此次测试是基于puppet的单机模式下进行的,主要是为了了解puppet的资源用法;
一.安装
下载地址
如果想编译安装:
如果想下载包手动安装:
1.导入官方puppet源
[root@bogon ~]# wget
[root@bogon ~]# rpm -ivh puppetlabs-release-6-12.noarch.rpm
2.安装facter和puppet
[root@bogon ~]# yum install
facter puppet
3.获取puppet帮助信息
[root@bogon ~]#
puppet help
语法: puppet
[options] [options]
可用子命令:
agent The puppet agent daemon
apply Apply Puppet manifests locally
ca Local Puppet Certificate Authority management.
catalog Compile, save, view, and convert catalogs.
cert Manage certificates and requests
certificate Provide access to the CA for certificate management.
certificate_request Manage certificate requests.
certificate_revocation_list Manage the list of revoked certificates.
config Interact with Puppet's settings.
describe Display help about resource types
device Manage remote network devices
doc Generate Puppet documentation and references
facts Retrieve and store facts.
file Retrieve and store files in a filebucket
filebucket Store and retrieve files in a filebucket
help Display Puppet help.
inspect Send an inspection report
instrumentation_data Manage instrumentation listener accumulated data. DEPRECATED.
instrumentation_listener Manage instrumentation listeners. DEPRECATED.
instrumentation_probe Manage instrumentation probes. Deprecated
key Create, save, and remove certificate keys.
kick Remotely control puppet agent
man Display Puppet manual pages.
master The puppet master daemon
module Creates, installs and searches for modules on the Puppet Forge.
node View and manage node definitions.
parser Interact directly with the parser.
plugin Interact with the Puppet plugin system.
queue Deprecated queuing daemon for asynchronous storeconfigs
report Create, display, and submit reports.
resource The resource abstraction layer shell
resource_type View classes, defined resource types, and nodes from all manifests.
secret_agent Mimics puppet agent.
status View puppet server status.
See 'puppet help ' for help on a specific subcommand action.
See 'puppet help ' for help on a specific subcommand.
二.核心资源的简单使用
资源申报(resource declaration)的语法:
type {'title':
attribute => value,
}
每一个资源都有一个资源类型,资源名称和属性值:
资源类型是一个没有引号的单词;
资源名称是一个字符串(在同一个类型中其必须惟一);
资源的属性和值要一一对应,且要满足:
属性名称是一个没有引号的小写单词;
一个 => 号;
一个值,可为任何类型,取决于属性需要;
一个逗号(注意:最后一个属性/值后的逗号是可选的);
详细信息参考官方文档:
这些资源定义在资源清单manifest中,文件以.pp为后缀,使用puppet apply XX.pp就可以直接应用了(先编译为catalog,然后在本地查询其状态,如果没问题就强制部署达成目标状态);
例如:
[root@bogon media]# vim test.pp
notify {'notice' :
message => "Welcome to my Linux",
}
[root@bogon media]# puppet apply test.pp
Notice: Compiled catalog for bogon in environment production in 0.57 seconds
Notice: Welcome to my Linux
Notice: /Stage[main]/Main/Notify[notice]/message: defined 'message' as 'Welcome to my Linux'
Notice: Finished catalog run in 0.10 seconds
1.package
常用参数(详细信息参考puppet describe package):
ensure:程序包的目标状态,可用值:present或installed,absent,purged,held,latest;
name:packages名称;
providers:软件包管理器,如yum apt等;
source:程序包文件路径,仅用于providers;
install_options:安装选项,常用的有INSTALLDIR表示安装路径;
例如:
[root@bogon media]# rpm -q vlock
package vlock is not installed
[root@bogon media]# vim test1.pp
package {'vlock' :
ensure => installed,
name => 'vlock',
}
[root@bogon media]# puppet apply test1.pp
Notice: Compiled catalog for bogon in environment production in 1.59 seconds
Notice: /Stage[main]/Main/Package[vlock]/ensure: created
Notice: Finished catalog run in 16.29 seconds
[root@bogon media]# rpm -q vlock
vlock-1.3-31.el6.x86_64
2.Service
常用参数(详细信息参考puppet describe service):
enable:服务是否开机启动,可用值有true,false和manual;
ensure:是否运行服务,可用值有stopped或false和running或true;
name:服务名称;
path:服务脚本路径;
start:定义启动命令;
例如:
[root@bogon media]# service httpd status
httpd 已停
[root@bogon media]# vim test2.pp
service {'httpd' :
ensure => running,
name => 'httpd',
}
[root@bogon media]# puppet apply test2.pp
Notice: Compiled catalog for bogon in environment production in 0.75 seconds
Notice: /Stage[main]/Main/Service[httpd]/ensure: ensure changed 'stopped' to 'running'
Notice: Finished catalog run in 1.06 seconds
[root@bogon media]# service httpd status
httpd (pid 29913) 正在运行...
3.file
功能:管理文件,目录,符号链接,生成文件内容,管理文件权限,属性等;
常用参数(详细信息参考puppet describe file):
ensure:目标状态,文件是否应该存在以及文件类型,可用值有present,absent,file,directory,link;
content:文件内容,和source及target来生成,但是三者相互独立;
target:创建符号链接的目标;
links:处理符号链接的动作,可用值有follow和manage;和content与source相互独立
path:文件路径,必须为绝对路径,且windows下包含驱动器的路径要使用/ 而不是\\;
mode:文件权限;
owner:文件属主;
group:文件属组;
force:强制删除,可用值有true,false,yes和no,如下三种情况必须使用force:
* `purge` subdirectories
* Replace directories with files or links
* Remove a directory when `ensure => absent`
recurse:目录递归,仅当ensure => directory时使用,可用值有true,false,inf和remote;
replace:已经存在的本地文件与source或content定义中的内容不同时是否替换,可用值有true,false,yes和no;
例如:
[root@bogon media]# ls
test1.pp test2.pp test.pp
[root@bogon media]# vim test3.pp
file {'a.txt' :
ensure => present,
path => '/media/a.txt',
content => 'Hello,puppet',
}
file {'b.txt' :
ensure => present,
target => '/etc/shadow',
path => '/media/b.txt',
links => follow,
}
[root@bogon media]# puppet apply test3.pp
Notice: Compiled catalog for bogon in environment production in 0.77 seconds
Notice: /Stage[main]/Main/File[b.txt]/ensure: created
Notice: Finished catalog run in 0.13 seconds
[root@bogon media]# puppet apply test3.pp
Notice: Compiled catalog for bogon in environment production in 0.77 seconds
Notice: /Stage[main]/Main/File[b.txt]/target: target changed 'notlink' to '/etc/shadow'
Notice: Finished catalog run in 0.15 seconds
[root@bogon media]# ll | grep .txt
-rw-r--r-- 1 root root 12 6月 19 23:43 a.txt
lrwxrwxrwx 1 root root 11 6月 19 23:51 b.txt -> /etc/shadow
4.exec
常用参数(详细信息参考puppet describe exec):
command:要执行的命令,必须为绝对路径或提供命令的搜索路径;
group:执行命令的属组;
user:执行命令的属主;
path:命令搜索路径;
onlyif:仅在命令返回值为0时才执行;
tries:执行命令的尝试次数,默认为1;
try_sleep:多次尝试之间的时间间隔;
refreshonly:仅当依赖的资源发生改变时才执行命令;
例如:
[root@bogon media]# ls
test1.pp test2.pp test3.pp test.pp
[root@bogon media]# vim test4.pp
exec {'wget' :
command => 'wget ',
path => '/usr/bin/',
}
[root@bogon media]# puppet apply test4.pp
Notice: Compiled catalog for bogon in environment production in 0.64 seconds
Notice: /Stage[main]/Main/Exec[curl]/returns: executed successfully
Notice: Finished catalog run in 5.52 seconds
[root@bogon media]# ls
puppetlabs-release-6-12.noarch.rpm test1.pp test2.pp test3.pp test4.pp test.pp
4.group
常用参数(详细信息参考puppet describe group):
ensure:创建或删除group,可用值有present和absent;
gid:GID;
name:group名称;
system:是否将较低GID组设为系统组,可用值有true,false,yes和no;
例如:
[root@bogon media]# cat /etc/group | grep testgroup
[root@bogon media]# vim test8.pp
group { 'testgroup' :
ensure =>present,
name => testgroup,
gid => 1234,
}
[root@bogon media]# puppet apply test8.pp
Notice: Compiled catalog for bogon in environment production in 0.69 seconds
Notice: /Stage[main]/Main/Group[testgroup]/ensure: created
Notice: Finished catalog run in 0.21 seconds
[root@bogon media]# cat /etc/group | grep testgroup
testgroup:x:1234:
5.user
常用参数(详细信息参考puppet describe user):
ensure:用户的基本状态,可用住有present,absent和role;
gid:用户的基本组,可为数字或名称;
groups:用户所属组;
home:用户家目录;
name:用户名;
password:用户的密码;
uid:UID;
shell:用户的登录shell;
managehome:创建用户时是否创建其家目录,可用值有true和false,默认为false;
例如:
[root@bogon media]# openssl passwd -1 -salt `openssl rand -hex 4 ` #创建用户密码
Password:
$1$aeb3af8c$x/UtlWn4uTJIQNUtoVSzq1
[root@bogon media]# cat /etc/passwd | grep testuser
[root@bogon media]# vim test8.pp
group { 'testgroup' :
ensure =>present,
name => testgroup,
gid => 1234,
} ->
user { 'testuser' :
ensure => present,
name => 'testuser',
gid => 1234,
uid => 1234,
home => '/home/testuser',
managehome => true,
shell => '/bin/tcsh',
password => '$1$aeb3af8c$x/UtlWn4uTJIQNUtoVSzq1',
}
[root@bogon media]# puppet apply test8.pp
Notice: Compiled catalog for bogon in environment production in 1.19 seconds
Notice: /Stage[main]/Main/User[testuser]/ensure: created
Notice: Finished catalog run in 0.30 seconds
[root@bogon media]# cat /etc/shadow | grep testuser
testuser:$1$aeb3af8c$x/UtlWn4uTJIQNUtoVSzq1:16971:0:99999:7:::
6.cron
常用参数(详细信息参考puppet describe cron):
ensure:资源状态,可用值有present和absent;
environment:运行时的环境变量;
command:cron任务要执行的命令;
hour:cron任务执行时的小时;
minute:cron任务执行时的分;
month:月,可选项,值必须为1-12;
monthday:天,可选项,值必须为1-31;
weekday:周几,可选项,值必须为0-7(0或7表示Sunday)或名称(如Tuesday);
name:cron任务名称;
user:运行时的用户,默认为root;
注意:hour => [2,4]表示2点和4点,hour => [2-4]表示2点到4点;
7.notify
用于调试输出
常用参数(详细信息参考puppet describe notify):
message:发送到日志的消息;
name:消息名称;
withpath:是否显示对象的全路径,可用值有true和false,默认为false;
三.资源的特殊属性—元参数
1.资源间的次序
puppet提供了before,require,notify和subscribe四个元参数来定义资源间的相关性,这四个元参数都以另外的其他资源或资源数组作为其值,这也称作资源引用。
资源引用格式:
Type ['title'] #资源类型的首字母要大写
1.1用于定义资源间的依赖关系,从而也定义了资源应用时的次序
before:在目标资源引用前应用(该资源先应用);
require:在目标资源引用后应用(该资源后应用);
例如:
[root@bogon media]# service nginx status
nginx: 未被识别的服务
[root@bogon media]# vim test5.pp
service { 'nginx' :
ensure => running,
name => 'nginx',
require => Package ['nginxp']
}
package { 'nginxp':
ensure => installed,
name => nginx,
}
[root@bogon media]# puppet apply test5.pp #Nginx之前安装好了,但是80端口被httpd占用了,所以又运行了一次
Notice: Compiled catalog for bogon in environment production in 2.23 seconds
Notice: /Stage[main]/Main/Service[nginx]/ensure: ensure changed 'stopped' to 'running'
Notice: Finished catalog run in 2.39 seconds
[root@bogon media]# service nginx status
nginx (pid 33263) 正在运行...
在service中使用require和在package中使用before是一样的;
1.2除了具有相当于before和require元参数的依赖性定义功能外,还具备额外的通知功能
notify:先应用该资源,然后将该资源应用结果的变动通知给notify的资源,当其收到该变动后refresh;
subscribe:当被订阅的目标资源发生变动时,订阅资源再refresh;
例如:
[root@bogon media]# cat test6.pp
file { 'a.txt':
ensure => present,
path => '/media/a.txt',
content => 'Hello,my puppet',
}
exec { 'monitor':
command => 'echo "file changed" >> /media/monitor.txt ',
path => '/bin',
refreshonly => true,
subscribe => File ['a.txt'],
}
[root@bogon media]# puppet apply -v test6.pp
Notice: Compiled catalog for bogon in environment production in 0.84 seconds
Info: Applying configuration version '1466359622'
Notice: /Stage[main]/Main/File[a.txt]/ensure: created
Info: /Stage[main]/Main/File[a.txt]: Scheduling refresh of Exec[monitor]
Notice: /Stage[main]/Main/Exec[monitor]: Triggered 'refresh' from 1 events
Notice: Finished catalog run in 0.30 seconds
[root@bogon media]# cat monitor.txt
file changed
在exec中使用subscribe和在file中使用notify是一样的;
2.资源间的应用次序链
->用于定义次序链;
~>用于定义通知链;
使用方式:Package ['ntp'] -> File ['/etc/ntp.conf'] ~> Service ['ntpd']
例如:
[root@bogon media]# vim test7.pp
package { 'httpd':
ensure => installed,
name => 'httpd',
} ->
file { 'httpd.conf':
ensure => file,
path => '/etc/httpd/conf/httpd.conf',
} ~>
service { 'httpd':
ensure => running,
name => 'httpd',
}
[root@bogon media]# puppet apply -v test7.pp
Notice: Compiled catalog for bogon in environment production in 2.43 seconds
Info: Applying configuration version '1466361069'
Notice: /Stage[main]/Main/Service[httpd]/ensure: ensure changed 'stopped' to 'running'
Info: /Stage[main]/Main/Service[httpd]: Unscheduling refresh on Service[httpd]
Notice: Finished catalog run in 2.57 seconds
[root@bogon media]# service httpd status
httpd (pid 34685) 正在运行...
如果有误,请参考官方文档具体配置;
阅读(931) | 评论(0) | 转发(0) |
