Puppet学习笔记之常用资源类型

安装puppet
目前官方最新版本为Puppet v3.6.2[root@node3 ~]# rpm -qlpuppetpackage puppet is not installed安装puppet，如果想使用yum安装，必须配置epel源
[root@node3 ~]# wgethttp://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm [root@node3 ~]#rpm -ivh puppetlabs-release-el-6.noarch.rpm [root@node3 ~]#yuminstall puppet -y
取消warning警告信息[root@node3 ~]# for s in manifest modulepath templatedirmanifestdir ;do grep "^ $s =" /etc/puppet/puppet.conf;sed -i -e "/^ $s = /s/^/#/" /etc/puppet/puppet.conf;done
常用资源类型[root@node3 ~]# puppet describe -l可看到puppet列出N多资源类型
这里我们常用资源类型有：notifygroup,userpackagefileserviceyum repomountcronexec
定义简单notify使用 puppetdescribe notify 来查看notify的各类属性
[root@node3 ~]# puppet describe notifynotify======Sends an arbitrary message to the agent run-time log. Parameters---------- - **message** The message to be sentto the log. - **name** An arbitrary tag foryour own reference; the name of the message. - **withpath** Whether to show thefull object path. Defaults to false. Valid values are`true`, `false`.对于puppet来讲 其数据类型有很多，比如字符串或数值等等所有字符串都需要用引号引起来如下所示，我们定义[root@node3 puppet_test]# pwd/root/puppet_testPuppet的脚本都是以pp结尾，下面我们来定义一个notify类型，属性为messagenotify {'notice': #名称为notice，这里可以随意命名 message =>"hello world", #message为显示信息为hello world}执行脚本[root@node3 puppet_test]# puppet apply test1.pp Notice: Compiled catalog for node3.test.com in environmentproduction in 0.06 secondsNotice: hello worldNotice: /Stage[main]/Main/Notify[notice]/message: defined'message' as 'hello world' #定义了信息为'hello world'Notice: Finished catalog run in 0.03 seconds #执行脚本过程用了多长时间 使用package资源为本机安装软件这里要使用package资源进行定义[root@node3 puppet_test]# puppet describe package 可以看到官方给出的例子：对于package通常隐含的是报名 package { $ssl: #指定包名，通常包名是通过变量引用的
ensure => installed, #执行安装操作
alias => openssl
}在定义一个包或其他资源的时候，绝大部分资源都有特殊属性叫做ensure ensure的常见属性ensure大概属性有installed 必须安装absent 卸载purgedlatest 要安装并且最新版本
以httpd为例，我们想让其强制安装httpd，如下所示package {'httpd': ensure =>installed,}执行脚本[root@node3 puppet_test]# rpm -q httpdpackage httpd is not installed[root@node3 puppet_test]# puppet apply test2.pp Notice: Compiled catalog for node3.test.com in environmentproduction in 0.84 secondsNotice: /Stage[main]/Main/Package[httpd]/ensure: createdNotice: Finished catalog run in 4.63 seconds #已经在此时间内完成[root@node3 puppet_test]# !rpmrpm -q httpdhttpd-2.2.15-31.el6.centos.x86_64

使用service资源类型使用服务自动启动
puppet describe service注意的是资源名称比较独特，同类资源不能重名，但是跨类型可以重名的
package {'httpd': ensure => installed,} service {'httpd': ensure => running,}
执行脚本
[root@node3 puppet_test]# puppet apply test3.pp Notice: Compiled catalog for node3.test.com in environment production in1.05 secondsNotice: /Stage[main]/Main/Service[httpd]/ensure: ensure changed 'stopped'to 'running'Notice: Finished catalog run in 0.78 seconds [root@node3 ~]# /etc/init.d/httpd status
httpd (pid 21015) is running... 说明service依赖于package，因此需要定义资源的依赖关系 资源引用类型 ['资源名称']在引用类型时，类型的第一个字母必须大写 在资源类型中有种特殊属性是用来定义资源间依赖关系的一般来讲定义资源属性有以下两个引用关系：before => #在引用其他资源，其本身资源必须先完成，优先级最高require => #需要before执行完后再执行此资源 例，执行package的时候必须依赖于Service[httpd]的资源，安装httpd的时候，必须在httpd启动之前执行package {'httpd':
ensure => installed,
before => Service ['httpd'],
}表示服务启动之前必须确保httpd已经应用了，这两者方式比较相近，但是还是不一样的一般来讲，require比较常用如下所示我们将httpd写在，并再次执行test3root@node3 puppet_test]# rpm -e httpd[root@node3 puppet_test]# puppet apply test3.pp Notice: Compiled catalog for node3.test.com in environment production in1.03 secondsError: Could not start Service[httpd]: Execution of '/sbin/service httpdstart' returned 1: httpd: unrecognized serviceWrapped exception:Execution of '/sbin/service httpd start' returned 1: httpd: unrecognizedserviceError: /Stage[main]/Main/Service[httpd]/ensure: changefrom stopped to running failed: Could not start Service[httpd]: Execution of'/sbin/service httpd start' returned 1: httpd: unrecognized serviceNotice: /Stage[main]/Main/Package[httpd]/ensure: createdNotice: Finished catalog run in 8.00 seconds查看其httpd状态[root@node3 puppet_test]# /etc/init.d/httpd statushttpd is stopped再次执行脚本[root@node3 puppet_test]# puppet apply test3.pp Notice: Compiled catalog for node3.test.com in environment production in1.02 secondsNotice: /Stage[main]/Main/Service[httpd]/ensure: ensure changed 'stopped'to 'running'Notice: Finished catalog run in 0.75 seconds再次查看httpd状态[root@node3 puppet_test]# !/etc/etc/init.d/httpd statushttpd (pid 26956) is running...
由此我们可以得到结论，如果不定义其资源引用可能会导致某个资源一次性执行不成功或其他错误

定义资源引用
[root@node3 puppet_test]# cat test4.pp package {'httpd': allow_virtual => false, ensure => installed,} service {'httpd': require =>Package['httpd'], #资源名的第一个字母一定要大写 ensure => true,}[root@node3 puppet_test]# rpm -e httpd[root@node3 puppet_test]# puppet apply test4.pp Notice: Compiled catalog for node3.test.com in environment production in1.05 secondsNotice: /Stage[main]/Main/Package[httpd]/ensure: createdNotice: /Stage[main]/Main/Service[httpd]/ensure: ensure changed 'stopped'to 'running'Notice: Finished catalog run in 7.81 seconds可以看到没有任何报错

用户资源定义方式数据类型的定义： 字符型：直接字符串 数组：['element1','element2'] 一旦有多个元素 直接用中括号括起来即可 group组[root@node3 ~]# puppet describe group- **ensure**
Create or remove the group.
Valid values are `present`, `absent`. - **gid**
The group ID. Must be specified numerically. Ifno group ID is创建用户组名为hello_puppet gid为1001group {'hello_puppet': #组名为hello_puppet
ensure => present, #present表示创建 gid => 1101, #其gid为1001
}执行脚本[root@node3 puppet_test]# puppet apply test5.pp Notice: Compiled catalog for node3.test.com in environment production in0.19 secondsNotice: /Stage[main]/Main/Group[hello_puppet]/ensure: createdNotice: Finished catalog run in 0.22 seconds如果不定义组名的话默认就为hello_puppet[root@node3 puppet_test]# tail -1 /etc/grouphello_puppet:x:1101:
用户管理我们将用户加入到某个组里面并且指定某个特定组，那么这个组必须实现存在的我们可以自定义 [root@node3 puppet_test]# puppetdescribe usergid 指定组groups 指定附加组 ，事先必须存在home 事先定义家目录，但是不会创建system 小于500则认为系统组password 将加密后的加密串定义此处即可，如果存在$符则需要单引号引起来 定义如下
group {'hello':
ensure => present,
gid => 1001,
}
user {'hello':
gid => 1001,
uid => 1001,
home => '/home/hello', #指定家目录
managehome => true, #创建检目录
ensure => present, #定义ensure
require => Group['hello'], #依赖于group资源} 为用户创建密码[root@node3 home]# openssl passwd -1 -salt `openssl rand -hex 4`
Password:
$1$68d9f426$pRK5U9Q1oq.JXAlYR40rv.将字符串复制进脚本[root@node3 puppet_test]# cat c.pp
group {'hello':
ensure => present,
gid => 1001,
}

user {'hello':
gid => 1001,
uid => 1001,
home => '/home/hello',
managehome => true, password =>'$1$68d9f426$pRK5U9Q1oq.JXAlYR40rv.', ensure => present,
require => Group['hello'],
} 应用脚本查看shadow[root@node3 puppet_test]# tail -2 /etc/shadow
apache:!!:16295::::::
hello:$1$68d9f426$pRK5U9Q1oq.JXAlYR40rv.:16300:0:99999:7::: 定义file资源
[root@node3 puppet_test]# puppet describefile- **content** #一般来跟source结合使用，明确指定源文件，所以必须提供源文件才可以 在资源属性中，所有标记为namevar的，如果不指相当于title #source既可以是uri 也可以是绝对路径 - **target** #在创建链接的时候表明要链接到某个地方去
创建文件目录[root@node3 /]# mkdir -pv /backup/httpd/conf/[root@node3 /]# cp/etc/httpd/conf/httpd.conf /backup/httpd/conf/查看文件权限权限为644，我们待会将权限改为640[root@node3 /]# ll /etc/httpd/conf/httpd.conf -rw-r--r-- 1 root root 34418 Aug 25 14:48 /etc/httpd/conf/httpd.conf定义脚本如下所示：
file {'/etc/httpd/conf/httpd.conf': ensure => file, #类型 source =>'/backup/httpd/conf/httpd.conf', #明确指定源文件，所以必须提供源文件才可以 mode => 0640, #定义文件的权限为640 owner => root, #定义文件属主属组 group => root,}
[root@node3 /]# puppet apply test7.pp Notice: Compiled catalog for node3.test.com in environment production in0.15 secondsNotice: /Stage[main]/Main/File[/etc/httpd/conf/httpd.conf]/mode: modechanged '0644' to '0640' #模式以及将文件从644改为640Notice: Finished catalog run in 0.10 seconds查看文件
[root@node3 puppet_test]# ll /etc/httpd/conf/httpd.conf-rw-r----- 1 root root 34418 Jul 18 14:27 /etc/httpd/conf/httpd.conf
接下来我们修改其source=>源文件，其意为这个资源都以这个路径的文件为主
[root@node3 puppet_test]# echo "#test" >> /backup/httpd/conf/httpd.conf [root@node3 puppet_test]# puppet apply test7.pp Notice: Compiled catalog for node3.test.com in environment production in0.15 secondsNotice: /Stage[main]/Main/File[/etc/httpd/conf/httpd.conf]/content:content changed '{md5}ecb2c5ae38be79965201c85ed0d079d3' to '{md5}4c8be4a6309fa6913aa8d1afd89b2052' #检测到资源发生变化Notice: Finished catalog run in 0.11 seconds
查看配置文件的变化
[root@node3 puppet_test]# tail -1 /etc/httpd/conf/httpd.conf#test
使用exec资源执行系统命令
比如我们自定编译安装了某个服务，那么这个服务是通过编译方式安装的，那么我们通过下载之后放在本机，很有可能脚本文件不存在，于是通过file拷贝了一个脚本文件而且具备执行权限，为了让其开机自动启动则需要chkconfig 一般定义command的时候为了避免环境变量出错，通常需要path定义环境变量
exec {'test': path =>'/bin:/sbin:/usr/bin:/usr/sbin', #指定环境变量 command => 'cp /etc/fstab/tmp/', user => root, group => root,}
[root@node3 puppet_test]# puppet apply test8.pp[root@node3 puppet_test]# ll /tmp/fstab -rw-r--r-- 1 root root 805 Aug 25 15:20 /tmp/fstab
将某个服务加到启动列表里则：command => 'chkconfig --add service;chkconfigservice on',因为不能在同一资源里定义多个类型的，所以要用;号隔开

Puppet其他两个资源引用我们之前提到了以下两个资源引用beforerequire 接下来说其他两个资源引用notify #表示执行成功后进行通知，让用户手动去重载subscribe #与上面一致，不过定义在资源后 例：使用notify定义在前资 源中文件改变后需通知资源file {'/etc/httpd/conf/httpd.conf':
ensure => file,
source =>'/backup/httpd/conf/httpd.conf',
mode => 0644 ,
owner => root,
group => root,
notify=> Service['httpd'],
}

service {'httpd':
ensure => running,

}
subscribe 订阅，生成新的版本则立即发送给其他资源例：service {'httpd':
#ensure => running,
subscribe => File['/etc/httpd/conf/httpd.conf'],
} 执行脚本[root@node3 puppet_test]# puppet apply c.pp
Notice: Compiled catalog for node3 in environment production in 0.29 seconds
Notice: /Stage[main]/Main/File[/etc/httpd/conf/httpd.conf]/content: contentchanged '{md5}734f81ed80fe96290296188fe5a6809b' to'{md5}c0c8a3f51c5f91e31b1b0564a364845a'
Notice: /Stage[main]/Main/File[/etc/httpd/conf/httpd.conf]/mode: mode changed'0640' to '0644'
Notice: /Stage[main]/Main/Service[httpd]: Triggered 'refresh' from 2 events #重新刷新了服务的状态
Notice: Finished catalog run in 1.54 seconds [root@node3 puppet_test]# ps -ef | grep httpd
root 30153 1 0 14:02 ? 00:00:00 /usr/sbin/httpd
apache 30155 30153 0 14:02 ? 00:00:00 /usr/sbin/httpd 很多时候，资源间是连续依赖的，我们可以将其按次序链进行定义-> 用来定义次序链~> 用来定义通知链 从左往右的顺序，如下所示：Package['ntp'] -> File['/etc/httpd/conf/httpd.conf']~> Service['ntp'] 首先安装ntp 再执行File ,如果Package无法执行那么后续的则无法进行说明第二个依赖于第一个