puppet 配置 5 常见例子

简介: 变量复用说明:变量定义后可以直接调用变量名称使用范例:$etcd_controller1='10.100.84.22'$etcd_controller2='10.100.84.23'$etcd_controller3='10.100.84.24'$etcd_host1='gx-yun-084022.vclound.com'$etcd_host2='

变量复用

说明:

变量定义后可以直接调用变量名称使用

范例:

$etcd_controller1='10.100.84.22'
$etcd_controller2='10.100.84.23'
$etcd_controller3='10.100.84.24'

$etcd_host1='gx-yun-084022.vclound.com'
$etcd_host2='gx-yun-084023.vclound.com'
$etcd_host3='gx-yun-084024.vclound.com'

$etcd_connect="$etcd_host1=http://$etcd_host1:2380,$etcd_host2=http://$etcd_host2:2380,$etcd_host3=http://$etcd_host3:2380"

$etcdcluster="$etcd_controller1:2379,$etcd_controller2:2379,$etcd_controller3:2379"

变量的判断

说明:

1. 对主机地址进行匹配,  (可以利用 case , if 的方式进行判断, 效果一样)
2. 针对不同的主机, 定义不同的变量使用

范例

$myipaddress=$ipaddress_vlanbr0

if $myipaddress =~ /^10\.201\.\\*/ {
    $ntpserver = '10.201.100.21'
} elsif  $myipaddress =~ /^10\.200\.\\*/  {
    $ntpserver = '10.200.100.21'
} elsif $myipaddress =~ /^10\.205\.\\*/  {
    $ntpserver = '10.205.100.25'
} elsif $myipaddress =~ /^192\.168\.\\*/ {
    $ntpserver = [ '10.199.129.21', '10.199.129.22' ]
} elsif $myipaddress =~ /^10\.100\.\\*/ {
    $ntpserver = [ '10.199.129.21', '10.199.129.22' ]
}

case 语法

作用:

1.  对主机地址进行匹配, 
2.  利用匹配规则,  令不同的主机执行不同的命令

范例:

case $myipaddress {
  $etcd_controller1, $etcd_controller2, $etcd_controller3 : {
    exec { 'exit':
      user => root, group => root,
      path => '/bin:/sbin:/usr/bin:/usr/sbin',
      unless => [ "/usr/bin/nmap $fqdn -p 2380 | /usr/bin/grep -o open" ],
      require => [ Package['nmap'], Class['initial'], Class['etcd::service']  ],
    }
  }

  default : {
    exec { 'exit':
      user => root, group => root,
      path => '/bin:/sbin:/usr/bin:/usr/sbin',
      unless => [ "/usr/bin/nmap $etcd_controller1 -p 2380 | /usr/bin/grep -o open &&  /usr/bin/nmap $etcd_controller2 -p 2380 | /usr/bin/grep -o open &&  /usr/bin/nmap $etcd_controller3 -p 2380 | /usr/bin/grep -o open"  ],
      require => Package['nmap'],
    }
  }
}

配置文件特殊语法

参考下面语法 (config.pp)

convoy_config {
    'Service/LimitMEMLOCK':  value => $convoyLimitMEMLOCK;
    'Service/LimitSTACK':  value => $convoyLimitSTACK;
    'Service/LimitNPROC':  value => $convoyLimitNPROC;
    'Service/LimitNOFILE':  value => $convoyLimitNOFILE;
    'Service/LimitCORE':  value => $convoyLimitCORE;
}

当执行 puppet 后, 可以得到下面的常见的配置文件配置结果 (实际会得到 等号后的变量值 )

[Service]
LimitMEMLOCK = $convoyLimitMEMLOCK
LimitSTACK = $convoyLimitSTACK
LimitNPROC = $convoyLimitNPROC
LimitNOFILE = $convoyLimitNOFILE
LimitCORE = $convoyLimitCORE

要使用这样的配置方法, 必须添加下面两个模块库文件

/etc/puppet/modules/convoy
├── lib
│   └── puppet
│       ├── provider
│       │   └── convoy_config
│       │       └── ini_setting.rb    <- 添加
│       └── type
│           └── convoy_config.rb       <- 添加
├── manifests
│   ├── config.pp                   <- 添加后, 配置才生效
│   ├── directlvm.pp
│   ├── init.pp

/etc/puppet/modules/convoy/lib/puppet/provider/convoy_config/ini_setting.rb

Puppet::Type.type(:convoy_config).provide(
  :ini_setting,
  :parent => Puppet::Type.type(:ini_setting).provider(:ruby)
) do

  def section
    resource[:name].split('/', 2).first
  end

  def setting
    resource[:name].split('/', 2).last
  end

  def separator
    '='
  end

  def self.file_path
    '/usr/lib/systemd/system/convoy.service'
  end

  def file_path
     self.class.file_path
  end
end

/etc/puppet/modules/convoy/lib/puppet/type/convoy_config.rb

Puppet::Type.newtype(:convoy_config) do

  ensurable

  newparam(:name, :namevar => true) do
    desc 'Section/setting name to manage from /usr/lib/systemd/system/convoy.service'
    newvalues(/\S+\/\S+/)
  end

  newproperty(:value) do
    desc 'The value of the setting to be defined.'
    munge do |value|
      value = value.to_s.strip
      value.capitalize! if value =~ /^(true|false)$/i
      value
    end
  end

end

firewalld 配置

模块下载位置

https://github.com/crayfishx/puppet-firewalld

配置语法
一段端口配置方法

firewalld_port { 'Open port 1000-50000 in the public zone tcp':
            ensure   => present,
            zone     => 'public',
            port     => 1000-50000,
            protocol => 'tcp',
}

firewalld_port { 'Open port 1000-50000 in the public zone udp':
            ensure   => present,
            zone     => 'public',
            port     => 1000-50000,
            protocol => 'udp',
}

一个端口配置方法

firewalld_port { 'Open port 2476 in the public zone':
            ensure   => present,
            zone     => 'public',
            port     => 2476,
            protocol => 'tcp',
}

firewalld_port { 'Open port 8080 in the public zone':
            ensure   => present,
            zone     => 'public',
            port     => 8080,
            protocol => 'tcp',
}
目录
相关文章
|
19天前
|
运维 Linux Apache
Puppet 作为一款强大的自动化运维工具,被广泛应用于配置管理领域。通过定义资源的状态和关系,Puppet 能够确保系统始终处于期望的配置状态。
Puppet 作为一款强大的自动化运维工具,被广泛应用于配置管理领域。通过定义资源的状态和关系,Puppet 能够确保系统始终处于期望的配置状态。
40 3
|
安全 Linux 网络协议
puppet yum模块、配置仓储、mount模块
转载:http://blog.51cto.com/ywzhou/1577335 作用:自动为客户端配置YUM源,为使用yum安装软件包提供便捷。 1、服务端配置yum模块 (1)模块清单 [root@puppet ~]# tree /etc/puppe...
1112 0
|
网络协议 安全 网络安全
|
Perl 存储 数据挖掘