您的位置：首页 > 其它

Puppet原理及基础配置应用

2017-03-10 00:00 253 查看

1.概述

名称概述

Puppet：集中式的配置管理工具，通过自有配置语言对节点进行目标状态定义，并能够基于网络实现目标状态的维护。

master：中心配置库

agent：读取并应用配置的节点

manifest：清单

用于定义并保存资源，是一个资源组织工具

modules：模块

多个资源组成一个模块，类的集合

类：

层次型组织组件一种方式（继承），资源的集合，include调用

node：节点

多个模块定义一个节点

模板配置语言：

（基于agent的facter获取系统配置信息，替换配置本地配置）

资源

支持变量（自定义变量、puppet内置变量、facter变量）、条件语句、正则表达式

Puppet Dashboard（第三方）：

从数据库种获取，展示agentd返回状态信息

工作模型

define：使用puppet语言来定义资源状态

模拟：根据资源关系图，puppet模拟部署（无损运行c）测试代码

强制：比对客户端主机状态和定义的资源状态是否一致，自动强制执行

report：通过puppet api将日志发送到第三方监控工具（dashboard，foreman）

2.单机环境

下载地址：http://yum.puppetlabs.com/el/6.5/products/x86_64/

系统	CentOS release 6.8 (Final)
单机	192.168.195.207

[root@localhost ~]#yum install ruby # puppet基于ruby

安装

[root@localhost ~]#yum install puppet-3.8.7-1.el6.noarch.rpm facter-2.4.6-1.el6.x86_64.rpm # 安装所需包
错误：Package: puppet-3.8.7-1.el6.noarch (/puppet-3.8.7-1.el6.noarch)
Requires: ruby-shadow
错误：Package: puppet-3.8.7-1.el6.noarch (/puppet-3.8.7-1.el6.noarch)
Requires: hiera >= 1.0.0
错误：Package: puppet-3.8.7-1.el6.noarch (/puppet-3.8.7-1.el6.noarch)
Requires: rubygem-json
错误：Package: puppet-3.8.7-1.el6.noarch (/puppet-3.8.7-1.el6.noarch)
Requires: ruby-augeas

解决Requires: ruby-shadow，Requires: hiera >= 1.0.0等依赖

[root@localhost ~]#rpm -ivh puppetlabs-release-6-12.noarch.rpm # 安装yum源
[root@localhost ~]#yum install puppet-3.8.7-1.el6.noarch.rpm facter-2.4.6-1.el6.x86_64.rpm

3.语法

变量

$变量a = $变量b 是? {
值1 => 值11,
值2 => 值22,
}
# 变量b是值1就赋值值11给变量a，最后一个要逗号，否则不生效
$ssl = $operatingsystem ? {
solaris => SMCossl,
default => openssl
}
# 访问非当前作用于的变量
$vhostdir = $顶级作用于::次级作用于::变量
# 执行facter，会列出系统内置变量
agent： $enviroment， $clientcert， $clientversion
master： $serverip， $servername， $serversion
# 正则表达式，启用i表示忽略字符大小写，不支持m表示把.当作换行符，x忽略模式中的空白字符和注释
$package = $operatingsystem ? {
/(?i-mx:ubuntu|debian)/  => 'apache2',
/(?i-mx:centos|fedora|redhat)/ => 'httpd',
}

操作符

比较		逻辑		算术
==	等值比较	and	与	+	加
!=	不等比较	or	或	-	减
<	小于	!(not)	非	/	除
>	大于			*	乘
<=	小等			<<	左移
>=	大等			>>	右移
=~	正则匹配
!~	正则不匹
in	存在

if

if CONDITION1 {
...
}
elif CONDITION2{
...
}
else{
...
}
[root@localhost ~]# vim /tmp/test4.pp
if $operatingsystem =~ /^(?i-mx:(centos|redhat))/ {
notice("Welcome to $1 linux server")
}
# $1是()匹配的值
[root@localhost ~]# puppet apply /tmp/test4.pp
Notice: Scope(Class[main]): Welcom to CentOS linux.
Notice: Compiled catalog for localhost in environment production in 0.04 seconds
Notice: Finished catalog run in 0.02 seconds

case

case CONTROL_EXP {
case1,...: {statement...}
case2,...: {statement...}
default: {statement...}
}
[root@localhost ~]# vim /tmp/test5.pp
case $operatingsystem {
'Solaris':              { notice("Welcome to Solaris") }
'RedHat', 'CentOS':     { notice("Welcome to RedHat OSFamily")}
/^(Debian|Ubuntu)$/:    { notice("Welcome to $1 linux")}
default:                {notice("Welcome, alien *_...")}
}
[root@localhost ~]# puppet apply /tmp/test5.pp
Notice: Scope(Class[main]): Welcome to RedHat OSFamily
Notice: Compiled catalog for localhost in environment production in 0.05 seconds
Notice: Finished catalog run in 0.01 seconds

selector（返回值）

CONTROL_VARIABLE ? {
case1   => value1
case2   => value2
...
default => valueN
}
[root@localhost ~]# vim /tmp/test6.pp
$webserver = $operatingsystem ? {
/(?i-mx:ubuntu|debain)/         => 'apache2',
/(?i-mx:centos|fedora|redhat)/  => 'httpd',
}
notice($webserver)
[root@localhost ~]# puppet apply /tmp/test6.pp
Notice: Scope(Class[main]): httpd
Notice: Compiled catalog for localhost in environment production in 0.04 seconds
Notice: Finished catalog run in 0.01 seconds

4.资源配置

命令格式

[root@localhost ~]#rpm -ql puppet | less # 查看puppet安装信息
[root@localhost ~]#puppet help
Usage: puppet <subcommand> [options] <action> [options]
apply             Apply Puppet manifests locally # 应用资源
describe          Display help about resource types # 描述资源

资源定义

[root@localhost ~]#puppet describe -h
* --list:
List all types
[root@localhost ~]#puppet describe -l # 资源类型列表
cron            - Installs and manages cron jobs
exec            - Executes external commands
file            - Manages files, including their content, owner ...
group           - Manage groups
notify          - .. no documentation ..
service         - Manage running services
user            - Manage users
package         - Manage packages
# 资源定义在manifest文件里，定义格式
type {'title':
attribute1 => value1,
a2 => v2,
}

通知资源notify

[root@localhost ~]#puppet describe notify # 描述notify类型资源
- **message**
- **name**
- **withpath**
[root@localhost ~]#vim /etc/test.pp # 定义notify类型的资源
notify {'notice':
message => 'welcome to puppet',
}
[root@localhost ~]#puppet apply /tmp/test.pp # 应用资源，通知信息
Notice: Compiled catalog for localhost in environment production in 0.04 seconds
Notice: welcome to puppet
Notice: /Stage[main]/Main/Notify[notice]/message: defined 'message' as 'welcome to puppet'
Notice: Finished catalog run in 0.02 seconds

软件包资源package

[root@localhost ~]# puppet describe package # 描述package类型资源
- **ensure**    `present` (also called `installed`), `absent`,`purged`, `held`, `latest`
# 程序包状态
- **name**    资源的名称=软件包的名字
Providers
---------
aix, appdmg, apple, apt, aptitude, aptrpm, blastwave, dpkg, fink,
freebsd, gem, hpux, macports, msi, nim, openbsd, opkg, pacman, pip, pkg,
pkgdmg, pkgin, pkgutil, portage, ports, portupgrade, rpm, rug, sun,
sunfreeware, up2date, urpmi, windows, yum, zypper
# 软件包管理器，默认yum安装
- **source**    指定程序文件路径
- **install_options**
package { 'mysql':
ensure          => installed,
source          => 'N:/packages/mysql-5.5.16-winx64.msi',
install_options => [ '/S', { 'INSTALLDIR' => 'C:\mysql-5.5' } ],
}
[root@localhost ~]# vim /tmp/nginx.pp # 定义package类型资源
package {'nginx':
ensure => present,
name   => nginx,
}
[root@localhost ~]# vim /etc/yum.repos.d/nginx.repo # 要应用这个资源，必须能够yum安装nginx
[nginx]
name = nginx repo
baseurl = http://nginx.org/packages/centos/6/$basearch/ gpgcheck = 0
enabled = 1
# 新建yum源，url的系统版本centos,6视环境而定
[root@localhost ~]# puppet apply /tmp/nginx.pp # 应用资源，安装nginx
Notice: Compiled catalog for localhost in environment production in 0.22 seconds
Notice: /Stage[main]/Main/Package[nginx]/ensure: created
Notice: Finished catalog run in 16.50 seconds
[root@localhost ~]# rpm -q nginx # 已经安装
nginx-1.10.3-1.el6.ngx.x86_64
# 设置absent，应用会移除package

服务资源service

[root@localhost ~]# puppet describe service # 描述service类型资源
- **ensure**    `stopped` (also called `false`), `running` (also called `true`)
- **enable**    start at boot `true`, `false`, `manual`
- **name**
- **path**    path for finding init scripts
- **stop/start/status**
Specify a *stop/start/status* command manually.
[root@localhost ~]# vim /tmp/nginx.pp # 定义service类型资源
package {'nginx':
ensure => present,
name   => nginx,
}

service {'nginx':
ensure => true,
name   => nginx,
enable => true,
}
[root@localhost ~]# puppet apply /tmp/nginx.pp # 应用，80端口不占用下
Notice: Compiled catalog for localhost in environment production in 0.36 seconds
Notice: /Stage[main]/Main/Package[nginx]/ensure: created
Notice: /Stage[main]/Main/Service[nginx]/ensure: ensure changed 'stopped' to 'running'
Notice: Finished catalog run in 45.73 seconds
Notice: Finished catalog run in 45.73 seconds
[root@localhost ~]# service nginx status
nginx (pid  2902) 正在运行...
[root@localhost ~]# chkconfig --list nginx
nginx          	0:关闭	1:关闭	2:启用	3:启用	4:启用	5:启用	6:关闭

文件资源file

[root@localhost ~]# puppet describe file # 描述文件资源
# 管理文件、目录、符号链接
# 生成文件内容
# 管理文件权限、属性
# 通过source属性到指定位置下载文件
# 通过recurse属性来获取目录
- **ensure**    `present` `absent` 是|不是 `file` `directory` `link`
- **backup**    通过filebucket资源备份文件，值通常为filebucket资源
# 文件内容：content,source,target
- **content**    文件内容
- **source**    下载文件，格式：puppet:///modules/MODULE_NAME/FILE_NAME
- **target**    为符号链接指定目标
- **links**    'follow' 'manage'
- **path** (*namevar*)    对象文件路径
- **mode**    "owner," "group," and "other" 421
- **force**    强制删除文件、链接或目录，仅在ensure=>absent
- **purge**    清空指定目录中存在的，但未在资源中定义的文件
- **recurse**    目录递归，`true`, `false`, `yes`, `no`
- **replace**    替换`true`, `false`, `inf`, `remote`
[root@localhost ~]# vim /tmp/file.pp # 定义文件资源
$str = 1 ? {
1 => 'abc file'
}
file {'abc.txt':
ensure  => present,
content => "$str",
path    => "/tmp/abc.txt"
}
file {'symbol':
ensure => link,
path   => "/tmp/link_abc",
target => "/tmp/abc.txt"
}
file {'symbol2':
ensure => present,
path   => "/tmp/lin2_abc",
target => "/tmp/abc.txt",
links  => follow,
}
[root@localhost ~]# puppet apply /tmp/file.pp # 应用
Notice: Compiled catalog for localhost in environment production in 0.08 seconds
Notice: /Stage[main]/Main/File[abc.txt]/ensure: created
Notice: Finished catalog run in 0.02 seconds
[root@localhost ~]# ls -al /tmp/abc.txt /tmp/link_abc /tmp/lin2_abc # 查看目录
-rw-r--r--. 1 root root  8 3月  14 03:38 /tmp/abc.txt
lrwxrwxrwx. 1 root root 12 3月  14 03:53 /tmp/lin2_abc -> /tmp/abc.txt
lrwxrwxrwx. 1 root root 12 3月  14 03:48 /tmp/link_abc -> /tmp/abc.txt
[root@localhost ~]# cat /tmp/abc.txt # 查看文件
abc file

执行exec

# 通常在不得不用时使用，完成puppet无法实现的功能
# command： 要执行的命令，通常为命令文件的完整路径
# path： 命令搜索路径
# group/user： 执行用户组/用户
# onlyif： 0/1,表示命令的状态返回值为0/1时执行
# refresh： 接收到其他资源通知时，如何刷新执行
# refreshonly： 仅当依赖的文件资源发生改变时，才执行
# tries： 执行次数，默认1
# try_sleep： 执行间隔
[root@localhost ~]# vim /tmp/exec.pp # 定义exec资源，输出会重定向
exec {'echo command':
command => "touch /tmp/tmp.xxx",
path    => '/bin:/sbin:/usr/bin:/usr/sbin',
}
[root@localhost ~]# puppet apply /tmp/exec.pp # 应用资源
Notice: Compiled catalog for localhost in environment production in 0.05 seconds
Notice: /Stage[main]/Main/Exec[echo command]/returns: executed successfully
Notice: Finished catalog run in 0.09 seconds
[root@localhost ~]# ls /tmp/tmp.xxx # 查看
/tmp/tmp.xxx

用户组group

[root@localhost ~]# puppet describe group # 描述user资源
- **ensure**  Create or remove the group，`present`, `absent`
- **name**  组名
- **gid**  GID
- **system**  系统组，`true`, `false`, `yes`, `no`
[root@localhost ~]# vim /tmp/test3.pp # 定义group资源
group {'testgp':
ensure => present,
gid    => 1001,
}
[root@localhost ~]# puppet apply /tmp/test3.pp -v # 应用资源
Notice: Compiled catalog for localhost in environment production in 0.10 seconds
Info: Applying configuration version '1489440108'
Notice: /Stage[main]/Main/Group[testgp]/ensure: created
Notice: Finished catalog run in 0.14 seconds

用户user

[root@localhost ~]# puppet describe user # 秒速user资源
- **gid**
- **groups**
- **home**
- **name**
- **uid**
- **system**
- **shell**
- **password**
- **managehome**  true false
[root@localhost ~]# openssl passwd -1 -salt `openssl rand -hex 4` # 生成密码加密串
Password:
$1$7d03e65a$ss3hIid.JUTZadq6PbGPh1
[root@localhost ~]# vim /tmp/test3.pp
group {'testgp':
ensure => present,
gid    => 1001,
} ->
user {'testuser':
ensure => present,
gid    => 1001,
uid    => 1001,
home   => '/home/test',
shell  => '/bin/bash',
password => '$1$7d03e65a$ss3hIid.JUTZadq6PbGPh1',
managehome => true,
}
[root@localhost ~]# puppet apply /tmp/test3.pp # 应用资源

周期性任务cron

[root@localhost ~]# puppet describe cron # 秒速cron资源
Example:
cron { logrotate:
ensure  => present,
command => "/usr/sbin/logrotate",
user    => root,
hour    => 2, # [2, 4] 定时 # ['2-4'] 时间内
minute  => 0
}

资源高级配置

资源引用

Type['title'] 例：Package['nginx']

元参数

用于定义资源间的依赖关系，及应用次序，通知机制：

特殊属性：require（后于）或before（先于），notify（通知）或subscribe（订阅）

[root@localhost ~]# vim /tmp/nginx.pp # 默认是先定义先执行，先应用先执行
package {'nginx':
ensure => present,
name   => nginx,
before => Service['nginx']
}

service {'nginx':
ensure => true,
name   => nginx,
enable => true,
require => Package['nginx'],
}

[root@localhost ~]# vim /tmp/test1.pp
file {'/tmp/test2.txt':
ensure  => file,
content => "hello puppet",
notify  => Exec['monitor'],
}

exec {'monitor':
command     => 'echo "/tmp/test2.txt changed." >> /tmp/monitor.txt',
refreshonlt => true,
subscribe   => File['/tmp/test2.txt'],
path        => "/bin:/sbin:/usr/bin:/usr/sbin",
}
[root@localhost ~]# puppet apply /tmp/test1.pp -v
Notice: Compiled catalog for localhost in environment production in 0.11 seconds
Info: Applying configuration version '1489438469'
Info: Computing checksum on file /tmp/test2.txt
Info: FileBucket got a duplicate file {md5}d41d8cd98f00b204e9800998ecf8427e
Info: /Stage[main]/Main/File[/tmp/test2.txt]: Filebucketed /tmp/test2.txt to puppet with sum d41d8cd98f00b204e9800998ecf8427e
Notice: /Stage[main]/Main/File[/tmp/test2.txt]/content: content changed '{md5}d41d8cd98f00b204e9800998ecf8427e' to '{md5}19ee62e0c6b5f00aaf9b02280c0dad66'
Info: /Stage[main]/Main/File[/tmp/test2.txt]: Scheduling refresh of Exec[monitor]
Notice: /Stage[main]/Main/Exec[monitor]/returns: executed successfully
Notice: /Stage[main]/Main/Exec[monitor]: Triggered 'refresh' from 1 events
Notice: Finished catalog run in 0.25 seconds
[root@localhost ~]# cat /tmp/test
test1.pp   test2.txt  test.pp
[root@localhost ~]# cat /tmp/test2.txt
hello puppet[root@localhost ~]# cat /tmp/monitor.txt
/tmp/test2.txt changed.

应用链

"->"用于定义次序链，"~>"用于定义通知链

Package['nginx'] -> File['nginx.conf'] ~> Service['nginx']

package {'nginx':
ensure => present,
...
}->
file {'nginx':
...
}~> # 默认restart
service {'nginx':
ensure => true,
enable => true,
restart => '/etc/rc.d/init.d/nginx reload',  # 优先使用本地
}

5.类

用于通用目标或目的的一组资源，在全局可被调用

不带参数类

[root@localhost ~]# vim /tmp/class.pp
class nginx{
package {'nginx':
ensure => present,
}
service {'nginx':
ensure => true,
require => Package['nginx'],
}
}
include nginx
# 启用类
# include 类名
# require 类名
# class {'类名':}
[root@localhost ~]# puppet apply /tmp/class.pp
Notice: Compiled catalog for localhost in environment production in 0.37 seconds
Notice: /Stage[main]/Nginx/Package[nginx]/ensure: created
Notice: /Stage[main]/Nginx/Service[nginx]/ensure: ensure changed 'stopped' to 'running'
Notice: Finished catalog run in 10.40 seconds

带参数的类

# 清空原始web下
[root@localhost ~]# vim /tmp/class_par.pp
$webserver = $operatingsystem ? {
/^(?i-mx:redhat|centos|fedora)/ => 'httpd',
/^(?i-mx:ubuntu|debian)/        => 'apache2'
}
class httpd ($pkgname = 'apache2') {
package {"$pkgname":
ensure => present,
}
service {"$pkgname":
ensure => true,
require => Package["$pkgname"],
}
}
class {"httpd":
pkgname => $webserver,
}
[root@localhost ~]# puppet apply /tmp/class_par.pp
Notice: Compiled catalog for localhost in environment production in 0.37 seconds
Notice: /Stage[main]/Httpd/Package[httpd]/ensure: created
Notice: /Stage[main]/Httpd/Service[httpd]/ensure: ensure changed 'stopped' to 'running'
Notice: Finished catalog run in 4.95 seconds

类继承

class C_NAME inherits PARENT_CLASS_NAME {

}
子类的命名方式：nginx::rproxy

[root@localhost ~]# vim /tmp/class_inherit_node.pp
import "/tmp/class_inherit.pp"
include nginx::web
[root@localhost ~]# vim /tmp/class_inherit.pp # 定义入口资源文件
class nginx {
package {"nginx":
ensure => present,
}
}
class nginx::proxy inherits nginx {
file {"/etc/nginx/nginx.conf":
ensure => file,
source => "/tmp/nginx/nginx_proxy.conf",
notify => Service['nginx'],
}
service {"nginx":
ensure => true,
}
}
class nginx::web inherits nginx {
file {"/etc/nginx/nginx.conf":
ensure => file,
source => "/tmp/nginx/nginx_web.conf",
notify => Service['nginx'],
}
service {"nginx":
ensure => true,
}
}
[root@localhost ~]# mkdir /tmp/nginx # 设置测试所需文件
[root@localhost ~]# cp /etc/nginx/nginx.conf /tmp/nginx/nginx_web.conf
[root@localhost ~]# cp /etc/nginx/nginx.conf /tmp/nginx/nginx_proxy.conf
[root@localhost ~]# vim /tmp/nginx/nginx_web.conf
worker_processes  4;
[root@localhost ~]# service httpd stop
停止 httpd：                                               [确定]
[root@localhost ~]# service nginx status
nginx 已停
[root@localhost ~]# puppet apply /tmp/class_inherit_node.pp  # 应用资源
Warning: The use of 'import' is deprecated at /tmp/class_inherit_node.pp:2. See http://links.puppetlabs.com/puppet-import-deprecation (at /usr/lib/ruby/site_ruby/1.8/puppet/parser/parser_support.rb:110:in `import')
Notice: Compiled catalog for localhost in environment production in 0.45 seconds
Notice: /Stage[main]/Nginx::Web/Service[nginx]/ensure: ensure changed 'stopped' to 'running'
Notice: Finished catalog run in 0.22 seconds
[root@localhost ~]# cat /etc/nginx/nginx.conf | grep 'worker_processes'
worker_processes  4;

6.模块

为了实现某种完备功能而组织成一个独立的，自我包含的目录结构（目录名称=模块名称）

files 文件存储目录

manifests 清单存储目录

init.pp 一个模块同名类，应用起点，import其他资源

每个清单文件通常包含一个类

templaters 模板存储目录(.erb)

lib ruby插件存储目录

默认是/etc/puppet/modules路径下查找，include启用在init.pp中模块同名类或import的其他类

puppet apply --modulepath=/etc/puppet/modules/ -e "include nginx, nginx::web"

[root@localhost ~]# cd /etc/puppet/modules/
[root@localhost modules]# mkdir nginx
[root@localhost modules]# mkdir -pv nginx/{manifests,files,templates,lib}
mkdir: 已创建目录 "nginx/manifests"
mkdir: 已创建目录 "nginx/files"
mkdir: 已创建目录 "nginx/templates"
mkdir: 已创建目录 "nginx/lib"
[root@localhost modules]# vim nginx/manifests/nginx_web.pp

class nginx::web inherits nginx {
file {"/etc/nginx/nginx.conf":
ensure => file,
source => "puppet:///modules/nginx/nginx_web.conf",
notify => Service['nginx'],
require => Package['nginx'],
}
service {"nginx":
ensure => true,
}
}
[root@localhost modules]# vim nginx/manifests/nginx_proxy.pp

class nginx::proxy inherits nginx {
file {"/etc/nginx/nginx.conf":
ensure => file,
source => "puppet:///modules/nginx/nginx_proxy.conf",
notify => Service['nginx'],
require => Package['nginx'],
}
service {"nginx":
ensure => true,
}
}
[root@localhost modules]# vim nginx/manifests/init.pp
class nginx {
package {"nginx":
ensure => present,
}
}
import "nginx_web.pp","nginx_proxy.pp"
[root@localhost modules]# cp /tmp/nginx/nginx_* nginx/file/
[root@localhost modules]# service httpd stop
[root@localhost modules]# service nginx stop
[root@localhost modules]# puppet apply --modulepath=/etc/puppet/modules/ -e "include nginx, nginx::web"
Warning: The use of 'import' is deprecated at /etc/puppet/modules/nginx/manifests/init.pp:7. See http://links.puppetlabs.com/puppet-import-deprecation (at /usr/lib/ruby/site_ruby/1.8/puppet/parser/parser_support.rb:110:in `import')
Notice: Compiled catalog for localhost in environment production in 0.43 seconds
Notice: /Stage[main]/Nginx/Package[nginx]/ensure: created
Notice: /Stage[main]/Nginx::Web/File[/etc/nginx/nginx.conf]/content: content changed '{md5}f7984934bd6cab883e1f33d5129834bb' to '{md5}43af14050809e44e3af2515762545a50'
Notice: /Stage[main]/Nginx::Web/Service[nginx]/ensure: ensure changed 'stopped' to 'running'
Notice: Finished catalog run in 23.88 seconds'
[root@localhost modules]# service nginx status
nginx (pid  13084) 正在运行...
[root@localhost modules]# cat /etc/nginx/nginx.conf | grep worker_p
worker_processes  4;

不用import

[root@localhost modules]# vim nginx/manifests/init.pp
class nginx {
package {"nginx":
ensure => present,
}
}
[root@localhost modules]# vim nginx/manifests/nginx_web.pp
class nginx::web inherits nginx {
file {"/etc/nginx/nginx.conf":
ensure => file,
source => "puppet:///modules/nginx/nginx_web.conf",
notify => Service['nginx'],
require => Package['nginx'],
}
service {"nginx":
ensure => true,
}
}
[root@localhost modules]# mv nginx/manifests/nginx_web.pp nginx/manifests/web.pp
[root@localhost modules]# puppet apply --modulepath=/etc/puppet/modules/ -e "include nginx, nginx::web"
Notice: Compiled catalog for localhost in environment production in 0.45 seconds
Notice: /Stage[main]/Nginx/Package[nginx]/ensure: created
Notice: /Stage[main]/Nginx::Web/File[/etc/nginx/nginx.conf]/content: content changed '{md5}f7984934bd6cab883e1f33d5129834bb' to '{md5}43af14050809e44e3af2515762545a50'
Notice: /Stage[main]/Nginx::Web/Service[nginx]/ensure: ensure changed 'stopped' to 'running'
Notice: Finished catalog run in 11.70 seconds
[root@localhost modules]# service nginx status
nginx (pid  13584) 正在运行...
[root@localhost modules]# cat /etc/nginx/nginx.conf | grep worker_p
worker_processes  4;

puppet3版本不建议用import，在模块nginx下，init.pp只定义模块同名nginx类；在nginx模块下，定义的其他类的资源文件，类名要与文件名同名。

应用时，include nginx就是默认init.pp里的类，nginx::web就是查找manifests里的web资源文件的web类

7.节点

定义节点：也需要在清单文件中，文件后缀名为.pp;在master/agent，所有节点清单文件入口文件为site.pp
node ‘node_name’ {
节点专用变量
类声明
}

一类节点使用一个清单文件，所有清单文件都在site.pp中使用include包含进来

只要模块放在专用的类就可以直接查找

[root@localhost manifests]# vim /etc/puppet/modules/nginx/manifests/init.pp
class nginx {
package {"nginx":
ensure => present,
}
}
[root@localhost manifests]# vim /etc/puppet/modules/nginx/manifests/web.pp
class nginx::web inherits nginx {
file {"/etc/nginx/nginx.conf":
ensure => file,
source => "puppet:///modules/nginx/nginx_web.conf",
notify => Service['nginx'],
require => Package['nginx'],
}
service {"nginx":
ensure => true,
}
}
[root@localhost manifests]# pwd # 在装有puppet_server的节点上，会自动生成puppet/manifests
/etc/puppet/manifests
[root@localhost manifests]# hostname
localhost.localdomain
[root@localhost manifests]# vim site.pp
node 'localhost' {
include nginx::web
}
[root@localhost manifests]# puppet apply site.pp
Notice: Compiled catalog for localhost in environment production in 0.43 seconds
Notice: /Stage[main]/Nginx/Package[nginx]/ensure: created
Notice: /Stage[main]/Nginx::Web/File[/etc/nginx/nginx.conf]/content: content changed '{md5}f7984934bd6cab883e1f33d5129834bb' to '{md5}43af14050809e44e3af2515762545a50'
Notice: /Stage[main]/Nginx::Web/Service[nginx]/ensure: ensure changed 'stopped' to 'running'
Notice: Finished catalog run in 40.25 seconds
[root@localhost manifests]# service nginx status
nginx (pid  13968) 正在运行...
[root@localhost manifests]# cat /etc/nginx/nginx.conf | grep worker_p
worker_processes  4;
# 父类的资源在子类里是可见的，web类require包 会自动通知nginx资源应用

8.模板

<%= Ruby Expression %>：替换为表达式的值
使用@加变量名

<% ruby code %>:仅执行代码，不做任何替换，常用于条件判断或循环语句、设定变量以及在输出之前对数据进行处理

<%# commit %>:注释

<%%:输出<%
%%>:显示%>

调用模块变量：变量完全限定名称

迭代和条件判断
使用模板生成文件时，使用的文件属性为content

content => template ('module_name/template_file_name')

[root@localhost ~]# cd /etc/puppet/modules/nginx/
[root@localhost nginx]# rm -rf files/*
root@localhost nginx]# cp /etc/nginx/conf.d/default.conf files/nginx_web.conf
[root@localhost nginx]# cp /etc/nginx/conf.d/default.conf files/nginx_rproxy.conf
server_name  web_server;
[root@localhost nginx]# vim files/nginx_rproxy.conf
location / {
#root   /usr/share/nginx/html;
#index  index.html index.htm;
rproxy_pass http://172.0.0.1 }
[root@localhost nginx]# cp /etc/nginx/nginx.conf templates/
[root@localhost nginx]# vim templates/nginx.conf
worker_processes  <%= @processorcount %>;
# 替换变量一定要有值，这里是facter变量，值为1
[root@localhost nginx]# mv templates/nginx.conf templates/nginx.conf.erb
[root@localhost nginx]# vim manifests/init.pp
class nginx {
package {"nginx":
ensure => present,
}
file {"nginx.conf":
ensure => file,
content => template('nginx/nginx.conf.erb'),
path => '/etc/nginx/nginx.conf',
mode => '0644',
require => Package['nginx'],
}
}
# 替换是content，template在nginx模板下找template目录里模板文件，不用加template
[root@localhost nginx]# vim manifests/web.pp
class nginx::web inherits nginx {
file {"nginx_web.conf":
ensure => file,
source => "puppet:///modules/nginx/nginx_web.conf",
path => '/etc/nginx/conf.d/default.conf',
notify => Service['nginx'],
require => Package['nginx'],
mode => '0644',
}
service {"nginx":
ensure => true,
enable => true,
restart => '/etc/init.d/nginx reload',
subscribe => File['nginx.conf', 'nginx_web.conf'],
}
}
[root@localhost nginx]# vim manifests/rproxy.pp
class nginx::proxy inherits nginx {
file {"nginx_rproxy.conf":
ensure => file,
source => "puppet:///modules/nginx/nginx_proxy.conf",
path => '/etc/ngxin/conf.d/default.conf',
require => Package['nginx'],
mode => '0644',
notify => Service['nginx'],
}
service {"nginx":
ensure => true,
enable => true,
restart => '/etc/init.d/nginx reload',
subscribe => File['nginx.conf', 'nginx_rproxy.conf'],
}
}
[root@localhost nginx]# service nginx status
nginx (pid  14598) 正在运行...
[root@localhost nginx]# cat /etc/nginx/nginx.conf | grep worker_p
worker_processes  1;
[root@localhost nginx]# cat /etc/nginx/conf.d/default.conf | grep server_name
server_name  web_server;

内容来自用户分享和网络整理，不保证内容的准确性，如有侵权内容，可联系管理员处理

标签：

相关文章推荐

新的分享

章节导航