puppet 配置 - 3.3 rpm 管理

简介: 作用利用 puppet 对 centos, redhat 等操作系统进行软件包 (rpm) 进行管理管理包括, 软件源管理, 安装, 删除, 升级软件包模块利用 puppet 自带 yumrepo, package 模块即可操作系统会利用 yum 命令进行管理软件包yum 源由 yumrepo 模块管理软件由 package 模块管理帮助

作用

利用 puppet 对 centos, redhat 等操作系统进行软件包 (rpm) 进行管理
管理包括, 软件源管理, 安装, 删除, 升级软件包

模块

利用 puppet 自带 yumrepo, package 模块即可
操作系统会利用 yum 命令进行管理软件包
yum 源由 yumrepo 模块管理
软件由 package 模块管理

帮助

https://docs.puppet.com/puppet/latest/types/yumrepo.html
https://docs.puppet.com/puppet/latest/type.html#package

puppet 调用顺序

/etc/puppet/puppet.conf
 |-> /etc/puppet/manifests/main-site.pp
        |-> /etc/puppet/manifests/terry/terry-parameter.pp
        |-> /etc/puppet/manifests/terry/terry-site.pp
                |-> /etc/puppet/manifests/terry/terry-yumrepo.pp
                |-> /etc/puppet/manifests/terry/terry-package.pp

说明:

  1. /etc/puppet/puppet.conf 中通过下面配置执行下一个文件

    manifest = /etc/puppet/manifests/main-site.pp

  2. /etc/puppet/manifests/main-site.pp 通过下面配置执行下一个文件

    import ‘terry/terry-parameter.pp’
    import ‘terry-site.pp’

  3. /etc/puppet/manifests/terry/terry-parameter.pp (用于定了了全局变量) 下一章说明
    /etc/puppet/manifests/terry/terry-site.pp 定义了主机需要执行那些自定义行为, 使用那些资源, 当前调用了 yumrepo 模块与 package 模块
    import ‘terry-sysctl.pp’
    import ‘terry-hosts.pp’
    import ‘terry-yumrepo.pp’
    import ‘terry-package.pp’

  4. /etc/puppet/manifests/terry/terry-yumrepo.pp 定义了 客户端 yum 源
    /etc/puppet/manifests/terry/terry-package.pp 定义了 客户端需要管理的软件包

yum 源配置说明

参考 /etc/puppet/manifests/terry/terry-yumrepo.pp

exec { "yum makecache":
        user => root, group => root, cwd => "/",
        path => "/usr/bin:/usr/sbin:/bin",
}

if  $operatingsystemrelease == "7.2"  {
        yumrepo { "vipshop-inner":
                descr    => "vipshop-inner repo",
                baseurl  => "http://mirrors.vclound.com/centos/7.2/os/x86_64/",
                gpgcheck => "0",
                enabled  => "1",
                priority => "1",
                require => Exec['yum makecache'],
}

        yumrepo { "vclound":
                descr    => "vclound repo",
                baseurl  => "http://mirrors.vclound.com/vclound/rhel7/x86_64",
                gpgcheck => "0",
                enabled  => "1",
                priority => "2",
                require => Exec['yum makecache'],
        }
}elsif  $operatingsystemrelease == "6.6" {
        yumrepo { "vipshop-inner":
                descr    => "vipshop-inner repo",
                baseurl  => "http://mirrors.vclound.com/centos/6.6/os/x86_64/",
                gpgcheck => "0",
                enabled  => "1",
                priority => "2",
                require => Exec['yum makecache'],
}

        yumrepo { "vclound":
                descr    => "vclound repo",
                baseurl  => "http://mirrors.vclound.com/vclound/rhel6/x86_64",
                gpgcheck => "0",
                enabled  => "1",
                priority => "3",
                require => Exec['yum makecache'],
        }

        yumrepo { "patch":
                descr => "centos6 path",
                baseurl => "http://mirrors.vclound.com/apps/6/x86_64/kernel",
                gpgcheck => "0",
                enabled => "1",
                priority => "1",
                require => Exec['yum makecache'],
        }
}

说明

1.  这里调用了 exec 模块, 用于执行系统命令 "yum makecache"
2.  调用 yumrepo 模块,  定义了当前客户端的 yum 源
3. require 参数, 用于人工介入, 定义整个模板中模块的执行顺序,  当前每个 yumrepo 模块中都添加了这个参数,  令 yum makecache 命令可以在所有源文件都创建成功后才执行
4.  调用到判断语法 if ... elsif ... 即, 当前配置只针对  rhel 7.2 及  6.6 作出修改, 配置版本则不执行

yumrepo 模块说明:

yumrepo { "patch":                            <- yum配置名称
    descr => "centos6 path"                   <- 描述
    baseurl => "http://mirrors.vclound.com/apps/6/x86_64/kernel",  <- rpm 下载 url
    gpgcheck => "0",                           <- gpg校验
    enabled => "1",                            <- 当前配置是否生效,  0 则不生效
    priority => "1",                           <- yum 源的优先级
    require => Exec['yum makecache'],          <- puppet 命令执行的依赖关系定义
}

package 配置说明

参考 /etc/puppet/manifests/terry/terry-package.pp

package { [ 'net-snmp-devel', 'perl-libwww-perl', 'curl', 'acpid' ] :
        ensure => present,
        require => Yumrepo['vipshop-inner'],
}

package { 'bash':
        name => 'bash',
        ensure => '4.1.2-29.el6',
        require => Yumrepo['patch'],
}

package { [ 'glibc', 'glibc-common', 'glibc-devel', 'glibc-headers', 'glibc-utils' ]:
        ensure => latest,
        require => Yumrepo['patch'],
}

说明:

1. 当前只对系统管理上述三组软件包管理
2.  net-snmp ... apicd, bash,  glibc ... glibc-utils 等定义的是软件包名称
3.  对于第一组 net-snmp ... 软件包,   puppet 只需要客户端安装了即可
4.  对于第二组,  bash,  需要客户端安装指定的版本
5.  对于第三组, glibc .. 需要客户端进行自动更新到最新版本[因为发现了默认版本有漏洞]

package 模块说明

package { 'glibc', 'glibc-common', 'glibc-devel', 'glibc-headers', 'glibc-utils':   <- 这里定义了软件包名称
  ensure => latest,   <- present 安装, absent 删除, purged 连同依赖删除, latest 最新按本.
  require => Yumrepo['patch'],    <- 定义了执行顺序, 即, 确保 yum 源存在才进行升级
}

客户端配置参考

客户端连接服务器方法参考

[root@terryzeng-gz-qa-dns-d4yzu /]# puppet agent -t
Warning: Setting modulepath is deprecated in puppet.conf. See http://links.puppetlabs.com/env-settings-deprecations
   (at /usr/lib/ruby/site_ruby/1.8/puppet/settings.rb:1095:in `issue_deprecations')
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts in /var/lib/puppet/lib/facter/root_home.rb
Info: Loading facts in /var/lib/puppet/lib/facter/list_addrs.rb
Info: Loading facts in /var/lib/puppet/lib/facter/pe_version.rb
Info: Loading facts in /var/lib/puppet/lib/facter/puppet_vardir.rb
Info: Loading facts in /var/lib/puppet/lib/facter/facter_dot_d.rb
Info: Caching catalog for terryzeng-gz-qa-dns-d4yzu.vclound.com
Info: Applying configuration version '1485312936'
Notice: /Stage[main]/Main/Exec[yum makecache]/returns: executed successfully
Notice: /Stage[main]/Main/Package[glibc-headers]/ensure: ensure changed '2.12-1.149.el6' to '0:2.12-1.149.el6_6.9'
Notice: /Stage[main]/Main/Package[glibc-devel]/ensure: ensure changed '2.12-1.149.el6' to '0:2.12-1.149.el6_6.9'
Notice: /Stage[main]/Main/Package[glibc-utils]/ensure: ensure changed '2.12-1.149.el6' to '0:2.12-1.149.el6_6.9'
Notice: /Stage[main]/Main/Package[glibc-common]/ensure: ensure changed '2.12-1.149.el6' to '0:2.12-1.149.el6_6.9'
Notice: /Stage[main]/Main/Package[glibc]/ensure: ensure changed '2.12-1.149.el6' to '0:2.12-1.149.el6_6.9'
Notice: Finished catalog run in 36.21 seconds

验证结果

[root@terryzeng-gz-qa-dns-d4yzu /]# rpm -qa | grep -E 'net-snmp-devel|perl-libwww-perl|curl|acpid|bash|glibc'
glibc-common-2.12-1.149.el6.x86_64
bash-4.1.2-29.el6.x86_64
python-pycurl-7.19.0-8.el6.x86_64
perl-libwww-perl-5.833-2.el6.noarch
curl-7.19.7-37.el6_5.3.x86_64
glibc-devel-2.12-1.149.el6.x86_64
net-snmp-devel-5.5-50.el6_6.1.x86_64
acpid-1.0.10-2.1.el6.x86_64
glibc-utils-2.12-1.149.el6.x86_64
glibc-2.12-1.149.el6.x86_64
glibc-headers-2.12-1.149.el6.x86_64
libcurl-7.19.7-37.el6_5.3.x86_64
目录
相关文章
|
2月前
|
运维 Linux Apache
Puppet 作为一款强大的自动化运维工具,被广泛应用于配置管理领域。通过定义资源的状态和关系,Puppet 能够确保系统始终处于期望的配置状态。
Puppet 作为一款强大的自动化运维工具,被广泛应用于配置管理领域。通过定义资源的状态和关系,Puppet 能够确保系统始终处于期望的配置状态。
64 3
|
安全 Linux 网络协议
puppet yum模块、配置仓储、mount模块
转载:http://blog.51cto.com/ywzhou/1577335 作用:自动为客户端配置YUM源,为使用yum安装软件包提供便捷。 1、服务端配置yum模块 (1)模块清单 [root@puppet ~]# tree /etc/puppe...
1118 0
|
网络协议 安全 网络安全
|
Perl 存储 数据挖掘
|
网络安全 Ruby 网络协议