|
|
- **************服务端安装软件******************
- shell#touch /etc/puppet/manifests/site.pp
- shell#cat /etc/hosts
- 192.168.1.254 nat.test.com
- shell#/etc/init.d/puppetmaster start
- shell#puppet cert --sign test.test.com
- 签发证书,需要为每一个域名单独签发
- **************客户端配置服务******************
- shell#cat /etc/hosts
- 192.168.1.254 nat.test.com
- 127.0.0.1 test.test.com
- shell#echo "server = nat.test.com" >>/etc/puppet/puppet.conf
- shell#puppet agent --no-daemonize --verbose
- 服务端文件
- vim /etc/puppet/manifests/site.pp
- node default{
- file {"/tmp/a.txt":
- content => "test\n",
- ensure => present,
- backup => ".bak",
- mode => 500,
- owner => root,
- group => www,
- }
- }
- *********************客户端测试****************************
- puppet agent --verbose --test
- *********************服务端创建模块**************************
- shell#mkdir /etc/puppet/modules/snmpd/{files,manifests,templates} -p
- shell#vim /etc/puppet/modules/snmpd/manifests
- ######################################################################################################################
- class snmpd {
- service {
- "snmpd":
- enable => "true",
- ensure => "running",
- require => File["snmpd.conf"],
- subscribe => File["snmpd.conf"],
- name => $operatingsystem ? {
- default => "snmpd",
- },
- }
- package {
- "net-snmp":
- ensure => present,
- name => $operatingsystem ? {
- debian => "snmpd",
- ubuntu => "snmpd",
- default => "net-snmp",
- },
- }
- file {
- "snmpd.conf":
- # owner => root,
- # group => root,
- # mode => 644,
- require => Package["net-snmp"],
- path => $operatingsystem ?{
- default => "/etc/snmp/snmpd.conf",
- },
- }
- }
- #####################################################################################################
- vim /etc/puppet/manifests/site.pp
- node default{
- file {"/tmp/a.txt":
- content => "This is a test file date\n",
- ensure => present,
- backup => ".back",
- mode => 500,
- owner => root,
- group => www,
- }
- }
- node 'test.test.com' {
- file {"/tmp/b.txt":
- content => "This is a test file\n",
- ensure => present,
- backup => ".back",
- mode => 500,
- owner => root,
- group => root,
- }
- include snmpd #包含创建的类
- }
- http://docs.puppetlabs.com/guides/types/service.html 原文地址
- service管理系统运行的服务进程,不幸的是不同的系统管理服务的方式是多样的. 有些系统上面对于服务管理很简单,有些系统提供复杂的强大的服务管理功能.puppet提供最基本的服务管理,你也可以指定provider,使用一些特性.
- 注意,当一个服务从另一个资源收到一个事件,服务会重启,例如配置文件修改,可以要求相应的服务重启.不同的平台重启命令不同,你也可以手工指定重启服务的命令.
- 特性
- controllable provider 提供control 变量
- enableable provider 可以enable和disable服务
- refreshable provider 可以重启服务
- 例子service { "ssh": ensure => running; "nfs": ensure => stopped; }
- 参数binary
- 运行服务的命令的路径, 只用于不支持init的操作系统, 如果没有指定启动脚本,就用这个命令来启动服务.
- enable
- 服务在开机的时候是否启动,可以设置的值是true和false,需要provider支持enableable
- ensure
- 是否运行服务, running表示运行服务,stopped 表示停止服务
- hasrestart
- 指出管理脚本是否支持restart参数,如果不支持,就用stop和start实现restart效果. 可以设置的值是true 或 false
- hasstatus
- 指出管理脚本是否支持status参数,puppet用status参数来判断服务是否已经在运行了,如果不支持status参数,puppet利用查找运行进程列表里面是否有服务名来判断服务是否在运行. 可以设置的值是true或false
- name
- 该资源的namevar, 服务的名字,通常就是在/etc/init.d/目录下的名字
- path
- 启动脚本的搜索路径,可以用冒号分割多个路径,或者用数组指定.
- pattern
- 设置搜索进程列表的匹配字符串,用于不支持init脚本的系统.当要停止一个服务的时候,通过查看进程运行列表来判断.
- provider
- puppet提供下面的provider(只列出常见的系统)
- debian debian系统的init模式的管理脚本,支持 enableable, refreshable.
- freebsd init模式,支持enableable, refreshable.
- init 标准的init模式,支持refreshable
- redhat redhat的init模式,支持enableable, refreshable.
- smf solaris新的服务管理框架,支持enableable, refreshable
- restart
- 指定重启脚本,否则就先停止该服务再启动该服务
- start
- 指定启动服务的命令,通常init模式的管理脚本都支持,不需要手工指定
- status
- 指定status命令,如果不指定,就从进程列表查询该服务
- stop
- 指定停止服务的脚本.
http://nocap.blog.163.com/blog/static/19052507420121030113615705/
- 官方文档
- http://docs.puppetlabs.com/puppetdocs-latest.tar.gz
- http://www.puppetlabs.com/downloads/docs/puppet_labs_docs_pdfs.zip
- puppet cert sign mytestagent.example.com
- puppet cert sign --all
- puppet master --no-daemonize --verbose
- puppet --genconfig
- puppet agent --server myserver.example.com --waitforcert 60 --test
- puppet master --configprint modulepath
- puppet config print modulepath --mode master
- auth.conf
- autosign.conf
- ==========================================
- rebuilt.example.com
- *.scratch.example.com
- *.local
- ==========================================
- device.conf
- ==========================================
- [device certname]
- type <type>
- url <url>
- [router6.example.com]
- type cisco
- url ssh://admin:password@ef03c87a.local
- fileserver.conf
- ===========================================
- # Files in the /path/to/files directory will be served
- # at puppet:///mount_point/.
- [mount_point]
- path /path/to/files
- allow *.example.com
- deny *.wireless.example.com
- ===========================================
- tagmail.conf
- require
- Set report=true on your agent nodes
- Set reports=tagmail
- Set the reportfrom email address and either the smtpserver or sendmail setting on the puppet master
- Create a tagmail.conf file at the location specified in the tagmap setting
- ocated at /etc/puppet/tagmail.conf by default
- A comma-separated list of tags and !negated tags; valid tags include:
- Explicit tags
- Class names
- Puppet Documentation ? Configuring Puppet 40/411
- “ all ”
- Any valid Puppet log level ( debug , info , notice , warning , err , alert , emerg , crit , or
- verbose )
- A colon
- A comma-separated list of email addresses
- The list of tags on a line builds the set of resources whose messages will be included in the mailing;
- each additional tag adds to the set, and each !negated tag subtracts from the set.
- So, for example:
- ==============================================================================================
- all: log-archive@example.com
- webserver, !mailserver: httpadmins@example.com
- emerg, crit: james@example.com, zach@example.com, ben@example.com
- ==============================================================================================
- service { 'sshd':
- subscribe => File['sshdconfig'],
- }
- define svn_repo($path) {
- exec { "/usr/bin/svnadmin create ${path}/${title}":
- unless => "/bin/test -d ${path}",
- }
- }
- svn_repo { 'puppet_repo': path => '/var/svn_puppet' }
- svn_repo { 'other_repo': path => '/var/svn_other' }
- define svn_repo($path) {
- exec { "create_repo_${name}":
- command => "/usr/bin/svnadmin create ${path}/${title}",
- unless => "/bin/test -d ${path}",
- }
- if $require {
- Exec["create_repo_${name}"] {
- require +> $require,
- }
- }
- }
- svn_repo { 'puppet':
- path => '/var/svn',
- Puppet Documentation ? Language Guide 50/411
- require => Package['subversion'],
- }
- 变量赋值
- $value = "${one}${two}"
- 数组
- $foo =[ 'one', 'two', 'three' ]
- notice $foo[1]
- 将返回 two
- host { 'one.example.com':
- ensure => present,
- alias => [ 'satu','dua', 'tiga' ],
- ip => '192.168.100.1',
- }
- 哈希
- $myhash ={ key1 => 'myval', key2 => $b }
- 访问hash元素
- $myhash ={ key => { subkey => 'b' }}
- notice($myhash[key][subkey])
- 节点赋不同的值
- =========================================================
- node a {
- $setting = 'this'
- include class_using_setting
- }
- node b {
- $setting = 'that'
- include class_using_setting
- }
- =========================================================
- calss的设置
- =========================================================================================
- $test = 'top'
- class myclass {
- exec { "/bin/echo ${test}": logoutput => true }
- }
- class other {
- $test = 'other'
- include myclass
- }
- include other
- ===========================================================================================
- 访问class里面的值
- ========================================================
- class myclass {
- $test = 'content'
- }
- class anotherclass {
- $other = $myclass::test
- }
- ========================================================
- 给变量中的数组增加元素
- ==========================================================================
- $ssh_users = [ 'myself', 'someone' ]
- class test {
- $ssh_users += ['someone_else']
- }
- ===========================================================================
- 这里的+=是给数组增加值
- 变量选择相关
- file{ '/etc/config':
- owner => $operatingsystem ? {
- 'sunos' => 'adm',
- 'redhat' => 'bin',
- default => undef,
- },
- }
- 默认值为undef,
- $owner=$operatingsystem ? {
- /(redhat|debian)/=>'bin',
- default =>undef,
- }
- $system=$operatingsystem ? {
- /(redhat|debian)/ => "our system is $1",
- default => "our system is unknown",
- }
- 这里的$1将会返回redhat或者debian
- $0将会返回整行
- case
- =====================================================================================================
- case $operatingsystem {
- 'sunos': { include solaris } # apply the solaris class
- 'redhat': { include redhat } # apply the redhat class
- default: { include generic } # apply the generic class
- }
- ====================================================================================================
- =======================================================================================================
- case $hostname {
- 'jack','jill': { include hill } # apply the hill class
- 'humpty','dumpty': { include wall } # apply the wall class
- default: { include generic } # apply the generic class
- }
- ========================================================================================================
- 如果v$hostname fact里面含有jack或者jill,那么将会include hill
- ========================================================================================================
- case $hostname {
- /^j(ack|ill)$/: { include hill } # apply the hill class
- /^[hd]umpty$/: { include wall } # apply the wall class
- default: { include generic } # apply the generic class
- }
- ===========================================================================================================
- case $hostname {
- /^j(ack|ill)$/: { notice("Welcome $1!") }
- default: { notice("Welcome stranger") }
- }
- ===========================================================================================================
- if $variable {
- file { '/some/file': ensure => present }
- } else {
- file { '/some/other/file': ensure => present }
- }
- ============================================================================================================
- if $server == 'mongrel' {
- include mongrel
- } elsif $server == 'nginx' {
- include nginx
- } else {
- include thin
- }
- if $ram > 1024 {
- $maxclient = 500
- }
- =============================================================================================================
- if ( $processor_count > 2 ) and (( $ram >= 16 * $gigabyte ) or ( $disksize > 1000 )) {
- include for_big_irons
- } else {
- include for_small_box
- }
- ================================================================================================================
- unless $memorysize > 1024 {
- $maxclient = 500
- }
- ================================================================================================================
- 虚拟资源
- @user { 'luke': ensure => present }
- User <| title == luke |>
- realize User['luke']
- #将虚拟资源实例化
- class ssh {
- @@sshkey { $hostname: type => dsa, key => $sshdsakey }
- Sshkey <<| |>>
- }
- 正则表达式
- 安装module
- puppet module install puppetlabs-apache --version 0.0.2
- puppet module list
- puppet module search apache
- puppet module uninstall puppetlabs-apache
- puppet module upgrade puppetlabs-apache --version 0.0.3
- https://forge.puppetlabs.com
- 当一个文件改变的时候如何运行一个命令
- ===============================================================================================
- file { "/etc/bind": source => "/dist/apps/bind" }
- exec { "/usr/bin/ndc reload":
- subscribe => File["/etc/bind"],
- refreshonly => true
- }
- ==============================================================================================
- 如何确保创建一个用户之前另一个组已经存在
- group { "fearme":
- ensure => present,
- gid => 1000
- }
- user { "tim":
- ensure => present,
- gid => "fearme",
- groups => ["adm", "staff", "root"],
- membership => minimum,
- shell => "/bin/bash",
- require => Group["fearme"]
- }
- class base_class {
- define testvar_file($myvar="bob") {
- file { $name:
- content => template("john.erb"),
- }
- }
- testvar_file { "/tmp/testvar": }
- }
- class child_class inherits base_class {
- Base_class::Testvar_file["/tmp/testvar"] { myvar => fred }
- }
- gem install rack
- gem install passenger
- passenger-install-apache2-module
官方网站
http://www.puppetlabs.com
官方文档
http://docs.puppetlasb.com
官方Wiki
http://projects.puppetlabs.com/projects/puppet/wiki/
源码地址
http://github.com/puppetlabs/puppet
版本线路图
http://projects.puppetlabs.com/projects/puppet/roadmap
Bug列表
http://projects.puppetlabs.com/projects/puppet/issues
升级日志
http://projects.puppetlabs.com/projects/1/wiki/Release_Notes
讨论组
https://groups.google.com/forum/?fromgroups#!forum/puppet-users
模块市场
http://forge.puppetlabs.com/
Google
http://www.google.com/ncr
mysqlops博客
http://www.mysqlops.com/category/puppet
Learning Puppet
http://docs.puppetlabs.com/learning/
Style Guide
http://docs.puppetlabs.com/guides/style_guide.html
3.x语法参考
http://docs.puppetlabs.com/puppet/3/reference/
2.7语法参考
http://docs.puppetlabs.com/puppet/2.7/reference
模块参考
http://docs.puppetlabs.com/puppet/3/reference/modules_fundamentals.html
资源类型参考
http://docs.puppetlabs.com/references/3.1.latest/type.html
配置参考
http://docs.puppetlabs.com/references/3.1.latest/configuration.html
函数参考
http://docs.puppetlabs.com/references/3.1.latest/function.html
元参数参考
http://docs.puppetlabs.com/references/3.1.latest/metaparameter.html
术语表
http://docs.puppetlabs.com/references/glossary.html 官方YUM源 http://yum.puppetlabs.com
Passenger官方YUM源 http://passenger.stealthymonkeys.com/
sudo模块
https://github.com/rji/puppet-sudo
https://github.com/vTNT/puppet-sudo
运维工具
http://rundeck.org/ |
|
QQ群⑧:
窥视卡
雷达卡
发表于 2018-8-3 08:15:45
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡