作用
利用 puppet 对 centos, redhat 等操作系统进行软件包 (rpm) 进行管理
管理包括, 软件源管理, 安装, 删除, 升级软件包
模块
利用 puppet 自带 yumrepo, package 模块即可
操作系统会利用 yum 命令进行管理软件包
yum 源由 yumrepo 模块管理
软件由 package 模块管理
帮助
https://docs.puppet.com/puppet/latest/types/yumrepo.html
https://docs.puppet.com/puppet/latest/type.html#package
puppet 调用顺序
/etc/puppet/puppet.conf
|-> /etc/puppet/manifests/main-site.pp
|-> /etc/puppet/manifests/terry/terry-parameter.pp
|-> /etc/puppet/manifests/terry/terry-site.pp
|-> /etc/puppet/manifests/terry/terry-yumrepo.pp
|-> /etc/puppet/manifests/terry/terry-package.pp
说明:
-
/etc/puppet/puppet.conf 中通过下面配置执行下一个文件
manifest = /etc/puppet/manifests/main-site.pp
-
/etc/puppet/manifests/main-site.pp 通过下面配置执行下一个文件
import ‘terry/terry-parameter.pp’
import ‘terry-site.pp’ /etc/puppet/manifests/terry/terry-parameter.pp (用于定了了全局变量) 下一章说明
/etc/puppet/manifests/terry/terry-site.pp 定义了主机需要执行那些自定义行为, 使用那些资源, 当前调用了 yumrepo 模块与 package 模块
import ‘terry-sysctl.pp’
import ‘terry-hosts.pp’
import ‘terry-yumrepo.pp’
import ‘terry-package.pp’/etc/puppet/manifests/terry/terry-yumrepo.pp 定义了 客户端 yum 源
/etc/puppet/manifests/terry/terry-package.pp 定义了 客户端需要管理的软件包
yum 源配置说明
参考 /etc/puppet/manifests/terry/terry-yumrepo.pp
exec { "yum makecache":
user => root, group => root, cwd => "/",
path => "/usr/bin:/usr/sbin:/bin",
}
if $operatingsystemrelease == "7.2" {
yumrepo { "vipshop-inner":
descr => "vipshop-inner repo",
baseurl => "http://mirrors.vclound.com/centos/7.2/os/x86_64/",
gpgcheck => "0",
enabled => "1",
priority => "1",
require => Exec['yum makecache'],
}
yumrepo { "vclound":
descr => "vclound repo",
baseurl => "http://mirrors.vclound.com/vclound/rhel7/x86_64",
gpgcheck => "0",
enabled => "1",
priority => "2",
require => Exec['yum makecache'],
}
}elsif $operatingsystemrelease == "6.6" {
yumrepo { "vipshop-inner":
descr => "vipshop-inner repo",
baseurl => "http://mirrors.vclound.com/centos/6.6/os/x86_64/",
gpgcheck => "0",
enabled => "1",
priority => "2",
require => Exec['yum makecache'],
}
yumrepo { "vclound":
descr => "vclound repo",
baseurl => "http://mirrors.vclound.com/vclound/rhel6/x86_64",
gpgcheck => "0",
enabled => "1",
priority => "3",
require => Exec['yum makecache'],
}
yumrepo { "patch":
descr => "centos6 path",
baseurl => "http://mirrors.vclound.com/apps/6/x86_64/kernel",
gpgcheck => "0",
enabled => "1",
priority => "1",
require => Exec['yum makecache'],
}
}
说明
1. 这里调用了 exec 模块, 用于执行系统命令 "yum makecache"
2. 调用 yumrepo 模块, 定义了当前客户端的 yum 源
3. require 参数, 用于人工介入, 定义整个模板中模块的执行顺序, 当前每个 yumrepo 模块中都添加了这个参数, 令 yum makecache 命令可以在所有源文件都创建成功后才执行
4. 调用到判断语法 if ... elsif ... 即, 当前配置只针对 rhel 7.2 及 6.6 作出修改, 配置版本则不执行
yumrepo 模块说明:
yumrepo { "patch": <- yum配置名称
descr => "centos6 path" <- 描述
baseurl => "http://mirrors.vclound.com/apps/6/x86_64/kernel", <- rpm 下载 url
gpgcheck => "0", <- gpg校验
enabled => "1", <- 当前配置是否生效, 0 则不生效
priority => "1", <- yum 源的优先级
require => Exec['yum makecache'], <- puppet 命令执行的依赖关系定义
}
package 配置说明
参考 /etc/puppet/manifests/terry/terry-package.pp
package { [ 'net-snmp-devel', 'perl-libwww-perl', 'curl', 'acpid' ] :
ensure => present,
require => Yumrepo['vipshop-inner'],
}
package { 'bash':
name => 'bash',
ensure => '4.1.2-29.el6',
require => Yumrepo['patch'],
}
package { [ 'glibc', 'glibc-common', 'glibc-devel', 'glibc-headers', 'glibc-utils' ]:
ensure => latest,
require => Yumrepo['patch'],
}
说明:
1. 当前只对系统管理上述三组软件包管理
2. net-snmp ... apicd, bash, glibc ... glibc-utils 等定义的是软件包名称
3. 对于第一组 net-snmp ... 软件包, puppet 只需要客户端安装了即可
4. 对于第二组, bash, 需要客户端安装指定的版本
5. 对于第三组, glibc .. 需要客户端进行自动更新到最新版本[因为发现了默认版本有漏洞]
package 模块说明
package { 'glibc', 'glibc-common', 'glibc-devel', 'glibc-headers', 'glibc-utils': <- 这里定义了软件包名称
ensure => latest, <- present 安装, absent 删除, purged 连同依赖删除, latest 最新按本.
require => Yumrepo['patch'], <- 定义了执行顺序, 即, 确保 yum 源存在才进行升级
}
客户端配置参考
客户端连接服务器方法参考
[root@terryzeng-gz-qa-dns-d4yzu /]# puppet agent -t
Warning: Setting modulepath is deprecated in puppet.conf. See http://links.puppetlabs.com/env-settings-deprecations
(at /usr/lib/ruby/site_ruby/1.8/puppet/settings.rb:1095:in `issue_deprecations')
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts in /var/lib/puppet/lib/facter/root_home.rb
Info: Loading facts in /var/lib/puppet/lib/facter/list_addrs.rb
Info: Loading facts in /var/lib/puppet/lib/facter/pe_version.rb
Info: Loading facts in /var/lib/puppet/lib/facter/puppet_vardir.rb
Info: Loading facts in /var/lib/puppet/lib/facter/facter_dot_d.rb
Info: Caching catalog for terryzeng-gz-qa-dns-d4yzu.vclound.com
Info: Applying configuration version '1485312936'
Notice: /Stage[main]/Main/Exec[yum makecache]/returns: executed successfully
Notice: /Stage[main]/Main/Package[glibc-headers]/ensure: ensure changed '2.12-1.149.el6' to '0:2.12-1.149.el6_6.9'
Notice: /Stage[main]/Main/Package[glibc-devel]/ensure: ensure changed '2.12-1.149.el6' to '0:2.12-1.149.el6_6.9'
Notice: /Stage[main]/Main/Package[glibc-utils]/ensure: ensure changed '2.12-1.149.el6' to '0:2.12-1.149.el6_6.9'
Notice: /Stage[main]/Main/Package[glibc-common]/ensure: ensure changed '2.12-1.149.el6' to '0:2.12-1.149.el6_6.9'
Notice: /Stage[main]/Main/Package[glibc]/ensure: ensure changed '2.12-1.149.el6' to '0:2.12-1.149.el6_6.9'
Notice: Finished catalog run in 36.21 seconds
验证结果
[root@terryzeng-gz-qa-dns-d4yzu /]# rpm -qa | grep -E 'net-snmp-devel|perl-libwww-perl|curl|acpid|bash|glibc'
glibc-common-2.12-1.149.el6.x86_64
bash-4.1.2-29.el6.x86_64
python-pycurl-7.19.0-8.el6.x86_64
perl-libwww-perl-5.833-2.el6.noarch
curl-7.19.7-37.el6_5.3.x86_64
glibc-devel-2.12-1.149.el6.x86_64
net-snmp-devel-5.5-50.el6_6.1.x86_64
acpid-1.0.10-2.1.el6.x86_64
glibc-utils-2.12-1.149.el6.x86_64
glibc-2.12-1.149.el6.x86_64
glibc-headers-2.12-1.149.el6.x86_64
libcurl-7.19.7-37.el6_5.3.x86_64
