本文共 10242 字,大约阅读时间需要 34 分钟。
安装puppet
目前官方最新版本为Puppet v3.6.2
[root@node3 ~]# rpm -qlpuppet
package puppet is not installed
安装puppet,如果想使用yum安装,必须配置epel源
[root@node3 ~]# wgethttp://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm
[root@node3 ~]#rpm -ivh puppetlabs-release-el-6.noarch.rpm
[root@node3 ~]#yuminstall puppet -y
取消warning警告信息
[root@node3 ~]# for s in manifest modulepath templatedirmanifestdir ;do grep "^ $s =" /etc/puppet/puppet.conf;sed -i -e "/^ $s = /s/^/#/" /etc/puppet/puppet.conf;done
常用资源类型
[root@node3 ~]# puppet describe -l
可看到puppet列出N多资源类型
这里我们常用资源类型有:
notify
group,user
package
file
service
yum repo
mount
cron
exec
定义简单notify
使用 puppetdescribe notify 来查看notify的各类属性
[root@node3 ~]# puppet describe notify
notify
======
Sends an arbitrary message to the agent run-time log.
Parameters
----------
- **message**
The message to be sentto the log.
- **name**
An arbitrary tag foryour own reference; the name of the message.
- **withpath**
Whether to show thefull object path. Defaults to false.
Valid values are`true`, `false`.
对于puppet来讲 其数据类型有很多,比如字符串或数值等等
所有字符串都需要用引号引起来
如下所示,我们定义
[root@node3 puppet_test]# pwd
/root/puppet_test
Puppet的脚本都是以pp结尾,下面我们来定义一个notify类型,属性为message
notify {'notice': #名称为notice,这里可以随意命名
message =>"hello world", #message为显示信息为hello world
}
执行脚本
[root@node3 puppet_test]# puppet apply test1.pp
Notice: Compiled catalog for node3.test.com in environmentproduction in 0.06 seconds
Notice: hello world
Notice: /Stage[main]/Main/Notify[notice]/message: defined'message' as 'hello world' #定义了信息为'hello world'
Notice: Finished catalog run in 0.03 seconds #执行脚本过程用了多长时间
使用package资源为本机安装软件
这里要使用package资源进行定义
[root@node3 puppet_test]# puppet describe package
可以看到官方给出的例子:
对于package通常隐含的是报名
package { $ssl: #指定包名,通常包名是通过变量引用的
ensure => installed, #执行安装操作
alias => openssl
}
在定义一个包或其他资源的时候,绝大部分资源都有特殊属性叫做ensure
ensure的常见属性
ensure大概属性有
installed 必须安装
absent 卸载
purged
latest 要安装并且最新版本
以httpd为例,我们想让其强制安装httpd,如下所示
package {'httpd':
ensure =>installed,
}
执行脚本
[root@node3 puppet_test]# rpm -q httpd
package httpd is not installed
[root@node3 puppet_test]# puppet apply test2.pp
Notice: Compiled catalog for node3.test.com in environmentproduction in 0.84 seconds
Notice: /Stage[main]/Main/Package[httpd]/ensure: created
Notice: Finished catalog run in 4.63 seconds #已经在此时间内完成
[root@node3 puppet_test]# !rpm
rpm -q httpd
httpd-2.2.15-31.el6.centos.x86_64
使用service资源类型使用服务自动启动
puppet describe service
注意的是资源名称比较独特,同类资源不能重名,但是跨类型可以重名的
package {'httpd':
ensure => installed,
}
service {'httpd':
ensure => running,
}
执行脚本
[root@node3 puppet_test]# puppet apply test3.pp
Notice: Compiled catalog for node3.test.com in environment production in1.05 seconds
Notice: /Stage[main]/Main/Service[httpd]/ensure: ensure changed 'stopped'to 'running'
Notice: Finished catalog run in 0.78 seconds
[root@node3 ~]# /etc/init.d/httpd status
httpd (pid 21015) is running...
说明service依赖于package,因此需要定义资源的依赖关系
资源引用
类型 ['资源名称']
在引用类型时,类型的第一个字母必须大写
在资源类型中有种特殊属性是用来定义资源间依赖关系的
一般来讲定义资源属性有以下两个引用关系:
before => #在引用其他资源,其本身资源必须先完成,优先级最高
require => #需要before执行完后再执行此资源
例,执行package的时候必须依赖于Service[httpd]的资源,安装httpd的时候,必须在httpd启动之前执行
package {'httpd':
ensure => installed,
before => Service ['httpd'],
}
表示服务启动之前必须确保httpd已经应用了,这两者方式比较相近,但是还是不一样的
一般来讲,require比较常用
如下所示
我们将httpd写在,并再次执行test3
root@node3 puppet_test]# rpm -e httpd
[root@node3 puppet_test]# puppet apply test3.pp
Notice: Compiled catalog for node3.test.com in environment production in1.03 seconds
Error: Could not start Service[httpd]: Execution of '/sbin/service httpdstart' returned 1: httpd: unrecognized service
Wrapped exception:
Execution of '/sbin/service httpd start' returned 1: httpd: unrecognizedservice
Error: /Stage[main]/Main/Service[httpd]/ensure: changefrom stopped to running failed: Could not start Service[httpd]: Execution of'/sbin/service httpd start' returned 1: httpd: unrecognized service
Notice: /Stage[main]/Main/Package[httpd]/ensure: created
Notice: Finished catalog run in 8.00 seconds
查看其httpd状态
[root@node3 puppet_test]# /etc/init.d/httpd status
httpd is stopped
再次执行脚本
[root@node3 puppet_test]# puppet apply test3.pp
Notice: Compiled catalog for node3.test.com in environment production in1.02 seconds
Notice: /Stage[main]/Main/Service[httpd]/ensure: ensure changed 'stopped'to 'running'
Notice: Finished catalog run in 0.75 seconds
再次查看httpd状态
[root@node3 puppet_test]# !/etc
/etc/init.d/httpd status
httpd (pid 26956) is running...
由此我们可以得到结论,如果不定义其资源引用可能会导致某个资源一次性执行不成功或其他错误
定义资源引用
[root@node3 puppet_test]# cat test4.pp
package {'httpd':
allow_virtual => false,
ensure => installed,
}
service {'httpd':
require =>Package['httpd'], #资源名的第一个字母一定要大写
ensure => true,
}
[root@node3 puppet_test]# rpm -e httpd
[root@node3 puppet_test]# puppet apply test4.pp
Notice: Compiled catalog for node3.test.com in environment production in1.05 seconds
Notice: /Stage[main]/Main/Package[httpd]/ensure: created
Notice: /Stage[main]/Main/Service[httpd]/ensure: ensure changed 'stopped'to 'running'
Notice: Finished catalog run in 7.81 seconds
可以看到没有任何报错
用户资源定义方式
数据类型的定义:
字符型:直接字符串
数组:['element1','element2'] 一旦有多个元素 直接用中括号括起来即可
group组
[root@node3 ~]# puppet describe group
- **ensure**
Create or remove the group.
Valid values are `present`, `absent`.
- **gid**
The group ID. Must be specified numerically. Ifno group ID is
创建用户组名为hello_puppet gid为1001
group {'hello_puppet': #组名为hello_puppet
ensure => present, #present表示创建
gid => 1101, #其gid为1001
}
执行脚本
[root@node3 puppet_test]# puppet apply test5.pp
Notice: Compiled catalog for node3.test.com in environment production in0.19 seconds
Notice: /Stage[main]/Main/Group[hello_puppet]/ensure: created
Notice: Finished catalog run in 0.22 seconds
如果不定义组名的话默认就为hello_puppet
[root@node3 puppet_test]# tail -1 /etc/group
hello_puppet:x:1101:
用户管理
我们将用户加入到某个组里面并且指定某个特定组,那么这个组必须实现存在的
我们可以自定义
[root@node3 puppet_test]# puppetdescribe user
gid 指定组
groups 指定附加组 ,事先必须存在
home 事先定义家目录,但是不会创建
system 小于500则认为系统组
password 将加密后的加密串定义此处即可,如果存在$符则需要单引号引起来
定义如下
group {'hello':
ensure => present,
gid => 1001,
}
user {'hello':
gid => 1001,
uid => 1001,
home => '/home/hello', #指定家目录
managehome => true, #创建检目录
ensure => present, #定义ensure
require => Group['hello'], #依赖于group资源
}
为用户创建密码
[root@node3 home]# openssl passwd -1 -salt `openssl rand -hex 4`
Password:
$1$68d9f426$pRK5U9Q1oq.JXAlYR40rv.
将字符串复制进脚本
[root@node3 puppet_test]# cat c.pp
group {'hello':
ensure => present,
gid => 1001,
}
user {'hello':
gid => 1001,
uid => 1001,
home => '/home/hello',
managehome => true,
password =>'$1$68d9f426$pRK5U9Q1oq.JXAlYR40rv.',
ensure => present,
require => Group['hello'],
}
应用脚本查看shadow
[root@node3 puppet_test]# tail -2 /etc/shadow
apache:!!:16295::::::
hello:$1$68d9f426$pRK5U9Q1oq.JXAlYR40rv.:16300:0:99999:7:::
定义file资源
[root@node3 puppet_test]# puppet describefile
- **content**
#一般来跟source结合使用,明确指定源文件,所以必须提供源文件才可以
在资源属性中,所有标记为namevar的,如果不指相当于title
#source既可以是uri 也可以是绝对路径
- **target** #在创建链接的时候表明要链接到某个地方去
创建文件目录
[root@node3 /]# mkdir -pv /backup/httpd/conf/
[root@node3 /]# cp/etc/httpd/conf/httpd.conf /backup/httpd/conf/
查看文件权限
权限为644,我们待会将权限改为640
[root@node3 /]# ll /etc/httpd/conf/httpd.conf
-rw-r--r-- 1 root root 34418 Aug 25 14:48 /etc/httpd/conf/httpd.conf
定义脚本如下所示:
file {'/etc/httpd/conf/httpd.conf':
ensure => file, #类型
source =>'/backup/httpd/conf/httpd.conf', #明确指定源文件,所以必须提供源文件才可以
mode => 0640, #定义文件的权限为640
owner => root, #定义文件属主属组
group => root,
}
[root@node3 /]# puppet apply test7.pp
Notice: Compiled catalog for node3.test.com in environment production in0.15 seconds
Notice: /Stage[main]/Main/File[/etc/httpd/conf/httpd.conf]/mode: modechanged '0644' to '0640' #模式以及将文件从644改为640
Notice: Finished catalog run in 0.10 seconds
查看文件
[root@node3 puppet_test]# ll /etc/httpd/conf/httpd.conf
-rw-r----- 1 root root 34418 Jul 18 14:27 /etc/httpd/conf/httpd.conf
接下来我们修改其source=>源文件,其意为这个资源都以这个路径的文件为主
[root@node3 puppet_test]# echo "#test" >> /backup/httpd/conf/httpd.conf
[root@node3 puppet_test]# puppet apply test7.pp
Notice: Compiled catalog for node3.test.com in environment production in0.15 seconds
Notice: /Stage[main]/Main/File[/etc/httpd/conf/httpd.conf]/content:content changed '{md5}ecb2c5ae38be79965201c85ed0d079d3' to '{md5}4c8be4a6309fa6913aa8d1afd89b2052' #检测到资源发生变化
Notice: Finished catalog run in 0.11 seconds
查看配置文件的变化
[root@node3 puppet_test]# tail -1 /etc/httpd/conf/httpd.conf
#test
使用exec资源执行系统命令
比如我们自定编译安装了某个服务,那么这个服务是通过编译方式安装的,那么我们通过下载之后放在本机,很有可能脚本文件不存在,于是通过file拷贝了一个脚本文件而且具备执行权限,为了让其开机自动启动则需要chkconfig
一般定义command的时候为了避免环境变量出错,通常需要path定义环境变量
exec {'test':
path =>'/bin:/sbin:/usr/bin:/usr/sbin', #指定环境变量
command => 'cp /etc/fstab/tmp/',
user => root,
group => root,
}
[root@node3 puppet_test]# puppet apply test8.pp
[root@node3 puppet_test]# ll /tmp/fstab
-rw-r--r-- 1 root root 805 Aug 25 15:20 /tmp/fstab
将某个服务加到启动列表里则:
command => 'chkconfig --add service;chkconfigservice on',
因为不能在同一资源里定义多个类型的,所以要用;号隔开
Puppet其他两个资源引用
我们之前提到了以下两个资源引用
before
require
接下来说其他两个资源引用
notify #表示执行成功后进行通知,让用户手动去重载
subscribe #与上面一致,不过定义在资源后
例:
使用notify定义在前资 源中
文件改变后需通知资源
file {'/etc/httpd/conf/httpd.conf':
ensure => file,
source =>'/backup/httpd/conf/httpd.conf',
mode => 0644 ,
owner => root,
group => root,
notify=> Service['httpd'],
}
service {'httpd':
ensure => running,
}
subscribe 订阅,生成新的版本则立即发送给其他资源
例:
service {'httpd':
#ensure => running,
subscribe => File['/etc/httpd/conf/httpd.conf'],
}
执行脚本
[root@node3 puppet_test]# puppet apply c.pp
Notice: Compiled catalog for node3 in environment production in 0.29 seconds
Notice: /Stage[main]/Main/File[/etc/httpd/conf/httpd.conf]/content: contentchanged '{md5}734f81ed80fe96290296188fe5a6809b' to'{md5}c0c8a3f51c5f91e31b1b0564a364845a'
Notice: /Stage[main]/Main/File[/etc/httpd/conf/httpd.conf]/mode: mode changed'0640' to '0644'
Notice: /Stage[main]/Main/Service[httpd]: Triggered 'refresh' from 2 events #重新刷新了服务的状态
Notice: Finished catalog run in 1.54 seconds
[root@node3 puppet_test]# ps -ef | grep httpd
root 30153 1 0 14:02 ? 00:00:00 /usr/sbin/httpd
apache 30155 30153 0 14:02 ? 00:00:00 /usr/sbin/httpd
很多时候,资源间是连续依赖的,我们可以将其按次序链进行定义
-> 用来定义次序链
~> 用来定义通知链
从左往右的顺序,如下所示:
Package['ntp'] -> File['/etc/httpd/conf/httpd.conf']~> Service['ntp']
首先安装ntp 再执行File ,如果Package无法执行那么后续的则无法进行
说明第二个依赖于第一个
本文转自zuzhou 51CTO博客,原文链接:http://blog.51cto.com/yijiu/1544725
转载地址:http://chsfa.baihongyu.com/