|
前文我們了解了部分puppet的資源的使用�����,以及資源和資源的依賴關(guān)系的定義���,回顧請(qǐng)參考https://www.cnblogs.com/qiuhom-1874/p/14071459.html��;今天我們繼續(xù)puppet常用資源的使用相關(guān)話題;
1�、file:該資源類型主要用來管理被控端主機(jī)上的文件;該資源作用相當(dāng)于ansible中的copy和file兩個(gè)模塊的功能���;它可以實(shí)現(xiàn)文件的新建�����,刪除�,復(fù)制等功能;
主要屬性
ensure:用于描述文件的類型和目標(biāo)狀態(tài)的�,常用的文件類型有3中,第一種是普通文件(file)��,其內(nèi)容由content屬性生成或復(fù)制由source屬性指向的文件路徑來創(chuàng)建��;第二種是目錄(directory)���,可通過source指向的路徑復(fù)制生成�����,recurse屬性指明是否遞歸復(fù)制�����;第三種是符合鏈接文件(link)����,必須由target屬性指明其鏈接的目標(biāo)文件����;取值有present/absent,file,directory,link��;
path:文件路徑(namevar)
source:源文件;
content:文件內(nèi)容����;
target:符號(hào)鏈接的目標(biāo)文件;
owner:屬主����;
group:屬組;
mode:權(quán)限���;
ctime/mtime:時(shí)間戳����;
示例:指定內(nèi)容創(chuàng)建新文件
[root@node12 ~]# cat file.pp
file{"/tmp/test.txt":
ensure => file,
content => "this is test file",
mode => 0644,
owner => 'jerry',
group => 'root'
}
[root@node12 ~]#
提示:以上資源清單定義了在/tmp目錄下新建一個(gè)test.txt的文件�,其文件內(nèi)容是“this is test file”,屬主是jerry�����,屬組是root,權(quán)限是0644��;
檢查資源清單語法
[root@node12 ~]# puppet apply -v --noop file.pp
Notice: Compiled catalog for node12.test.org in environment production in 0.05 seconds
Info: Applying configuration version '1606886216'
Notice: /Stage[main]/Main/File[/tmp/test.txt]/ensure: current_value absent, should be file (noop)
Notice: Class[Main]: Would have triggered 'refresh' from 1 events
Notice: Stage[main]: Would have triggered 'refresh' from 1 events
Notice: Finished catalog run in 0.03 seconds
[root@node12 ~]#
應(yīng)用資源清單
[root@node12 ~]# ll /tmp
total 0
srwx------ 1 mongod mongod 0 Dec 2 13:04 mongodb-27017.sock
drwx------ 3 root root 17 Dec 2 13:04 systemd-private-d48e3508588440ff9b36efa29faed224-chronyd.service-V7fHnq
[root@node12 ~]# puppet apply -v file.pp
Notice: Compiled catalog for node12.test.org in environment production in 0.05 seconds
Info: Applying configuration version '1606886384'
Notice: /Stage[main]/Main/File[/tmp/test.txt]/ensure: defined content as '{md5}973131af48aa1d25bf187dacaa5ca7c0'
Notice: Finished catalog run in 0.03 seconds
[root@node12 ~]#
驗(yàn)證:查看/tmp/目錄下是否生成了test.txt文件�����,內(nèi)容和屬主�����,屬組和權(quán)限是否是我們指定的內(nèi)容呢�?
[root@node12 ~]# ll /tmp
total 4
srwx------ 1 mongod mongod 0 Dec 2 13:04 mongodb-27017.sock
drwx------ 3 root root 17 Dec 2 13:04 systemd-private-d48e3508588440ff9b36efa29faed224-chronyd.service-V7fHnq
-rw-r--r-- 1 jerry root 17 Dec 2 13:19 test.txt
[root@node12 ~]# cat /tmp/test.txt
this is test file[root@node12 ~]#
提示:可以看到在/tmp目錄下生成了test.txt文件,其屬主是jerry�����,屬組是root����,權(quán)限是644,內(nèi)容是“this is test file”�,完全是我們指定的屬性;
示例:復(fù)制一個(gè)文件生成另一個(gè)文件
[root@node12 ~]# cat copyfile.pp
file{"/tmp/test1":
ensure => file,
source => '/etc/issue',
owner => 'jerry',
group => 'jerry',
mode => 400,
}
[root@node12 ~]#
驗(yàn)證:應(yīng)用資源清單���,看看對(duì)應(yīng)/tmp/目錄下是否會(huì)生成test1文件��?文件屬主屬組和權(quán)限信息是否是我們指定的屬性信息呢�?
[root@node12 ~]# ll /tmp
total 4
srwx------ 1 mongod mongod 0 Dec 2 13:04 mongodb-27017.sock
drwx------ 3 root root 17 Dec 2 13:04 systemd-private-d48e3508588440ff9b36efa29faed224-chronyd.service-V7fHnq
-rw-r--r-- 1 jerry root 17 Dec 2 13:19 test.txt
[root@node12 ~]# puppet apply -v --noop copyfile.pp
Notice: Compiled catalog for node12.test.org in environment production in 0.06 seconds
Info: Applying configuration version '1606886863'
Notice: /Stage[main]/Main/File[/tmp/test1]/ensure: current_value absent, should be file (noop)
Notice: Class[Main]: Would have triggered 'refresh' from 1 events
Notice: Stage[main]: Would have triggered 'refresh' from 1 events
Notice: Finished catalog run in 0.04 seconds
[root@node12 ~]# puppet apply -v copyfile.pp
Notice: Compiled catalog for node12.test.org in environment production in 0.05 seconds
Info: Applying configuration version '1606886868'
Notice: /Stage[main]/Main/File[/tmp/test1]/ensure: defined content as '{md5}f078fe086dfc22f64b5dca2e1b95de2c'
Notice: Finished catalog run in 0.04 seconds
[root@node12 ~]# ll /tmp
total 8
srwx------ 1 mongod mongod 0 Dec 2 13:04 mongodb-27017.sock
drwx------ 3 root root 17 Dec 2 13:04 systemd-private-d48e3508588440ff9b36efa29faed224-chronyd.service-V7fHnq
-r-------- 1 jerry jerry 23 Dec 2 13:27 test1
-rw-r--r-- 1 jerry root 17 Dec 2 13:19 test.txt
[root@node12 ~]# cat /tmp/test1
\S
Kernel \r on an \m
[root@node12 ~]#
提示:可以看到對(duì)應(yīng)目錄下生成了我們指定的文件��,其內(nèi)容是我們指定的source屬性所對(duì)應(yīng)的文件內(nèi)容;屬主/組和權(quán)限都是我們指定的屬性�����;
示例:創(chuàng)建空目錄
[root@node12 ~]# cat directory.pp
file{"/tmp/test":
ensure => directory,
owner => 'jerry',
group => 'jerry',
mode => 755,
}
[root@node12 ~]#
應(yīng)用資源清單并驗(yàn)證對(duì)應(yīng)目錄是否創(chuàng)建?
[root@node12 ~]# ll /tmp/
total 8
srwx------ 1 mongod mongod 0 Dec 2 13:04 mongodb-27017.sock
drwx------ 3 root root 17 Dec 2 13:04 systemd-private-d48e3508588440ff9b36efa29faed224-chronyd.service-V7fHnq
-r-------- 1 jerry jerry 23 Dec 2 13:27 test1
-rw-r--r-- 1 jerry root 17 Dec 2 13:19 test.txt
[root@node12 ~]# puppet apply -v --noop directory.pp
Notice: Compiled catalog for node12.test.org in environment production in 0.05 seconds
Info: Applying configuration version '1606887273'
Notice: /Stage[main]/Main/File[/tmp/test]/ensure: current_value absent, should be directory (noop)
Notice: Class[Main]: Would have triggered 'refresh' from 1 events
Notice: Stage[main]: Would have triggered 'refresh' from 1 events
Notice: Finished catalog run in 0.03 seconds
[root@node12 ~]# puppet apply -v directory.pp
Notice: Compiled catalog for node12.test.org in environment production in 0.05 seconds
Info: Applying configuration version '1606887279'
Notice: /Stage[main]/Main/File[/tmp/test]/ensure: created
Notice: Finished catalog run in 0.03 seconds
[root@node12 ~]# ll /tmp
total 8
srwx------ 1 mongod mongod 0 Dec 2 13:04 mongodb-27017.sock
drwx------ 3 root root 17 Dec 2 13:04 systemd-private-d48e3508588440ff9b36efa29faed224-chronyd.service-V7fHnq
drwxr-xr-x 2 jerry jerry 6 Dec 2 13:34 test
-r-------- 1 jerry jerry 23 Dec 2 13:27 test1
-rw-r--r-- 1 jerry root 17 Dec 2 13:19 test.txt
[root@node12 ~]#
示例:復(fù)制目錄
[root@node12 ~]# cat copydirectory.pp
file{"copy directory":
ensure => directory,
path => '/tmp/test.repos.d',
source => '/etc/yum.repos.d/'
}
[root@node12 ~]#
應(yīng)用資源清單并且驗(yàn)證對(duì)應(yīng)目錄是否生成���?
[root@node12 ~]# puppet apply -v copydirectory.pp
Notice: Compiled catalog for node12.test.org in environment production in 0.05 seconds
Info: Applying configuration version '1606887595'
Notice: /Stage[main]/Main/File[copy directory]/ensure: created
Notice: Finished catalog run in 0.04 seconds
[root@node12 ~]# ll /tmp
total 8
srwx------ 1 mongod mongod 0 Dec 2 13:04 mongodb-27017.sock
drwx------ 3 root root 17 Dec 2 13:04 systemd-private-d48e3508588440ff9b36efa29faed224-chronyd.service-V7fHnq
drwxr-xr-x 2 jerry jerry 6 Dec 2 13:34 test
-r-------- 1 jerry jerry 23 Dec 2 13:27 test1
drwxr-xr-x 2 root root 6 Dec 2 13:39 test.repos.d
-rw-r--r-- 1 jerry root 17 Dec 2 13:19 test.txt
[root@node12 ~]# ll /tmp/test.repos.d/
total 0
[root@node12 ~]#
提示:這里只是復(fù)制了一個(gè)空目錄過來�,對(duì)應(yīng)目錄下沒有任何文件�����,如果需要遞歸復(fù)制�,需要加上recurse屬性為true;
遞歸復(fù)制目錄
[root@node12 ~]# cat copydirectory.pp
file{"copy directory":
ensure => directory,
path => '/tmp/test.repos.d',
source => '/etc/yum.repos.d/',
recurse => true
}
[root@node12 ~]# puppet apply -v copydirectory.pp
Notice: Compiled catalog for node12.test.org in environment production in 0.05 seconds
Info: Applying configuration version '1606887954'
Notice: /Stage[main]/Main/File[/tmp/test.repos.d/centos7-aliyun-epel.repo]/ensure: defined content as '{md5}ad7e2bf9550cde4f863d5157d9dea4cb'
Notice: /Stage[main]/Main/File[/tmp/test.repos.d/bak]/ensure: created
Notice: /Stage[main]/Main/File[/tmp/test.repos.d/bak/CentOS-Base.repo]/ensure: defined content as '{md5}9098fc723b1e00c92e8515f06980d83e'
Notice: /Stage[main]/Main/File[/tmp/test.repos.d/bak/CentOS-Debuginfo.repo]/ensure: defined content as '{md5}e9e506425094f43b5c8f053090dbf4d4'
Notice: /Stage[main]/Main/File[/tmp/test.repos.d/bak/CentOS-Vault.repo]/ensure: defined content as '{md5}9fdd3d91192aa05427c3a9684eeb1345'
Notice: /Stage[main]/Main/File[/tmp/test.repos.d/bak/CentOS-CR.repo]/ensure: defined content as '{md5}445ed4f0ee3888384e854fb8527a7cde'
Notice: /Stage[main]/Main/File[/tmp/test.repos.d/bak/CentOS-Sources.repo]/ensure: defined content as '{md5}04d662bb1648477bf50e658a20c10145'
Notice: /Stage[main]/Main/File[/tmp/test.repos.d/CentOS-Base.repo]/ensure: defined content as '{md5}4861d3b742e8e8c05b67e3abf7904f17'
Notice: /Stage[main]/Main/File[/tmp/test.repos.d/mongodb.repo]/ensure: defined content as '{md5}fbe938506cda5002d9b8068e6bb4a355'
Notice: /Stage[main]/Main/File[/tmp/test.repos.d/bak/CentOS-Media.repo]/ensure: defined content as '{md5}1d7797c5082bd565facd68c5aa9352bf'
Notice: /Stage[main]/Main/File[/tmp/test.repos.d/bak/CentOS-fasttrack.repo]/ensure: defined content as '{md5}52d296f7a45f56c85d18473eca5bab16'
Notice: Finished catalog run in 0.12 seconds
[root@node12 ~]# ll /tmp/test.repos.d/
total 12
drwxr-xr-x 2 root root 187 Dec 2 13:45 bak
-rw-r--r-- 1 root root 665 Dec 2 13:45 centos7-aliyun-epel.repo
-rw-r--r-- 1 root root 2524 Dec 2 13:45 CentOS-Base.repo
-rw-r--r-- 1 root root 206 Dec 2 13:45 mongodb.repo
[root@node12 ~]# ll /tmp/test.repos.d/bak/
total 28
-rw-r--r-- 1 root root 1664 Dec 2 13:45 CentOS-Base.repo
-rw-r--r-- 1 root root 1309 Dec 2 13:45 CentOS-CR.repo
-rw-r--r-- 1 root root 649 Dec 2 13:45 CentOS-Debuginfo.repo
-rw-r--r-- 1 root root 314 Dec 2 13:45 CentOS-fasttrack.repo
-rw-r--r-- 1 root root 630 Dec 2 13:45 CentOS-Media.repo
-rw-r--r-- 1 root root 1331 Dec 2 13:45 CentOS-Sources.repo
-rw-r--r-- 1 root root 3830 Dec 2 13:45 CentOS-Vault.repo
[root@node12 ~]#
提示:可以看到在資源清單中加上recurse屬性為true后,再次執(zhí)行資源清單�,對(duì)應(yīng)源目錄下的所有文件,子目錄及文件都遞歸的復(fù)制到path所指定的目錄下了����;這里需要注意一點(diǎn),如果源是文件��,目標(biāo)是目錄���,則復(fù)制過去的是一個(gè)文件并非是把文件復(fù)制到目錄下;所以puppet中的文件復(fù)制是同類型文件間的復(fù)制���;
創(chuàng)建符號(hào)鏈接文件
[root@node12 ~]# cat createlink.pp
file{"create link file":
ensure => link,
path => '/tmp/passwd',
target => '/etc/passwd',
}
[root@node12 ~]#
提示:以上資源清單定義了把/tmp/passwd文件連接至/etc/passwd�����,即在創(chuàng)建/tmp/passwd符號(hào)連接文件����,并將其目標(biāo)鏈接文件指向/etc/passwd文件;
應(yīng)用清單文件�,看看對(duì)應(yīng)符號(hào)鏈接文件是否生成?
[root@node12 ~]# ll /tmp
total 8
srwx------ 1 mongod mongod 0 Dec 2 13:04 mongodb-27017.sock
drwx------ 3 root root 17 Dec 2 13:04 systemd-private-d48e3508588440ff9b36efa29faed224-chronyd.service-V7fHnq
drwxr-xr-x 2 jerry jerry 6 Dec 2 13:34 test
-r-------- 1 jerry jerry 23 Dec 2 13:27 test1
drwxr-xr-x 3 root root 93 Dec 2 13:45 test.repos.d
-rw-r--r-- 1 jerry root 17 Dec 2 13:19 test.txt
[root@node12 ~]# puppet apply -v --noop createlink.pp
Notice: Compiled catalog for node12.test.org in environment production in 0.05 seconds
Info: Applying configuration version '1606888721'
Notice: /Stage[main]/Main/File[create link file]/ensure: current_value absent, should be link (noop)
Notice: Class[Main]: Would have triggered 'refresh' from 1 events
Notice: Stage[main]: Would have triggered 'refresh' from 1 events
Notice: Finished catalog run in 0.03 seconds
[root@node12 ~]# puppet apply -v createlink.pp
Notice: Compiled catalog for node12.test.org in environment production in 0.06 seconds
Info: Applying configuration version '1606888731'
Notice: /Stage[main]/Main/File[create link file]/ensure: created
Notice: Finished catalog run in 0.04 seconds
[root@node12 ~]# ll /tmp
total 8
srwx------ 1 mongod mongod 0 Dec 2 13:04 mongodb-27017.sock
lrwxrwxrwx 1 root root 11 Dec 2 13:58 passwd -> /etc/passwd
drwx------ 3 root root 17 Dec 2 13:04 systemd-private-d48e3508588440ff9b36efa29faed224-chronyd.service-V7fHnq
drwxr-xr-x 2 jerry jerry 6 Dec 2 13:34 test
-r-------- 1 jerry jerry 23 Dec 2 13:27 test1
drwxr-xr-x 3 root root 93 Dec 2 13:45 test.repos.d
-rw-r--r-- 1 jerry root 17 Dec 2 13:19 test.txt
[root@node12 ~]#
提示:可以看到/tmp目錄下生成了一個(gè)passwd的符號(hào)鏈接文件��,并目標(biāo)鏈接文件指向的是/etc/passwd文件���;
定義資源與資源間的通知或訂閱關(guān)系
我們知道一個(gè)服務(wù)的配置文件發(fā)生了變化��,如果要讓其配置生效��,通常會(huì)重新啟動(dòng)服務(wù)或重新載入配置文件內(nèi)容�����;在ansible中當(dāng)一個(gè)服務(wù)的配置文件發(fā)生變化����,是通過定義handler和notify來觸發(fā)對(duì)應(yīng)的服務(wù)執(zhí)行重啟或重載配置操作;在puppet中當(dāng)一個(gè)服務(wù)的配置文件發(fā)生變化觸發(fā)對(duì)應(yīng)服務(wù)重啟或重新載入配置����,需要定義資源與資源間的通知或訂閱關(guān)系;其語法如下
notify:前資源通知后資源
{
...
notify => Type['B'],
...
}
subscribe:后資源訂閱前資源
{
...
subscribe => Type['A'],
...
}
提示:以上兩種方式選擇其中一種即可���;這里需要注意的是引用資源其類型首字母必須大寫��;同時(shí)定義資源與資源通知或訂閱關(guān)系��,其隱含了資源執(zhí)行的先后順序(依賴關(guān)系)���;
示例:定義安裝redis,提供配置文件���,和啟動(dòng)服務(wù)����,并且當(dāng)配置文件發(fā)生變化通知redis服務(wù)重啟�;
[root@node12 ~]# cat redis.pp
package{"redis":
ensure => installed,
}
file{"/etc/redis.conf":
ensure => file,
source => '/root/redis.conf',
notify => Service["redis"],
}
service{"redis":
ensure => running,
enable => true,
hasrestart => true,
restart => 'systemctl restart redis',
}
[root@node12 ~]#
提示:以上資源清單中定義了3個(gè)資源,并且指定了當(dāng)配置文件發(fā)生變化就通知redis服務(wù)重啟��;
上述清單在file資源中通知service資源,我們也可以在service中訂閱file資源���;如下
[root@node12 ~]# cat redis.pp
package{"redis":
ensure => installed,
}
file{"/etc/redis.conf":
ensure => file,
source => '/root/redis.conf',
# notify => Service["redis"],
}
service{"redis":
ensure => running,
enable => true,
hasrestart => true,
restart => 'systemctl restart redis',
subscribe => File["/etc/redis.conf"],
}
[root@node12 ~]#
除了上述方式,我們也可以定義通知/訂閱資源鏈
[root@node12 ~]# cat redis.pp
package{"redis":
ensure => installed,
}
file{"/etc/redis.conf":
ensure => file,
source => '/root/redis.conf',
# notify => Service["redis"],
}
service{"redis":
ensure => running,
enable => true,
hasrestart => true,
restart => 'systemctl restart redis',
# subscribe => File["/etc/redis.conf"],
}
Package["redis"] -> File["/etc/redis.conf"] ~> Service["redis"]
[root@node12 ~]#
提示:定義通知/訂閱資源鏈�����,需要用到~>來表示前資源發(fā)生變化通知后資源���;
本地redis.conf內(nèi)容
[root@node12 ~]# cat redis.conf
bind 0.0.0.0
protected-mode yes
port 6379
tcp-backlog 511
timeout 0
tcp-keepalive 300
daemonize no
supervised no
pidfile /var/run/redis_6379.pid
loglevel notice
logfile /var/log/redis/redis.log
databases 16
save 900 1
save 300 10
save 60 10000
stop-writes-on-bgsave-error yes
rdbcompression yes
rdbchecksum yes
dbfilename dump.rdb
dir /var/lib/redis
slave-serve-stale-data yes
slave-read-only yes
repl-diskless-sync no
repl-diskless-sync-delay 5
repl-disable-tcp-nodelay no
slave-priority 100
appendonly no
appendfilename "appendonly.aof"
appendfsync everysec
no-appendfsync-on-rewrite no
auto-aof-rewrite-percentage 100
auto-aof-rewrite-min-size 64mb
aof-load-truncated yes
lua-time-limit 5000
slowlog-log-slower-than 10000
slowlog-max-len 128
latency-monitor-threshold 0
notify-keyspace-events ""
hash-max-ziplist-entries 512
hash-max-ziplist-value 64
list-max-ziplist-size -2
list-compress-depth 0
set-max-intset-entries 512
zset-max-ziplist-entries 128
zset-max-ziplist-value 64
hll-sparse-max-bytes 3000
activerehashing yes
client-output-buffer-limit normal 0 0 0
client-output-buffer-limit slave 256mb 64mb 60
client-output-buffer-limit pubsub 32mb 8mb 60
hz 10
aof-rewrite-incremental-fsync yes
[root@node12 ~]#
提示:以上內(nèi)容是默認(rèn)redis配置�,我們只修改了其監(jiān)聽地址為0.0.0.0���;
應(yīng)用資源清單
[root@node12 ~]# rpm -q redis
package redis is not installed
[root@node12 ~]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 *:27017 *:*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
[root@node12 ~]# puppet apply -v --noop redis.pp
Notice: Compiled catalog for node12.test.org in environment production in 0.29 seconds
Warning: The package type's allow_virtual parameter will be changing its default value from false to true in a future release. If you do not want to allow virtual packages, please explicitly set allow_virtual to false.
(at /usr/share/ruby/vendor_ruby/puppet/type.rb:816:in `set_default')
Info: Applying configuration version '1606891263'
Notice: /Stage[main]/Main/Package[redis]/ensure: current_value absent, should be present (noop)
Notice: /Stage[main]/Main/File[/etc/redis.conf]/ensure: current_value absent, should be file (noop)
Info: /Stage[main]/Main/File[/etc/redis.conf]: Scheduling refresh of Service[redis]
Notice: /Stage[main]/Main/Service[redis]/ensure: current_value stopped, should be running (noop)
Info: /Stage[main]/Main/Service[redis]: Unscheduling refresh on Service[redis]
Notice: Class[Main]: Would have triggered 'refresh' from 3 events
Notice: Stage[main]: Would have triggered 'refresh' from 1 events
Notice: Finished catalog run in 0.12 seconds
[root@node12 ~]# puppet apply -v redis.pp
Notice: Compiled catalog for node12.test.org in environment production in 0.30 seconds
Warning: The package type's allow_virtual parameter will be changing its default value from false to true in a future release. If you do not want to allow virtual packages, please explicitly set allow_virtual to false.
(at /usr/share/ruby/vendor_ruby/puppet/type.rb:816:in `set_default')
Info: Applying configuration version '1606891271'
Notice: /Stage[main]/Main/Package[redis]/ensure: created
Info: /Stage[main]/Main/File[/etc/redis.conf]: Filebucketed /etc/redis.conf to puppet with sum d98629fded012cd2a25b9db0599a9251
Notice: /Stage[main]/Main/File[/etc/redis.conf]/content: content changed '{md5}d98629fded012cd2a25b9db0599a9251' to '{md5}12e59b058c0ef61ad52bcfa2d4de58ff'
Notice: /Stage[main]/Main/File[/etc/redis.conf]/owner: owner changed 'redis' to 'root'
Notice: /Stage[main]/Main/File[/etc/redis.conf]/mode: mode changed '0640' to '0644'
Info: /Stage[main]/Main/File[/etc/redis.conf]: Scheduling refresh of Service[redis]
Info: /Stage[main]/Main/File[/etc/redis.conf]: Scheduling refresh of Service[redis]
Info: /Stage[main]/Main/File[/etc/redis.conf]: Scheduling refresh of Service[redis]
Notice: /Stage[main]/Main/Service[redis]/ensure: ensure changed 'stopped' to 'running'
Info: /Stage[main]/Main/Service[redis]: Unscheduling refresh on Service[redis]
Notice: Finished catalog run in 4.81 seconds
[root@node12 ~]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:6379 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 *:27017 *:*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
[root@node12 ~]# grep -Ei "^bind|port" /etc/redis.conf
bind 0.0.0.0
port 6379
[root@node12 ~]#
提示:可以看到應(yīng)用資源清單后�,安裝redis包��,提供配置��,啟動(dòng)服務(wù)就一并完成了���;
修改配置文件再次執(zhí)行資源清單��,看看對(duì)應(yīng)服務(wù)是否會(huì)發(fā)生重啟�,應(yīng)用新配置呢?
[root@node12 ~]# grep -Ei "^bind|port" /root/redis.conf
bind 0.0.0.0
port 16379
[root@node12 ~]#
提示:以上把/root/目錄下的redis.conf文件中的prot修改成16379�;
執(zhí)行資源清單
[root@node12 ~]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:6379 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 *:27017 *:*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
[root@node12 ~]# puppet apply -v redis.pp
Notice: Compiled catalog for node12.test.org in environment production in 0.30 seconds
Warning: The package type's allow_virtual parameter will be changing its default value from false to true in a future release. If you do not want to allow virtual packages, please explicitly set allow_virtual to false.
(at /usr/share/ruby/vendor_ruby/puppet/type.rb:816:in `set_default')
Info: Applying configuration version '1606891609'
Info: /Stage[main]/Main/File[/etc/redis.conf]: Filebucketed /etc/redis.conf to puppet with sum 12e59b058c0ef61ad52bcfa2d4de58ff
Notice: /Stage[main]/Main/File[/etc/redis.conf]/content: content changed '{md5}12e59b058c0ef61ad52bcfa2d4de58ff' to '{md5}13a04cb20de2d787e0e18c1c13560cab'
Info: /Stage[main]/Main/File[/etc/redis.conf]: Scheduling refresh of Service[redis]
Notice: /Stage[main]/Main/Service[redis]: Triggered 'refresh' from 1 events
Notice: Finished catalog run in 0.26 seconds
[root@node12 ~]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 *:16379 *:*
LISTEN 0 128 *:27017 *:*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
[root@node12 ~]#
提示:可以看到再次執(zhí)行資源清單,對(duì)應(yīng)服務(wù)也應(yīng)用了新的配置���,說明redis服務(wù)發(fā)生了重啟�;我們定義的資源間通知或訂閱關(guān)系生效了���;
2��、exec:該資源類型主要用于描述在被控端執(zhí)行命令����;
主要屬性
command:要執(zhí)行的命令(namevar)����;
creates:文件路徑,僅此路徑表示的文件不存在時(shí)��,command方才執(zhí)行���;
user/group:運(yùn)行命令的用戶身份��;
cwd:切換工作目錄�;
path:命令搜索路徑,即在那些路徑下可以搜索到對(duì)應(yīng)命令���,類似PATH環(huán)境變量�����;
onlyif:此屬性指定一個(gè)命令,此命令正常(退出碼為0)運(yùn)行時(shí)�����,當(dāng)前command才會(huì)運(yùn)行��;
unless:此屬性指定一個(gè)命令�����,此命令非正常(退出碼為非0)運(yùn)行時(shí)���,當(dāng)前command才會(huì)運(yùn)行�����;
refresh:重新執(zhí)行當(dāng)前command的替代命令��;
refreshonly:僅接收到訂閱的資源的通知時(shí)方才運(yùn)行����;
示例:使用mkdir命令在被控端主機(jī)上創(chuàng)建目錄,條件是當(dāng)指定的目錄不存在時(shí)才創(chuàng)建�����;
[root@node12 ~]# cat exec.pp
exec{"create directory":
command => 'mkdir /tmp/tom',
path => '/bin:/sbin:/usr/bin:/usr/sbin',
unless => 'test -d /tmp/tom',
}
[root@node12 ~]#
提示:以上清單表示如果被控端的/tmp/tom不存在時(shí)�,則在被控端執(zhí)行mkdir /tmp/tom,執(zhí)行mkdir這個(gè)命令的搜索路徑為/bin:/sbin:/usr/bin:/usr/sbin���;
應(yīng)用清單�����,看看對(duì)應(yīng)目錄是否會(huì)被創(chuàng)建��?
[root@node12 ~]# ll /tmp/
total 8
srwx------ 1 mongod mongod 0 Dec 2 18:59 mongodb-27017.sock
lrwxrwxrwx 1 root root 11 Dec 2 13:58 passwd -> /etc/passwd
drwx------ 3 root root 17 Dec 2 18:59 systemd-private-62bd808f926f45528710005f2104130c-chronyd.service-wtp0Tm
drwxr-xr-x 2 jerry jerry 6 Dec 2 13:34 test
-r-------- 1 jerry jerry 23 Dec 2 13:27 test1
drwxr-xr-x 3 root root 93 Dec 2 13:45 test.repos.d
-rw-r--r-- 1 jerry root 17 Dec 2 13:19 test.txt
[root@node12 ~]# puppet apply -v --noop exec.pp
Notice: Compiled catalog for node12.test.org in environment production in 0.07 seconds
Info: Applying configuration version '1606907819'
Notice: /Stage[main]/Main/Exec[create directory]/returns: current_value notrun, should be 0 (noop)
Notice: Class[Main]: Would have triggered 'refresh' from 1 events
Notice: Stage[main]: Would have triggered 'refresh' from 1 events
Notice: Finished catalog run in 0.04 seconds
[root@node12 ~]# puppet apply -v exec.pp
Notice: Compiled catalog for node12.test.org in environment production in 0.02 seconds
Info: Applying configuration version '1606907836'
Notice: /Stage[main]/Main/Exec[create directory]/returns: executed successfully
Notice: Finished catalog run in 0.03 seconds
[root@node12 ~]# ll /tmp/
total 8
srwx------ 1 mongod mongod 0 Dec 2 18:59 mongodb-27017.sock
lrwxrwxrwx 1 root root 11 Dec 2 13:58 passwd -> /etc/passwd
drwx------ 3 root root 17 Dec 2 18:59 systemd-private-62bd808f926f45528710005f2104130c-chronyd.service-wtp0Tm
drwxr-xr-x 2 jerry jerry 6 Dec 2 13:34 test
-r-------- 1 jerry jerry 23 Dec 2 13:27 test1
drwxr-xr-x 3 root root 93 Dec 2 13:45 test.repos.d
-rw-r--r-- 1 jerry root 17 Dec 2 13:19 test.txt
drwxr-xr-x 2 root root 6 Dec 2 19:17 tom
[root@node12 ~]#
提示:以上是/tmp/tom目錄不存在就創(chuàng)建��,現(xiàn)在已經(jīng)創(chuàng)建好了���,再次執(zhí)行命令按道理是要報(bào)錯(cuò)說目錄已存在;
驗(yàn)證:再次執(zhí)行清單�����,看看是否會(huì)報(bào)錯(cuò)?
[root@node12 ~]# ll /tmp/
total 8
srwx------ 1 mongod mongod 0 Dec 2 18:59 mongodb-27017.sock
lrwxrwxrwx 1 root root 11 Dec 2 13:58 passwd -> /etc/passwd
drwx------ 3 root root 17 Dec 2 18:59 systemd-private-62bd808f926f45528710005f2104130c-chronyd.service-wtp0Tm
drwxr-xr-x 2 jerry jerry 6 Dec 2 13:34 test
-r-------- 1 jerry jerry 23 Dec 2 13:27 test1
drwxr-xr-x 3 root root 93 Dec 2 13:45 test.repos.d
-rw-r--r-- 1 jerry root 17 Dec 2 13:19 test.txt
drwxr-xr-x 2 root root 6 Dec 2 19:17 tom
[root@node12 ~]# puppet apply -v exec.pp
Notice: Compiled catalog for node12.test.org in environment production in 0.02 seconds
Info: Applying configuration version '1606907999'
Notice: Finished catalog run in 0.02 seconds
[root@node12 ~]#
提示:可以看到再次執(zhí)行并沒有報(bào)錯(cuò)���,這是因?yàn)槲覀兗恿藆nless這個(gè)屬性去判斷是否滿足執(zhí)行命令的條件���;只有滿足執(zhí)行命令的條件后,對(duì)應(yīng)命令才可被執(zhí)行���;為了保證多次執(zhí)行資源清單的冪等性,在執(zhí)行某些不冪等的命令一定要加上條件�����;
示例:當(dāng)redis配置文件發(fā)生改變以后���,就重啟redis
[root@node12 ~]# cat exec2.pp
exec{"systemctl restart redis":
path => '/bin:/sbin:/usr/bin:/usr/sbin',
refreshonly => true,
}
file{"/etc/redis.conf":
ensure => file,
source => '/root/redis.conf',
}
File["/etc/redis.conf"] ~> Exec["systemctl restart redis"]
[root@node12 ~]#
提示:以上清單內(nèi)容表示當(dāng)/etc/redis.conf文件內(nèi)容發(fā)生變化�����,就通知執(zhí)行重啟redis服務(wù)命令����;
當(dāng)前redis配置文件監(jiān)聽端口
[root@node12 ~]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 *:16379 *:*
LISTEN 0 128 *:27017 *:*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
[root@node12 ~]# grep -Ei "^bind|port" /etc/redis.conf
bind 0.0.0.0
port 16379
[root@node12 ~]#
修改/root/redis.conf文件中的端口信息為6379
[root@node12 ~]# grep -Ei "^bind|port" /root/redis.conf
bind 0.0.0.0
port 6379
[root@node12 ~]#
執(zhí)行清單,看看對(duì)應(yīng)redis是否會(huì)監(jiān)聽在6379這個(gè)端口上�?
[root@node12 ~]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 *:16379 *:*
LISTEN 0 128 *:27017 *:*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
[root@node12 ~]# puppet apply -v --noop exec2.pp
Notice: Compiled catalog for node12.test.org in environment production in 0.07 seconds
Info: Applying configuration version '1606909853'
Notice: /Stage[main]/Main/File[/etc/redis.conf]/content: current_value {md5}13a04cb20de2d787e0e18c1c13560cab, should be {md5}12e59b058c0ef61ad52bcfa2d4de58ff (noop)
Info: /Stage[main]/Main/File[/etc/redis.conf]: Scheduling refresh of Exec[systemctl restart redis]
Notice: /Stage[main]/Main/Exec[systemctl restart redis]: Would have triggered 'refresh' from 1 events
Notice: Class[Main]: Would have triggered 'refresh' from 2 events
Notice: Stage[main]: Would have triggered 'refresh' from 1 events
Notice: Finished catalog run in 0.02 seconds
[root@node12 ~]# puppet apply -v exec2.pp
Notice: Compiled catalog for node12.test.org in environment production in 0.07 seconds
Info: Applying configuration version '1606909859'
Info: FileBucket got a duplicate file {md5}13a04cb20de2d787e0e18c1c13560cab
Info: /Stage[main]/Main/File[/etc/redis.conf]: Filebucketed /etc/redis.conf to puppet with sum 13a04cb20de2d787e0e18c1c13560cab
Notice: /Stage[main]/Main/File[/etc/redis.conf]/content: content changed '{md5}13a04cb20de2d787e0e18c1c13560cab' to '{md5}12e59b058c0ef61ad52bcfa2d4de58ff'
Info: /Stage[main]/Main/File[/etc/redis.conf]: Scheduling refresh of Exec[systemctl restart redis]
Notice: /Stage[main]/Main/Exec[systemctl restart redis]: Triggered 'refresh' from 1 events
Notice: Finished catalog run in 0.11 seconds
[root@node12 ~]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:6379 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 *:27017 *:*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
[root@node12 ~]#
提示:可以看到redis服務(wù)已經(jīng)監(jiān)聽在6379這個(gè)端口了;說明重啟redis服務(wù)命令執(zhí)行成功���;
示例:創(chuàng)建文件���,條件是只有對(duì)應(yīng)父目錄存在,則新建文件�����;
[root@node12 ~]# cat exec3.pp
exec{"create file":
command => 'touch /tmp/jerry.sh',
path => '/bin:/sbin:/usr/bin:/usr/sbin',
onlyif => 'test -d /tmp'
}
[root@node12 ~]#
執(zhí)行清單并驗(yàn)證
[root@node12 ~]# ll /tmp/
total 8
srwx------ 1 mongod mongod 0 Dec 2 18:59 mongodb-27017.sock
lrwxrwxrwx 1 root root 11 Dec 2 13:58 passwd -> /etc/passwd
drwx------ 3 root root 17 Dec 2 18:59 systemd-private-62bd808f926f45528710005f2104130c-chronyd.service-wtp0Tm
drwxr-xr-x 2 jerry jerry 6 Dec 2 13:34 test
-r-------- 1 jerry jerry 23 Dec 2 13:27 test1
drwxr-xr-x 3 root root 93 Dec 2 13:45 test.repos.d
-rw-r--r-- 1 jerry root 17 Dec 2 13:19 test.txt
drwxr-xr-x 2 root root 6 Dec 2 19:17 tom
[root@node12 ~]# puppet apply -v --noop exec3.pp
Notice: Compiled catalog for node12.test.org in environment production in 0.02 seconds
Info: Applying configuration version '1606910431'
Notice: /Stage[main]/Main/Exec[create file]/returns: current_value notrun, should be 0 (noop)
Notice: Class[Main]: Would have triggered 'refresh' from 1 events
Notice: Stage[main]: Would have triggered 'refresh' from 1 events
Notice: Finished catalog run in 0.02 seconds
[root@node12 ~]# puppet apply -v exec3.pp
Notice: Compiled catalog for node12.test.org in environment production in 0.02 seconds
Info: Applying configuration version '1606910443'
Notice: /Stage[main]/Main/Exec[create file]/returns: executed successfully
Notice: Finished catalog run in 0.03 seconds
[root@node12 ~]# ll /tmp
total 8
-rw-r--r-- 1 root root 0 Dec 2 20:00 jerry.sh
srwx------ 1 mongod mongod 0 Dec 2 18:59 mongodb-27017.sock
lrwxrwxrwx 1 root root 11 Dec 2 13:58 passwd -> /etc/passwd
drwx------ 3 root root 17 Dec 2 18:59 systemd-private-62bd808f926f45528710005f2104130c-chronyd.service-wtp0Tm
drwxr-xr-x 2 jerry jerry 6 Dec 2 13:34 test
-r-------- 1 jerry jerry 23 Dec 2 13:27 test1
drwxr-xr-x 3 root root 93 Dec 2 13:45 test.repos.d
-rw-r--r-- 1 jerry root 17 Dec 2 13:19 test.txt
drwxr-xr-x 2 root root 6 Dec 2 19:17 tom
[root@node12 ~]#
提示:可以看到j(luò)erry.sh文件創(chuàng)建成功了���;
3�����、cron:該類型資源主要用于在被管控端管理周期計(jì)劃任務(wù)
主要屬性
command:要執(zhí)行的任務(wù)����;
ensure:描述是目標(biāo)狀態(tài)�,取值present/absent;
hour:定義小時(shí)時(shí)間;
minute:定義分鐘時(shí)間��;
monthday:定義月份的某一天時(shí)間����;
month:定義月份
weekday:定義周時(shí)間;
user:以哪個(gè)用戶的身份運(yùn)行命令�����;
target:添加為哪個(gè)用戶的任務(wù)���;
name:cron job的名稱�;
示例:創(chuàng)建時(shí)間同步周期計(jì)劃任務(wù)
[root@node12 ~]# cat cron.pp
cron{"timesync":
command => '/usr/sbin/ntpdate 192.168.0.99 &> /dev/null',
ensure => present,
minute => '*/5',
user => 'root'
}
[root@node12 ~]#
執(zhí)行清單�,看看是否生成周期計(jì)劃任務(wù)?
[root@node12 ~]# crontab -l
no crontab for root
[root@node12 ~]# puppet apply -v --noop cron.pp
Notice: Compiled catalog for node12.test.org in environment production in 0.02 seconds
Info: Applying configuration version '1606913457'
Notice: /Stage[main]/Main/Cron[timesync]/ensure: current_value absent, should be present (noop)
Notice: Class[Main]: Would have triggered 'refresh' from 1 events
Notice: Stage[main]: Would have triggered 'refresh' from 1 events
Notice: Finished catalog run in 0.02 seconds
[root@node12 ~]# puppet apply -v cron.pp
Notice: Compiled catalog for node12.test.org in environment production in 0.02 seconds
Info: Applying configuration version '1606913462'
Notice: /Stage[main]/Main/Cron[timesync]/ensure: created
Notice: Finished catalog run in 0.02 seconds
[root@node12 ~]# crontab -l
# HEADER: This file was autogenerated at 2020-12-02 20:51:02 +0800 by puppet.
# HEADER: While it can still be managed manually, it is definitely not recommended.
# HEADER: Note particularly that the comments starting with 'Puppet Name' should
# HEADER: not be deleted, as doing so could cause duplicate cron jobs.
# Puppet Name: timesync
*/5 * * * * /usr/sbin/ntpdate 192.168.0.99 &> /dev/null
[root@node12 ~]#
提示:可以看到周期計(jì)劃任務(wù)已經(jīng)創(chuàng)建����;
4����、notify:該類型資源主要用來向agent運(yùn)行日志發(fā)送消息,如果是單機(jī)模型�,則輸出到屏幕,如果是master/agent模型則記錄到日志中;
主要屬性
message:信息內(nèi)容�����;
name:信息名稱�;
示例
[root@node12 ~]# cat notify.pp
notify{"say hello ":
message => "hello everyone .."
}
[root@node12 ~]# puppet apply -v notify.pp
Notice: Compiled catalog for node12.test.org in environment production in 0.01 seconds
Info: Applying configuration version '1606914189'
Notice: hello everyone ..
Notice: /Stage[main]/Main/Notify[say hello ]/message: defined 'message' as 'hello everyone ..'
Notice: Finished catalog run in 0.03 seconds
[root@node12 ~]#
ok,以上是puppet中4中核心資源的使用和相關(guān)演示��,以及資源與資源間的通知/訂閱關(guān)系的定義��;
|
