puppet基础学习(一)
一、 Installation(模块安装)
模块安装地址:
开源版
puppet agent --configprint modulepath
/etc/puppet/environments/production/modules:/etc/puppet/environments/common:/etc/puppet/modules:/usr/share/puppet/modules
企业版
/etc/puppetlabs/puppet/modules/
模块下载地址:
https://forge.puppetlabs.com/puppetlabs?utf-8=✓&supported=yes
安装模块命令:
puppet module install puppetlabs-apache
卸载模块命令:
puppet module uninstall puppetlabs-apache
fact 一条节点的信息,例如操作系统、主机名、ip等
facter命令:获得ip地址:
facter ipaddress
配置立即生效:节点执行命令
puppet agent --test
agent守护进程在用puppet管理的节点上的后台运行,agent守护进程默认每30分钟从puppetmaster获得一个目录,然后应用获得的目录
查看版本信息
puppet -V # That's a capital 'V'
二、Resource(资源)
描述一个资源的puppet编码块称为资源声明,用puppet的自己DSL语言编写(DSL:特定域语言DomainSpecific Language),最后的逗号严格来说不是必须的,但为了一致性最好包含。
查看特定资源的工具:
puppet describe
puppet resource
<span style="font-size: 14px;">例如:查看user资源类型,puppet describe user</span><br style="font-size: 14px;" /><span style="font-size: 14px;">例如:查看user root的资源属性,puppet resource user root</span>
最经常接触的资源
• user:A user了解更多资源参考 http://docs.puppetlabs.com/references/latest/type.html
• group: A user group
• file: A specific file
• package: A software package
• service: A running service
• cron: A scheduled cron job
• exec: An external command
• host: A host entry
资源案例分析user
user { 'root': # user是资源类型,’root’是资源标题,必须是唯一的,同一个class中不能有同样的资源和标题
ensure => 'present',
comment => 'root',
gid => '0',
home => '/root',
password => '$1$jrm5tnjw$h8JJ9mCZLmJvIxvDLjw1M/',
password_max_age => '99999',
password_min_age => '0',
shell => '/bin/bash',
uid => '0',
}
资源案例分析file
[root@learn /etc/puppetlabs/puppet/modules]# puppet resource file /home/byte/tools
file { '/home/byte/tools':
ensure => 'absent',#不存在
}
[root@learn /etc/puppetlabs/puppet/modules]# puppet resource file /home/byte
file { '/home/byte':#以下输出了文件信息,目录也是文件的一种
ensure => 'directory',
ctime => '2014-06-30 15:38:06 +0000',
group => '501',
mode => '700',
mtime => '2014-06-30 15:38:06 +0000',
owner => '501',
type => 'directory',
}
创建目录后,再次执行puppet命令就有该文件信息
[root@learn /etc/puppetlabs/puppet/modules]# mkdir /home/byte/tools
[root@learn /etc/puppetlabs/puppet/modules]# puppet resource file /home/byte/tools
file { '/home/byte/tools':
ensure => 'directory',
ctime => '2014-06-30 15:47:39 +0000',
group => '0',
mode => '755',
mtime => '2014-06-30 15:47:39 +0000',
owner => '0',
type => 'directory',
}
Resource Abstraction Layer(RAL)
资源抽象层:通过DSL编写的描述资源状态的,可以抽象出来直接定义状态,而不必考虑底层实现的命令,是什么样的操作系统,适用什么样的命令,调用哪些文件,只需把精力花在定义资源的状态即可,providers供应程序可以根据操作系统来实现相应的资源状态。
puppet语言的核心是资源声明
三、 Manifests(清单)
puppet的语法检查器
puppet parser,如果没有指定manifest文件,则默认校验site.pp文件,没有语法错误的时候不会返回信息,否则将会显示第一个语法错误,不过这个不会检查属性跟值的错误,似乎只会检查符号这类。
例如:
[root@learn ~]# more byte.pp #注意格式,写完后用puppet parser validate命令检查
user { 'byte':
ensure => 'absent',
}
[root@learn ~]# puppet parser validate byte.pp
[root@learn ~]#
[root@learn ~]# more byte.pp
user { 'byte'':
ensure => 'absent',
}
[root@learn ~]# puppet parser validate byte.pp
Error: Could not parse for environment production: Syntax error at ':
ensure => '; expected '}' at /root/byte.pp:2
puppet的执行生效工具
puppet apply:应用并执行自己当前的manifest文件,并在清单文件夹下生成包含所有资源列表和对应状态的目录(catalog)。
puppet apply --noop xxx.pp模拟执行xxx.pp文件,并返回本该会被改变的信息,实际并没有改变。
puppet apply xxx.pp执行xxx.pp文件,并按xxx.pp中的内容,对应将指定的resource发生改变。
例如:
[root@learn ~]# puppet apply --noop byte.pp
Notice: Compiled catalog for learn.localdomain in environment production in 1.35 seconds
Notice: /Stage[main]/Main/User[byte]/ensure: current_value present, should be absent (noop)
Notice: Class[Main]: Would have triggered 'refresh' from 1 events
Notice: Stage[main]: Would have triggered 'refresh' from 1 events
Notice: Finished catalog run in 3.22 seconds
[root@learn ~]# puppet apply byte.pp
Notice: Compiled catalog for learn.localdomain in environment production in 1.25 seconds
Notice: /Stage[main]/Main/User[byte]/ensure: removed
Notice: Finished catalog run in 1.60 seconds
#上面已经移除了用户byte,当然,通过将ensure => 'absent',改成ensure => ' present',可以新建用户。
使用自定义pp文件步骤:
1. 打开或创建pp文件
2. 添加或修改puppet代码
3. 使用 puppet parser工具检查语法错误(建议)
4. 使用 puppet apply --noop模拟应用pp文件(建议)
5. 使用 puppet apply工具应用pp文件
6. 检查是否正确执行pp文件
四、 Variables(变量)
变量都带有前缀$,可以将变量作为资源属性的值或者资源标题,变量除了直接赋值外,也可以将表达式或者函数赋给变量。
例如:
$myvariable ="look,data!\n"
再例如:此例子可确保目录pangrams、文件fox.txt存在,内容为变量$pangram的值,即使文件及目录不存在
$pangram = 'The quick brown fox jumps over the lazy dog.'
file {'/root/pangrams':
ensure => directory,
}
file {'/root/pangrams/fox.txt':
ensure => file,
content => $pangram,
}
变量嵌入,嵌入的格式为${var_name},语法解析器(puppet parser)根据花括号来区分变量和字符串。
注意点:一串字符串用单引号括起来,但是含有变量嵌入的字符串需要用双引号括起来
例如:$pangram = 'Thequick brown fox jumps over the lazy dog.'
例如:"Variable interpolation is ${adjective}."
总结变量作用:变量替换和变量插入
例如:两种用法相结合
创建并维护文件/root/pangrams/perfect_pangrams/bortz.txt及内容
$perfect_pangram = 'Bortz waqf glyphs vex muck djin.'
$pgdir = '/root/pangrams'
file { $pgdir:
ensure => directory,
}
file { "${pgdir}/perfect_pangrams":
ensure => directory,
}
file { "${pgdir}/perfect_pangrams/bortz.txt":
ensure => file,
content => "A perfect pangram: \n${perfect_pangram}", ######其中,\n表示换行
}
执行结果参考如下:(用上述代码创建文件perfect_pangrams.pp)
[root@learn ~]# puppet parser validate perfect_pangrams.pp
[root@learn ~]# puppet apply --noop perfect_pangrams.pp
Notice: Compiled catalog for learn.localdomain in environment production in 0.49 seconds
Notice: /Stage[main]/Main/File[/root/pangrams/perfect_pangrams]/ensure: current_value absent, should be directory (noop)
Notice: /Stage[main]/Main/File[/root/pangrams/perfect_pangrams/bortz.txt]/ensure: current_value absent, should be file (noop)
Notice: Class[Main]: Would have triggered 'refresh' from 2 events
Notice: Stage[main]: Would have triggered 'refresh' from 1 events
Notice: Finished catalog run in 0.77 seconds
[root@learn ~]# puppet apply perfect_pangrams.pp
Notice: Compiled catalog for learn.localdomain in environment production in 0.17 seconds
Notice: /Stage[main]/Main/File[/root/pangrams/perfect_pangrams]/ensure: created
Notice: /Stage[main]/Main/File[/root/pangrams/perfect_pangrams/bortz.txt]/ensure: defined content as '{md5}4a263fbd94944ab2c67cb291cd1ea089'
Notice: Finished catalog run in 0.93 seconds
[root@learn ~]# more pangrams/perfect_pangrams/bortz.txt
A perfect pangram:
Bortz waqf glyphs vex muck djin.
[root@learn ~]#
内置变量(facter facts)
puppet有一堆内置,预设的变量可供使用(使用facter工具可查看)
用法1:$::ipaddress,作为独立变量时
用法2:${::ipaddress},用于嵌入字符串时
其中,::在上述表示区域,上述都表示全局下的ipaddress变量。
例如:使用资源notify,全局变量 ${::osfamily} 、${::uptime}
创建维护message.txt文件及内容
$string = "Hi, I'm a ${::osfamily} system and I have been up for ${::uptime}
seconds."
notify { 'info':
message => $string,
}
file { '/root/message.txt':
ensure => file,
content => $string,
}
执行结果参考如下:
[root@learn ~]# puppet describe notify
notify
======
Sends an arbitrary message to the agent run-time log.
Parameters
----------
- **message**
The message to be sent to the log.
- **name**
An arbitrary tag for your own reference; the name of the message.
- **withpath**
Whether to show the full object path. Defaults to false.
Valid values are `true`, `false`.
[root@learn ~]# puppet resource notify info #这个info是apply后的notice里面的提示,所以此命令报错。
Error: Could not run: notify has no providers and has not overridden 'instances'
[root@learn ~]# puppet parser validate facts.pp
[root@learn ~]# puppet apply --noop facts.pp
Notice: Compiled catalog for learn.localdomain in environment production in 0.40 seconds
Notice: /Stage[main]/Main/File[/root/message.txt]/ensure: current_value absent, should be file (noop)
Notice: /Stage[main]/Main/Notify[info]/message: current_value absent, should be Hi, I'm a RedHat system and I have been up for 1:47 hours
seconds. (noop)
Notice: Class[Main]: Would have triggered 'refresh' from 2 events
Notice: Stage[main]: Would have triggered 'refresh' from 1 events
Notice: Finished catalog run in 1.52 seconds
[root@learn ~]#
[root@learn ~]# puppet apply facts.pp
Notice: Compiled catalog for learn.localdomain in environment production in 0.17 seconds
Notice: /Stage[main]/Main/File[/root/message.txt]/ensure: defined content as '{md5}f44ac52be6f6b4d23f6df3bd41380072'
Notice: Hi, I'm a RedHat system and I have been up for 1:47 hours
seconds.
Notice: /Stage[main]/Main/Notify[info]/message: defined 'message' as 'Hi, I'm a RedHat system and I have been up for 1:47 hours
seconds.'
Notice: Finished catalog run in 1.61 seconds
[root@learn ~]# more message.txt
Hi, I'm a RedHat system and I have been up for 1:47 hours
seconds.
[root@learn ~]#
五、ConditionalStatements(条件语句)
if , unless , case ,selector
额外知识:代码中的warn()函数不会影响代码执行,但会在服务器上以warn级别产生一条信息,fail()类似。
其中,if与unless作用相反,unless只有一个条件并只有是false的时候才执行代码块,条件为真时,不执行当前代码块并离开和往下个代码块执行,if、unless在puppet中与在其他程序中用的方式一样。
if语句
vi conditionals.pp #创建pp文件,填入下面代码
if $::uptime_hours < 2 {
$myuptime = "Uptime is less than two hours.\n"
}
elsif $::uptime_hours < 5 {
$myuptime = "Uptime is less than five hours.\n"
}
else {
$myuptime = "Uptime is greater than four hours.\n"
}
file {'/root/conditionals.txt':
ensure => present,
content => $myuptime,
}
执行结果
[root@learn ~]# facter uptime_hours
2
[root@learn ~]# puppet parser validate conditionals.pp
[root@learn ~]# puppet apply --noop conditionals.pp
Notice: Compiled catalog for learn.localdomain in environment production in 0.16 seconds
Notice: /Stage[main]/Main/File[/root/conditionals.txt]/ensure: current_value absent, should be present (noop)
Notice: Class[Main]: Would have triggered 'refresh' from 1 events
Notice: Stage[main]: Would have triggered 'refresh' from 1 events
Notice: Finished catalog run in 0.39 seconds
[root@learn ~]# puppet apply conditionals.pp
Notice: Compiled catalog for learn.localdomain in environment production in 0.16 seconds
Notice: /Stage[main]/Main/File[/root/conditionals.txt]/ensure: created
Notice: Finished catalog run in 0.52 seconds
[root@learn ~]# more conditionals.txt
Uptime is less than five hours.
[root@learn ~]#
case 基本的比较用==符号(大小写不敏感时使用),在正则表达式中使用=~(大小写敏感时使用)
defaultcase放在case语句的最后,用于匹配前面case没有匹配到的,相当于if语句中的else,case的用法在puppet中也是与在其他程序中的用法一样。case语句
vi case.pp #创建pp文件,填入下面代码
case $::operatingsystem {
'CentOS': { $apache_pkg = 'httpd' }
'Redhat': { $apache_pkg = 'httpd' }
'Debian': { $apache_pkg = 'apache2' }
'Ubuntu': { $apache_pkg = 'apache2' }
default: { fail("Unrecognized operating system for webserver") }
}
file {'/root/case.txt':
ensure => present,
content => "Apache package name: ${apache_pkg}\n"
}
执行结果
[root@learn ~]# puppet parser validate case.pp
[root@learn ~]# puppet apply --noop case.pp
Notice: Compiled catalog for learn.localdomain in environment production in 0.53 seconds
Notice: /Stage[main]/Main/File[/root/case.txt]/ensure: current_value absent, should be present (noop)
Notice: Class[Main]: Would have triggered 'refresh' from 1 events
Notice: Stage[main]: Would have triggered 'refresh' from 1 events
Notice: Finished catalog run in 0.95 seconds
[root@learn ~]# puppet apply case.pp
Notice: Compiled catalog for learn.localdomain in environment production in 0.19 seconds
Notice: /Stage[main]/Main/File[/root/case.txt]/ensure: created
Notice: Finished catalog run in 0.61 seconds
[root@learn ~]# more case.txt
Apache package name: httpd<strong>
</strong>
上述的pp文件中,根据case得到的变量值$apache_pkg,也可以按下面这么用,这样可以根据不同的系统安装相应的包
package { $apache_pkg :
ensure => present,
}
selector语句
selector 与case有点类似,但与case直接执行一串代码得到值不同,selector是直接指定一个准确的值,不能执行函数,如fail()和warn()等,注意关键符号”?”。(selector有点类似decode()函数的用法)。例如:根据$::osfamily得到的结果指定值。
$rootgroup = $::osfamily ? {
'Solaris' => 'wheel',
'Darwin' => 'wheel',
'FreeBSD' => 'wheel',
'default' => 'root',
}
vi architecture.pp #创建pp文件,填入下面代码
file { '/root/architecture.txt' :
ensure => file,
content => $::architecture ? {
'i386' => "This machine has a 32-bit architecture.\n",
'x86_64' => "This machine has a 64-bit architecture.\n",
}
}
执行结果
[root@learn ~]# puppet parser validate architecture.pp
[root@learn ~]# puppet apply --noop architecture.pp
Notice: Compiled catalog for learn.localdomain in environment production in 0.16 seconds
Notice: /Stage[main]/Main/File[/root/architecture.txt]/ensure: current_value absent, should be file (noop)
Notice: Class[Main]: Would have triggered 'refresh' from 1 events
Notice: Stage[main]: Would have triggered 'refresh' from 1 events
Notice: Finished catalog run in 0.89 seconds
[root@learn ~]# puppet apply architecture.pp
Notice: Compiled catalog for learn.localdomain in environment production in 0.51 seconds
Notice: /Stage[main]/Main/File[/root/architecture.txt]/ensure: defined content as '{md5}980bc3112371901629aa46a1501da814'
Notice: Finished catalog run in 1.05 seconds
[root@learn ~]# more architecture.txt
This machine has a 32-bit architecture.
[root@learn ~]#