|
|
puppet 配置练习
[iyunv@puppetagent ~]# puppet describe user //查看配置说明
[iyunv@puppetagent manifests]# cat test1.pp
一、用户与用户组
group:
name: 组名
gid : 组号
ensure: present,absent
system: true,false 是否是系统组,2000以前为系统组
members: 组成员
user:
name: 用户名
commet: 用户注释
ensure: present,absent
expiry: 过期期限
gid: 基本组
groups: 附加组
shell: 默认shell
system: true,false
uid: 用户ID
password: 密码
group {'zabbix':
gid => 2001,
ensure => present,
}
user {'zabbix01':
uid => 2000,
gid => 2001,
shell => '/bin/bash',
home => '/home/zabbix01',
ensure => present,
}
[iyunv@puppetagent manifests]# vim test1.pp
[iyunv@puppetagent manifests]# puppet apply -v test1.pp
Notice: Compiled catalog for puppetagent.gbnc.com in environment production in 0.30 seconds
Info: Applying configuration version '1506581582'
Notice: /Stage[main]/Main/Group[zabbix]/ensure: created
Notice: /Stage[main]/Main/User[zabbix01]/ensure: created
Info: Creating state file /var/lib/puppet/state/state.yaml
Notice: Finished catalog run in 0.10 seconds
root@puppetagent manifests]# tail -1 /etc/passwd
zabbix01:x:2000:2001::/home/zabbix01:/bin/bash
错误提示: 一般是前一行后面的,号没写
[iyunv@puppetagent manifests]# puppet apply -v test1.pp
Error: Could not parse for environment production: Syntax error at 'uid'; expected '}' at /home/manifests/test1.pp:9 on node puppetagent.gbnc.com
Error: Could not parse for environment production: Syntax error at 'uid'; expected '}' at /home/manifests/test1.pp:9 on node puppetagent.gbnc.com
二、文件file
content: 直接给出文件内容
source: 从指定位置下载文件
ensure: file,link,directory,present,absent
force: 强制创建,会覆盖原有的yes,no,true,flase
group: 属组
owner: 属主
mode: 权限,支持多种格式,八进制,u,g,o
path: 目标路径
source: 源文件路径,可以是本地文件路径,也可以使用puppet:///
target: 当ensure为link时,target表示path指向的文件是一个符号链接文件,
checksum:文件校验md5,md5lite,sha256,none
[iyunv@puppetagent manifests]# cat test2.pp
file{'/tmp/mydir':
ensure => directory,
}
file {'/tmp/mydir/myfile':
content => 'this is a test file\n great!!',
ensure => file,
owner => 'zabbix01',
group => 'zabbix',
mode => 0400,
}
file {'/tmp/fstab.test':
source => '/etc/fstab',
ensure => file,
}
file {'/tmp/file.link':
ensure => link,
target => '/tmp/fstab.test',
}
[iyunv@puppetagent manifests]# puppet apply -v test2.pp
Notice: Compiled catalog for puppetagent.gbnc.com in environment production in 0.15 seconds
Info: Applying configuration version '1506588419'
Notice: /Stage[main]/Main/File[/tmp/fstab.test]/ensure: defined content as '{md5}fdbfec63861f05f36b4a1b5d8c7ab1ec'
Notice: /Stage[main]/Main/File[/tmp/file.link]/ensure: created
Notice: /Stage[main]/Main/File[/tmp/mydir]/ensure: created
Notice: /Stage[main]/Main/File[/tmp/mydir/myfile]/ensure: defined content as '{md5}435a3c2e09594ba689cc94f51691ca5b'
Notice: Finished catalog run in 0.08 seconds
[iyunv@puppetagent tmp]# ls -l
总用量 4
lrwxrwxrwx. 1 root root 15 9月 28 16:47 file.link -> /tmp/fstab.test
-rw-r--r--. 1 root root 465 9月 28 16:47 fstab.test
drwxr-xr-x. 2 root root 20 9月 28 16:47 mydir
[iyunv@puppetagent tmp]# ls -l mydir/myfile
-r--------. 1 zabbix01 zabbix 29 9月 28 16:47 mydir/myfile
三、exec 运行命令,命令应该有“幂等性”
幂等性,运行多次命令,结果没有损害性
实现:1、命令本身有
2、资源有onlyif,unless等属性来实现
3、资源有refreshonly属性,以实现只有订阅的资源发生变化时才执行
command: 运行的命令
creates: 指定的文件不存在时才运行命令
cwd: cd 到指定目录运行命令
environment: 指定环境变量
user: 指定用户身份运行
group:指定组身份运行
onlyif: 给定一个测试命令运行成功了,返回时为0时,才会运行命令
exec { "logrotate":
path => "/usr/bin:/usr/sbin:/bin",
onlyif => "test `du /var/log/messages | cut -f1` -gt 100000" //成功才运行logrotate
}
unless: 与onlyif相反
exec { "/bin/echo root >> /usr/lib/cron/cron.allow":
path => "/usr/bin:/usr/sbin:/bin",
unless => "grep root /usr/lib/cron/cron.allow 2>/dev/null" //没有root时加
}
refresh: 接收其它资源发来的通知时,默认是重新运行exec的命令,有refresh时运行其指定的命令
refreshonly : 仅在收到refresh通知时,执行此资源
returns: 期望的状态返回值,返回非此值进表示命令执行失败
tries: 尝试执行的次数
timeout: 超时时长
path: 指定PATH环境变量,可指多个用["/usr/bin", "/usr/sbin"],
Notice: Finished catalog run in 0.05 seconds
[iyunv@puppetagent manifests]# cat test3.pp
exec {'/usr/sbin/modprobe xfs':
user => 'root',
group => 'root',
refresh => '/usr/sbin/modprobe -r xfs && /usr/sbin/modprobe xfs',
timeout => 5,
tries => 2,
}
[iyunv@puppetagent manifests]# puppet apply -v test3.pp
Notice: Compiled catalog for puppetagent.gbnc.com in environment production in 0.06 seconds
Info: Applying configuration version '1506644123'
Notice: /Stage[main]/Main/Exec[/usr/sbin/modprobe xfs]/returns: executed successfully
Notice: Finished catalog run in 0.05 seconds
错误提示: 命令要用绝对路径,或用path指定目录
[iyunv@puppetagent manifests]# puppet apply -v test3.pp
Notice: Compiled catalog for puppetagent.gbnc.com in environment production in 0.05 seconds
Error: Parameter refresh failed on Exec[modprobe xfs]: 'modprobe -r xfs && modprobe xfs' is not qualified and no path was specified. Please qualify the command or specify a path. at /home/manifests/test3.pp:7
Wrapped exception:
'modprobe -r xfs && modprobe xfs' is not qualified and no path was specified. Please qualify the command or specify a path.
[iyunv@puppetagent manifests]# cat test4.pp
exec {'echo hello > /tmp/hello.file':
user => root,
group => root,
path => '/usr/bin',
creates => '/tmp/hello.file' //存在不执行,不存在执行
}
[iyunv@puppetagent manifests]# puppet apply -v test4.pp
Notice: Compiled catalog for puppetagent.gbnc.com in environment production in 0.05 seconds
Info: Applying configuration version '1506644568'
Notice: Finished catalog run in 0.04 seconds
[iyunv@puppetagent manifests]# rm -rf /tmp/hello.file //删掉后,执行
[iyunv@puppetagent manifests]# puppet apply -v test4.pp
Notice: Compiled catalog for puppetagent.gbnc.com in environment production in 0.06 seconds
Info: Applying configuration version '1506644586'
Notice: /Stage[main]/Main/Exec[echo hello > /tmp/hello.file]/returns: executed successfully
Notice: Finished catalog run in 0.06 seconds
[iyunv@puppetagent manifests]# cat /tmp/hello.file
hello
[iyunv@puppetagent manifests]# cat test5.pp
exec {'echo hello > /tmp/hello01.file':
user => root,
group => root,
path => '/usr/bin',
unless => 'test -e /tmp/hello01.file' //指定命令返回值不为真,就执行
}
[iyunv@puppetagent manifests]# ls /tmp/hello01.file
/tmp/hello01.file
[iyunv@puppetagent manifests]# puppet apply -v test5.pp
Notice: Compiled catalog for puppetagent.gbnc.com in environment production in 0.06 seconds
Info: Applying configuration version '1506644862'
Notice: Finished catalog run in 0.05 seconds
[iyunv@puppetagent manifests]# rm -rf /tmp/hello01.file
[iyunv@puppetagent manifests]# puppet apply -v test5.pp
Notice: Compiled catalog for puppetagent.gbnc.com in environment production in 0.05 seconds
Info: Applying configuration version '1506644878'
Notice: /Stage[main]/Main/Exec[echo hello > /tmp/hello01.file]/returns: executed successfully
Notice: Finished catalog run in 0.06 seconds
[iyunv@puppetagent manifests]# cat /tmp/hello01.file
hello
四、cron 任务计划
ensure: present, absent
command: 要运行的命令,要用绝对路径,在此不能用path指定
hour:
minute:
month:
monthday:
weekday:
name:
user: 运行的用户
environment: 运行时的环境变量
[iyunv@puppetagent manifests]# cat test6.pp
cron{'sync time':
command => 'ntpdate 172.16.0.1 &> /dev/null',
minute => '*/10',
ensure => 'present',
}
[iyunv@puppetagent manifests]# crontab -l
# Puppet Name: sync time
*/10 * * * * ntpdate 172.16.0.1 &> /dev/null
五、package 程序包管理
ensure: installed,latest,VERSION(2.3.1-2.el7),present,absent
name: 包名
source: 包来源
provider: rpm
[iyunv@puppetagent manifests]# cat test7.pp
package{'zsh':
ensure => latest,
}
package{'jdk':
ensure => installed,
source => '/root/jdk-8u144-linux-x64.rpm',
provider => 'rpm',
}
[iyunv@puppetagent manifests]# puppet apply -v test7.pp
Notice: Compiled catalog for puppetagent.gbnc.com in environment production in 0.58 seconds
Warning: The package type's allow_virtual parameter will be changing its default value from false to true in a future release. If you do not want to allow virtual packages, please explicitly set allow_virtual to false. //可以在服务器端的 pp文件中的package 中加入 :allow_virtual => false, 来解决出现的警告。
(at /usr/share/ruby/vendor_ruby/puppet/type.rb:816:in `set_default')
Info: Applying configuration version '1506649918'
Notice: /Stage[main]/Main/Package[zsh]/ensure: created
Notice: /Stage[main]/Main/Package[jdk]/ensure: created
Notice: Finished catalog run in 22.50 seconds
[iyunv@puppetagent manifests]# java -version
java version "1.8.0_144"
Java(TM) SE Runtime Environment (build 1.8.0_144-b01)
Java HotSpot(TM) 64-Bit Server VM (build 25.144-b01, mixed mode)
[iyunv@puppetagent manifests]# which zsh
/usr/bin/zsh
六、service 管理服务
enable: 是否开机启动,true, false
ensure: running, stopped
hasrestart: 是否支持restart参数
hasstatus: 是否支持status参数
name:
path:
pattern: 当脚本不支持restart/status时,用于确定服务是否处于运行状态
restart: 指定用于服务“重启”的命令
start:
stop:
status:
[iyunv@puppetagent manifests]# cat test8.pp
package{'nginx':
ensure =>latest,
}
service{'nginx':
ensure => running,
enable => true,
hasrestart => true,
hasstatus => true,
restart => 'systemctl reload nginx.service',
}
[iyunv@puppetagent manifests]# puppet apply -v test8.pp
Notice: Compiled catalog for puppetagent.gbnc.com in environment production in 0.73 seconds
Warning: The package type's allow_virtual parameter will be changing its default value from false to true in a future release. If you do not want to allow virtual packages, please explicitly set allow_virtual to false.
(at /usr/share/ruby/vendor_ruby/puppet/type.rb:816:in `set_default')
Info: Applying configuration version '1506651656'
Notice: /Stage[main]/Main/Package[nginx]/ensure: created
Notice: /Stage[main]/Main/Service[nginx]/ensure: ensure changed 'stopped' to 'running'
Info: /Stage[main]/Main/Service[nginx]: Unscheduling refresh on Service[nginx]
Notice: Finished catalog run in 15.99 seconds
if value = parameter.default and ! value.nil?
[iyunv@puppetagent manifests]# rpm -q nginx
nginx-1.10.2-1.el7.x86_64
[iyunv@puppetagent manifests]# netstat -lupnt |grep nginx
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 13283/nginx: master
tcp6 0 0 :::80 :::* LISTEN 13283/nginx: master
七、Metaparameters
资源引用
Type [title''] ,第一个字母要大写
依赖关系:
被依赖关系中使用:before
依赖其它资源的资源:require
链式依赖: ->
[iyunv@puppetagent manifests]# cat test9.pp
group {'zabbix':
gid => 2001,
ensure => present,
before => User['zabbix02'], //被User['zabbix02']依赖
}
user {'zabbix02':
uid => 2001,
gid => 2001,
shell => '/bin/bash',
home => '/home/zabbix02',
ensure => present,
}
user {'zabbix03':
uid => 2002,
gid => 2001,
shell => '/bin/bash',
home => '/home/zabbix03',
ensure => present,
require => Group['zabbix'], //依赖于 Group['zabbix']
} -> //后面file依赖于此资源
file{'/tmp/zabbix03.file':
content => 'this is a zabbix03',
ensure => present,
}
通知关系
notify: 被依赖关系中使用
subcrible: 监听其它资源的资源
~>: 链式通知
[iyunv@puppetagent manifests]# cat test10.pp
package{'nginx':
ensure =>latest,
}
file{'/etc/nginx/nginx.conf':
ensure =>file,
source =>'/root/modules/nginx/conf/nginx.conf',
require => Package['nginx'],
notify => Service['nginx'], //此资源有改变进,通知Service['nginx']
}
service{'nginx':
ensure => running,
enable => true,
hasrestart => true,
hasstatus => true,
# restart => 'systemctl reload nginx.service',
require => [Package['nginx'],File['/etc/nginx/nginx.conf']],
}
[iyunv@puppetagent manifests]# netstat -ltupn |grep nginx
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 17576/nginx: master
[iyunv@puppetagent manifests]# vim /root/modules/nginx/conf/nginx.conf
[iyunv@puppetagent manifests]# cat /root/modules/nginx/conf/nginx.conf |grep listen
listen 80 default_server; //更改
[iyunv@puppetagent manifests]# puppet apply -v test10.pp
Notice: Compiled catalog for puppetagent.gbnc.com in environment production in 0.82 seconds
Warning: The package type's allow_virtual parameter will be changing its default value from false to true in a future release. If you do not want to allow virtual packages, please explicitly set allow_virtual to false.
(at /usr/share/ruby/vendor_ruby/puppet/type.rb:816:in `set_default')
Info: Applying configuration version '1506656725'
Info: /Stage[main]/Main/File[/etc/nginx/nginx.conf]: Filebucketed /etc/nginx/nginx.conf to puppet with sum 73972f6c9f693b7b2bf4f5872df65a28
Notice: /Stage[main]/Main/File[/etc/nginx/nginx.conf]/content: content changed '{md5}73972f6c9f693b7b2bf4f5872df65a28' to '{md5}40fed2ca309c9d452fbc4d9840ff22c7'
Info: /Stage[main]/Main/File[/etc/nginx/nginx.conf]: Scheduling refresh of Service[nginx] //有改变文件,所以refresh
Notice: /Stage[main]/Main/Service[nginx]: Triggered 'refresh' from 1 events
Notice: Finished catalog run in 4.61 seconds
[iyunv@puppetagent manifests]# netstat -ltupn |grep nginx
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 17808/nginx: master
八、变量
变量名都以$开头,赋值符号为=,任何非正则表达式类型的数据都可以赋值给变量
作用域:
TOP Scope 所有节点有效
Node Scope 节点内有效
class 类内有效,子类内有效,子类可继承父类
变量的引用路径:
相对路径
绝对路径:
$::scope::scope::variable
变量的赋值符号:
=
+= 追加
数据类型:
布尔型: true,false
undef: 未指定
字符型: 可以不用引号,单引号(强引用),双引号(弱引用)
数值型 :整数和浮点数
数组:[item1,item2,....]
hash: {key => vlaue, key => value,....} 键key为字符串,value为任何类型
正则表达式:
非标准数据类型,不能赋值给变量
语法结构:
(?<ENABLED OPTION>:<SUBPATTERN>)
(?-<DISABLED OPTION>:<SUBPATTERN>)
OPTION:
i: 忽略字符大小写
m: 把.当换行符
x: 忽略空白和注释
表达式:
比较操作符:==,!=,<,<=,>,>=,!~,=~,in
逻辑操作符:and,or,!
算术操作符:+,-,*,/,%,>>,<<
变量的种类:
自定义变量
facter变量 :用facter -p命令可获得
内置变量:
客户端内置:
$clientcert
$clientversion
服务器内置:
$servername
$serverip
$serverversion
#modules_name
九、条件判断:
if,case,selector,unless
if 语句:
if CONDITION {
.......
}
elseif CONDITION {
.......
}
else {
.........
}
CONDITION的用法:
1、比较表达式
2、变量引用
3、有返回值的函数调用
[iyunv@puppetagent manifests]# cat test11.pp
if $operatingsystem == "Centos" {
notice("the host OS is a $operatingsystem linux")
}
else {
notice(" the host os isn't a $operatingsystem linux")
}
[iyunv@puppetagent manifests]# puppet apply -v test11.pp
Notice: Scope(Class[main]): the host OS is a CentOS linux //结果
Notice: Compiled catalog for puppetagent.gbnc.com in environment production in 0.02 seconds
Info: Applying configuration version '1506734001'
Notice: Finished catalog run in 0.04 seconds
if $operatingsystem =~ /^(?i-mx:(Centos|Redhat))/ {
notice("the host OS is a $1 linux") //$1为后向引用
}
else {
notice(" the host os isn't a $operatingsystem linux")
}
[iyunv@puppetagent manifests]# puppet apply -v test11.pp
Notice: Scope(Class[main]): the host OS is a CentOS linux
Notice: Compiled catalog for puppetagent.gbnc.com in environment production in 0.02 seconds
Info: Applying configuration version '1506734525'
Notice: Finished catalog run in 0.04 seconds
CASE语句
case CONTROL_EXPESS {
case1,.....:{statement....}
case2,.....:{statement....}
default: {statement....}
}
CONTROL_EXPESS: 表达式、变量,有返回值的函数
case: 字符串、变量、正则表达式、有返回值的函数、default
[iyunv@puppetagent manifests]# cat test12.pp
case $operatingsystem {
'Ubuntu': {notice("Welcome to Ubuntu system !!!")}
'Freebsd','Solaris': {notice("Welcome to UNIX OSFmamily!!! ")}
/^(?i-mx:(Centos|Redhat))$/: {notice("Welcome to $1 linux !!!")}
default: {notice("Welcome linux !!!")}
}
[iyunv@puppetagent manifests]# puppet apply -v test12.pp
Notice: Scope(Class[main]): Welcome to CentOS linux !!!
Notice: Compiled catalog for puppetagent.gbnc.com in environment production in 0.02 seconds
Info: Applying configuration version '1508977604'
Notice: Finished catalog run in 0.04 seconds
[iyunv@puppetagent manifests]# facter -p |grep "operatingsystem\>"
operatingsystem => CentOS
Selector语句:
类似case,但分支的作用是返回一个直接值
CONTROL_VARIABLE ? {
case => value1
case => value2
default => valueN
}
CONTROL_VARIABLE:变量,有返回值的函数,不能用是表达式
case: 直接值(带引号),变量,有返回值的函数,正则表达式,default
[iyunv@puppetagent manifests]# cat test13.pp
$webserver = $operatingsystem ? {
/(?i-mx:ubuntu|debian)/ => 'apache2',
/(?i-mx:centos|fedora|redhat)/ => 'httpd',
}
exec {"/bin/echo $webserver >> /tmp/echo.file":
}
[iyunv@puppetagent manifests]# puppet apply -v test13.pp
Notice: Compiled catalog for puppetagent.gbnc.com in environment production in 0.07 seconds
Info: Applying configuration version '1506736956'
Notice: /Stage[main]/Main/Exec[/bin/echo httpd >> /tmp/echo.file]/returns: executed successfully
Notice: Finished catalog run in 0.09 seconds
[iyunv@puppetagent manifests]# cat /tmp/echo.file
httpd //结果
十、类class
用于公共目的的一组资源,是命名的代码块:创建后可在puppet全局进行调用,类可以被继承
语法格式:
class class_name {
....puppet code....
}
备注:类只能包含小写字母、数字、下划线,且必须以小写字母开夈
类声明(调用)方式1:
include class_name,class_name,....
[iyunv@puppetagent manifests]# cat test15.pp
class nginx {
$webserver=nginx
package{$webserver:
ensure =>latest,
}
file{'/etc/nginx/nginx.conf':
ensure =>file,
source =>'/root/modules/nginx/conf/nginx.conf',
require => Package['nginx'],
notify => Service['nginx'],
}
service{$webserver:
ensure => running,
enable => true,
hasrestart => true,
hasstatus => true,
# restart => 'systemctl reload nginx.service',
require => [Package['nginx'],File['/etc/nginx/nginx.conf']],
}
}
include nginx //引用类
[iyunv@puppetagent manifests]# puppet apply -v test15.pp
Notice: Compiled catalog for puppetagent.gbnc.com in environment production in 0.80 seconds
Warning: The package type's allow_virtual parameter will be changing its default value from false to true in a future release. If you do not want to allow virtual packages, please explicitly set allow_virtual to false.
(at /usr/share/ruby/vendor_ruby/puppet/type.rb:816:in `set_default')
Info: Applying configuration version '1506740226'
Notice: /Stage[main]/Nginx/Package[nginx]/ensure: created
Info: FileBucket got a duplicate file {md5}93bc8e01bfd45e7e18b23acc178ae25b
Info: /Stage[main]/Nginx/File[/etc/nginx/nginx.conf]: Filebucketed /etc/nginx/nginx.conf to puppet with sum 93bc8e01bfd45e7e18b23acc178ae25b
Notice: /Stage[main]/Nginx/File[/etc/nginx/nginx.conf]/content: content changed '{md5}93bc8e01bfd45e7e18b23acc178ae25b' to '{md5}40fed2ca309c9d452fbc4d9840ff22c7'
Info: /Stage[main]/Nginx/File[/etc/nginx/nginx.conf]: Scheduling refresh of Service[nginx]
Notice: /Stage[main]/Nginx/Service[nginx]/ensure: ensure changed 'stopped' to 'running'
Info: /Stage[main]/Nginx/Service[nginx]: Unscheduling refresh on Service[nginx]
定义能接受能数的类:
class class_name($arg1='value1',$arg2='value2'){
.....puppet code......
}
有带参数时会替代value,没有带直接用默认value1
类声明(调用)方式1:
class{'class_name':
arg1 => value1,
arg2 => value2,
}
[iyunv@puppetagent manifests]# cat test15.pp
class nginx ($webserver){
#class nginx ($webserver='nginx') { //可指定默认值,调用类参数时会覆盖
package{$webserver:
ensure =>latest,
}
file{'/etc/nginx/nginx.conf':
ensure =>file,
source =>'/root/modules/nginx/conf/nginx.conf',
require => Package['nginx'],
notify => Service['nginx'],
}
service{$webserver:
ensure => running,
enable => true,
hasrestart => true,
hasstatus => true,
# restart => 'systemctl reload nginx.service',
require => [Package['nginx'],File['/etc/nginx/nginx.conf']],
}
}
class {'nginx':
webserver => 'nginx',
}
类继承:
定义方式:
class base_class {
.... puppet code.....
}
class base_class::class_name inherits base_class {
.....puppet code.....
}
作用:继承一个已有的类,并实现覆盖资源属性,或赂资源属性追加额外值:
=>,+>
类继承时:
(1)声明子类的时,其基类会被首先声明
(2)基类成为子类的父作用域,基类中的变量和属性默认值会被子类复制一份
(3)子类可以覆盖父类中同一资源的相同属性的值
|
|
QQ群⑧:
窥视卡
雷达卡
发表于 2018-3-21 09:21:44
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡