Chinaunix首页 | 论坛 | 博客
  • 博客访问: 236225
  • 博文数量: 50
  • 博客积分: 0
  • 博客等级: 民兵
  • 技术积分: 1487
  • 用 户 组: 普通用户
  • 注册时间: 2013-07-24 10:31
文章分类
文章存档

2014年(20)

2013年(30)

分类: 网络与安全

2013-09-05 10:23:45

puppet成长日记一 file资源详细介绍及案例分析

一、系统环境
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
    
1、puppet服务端
Release:RHEL6.4
HOSTNAME: puppetserver.rsyslog.org
TCP/IP: 172.16.200.100/24
Packages:
puppet-server-2.7.21-1.el6.noarch
mcollective-client-2.2.4
activemq-5.5.0
2、puppet节点
Release: RHEL5.8
HOSTNAME: agent1.rsyslog.org
TCP/IP: 172.16.200.101/24
Packages:
puppet-2.7.21-1.el5
mcollective-2.2.4-1.el5
3、puppet节点
Release: RHEL6.4
HOSTNAME: agent3.rsyslog.org
TCP/IP: 172.16.200.103/24
Packages:
puppet-2.7.21-1.el6
mcollective-2.2.4-1.el6


二、资源介绍
1、实现功能
1.1、支持文件和目录
1.2、设置文件及目录的所有者及权限
1.3、恢复文件(包括文件的内容、权限及所有者)
1.4、清理目录以及子目录

2、支持参数
2.1 ensure => {present|absent|directory|file|link}, 指定文件的目标状态
=> present, 检查文件是否存在,不存在则新建之
=> absent, 检查文件是否存在,存在则删除之
=> directory, 指定这是一个目录,不存在则创建

2.2 owner|user => root, 所属用户,也可以用UID

2.3 group => puppet, 所属用户组,也可以用GID

2.4 mode => 0644, 权限属性,四位八进制数

2.5 source => "puppet:///modules/ssh/etc/ssh/sshd_config" | soure => "/etc/passwd" 文件获取地址,以puppet:///开头为从master下载,正常路径则在agent本地读取
备注:"puppet://"等价于主配置文件puppet.config中的modulepath值

2.6 path => "/etc/postfix/main.cf",  文件完整路径。默认与title相同可不写
eg.
file { "main.cf":
   path => "/etc/postfix/main.cf",

2.7 content => "hello",|content => template("postfix/main.cf.erb"),  文件的具体内容,亦可由erb模板生成,选择这个可不写资源source

2.8 backup => 'main',| backup => ".$backup_date.bak", 节点更新之前上一个版本备份方式;backup => 'main',需要结合资源filebucket实现

2.9 recurse => '{true|false|inf|remote}', 对目录是(true)否(false)递归(ensure => directory时有效)

2.10 puppet依赖关系资源有三个,分别为require,before,after
require => Class["mysql::install"], | require => Package["setup"],  当前资源或者类被要求的资源或者类所依赖,需要被要求的资源或者类先执行成功后在执行自己的资源或者类

before  在某个资源之前执行
package { "openssh-server":
...
before => File["/etc/ssh/sshd_config"],
  }

after 在某个资源之后执行
file {"/etc/ssh/sshd_config":
...
   after => Package["openssh-server"],
  }

2.11 puppet触发更新有两个,分别为notify,subscribe,写的位置不同。
notify {"operatingsystem is $operatingsystem":  将输出内容记录到日志里面,可在调试的时候查看。
   withpath => true|false,  #是否打印全路径
}
notify => Class["mysql::service"], 当前类或者资源的文件被改动后通知服务重启。
subscribe => Class["ssh::config"], 该资源有更新时,通知另一个资源执行相应的动作。目前支持subscribe只有exec、service、mount

2.12 link软连接设置 /etc/file2 -> /etc/passwd
file{ "/etc/file2":
...
       ensure => link,
       target => "/etc/passwd",
}

2.13 purge => true  清理目录下面没有被资源被管理的文件都会被清除
force => true   和purge => true配合使用才能删除目录,mode => 0700保证具有删除权限
ignore => file|directory, 忽略某一个目录或者文件做任何操作


三、资源示例
1、示例一
1.1 实现功能
*要求从服务器指定路径下载motd文件
*要求文件权限为700,属组和属主都为puppet
*要求setup包在motd文件下载之前被安装
1.2 配置说明
1
2
3
4
5
6
7
8
9
10
11
    
class motd::motd {
        package{ setup:
                ensure => present,
        }
        file{ "/etc/motd":
                owner => "puppet",
                group => "puppet",
                mode => 0700,
                source => "puppet://$puppetserver/modules/motd/etc/motd",
                require => Package["setup"],
        }

1.3 客户端agent1上测试
1
2
3
4
5
6
7
    
[root@agent1 ~]# puppet agent --test
info: Caching catalog for agent1.rsyslog.org
info: Applying configuration version '1378193573'
notice: /File[/etc/motd]/ensure: defined content as '{md5}0acb622c16dbdecb670d8920d96bdd30'
notice: Finished catalog run in 0.41 seconds
[root@agent1 ~]# ll /etc/motd
-rwx------ 1 puppet puppet 82 Sep  3 15:33 /etc/motd

2、示例二
2.1 实现功能
*在节点上创建/etc/passwd的软连接为/etc/file2
2.2 配置说明
1
2
3
4
5
6
7
8
    
class motd::file2 {
        file{ "/etc/file2":
                owner => "puppet",
                group => "puppet",
                ensure => link,
                target => "/etc/passwd",
        }
}

2.3 客户端agent1上测试
1
2
3
4
5
6
7
    
[root@agent1 ~]# puppet agent --test
info: Caching catalog for agent1.rsyslog.org
info: Applying configuration version '1378194373'
notice: /File[/etc/file2]/ensure: created
notice: Finished catalog run in 0.07 seconds
[root@agent1 ~]# ll /etc/file2
lrwxrwxrwx 1 puppet puppet 11 Sep  3 15:46 /etc/file2 -> /etc/passwd

3、示例三
3.1 实现功能
*在节点上创建/etc/dir1目录
*要求目录下面除了dir2外的所有目录及文件的权限为0700,所有者为puppet
*要求每次更新将"This is dir1!"写入日志里面
3.2 配置说明
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
    
class motd::dir1 {
        file{ "/etc/dir1":
                owner => "puppet",
                group => "puppet",
                mode => 0700,
                ensure => directory,
                recurse => true,
                purge => true,
                force => true,
                ignore => "dir2",
        }
        notify { "This is dir1!":
#       withpath => true,
        }
}

3.3 客户端agent1上测试
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
    
[root@agent1 ~]# puppet agent --test
info: Caching catalog for agent1.rsyslog.org
info: Applying configuration version '1378195554'
notice: This is dir1!
notice: /Stage[main]/Motd::Dir1/Notify[This is dir1!]/message: defined 'message' as 'This is dir1!'
notice: /File[/etc/dir1/dir3]/owner: owner changed 'root' to 'puppet'
notice: /File[/etc/dir1/dir3]/group: group changed 'root' to 'puppet'
notice: /File[/etc/dir1/dir3]/mode: mode changed '0755' to '0700'
notice: /File[/etc/dir1/dir3]/seluser: seluser changed 'root' to 'system_u'
notice: /File[/etc/dir1/dir3/file3]/owner: owner changed 'root' to 'puppet'
notice: /File[/etc/dir1/dir3/file3]/group: group changed 'root' to 'puppet'
notice: /File[/etc/dir1/dir3/file3]/mode: mode changed '0644' to '0700'
notice: /File[/etc/dir1/dir3/file3]/seluser: seluser changed 'root' to 'system_u'
notice: Finished catalog run in 0.11 seconds
[root@agent1 ~]#
[root@agent1 ~]#
[root@agent1 ~]# ll /etc/dir1/
total 16
drwxrwxrwx 2 puppet puppet 4096 Sep  3 16:00 dir2
drwx------ 2 puppet puppet 4096 Sep  3 16:06 dir3

4、示例四
4.1 实现功能
*在节点上创建/etc/dir2目录,权限为0700,所有者为puppet
*要求目录下面只允许有dir1目录,并且dir1目录及下一级目录或文件权限属性保持原有不变
4.2 配置说明
1
2
3
4
5
6
7
8
9
10
11
12
    
class motd::dir2 {
        file{ "/etc/dir2":
                owner => "puppet",
                group => "puppet",
                mode => 0700,
                ensure => directory,
                recurse => true,
                purge => true,
                force => true,
                ignore => "dir1",
        }
}

4.3 客户端agent1上测试
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
    
[root@agent1 ~]# puppet agent --test
info: Retrieving plugin
info: Loading facts in /var/lib/puppet/lib/facter/my_apply2.rb
info: Loading facts in /var/lib/puppet/lib/facter/my_apply1.rb
info: Loading facts in /var/lib/puppet/lib/facter/my_apply3.rb
info: Loading facts in /var/lib/puppet/lib/facter/backup_date.rb
info: Caching catalog for agent1.rsyslog.org
info: Applying configuration version '1378195951'
notice: /File[/etc/dir2]/ensure: created
notice: Finished catalog run in 0.05 seconds
[root@agent1 ~]# mkdir /etc/dir2/dir1
[root@agent1 ~]# mkdir /etc/dir2/dir2
[root@agent1 ~]# touch /etc/dir2/dir1/file1
[root@agent1 ~]# touch /etc/dir2/dir2/file2
[root@agent1 ~]# puppet agent --test
info: Retrieving plugin
info: Loading facts in /var/lib/puppet/lib/facter/my_apply2.rb
info: Loading facts in /var/lib/puppet/lib/facter/my_apply1.rb
info: Loading facts in /var/lib/puppet/lib/facter/my_apply3.rb
info: Loading facts in /var/lib/puppet/lib/facter/backup_date.rb
info: Caching catalog for agent1.rsyslog.org
info: Applying configuration version '1378195951'
info: /File[/etc/dir2/dir2]: Recursively backing up to filebucket
info: FileBucket adding {md5}d41d8cd98f00b204e9800998ecf8427e
info: /File[/etc/dir2/dir2]: Filebucketed /etc/dir2/dir2/file2 to puppet with sum d41d8cd98f00b204e9800998ecf8427e
notice: /File[/etc/dir2/dir2]/ensure: removed
notice: Finished catalog run in 0.09 seconds
[root@agent1 ~]# ll /etc/dir2/
total 8
drwxr-xr-x 2 root root 4096 Sep  3 16:13 dir1
阅读(1494) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~