puppet 安装及核心资源注解

本文涉及的产品
全局流量管理 GTM,标准版 1个月
云解析 DNS,旗舰版 1个月
云解析DNS,个人版 1个月
简介:

-----本文大纲

简介

工作原理

puppet安装及命令解析

puppet资源类型

---------------------


一、简介

puppet是一种Linux、Unix、windows平台的集中配置管理系统,使用自有的puppet描述语言,可管理配置文件、用户、cron任务、软件包、系统服务等。puppet把这些系统实体称之为资源,puppet的设计目标是简化对这些资源的管理以及妥善处理资源间的依赖关系。
puppet采用C/S星状的结构,所有的客户端和一个或几个服务器交互。每个客户端周期的(默认半个小时)向服务器发送请求,获得其最新的配置信息,保证和该配置信息同步。每个puppet客户端每半小时(可以设置)连接一次服务器端, 下载最新的配置文件,并且严格按照配置文件来配置服务器. 配置完成以后,puppet客户端可以反馈给服务器端一个消息. 如果出错,也会给服务器端反馈一个消息.

二、工作原理

在使用任何软件前我们都需要了解其工作原理,否则会给后续使用带来诸多不便。Puppet采用了非常简单的C/S架构,所有数据的交互都通过SSL进行,以保证安全

wKioL1N4JjHQBZ8_AAHsiMGBTsg364.jpg


  • 客户端Puppetd向Master发起认证请求,或使用带签名的证书。

  • Master告诉Client你是合法的。

  • 客户端Puppetd调用Facter,Facter探测出主机的一些变量,例如主机名、内存大小、IP地址等。Puppetd将这些信息通过SSL连接发送到服务器端。

  • 服务器端的Puppet Master检测客户端的主机名,然后找到manifest对应的node配置,并对该部分内容进行解析。Facter送过来的信息可以作为变量处 理,node牵涉到的代码才解析,其他没牵涉的代码不解析。解析分为几个阶段,首先是语法检查,如果语法错误就报错;如果语法没错,就继续解析,解析的结 果生成一个中间的“伪代码”(catelog),然后把伪代码发给客户端。

  • 客户端接收到“伪代码”,并且执行。

  • 客户端在执行时判断有没有File文件,如果有,则向fileserver发起请求。

  • 客户端判断有没有配置Report,如果已配置,则把执行结果发送给服务器。

  • 服务器端把客户端的执行结果写入日志,并发送给报告系统。

三、puppet安装

1、安装puppet

安装ruby

1
#yum install ruby ruby-libs ruby-rdoc

安装epel源

1
#rpm -ivh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

安装puppet

1
[root@dynamic bin] # yum --enablerepo="epel,epel-puppet" install puppet

2、puppet命令注解

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
[root@dynamic bin] # puppet help
Usage: puppet <subcommand> [options] <action> [options]
Available subcommands, from Puppet Faces:
   ca                Local Puppet Certificate Authority management.
#管理本地证书
   catalog           Compile, save, view, and convert catalogs.
#编译、保存、查看 puppet、代码,或转换成 Catalogs
   certificate       Provide access to the CA  for  certificate management.
#提供访问 CA证书的管理
   certificate_request  Manage certificate requests.
#管理证书的请求
   certificate_revocation_list  Manage the list of revoked certificates.
  #管理撤销证书的列表
   config            Interact with Puppet's configuration options.
   facts             Retrieve and store facts.
#系统信息检查
   file               Retrieve and store files  in  a filebucket
#在 filebucket 中检索和存
储文件
   help              Display Puppet help.
   instrumentation_data  Manage instrumentation listener accumulated data.
#管理监听的数据
   instrumentation_listener  Manage instrumentation listeners.
#管理监听的状态
   instrumentation_probe  Manage instrumentation probes.
  #管理监听探测
   key               Create, save, and remove certificate keys.  ##创建、保存、删除证书密
   man                Display Puppet manual pages.
   module            Creates, installs and searches  for  modules on the Puppet Forge.  #
从 Puppet Forge 创建、安装、查询模块
   node              View and manage node definitions.
#管理节点
   parser            Interact directly with the parser.
#解析器管理,检查 pp 文件语法
plugin            Interact with the Puppet plugin system.
#管理插件
   report            Create, display, and submit reports.
  #创建、查看报告
   resource          API only: interact directly with resources via the RAL.
#查看资源帮助
   resource_type     View classes, defined resource types, and nodes from all manifests
#查看类、默认资源类型与节点信息
   secret_agent      Mimics puppet agent.
#模拟 Agent
status            View puppet server status.
#查看 puppet 状态
Available applications, soon to be ported to Faces:
   agent             The puppet agent daemon
#客户端进程,负责从 Master 端获取信息
   apply             Apply Puppet manifests locally
#运行本地 manifests
   cert              Manage certificates and requests
#证书颁发,用于签署证书
   describe          Display help about resource types
#资源帮助
   device            Manage remote network devices
  #管理远程网络设备
   doc               Generate Puppet documentation and references
#生成 puppet 文档
   filebucket        Store and retrieve files  in  a filebucket
#在 filebucket 中检索和存储文件
   inspect           Send an inspection report
#发送 report 报告
   kick              Remotely control puppet agent
  #远程控制 agent,远程触发 puppet agent命令
   master            The puppet master daemon
#编译配置文件、模板、节点的自定义插件
   queue             Queuing daemon  for  asynchronous storeconfigs
#队列进程
See  'puppet help <subcommand> <action>'  for  help on a specific subcommand action.
See  'puppet help <subcommand>'  for  help on a specific subcommand.
Puppet v2.7.25
  • puppet master  :编译配置文件、模板、节点的自定义插件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
[root@dynamic bin] # puppet help  master
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              
puppet-master(8) -- The puppet master daemon
========
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              
SYNOPSIS
--------
The central puppet server. Functions as a certificate authority by
default.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              
USAGE
-----
puppet master [-D|--daemonize|--no-daemonize] [-d|--debug] [-h|--help]
   [-l|--logdest < file >|console|syslog] [- v |--verbose] [-V|--version]
   [--compile <node-name>]
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              
DESCRIPTION
-----------
This  command  starts an instance of puppet master, running as a daemon
and using Ruby's built- in  Webrick webserver. Puppet master can also be
managed by other application servers; when this is the  case , this
executable is not used.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              
  -D|--daemonize  #发送到后台守护进程,默认选项
--no-daemonize  #不发送到后台守护进程
-d|--debug  #启用完整的调试模式
-h|--help  #查看帮助
-l|--logdest < file >|console|syslog  #日志发送方式,默认采用 syslog 配置
- v |--verbose  #显示详细信息
-V|--version  #打印 puppet 版本
--compile <node-name>  #以 JSON 的方式输出编译的 catalog
--genconfig  #输入默认配置文件
  • puppet agent  :客户端进程,负责从 Master 获取数据

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
[root@dynamic bin] # puppet help  agent
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      
puppet-agent(8) -- The puppet agent daemon
========
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      
SYNOPSIS
--------
Retrieves the client configuration from the puppet master and applies it to
the  local  host.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      
This service may be run as a daemon, run periodically using  cron  (or something
similar), or run interactively  for  testing purposes.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      
USAGE
-----
puppet agent [--certname <name>] [-D|--daemonize|--no-daemonize]
   [-d|--debug] [--detailed-exitcodes] [--digest <digest>] [--disable] [-- enable ]
   [--fingerprint] [-h|--help] [-l|--logdest syslog|< file >|console]
   [--no-client] [--noop] [-o|--onetime] [--serve <handler>] [-t|-- test ]
   [- v |--verbose] [-V|--version] [-w|--waitforcert <seconds>]
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      
DESCRIPTION
-----------
This is the main puppet client. Its job is to retrieve the  local
machine's configuration from a remote server and apply it. In order to
successfully communicate with the remote server, the client must have a
certificate signed by a certificate authority that the server trusts;
the recommended method  for  this, at the moment, is to run a certificate
authority as part of the puppet server ( which  is the default). The
client will connect and request a signed certificate, and will  continue
connecting  until  it receives one.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      
Once the client has a signed certificate, it will retrieve its
configuration and apply it.
--certname <name>
#指定客户端 certname(唯一 ID),通常以 FQDN 命名
--daemonize
#发送到后台守护进程,默认选项
--no-daemonize
#不发送到后台守护进程
-d|--debug
  #启用完整的调试模式
--detailed-exitcodes
#提供详细的退出代码
--digest <digest>
#指定证书指纹算法,默认为 MD5 算法
--disable
  #禁用,禁止 puppet agent 在此节点运行
-- enable
#启用,重新运行执行 puppet agent
--fingerprint
  #显示当前证书的指纹
-h|--help
#查看帮助
-l|--logdest syslog|< file >|console
#日志发送方式,默认采用 syslog 配置
--no-client
  #不创建客户端配置文件,当 listen=true 时才有意义
--noop
#puppet 运行 Catalog,但不执行配置
-o|--onetime
#运行一次,配合--no-daemonize 使用
--serve <handler>
#启动另一类的服务
-t|-- test
  #测试用,包含了('onetime','verbose', 'ignorecache', 'no-daemonize', 'no-usecacheonfailure','detailed-exit-codes', 'no-splay', and 'show_diff')
- v |--verbose
  #显示详细信息
-V|--version
#打印 puppet 版本
-w|--waitforcert <seconds>
  #当 Master 未签署此节点证书时,puppet agent 将等待签署,并默认
#每 2 分钟重新连接 Master 以确定是否完成签署
  • puppet cert  :证书颁发,用于签署证书

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
[root@dynamic bin] # puppet help cert
puppet-cert(8) -- Manage certificates and requests
========
SYNOPSIS
--------
Standalone certificate authority. Capable of generating certificates,
but mostly used  for  signing certificate requests from puppet clients.
USAGE
-----
puppet cert <action> [-h|--help] [-V|--version] [-d|--debug] [- v |--verbose]
   [--digest <digest>] [<host>]
DESCRIPTION
-----------
Because the puppet master service defaults to not signing client
certificate requests, this script is available  for  signing outstanding
requests. It can be used to list outstanding requests and  then  either
sign them individually or sign all of them.
ACTIONS
-------
Every action except  'list'  and  'generate'  requires a  hostname  to act on,
unless the  '--all'  option is  set .
* clean:
#清除,用于清除证书
   Revoke a host's certificate ( if  applicable) and remove all files
   related to that host from puppet cert's storage. This is useful when
   rebuilding hosts, since new certificate signing requests will only be
   honored  if  puppet cert does not have a copy of a signed certificate
   for  that host. If  '--all'  is specified  then  all host certificates,
   both signed and unsigned, will be removed.
* fingerprint:
#打印证书指纹
   Print the DIGEST (defaults to md5) fingerprint of a host's
   certificate.
* generate:
#生成客户端证书
   Generate a certificate  for  a named client. A certificate /keypair  will
   be generated  for  each client named on the  command  line.
* list:
#查看认证客户端列表
   List outstanding certificate requests. If  '--all'  is specified, signed
   certificates are also listed, prefixed by  '+' , and revoked or invalid
   certificates are prefixed by  '-'  (the verification outcome is printed
   in  parenthesis).
* print:
#打印主机证书的全文信息
   Print the full-text version of a host's certificate.
* revoke:
#废除已认证的主机
   Revoke the certificate of a client. The certificate can be specified either
   by its serial number (given as a hexadecimal number prefixed by  '0x' ) or by its
   hostname . The certificate is revoked by adding it to the Certificate Revocation
   List given by the  'cacrl'  configuration option. Note that the puppet master
   needs to be restarted after revoking certificates.
* sign:
#签署认证
   Sign an outstanding certificate request.
* verify:
#验证本地指定的认证
   Verify the named certificate against the  local  CA certificate.
OPTIONS
-------
Note that any configuration parameter that's valid  in  the configuration
file  is also a valid long argument. For example,  'ssldir'  is a valid
configuration parameter, so you can specify  '--ssldir <directory>'  as an
argument.
See the configuration  file  documentation at
http: //docs .puppetlabs.com /references/stable/configuration .html  for  the
full list of acceptable parameters. A commented list of all
configuration options can also be generated by running puppet cert with
'--genconfig' .
* --all:
  #执行所有操作,包括'sign','clean','list','fingerprint',
   Operate on all items. Currently only makes sense with the  'sign' ,
   'clean' 'list' , and  'fingerprint'  actions.
* --digest:
#设置证书指纹加密的方式,取决于 openssl 版本
   Set the digest  for  fingerprinting (defaults to md5). Valid values
   depends on your openssl and openssl ruby extension version, but should
   contain at least md5, sha1, md2, sha256.
* --debug:
#启用完整的调试模式
   Enable full debugging.
* --help:
  #查看帮助
   Print this help message
* --verbose:
#显示详细信息
   Enable verbosity.
* --version:
#显示版本
   Print the puppet version number and  exit .
  • puppet apply  :运行本地 manifests

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
[root@dynamic bin] # puppet help apply
puppet-apply(8) -- Apply Puppet manifests locally
========
SYNOPSIS
--------
Applies a standalone Puppet manifest to the  local  system.
USAGE
-----
puppet apply [-h|--help] [-V|--version] [-d|--debug] [- v |--verbose]
   [-e|--execute] [--detailed-exitcodes] [-l|--logdest < file >]
   [--apply <catalog>] [--catalog <catalog>] < file >
-h|--help
#查看帮助
-V|--version
#显示版本信息
-d|--debug
#启用完整的调试模式
- v |--verbose
#显示详细信息
-e|--execute
#执行命令中指定的 puppet 代码
--detailed-exitcodes
#提供详细的退出代码
-l|--logdest < file >
  #日志发送方式,默认采用 syslog 配置
--catalog <catalog>
#运行 puppet master 采用--compile 输出 JSON 代码
  • puppet kick  #远程控制 agent,远程触发 puppet agent 命令

3、帮助

1
2
3
4
5
6
7
8
9
10
puppet doc
#生成 puppet 文档
puppet help
  #显示 puppet 帮助信息
puppet resource
#查看资源帮助
puppet describe
#资源帮助
puppet status
#查看 puppet 状态

四、常用的核心资源( puppet describe -l)

在定义资源时,资源类型必须使用小写字符,资源名称仅是一个字符串,但要求在同一个类型中的其必须惟一.
如,可以同时存在名为niginx的"service"和"package"资源,但在"package"类型资源中只能有一个名为"nginx"

puppet resouce 命令可用于交互式查找及修改puppet资源

资源定义格式:

type {'title':

   key    =>values,

   ........

}


1、package

  • puppet支持使用的软件包管理器:

    yum,rpm,apt,ports,gem,msi,dpkg,pkg等

  • package 常用参数

   ensure:程序包目标状态

ensure => {present|installed|absent|latest|purged|"version"}

           => present|installed, 检查文件是否存在,不存在则新建之
           => absent, 无其他软件依赖,可删除,否则会报错。
           => latest, 检查文件是否为最新版本,否则升级为最新版本
           => purged, 删除该包包括所有依赖的包,有风险慎用
           => "2.7.21-1", 指定某一个版本处于安装状态

   name:资源的名称,即软件包的名字(默认与 title 相同可不写)

source :指定程序包文件路径

   provider:软件包括管理器(注:如通过 rpm 命令安装包,需要通过 source 指定安装那些包)

   install_options :安装选项,最常的用是通过INSTALLDIR指定安装目录

例:安装haproxy

1
2
3
4
5
6
7
8
9
10
11
12
[root@essun tmp] # rpm -q haproxy
package haproxy is not installed
[root@essun tmp] # cat  haproxy_setup.pp
package { 'haproxy' :
     ensure => installed,
     name   => haproxy
}
[root@essun tmp] # puppet apply haproxy_setup.pp
notice:  /Stage [main] //Package [haproxy] /ensure : created
notice: Finished catalog run  in  16.53 seconds
[root@essun tmp] # rpm -q haproxy
haproxy-1.4.24-2.el6.x86_64

2、service :管理服务

   ensure:服务的目标状态,true|false|running|stopped

   enable :是否开机自动启动

       enable => true|false 指定服务是否开机自启动(修改 chkconfig 部分),并非对所有均有效

   name: 服务名称

name => "service name",该资源的 namevar, 服务的名字,通常就是在/etc/init.d/目录下的名字,默认与 title 相同

   path:脚本路径

path => "/etc/rc.d/init.d", 启动脚本的搜索路径,可以用冒号分割多个路径,或者用数组指定

   start :是否启动服务

   stop:是否停止服务

   restart:是否重启服务

restart => true |false, 指出管理脚本是否支持 restart 参数,如果不支持,就用 stop 和 start实现 restart 效果.

   status:判断服务是否已经在运行

status => true|false, 指出管理脚本是否支持 status 参数,puppet 用 status 参数来判断服务是否已经在运行了,如果不支持 status 参数,puppet 利用查找运行进程列表里面是否有服务名来判断服务是否在运行

例:启动haproxy

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
[root@essun tmp] # cat haproxy_setup.pp
package { 'haproxy' :
     ensure => installed,
     name   => haproxy
}
service { 'haproxy' :
     ensure     =>  true ,
     name    => haproxy,
     enable   =>  true
}
[root@essun tmp] # puppet apply haproxy_setup.pp  -v
info: Applying configuration version  '1400171155'
notice:  /Stage [main] //Package [haproxy] /ensure : created
notice:  /Stage [main] //Service [haproxy] /ensure : ensure changed  'stopped'  to  'running'
notice: Finished catalog run  in  9.21 seconds
[root@essun tmp] # chkconfig --list haproxy
haproxy            0:off    1:off    2:on    3:on    4:on    5:on    6:off
3、file:管理文件,目录,符号链接
   生成文件内容、 管理文件权限、属性
   通过source属性到指定位置下载文件
   通过recurse属性来获取目录

   常用属性

   ensure => {present|absent|directory|file|link}, 指定文件的目标状态

       => present, 检查文件是否存在,不存在则新建之
       => absent, 检查文件是否存在,存在则删除之
       => directory, 指定这是一个目录,不存在则创建
   backup:通过filebucket资源备份文件,值通常为filebucket资源名称

   content:文件内容:生成方式有三种(content,source,target),彼此互斥

content => "hello",|content => template("postfix/main.cf.erb"),  文件的具体内容,亦可由 erb 模板生成,选择这个可不写资源 source

   source:通过指定的url下载文件至本地,获取方式通常为puppet url,格式为puppet:///modules/MODULE_NAME/file_name;
   target:为符号链接指定目标
   links:文件为符号链接{follow|manage}

   path:文件路径,必须使用双引号;

path => "/etc/postfix/main.cf",  文件完整路径。默认与 title 相同可不写

   mode:定义权限

mode => 0644, 权限属性,四位八进制数

   owner:属主

owner|user => root, 所属用户,也可以用 UID

   group:属组

group => puppet, 所属用户组,也可以用 GID

   force:强制执行删除文件、链接或目录;仅用于ensure为absent时:
   purge:清空指定目录中存在的,但未在资源中定义的文件。

   recurse:目录递归

recurse => '{true|false|inf|remote}', 对目录是(true)否(false)递归(ensure =>directory 时有效)

   replace:替换,本地存在的文件与资源中指定的文件内容不同时,是否执行替换,默认为否

例:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
[root@dynamic tmp] # mkdir -pv /tmp/dir1/{dir2,dir3,dir4}
mkdir : created directory ` /tmp/dir1 '
mkdir : created directory ` /tmp/dir1/dir2 '
mkdir : created directory ` /tmp/dir1/dir3 '
mkdir : created directory ` /tmp/dir1/dir4 '
[root@dynamic tmp] # cat mkdir.pp
file "/tmp/dir1" :
owner  =>  "puppet" ,
group  =>  "puppet" ,
mode  => 0700,
ensure  => directory,
recurse =>  true ,
purge  =>  true ,
force  =>  true ,
ignore  =>  "dir2" ,
}
[root@dynamic tmp] # puppet apply mkdir.pp
notice:  /Stage [main] //File [ /tmp/dir1 ] /owner : owner changed  'root'  to  'puppet'
notice:  /Stage [main] //File [ /tmp/dir1 ] /group : group changed  'root'  to  'puppet'
notice:  /Stage [main] //File [ /tmp/dir1 ] /mode : mode changed  '0755'  to  '0700'
notice:  /File [ /tmp/dir1/dir4 ] /ensure : removed
notice:  /File [ /tmp/dir1/dir3 ] /ensure : removed
notice: Finished catalog run  in  0.06 seconds
[root@dynamic tmp] # ll -d dir1/
drwx------ 3 puppet puppet 4096 May 18 14:29 dir1/
[root@dynamic dir1] # ll
total 4
drwxr-xr-x 2 root root 4096 May 18 14:28 dir2

4、exec :执行外部命令,通常用于完成puppet自身无法完成的功能

常用属性
   command :要执行的命令,通常为命令文件的完整路径
   path:命令搜索路径.(如果path 没有被定义,命令需要使用绝对路径。路径可以以数组或以冒号分隔的形式来定义。)
   user:定义运行命令的用户
   group:定义运行命令的用户组
   onlyif:0,表示仅在命令的状态返回值为0时才执行此命令。
   refresh:接收到其它资源的通知时,如何重新执行此命令
   refreshonly:仅当被依赖的资源发生改变时才被触发
   tries:尝试的次数,默认为1;

   try_sleep:多次尝试之间的时间间隔

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
[root@dynamic tmp] # cat temp.pp
exec  { 'echo temp' :
     command  =>  'mktemp /tmp/tmp.XXX' ,
     path    => [  "/bin" , "/sbin" , "/usr/bin" , "/usr/sbin"  ],
}
[root@dynamic tmp] # puppet apply  temp.pp
notice:  /Stage [main] //Exec [ echo  temp] /returns : executed successfully
notice: Finished catalog run  in  0.10 seconds
[root@dynamic tmp] # ll
total 12
drwx------ 3 puppet puppet 4096 May 18 14:29 dir1
srwxrwxrwx 1 mysql  mysql     0 May  4 14:19 maria.sock
-rw-r--r-- 1 root   root    166 May 18 14:24  mkdir .pp
-rw-r--r-- 1 root   root    111 May 18 15:09 temp.pp
-rw------- 1 root   root      0 May 18 15:09 tmp.ZeW

资源引用:
   在引用时,"Type"首字母必须大写,如:Package ['nginx']

元参数:用于定义资源间依赖关系及应用次序。

通知机制:应用产生的消息

特殊属性

notify:调试输出
常用参数
   message :信息内容
   name :消息名称

例:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
[root@dynamic tmp] # cat messages.pp
file  { '/tmp/messages.txt' :
     ensure  =>  file ,
     content => "hello puppet!" ,
     notify  => Exec[ 'messages' ]
}
exec  { 'messages' :
     command  =>  'echo "/tmp/message.txt" >> /tmp/message.txt' ,
     refreshonly => true ,
     path    =>  "/bin/:/sbin/:/usr/bin:/usr/sbin"
}
[root@dynamic tmp] # puppet apply  messages.pp
notice:  /Stage [main] //File [ /tmp/messages .txt] /content : content changed  '{md5}e147509e8f852facd239743193e249c2'  to  '{md5}d007288adc523f44584e631abde90137'
notice:  /Stage [main] //Exec [messages]: Triggered  'refresh'  from 1 events
notice: Finished catalog run  in  0.21 seconds
[root@dynamic tmp] # cat message.txt
/tmp/message .txt
[root@dynamic tmp] # cat messages.txt
hello puppet!
[root@dynamic tmp] #

subscribe:主动关注所关联的资源的变化

例:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
[root@dynamic tmp] # cat messages.pp
file  { '/tmp/messages.txt' :
     ensure  =>  file ,
     content => "how are you" ,
}
exec  { 'messages' :
     command  =>  'echo "/tmp/messages.txt changed" >> /tmp/message.txt' ,
     subscribe   => File[ '/tmp/messages.txt' ],
     path    =>  "/bin/:/sbin/:/usr/bin:/usr/sbin"
}
[root@dynamic tmp] # puppet apply  messages.pp
notice:  /Stage [main] //Exec [messages] /returns : executed successfully
notice: Finished catalog run  in  0.10 seconds
[root@dynamic tmp] # cat messages.txt
how are you
[root@dynamic tmp] # cat message.txt
/tmp/messages .txt changed

require:必须依赖于那一个资源

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
[root@dynamic tmp] # cat ha_setup.pp
package{ 'haproxy' :
   ensure     => installed,
   before     => Service[ 'haproxy' ],
}
file { '/etc/haproxy/haproxy.cfg' :
   source => '/tmp/haproxy.cfg' ,
   owner=> 'root' ,
   group=> 'root' ,
   mode=> '640' ,
   require=>Package[ 'haproxy' ],
   before     => Service[ 'haproxy' ],
}
service{ 'haproxy' :
   ensure=>running,
   enable => true ,
}
[root@dynamic tmp] # puppet apply ha_setup.pp
notice:  /Stage [main] //Package [haproxy] /ensure : created
notice:  /Stage [main] //File [ /etc/haproxy/haproxy .cfg] /mode : mode changed  '0644'  to  '0640'
notice:  /Stage [main] //Service [haproxy] /ensure : ensure changed  'stopped'  to  'running'
notice: Finished catalog run  in  24.91 seconds
[root@dynamic tmp] # ll /etc/haproxy/
total 4
-rw-r----- 1 root root 3142 Jul 10  2013 haproxy.cfg
[root@dynamic tmp] # service haproxy status
haproxy (pid  6266) is running...

说明,package 资源属性一定要在service 之前应用,如果package没有应用成功,那么service 资源将不会被应用。

before:file资源一定要在service 资源之前执行

应用链次序链与通知链

->用于定义次序链

~>用于定义通知链

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
[root@dynamic tmp] # cat ha_setup.pp
package{ 'haproxy' :
   ensure     => installed,
}
file { '/etc/haproxy/haproxy.cfg' :
   source => '/tmp/haproxy.cfg' ,
   owner=> 'root' ,
   group=> 'root' ,
   mode=> '640' ,
   notify=>Exec[ 'monitor' ]
}
service{ 'haproxy' :
   ensure=>running,
   enable => true ,
   restart => '/etc/rc.d/init.d/haproxy reload'
}
exec { 'monitor' :
     command  =>  'echo "/tmp/haproxy.cfg己经重载" >> /tmp/hainfo.txt' ,
     path    =>  "/bin:/sbin:/usr/sbin:/usr/bin"
}
Package[ 'haproxy' ]->File[ '/etc/haproxy/haproxy.cfg' ]->Exec[ 'monitor' ]~>Service[ 'haproxy' ]
[root@dynamic tmp] # puppet apply ha_setup.pp
notice:  /Stage [main] //File [ /etc/haproxy/haproxy .cfg] /content : content changed  '{md5}c6e95eb3da150a74e6c8c2e70488083e'  to  '{md5}1f337186b0e1ba5ee82760cb437fb810'
notice:  /Stage [main] //Exec [monitor] /returns : executed successfully
notice:  /Stage [main] //Exec [monitor]: Triggered  'refresh'  from 1 events
notice:  /Stage [main] //Service [haproxy] /ensure : ensure changed  'stopped'  to  'running'
notice: Finished catalog run  in  0.90 seconds
[root@dynamic tmp] # cat hainfo.txt
/tmp/haproxy .cfg己经重载

5、group:  系统上用户组

常用参数

  ensure:目标状态,present,absent
  name:组名
  gid:组ID
  system:系统组
6、user:系统上用户
常用参数
   ensure:目标状态
   name:用户名
   uid:用户ID
   system:系统用户
   gid:组名或组ID

   home:用户的家目录。必须是己创建的目录,如果没有创建,则不检查

   shell:指定其shell

   password:指定用户密码

    mangehome: 是否建立家目录。true or false


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
[root@dynamic tmp] # cat useradd.pp
group { 'groupadd' :
     ensure  =>present,
     gid =>1010,
     name    =>essun,
}->
user { 'useradd' :
     ensure  =>present,
     uid =>1010,
     gid =>1010,
     name    =>essun,
     shell   => "/bin/bash" ,
     home    => "/home/essun" ,
     managehome  => true ,
     password    => '$1$wvZ8j1$mPa3IT.9vTdCb6sOuvdeu/'
                                                                                                                                                                                                                                                                                  
}
[root@dynamic tmp] # puppet apply useradd.pp
notice:  /Stage [main] //Group [groupadd] /ensure : created
notice:  /Stage [main] //User [ useradd ] /ensure : created
notice: Finished catalog run  in  0.50 seconds
[root@dynamic tmp] # su essun
[essun@dynamic tmp]$  whoami
essun
[essun@dynamic tmp]$  cd
[essun@dynamic ~]$  pwd
/home/essun
[essun@dynamic ~]$  id  essun
uid=1010(essun) gid=1010(essun)  groups =1010(essun)
7、notify:调试输出
   常用参数
   message :信息
   name
  notify {'notice': message => '/etc/fstab changed',}
8、cron :管理 cron
   常用属性
ensure :目标状态(present)
   command:执行的命令
   environment:运行时的环境变量
   hour:小时
   minute :分钟
   month:月份
   monthday:日

   weekday 周

   name:名字

    user: 运行此周期性任务计划的用户,如果没有指出,默认为root

1
2
3
4
5
6
7
8
9
10
11
[root@dynamic tmp] # cat cron.pp
cron  { 'ntpdate' :
     ensure  => present,
     command  =>  '/usr/sbin/ntpdate cn.poolntp.org &> /dev/null' ,
     minute  =>  '*/5' ,
}
[root@dynamic tmp] # puppet apply cron.pp
notice:  /Stage [main] //Cron [ntpdate] /ensure : created
notice: Finished catalog run  in  0.10 seconds
[root@dynamic tmp] # date
Sun May 18 17:42:21 CST 2014










本文转自 jinlinger 51CTO博客,原文链接:http://blog.51cto.com/essun/1413244,如需转载请自行联系原作者
相关实践学习
日志服务之使用Nginx模式采集日志
本文介绍如何通过日志服务控制台创建Nginx模式的Logtail配置快速采集Nginx日志并进行多维度分析。
目录
相关文章
|
30天前
|
运维 Linux Apache
【一键变身超人!】Puppet 自动化运维神器 —— 让你的服务器听话如婴儿,轻松管理资源不是梦!
【8月更文挑战第9天】随着云计算与容器化技术的发展,自动化运维已成为现代IT基础设施的核心部分。Puppet是一款强大的自动化工具,用于配置管理,确保系统保持预期状态。通过易于理解的配置文件定义资源及其依赖关系,Puppet实现了“基础设施即代码”的理念。本文简要介绍了Puppet的安装配置方法及示例,包括Puppet Agent与Master的安装、基本配置步骤和一个简单的Apache HTTP Server管理示例,展示了Puppet在实际应用中的强大功能与灵活性。
30 9
|
关系型数据库 MySQL Shell
puppet连载24:虚拟资源
class account::virtual { @user {"mysql": ensure => present, uid => 27, gid => 27, home => "/var/lib/mysql", shell => "/bin/bas...
769 0
puppet连载17:file资源详解
file {'/tmp/filetest': content => "aaa", ensure => file, } ensure => present file {'/tmp/filetest': content => "aaa", } file {...
866 0
|
关系型数据库 网络安全 PostgreSQL
puppet连载14:安装puppetdb
yum install puppetdb puppetdb-terminus -y service puppetdb start vi /etc/puppet/puppet.
1046 0
|
网络协议 应用服务中间件 Shell
puppet连载12:linux安装nginx、openresty
服务端在/puppet/soft 里建nginx1102setup.sh,内容: !/bin/bash yum -y install wget libtool expat-devel gcc gcc-c++ glibc automake autocon...
914 0
|
Java 应用服务中间件 Linux
puppet连载九:linux安装jdk、tomcat模块
安装jdk1.8.0_91和tomcat8.0.36 mkdir -p /etc/puppet/modules/linuxjdktomcat/{manifests,templates,files} vi /etc/puppet/modules/linuxjdktomcat/manifests/init.
1070 0
|
MySQL 关系型数据库 Linux
puppet连载10:linux安装percona57/56/55、sysbench、tpcc模块
在服务端/puppet/soft下建my.cnf,内容为https://www.jianshu.com/p/c63fc6c71279 在服务端/puppet/soft下建changemysql57pass.
1055 0
|
关系型数据库 MySQL Linux
puppet连载四:服务端安装dashboard
curl -sSL https://rvm.io/mpapis.asc | gpg2 --import - curl -L get.rvm.io | bash -s stable source /etc/profile.
1251 0
|
Linux 开发工具 git
puppet连载七:linux基础组件安装模块
linux基础组件安装模块linuxbaseinstall 更换源,安装gcc gcc-c++ glibc-devel make ncurses-devel openssl-devel autoconf git mkdir -p /etc/puppet...
1066 0
|
网络安全 Apache Ruby
puppet连载三:服务端安装http、passenger
服务端安装插件: yum install -y ruby-devel ruby-libs rubygems libcurl-devel httpd httpd-devel apr-util-devel apr-devel mod_ssl gcc-c++...
1060 0