changed
'stopped'
to
'running'
Notice: Finished catalog run
in
3.02 seconds
[root@sh-web1 ~]
# /etc/init.d/httpd status
httpd (pid 81254) is running...
|
示例: "~>"用法
1
2
3
4
5
6
7
8
9
10
11
12
13
|
[root@sh-web1 ~]
# cat httpd.pp
package {
"httpd"
:
ensure => present,
provider =>
'yum'
,
}
service {
"httpd"
:
ensure => running,
enable
=>
true
,
}
file
{
'/etc/httpd/conf/httpd.conf'
:
ensure =>
file
,
}
Package[
"httpd"
] -> File [
'/etc/httpd/conf/httpd.conf'
] ~> Service[
"httpd"
]
|
运行结果:
1
2
3
4
5
6
7
|
[root@sh-web1 ~]
# puppet apply httpd.pp
Notice: Compiled catalog
for
sh-web1.localdomain
in
environment production
in
0.07 seconds
Notice:
/Stage
[main]
/Main/Package
[httpd]
/ensure
: created
Notice:
/Stage
[main]
/Main/Service
[httpd]
/ensure
: ensure changed
'stopped'
to
'running'
Notice: Finished catalog run
in
3.25 seconds
[root@sh-web1 ~]
# /etc/init.d/httpd status
httpd (pid 81493) is running...
|
生产上并不会像上面那样去写,一个资源可能很大,篇幅很长.
如下两种写法:
第一种:
1
2
3
4
5
6
7
8
9
10
|
[root@sh-web1 ~]
# cat httpd2.pp
package {
"httpd"
:
ensure => present,
provider =>
'yum'
,
}
->
service {
"httpd"
:
ensure => running,
enable
=>
true
,
}
|
第二种:
1
2
3
4
5
6
7
8
9
|
[root@sh-web1 ~]
# cat httpd2.pp
package {
"httpd"
:
ensure => present,
provider =>
'yum'
,
} ->
service {
"httpd"
:
ensure => running,
enable
=>
true
,
}
|
1
2
3
4
5
|
[root@sh-web1 ~]
# puppet apply httpd2.pp
Notice: Compiled catalog
for
sh-web1.localdomain
in
environment production
in
0.04 seconds
Notice:
/Stage
[main]
/Main/Package
[httpd]
/ensure
: created
Notice:
/Stage
[main]
/Main/Service
[httpd]
/ensure
: ensure changed
'stopped'
to
'running'
Notice: Finished catalog run
in
2.28 seconds
|
注意:大部分都是第二种写法,"->"或"~>"跟在花括号的后面,但是个人习惯用第一种反正更新puppet不报错也能得到想要结果就ok.
audit审计
audit资源公有属性主要用于资源属性的审计,当某资源状态变化时,它可以将变化的内容抓夹到系统日志中.
puppet代码如下:
1
2
3
4
|
[root@sh-web1 ~]
# cat file.pp
file
{
"/etc/password"
:
audit => [ owner,mode ],
}
|
运行过程,会看到改变通知.
1
2
3
4
5
|
[root@sh-web1 ~]
# puppet apply file.pp
Notice: Compiled catalog
for
sh-web1.localdomain
in
environment production
in
0.07 seconds
Notice:
/Stage
[main]
/Main/File
[
/etc/password
]
/owner
: audit change: newly-recorded value absent
Notice:
/Stage
[main]
/Main/File
[
/etc/password
]
/mode
: audit change: newly-recorded value absent
Notice: Finished catalog run
in
0.05 seconds
|
本文转自青衫解衣 51CTO博客,原文链接:http://blog.51cto.com/215687833/1978109