Puppet--文件自动化管理
Puppet文件自动化管理一.安装后的目录结构
安装目录默认存为/etc/puppet,该目录下的manifests存放manifest文件。其他可执行文件在/user/sbin下,主要有:
puppet: 用于执行用户所写独立的mainfests文件
puppetd: 运行在被管理主机上的客户端程序
puppetmasterd:运行在管理机上的服务器程序
puppetca:puppet认证程序,主要用于对client的证书进行认证
puppetrun:用于连接客户端,强制运行本地配置文件
file资源:管理系统本地文件
设置文件权限和属主
管理文件内容,可以基于模板的内容管理
支持管理目录
从远程服务器复制整个目录到本地
参数
Backup:决定文件的内容在被修改前是否进行备份.
Checksum:检查文件是否被修改,这个状态用来在复制文件的时候使用, 检测方式包括md5 ,mtime等。默认的检测是用md5
Content:把文件的内容设置为content 参数后面的字符串
Ensure:如果文件本来不存在是否要新建文件,可以设置的值是 absent和present,file和directory. 如果指定 present,就会检查该文件是否存在,如果不存在就新建该文件,如果指定是 absent, 就会删除该文件(如果recurse => true ,就会删除目录),如果提供的值不是上面提到的4种,那么就会创建一个文件的符号链接.
Force:作用是用在把一个目录变成一个链接,可用的值是ture和false
Group:指定那个该文件的用户组,值可以是gid或者组名
Ignore:当用recursion 方法复制一个目录的时候,可以用ignore来设定过滤条件,符合过滤条件的文件不被复制.
Links:定义操作符合链接文件. 可以设置的值是follow和manage; 文件拷贝的时候,设置follow,会拷贝文件的内容,而不是只拷贝符合链接本身,如果设置成manage ,会拷贝符合链接本身.
Mode:mode用于设置文件的权限
Owner:设置文件的属主
Path:指定要管理文件的路径,必须用引号引起来, 这也是一个资源的 namevar ,通常path 等于资源的title
Recurse:设置是否以及如何进行递归操作, 可以设置的值是 false,ture ,inf ,remote
Recurselimit:递归的深度,设置的值可以匹配/^+$/.
Source:拷贝一个文件覆盖当前文件,用checksum来判断是否有必要进行复制,可以设置的值是一个引用的完整的文件路径,或者是URI,当前支持的URI只有puppet和file ;
File资源测试用例
登陆puppet master,编辑默认manifest文件site.pp
[*]# cd /etc/puppet/manifests/
[*]
[*]# vim site.pp
[*]
[*] node default {
[*]
[*] file {'file1':
[*]
[*] path => '/tmp/file1',
[*]
[*] ensure => present,
[*]
[*] mode => 0777,
[*]
[*] user => root,
[*]
[*] group => root,
[*]
[*] content => "Welcome to use Puppet.",
[*]
[*]
[*]
[*] }
[*]
[*] }
在puppet master应用该测试文件
[*]# puppet apply file1.pp
[*]
[*]notice: /Stage//File/ensure: created
[*]
[*]notice: Finished catalog run in 0.04 seconds
检查puppet master上是否生效
[*]# more /tmp/file1
[*]
[*]Welcome to use Puppet.
[*]
[*]# ll /tmp/file1
[*]
[*]-rwxrwxrwx 1 root root 222月 22 15:13 /tmp/file1
用其中一个客户端测试
[*]# puppetd --servermaster.puppet --test
[*]
[*]notice: Ignoring --listen on onetime run
[*]
[*]info: Caching catalog for client1.centos
[*]
[*]info: Applying configuration version '1329902782'
[*]
[*]notice: /Stage//Node/File/ensure: created
[*]
[*]notice: Finished catalog run in 0.01 seconds
查看客户端文件属性
[*]# ls -l /tmp/file1
[*]
[*]-rwxrwxrwx 1 root root 222月 22 17:26 /tmp/file1
[*]
[*]# more /tmp/file1
[*]
[*]Welcome to use Puppet.
出现的问题1,报错如下:
[*]# puppetd--test --server master.puppet
[*]
[*]err: Could not retrieve catalog from remote server: Error 400 on SERVER: No support for http method POST
[*]
[*]warning: Not using cache on failed catalog
[*]
[*]err: Could not retrieve catalog; skipping run
[*]
[*]notice: /File/content:
[*]
[*]--- /var/puppet/state/last_run_summary.yaml 2012-02-23 09:13:50.000000000 +0800
[*]
[*]+++ /tmp/puppet-file20120223-4772-1la6w5s-0 2012-02-23 09:14:59.000000000 +0800
[*]
[*]@@ -3,4 +3,4 @@
[*]
[*] puppet: 2.7.10
[*]
[*] config:
[*]
[*] time:
[*]
[*]- last_run: 1329959630
[*]
[*]\ No newline at end of file
[*]
[*]+ last_run: 1329959699
[*]
[*]\ No newline at end of file
出现这个报错的原因是因为puppet的客户端版本和服务器的版本不一样导致的,puppet master的版本是2.6.13,而puppet client的版本是2.7.10下面是检查版本:
[*]# puppetmasterd --version
[*]
[*]2.6.13
安装2.6.13的客户端恢复
[*]# fetch http://puppetlabs.com/downloads/puppet/puppet-2.6.13.tar.gz
[*]
[*]# tar -zxvf puppet-2.6.13.tar.gz
[*]
[*]# cd puppet-2.6.13
[*]
[*]# rubyinstall.rb
[*]
[*]# puppetd --version
[*]
[*]2.6.13
出现的问题2,证书问题,报错如下
[*]# puppetd--test--servermaster.puppet
[*]
[*]err: Could not request certificate: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key
[*]
[*]Exiting; failed to retrieve certificate and waitforcert is disabled
清楚服务器端的证书,重新认证,如仍然报错可以将客户端的ssl正式也删除
[*]# puppetca --cleanclient3.freebsd
[*]
[*]notice: Revoked certificate with serial 7
[*]
[*]notice: Removing file Puppet::SSL::Certificate client3.freebsd at '/var/lib/puppet/ssl/ca/signed/client3.freebsd.pem'
[*]
[*]notice: Removing file Puppet::SSL::Certificate client3.freebsd at '/var/lib/puppet/ssl/certs/client3.freebsd.pem'
[*]# cd /etc/puppet/
[*]
[*]# mv sslssl_bak
重新认证,客户端恢复
[*]# puppetd--test--servermaster.puppet
[*]
[*]info: Caching catalog for client3.freebsd
[*]
[*]info: Applying configuration version '1329961887'
[*]
[*]notice: Finished catalog run in 0.02 seconds
测试file资源的其他参数
[*]# vim /etc/puppet/manifests/site.pp
[*]
[*]node default {
[*]
[*] file {'file1':
[*]
[*] path => '/tmp/file1',
[*]
[*] ensure => present,
[*]
[*] mode => 0777,
[*]
[*] #user => root,
[*]
[*] #group => root,
[*]
[*] content => "Welcome to use Puppet.",
[*]
[*] }
[*]
[*]
[*]
[*] file{ '/tmp/file2':
[*]
[*] ensure => directory,
[*]
[*] mode=>0644,
[*]
[*] }
[*]
[*]
[*]
[*] file{'/tmp/file3':
[*]
[*] ensure=>link,
[*]
[*] target=>'/tmp/file1',
[*]
[*] }
[*]
[*]
[*]
[*] }
客户端测试配置
[*]# puppetd --servermaster.puppet --test
[*]
[*]notice: Ignoring --listen on onetime run
[*]
[*]info: Caching catalog for client1.centos
[*]
[*]info: Applying configuration version '1329963133'
[*]
[*]notice: /Stage//Node/File/ensure: created
[*]
[*]notice: /Stage//Node/File/ensure: created
[*]
[*]notice: Finished catalog run in 0.03 seconds
查看生成文件信息
[*]# ls -l /tmp/file*
[*]
[*]-rwxrwxrwx 1 root root 222月 22 17:26 /tmp/file1
[*]
[*]lrwxrwxrwx 1 root root 102月 23 10:12 /tmp/file3 -> /tmp/file1
[*]
[*]
[*]
[*]/tmp/file2:
[*]
[*]总用量 0
页:
[1]