puppet学习与精通之 file资源详细介绍及案例分析

时间:2022-01-04 00:38:49

一、系统环境

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
1 、puppet服务端
Release:RHEL6. 4
HOSTNAME:
puppetserver.rsyslog.org
TCP/IP:  172.16 . 200.100 / 24
Packages: 
puppet-server- 2.7 . 21 - 1 .el6.noarch
mcollective-client- 2.2 . 4
activemq- 5.5 . 0
2 、puppet节点
Release:
RHEL5. 8
HOSTNAME:
agent1.rsyslog.org
TCP/IP:  172.16 . 200.101 / 24
Packages:
puppet- 2.7 . 21 - 1 .el5
mcollective- 2.2 . 4 - 1 .el5
3 、puppet节点
Release:
RHEL6. 4
HOSTNAME:
agent3.rsyslog.org
TCP/IP:  172.16 . 200.103 / 24
Packages:
puppet- 2.7 . 21 - 1 .el6
mcollective- 2.2 . 4 - 1 .el6


二、资源介绍
1、实现功能
1.1、支持文件和目录
1.2、设置文件及目录的所有者及权限
1.3、恢复文件(包括文件的内容、权限及所有者)
1.4、清理目录以及子目录

2、支持参数
2.1 ensure => {present|absent|directory|file|link}, 指定文件的目标状态
=> present, 检查文件是否存在,不存在则新建之
=> absent, 检查文件是否存在,存在则删除之
=> directory, 指定这是一个目录,不存在则创建

2.2 owner|user => root, 所属用户,也可以用UID

2.3 group => puppet, 所属用户组,也可以用GID

2.4 mode => 0644, 权限属性,四位八进制数

2.5 source => "puppet:///modules/ssh/etc/ssh/sshd_config" | soure => "/etc/passwd" 文件获取地址,以puppet:///开头为从master下载,正常路径则在agent本地读取 
备注:"puppet://"等价于主配置文件puppet.config中的modulepath值

2.6 path => "/etc/postfix/main.cf",  文件完整路径。默认与title相同可不写
eg.
file { "main.cf":
   path => "/etc/postfix/main.cf",

2.7 content => "hello",|content => template("postfix/main.cf.erb"),  文件的具体内容,亦可由erb模板生成,选择这个可不写资源source

2.8 backup => 'main',| backup => ".$backup_date.bak", 节点更新之前上一个版本备份方式;backup => 'main',需要结合资源filebucket实现

2.9 recurse => '{true|false|inf|remote}', 对目录是(true)否(false)递归(ensure => directory时有效) 

2.10 puppet依赖关系资源有三个,分别为require,before,after
require => Class["mysql::install"], | require => Package["setup"],  当前资源或者类被要求的资源或者类所依赖,需要被要求的资源或者类先执行成功后在执行自己的资源或者类

before  在某个资源之前执行
package { "openssh-server":
...
before => File["/etc/ssh/sshd_config"],
  }

after 在某个资源之后执行
file {"/etc/ssh/sshd_config":
...
   after => Package["openssh-server"],
  }

2.11 puppet触发更新有两个,分别为notify,subscribe,写的位置不同。
notify {"operatingsystem is $operatingsystem":  将输出内容记录到日志里面,可在调试的时候查看。
   withpath => true|false,  #是否打印全路径
}
notify => Class["mysql::service"], 当前类或者资源的文件被改动后通知服务重启。
subscribe => Class["ssh::config"], 该资源有更新时,通知另一个资源执行相应的动作。目前支持subscribe只有exec、service、mount

2.12 link软连接设置 /etc/file2 -> /etc/passwd
file{ "/etc/file2":
...
       ensure => link,
       target => "/etc/passwd",
}

2.13 purge => true  清理目录下面没有被资源被管理的文件都会被清除
force => true   和purge => true配合使用才能删除目录,mode => 0700保证具有删除权限
ignore => file|directory, 忽略某一个目录或者文件做任何操作


三、资源示例
1、示例一
1.1 实现功能
*要求从服务器指定路径下载motd文件
*要求文件权限为700,属组和属主都为puppet
*要求setup包在motd文件下载之前被安装
1.2 配置说明

1
2
3
4
5
6
7
8
9
10
11
class  motd::motd {
         package { setup:
                 ensure => present,
         }
         file{  "/etc/motd" :
                 owner =>  "puppet" ,
                 group =>  "puppet" ,
                 mode =>  0700 ,
                 source =>  "puppet://$puppetserver/modules/motd/etc/motd" ,
                 require => Package[ "setup" ],
         }

1.3 客户端agent1上测试

1
2
3
4
5
6
7
[root@agent1
~]# puppet agent --test
info:
Caching catalog  for  agent1.rsyslog.org
info:
Applying configuration version  '1378193573'
notice:
/File[/etc/motd]/ensure: defined content  as  '{md5}0acb622c16dbdecb670d8920d96bdd30'
notice:
Finished catalog run  in  0.41  seconds
[root@agent1
~]# ll /etc/motd
-rwx------  1  puppet puppet  82  Sep   3  15 : 33  /etc/motd

2、示例二
2.1 实现功能
*在节点上创建/etc/passwd的软连接为/etc/file2
2.2 配置说明

1
2
3
4
5
6
7
8
class  motd::file2 {
         file{  "/etc/file2" :
                 owner =>  "puppet" ,
                 group =>  "puppet" ,
                 ensure => link,
                 target =>  "/etc/passwd" ,
         }
}

2.3 客户端agent1上测试

1
2
3
4
5
6
7
[root@agent1
~]# puppet agent --test
info:
Caching catalog  for  agent1.rsyslog.org
info:
Applying configuration version  '1378194373'
notice:
/File[/etc/file2]/ensure: created
notice:
Finished catalog run  in  0.07  seconds
[root@agent1
~]# ll /etc/file2
lrwxrwxrwx  1  puppet puppet  11  Sep   3  15 : 46  /etc/file2 -> /etc/passwd

3、示例三
3.1 实现功能
*在节点上创建/etc/dir1目录
*要求目录下面除了dir2外的所有目录及文件的权限为0700,所有者为puppet
*要求每次更新将"This is dir1!"写入日志里面
3.2 配置说明

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
class  motd::dir1 {
         file{  "/etc/dir1" :
                 owner =>  "puppet" ,
                 group =>  "puppet" ,
                 mode =>  0700 ,
                 ensure => directory,
                 recurse =>  true ,
                 purge =>  true ,
                 force =>  true ,
                 ignore =>  "dir2" ,
         }
         notify {  "This is dir1!" :
#      
withpath =>  true ,
         }
}

3.3 客户端agent1上测试

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
[root@agent1
~]# puppet agent --test
info:
Caching catalog  for  agent1.rsyslog.org
info:
Applying configuration version  '1378195554'
notice:
This  is  dir1!
notice:
/Stage[main]/Motd::Dir1/Notify[This  is  dir1!]/message: defined  'message'  as  'This is dir1!'
notice:
/File[/etc/dir1/dir3]/owner: owner changed  'root'  to  'puppet'
notice:
/File[/etc/dir1/dir3]/group: group changed  'root'  to  'puppet'
notice:
/File[/etc/dir1/dir3]/mode: mode changed  '0755'  to  '0700'
notice:
/File[/etc/dir1/dir3]/seluser: seluser changed  'root'  to  'system_u'
notice:
/File[/etc/dir1/dir3/file3]/owner: owner changed  'root'  to  'puppet'
notice:
/File[/etc/dir1/dir3/file3]/group: group changed  'root'  to  'puppet'
notice:
/File[/etc/dir1/dir3/file3]/mode: mode changed  '0644'  to  '0700'
notice:
/File[/etc/dir1/dir3/file3]/seluser: seluser changed  'root'  to  'system_u'
notice:
Finished catalog run  in  0.11  seconds
[root@agent1
~]#
[root@agent1
~]#
[root@agent1
~]# ll /etc/dir1/
total  16
drwxrwxrwx  2  puppet puppet  4096  Sep   3  16 : 00  dir2
drwx------  2  puppet puppet  4096  Sep   3  16 : 06  dir3

4、示例四
4.1 实现功能
*在节点上创建/etc/dir2目录,权限为0700,所有者为puppet
*要求目录下面只允许有dir1目录,并且dir1目录及下一级目录或文件权限属性保持原有不变
4.2 配置说明

1
2
3
4
5
6
7
8
9
10
11
12
class  motd::dir2 {
         file{  "/etc/dir2" :
                 owner =>  "puppet" ,
                 group =>  "puppet" ,
                 mode =>  0700 ,
                 ensure => directory,
                 recurse =>  true ,
                 purge =>  true ,
                 force =>  true ,
                 ignore =>  "dir1" ,
         }
}

4.3 客户端agent1上测试

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
[root@agent1
~]# puppet agent --test
info:
Retrieving plugin
info:
Loading facts  in  / var /lib/puppet/lib/facter/my_apply2.rb
info:
Loading facts  in  / var /lib/puppet/lib/facter/my_apply1.rb
info:
Loading facts  in  / var /lib/puppet/lib/facter/my_apply3.rb
info:
Loading facts  in  / var /lib/puppet/lib/facter/backup_date.rb
info:
Caching catalog  for  agent1.rsyslog.org
info:
Applying configuration version  '1378195951'
notice:
/File[/etc/dir2]/ensure: created
notice:
Finished catalog run  in  0.05  seconds
[root@agent1
~]# mkdir /etc/dir2/dir1
[root@agent1
~]# mkdir /etc/dir2/dir2
[root@agent1
~]# touch /etc/dir2/dir1/file1
[root@agent1
~]# touch /etc/dir2/dir2/file2
[root@agent1
~]# puppet agent --test
info:
Retrieving plugin
info:
Loading facts  in  / var /lib/puppet/lib/facter/my_apply2.rb
info:
Loading facts  in  / var /lib/puppet/lib/facter/my_apply1.rb
info:
Loading facts  in  / var /lib/puppet/lib/facter/my_apply3.rb
info:
Loading facts  in  / var /lib/puppet/lib/facter/backup_date.rb
info:
Caching catalog  for  agent1.rsyslog.org
info:
Applying configuration version  '1378195951'
info:
/File[/etc/dir2/dir2]: Recursively backing up to filebucket
info:
FileBucket adding {md5}d41d8cd98f00b204e9800998ecf8427e
info:
/File[/etc/dir2/dir2]: Filebucketed /etc/dir2/dir2/file2 to puppet  with  sum d41d8cd98f00b204e9800998ecf8427e
notice:
/File[/etc/dir2/dir2]/ensure: removed
notice:
Finished catalog run  in  0.09  seconds
[root@agent1
~]# ll /etc/dir2/
total  8
drwxr-xr-x  2  root root  4096  Sep   3  16 : 13  dir1
[root@agent1
~]#

标签:

相关文章