一.运维层次分类
OS Provision:
bare metal:pxe, cobblervirutal machine:image file templateConfiguration:ansible(agentless)puppet(master/agent)(ruby)saltstack(python)Command and Control:ansible(playbook)fabric(fab)func
…
二. puppet简介:
单机模型:手动应用清单;
程序环境:
配置文件:/etc/puppet/
puppet.conf
主程序:/usr/bin/puppet
master/agent:由agent周期性地向Master请求清单并自动应用于本地(默认为30分钟);
安装: #默认仓库中已经包含,直接Yum安装即可
puppet命令包:
puppet
master:
puppet-server
#server端需要依赖puppet此rpm包
agent:
puppet
facter (用于收集本地信息)
工作架构:
master/agent通信示意图:
master与agent端使用https协议通信,并基于RPC,使用xml格式语言进行数据交换
同时,master自身集成了CA证书签发模块,可以签发来自agent端的证书,
资源部署流程:
master需要为每个client使用puppet语言定义资源,并且支持资源在client上的部署测试,
默认情况下,client每30分钟会自动向master端发送自身状态信息,master检测client的状态
是否与事先定义的期望状态一致,若不一致,则会强制使其资源状态与期望的保持一致
其他简介:
puppet 的三层模型
configuration language :配置语言层
#提供给用户,用户定义资源,编辑资源清单
transactional layer : 事务层
resource abstraction layer: 资源层
#puppet将各种服务抽象成为资源,并自行解决在不同
系统版本间的操作
资源清单执行流程:
资源清单manifest首先经过编译,成为伪代码catalog, master 将此catalog 发送到
对应的client ,并应用,应用时,首先会检查资源的状态信息,看是否与期望的状态保持
一致,若不一致,则强制执行,使状态与期望的状态保持一致
三. puppet 命令简介:
puppet命令使用格式:
Usage: puppet <subcommand> [options] <action> [options]
help Display Puppet help.
apply Apply Puppet manifests locally
describe Display help about resource types
agent The puppet agent daemon
master The puppet master daemon
module Creates, installs and searches for modules on the Puppet Forge
……
‘puppet help <subcommand>’ for help on a specific subcommand.
‘puppet help <subcommand> <action>’ for help on a specific subcommand action.
puppet apply:
#apply 通常用于本地执行一个资源清单
#在master节点宕机以后,puppet原有资源清单丢失时,可以使用apply导入备份的原数据
# 以恢复工作
Applies a standalone Puppet manifest to the local system.
puppet apply [-d|–debug] [-v|–verbose] [-e|–execute] [–noop] <file>
常用选项:
–debug : 显示调试信息
–verbose : 显示详细的过程信息
–noop : 调试模式,测试但不实际执行
四 . puppet 资源
4.1 puppet资源简介:
资源抽象的纬度(RAL如何抽象资源的?):
类型:具有类似属性的组件,例如package、service、file;
将资源的属性或状态与其实现方式分离;
仅描述资源的目标状态,也即期望其实现的结果状态,而不是具体过程;
RAL由“类型”和提供者(provider);
4.2 puppet describe:
Prints help about Puppet resource types, providers, and metaparameters.
puppet describe [-h|–help] [-s|–short] [-p|–providers] [-l|–list] [-m|–meta] [type]
-l:列出所有资源类型;
-s:显示指定类型的简要帮助信息;
-m:显示指定类型的元参数,一般与-s一同使用;
[root@node74 ~]# puppet describe -lThese are the types known to puppet:augeas - Apply a change or an array of changes to the ...computer - Computer object management using DirectorySer ...cron - Installs and manages cron jobsexec - Executes external commandsfile - Manages files, including their content, owner ...filebucket - A repository for storing and retrieving file ...group - Manage groupshost - Installs and manages host entriesinterface - This represents a router or switch interfacek5login - Manage the `.k5login` file for a usermacauthorization - Manage the Mac OS X authorization databasemailalias - .. no documentation ..maillist - Manage email listsmcx - MCX object management using DirectoryService ...mount - Manages mounted filesystems, including puttin ...nagios_command - The Nagios type commandnagios_contact - The Nagios type contactnagios_contactgroup - The Nagios type contactgroupnagios_host - The Nagios type hostnagios_hostdependency - The Nagios type hostdependencynagios_hostescalation - The Nagios type hostescalationnagios_hostextinfo - The Nagios type hostextinfonagios_hostgroup - The Nagios type hostgroupnagios_service - The Nagios type servicenagios_servicedependency - The Nagios type servicedependencynagios_serviceescalation - The Nagios type serviceescalationnagios_serviceextinfo - The Nagios type serviceextinfonagios_servicegroup - The Nagios type servicegroupnagios_timeperiod - The Nagios type timeperiodnotify - .. no documentation ..package - Manage packagesresources - This is a metatype that can manage other reso ...router - .. no documentation ..schedule - Define schedules for Puppetscheduled_task - Installs and manages Windows Scheduled Tasksselboolean - Manages SELinux booleans on systems with SELi ...selmodule - Manages loading and unloading of SELinux poli ...service - Manage running servicesssh_authorized_key - Manages SSH authorized keyssshkey - Installs and manages ssh host keysstage - A resource type for creating new run stagestidy - Remove unwanted files based on specific crite ...user - Manage usersvlan - .. no documentation ..whit - Whits are internal artifacts of Puppet's curr ...yumrepo - The client-side description of a yum reposito ...zfs - Manage zfszone - Manages Solaris zoneszpool - Manage zpools
使用帮助:
#可以查看指定资源类型的定义详细定义方式
puppet describe source_name :
eg: puppet describe group:
4.3 资源定义与引用
4.3.1 资源定义
#详细内容可以使用puppet describe source_name查看
资源定义:向资源类型的属性赋值来实现,可称为资源类型实例化;
定义了资源实例的文件即清单,manifest;
定义资源的语法:
type{‘title’:
attribute1 => value1,
atrribute2 => value2,
……
}
注意:type必须使用小写字符;title是一个字符串,在同一类型中必须惟一;
eg:
service{‘httpd’:
ensure => running,
}
4.3.2 资源引用
资源引用方法:
资源引用:Type[‘title’]类型的首字母必须大写;
4.3.3 资源特殊属性
资源有特殊属性:1. 名称变量(namevar):name可省略,此时将由title表示;eg:package{‘httpd’:ensure => installed,}2. ensure:定义资源的目标状态;3. 元参数:metaparameters依赖关系:before#定义资源在指定资源前执行require#定义资源在指定资源之后执行eg:service{‘nginx’:ensure => running,}package{‘nginx’:ensure => install,before => Service[‘nginx’],}或 省略before => Service[‘nginx’],直接在service与package之外定义:Package[‘nginx’] -> Service[‘nginx’]通知关系:通知相关的其它资源进行“刷新”操作;notify#一旦此操作执行则通知另一个资源执行刷新subscribe#一旦指定资源执行,本资源则执行刷新eg:
service{‘httpd’:ensure => running,enable => true,restart => ‘systemctl restart httpd.service’,# subscribe => File[‘httpd.conf’],}package{‘httpd’:ensure => installed,}file{‘httpd.conf’:path => ‘/etc/httpd/conf/httpd.conf’,source => ‘/root/manifests/httpd.conf’,ensure => file,notify => Service[‘httpd’],}
4.4. 资源类型
4.4.1 group
group:
Manage groups.
#创建组
属性:
name:组名;
gid:GID;
system: true|false|yes|no
#是否为系统组;
ensure:present/absent;
#目标状态(创建或者删除)
members:成员用户;
4.4.2 user
user:
Manage users.
#添加与删除用户
属性:
name:用户名;
uid: UID;
gid:基于组ID;
groups:附加组,不能包含基本组;
comment:注释;
expiry:过期时间 ;
home:家目录;
shell:默认shell类型;
system:是否为系统用户 ;
ensure:present/absent;
password:加密后的密码串;
4.4.3 package
package:
Manage packages.
#安装或者卸载指定程序
属性:
ensure:installed | present | latest | absent
name:包名;
source => /path to rpm_file
#安装指定路径下的rpm包
#仅对不会自动下载相关程序包的provider有用,例如rpm或dpkg;
providers : 指定源,一般可以不用定义,puppet会自动根据系统来选择
eg:
package {‘nginx’:
ensure => installd,
name => ‘nginx’,
providers => ‘yum’,
}
4.4.4 service
service:
Manage running services.
属性:
ensure:running | stopped
Whether a service should be running. Valid values are `stopped` (also called `false`),
`running` (also called `true`).
#定义是否运行服务
enable: true | false
Whether a service should be enabled to start at boot. Valid values are `true`, `false`,
`manual`.
#定义是否开启自启动
name: #服务名称
path:The search path for finding init scripts. Multiple values should be separated by colons
or provided as an array.
#服务脚本的搜索路径,默认为/etc/init.d/;
hasrestart:若脚本支持restart ,则此项为true, 不然则为false
hasstatus:若没有脚本,则此项设置为false
restart:Specify a *restart* command manually. If left unspecified, the service will be stopped
and then started.
#当服务脚本不支持restart时,定义此项,实现先stop.再start
# 通常用于定义reload操作;
eg:
restart => ‘/usr/sbin/nginx -t && /usr/sbin/nginx -s reload’,
start : 定义服务使用指定脚本来启动
eg : start => ‘/usr/sbin/nginx’
4.4.5 file
file:
Manages files, including their content, ownership, and permissions.
#定义一个文件类型,并添加或者删除
属性:
ensure:Whether the file should exist, and if so what kind of file it should be.
Possible values are `present`, `absent`, `file`, `directory`, and `link`.
file:类型为普通文件,其内容由content属性生成或复制由source属性指向的文件路径来创建;
link:类型为符号链接文件,必须由target属性指明其链接的目标文件;
directory:类型为目录,可通过source指向的路径复制生成,recurse属性指明是否递归复制;
path:要创建的文件存放路径;
source:复制生成时使用的源文件;
content:直接使用此定义的内容生成文件;
target:符号链接的目标文件;
owner:属主
group:属组
mode:权限;
atime/ctime/mtime:时间戳;
示例1:
file{‘test.txt’:
path => ‘/tmp/test.txt’,
ensure => file,
source => ‘/etc/fstab’,
#复制‘/etc/fstab’到指定主机的/tmp/下命名为test.txt
}
file{‘test.symlink’:
path => ‘/tmp/test.symlink’,
ensure => link,
target => ‘/tmp/test.txt’,
require => File[‘test.txt’],
#在 File[‘test.txt’]执行之后,以/tmp/test.txt为源文件生成软链接/tmp/test.symlink
}
file{‘test.dir’:
path => ‘/tmp/test.dir’,
ensure => directory,
source => ‘/etc/yum.repos.d/’,
recurse => true,
}
示例2:
service{‘httpd’:
ensure => running,
enable => true,
restart => ‘systemctl restart httpd.service’,
# subscribe => File[‘httpd.conf’],
}
package{‘httpd’:
ensure => installed,
}
file{‘httpd.conf’:
path => ‘/etc/httpd/conf/httpd.conf’,
source => ‘/root/manifests/httpd.conf’,
ensure => file,
notify => Service[‘httpd’],
}
Package[‘httpd’] -> File[‘httpd.conf’] -> Service[‘httpd’]
4.4.6 exec
exec:
Executes external commands. Any command in an `exec` resource#定义在指定条件下时,才执行相关的命令**must** be able to run multiple times without causing harm — that is, it must be *idempotent*command (*namevar*):要运行的命令;cwd:The directory from which to run the command.creates:文件路径,仅此路径表示的文件不存在时,command方才执行;user/group:运行命令的用户身份;path:The search path used for command execution. Commands must be fully qualified if no path is specified.onlyif:此属性指定一个命令,此命令正常(退出码为0)运行时,当前command才会运行;unless:此属性指定一个命令,此命令非正常(退出码为非0)运行时,当前command才会运行;(与onlyif 相反)refresh:重新执行当前command的替代命令;refreshonly:仅接收到订阅的资源的通知时方才运行;
eg:
exec{‘mkdir’:
command => ‘mkidr /tmp/hello.dir’,
path => ‘/bin:/sbin:/usr/bin’,
creates => ‘/tmp/hello.dir’
#unless => ‘test -d /tmp/hello.dir’
当creates检测到/tmp/hello.dir不存在时,执行command— ‘mkidr /tmp/hello.dir’,
path 为环境变量PATH,供mkdir使用
unless与creates类似,二者用一个即可
4.4.7 cron
cron:
Installs and manages cron jobs. Every cron resource created by Puppet requires a command
and at least one periodic attribute (hour, minute, month, monthday, weekday, or special).
command:要执行的任务;
ensure:present/absent;
hour:指定小时单位
minute: 指定分钟单位
monthday: 工作日
month: 月
weekday:周末
user:添加在哪个用户之上;
name:cron job的名称;
示例:
cron{‘timesync’:
command => ‘/usr/sbin/ntpdate 10.1.0.1 &> /dev/null’,
ensure => present,
minute => ‘*/3’,
user => ‘root’,
}
4.4.8 notify
notify:
Sends an arbitrary message to the agent run-time log.
#发送一条信息记录到日志中
属性:
message:信息内容
name:信息名称;
#puppet 还有几十种资源,详情自行查阅资源
4.5 资源清单创建示例
在任意目录下创建manifest目录,并在manifest中创建以”.pp”结尾的资源清单
eg:
mkdir /puppet/manifest
vim /puppet/manifest/group.pp:
group {‘nginx’:
name => nginx,
ensure => present,
gid => 1000,
system => no,
}
本地执行:
puppet apply –verbose /puppet/manifest/group.pp
五. puppet variable (变量 )
$variable_name=value
示例:
5.1 数据类型:
字符型:引号可有可无;但单引号为强引用,双引号为弱引用;
数值型:默认均识别为字符串,仅在数值上下文才以数值对待;
数组:[ ]中以逗号分隔元素列表;
布尔型值:true, false;
hash:{}中以逗号分隔k/v数据列表; 键为字符型,值为任意puppet支持的类型;
{ ‘mon’ => ‘Monday’, ‘tue’ => ‘Tuesday’, };
undef:从未被声明的变量的值类型即为undef;也可手动为某变量赋予undef值,
即直接使用不加引号的undef字符串 ;
5.2 正则表达式
正则表达式:
(?<ENABLED OPTION>:<PATTERN>)
(?-<DISABLED OPTION>:<PATTERN>)
OPTIONS:
i:忽略字符大小写;
#直接使用i 表示忽略,而 -i 则表示不忽略
m:把” . “当换行符;
x:忽略<PATTERN>中的空白字符
常用组合: i-mx 忽略大小写
注意: 不能赋值给变量 ,仅能用在接受=~或!~操作符的位置;
5.3 puppet的变量类型
5.3.1 facts
facts:一个信息收集工具
#puppet-agent将自身主机信息收集并规范后,保存于一系列变量中,
#然后发送给puppet-server端,
由facter提供;top scope;
查询facter: #用于查询本机收集到的全部信息(变量)
#这些变量可以用于后续模板中使用
facter -p
5.3.2 内建变量
内建变量:
master端变量
agent端变量
parser变量
用户自定义变量:
5.3.3 变量作用域
变量有作用域,称为Scope;
全局|顶级作用域 top scope: $::var_name
节点作用域 node scope
类作用域 class scope
操作符:
5.4 puppet 流程控制语句
流程控制涉及的操作符:
5.4.1 if 语句
if语句:
if CONDITION {
…
} else {
…
}
CONDITION的给定方式:
(1) 变量
(2) 比较表达式
(3) 有返回值的函数
示例:
if $osfamily =~ /(?i-mx:debian)/ {
$webserver = ‘apache2’
} else {
$webserver = ‘httpd’
}
package{“$webserver”:
ensure => installed,
before => [ File[‘httpd.conf’], Service[‘httpd’] ],
}
file{‘httpd.conf’:
path => ‘/etc/httpd/conf/httpd.conf’,
source => ‘/root/manifests/httpd.conf’,
ensure => file,
}
service{‘httpd’:
ensure => running,
enable => true,
restart => ‘systemctl restart httpd.service’,
subscribe => File[‘httpd.conf’],
}
if $operatingsystem =~ /(?i-mx:(centos|redhat|fedora))/ {
$pkgname=’httpd’
} elsif $operatingsystem =~/(?i-mx:(debian|ubuntu))/ {
$pkgname=’apache2′
} else {
$pagname=’httpd’
}
5.4.2 case 语句
case语句:
case CONTROL_EXPRESSION {
case1: { … }
case2: { … }
case3: { … }
…
default: { … }
}
CONTROL_EXPRESSION:
(1) 变量
(2) 表达式
(3) 有返回值的函数
各case的给定方式:
(1) 直接字串;
(2) 变量
(3) 有返回值的函数
(4) 正则表达式模式;
(5) default #定义默认选项
case $osfamily {
“RedHat”: { $webserver=’httpd’ }
/(?i-mx:debian)/: { $webserver=’apache2′ }
default: { $webserver=’httpd’ }
}
package{“$webserver”:
ensure => installed,
before => [ File[‘httpd.conf’], Service[‘httpd’] ],
}
file{‘httpd.conf’:
path => ‘/etc/httpd/conf/httpd.conf’,
source => ‘/root/manifests/httpd.conf’,
ensure => file,
}
service{‘httpd’:
ensure => running,
enable => true,
restart => ‘systemctl restart httpd.service’,
subscribe => File[‘httpd.conf’],
}
5.4.3 selector 语句
selector语句:
#当变量符合case中的其中一个时,直接返回指定值
CONTROL_VARIABLE ? {
case1 => value1,
case2 => value2,
…
default => valueN,
}
CONTROL_VARIABLE的给定方法:
(1) 变量
(2) 有返回值的函数
各case的给定方式:
(1) 直接字串;
(2) 变量
(3) 有返回值的函数
(4) 正则表达式模式;
(5) default
注意:不能使用列表格式;但可以是其它的selecor;
示例1:
$pkgname = $operatingsystem ? {
/(?i-mx:(ubuntu|debian))/ => ‘apache2’,
/(?i-mx:(redhat|fedora|centos))/ => ‘httpd’,
default => ‘httpd’,
}
package{“$pkgname”:
ensure => installed,
}
示例2:
$webserver = $osfamily ? {
“Redhat” => ‘httpd’,
/(?i-mx:debian)/ => ‘apache2’,
default => ‘httpd’,
}
package{“$webserver”:
ensure => installed,
before => [ File[‘httpd.conf’], Service[‘httpd’] ],
}
file{‘httpd.conf’:
path => ‘/etc/httpd/conf/httpd.conf’,
source => ‘/root/manifests/httpd.conf’,
ensure => file,
}
service{‘httpd’:
ensure => running,
enable => true,
restart => ‘systemctl restart httpd.service’,
subscribe => File[‘httpd.conf’],
}
六.puppet 类(class)
6.1 puppet的类简介:
类:puppet中命名的代码模块,常用于定义一组通用目标的资源,可在puppet全局调用;
类可以被继承,也可以包含子类;
#将多个资源的相关代码统一起来作为一个类,以供一次性集体调用
6.2 语法格式:
普通的类定义:
class NAME {…puppet code…}
附带变量赋值的类定义:
class NAME(parameter1, parameter2) {…puppet code…}
eg:
class web(#webserver=’httpd’) {
package{“$webserver”‘:
ensure => installed,
}
}
6.3 类的调用方法
类代码只有声明后才会执行,调用方式:
(1) include CLASS_NAME1, CLASS_NAME2, …
(2) 当需要赋予原变量新值的时候,才用此方式调用
此时变量的值将以调用时赋予的值为准,而非原定义的值
class{‘CLASS_NAME’:
attribute => value,
}
eg:
定义类:
class web(#webserver=’httpd’) {
package{“$webserver”‘:
ensure => installed,
}
}
调用类:
class{‘web’:
webserver => ‘nginx’,
}
6.4 示例
示例1:
class apache2 {
$webpkg = $operatingsystem ? {
/(?i-mx:(centos|redhat|fedora))/ => ‘httpd’,
/(?i-mx:(ubuntu|debian))/ => ‘apache2’,
default => ‘httpd’,
}
package{“$webpkg”:
ensure => installed,
}
file{‘/etc/httpd/conf/httpd.conf’:
ensure => file,
owner => root,
group => root,
source => ‘/tmp/httpd.conf’,
require => Package[“$webpkg”],
notify => Service[‘httpd’],
}
service{‘httpd’:
ensure => running,
enable => true,
}
}
include apache2
示例2:
class web($webserver=’httpd’) {
package{“$webserver”:
ensure => installed,
before => [ File[‘httpd.conf’], Service[‘httpd’] ],
}
file{‘httpd.conf’:
path => ‘/etc/httpd/conf/httpd.conf’,
source => ‘/root/manifests/httpd.conf’,
ensure => file,
}
service{‘httpd’:
ensure => running,
enable => true,
restart => ‘systemctl restart httpd.service’,
subscribe => File[‘httpd.conf’],
}
}
class{‘web’:
webserver => ‘apache2’,
}
6.5 类的继承
6.5.1 简介
类的继承: 在原定义的类的基础上,新增加代码,即称为类的继承
而子类也会具有父类的全部特性(代码)
用作: 减少代码冗余–当多个模块的代码中,有重复的部分,那么重复的部分既可以
定义为一个类;
6.5.2 继承方式:
类继承的方式:
class SUB_CLASS_NAME(子类) inherits PARENT_CLASS_NAME(父|基类) {
…puppet code…
}
或使用完全限定名称:
#即声明是在某父类下新定义了一个子类,此方式可以直观看出父类
class PARENT_CLASS_NAME::SUB_CLASS_NAME inherits PARENT_CLASS_NAME {
…puppet code…
}
6.5.3 增加或修改父类资源属性
子类中 添加|覆盖 资源属性的方式:
添加:
先调用父类中拥有的资源模块,并使用”+>“指定添加新的资源属性, 同时若新属性相关资源
未在父类中出现,还需要额外定义个新的资源;
Service[‘nginx’] {
subscribe +> File[‘ngx-web.conf’],
}
覆盖(修改)
若希望覆盖父类中的资源定义的属性,则直接使用”=>“,而非”+>”
Service[‘nginx’] {
subscribe => File[‘ngx-web.conf’],
}
6.5.4 子类调用
子类调用:
include PARENT_CLASS_NAME::SUB_CLASS_NAME
6.5.5 示例:
eg:
class nginx::web inherits nginx {Service[‘nginx’] {subscribe +> File[‘ngx-web.conf’],#在原nginx资源基础上,增加一个subscribe订阅属性,订阅 File[‘ngx-web.conf’]}
#由于原父类中没有 file {‘ngx-web.conf’},因此在此需要额外定义;
file{‘ngx-web.conf’:
path => ‘/etc/nginx/conf.d/ngx-web.conf’,ensure => file,source => ‘/root/manifests/ngx-web.conf’,}
}
示例:
class nginx {
package{‘nginx’:
ensure => installed,
}
service{‘nginx’:
ensure => running,
enable => true,
restart => ‘/usr/sbin/nginx -s reload’,
}
}
class nginx::web inherits nginx {
Service[‘nginx’] {
subscribe +> File[‘ngx-web.conf’],
}
file{‘ngx-web.conf’:
path => ‘/etc/nginx/conf.d/ngx-web.conf’,
ensure => file,
source => ‘/root/manifests/ngx-web.conf’,
}
}
class nginx::proxy inherits nginx {
Service[‘nginx’] {
subscribe +> File[‘ngx-proxy.conf’],
}
file{‘ngx-proxy.conf’:
path => ‘/etc/nginx/conf.d/ngx-proxy.conf’,
ensure => file,
source => ‘/root/manifests/ngx-proxy.conf’,
}
}
include nginx::proxy
七.puppet 模板
7.1 简介
erb:模板语言,embedded ruby;
模板文件即为以”.erb”为后缀的文件
puppet兼容的erb语法:
https://docs.puppet.com/puppet/latest/reference/lang_template_erb.html
注意: 模板通常只能帮助以指定内容生成文件
7.2 定义方式:
file{‘title’:
ensure => file,
content => template(‘/PATH/TO/ERB_FILE.erb‘), #指定模板文件
#template为内建函数
}
文本文件中内嵌变量替换机制:
<%= @VARIABLE_NAME %>
(变量获取可以使用 fecter -p 产看)
eg:
创建一个以模板为内容的文件
mkdir -p /puppet/manifest
#定义一个资源清单:
vim /puppet/manifest/test.pp
file{‘/puppet/test.txt’:
content => template(‘/puppet/test.erb’),
#以模板为内容生成/puppet/test.txt文件
}
#创建一个模板文件:
vim /puppet/test.erb:
OS_name: <%= @operatingsystem %>
version: <%= @operatingsystemrelease %>
#执行
puppet apply –verobse –debug /puppet/manifest/test.pp
[root@node74 puppet]# cat test.txt
os_name : CentOSversion : 7.2.1511
7.4 示例:
ngx-web.conf中的
class nginx {
package{‘nginx’:
ensure => installed,
}
service{‘nginx’:
ensure => running,
enable => true,
require => Package[‘nginx’],
}
}
class nginx::web inherits nginx {
file{‘ngx-web.conf’:
path => ‘/etc/nginx/conf.d/ngx-web.conf’,
ensure => file,
require => Package[‘nginx’],
source => ‘/root/manifests/nginx/ngx-web.conf’,
}
file{‘nginx.conf’:
path => ‘/etc/nginx/nginx.conf’,
ensure => file,
content => template(‘/root/manifests/nginx.conf.erb’),
require => Package[‘nginx’],
}
Service[‘nginx’] {
subscribe => [ File[‘ngx-web.conf’], File[‘nginx.conf’] ],
}
}
include nginx::web
八.puppet 模板
8.1 简介
puppet模块:
模块就是一个按约定的、预定义的结构存放了多个文件或子目录的目录,目录里的这些文件
或子目录必须遵循一定格式的命名规范;
#类似ansible 中的 playbook;
模块默认存放位置: /etc/puppet/modules
#puppet默认会在此路径下搜索模块
模块查看:
puppet module list
#若已经创建了模块,可以使用此命令检测到;
模块调用:
1. 直接在命令行使用puppet -e 调用:
puppet apply -e “include module_name”
2. 在站点清单中调用
注意: 勿自调用
8.2 模块结构
puppet会在配置的路径下查找所需要的模块;
MODULES_NAME:
manifests/
init.pp
files/
templates/
lib/
spec/
tests/
注意:模块名只能以小写字母开头,可以包含小写字母、数字和下划线;但不能使用”main”和”settings“;
manifests/
init.pp:必须一个类定义,类名称必须与模块名称相同;
files/:静态文件;
puppet URL:
puppet:///modules/MODULE_NAME/FILE_NAME
templates/:
tempate(‘MOD_NAME/TEMPLATE_FILE_NAME.erb’)
注意: 使用content => template(‘module_name/template_file.erb’)
此处使用相对路径即可;
eg:
content => template(‘mariadb/my.cnf.erb’),
lib/:插件目录,常用于存储自定义的facts以及自定义类型;
spec/:类似于tests目录,存储lib/目录下插件的使用帮助和范例;
tests/:当前模块的使用帮助或使用范例文件;
8.3 示例:
mariadb的清单文件示例:
class mariadb($datadir=’/var/lib/mysql’) {
package{‘mariadb-server’:
ensure => installed,
}
file{“$datadir”:
ensure => directory,
owner => mysql,
group => mysql,
require => [ Package[‘mariadb-server’], Exec[‘createdir’], ],
}
exec{‘createdir’:
command => “mkdir -pv $datadir”,
require => Package[‘mariadb-server’],
path => ‘/bin:/sbin:/usr/bin:/usr/sbin’,
}
file{‘my.cnf’:
path => ‘/etc/my.cnf’,
content => template(‘mariadb/my.cnf.erb’),
注意: 此处使用相对路径即可
require => Package[‘mariadb-server’],
notify => Service[‘mariadb’],
}
service{‘mariadb’:
ensure => running,
enable => true,
require => [ Exec[‘createdir’], File[“$datadir”], ],
}
}
拆分为模块形式:
#创建mariadb模块的目录结构
mkdir -p /etc/puppet/modules/mariadb/{manifests,files,lib,templates,tests,spec}
#复制/etc/my.inf文件到 /etc/puppet/modules/mariadb/templates下
改名为my.inf.erb
修改内容 : datadir=<%= @mysqldir %>
#创建清单列表/etc/puppet/modules/mariadb/manifest/init.pp:
class mariadb($mysqldir='/mysql') {package{'mariadb-server':ensure => installed,}file{'/etc/my.inf':ensure => file,content => template('mariadb/my.cnf.erb'),require => Package['mariadb-server'],}file{"$mysqldir":ensure => directory,owner => mysql,group => mysql,require => Package['mariadb-server'],}service{'mariadb':ensure => running,enable => true,subscribe => File['/etc/my.inf'],}}
#模块查看:
[root@node74 manifest]# puppet module list/etc/puppet/modules└── mariadb (???)/usr/share/puppet/modules (no modules installed)
#模块调用测试;
puppet apply –verbose –noop –debug -e “include mariadb”
实践作业:
开发模块:
memcached
nginx(反代动态请求至httpd,work_process的值随主机CPU数量而变化)
jdk(输出JAVA_HOME环境变量)
tomcat
mariadb
httpd(反代请求至tomcat,ajp连接器;mpm允许用户通过参数指定)
原创文章,作者:ldt195175108,如若转载,请注明出处:http://www.178linux.com/62619
