自动化运维工具puppet学习笔记之基础篇
[*]**************服务端安装软件******************
[*]shell#touch /etc/puppet/manifests/site.pp
[*]shell#cat /etc/hosts
[*] 192.168.1.254 nat.test.com
[*]shell#/etc/init.d/puppetmaster start
[*]shell#puppet cert --sign test.test.com
[*]签发证书,需要为每一个域名单独签发
[*]
[*]**************客户端配置服务******************
[*]shell#cat /etc/hosts
[*]192.168.1.254 nat.test.com
[*]127.0.0.1 test.test.com
[*]shell#echo"server = nat.test.com" >>/etc/puppet/puppet.conf
[*]shell#puppet agent --no-daemonize --verbose
[*]
[*]服务端文件
[*]vim /etc/puppet/manifests/site.pp
[*]node default{
[*]file {"/tmp/a.txt":
[*] content => "test\n",
[*] ensure=> present,
[*] backup=> ".bak",
[*] mode => 500,
[*] owner => root,
[*] group => www,
[*] }
[*]}
[*]
[*]
[*]*********************客户端测试****************************
[*]puppet agent --verbose--test
[*]
[*]*********************服务端创建模块**************************
[*]shell#mkdir /etc/puppet/modules/snmpd/{files,manifests,templates} -p
[*]shell#vim/etc/puppet/modules/snmpd/manifests
[*]######################################################################################################################
[*]class snmpd {
[*] service {
[*] "snmpd":
[*] enable => "true",
[*] ensure => "running",
[*] require => File["snmpd.conf"],
[*] subscribe => File["snmpd.conf"],
[*] name => $operatingsystem ? {
[*] default => "snmpd",
[*] },
[*] }
[*]
[*] package {
[*] "net-snmp":
[*] ensure => present,
[*] name => $operatingsystem ? {
[*] debian => "snmpd",
[*] ubuntu => "snmpd",
[*] default => "net-snmp",
[*] },
[*] }
[*]
[*] file {
[*] "snmpd.conf":
[*]# owner=> root,
[*]# group=> root,
[*]# mode => 644,
[*] require => Package["net-snmp"],
[*] path => $operatingsystem ?{
[*] default => "/etc/snmp/snmpd.conf",
[*] },
[*] }
[*]
[*]}
[*]#####################################################################################################
[*]
[*]vim /etc/puppet/manifests/site.pp
[*]node default{
[*]file {"/tmp/a.txt":
[*] content => "This is a test file date\n",
[*] ensure=> present,
[*] backup=> ".back",
[*] mode => 500,
[*] owner => root,
[*] group => www,
[*] }
[*]}
[*]node 'test.test.com' {
[*]file {"/tmp/b.txt":
[*] content => "This is a test file\n",
[*] ensure=> present,
[*] backup=> ".back",
[*] mode => 500,
[*] owner => root,
[*] group => root,
[*] }
[*]include snmpd#包含创建的类
[*]}
[*] http://docs.puppetlabs.com/guides/types/service.html 原文地址
[*]service管理系统运行的服务进程,不幸的是不同的系统管理服务的方式是多样的. 有些系统上面对于服务管理很简单,有些系统提供复杂的强大的服务管理功能.puppet提供最基本的服务管理,你也可以指定provider,使用一些特性.
[*]注意,当一个服务从另一个资源收到一个事件,服务会重启,例如配置文件修改,可以要求相应的服务重启.不同的平台重启命令不同,你也可以手工指定重启服务的命令.
[*]特性
[*]controllable provider 提供control 变量
[*]enableable provider 可以enable和disable服务
[*]refreshable provider 可以重启服务
[*]例子service { "ssh": ensure => running; "nfs": ensure => stopped; }
[*]参数binary
[*]运行服务的命令的路径, 只用于不支持init的操作系统, 如果没有指定启动脚本,就用这个命令来启动服务.
[*]enable
[*]服务在开机的时候是否启动,可以设置的值是true和false,需要provider支持enableable
[*]ensure
[*]是否运行服务, running表示运行服务,stopped 表示停止服务
[*]hasrestart
[*]指出管理脚本是否支持restart参数,如果不支持,就用stop和start实现restart效果. 可以设置的值是true 或 false
[*]hasstatus
[*]指出管理脚本是否支持status参数,puppet用status参数来判断服务是否已经在运行了,如果不支持status参数,puppet利用查找运行进程列表里面是否有服务名来判断服务是否在运行. 可以设置的值是true或false
[*]name
[*]该资源的namevar, 服务的名字,通常就是在/etc/init.d/目录下的名字
[*]path
[*]启动脚本的搜索路径,可以用冒号分割多个路径,或者用数组指定.
[*]pattern
[*]设置搜索进程列表的匹配字符串,用于不支持init脚本的系统.当要停止一个服务的时候,通过查看进程运行列表来判断.
[*]provider
[*]puppet提供下面的provider(只列出常见的系统)
[*]debian debian系统的init模式的管理脚本,支持 enableable, refreshable.
[*]freebsd init模式,支持enableable, refreshable.
[*]init 标准的init模式,支持refreshable
[*]redhat redhat的init模式,支持enableable, refreshable.
[*]smf solaris新的服务管理框架,支持enableable, refreshable
[*]restart
[*]指定重启脚本,否则就先停止该服务再启动该服务
[*]start
[*]指定启动服务的命令,通常init模式的管理脚本都支持,不需要手工指定
[*]status
[*]指定status命令,如果不指定,就从进程列表查询该服务
[*]stop
[*]指定停止服务的脚本.
http://nocap.blog.163.com/blog/static/19052507420121030113615705/
[*]官方文档
[*]http://docs.puppetlabs.com/puppetdocs-latest.tar.gz
[*]http://www.puppetlabs.com/downloads/docs/puppet_labs_docs_pdfs.zip
[*]
[*]
[*]puppetcert sign mytestagent.example.com
[*]puppetcert sign --all
[*]puppetmaster--no-daemonize--verbose
[*]puppet--genconfig
[*]puppetagent --server myserver.example.com --waitforcert 60--test
[*]puppetmaster--configprint modulepath
[*]puppetconfigprint modulepath--modemaster
[*]
[*]auth.conf
[*]autosign.conf
[*]==========================================
[*]rebuilt.example.com
[*]*.scratch.example.com
[*]*.local
[*]==========================================
[*]
[*]device.conf
[*]==========================================
[*]
[*] type <type>
[*] url <url>
[*]
[*] type cisco
[*] url ssh://admin:password@ef03c87a.local
[*]
[*]
[*]fileserver.conf
[*]===========================================
[*]# Files inthe /path/to/filesdirectory will beserved
[*]# atpuppet:///mount_point/.
[*]
[*]path /path/to/files
[*]allow *.example.com
[*]deny *.wireless.example.com
[*]===========================================
[*]
[*]tagmail.conf
[*]require
[*]Setreport=trueon your agent nodes
[*]Setreports=tagmail
[*]Setthereportfromemail address and eitherthesmtpserverorsendmailsetting onthe puppet master
[*]Create atagmail.conffile atthelocation specifiedinthe tagmapsetting
[*]ocated at /etc/puppet/tagmail.confby default
[*]A comma-separatedlist oftags and!negatedtags;validtagsinclude:
[*]Explicittags
[*]Class names
[*]Puppet Documentation ? Configuring Puppet 40/411
[*]“ all ”
[*]Any valid Puppetloglevel( debug , info , notice , warning , err , alert , emerg , crit ,or
[*]verbose )
[*]A colon
[*]A comma-separatedlist of email addresses
[*]Thelist oftags on aline buildsthe set ofresources whose messages will beincludedinthe mailing;
[*]each additionaltag addstothe set,and each!negatedtag subtractsfromthe set.
[*]So, for example:
[*]==============================================================================================
[*]all: log-archive@example.com
[*]webserver,!mailserver: httpadmins@example.com
[*]emerg,crit: james@example.com,zach@example.com, ben@example.com
[*]==============================================================================================
[*]
[*]
[*]service { 'sshd':
[*]subscribe =>File['sshdconfig'],
[*]}
[*]
[*]
[*]
[*]
[*]
[*]
[*]
[*]
[*]definesvn_repo($path) {
[*]exec { "/usr/bin/svnadmincreate${path}/${title}":
[*]unless=>"/bin/test-d${path}",
[*]}
[*]}
[*]svn_repo { 'puppet_repo':path =>'/var/svn_puppet' }
[*]svn_repo { 'other_repo': path =>'/var/svn_other' }
[*]
[*]
[*]
[*]
[*]
[*]
[*]
[*]
[*]definesvn_repo($path) {
[*] exec { "create_repo_${name}":
[*] command =>"/usr/bin/svnadmincreate${path}/${title}",
[*] unless =>"/bin/test-d${path}",
[*]}
[*] if $require {
[*] Exec["create_repo_${name}"] {
[*] require +>$require,
[*]}
[*]}
[*]}
[*]svn_repo { 'puppet':
[*] path =>'/var/svn',
[*] Puppet Documentation ? Language Guide 50/411
[*] require =>Package['subversion'],
[*]}
[*]
[*]
[*]
[*]
[*]
[*]
[*]
[*]
[*]变量赋值
[*]$value= "${one}${two}"
[*]
[*]数组
[*]$foo =[ 'one', 'two', 'three' ]
[*]notice$foo
[*]将返回 two
[*]
[*]
[*]host { 'one.example.com':
[*] ensure =>present,
[*] alias=>[ 'satu','dua', 'tiga'],
[*] ip =>'192.168.100.1',
[*]}
[*]
[*]
[*]哈希
[*]$myhash ={ key1 => 'myval', key2 => $b}
[*]
[*] 访问hash元素
[*]$myhash ={ key=> { subkey => 'b' }}
[*]notice($myhash)
[*]
[*]节点赋不同的值
[*]=========================================================
[*]node a {
[*]$setting = 'this'
[*]include class_using_setting
[*]}
[*]node b {
[*]$setting = 'that'
[*]include class_using_setting
[*]}
[*]=========================================================
[*]
[*]
[*]calss的设置
[*]=========================================================================================
[*]$test = 'top'
[*]class myclass {
[*] exec { "/bin/echo${test}": logoutput =>true }
[*]}
[*]class other {
[*] $test = 'other'
[*] include myclass
[*]}
[*]include other
[*]===========================================================================================
[*]
[*]访问class里面的值
[*]========================================================
[*]class myclass {
[*]$test = 'content'
[*]}
[*]class anotherclass {
[*]$other= $myclass::test
[*]}
[*]========================================================
[*]
[*]给变量中的数组增加元素
[*]==========================================================================
[*]$ssh_users= [ 'myself', 'someone' ]
[*]class test {
[*] $ssh_users+=['someone_else']
[*]}
[*]===========================================================================
[*]
[*]这里的+=是给数组增加值
[*]
[*]
[*]
[*]
[*]变量选择相关
[*]
[*]
[*]file{ '/etc/config':
[*] owner => $operatingsystem ? {
[*] 'sunos' => 'adm',
[*] 'redhat'=> 'bin',
[*] default => undef,
[*] },
[*]}
[*]默认值为undef,
[*]
[*]
[*]
[*]$owner=$operatingsystem ? {
[*] /(redhat|debian)/=>'bin',
[*] default =>undef,
[*]}
[*]
[*]
[*]$system=$operatingsystem ? {
[*] /(redhat|debian)/ => "our systemis $1",
[*] default => "our systemis unknown",
[*]}
[*]
[*]这里的$1将会返回redhat或者debian
[*]$0将会返回整行
[*]
[*]
[*]
[*]case
[*]=====================================================================================================
[*]case $operatingsystem {
[*] 'sunos': { include solaris } # apply the solaris class
[*] 'redhat': { include redhat} # apply the redhatclass
[*] default: { include generic } # apply the generic class
[*]}
[*]====================================================================================================
[*]=======================================================================================================
[*]case $hostname {
[*]'jack','jill': {include hill } # apply the hill class
[*]'humpty','dumpty': {include wall } # apply the wall class
[*]default: {include generic } # apply the generic class
[*]}
[*]========================================================================================================
[*]如果v$hostname fact里面含有jack或者jill,那么将会includehill
[*]========================================================================================================
[*]case $hostname {
[*] /^j(ack|ill)$/: {includehill } # apply the hill class
[*] /^umpty$/:{includewall } # apply the wall class
[*] default: {include generic } # apply the generic class
[*]}
[*]===========================================================================================================
[*]case $hostname{
[*] /^j(ack|ill)$/: { notice("Welcome $1!") }
[*] default: { notice("Welcome stranger") }
[*]}
[*]===========================================================================================================
[*]
[*]if $variable {
[*] file { '/some/file': ensure=> present }
[*]}else {
[*] file { '/some/other/file': ensure=> present }
[*]}
[*]============================================================================================================
[*]
[*]if$server == 'mongrel' {
[*] include mongrel
[*]} elsif $server =='nginx' {
[*] include nginx
[*]} else {
[*] include thin
[*]}
[*]
[*]
[*]if$ram > 1024 {
[*] $maxclient = 500
[*]}
[*]
[*]=============================================================================================================
[*]
[*]if ( $processor_count > 2 ) and (($ram >= 16 * $gigabyte) or ( $disksize > 1000 )) {
[*] include for_big_irons
[*]} else {
[*] includefor_small_box
[*]}
[*]================================================================================================================
[*]unless$memorysize > 1024 {
[*]$maxclient= 500
[*]}
[*]================================================================================================================
[*]
[*]虚拟资源
[*]@user { 'luke': ensure=>present }
[*]User <|title ==luke |>
[*]realize User['luke']
[*]#将虚拟资源实例化
[*]
[*]
[*]class ssh {
[*]@@sshkey { $hostname:type =>dsa, key =>$sshdsakey}
[*]Sshkey<<| |>>
[*]}
[*]
[*]
[*]正则表达式
[*]
[*]
[*]安装module
[*]puppetmoduleinstall puppetlabs-apache --version 0.0.2
[*]puppetmodulelist
[*]puppetmodulesearchapache
[*]puppetmoduleuninstall puppetlabs-apache
[*]puppetmoduleupgrade puppetlabs-apache --version 0.0.3
[*]https://forge.puppetlabs.com
[*]
[*]
[*]当一个文件改变的时候如何运行一个命令
[*]===============================================================================================
[*]file { "/etc/bind": source=>"/dist/apps/bind" }
[*]exec { "/usr/bin/ndc reload":
[*] subscribe =>File["/etc/bind"],
[*] refreshonly =>true
[*]}
[*]==============================================================================================
[*]
[*]
[*]如何确保创建一个用户之前另一个组已经存在
[*]group { "fearme":
[*] ensure=>present,
[*] gid =>1000
[*]}
[*]user { "tim":
[*] ensure=>present,
[*] gid =>"fearme",
[*] groups=>["adm", "staff", "root"],
[*] membership=>minimum,
[*] shell =>"/bin/bash",
[*] require =>Group["fearme"]
[*]}
[*]
[*]
[*]
[*]class base_class{
[*]definetestvar_file($myvar="bob"){
[*]file { $name:
[*]content =>template("john.erb"),
[*]}
[*]}
[*]testvar_file { "/tmp/testvar": }
[*]}
[*]class child_class inherits base_class{
[*]Base_class::Testvar_file["/tmp/testvar"] { myvar =>fred }
[*]}
[*]
[*]
[*]gem install rack
[*]gem install passenger
[*]passenger-install-apache2-module
官方网站
http://www.puppetlabs.com
官方文档
http://docs.puppetlasb.com
官方Wiki
http://projects.puppetlabs.com/projects/puppet/wiki/
源码地址
http://github.com/puppetlabs/puppet
版本线路图
http://projects.puppetlabs.com/projects/puppet/roadmap
Bug列表
http://projects.puppetlabs.com/projects/puppet/issues
升级日志
http://projects.puppetlabs.com/projects/1/wiki/Release_Notes
讨论组
https://groups.google.com/forum/?fromgroups#!forum/puppet-users
模块市场
http://forge.puppetlabs.com/
http://www.google.com/ncr
mysqlops博客
http://www.mysqlops.com/category/puppet
Learning Puppet
http://docs.puppetlabs.com/learning/
Style Guide
http://docs.puppetlabs.com/guides/style_guide.html
3.x语法参考
http://docs.puppetlabs.com/puppet/3/reference/
2.7语法参考
http://docs.puppetlabs.com/puppet/2.7/reference
模块参考
http://docs.puppetlabs.com/puppet/3/reference/modules_fundamentals.html
资源类型参考
http://docs.puppetlabs.com/references/3.1.latest/type.html
配置参考
http://docs.puppetlabs.com/references/3.1.latest/configuration.html
函数参考
http://docs.puppetlabs.com/references/3.1.latest/function.html
元参数参考
http://docs.puppetlabs.com/references/3.1.latest/metaparameter.html
术语表
http://docs.puppetlabs.com/references/glossary.html 官方YUM源 http://yum.puppetlabs.com
Passenger官方YUM源 http://passenger.stealthymonkeys.com/
sudo模块
https://github.com/rji/puppet-sudo
https://github.com/vTNT/puppet-sudo
运维工具
http://rundeck.org/
页:
[1]