前文我們瞭解了部分puppet的資源的使用,以及資源和資源的依賴關係的定義,回顧請參考https://www.cnblogs.com/qiuhom-1874/p/14071459.html;今天我們繼續puppet常用資源的使用相關話題;
1、file:該資源型別主要用來管理被控端主機上的檔案;該資源作用相當於ansible中的copy和file兩個模組的功能;它可以實現檔案的新建,刪除,複製等功能;
主要屬性
ensure:用於描述檔案的型別和目標狀態的,常用的檔案型別有3中,第一種是普通檔案(file),其內容由content屬性生成或複製由source屬性指向的檔案路徑來建立;第二種是目錄(directory),可通過source指向的路徑複製生成,recurse屬性指明是否遞迴複製;第三種是符合連結檔案(link),必須由target屬性指明其連結的目標檔案;取值有present/absent,file,directory,link;
path:檔案路徑(namevar)
source:原始檔;
content:檔案內容;
target:符號連結的目標檔案;
owner:屬主;
group:屬組;
mode:許可權;
ctime/mtime:時間戳;
示例:指定內容建立新檔案
[root@node12 ~]# cat file.pp
file{"/tmp/test.txt":
ensure => file,
content => "this is test file",
mode => 0644,
owner => 'jerry',
group => 'root'
}
[root@node12 ~]#
提示:以上資源清單定義了在/tmp目錄下新建一個test.txt的檔案,其檔案內容是“this is test file”,屬主是jerry,屬組是root,許可權是0644;
檢查資源清單語法
[root@node12 ~]# puppet apply -v --noop file.pp Notice: Compiled catalog for node12.test.org in environment production in 0.05 seconds Info: Applying configuration version '1606886216' Notice: /Stage[main]/Main/File[/tmp/test.txt]/ensure: current_value absent, should be file (noop) Notice: Class[Main]: Would have triggered 'refresh' from 1 events Notice: Stage[main]: Would have triggered 'refresh' from 1 events Notice: Finished catalog run in 0.03 seconds [root@node12 ~]#
應用資源清單
[root@node12 ~]# ll /tmp
total 0
srwx------ 1 mongod mongod 0 Dec 2 13:04 mongodb-27017.sock
drwx------ 3 root root 17 Dec 2 13:04 systemd-private-d48e3508588440ff9b36efa29faed224-chronyd.service-V7fHnq
[root@node12 ~]# puppet apply -v file.pp
Notice: Compiled catalog for node12.test.org in environment production in 0.05 seconds
Info: Applying configuration version '1606886384'
Notice: /Stage[main]/Main/File[/tmp/test.txt]/ensure: defined content as '{md5}973131af48aa1d25bf187dacaa5ca7c0'
Notice: Finished catalog run in 0.03 seconds
[root@node12 ~]#
驗證:檢視/tmp/目錄下是否生成了test.txt檔案,內容和屬主,屬組和許可權是否是我們指定的內容呢?
[root@node12 ~]# ll /tmp total 4 srwx------ 1 mongod mongod 0 Dec 2 13:04 mongodb-27017.sock drwx------ 3 root root 17 Dec 2 13:04 systemd-private-d48e3508588440ff9b36efa29faed224-chronyd.service-V7fHnq -rw-r--r-- 1 jerry root 17 Dec 2 13:19 test.txt [root@node12 ~]# cat /tmp/test.txt this is test file[root@node12 ~]#
提示:可以看到在/tmp目錄下生成了test.txt檔案,其屬主是jerry,屬組是root,許可權是644,內容是“this is test file”,完全是我們指定的屬性;
示例:複製一個檔案生成另一個檔案
[root@node12 ~]# cat copyfile.pp
file{"/tmp/test1":
ensure => file,
source => '/etc/issue',
owner => 'jerry',
group => 'jerry',
mode => 400,
}
[root@node12 ~]#
驗證:應用資源清單,看看對應/tmp/目錄下是否會生成test1檔案?檔案屬主屬組和許可權資訊是否是我們指定的屬性資訊呢?
[root@node12 ~]# ll /tmp
total 4
srwx------ 1 mongod mongod 0 Dec 2 13:04 mongodb-27017.sock
drwx------ 3 root root 17 Dec 2 13:04 systemd-private-d48e3508588440ff9b36efa29faed224-chronyd.service-V7fHnq
-rw-r--r-- 1 jerry root 17 Dec 2 13:19 test.txt
[root@node12 ~]# puppet apply -v --noop copyfile.pp
Notice: Compiled catalog for node12.test.org in environment production in 0.06 seconds
Info: Applying configuration version '1606886863'
Notice: /Stage[main]/Main/File[/tmp/test1]/ensure: current_value absent, should be file (noop)
Notice: Class[Main]: Would have triggered 'refresh' from 1 events
Notice: Stage[main]: Would have triggered 'refresh' from 1 events
Notice: Finished catalog run in 0.04 seconds
[root@node12 ~]# puppet apply -v copyfile.pp
Notice: Compiled catalog for node12.test.org in environment production in 0.05 seconds
Info: Applying configuration version '1606886868'
Notice: /Stage[main]/Main/File[/tmp/test1]/ensure: defined content as '{md5}f078fe086dfc22f64b5dca2e1b95de2c'
Notice: Finished catalog run in 0.04 seconds
[root@node12 ~]# ll /tmp
total 8
srwx------ 1 mongod mongod 0 Dec 2 13:04 mongodb-27017.sock
drwx------ 3 root root 17 Dec 2 13:04 systemd-private-d48e3508588440ff9b36efa29faed224-chronyd.service-V7fHnq
-r-------- 1 jerry jerry 23 Dec 2 13:27 test1
-rw-r--r-- 1 jerry root 17 Dec 2 13:19 test.txt
[root@node12 ~]# cat /tmp/test1
\S
Kernel \r on an \m
[root@node12 ~]#
提示:可以看到對應目錄下生成了我們指定的檔案,其內容是我們指定的source屬性所對應的檔案內容;屬主/組和許可權都是我們指定的屬性;
示例:建立空目錄
[root@node12 ~]# cat directory.pp
file{"/tmp/test":
ensure => directory,
owner => 'jerry',
group => 'jerry',
mode => 755,
}
[root@node12 ~]#
應用資源清單並驗證對應目錄是否建立?
[root@node12 ~]# ll /tmp/ total 8 srwx------ 1 mongod mongod 0 Dec 2 13:04 mongodb-27017.sock drwx------ 3 root root 17 Dec 2 13:04 systemd-private-d48e3508588440ff9b36efa29faed224-chronyd.service-V7fHnq -r-------- 1 jerry jerry 23 Dec 2 13:27 test1 -rw-r--r-- 1 jerry root 17 Dec 2 13:19 test.txt [root@node12 ~]# puppet apply -v --noop directory.pp Notice: Compiled catalog for node12.test.org in environment production in 0.05 seconds Info: Applying configuration version '1606887273' Notice: /Stage[main]/Main/File[/tmp/test]/ensure: current_value absent, should be directory (noop) Notice: Class[Main]: Would have triggered 'refresh' from 1 events Notice: Stage[main]: Would have triggered 'refresh' from 1 events Notice: Finished catalog run in 0.03 seconds [root@node12 ~]# puppet apply -v directory.pp Notice: Compiled catalog for node12.test.org in environment production in 0.05 seconds Info: Applying configuration version '1606887279' Notice: /Stage[main]/Main/File[/tmp/test]/ensure: created Notice: Finished catalog run in 0.03 seconds [root@node12 ~]# ll /tmp total 8 srwx------ 1 mongod mongod 0 Dec 2 13:04 mongodb-27017.sock drwx------ 3 root root 17 Dec 2 13:04 systemd-private-d48e3508588440ff9b36efa29faed224-chronyd.service-V7fHnq drwxr-xr-x 2 jerry jerry 6 Dec 2 13:34 test -r-------- 1 jerry jerry 23 Dec 2 13:27 test1 -rw-r--r-- 1 jerry root 17 Dec 2 13:19 test.txt [root@node12 ~]#
示例:複製目錄
[root@node12 ~]# cat copydirectory.pp
file{"copy directory":
ensure => directory,
path => '/tmp/test.repos.d',
source => '/etc/yum.repos.d/'
}
[root@node12 ~]#
應用資源清單並且驗證對應目錄是否生成?
[root@node12 ~]# puppet apply -v copydirectory.pp Notice: Compiled catalog for node12.test.org in environment production in 0.05 seconds Info: Applying configuration version '1606887595' Notice: /Stage[main]/Main/File[copy directory]/ensure: created Notice: Finished catalog run in 0.04 seconds [root@node12 ~]# ll /tmp total 8 srwx------ 1 mongod mongod 0 Dec 2 13:04 mongodb-27017.sock drwx------ 3 root root 17 Dec 2 13:04 systemd-private-d48e3508588440ff9b36efa29faed224-chronyd.service-V7fHnq drwxr-xr-x 2 jerry jerry 6 Dec 2 13:34 test -r-------- 1 jerry jerry 23 Dec 2 13:27 test1 drwxr-xr-x 2 root root 6 Dec 2 13:39 test.repos.d -rw-r--r-- 1 jerry root 17 Dec 2 13:19 test.txt [root@node12 ~]# ll /tmp/test.repos.d/ total 0 [root@node12 ~]#
提示:這裡只是複製了一個空目錄過來,對應目錄下沒有任何檔案,如果需要遞迴複製,需要加上recurse屬性為true;
遞迴複製目錄
[root@node12 ~]# cat copydirectory.pp
file{"copy directory":
ensure => directory,
path => '/tmp/test.repos.d',
source => '/etc/yum.repos.d/',
recurse => true
}
[root@node12 ~]# puppet apply -v copydirectory.pp
Notice: Compiled catalog for node12.test.org in environment production in 0.05 seconds
Info: Applying configuration version '1606887954'
Notice: /Stage[main]/Main/File[/tmp/test.repos.d/centos7-aliyun-epel.repo]/ensure: defined content as '{md5}ad7e2bf9550cde4f863d5157d9dea4cb'
Notice: /Stage[main]/Main/File[/tmp/test.repos.d/bak]/ensure: created
Notice: /Stage[main]/Main/File[/tmp/test.repos.d/bak/CentOS-Base.repo]/ensure: defined content as '{md5}9098fc723b1e00c92e8515f06980d83e'
Notice: /Stage[main]/Main/File[/tmp/test.repos.d/bak/CentOS-Debuginfo.repo]/ensure: defined content as '{md5}e9e506425094f43b5c8f053090dbf4d4'
Notice: /Stage[main]/Main/File[/tmp/test.repos.d/bak/CentOS-Vault.repo]/ensure: defined content as '{md5}9fdd3d91192aa05427c3a9684eeb1345'
Notice: /Stage[main]/Main/File[/tmp/test.repos.d/bak/CentOS-CR.repo]/ensure: defined content as '{md5}445ed4f0ee3888384e854fb8527a7cde'
Notice: /Stage[main]/Main/File[/tmp/test.repos.d/bak/CentOS-Sources.repo]/ensure: defined content as '{md5}04d662bb1648477bf50e658a20c10145'
Notice: /Stage[main]/Main/File[/tmp/test.repos.d/CentOS-Base.repo]/ensure: defined content as '{md5}4861d3b742e8e8c05b67e3abf7904f17'
Notice: /Stage[main]/Main/File[/tmp/test.repos.d/mongodb.repo]/ensure: defined content as '{md5}fbe938506cda5002d9b8068e6bb4a355'
Notice: /Stage[main]/Main/File[/tmp/test.repos.d/bak/CentOS-Media.repo]/ensure: defined content as '{md5}1d7797c5082bd565facd68c5aa9352bf'
Notice: /Stage[main]/Main/File[/tmp/test.repos.d/bak/CentOS-fasttrack.repo]/ensure: defined content as '{md5}52d296f7a45f56c85d18473eca5bab16'
Notice: Finished catalog run in 0.12 seconds
[root@node12 ~]# ll /tmp/test.repos.d/
total 12
drwxr-xr-x 2 root root 187 Dec 2 13:45 bak
-rw-r--r-- 1 root root 665 Dec 2 13:45 centos7-aliyun-epel.repo
-rw-r--r-- 1 root root 2524 Dec 2 13:45 CentOS-Base.repo
-rw-r--r-- 1 root root 206 Dec 2 13:45 mongodb.repo
[root@node12 ~]# ll /tmp/test.repos.d/bak/
total 28
-rw-r--r-- 1 root root 1664 Dec 2 13:45 CentOS-Base.repo
-rw-r--r-- 1 root root 1309 Dec 2 13:45 CentOS-CR.repo
-rw-r--r-- 1 root root 649 Dec 2 13:45 CentOS-Debuginfo.repo
-rw-r--r-- 1 root root 314 Dec 2 13:45 CentOS-fasttrack.repo
-rw-r--r-- 1 root root 630 Dec 2 13:45 CentOS-Media.repo
-rw-r--r-- 1 root root 1331 Dec 2 13:45 CentOS-Sources.repo
-rw-r--r-- 1 root root 3830 Dec 2 13:45 CentOS-Vault.repo
[root@node12 ~]#
提示:可以看到在資源清單中加上recurse屬性為true後,再次執行資源清單,對應源目錄下的所有檔案,子目錄及檔案都遞迴的複製到path所指定的目錄下了;這裡需要注意一點,如果源是檔案,目標是目錄,則複製過去的是一個檔案並非是把檔案複製到目錄下;所以puppet中的檔案複製是同型別檔案間的複製;
建立符號連結檔案
[root@node12 ~]# cat createlink.pp
file{"create link file":
ensure => link,
path => '/tmp/passwd',
target => '/etc/passwd',
}
[root@node12 ~]#
提示:以上資源清單定義了把/tmp/passwd檔案連線至/etc/passwd,即在建立/tmp/passwd符號連線檔案,並將其目標連結檔案指向/etc/passwd檔案;
應用清單檔案,看看對應符號連結檔案是否生成?
[root@node12 ~]# ll /tmp total 8 srwx------ 1 mongod mongod 0 Dec 2 13:04 mongodb-27017.sock drwx------ 3 root root 17 Dec 2 13:04 systemd-private-d48e3508588440ff9b36efa29faed224-chronyd.service-V7fHnq drwxr-xr-x 2 jerry jerry 6 Dec 2 13:34 test -r-------- 1 jerry jerry 23 Dec 2 13:27 test1 drwxr-xr-x 3 root root 93 Dec 2 13:45 test.repos.d -rw-r--r-- 1 jerry root 17 Dec 2 13:19 test.txt [root@node12 ~]# puppet apply -v --noop createlink.pp Notice: Compiled catalog for node12.test.org in environment production in 0.05 seconds Info: Applying configuration version '1606888721' Notice: /Stage[main]/Main/File[create link file]/ensure: current_value absent, should be link (noop) Notice: Class[Main]: Would have triggered 'refresh' from 1 events Notice: Stage[main]: Would have triggered 'refresh' from 1 events Notice: Finished catalog run in 0.03 seconds [root@node12 ~]# puppet apply -v createlink.pp Notice: Compiled catalog for node12.test.org in environment production in 0.06 seconds Info: Applying configuration version '1606888731' Notice: /Stage[main]/Main/File[create link file]/ensure: created Notice: Finished catalog run in 0.04 seconds [root@node12 ~]# ll /tmp total 8 srwx------ 1 mongod mongod 0 Dec 2 13:04 mongodb-27017.sock lrwxrwxrwx 1 root root 11 Dec 2 13:58 passwd -> /etc/passwd drwx------ 3 root root 17 Dec 2 13:04 systemd-private-d48e3508588440ff9b36efa29faed224-chronyd.service-V7fHnq drwxr-xr-x 2 jerry jerry 6 Dec 2 13:34 test -r-------- 1 jerry jerry 23 Dec 2 13:27 test1 drwxr-xr-x 3 root root 93 Dec 2 13:45 test.repos.d -rw-r--r-- 1 jerry root 17 Dec 2 13:19 test.txt [root@node12 ~]#
提示:可以看到/tmp目錄下生成了一個passwd的符號連結檔案,並目標連結檔案指向的是/etc/passwd檔案;
定義資源與資源間的通知或訂閱關係
我們知道一個服務的配置檔案發生了變化,如果要讓其配置生效,通常會重新啟動服務或重新載入配置檔案內容;在ansible中當一個服務的配置檔案發生變化,是通過定義handler和notify來觸發對應的服務執行重啟或過載配置操作;在puppet中當一個服務的配置檔案發生變化觸發對應服務重啟或重新載入配置,需要定義資源與資源間的通知或訂閱關係;其語法如下
notify:前資源通知後資源
{
...
notify => Type['B'],
...
}
subscribe:後資源訂閱前資源
{
...
subscribe => Type['B'],
...
}
提示:以上兩種方式選擇其中一種即可;這裡需要注意的是引用資源其型別首字母必須大寫;同時定義資源與資源通知或訂閱關係,其隱含了資源執行的先後順序(依賴關係);
示例:定義安裝redis,提供配置檔案,和啟動服務,並且當配置檔案發生變化通知redis服務重啟;
[root@node12 ~]# cat redis.pp
package{"redis":
ensure => installed,
}
file{"/etc/redis.conf":
ensure => file,
source => '/root/redis.conf',
notify => Service["redis"],
}
service{"redis":
ensure => running,
enable => true,
hasrestart => true,
restart => 'systemctl restart redis',
}
[root@node12 ~]#
提示:以上資源清單中定義了3個資源,並且指定了當配置檔案發生變化就通知redis服務重啟;
上述清單在file資源中通知service資源,我們也可以在service中訂閱file資源;如下
[root@node12 ~]# cat redis.pp
package{"redis":
ensure => installed,
}
file{"/etc/redis.conf":
ensure => file,
source => '/root/redis.conf',
# notify => Service["redis"],
}
service{"redis":
ensure => running,
enable => true,
hasrestart => true,
restart => 'systemctl restart redis',
subscribe => File["/etc/redis.conf"],
}
[root@node12 ~]#
除了上述方式,我們也可以定義通知/訂閱資源鏈
[root@node12 ~]# cat redis.pp
package{"redis":
ensure => installed,
}
file{"/etc/redis.conf":
ensure => file,
source => '/root/redis.conf',
# notify => Service["redis"],
}
service{"redis":
ensure => running,
enable => true,
hasrestart => true,
restart => 'systemctl restart redis',
# subscribe => File["/etc/redis.conf"],
}
Package["redis"] -> File["/etc/redis.conf"] ~> Service["redis"]
[root@node12 ~]#
提示:定義通知/訂閱資源鏈,需要用到~>來表示前資源發生變化通知後資源;
本地redis.conf內容
[root@node12 ~]# cat redis.conf bind 0.0.0.0 protected-mode yes port 6379 tcp-backlog 511 timeout 0 tcp-keepalive 300 daemonize no supervised no pidfile /var/run/redis_6379.pid loglevel notice logfile /var/log/redis/redis.log databases 16 save 900 1 save 300 10 save 60 10000 stop-writes-on-bgsave-error yes rdbcompression yes rdbchecksum yes dbfilename dump.rdb dir /var/lib/redis slave-serve-stale-data yes slave-read-only yes repl-diskless-sync no repl-diskless-sync-delay 5 repl-disable-tcp-nodelay no slave-priority 100 appendonly no appendfilename "appendonly.aof" appendfsync everysec no-appendfsync-on-rewrite no auto-aof-rewrite-percentage 100 auto-aof-rewrite-min-size 64mb aof-load-truncated yes lua-time-limit 5000 slowlog-log-slower-than 10000 slowlog-max-len 128 latency-monitor-threshold 0 notify-keyspace-events "" hash-max-ziplist-entries 512 hash-max-ziplist-value 64 list-max-ziplist-size -2 list-compress-depth 0 set-max-intset-entries 512 zset-max-ziplist-entries 128 zset-max-ziplist-value 64 hll-sparse-max-bytes 3000 activerehashing yes client-output-buffer-limit normal 0 0 0 client-output-buffer-limit slave 256mb 64mb 60 client-output-buffer-limit pubsub 32mb 8mb 60 hz 10 aof-rewrite-incremental-fsync yes [root@node12 ~]#
提示:以上內容是預設redis配置,我們只修改了其監聽地址為0.0.0.0;
應用資源清單
[root@node12 ~]# rpm -q redis
package redis is not installed
[root@node12 ~]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 *:27017 *:*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
[root@node12 ~]# puppet apply -v --noop redis.pp
Notice: Compiled catalog for node12.test.org in environment production in 0.29 seconds
Warning: The package type's allow_virtual parameter will be changing its default value from false to true in a future release. If you do not want to allow virtual packages, please explicitly set allow_virtual to false.
(at /usr/share/ruby/vendor_ruby/puppet/type.rb:816:in `set_default')
Info: Applying configuration version '1606891263'
Notice: /Stage[main]/Main/Package[redis]/ensure: current_value absent, should be present (noop)
Notice: /Stage[main]/Main/File[/etc/redis.conf]/ensure: current_value absent, should be file (noop)
Info: /Stage[main]/Main/File[/etc/redis.conf]: Scheduling refresh of Service[redis]
Notice: /Stage[main]/Main/Service[redis]/ensure: current_value stopped, should be running (noop)
Info: /Stage[main]/Main/Service[redis]: Unscheduling refresh on Service[redis]
Notice: Class[Main]: Would have triggered 'refresh' from 3 events
Notice: Stage[main]: Would have triggered 'refresh' from 1 events
Notice: Finished catalog run in 0.12 seconds
[root@node12 ~]# puppet apply -v redis.pp
Notice: Compiled catalog for node12.test.org in environment production in 0.30 seconds
Warning: The package type's allow_virtual parameter will be changing its default value from false to true in a future release. If you do not want to allow virtual packages, please explicitly set allow_virtual to false.
(at /usr/share/ruby/vendor_ruby/puppet/type.rb:816:in `set_default')
Info: Applying configuration version '1606891271'
Notice: /Stage[main]/Main/Package[redis]/ensure: created
Info: /Stage[main]/Main/File[/etc/redis.conf]: Filebucketed /etc/redis.conf to puppet with sum d98629fded012cd2a25b9db0599a9251
Notice: /Stage[main]/Main/File[/etc/redis.conf]/content: content changed '{md5}d98629fded012cd2a25b9db0599a9251' to '{md5}12e59b058c0ef61ad52bcfa2d4de58ff'
Notice: /Stage[main]/Main/File[/etc/redis.conf]/owner: owner changed 'redis' to 'root'
Notice: /Stage[main]/Main/File[/etc/redis.conf]/mode: mode changed '0640' to '0644'
Info: /Stage[main]/Main/File[/etc/redis.conf]: Scheduling refresh of Service[redis]
Info: /Stage[main]/Main/File[/etc/redis.conf]: Scheduling refresh of Service[redis]
Info: /Stage[main]/Main/File[/etc/redis.conf]: Scheduling refresh of Service[redis]
Notice: /Stage[main]/Main/Service[redis]/ensure: ensure changed 'stopped' to 'running'
Info: /Stage[main]/Main/Service[redis]: Unscheduling refresh on Service[redis]
Notice: Finished catalog run in 4.81 seconds
[root@node12 ~]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:6379 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 *:27017 *:*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
[root@node12 ~]# grep -Ei "^bind|port" /etc/redis.conf
bind 0.0.0.0
port 6379
[root@node12 ~]#
提示:可以看到應用資源清單後,安裝redis包,提供配置,啟動服務就一併完成了;
修改配置檔案再次執行資源清單,看看對應服務是否會發生重啟,應用新配置呢?
[root@node12 ~]# grep -Ei "^bind|port" /root/redis.conf bind 0.0.0.0 port 16379 [root@node12 ~]#
提示:以上把/root/目錄下的redis.conf檔案中的prot修改成16379;
執行資源清單
[root@node12 ~]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:6379 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 *:27017 *:*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
[root@node12 ~]# puppet apply -v redis.pp
Notice: Compiled catalog for node12.test.org in environment production in 0.30 seconds
Warning: The package type's allow_virtual parameter will be changing its default value from false to true in a future release. If you do not want to allow virtual packages, please explicitly set allow_virtual to false.
(at /usr/share/ruby/vendor_ruby/puppet/type.rb:816:in `set_default')
Info: Applying configuration version '1606891609'
Info: /Stage[main]/Main/File[/etc/redis.conf]: Filebucketed /etc/redis.conf to puppet with sum 12e59b058c0ef61ad52bcfa2d4de58ff
Notice: /Stage[main]/Main/File[/etc/redis.conf]/content: content changed '{md5}12e59b058c0ef61ad52bcfa2d4de58ff' to '{md5}13a04cb20de2d787e0e18c1c13560cab'
Info: /Stage[main]/Main/File[/etc/redis.conf]: Scheduling refresh of Service[redis]
Notice: /Stage[main]/Main/Service[redis]: Triggered 'refresh' from 1 events
Notice: Finished catalog run in 0.26 seconds
[root@node12 ~]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 *:16379 *:*
LISTEN 0 128 *:27017 *:*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
[root@node12 ~]#
提示:可以看到再次執行資源清單,對應服務也應用了新的配置,說明redis服務發生了重啟;我們定義的資源間通知或訂閱關係生效了;
2、exec:該資源型別主要用於描述在被控端執行命令;
主要屬性
command:要執行的命令(namevar);
creates:檔案路徑,僅此路徑表示的檔案不存在時,command方才執行;
user/group:執行命令的使用者身份;
cwd:切換工作目錄;
path:命令搜尋路徑,即在那些路徑下可以搜尋到對應命令,類似PATH環境變數;
onlyif:此屬性指定一個命令,此命令正常(退出碼為0)執行時,當前command才會執行;
unless:此屬性指定一個命令,此命令非正常(退出碼為非0)執行時,當前command才會執行;
refresh:重新執行當前command的替代命令;
refreshonly:僅接收到訂閱的資源的通知時方才執行;
示例:使用mkdir命令在被控端主機上建立目錄,條件是當指定的目錄不存在時才建立;
[root@node12 ~]# cat exec.pp
exec{"create directory":
command => 'mkdir /tmp/tom',
path => '/bin:/sbin:/usr/bin:/usr/sbin',
unless => 'test -d /tmp/tom',
}
[root@node12 ~]#
提示:以上清單表示如果被控端的/tmp/tom不存在時,則在被控端執行mkdir /tmp/tom,執行mkdir這個命令的搜尋路徑為/bin:/sbin:/usr/bin:/usr/sbin;
應用清單,看看對應目錄是否會被建立?
[root@node12 ~]# ll /tmp/ total 8 srwx------ 1 mongod mongod 0 Dec 2 18:59 mongodb-27017.sock lrwxrwxrwx 1 root root 11 Dec 2 13:58 passwd -> /etc/passwd drwx------ 3 root root 17 Dec 2 18:59 systemd-private-62bd808f926f45528710005f2104130c-chronyd.service-wtp0Tm drwxr-xr-x 2 jerry jerry 6 Dec 2 13:34 test -r-------- 1 jerry jerry 23 Dec 2 13:27 test1 drwxr-xr-x 3 root root 93 Dec 2 13:45 test.repos.d -rw-r--r-- 1 jerry root 17 Dec 2 13:19 test.txt [root@node12 ~]# puppet apply -v --noop exec.pp Notice: Compiled catalog for node12.test.org in environment production in 0.07 seconds Info: Applying configuration version '1606907819' Notice: /Stage[main]/Main/Exec[create directory]/returns: current_value notrun, should be 0 (noop) Notice: Class[Main]: Would have triggered 'refresh' from 1 events Notice: Stage[main]: Would have triggered 'refresh' from 1 events Notice: Finished catalog run in 0.04 seconds [root@node12 ~]# puppet apply -v exec.pp Notice: Compiled catalog for node12.test.org in environment production in 0.02 seconds Info: Applying configuration version '1606907836' Notice: /Stage[main]/Main/Exec[create directory]/returns: executed successfully Notice: Finished catalog run in 0.03 seconds [root@node12 ~]# ll /tmp/ total 8 srwx------ 1 mongod mongod 0 Dec 2 18:59 mongodb-27017.sock lrwxrwxrwx 1 root root 11 Dec 2 13:58 passwd -> /etc/passwd drwx------ 3 root root 17 Dec 2 18:59 systemd-private-62bd808f926f45528710005f2104130c-chronyd.service-wtp0Tm drwxr-xr-x 2 jerry jerry 6 Dec 2 13:34 test -r-------- 1 jerry jerry 23 Dec 2 13:27 test1 drwxr-xr-x 3 root root 93 Dec 2 13:45 test.repos.d -rw-r--r-- 1 jerry root 17 Dec 2 13:19 test.txt drwxr-xr-x 2 root root 6 Dec 2 19:17 tom [root@node12 ~]#
提示:以上是/tmp/tom目錄不存在就建立,現在已經建立好了,再次執行命令按道理是要報錯說目錄已存在;
驗證:再次執行清單,看看是否會報錯?
[root@node12 ~]# ll /tmp/ total 8 srwx------ 1 mongod mongod 0 Dec 2 18:59 mongodb-27017.sock lrwxrwxrwx 1 root root 11 Dec 2 13:58 passwd -> /etc/passwd drwx------ 3 root root 17 Dec 2 18:59 systemd-private-62bd808f926f45528710005f2104130c-chronyd.service-wtp0Tm drwxr-xr-x 2 jerry jerry 6 Dec 2 13:34 test -r-------- 1 jerry jerry 23 Dec 2 13:27 test1 drwxr-xr-x 3 root root 93 Dec 2 13:45 test.repos.d -rw-r--r-- 1 jerry root 17 Dec 2 13:19 test.txt drwxr-xr-x 2 root root 6 Dec 2 19:17 tom [root@node12 ~]# puppet apply -v exec.pp Notice: Compiled catalog for node12.test.org in environment production in 0.02 seconds Info: Applying configuration version '1606907999' Notice: Finished catalog run in 0.02 seconds [root@node12 ~]#
提示:可以看到再次執行並沒有報錯,這是因為我們加了unless這個屬性去判斷是否滿足執行命令的條件;只有滿足執行命令的條件後,對應命令才可被執行;為了保證多次執行資源清單的冪等性,在執行某些不冪等的命令一定要加上條件;
示例:當redis配置檔案發生改變以後,就重啟redis
[root@node12 ~]# cat exec2.pp
exec{"systemctl restart redis":
path => '/bin:/sbin:/usr/bin:/usr/sbin',
refreshonly => true,
}
file{"/etc/redis.conf":
ensure => file,
source => '/root/redis.conf',
}
File["/etc/redis.conf"] ~> Exec["systemctl restart redis"]
[root@node12 ~]#
提示:以上清單內容表示當/etc/redis.conf檔案內容發生變化,就通知執行重啟redis服務命令;
當前redis配置檔案監聽埠
[root@node12 ~]# ss -tnl State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 *:22 *:* LISTEN 0 100 127.0.0.1:25 *:* LISTEN 0 128 *:16379 *:* LISTEN 0 128 *:27017 *:* LISTEN 0 128 :::22 :::* LISTEN 0 100 ::1:25 :::* [root@node12 ~]# grep -Ei "^bind|port" /etc/redis.conf bind 0.0.0.0 port 16379 [root@node12 ~]#
修改/root/redis.conf檔案中的埠資訊為6379
[root@node12 ~]# grep -Ei "^bind|port" /root/redis.conf bind 0.0.0.0 port 6379 [root@node12 ~]#
執行清單,看看對應redis是否會監聽在6379這個埠上?
[root@node12 ~]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 *:16379 *:*
LISTEN 0 128 *:27017 *:*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
[root@node12 ~]# puppet apply -v --noop exec2.pp
Notice: Compiled catalog for node12.test.org in environment production in 0.07 seconds
Info: Applying configuration version '1606909853'
Notice: /Stage[main]/Main/File[/etc/redis.conf]/content: current_value {md5}13a04cb20de2d787e0e18c1c13560cab, should be {md5}12e59b058c0ef61ad52bcfa2d4de58ff (noop)
Info: /Stage[main]/Main/File[/etc/redis.conf]: Scheduling refresh of Exec[systemctl restart redis]
Notice: /Stage[main]/Main/Exec[systemctl restart redis]: Would have triggered 'refresh' from 1 events
Notice: Class[Main]: Would have triggered 'refresh' from 2 events
Notice: Stage[main]: Would have triggered 'refresh' from 1 events
Notice: Finished catalog run in 0.02 seconds
[root@node12 ~]# puppet apply -v exec2.pp
Notice: Compiled catalog for node12.test.org in environment production in 0.07 seconds
Info: Applying configuration version '1606909859'
Info: FileBucket got a duplicate file {md5}13a04cb20de2d787e0e18c1c13560cab
Info: /Stage[main]/Main/File[/etc/redis.conf]: Filebucketed /etc/redis.conf to puppet with sum 13a04cb20de2d787e0e18c1c13560cab
Notice: /Stage[main]/Main/File[/etc/redis.conf]/content: content changed '{md5}13a04cb20de2d787e0e18c1c13560cab' to '{md5}12e59b058c0ef61ad52bcfa2d4de58ff'
Info: /Stage[main]/Main/File[/etc/redis.conf]: Scheduling refresh of Exec[systemctl restart redis]
Notice: /Stage[main]/Main/Exec[systemctl restart redis]: Triggered 'refresh' from 1 events
Notice: Finished catalog run in 0.11 seconds
[root@node12 ~]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:6379 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 *:27017 *:*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
[root@node12 ~]#
提示:可以看到redis服務已經監聽在6379這個埠了;說明重啟redis服務命令執行成功;
示例:建立檔案,條件是隻有對應父目錄存在,則新建檔案;
[root@node12 ~]# cat exec3.pp
exec{"create file":
command => 'touch /tmp/jerry.sh',
path => '/bin:/sbin:/usr/bin:/usr/sbin',
onlyif => 'test -d /tmp'
}
[root@node12 ~]#
執行清單並驗證
[root@node12 ~]# ll /tmp/ total 8 srwx------ 1 mongod mongod 0 Dec 2 18:59 mongodb-27017.sock lrwxrwxrwx 1 root root 11 Dec 2 13:58 passwd -> /etc/passwd drwx------ 3 root root 17 Dec 2 18:59 systemd-private-62bd808f926f45528710005f2104130c-chronyd.service-wtp0Tm drwxr-xr-x 2 jerry jerry 6 Dec 2 13:34 test -r-------- 1 jerry jerry 23 Dec 2 13:27 test1 drwxr-xr-x 3 root root 93 Dec 2 13:45 test.repos.d -rw-r--r-- 1 jerry root 17 Dec 2 13:19 test.txt drwxr-xr-x 2 root root 6 Dec 2 19:17 tom [root@node12 ~]# puppet apply -v --noop exec3.pp Notice: Compiled catalog for node12.test.org in environment production in 0.02 seconds Info: Applying configuration version '1606910431' Notice: /Stage[main]/Main/Exec[create file]/returns: current_value notrun, should be 0 (noop) Notice: Class[Main]: Would have triggered 'refresh' from 1 events Notice: Stage[main]: Would have triggered 'refresh' from 1 events Notice: Finished catalog run in 0.02 seconds [root@node12 ~]# puppet apply -v exec3.pp Notice: Compiled catalog for node12.test.org in environment production in 0.02 seconds Info: Applying configuration version '1606910443' Notice: /Stage[main]/Main/Exec[create file]/returns: executed successfully Notice: Finished catalog run in 0.03 seconds [root@node12 ~]# ll /tmp total 8 -rw-r--r-- 1 root root 0 Dec 2 20:00 jerry.sh srwx------ 1 mongod mongod 0 Dec 2 18:59 mongodb-27017.sock lrwxrwxrwx 1 root root 11 Dec 2 13:58 passwd -> /etc/passwd drwx------ 3 root root 17 Dec 2 18:59 systemd-private-62bd808f926f45528710005f2104130c-chronyd.service-wtp0Tm drwxr-xr-x 2 jerry jerry 6 Dec 2 13:34 test -r-------- 1 jerry jerry 23 Dec 2 13:27 test1 drwxr-xr-x 3 root root 93 Dec 2 13:45 test.repos.d -rw-r--r-- 1 jerry root 17 Dec 2 13:19 test.txt drwxr-xr-x 2 root root 6 Dec 2 19:17 tom [root@node12 ~]#
提示:可以看到jerry.sh檔案建立成功了;
3、cron:該型別資源主要用於在被管控端管理週期計劃任務
主要屬性
command:要執行的任務;
ensure:描述是目標狀態,取值present/absent;
hour:定義小時時間;
minute:定義分鐘時間;
monthday:定義月份的某一天時間;
month:定義月份
weekday:定義周時間;
user:以哪個使用者的身份執行命令;
target:新增為哪個使用者的任務;
name:cron job的名稱;
示例:建立時間同步週期計劃任務
[root@node12 ~]# cat cron.pp
cron{"timesync":
command => '/usr/sbin/ntpdate 192.168.0.99 &> /dev/null',
ensure => present,
minute => '*/5',
user => 'root'
}
[root@node12 ~]#
執行清單,看看是否生成周期計劃任務?
[root@node12 ~]# crontab -l no crontab for root [root@node12 ~]# puppet apply -v --noop cron.pp Notice: Compiled catalog for node12.test.org in environment production in 0.02 seconds Info: Applying configuration version '1606913457' Notice: /Stage[main]/Main/Cron[timesync]/ensure: current_value absent, should be present (noop) Notice: Class[Main]: Would have triggered 'refresh' from 1 events Notice: Stage[main]: Would have triggered 'refresh' from 1 events Notice: Finished catalog run in 0.02 seconds [root@node12 ~]# puppet apply -v cron.pp Notice: Compiled catalog for node12.test.org in environment production in 0.02 seconds Info: Applying configuration version '1606913462' Notice: /Stage[main]/Main/Cron[timesync]/ensure: created Notice: Finished catalog run in 0.02 seconds [root@node12 ~]# crontab -l # HEADER: This file was autogenerated at 2020-12-02 20:51:02 +0800 by puppet. # HEADER: While it can still be managed manually, it is definitely not recommended. # HEADER: Note particularly that the comments starting with 'Puppet Name' should # HEADER: not be deleted, as doing so could cause duplicate cron jobs. # Puppet Name: timesync */5 * * * * /usr/sbin/ntpdate 192.168.0.99 &> /dev/null [root@node12 ~]#
提示:可以看到週期計劃任務已經建立;
4、notify:該型別資源主要用來向agent執行日誌傳送訊息,如果是單機模型,則輸出到螢幕,如果是master/agent模型則記錄到日誌中;
主要屬性
message:資訊內容;
name:資訊名稱;
示例
[root@node12 ~]# cat notify.pp
notify{"say hello ":
message => "hello everyone .."
}
[root@node12 ~]# puppet apply -v notify.pp
Notice: Compiled catalog for node12.test.org in environment production in 0.01 seconds
Info: Applying configuration version '1606914189'
Notice: hello everyone ..
Notice: /Stage[main]/Main/Notify[say hello ]/message: defined 'message' as 'hello everyone ..'
Notice: Finished catalog run in 0.03 seconds
[root@node12 ~]#
ok,以上是puppet中4中核心資源的使用和相關演示,以及資源與資源間的通知/訂閱關係的定義;