|
|
puppet成长日记四 Exec资源详细介绍及案例分析
一、系统环境
1、puppet服务端
Release:RHEL6.4
HOSTNAME: puppetserver.rsyslog.org
TCP/IP: 172.16.200.100/24
Packages:
puppet-server-2.7.21-1.el6.noarch
mcollective-client-2.2.4
activemq-5.5.0
2、puppet节点
Release: RHEL5.8
HOSTNAME: agent1.rsyslog.org
TCP/IP: 172.16.200.101/24
Packages:
puppet-2.7.21-1.el5
mcollective-2.2.4-1.el5
3、puppet节点
Release: RHEL6.4
HOSTNAME: agent3.rsyslog.org
TCP/IP: 172.16.200.103/24
Packages:
puppet-2.7.21-1.el6
mcollective-2.2.4-1.el6
二、资源介绍
1、实现功能
1.1 远程执行系统命令,其实就是shell的调用
1.2 由于exec是一次性执行资源,在不同类里面exec名字可相同。
2、支持参数
2.1 command => "mkdir /tmp/rhel5/nginx ", 被执行的命令,必须为被执行命令的绝对路径。
2.2 cwd =>"/tmp/rhel5/nginx", 指定命令执行的目录。如果目录不存在,则命令执行失败。
2.3 environment => "PATH=/home/puppetfans", 为命令设定额外的环境变量。要注意的是如果你用这个来设定PATH,那么PATH的属性会被覆盖。多个环境变量应该以数组的形式来设定。
2.4 group => 定义运行命令的用户组。在不同的平台下的运行的结果无法确定,由于不同用户运行命令的时候,变量是不变的,所以这是平台的问题,而不是Ruby或Puppet的问题。
2.5 logoutput => on_failure|true|false 是否记录输出。默认会根据exec资源的日志等级(loglevel) 来记录输出。若定义为on_failure,则仅在命令返回错误的时候记录输出。可取的值为:true,false和其他合法的日志等级。
2.6 onlyif =>"/bin/ls /usr/local/nginx/conf", 如果这个参数被设定了,则exec只会在onlyif设定的命令返回0时才执行。
2.7 path => [ "/bin/", "/sbin/" , "/usr/bin/", "/usr/sbin/" ] 命令执行的搜索路径。如果path没有被定义,命令需要使用绝对路径。路径可以以数组或以冒号分隔的形式来定义。
2.8 creates => "/tmp/rhel5/nginx", 指定命令所生成的文件。如果提供了这个参数,那么命令只会在所指定的文件不存在的情况的被执行:
2.9 refresh =>true|false 定义如何更新命令。当exec收到一个来自其他资源的事件时,默认只会重新执行一次命令。不过这个参数允许你定义更新时执行不同的命令。
2.10 refreshonly =>true|false 该属性可以使命令变成仅刷新触发的,也就是说只有在一个依赖的对象被改变时,命令才会被执行。只有同时使用subscribe或notify才有意义
2.11 returns 指定返回的代码。如果被执行的命令返回了其他的代码,一个错误(error)会被返回。默认值是0,可以定义为一个由可以接受的返回代码组成的数组或单值。
2.12 timeout => 0 命令运行的最长时间。如果命令运行的时间超过了timeout定义的时间,那么这个命令就会被终止,并作为运行失败处理。当定义为负值时就会取消运行时间的限制。timeout的值是以秒为单位的。
2.13 unless => "/bin/ls /usr/local/nginx/conf",如果这个变量被指定了,那么exec会执行,除非unless所设定的命令返回0
2.14 user => "nginx", 定义运行命令的用户。 注意如果你使用了这个参数,那么任何的错误输出不会在当下被捕捉,这是Ruby的一个bug。
三、资源示例
1、示例一
1.1 实现功能
*要求实现使用chkconfig命令将节点的iptables和ip6tables服务关闭,并记录错误日志
1.2 配置说明
class motd::exec {
include motd::exec1
}
class motd::exec1 {
exec { [ "chkconfig iptables off",
"chkconfig ip6tables off",]:
path => ["/usr/bin","/usr/sbin","/bin","/sbin"],
logoutput => on_failure,
}
}
1.3 客户端agent3测试
[root@agent3 ~]# puppet agent --test
info: Retrieving plugin
info: Loading facts in /var/lib/puppet/lib/facter/backup_date.rb
info: Loading facts in /var/lib/puppet/lib/facter/my_apply1.rb
info: Loading facts in /var/lib/puppet/lib/facter/my_apply3.rb
info: Loading facts in /var/lib/puppet/lib/facter/my_apply2.rb
info: Caching catalog for agent3.rsyslog.org
info: Applying configuration version '1378284783'
notice: /Stage[main]/Motd::Exec1/Exec[chkconfig iptables off]/returns: executed successfully
notice: /Stage[main]/Motd::Exec1/Exec[chkconfig ip6tables off]/returns: executed successfully
notice: Finished catalog run in 0.17 seconds
2、示例二
2.1 实现功能
*要求节点上创建用户和组nginx,UID和GID都为1000
*要求从服务器下载nginx-0.8.42.tar.gz源码包到节点/tmp/rhel5/nginx目录下
*要求解压源码包,并编译安装到指定目录下
2.2 配置说明
class source {
include source::file1,source::exec1,source::exec2,source::exec3,source::user
notify { "nstallation nginx package through the source code nginx-0.8.42.tar.gz":
withpath => true,
}
}
class source::user{
group { "nginx": #建立组nginx
ensure => present,
gid => 1000
}
user { "nginx": #建立用户nginx
ensure => present,
uid => 1000,
gid => 1000,
groups => ["nginx"],
# membership => minimum,
shell => "/sbin/nologin",
require => Group["nginx"]
}
}
class source::file1{ #远程下载nginx源码包
file{ "nginx":
name => "/tmp/rhel5/nginx/nginx-0.8.42.tar.gz",
owner => "root",
group => "root",
mode => 0700,
source => "puppet://$puppetserver/modules/source/nginx-0.8.42.tar.gz",
backup => 'main',
require =>>
}
}
class source::exec1{
exec {"create nginx_pag":
command => "mkdir /tmp/rhel5/nginx ",
path => ["/usr/bin","/usr/sbin","/bin","/sbin"],
creates => "/tmp/rhel5/nginx", #目录或文件不存在的情况下执行command
}
}
class source::exec2{
exec { "install nginx":
cwd =>"/tmp/rhel5/nginx", #目录存在的情况下执行command
command =>"tar -zxvf nginx-0.8.42.tar.gz && cd nginx-0.8.42 &&./configure --user=nginx --group=nginx --prefix=/usr/local/nginx --without-http-cache && make&&make install",
path => ["/usr/bin","/usr/sbin","/bin","/sbin"],
logoutput => on_failure,
unless => "/bin/ls /usr/local/nginx/conf", #命令返回值不为0的情况下执行commond
require =>>
notify =>>
}
}
class source::exec3{
exec { "updatedb":
command => "updatedb",
path => ["/usr/bin","/usr/sbin","/bin","/sbin"],
refreshonly => true, #触发更新的时候执行command
subscribe =>>
}
}
[root@puppetserver manifests]#
2.3 客户端agent3测试
第一次执行:
测试前:
[root@agent3 rhel5]# cat /etc/passwd | grep nginx
[root@agent3 rhel5]# cat /etc/group | grep nginx
[root@agent3 rhel5]# ll /tmp/rhel5/
total 0
[root@agent3 rhel5]# ll /usr/local/ | grep nginx
测试中:
[root@agent3 ~]# puppet agent --test
info: Retrieving plugin
info: Loading facts in /var/lib/puppet/lib/facter/backup_date.rb
info: Loading facts in /var/lib/puppet/lib/facter/my_apply1.rb
info: Loading facts in /var/lib/puppet/lib/facter/my_apply3.rb
info: Loading facts in /var/lib/puppet/lib/facter/my_apply2.rb
info: Caching catalog for agent3.rsyslog.org
info: Applying configuration version '1378366520'
notice: /Stage[main]/Source::Exec1/Exec[create nginx_pag]/returns: executed successfully
notice: /Stage[main]/Source/Notify[nstallation nginx package through the source code nginx-0.8.42.tar.gz]/message: nstallation nginx package through the source code nginx-0.8.42.tar.gz
notice: /Stage[main]/Source/Notify[nstallation nginx package through the source code nginx-0.8.42.tar.gz]/message: defined 'message' as 'nstallation nginx package through the source code nginx-0.8.42.tar.gz'
notice: /Stage[main]/Source::File1/File[nginx]/ensure: defined content as '{md5}2818e8b03512b239f1238d702703bcf3'
notice: /Stage[main]/Source::User/Group[nginx]/ensure: created
notice: /Stage[main]/Source::User/User[nginx]/ensure: created
notice: /Stage[main]/Source::Exec2/Exec[install nginx]/returns: executed successfully
info: /Stage[main]/Source::Exec2/Exec[install nginx]: Scheduling refresh of>
info:>
info:>
notice: /Stage[main]/Source::Exec3/Exec[updatedb]: Triggered 'refresh' from 2 events
notice: Finished catalog run in 18.83 seconds
测试后:
[root@agent3 rhel5]# cat /etc/passwd | grep nginx
nginx:x:1000:1000::/home/nginx:/sbin/nologin
[root@agent3 rhel5]# cat /etc/group | grep nginx
nginx:x:1000:nginx
[root@agent3 rhel5]# ll /tmp/rhel5/nginx/
total 632
drwxr-xr-x. 8 nginx nginx 4096 Sep 5 14:29 nginx-0.8.42
-rwx------. 1 root root 642593 Sep 5 14:29 nginx-0.8.42.tar.gz
[root@agent3 rhel5]# ll /usr/local/nginx/
total 16
drwxr-xr-x. 2 root root 4096 Sep 5 14:30 conf
drwxr-xr-x. 2 root root 4096 Sep 5 14:30 html
drwxr-xr-x. 2 root root 4096 Sep 5 14:30 logs
drwxr-xr-x. 2 root root 4096 Sep 5 14:30 sbin
第二次执行:
由于设置了 unless => "/bin/ls /usr/local/nginx/conf", 当命令返回结果为0的时候,exec是不会执行的。其次设置了refreshonly => true,配合notify和subscrive只有在更改的情况下才会触发更新
[root@agent3 ~]# puppet agent --test
info: Retrieving plugin
info: Loading facts in /var/lib/puppet/lib/facter/backup_date.rb
info: Loading facts in /var/lib/puppet/lib/facter/my_apply1.rb
info: Loading facts in /var/lib/puppet/lib/facter/my_apply3.rb
info: Loading facts in /var/lib/puppet/lib/facter/my_apply2.rb
info: Caching catalog for agent3.rsyslog.org
info: Applying configuration version '1378366520'
notice: /Stage[main]/Source/Notify[nstallation nginx package through the source code nginx-0.8.42.tar.gz]/message: nstallation nginx package through the source code nginx-0.8.42.tar.gz
notice: /Stage[main]/Source/Notify[nstallation nginx package through the source code nginx-0.8.42.tar.gz]/message: defined 'message' as 'nstallation nginx package through the source code nginx-0.8.42.tar.gz'
notice: Finished catalog run in 0.32 seconds
欢迎puppet精英加入自动化运维管理群 296934942 |
|
QQ群⑧:
窥视卡
雷达卡
发表于 2018-8-3 06:05:55
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡