puppet成长日记一 file资源详细介绍及案例分析
puppet成长日记一 file资源详细介绍及案例分析一、系统环境
1、puppet服务端
Release:RHEL6.4
HOSTNAME: puppetserver.rsyslog.org
TCP/IP: 172.16.200.100/24
Packages:
puppet-server-2.7.21-1.el6.noarch
mcollective-client-2.2.4
activemq-5.5.0
2、puppet节点
Release: RHEL5.8
HOSTNAME: agent1.rsyslog.org
TCP/IP: 172.16.200.101/24
Packages:
puppet-2.7.21-1.el5
mcollective-2.2.4-1.el5
3、puppet节点
Release: RHEL6.4
HOSTNAME: agent3.rsyslog.org
TCP/IP: 172.16.200.103/24
Packages:
puppet-2.7.21-1.el6
mcollective-2.2.4-1.el6
二、资源介绍
1、实现功能
1.1、支持文件和目录
1.2、设置文件及目录的所有者及权限
1.3、恢复文件(包括文件的内容、权限及所有者)
1.4、清理目录以及子目录
2、支持参数
2.1 ensure => {present|absent|directory|file|link}, 指定文件的目标状态
=> present, 检查文件是否存在,不存在则新建之
=> absent, 检查文件是否存在,存在则删除之
=> directory, 指定这是一个目录,不存在则创建
2.2 owner|user => root, 所属用户,也可以用UID
2.3 group => puppet, 所属用户组,也可以用GID
2.4 mode => 0644, 权限属性,四位八进制数
2.5 source => "puppet:///modules/ssh/etc/ssh/sshd_config" | soure => "/etc/passwd" 文件获取地址,以puppet:///开头为从master下载,正常路径则在agent本地读取
备注:"puppet://"等价于主配置文件puppet.config中的modulepath值
2.6 path => "/etc/postfix/main.cf",文件完整路径。默认与title相同可不写
eg.
file { "main.cf":
path => "/etc/postfix/main.cf",
2.7 content => "hello",|content => template("postfix/main.cf.erb"),文件的具体内容,亦可由erb模板生成,选择这个可不写资源source
2.8 backup => 'main',| backup => ".$backup_date.bak", 节点更新之前上一个版本备份方式;backup => 'main',需要结合资源filebucket实现
2.9 recurse => '{true|false|inf|remote}', 对目录是(true)否(false)递归(ensure => directory时有效)
2.10 puppet依赖关系资源有三个,分别为require,before,after
require =>> before在某个资源之前执行
package { "openssh-server":
...
before => File["/etc/ssh/sshd_config"],
}
after 在某个资源之后执行
file {"/etc/ssh/sshd_config":
...
after => Package["openssh-server"],
}
2.11 puppet触发更新有两个,分别为notify,subscribe,写的位置不同。
notify {"operatingsystem is $operatingsystem":将输出内容记录到日志里面,可在调试的时候查看。
withpath => true|false,#是否打印全路径
}
notify =>>
subscribe =>> 2.12 link软连接设置 /etc/file2 -> /etc/passwd
file{ "/etc/file2":
...
ensure => link,
target => "/etc/passwd",
}
2.13 purge => true清理目录下面没有被资源被管理的文件都会被清除
force => true 和purge => true配合使用才能删除目录,mode => 0700保证具有删除权限
ignore => file|directory, 忽略某一个目录或者文件做任何操作
三、资源示例
1、示例一
1.1 实现功能
*要求从服务器指定路径下载motd文件
*要求文件权限为700,属组和属主都为puppet
*要求setup包在motd文件下载之前被安装
1.2 配置说明
class motd::motd {
package{ setup:
ensure => present,
}
file{ "/etc/motd":
owner => "puppet",
group => "puppet",
mode => 0700,
source => "puppet://$puppetserver/modules/motd/etc/motd",
require => Package["setup"],
}
1.3 客户端agent1上测试
# puppet agent --test
info: Caching catalog for agent1.rsyslog.org
info: Applying configuration version '1378193573'
notice: /File/ensure: defined content as '{md5}0acb622c16dbdecb670d8920d96bdd30'
notice: Finished catalog run in 0.41 seconds
# ll /etc/motd
-rwx------ 1 puppet puppet 82 Sep3 15:33 /etc/motd
2、示例二
2.1 实现功能
*在节点上创建/etc/passwd的软连接为/etc/file2
2.2 配置说明
class motd::file2 {
file{ "/etc/file2":
owner => "puppet",
group => "puppet",
ensure => link,
target => "/etc/passwd",
}
}
2.3 客户端agent1上测试
# puppet agent --test
info: Caching catalog for agent1.rsyslog.org
info: Applying configuration version '1378194373'
notice: /File/ensure: created
notice: Finished catalog run in 0.07 seconds
# ll /etc/file2
lrwxrwxrwx 1 puppet puppet 11 Sep3 15:46 /etc/file2 -> /etc/passwd
3、示例三
3.1 实现功能
*在节点上创建/etc/dir1目录
*要求目录下面除了dir2外的所有目录及文件的权限为0700,所有者为puppet
*要求每次更新将"This is dir1!"写入日志里面
3.2 配置说明
class motd::dir1 {
file{ "/etc/dir1":
owner => "puppet",
group => "puppet",
mode => 0700,
ensure => directory,
recurse => true,
purge => true,
force => true,
ignore => "dir2",
}
notify { "This is dir1!":
# withpath => true,
}
}
3.3 客户端agent1上测试
# puppet agent --test
info: Caching catalog for agent1.rsyslog.org
info: Applying configuration version '1378195554'
notice: This is dir1!
notice: /Stage/Motd::Dir1/Notify/message: defined 'message' as 'This is dir1!'
notice: /File/owner: owner changed 'root' to 'puppet'
notice: /File/group: group changed 'root' to 'puppet'
notice: /File/mode: mode changed '0755' to '0700'
notice: /File/seluser: seluser changed 'root' to 'system_u'
notice: /File/owner: owner changed 'root' to 'puppet'
notice: /File/group: group changed 'root' to 'puppet'
notice: /File/mode: mode changed '0644' to '0700'
notice: /File/seluser: seluser changed 'root' to 'system_u'
notice: Finished catalog run in 0.11 seconds
#
#
# ll /etc/dir1/
total 16
drwxrwxrwx 2 puppet puppet 4096 Sep3 16:00 dir2
drwx------ 2 puppet puppet 4096 Sep3 16:06 dir3
4、示例四
4.1 实现功能
*在节点上创建/etc/dir2目录,权限为0700,所有者为puppet
*要求目录下面只允许有dir1目录,并且dir1目录及下一级目录或文件权限属性保持原有不变
4.2 配置说明
class motd::dir2 {
file{ "/etc/dir2":
owner => "puppet",
group => "puppet",
mode => 0700,
ensure => directory,
recurse => true,
purge => true,
force => true,
ignore => "dir1",
}
}
4.3 客户端agent1上测试
# puppet agent --test
info: Retrieving plugin
info: Loading facts in /var/lib/puppet/lib/facter/my_apply2.rb
info: Loading facts in /var/lib/puppet/lib/facter/my_apply1.rb
info: Loading facts in /var/lib/puppet/lib/facter/my_apply3.rb
info: Loading facts in /var/lib/puppet/lib/facter/backup_date.rb
info: Caching catalog for agent1.rsyslog.org
info: Applying configuration version '1378195951'
notice: /File/ensure: created
notice: Finished catalog run in 0.05 seconds
# mkdir /etc/dir2/dir1
# mkdir /etc/dir2/dir2
# touch /etc/dir2/dir1/file1
# touch /etc/dir2/dir2/file2
# puppet agent --test
info: Retrieving plugin
info: Loading facts in /var/lib/puppet/lib/facter/my_apply2.rb
info: Loading facts in /var/lib/puppet/lib/facter/my_apply1.rb
info: Loading facts in /var/lib/puppet/lib/facter/my_apply3.rb
info: Loading facts in /var/lib/puppet/lib/facter/backup_date.rb
info: Caching catalog for agent1.rsyslog.org
info: Applying configuration version '1378195951'
info: /File: Recursively backing up to filebucket
info: FileBucket adding {md5}d41d8cd98f00b204e9800998ecf8427e
info: /File: Filebucketed /etc/dir2/dir2/file2 to puppet with sum d41d8cd98f00b204e9800998ecf8427e
notice: /File/ensure: removed
notice: Finished catalog run in 0.09 seconds
# ll /etc/dir2/
total 8
drwxr-xr-x 2 root root 4096 Sep3 16:13 dir1
#
欢迎puppet精英加入自动化运维管理群 296934942
页:
[1]