puppet硬件需求

搭建本地镜像源
搭建svn+apache ，搭建dnsmasq

/etc/puppet
auth.conf 认证
autosign.conf 自动签名
fileserver.conf 同步静态文件
manifests.......module
puppet.conf
tagmail.conf
namespaceauth.conf

puppet.conf main,master,agent

生成配置文件puppet.conf puppet master --genconfig
服务端常用配置项

auth.conf访问控制

acl控制

fileserver.conf 挂载点 使用方式

puppet help puppet help ca
puppet master puppet agent puppet cert puppet module puppet resource puppet describe puppet parser validate

---

site.pp是导航文件：/etc/puppet/manifests/site.pp
notify == echo：notify{"hello world"} 放在site.pp
启动服务端： xx 2>&1
nohup puppet master --verbose --no-daemonize>>master.log 2>&1 &
iptables -t filter -A INPUT -p tcp -m state -state NEW --dport 8140 -j ACCEPT
puppet agent --server xxxx --test
puppet cert --sign xxxx

site.pp中节点格式

没有匹配到，就到默认default

从puppet forge 获取基础模块：http://forge.puppetlabs.com/
class

inherits

类继承

灰度发布：开发-测试-生产

---

变量

puppet不能重复赋值

facter常用变量：ipaddress,kernel,memorysize,operatingsystem,rubyversion,uptime,hostname

数组

字典

布尔

/正则/：[a-z] () \w \W \s \S \d \D \b \B * + {m,n} ?

if elsif else

=~

in

case 用法：
case /:{}
default: {}
}
xx = xx ? {字典}

define

tag????

generate

template

类的继承

文件导入

模块导入方式：

资源

package 包安装工具

file {'name':
path:
ensure:absent present file directory link
backup:
checksum:md5
content:追加
group
links??
mode
owner
source:
target:
selxxxxxxxxxxxxxxxx
}

filebucket 文件备份与恢复
name,path,port,server

host:DNS相关

user属性
name,ensure,comment,uid,gid,groups,home,manage_expiry,password,manage_password_max_age,manage_password_min_age,shell,provider:aix/hpuxuseradd/ldap/pw/useradd/windows_adsi
新建用户

group
ensure,gid,members,name,provider:aix/groupadd/pw/windows_adsi

package
allowcdrom,ensure:installed _{present/absent/latest/版本号}5.4.23,provider:yum/apt/aix/windows,source
holdable保持现状,install_options 传递参数,installable,purgeable,uninstall_options,uninstallable,upgradeable,versionable

安装nginx

数组方式批量安装

service:
binary:程序路径,enable开机，ensure:running/stopped,hasrestart,hasstatus,name,path,pattern,restart,start,status,stop,provider:enableable/refreshable.

exec:
command,creates,cwd:执行路径,environment,group,logoutput,onlyif:只有该执行结果为0时才执行,path,refresh,refreshonly:ture/false触发器,returns,timeout,tries,try_sleep,user,provider:shell/windows

cron:
command,ensure:present/absent,environment,hour,minute,month,monthday,weekday,name,provider,user

notify :name,message
公有属性：before,require,stage,notify,subscribe,audit
require用法

before

notify

subscribe

->先后关系

~>通知

三段



audit审计

默认资源：Exec,Package,
虚拟资源：@ realize <|xxx|>

---

erb <%= %>

erb
<% if %>
<% elsif %>
<% else %>
<% end %>
erb each ????? erb 函数

---

facter:physicalprocessorcount,processorcount,processor0-7,memorysize,memoryfree,swapsize,swapfree
获取内存信息：

facter:interfaces,ipaddress,netmask,ipaddress_eth1,netmask_eth1~~,macaddress
operatingsystem,operatingsystemrelease

facter:kernel,kernelmajversion,kernelrelease,kernelversion,selinux,selinux_config_mode,
扩展facter

---

YAML

puppet ENC功能
puppet dot graphviz功能
puppet stdlib扩展

---

master和agent多端口使用案例

nginx+passenger 提升master的处理性能
puppet搭建集群:http://jingpin.jikexueyuan.com/article/48475.html

---

reportdir设置运行报告目录
[agent]
report=true

reportserver=

puppet agent --server puppet.xxxx.com --test --summarize
[master]
reports=store,tagmail,http #开启多个报告处理器
reportfrom=xxx
tagmap=xx/tagmail.conf

自定义报告处理器

puppet dashboard 安装
puppetdb 安装
puppet MCollective 安装

puppet 部署 MCollective

---

HAproxy 搭建puppet 集群