自动化运维工具之Puppet常用资源(二)
前文我们了解了部分puppet的资源的使用,以及资源和资源的依赖关系的定义,回顾请参考https://www.cnblogs.com/qiuhom-1874/p/14071459.html;今天我们继续puppet常用资源的使用相关话题;
1、file:该资源类型主要用来管理被控端主机上的文件;该资源作用相当于ansible中的copy和file两个模块的功能;它可以实现文件的新建,删除,复制等功能;
主要属性
ensure:用于描述文件的类型和目标状态的,常用的文件类型有3中,第一种是普通文件(file),其内容由content属性生成或复制由source属性指向的文件路径来创建;第二种是目录(directory),可通过source指向的路径复制生成,recurse属性指明是否递归复制;第三种是符合链接文件(link),必须由target属性指明其链接的目标文件;取值有present/absent,file,directory,link;
path:文件路径(namevar)
source:源文件;
content:文件内容;
target:符号链接的目标文件;
owner:属主;
group:属组;
mode:权限;
ctime/mtime:时间戳;
示例:指定内容创建新文件
[root@node12 ~]# cat file.pp
file{"/tmp/test.txt":
ensure => file,
content => "this is test file",
mode => 0644,
owner => 'jerry',
group => 'root'
}
[root@node12 ~]#
提示:以上资源清单定义了在/tmp目录下新建一个test.txt的文件,其文件内容是“this is test file”,属主是jerry,属组是root,权限是0644;
检查资源清单语法
[root@node12 ~]# puppet apply -v --noop file.pp
Notice: Compiled catalog for node12.test.org in environment production in 0.05 seconds
Info: Applying configuration version '1606886216'
Notice: /Stage[main]/Main/File[/tmp/test.txt]/ensure: current_value absent, should be file (noop)
Notice: Class[Main]: Would have triggered 'refresh' from 1 events
Notice: Stage[main]: Would have triggered 'refresh' from 1 events
Notice: Finished catalog run in 0.03 seconds
[root@node12 ~]#
应用资源清单
[root@node12 ~]# ll /tmp
total 0
srwx------ 1 mongod mongod 0 Dec 2 13:04 mongodb-27017.sock
drwx------ 3 root root 17 Dec 2 13:04 systemd-private-d48e3508588440ff9b36efa29faed224-chronyd.service-V7fHnq
[root@node12 ~]# puppet apply -v file.pp
Notice: Compiled catalog for node12.test.org in environment production in 0.05 seconds
Info: Applying configuration version '1606886384'
Notice: /Stage[main]/Main/File[/tmp/test.txt]/ensure: defined content as '{md5}973131af48aa1d25bf187dacaa5ca7c0'
Notice: Finished catalog run in 0.03 seconds
[root@node12 ~]#
验证:查看/tmp/目录下是否生成了test.txt文件,内容和属主,属组和权限是否是我们指定的内容呢?
[root@node12 ~]# ll /tmp
total 4
srwx------ 1 mongod mongod 0 Dec 2 13:04 mongodb-27017.sock
drwx------ 3 root root 17 Dec 2 13:04 systemd-private-d48e3508588440ff9b36efa29faed224-chronyd.service-V7fHnq
-rw-r--r-- 1 jerry root 17 Dec 2 13:19 test.txt
[root@node12 ~]# cat /tmp/test.txt
this is test file[root@node12 ~]#
提示:可以看到在/tmp目录下生成了test.txt文件,其属主是jerry,属组是root,权限是644,内容是“this is test file”,完全是我们指定的属性;
示例:复制一个文件生成另一个文件
[root@node12 ~]# cat copyfile.pp
file{"/tmp/test1":
ensure => file,
source => '/etc/issue',
owner => 'jerry',
group => 'jerry',
mode => 400,
}
[root@node12 ~]#
验证:应用资源清单,看看对应/tmp/目录下是否会生成test1文件?文件属主属组和权限信息是否是我们指定的属性信息呢?
[root@node12 ~]# ll /tmp
total 4
srwx------ 1 mongod mongod 0 Dec 2 13:04 mongodb-27017.sock
drwx------ 3 root root 17 Dec 2 13:04 systemd-private-d48e3508588440ff9b36efa29faed224-chronyd.service-V7fHnq
-rw-r--r-- 1 jerry root 17 Dec 2 13:19 test.txt
[root@node12 ~]# puppet apply -v --noop copyfile.pp
Notice: Compiled catalog for node12.test.org in environment production in 0.06 seconds
Info: Applying configuration version '1606886863'
Notice: /Stage[main]/Main/File[/tmp/test1]/ensure: current_value absent, should be file (noop)
Notice: Class[Main]: Would have triggered 'refresh' from 1 events
Notice: Stage[main]: Would have triggered 'refresh' from 1 events
Notice: Finished catalog run in 0.04 seconds
[root@node12 ~]# puppet apply -v copyfile.pp
Notice: Compiled catalog for node12.test.org in environment production in 0.05 seconds
Info: Applying configuration version '1606886868'
Notice: /Stage[main]/Main/File[/tmp/test1]/ensure: defined content as '{md5}f078fe086dfc22f64b5dca2e1b95de2c'
Notice: Finished catalog run in 0.04 seconds
[root@node12 ~]# ll /tmp
total 8
srwx------ 1 mongod mongod 0 Dec 2 13:04 mongodb-27017.sock
drwx------ 3 root root 17 Dec 2 13:04 systemd-private-d48e3508588440ff9b36efa29faed224-chronyd.service-V7fHnq
-r-------- 1 jerry jerry 23 Dec 2 13:27 test1
-rw-r--r-- 1 jerry root 17 Dec 2 13:19 test.txt
[root@node12 ~]# cat /tmp/test1
\S
Kernel \r on an \m [root@node12 ~]#
提示:可以看到对应目录下生成了我们指定的文件,其内容是我们指定的source属性所对应的文件内容;属主/组和权限都是我们指定的属性;
示例:创建空目录
[root@node12 ~]# cat directory.pp
file{"/tmp/test":
ensure => directory,
owner => 'jerry',
group => 'jerry',
mode => 755,
}
[root@node12 ~]#
应用资源清单并验证对应目录是否创建?
[root@node12 ~]# ll /tmp/
total 8
srwx------ 1 mongod mongod 0 Dec 2 13:04 mongodb-27017.sock
drwx------ 3 root root 17 Dec 2 13:04 systemd-private-d48e3508588440ff9b36efa29faed224-chronyd.service-V7fHnq
-r-------- 1 jerry jerry 23 Dec 2 13:27 test1
-rw-r--r-- 1 jerry root 17 Dec 2 13:19 test.txt
[root@node12 ~]# puppet apply -v --noop directory.pp
Notice: Compiled catalog for node12.test.org in environment production in 0.05 seconds
Info: Applying configuration version '1606887273'
Notice: /Stage[main]/Main/File[/tmp/test]/ensure: current_value absent, should be directory (noop)
Notice: Class[Main]: Would have triggered 'refresh' from 1 events
Notice: Stage[main]: Would have triggered 'refresh' from 1 events
Notice: Finished catalog run in 0.03 seconds
[root@node12 ~]# puppet apply -v directory.pp
Notice: Compiled catalog for node12.test.org in environment production in 0.05 seconds
Info: Applying configuration version '1606887279'
Notice: /Stage[main]/Main/File[/tmp/test]/ensure: created
Notice: Finished catalog run in 0.03 seconds
[root@node12 ~]# ll /tmp
total 8
srwx------ 1 mongod mongod 0 Dec 2 13:04 mongodb-27017.sock
drwx------ 3 root root 17 Dec 2 13:04 systemd-private-d48e3508588440ff9b36efa29faed224-chronyd.service-V7fHnq
drwxr-xr-x 2 jerry jerry 6 Dec 2 13:34 test
-r-------- 1 jerry jerry 23 Dec 2 13:27 test1
-rw-r--r-- 1 jerry root 17 Dec 2 13:19 test.txt
[root@node12 ~]#
示例:复制目录
[root@node12 ~]# cat copydirectory.pp
file{"copy directory":
ensure => directory,
path => '/tmp/test.repos.d',
source => '/etc/yum.repos.d/'
}
[root@node12 ~]#
应用资源清单并且验证对应目录是否生成?
[root@node12 ~]# puppet apply -v copydirectory.pp
Notice: Compiled catalog for node12.test.org in environment production in 0.05 seconds
Info: Applying configuration version '1606887595'
Notice: /Stage[main]/Main/File[copy directory]/ensure: created
Notice: Finished catalog run in 0.04 seconds
[root@node12 ~]# ll /tmp
total 8
srwx------ 1 mongod mongod 0 Dec 2 13:04 mongodb-27017.sock
drwx------ 3 root root 17 Dec 2 13:04 systemd-private-d48e3508588440ff9b36efa29faed224-chronyd.service-V7fHnq
drwxr-xr-x 2 jerry jerry 6 Dec 2 13:34 test
-r-------- 1 jerry jerry 23 Dec 2 13:27 test1
drwxr-xr-x 2 root root 6 Dec 2 13:39 test.repos.d
-rw-r--r-- 1 jerry root 17 Dec 2 13:19 test.txt
[root@node12 ~]# ll /tmp/test.repos.d/
total 0
[root@node12 ~]#
提示:这里只是复制了一个空目录过来,对应目录下没有任何文件,如果需要递归复制,需要加上recurse属性为true;
递归复制目录
[root@node12 ~]# cat copydirectory.pp
file{"copy directory":
ensure => directory,
path => '/tmp/test.repos.d',
source => '/etc/yum.repos.d/',
recurse => true
}
[root@node12 ~]# puppet apply -v copydirectory.pp
Notice: Compiled catalog for node12.test.org in environment production in 0.05 seconds
Info: Applying configuration version '1606887954'
Notice: /Stage[main]/Main/File[/tmp/test.repos.d/centos7-aliyun-epel.repo]/ensure: defined content as '{md5}ad7e2bf9550cde4f863d5157d9dea4cb'
Notice: /Stage[main]/Main/File[/tmp/test.repos.d/bak]/ensure: created
Notice: /Stage[main]/Main/File[/tmp/test.repos.d/bak/CentOS-Base.repo]/ensure: defined content as '{md5}9098fc723b1e00c92e8515f06980d83e'
Notice: /Stage[main]/Main/File[/tmp/test.repos.d/bak/CentOS-Debuginfo.repo]/ensure: defined content as '{md5}e9e506425094f43b5c8f053090dbf4d4'
Notice: /Stage[main]/Main/File[/tmp/test.repos.d/bak/CentOS-Vault.repo]/ensure: defined content as '{md5}9fdd3d91192aa05427c3a9684eeb1345'
Notice: /Stage[main]/Main/File[/tmp/test.repos.d/bak/CentOS-CR.repo]/ensure: defined content as '{md5}445ed4f0ee3888384e854fb8527a7cde'
Notice: /Stage[main]/Main/File[/tmp/test.repos.d/bak/CentOS-Sources.repo]/ensure: defined content as '{md5}04d662bb1648477bf50e658a20c10145'
Notice: /Stage[main]/Main/File[/tmp/test.repos.d/CentOS-Base.repo]/ensure: defined content as '{md5}4861d3b742e8e8c05b67e3abf7904f17'
Notice: /Stage[main]/Main/File[/tmp/test.repos.d/mongodb.repo]/ensure: defined content as '{md5}fbe938506cda5002d9b8068e6bb4a355'
Notice: /Stage[main]/Main/File[/tmp/test.repos.d/bak/CentOS-Media.repo]/ensure: defined content as '{md5}1d7797c5082bd565facd68c5aa9352bf'
Notice: /Stage[main]/Main/File[/tmp/test.repos.d/bak/CentOS-fasttrack.repo]/ensure: defined content as '{md5}52d296f7a45f56c85d18473eca5bab16'
Notice: Finished catalog run in 0.12 seconds
[root@node12 ~]# ll /tmp/test.repos.d/
total 12
drwxr-xr-x 2 root root 187 Dec 2 13:45 bak
-rw-r--r-- 1 root root 665 Dec 2 13:45 centos7-aliyun-epel.repo
-rw-r--r-- 1 root root 2524 Dec 2 13:45 CentOS-Base.repo
-rw-r--r-- 1 root root 206 Dec 2 13:45 mongodb.repo
[root@node12 ~]# ll /tmp/test.repos.d/bak/
total 28
-rw-r--r-- 1 root root 1664 Dec 2 13:45 CentOS-Base.repo
-rw-r--r-- 1 root root 1309 Dec 2 13:45 CentOS-CR.repo
-rw-r--r-- 1 root root 649 Dec 2 13:45 CentOS-Debuginfo.repo
-rw-r--r-- 1 root root 314 Dec 2 13:45 CentOS-fasttrack.repo
-rw-r--r-- 1 root root 630 Dec 2 13:45 CentOS-Media.repo
-rw-r--r-- 1 root root 1331 Dec 2 13:45 CentOS-Sources.repo
-rw-r--r-- 1 root root 3830 Dec 2 13:45 CentOS-Vault.repo
[root@node12 ~]#
提示:可以看到在资源清单中加上recurse属性为true后,再次执行资源清单,对应源目录下的所有文件,子目录及文件都递归的复制到path所指定的目录下了;这里需要注意一点,如果源是文件,目标是目录,则复制过去的是一个文件并非是把文件复制到目录下;所以puppet中的文件复制是同类型文件间的复制;
创建符号链接文件
[root@node12 ~]# cat createlink.pp
file{"create link file":
ensure => link,
path => '/tmp/passwd',
target => '/etc/passwd',
}
[root@node12 ~]#
提示:以上资源清单定义了把/tmp/passwd文件连接至/etc/passwd,即在创建/tmp/passwd符号连接文件,并将其目标链接文件指向/etc/passwd文件;
应用清单文件,看看对应符号链接文件是否生成?
[root@node12 ~]# ll /tmp
total 8
srwx------ 1 mongod mongod 0 Dec 2 13:04 mongodb-27017.sock
drwx------ 3 root root 17 Dec 2 13:04 systemd-private-d48e3508588440ff9b36efa29faed224-chronyd.service-V7fHnq
drwxr-xr-x 2 jerry jerry 6 Dec 2 13:34 test
-r-------- 1 jerry jerry 23 Dec 2 13:27 test1
drwxr-xr-x 3 root root 93 Dec 2 13:45 test.repos.d
-rw-r--r-- 1 jerry root 17 Dec 2 13:19 test.txt
[root@node12 ~]# puppet apply -v --noop createlink.pp
Notice: Compiled catalog for node12.test.org in environment production in 0.05 seconds
Info: Applying configuration version '1606888721'
Notice: /Stage[main]/Main/File[create link file]/ensure: current_value absent, should be link (noop)
Notice: Class[Main]: Would have triggered 'refresh' from 1 events
Notice: Stage[main]: Would have triggered 'refresh' from 1 events
Notice: Finished catalog run in 0.03 seconds
[root@node12 ~]# puppet apply -v createlink.pp
Notice: Compiled catalog for node12.test.org in environment production in 0.06 seconds
Info: Applying configuration version '1606888731'
Notice: /Stage[main]/Main/File[create link file]/ensure: created
Notice: Finished catalog run in 0.04 seconds
[root@node12 ~]# ll /tmp
total 8
srwx------ 1 mongod mongod 0 Dec 2 13:04 mongodb-27017.sock
lrwxrwxrwx 1 root root 11 Dec 2 13:58 passwd -> /etc/passwd
drwx------ 3 root root 17 Dec 2 13:04 systemd-private-d48e3508588440ff9b36efa29faed224-chronyd.service-V7fHnq
drwxr-xr-x 2 jerry jerry 6 Dec 2 13:34 test
-r-------- 1 jerry jerry 23 Dec 2 13:27 test1
drwxr-xr-x 3 root root 93 Dec 2 13:45 test.repos.d
-rw-r--r-- 1 jerry root 17 Dec 2 13:19 test.txt
[root@node12 ~]#
提示:可以看到/tmp目录下生成了一个passwd的符号链接文件,并目标链接文件指向的是/etc/passwd文件;
定义资源与资源间的通知或订阅关系
我们知道一个服务的配置文件发生了变化,如果要让其配置生效,通常会重新启动服务或重新载入配置文件内容;在ansible中当一个服务的配置文件发生变化,是通过定义handler和notify来触发对应的服务执行重启或重载配置操作;在puppet中当一个服务的配置文件发生变化触发对应服务重启或重新载入配置,需要定义资源与资源间的通知或订阅关系;其语法如下
notify:前资源通知后资源
{
...
notify => Type['B'],
...
}
subscribe:后资源订阅前资源
{
...
subscribe => Type['B'],
...
}
提示:以上两种方式选择其中一种即可;这里需要注意的是引用资源其类型首字母必须大写;同时定义资源与资源通知或订阅关系,其隐含了资源执行的先后顺序(依赖关系);
示例:定义安装redis,提供配置文件,和启动服务,并且当配置文件发生变化通知redis服务重启;
[root@node12 ~]# cat redis.pp
package{"redis":
ensure => installed,
} file{"/etc/redis.conf":
ensure => file,
source => '/root/redis.conf',
notify => Service["redis"],
} service{"redis":
ensure => running,
enable => true,
hasrestart => true,
restart => 'systemctl restart redis',
}
[root@node12 ~]#
提示:以上资源清单中定义了3个资源,并且指定了当配置文件发生变化就通知redis服务重启;
上述清单在file资源中通知service资源,我们也可以在service中订阅file资源;如下
[root@node12 ~]# cat redis.pp
package{"redis":
ensure => installed,
} file{"/etc/redis.conf":
ensure => file,
source => '/root/redis.conf',
# notify => Service["redis"],
} service{"redis":
ensure => running,
enable => true,
hasrestart => true,
restart => 'systemctl restart redis',
subscribe => File["/etc/redis.conf"],
}
[root@node12 ~]#
除了上述方式,我们也可以定义通知/订阅资源链
[root@node12 ~]# cat redis.pp
package{"redis":
ensure => installed,
} file{"/etc/redis.conf":
ensure => file,
source => '/root/redis.conf',
# notify => Service["redis"],
} service{"redis":
ensure => running,
enable => true,
hasrestart => true,
restart => 'systemctl restart redis',
# subscribe => File["/etc/redis.conf"],
} Package["redis"] -> File["/etc/redis.conf"] ~> Service["redis"] [root@node12 ~]#
提示:定义通知/订阅资源链,需要用到~>来表示前资源发生变化通知后资源;
本地redis.conf内容
[root@node12 ~]# cat redis.conf
bind 0.0.0.0
protected-mode yes
port 6379
tcp-backlog 511
timeout 0
tcp-keepalive 300
daemonize no
supervised no
pidfile /var/run/redis_6379.pid
loglevel notice
logfile /var/log/redis/redis.log
databases 16
save 900 1
save 300 10
save 60 10000
stop-writes-on-bgsave-error yes
rdbcompression yes
rdbchecksum yes
dbfilename dump.rdb
dir /var/lib/redis
slave-serve-stale-data yes
slave-read-only yes
repl-diskless-sync no
repl-diskless-sync-delay 5
repl-disable-tcp-nodelay no
slave-priority 100
appendonly no
appendfilename "appendonly.aof"
appendfsync everysec
no-appendfsync-on-rewrite no
auto-aof-rewrite-percentage 100
auto-aof-rewrite-min-size 64mb
aof-load-truncated yes
lua-time-limit 5000
slowlog-log-slower-than 10000
slowlog-max-len 128
latency-monitor-threshold 0
notify-keyspace-events ""
hash-max-ziplist-entries 512
hash-max-ziplist-value 64
list-max-ziplist-size -2
list-compress-depth 0
set-max-intset-entries 512
zset-max-ziplist-entries 128
zset-max-ziplist-value 64
hll-sparse-max-bytes 3000
activerehashing yes
client-output-buffer-limit normal 0 0 0
client-output-buffer-limit slave 256mb 64mb 60
client-output-buffer-limit pubsub 32mb 8mb 60
hz 10
aof-rewrite-incremental-fsync yes
[root@node12 ~]#
提示:以上内容是默认redis配置,我们只修改了其监听地址为0.0.0.0;
应用资源清单
[root@node12 ~]# rpm -q redis
package redis is not installed
[root@node12 ~]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 *:27017 *:*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
[root@node12 ~]# puppet apply -v --noop redis.pp
Notice: Compiled catalog for node12.test.org in environment production in 0.29 seconds
Warning: The package type's allow_virtual parameter will be changing its default value from false to true in a future release. If you do not want to allow virtual packages, please explicitly set allow_virtual to false.
(at /usr/share/ruby/vendor_ruby/puppet/type.rb:816:in `set_default')
Info: Applying configuration version '1606891263'
Notice: /Stage[main]/Main/Package[redis]/ensure: current_value absent, should be present (noop)
Notice: /Stage[main]/Main/File[/etc/redis.conf]/ensure: current_value absent, should be file (noop)
Info: /Stage[main]/Main/File[/etc/redis.conf]: Scheduling refresh of Service[redis]
Notice: /Stage[main]/Main/Service[redis]/ensure: current_value stopped, should be running (noop)
Info: /Stage[main]/Main/Service[redis]: Unscheduling refresh on Service[redis]
Notice: Class[Main]: Would have triggered 'refresh' from 3 events
Notice: Stage[main]: Would have triggered 'refresh' from 1 events
Notice: Finished catalog run in 0.12 seconds
[root@node12 ~]# puppet apply -v redis.pp
Notice: Compiled catalog for node12.test.org in environment production in 0.30 seconds
Warning: The package type's allow_virtual parameter will be changing its default value from false to true in a future release. If you do not want to allow virtual packages, please explicitly set allow_virtual to false.
(at /usr/share/ruby/vendor_ruby/puppet/type.rb:816:in `set_default')
Info: Applying configuration version '1606891271'
Notice: /Stage[main]/Main/Package[redis]/ensure: created
Info: /Stage[main]/Main/File[/etc/redis.conf]: Filebucketed /etc/redis.conf to puppet with sum d98629fded012cd2a25b9db0599a9251
Notice: /Stage[main]/Main/File[/etc/redis.conf]/content: content changed '{md5}d98629fded012cd2a25b9db0599a9251' to '{md5}12e59b058c0ef61ad52bcfa2d4de58ff'
Notice: /Stage[main]/Main/File[/etc/redis.conf]/owner: owner changed 'redis' to 'root'
Notice: /Stage[main]/Main/File[/etc/redis.conf]/mode: mode changed '0640' to '0644'
Info: /Stage[main]/Main/File[/etc/redis.conf]: Scheduling refresh of Service[redis]
Info: /Stage[main]/Main/File[/etc/redis.conf]: Scheduling refresh of Service[redis]
Info: /Stage[main]/Main/File[/etc/redis.conf]: Scheduling refresh of Service[redis]
Notice: /Stage[main]/Main/Service[redis]/ensure: ensure changed 'stopped' to 'running'
Info: /Stage[main]/Main/Service[redis]: Unscheduling refresh on Service[redis]
Notice: Finished catalog run in 4.81 seconds
[root@node12 ~]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:6379 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 *:27017 *:*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
[root@node12 ~]# grep -Ei "^bind|port" /etc/redis.conf
bind 0.0.0.0
port 6379
[root@node12 ~]#
提示:可以看到应用资源清单后,安装redis包,提供配置,启动服务就一并完成了;
修改配置文件再次执行资源清单,看看对应服务是否会发生重启,应用新配置呢?
[root@node12 ~]# grep -Ei "^bind|port" /root/redis.conf
bind 0.0.0.0
port 16379
[root@node12 ~]#
提示:以上把/root/目录下的redis.conf文件中的prot修改成16379;
执行资源清单
[root@node12 ~]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:6379 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 *:27017 *:*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
[root@node12 ~]# puppet apply -v redis.pp
Notice: Compiled catalog for node12.test.org in environment production in 0.30 seconds
Warning: The package type's allow_virtual parameter will be changing its default value from false to true in a future release. If you do not want to allow virtual packages, please explicitly set allow_virtual to false.
(at /usr/share/ruby/vendor_ruby/puppet/type.rb:816:in `set_default')
Info: Applying configuration version '1606891609'
Info: /Stage[main]/Main/File[/etc/redis.conf]: Filebucketed /etc/redis.conf to puppet with sum 12e59b058c0ef61ad52bcfa2d4de58ff
Notice: /Stage[main]/Main/File[/etc/redis.conf]/content: content changed '{md5}12e59b058c0ef61ad52bcfa2d4de58ff' to '{md5}13a04cb20de2d787e0e18c1c13560cab'
Info: /Stage[main]/Main/File[/etc/redis.conf]: Scheduling refresh of Service[redis]
Notice: /Stage[main]/Main/Service[redis]: Triggered 'refresh' from 1 events
Notice: Finished catalog run in 0.26 seconds
[root@node12 ~]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 *:16379 *:*
LISTEN 0 128 *:27017 *:*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
[root@node12 ~]#
提示:可以看到再次执行资源清单,对应服务也应用了新的配置,说明redis服务发生了重启;我们定义的资源间通知或订阅关系生效了;
2、exec:该资源类型主要用于描述在被控端执行命令;
主要属性
command:要执行的命令(namevar);
creates:文件路径,仅此路径表示的文件不存在时,command方才执行;
user/group:运行命令的用户身份;
cwd:切换工作目录;
path:命令搜索路径,即在那些路径下可以搜索到对应命令,类似PATH环境变量;
onlyif:此属性指定一个命令,此命令正常(退出码为0)运行时,当前command才会运行;
unless:此属性指定一个命令,此命令非正常(退出码为非0)运行时,当前command才会运行;
refresh:重新执行当前command的替代命令;
refreshonly:仅接收到订阅的资源的通知时方才运行;
示例:使用mkdir命令在被控端主机上创建目录,条件是当指定的目录不存在时才创建;
[root@node12 ~]# cat exec.pp
exec{"create directory":
command => 'mkdir /tmp/tom',
path => '/bin:/sbin:/usr/bin:/usr/sbin',
unless => 'test -d /tmp/tom',
}
[root@node12 ~]#
提示:以上清单表示如果被控端的/tmp/tom不存在时,则在被控端执行mkdir /tmp/tom,执行mkdir这个命令的搜索路径为/bin:/sbin:/usr/bin:/usr/sbin;
应用清单,看看对应目录是否会被创建?
[root@node12 ~]# ll /tmp/
total 8
srwx------ 1 mongod mongod 0 Dec 2 18:59 mongodb-27017.sock
lrwxrwxrwx 1 root root 11 Dec 2 13:58 passwd -> /etc/passwd
drwx------ 3 root root 17 Dec 2 18:59 systemd-private-62bd808f926f45528710005f2104130c-chronyd.service-wtp0Tm
drwxr-xr-x 2 jerry jerry 6 Dec 2 13:34 test
-r-------- 1 jerry jerry 23 Dec 2 13:27 test1
drwxr-xr-x 3 root root 93 Dec 2 13:45 test.repos.d
-rw-r--r-- 1 jerry root 17 Dec 2 13:19 test.txt
[root@node12 ~]# puppet apply -v --noop exec.pp
Notice: Compiled catalog for node12.test.org in environment production in 0.07 seconds
Info: Applying configuration version '1606907819'
Notice: /Stage[main]/Main/Exec[create directory]/returns: current_value notrun, should be 0 (noop)
Notice: Class[Main]: Would have triggered 'refresh' from 1 events
Notice: Stage[main]: Would have triggered 'refresh' from 1 events
Notice: Finished catalog run in 0.04 seconds
[root@node12 ~]# puppet apply -v exec.pp
Notice: Compiled catalog for node12.test.org in environment production in 0.02 seconds
Info: Applying configuration version '1606907836'
Notice: /Stage[main]/Main/Exec[create directory]/returns: executed successfully
Notice: Finished catalog run in 0.03 seconds
[root@node12 ~]# ll /tmp/
total 8
srwx------ 1 mongod mongod 0 Dec 2 18:59 mongodb-27017.sock
lrwxrwxrwx 1 root root 11 Dec 2 13:58 passwd -> /etc/passwd
drwx------ 3 root root 17 Dec 2 18:59 systemd-private-62bd808f926f45528710005f2104130c-chronyd.service-wtp0Tm
drwxr-xr-x 2 jerry jerry 6 Dec 2 13:34 test
-r-------- 1 jerry jerry 23 Dec 2 13:27 test1
drwxr-xr-x 3 root root 93 Dec 2 13:45 test.repos.d
-rw-r--r-- 1 jerry root 17 Dec 2 13:19 test.txt
drwxr-xr-x 2 root root 6 Dec 2 19:17 tom
[root@node12 ~]#
提示:以上是/tmp/tom目录不存在就创建,现在已经创建好了,再次执行命令按道理是要报错说目录已存在;
验证:再次执行清单,看看是否会报错?
[root@node12 ~]# ll /tmp/
total 8
srwx------ 1 mongod mongod 0 Dec 2 18:59 mongodb-27017.sock
lrwxrwxrwx 1 root root 11 Dec 2 13:58 passwd -> /etc/passwd
drwx------ 3 root root 17 Dec 2 18:59 systemd-private-62bd808f926f45528710005f2104130c-chronyd.service-wtp0Tm
drwxr-xr-x 2 jerry jerry 6 Dec 2 13:34 test
-r-------- 1 jerry jerry 23 Dec 2 13:27 test1
drwxr-xr-x 3 root root 93 Dec 2 13:45 test.repos.d
-rw-r--r-- 1 jerry root 17 Dec 2 13:19 test.txt
drwxr-xr-x 2 root root 6 Dec 2 19:17 tom
[root@node12 ~]# puppet apply -v exec.pp
Notice: Compiled catalog for node12.test.org in environment production in 0.02 seconds
Info: Applying configuration version '1606907999'
Notice: Finished catalog run in 0.02 seconds
[root@node12 ~]#
提示:可以看到再次执行并没有报错,这是因为我们加了unless这个属性去判断是否满足执行命令的条件;只有满足执行命令的条件后,对应命令才可被执行;为了保证多次执行资源清单的幂等性,在执行某些不幂等的命令一定要加上条件;
示例:当redis配置文件发生改变以后,就重启redis
[root@node12 ~]# cat exec2.pp
exec{"systemctl restart redis":
path => '/bin:/sbin:/usr/bin:/usr/sbin',
refreshonly => true,
} file{"/etc/redis.conf":
ensure => file,
source => '/root/redis.conf',
} File["/etc/redis.conf"] ~> Exec["systemctl restart redis"] [root@node12 ~]#
提示:以上清单内容表示当/etc/redis.conf文件内容发生变化,就通知执行重启redis服务命令;
当前redis配置文件监听端口
[root@node12 ~]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 *:16379 *:*
LISTEN 0 128 *:27017 *:*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
[root@node12 ~]# grep -Ei "^bind|port" /etc/redis.conf
bind 0.0.0.0
port 16379
[root@node12 ~]#
修改/root/redis.conf文件中的端口信息为6379
[root@node12 ~]# grep -Ei "^bind|port" /root/redis.conf
bind 0.0.0.0
port 6379
[root@node12 ~]#
执行清单,看看对应redis是否会监听在6379这个端口上?
[root@node12 ~]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 *:16379 *:*
LISTEN 0 128 *:27017 *:*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
[root@node12 ~]# puppet apply -v --noop exec2.pp
Notice: Compiled catalog for node12.test.org in environment production in 0.07 seconds
Info: Applying configuration version '1606909853'
Notice: /Stage[main]/Main/File[/etc/redis.conf]/content: current_value {md5}13a04cb20de2d787e0e18c1c13560cab, should be {md5}12e59b058c0ef61ad52bcfa2d4de58ff (noop)
Info: /Stage[main]/Main/File[/etc/redis.conf]: Scheduling refresh of Exec[systemctl restart redis]
Notice: /Stage[main]/Main/Exec[systemctl restart redis]: Would have triggered 'refresh' from 1 events
Notice: Class[Main]: Would have triggered 'refresh' from 2 events
Notice: Stage[main]: Would have triggered 'refresh' from 1 events
Notice: Finished catalog run in 0.02 seconds
[root@node12 ~]# puppet apply -v exec2.pp
Notice: Compiled catalog for node12.test.org in environment production in 0.07 seconds
Info: Applying configuration version '1606909859'
Info: FileBucket got a duplicate file {md5}13a04cb20de2d787e0e18c1c13560cab
Info: /Stage[main]/Main/File[/etc/redis.conf]: Filebucketed /etc/redis.conf to puppet with sum 13a04cb20de2d787e0e18c1c13560cab
Notice: /Stage[main]/Main/File[/etc/redis.conf]/content: content changed '{md5}13a04cb20de2d787e0e18c1c13560cab' to '{md5}12e59b058c0ef61ad52bcfa2d4de58ff'
Info: /Stage[main]/Main/File[/etc/redis.conf]: Scheduling refresh of Exec[systemctl restart redis]
Notice: /Stage[main]/Main/Exec[systemctl restart redis]: Triggered 'refresh' from 1 events
Notice: Finished catalog run in 0.11 seconds
[root@node12 ~]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:6379 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 *:27017 *:*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
[root@node12 ~]#
提示:可以看到redis服务已经监听在6379这个端口了;说明重启redis服务命令执行成功;
示例:创建文件,条件是只有对应父目录存在,则新建文件;
[root@node12 ~]# cat exec3.pp
exec{"create file":
command => 'touch /tmp/jerry.sh',
path => '/bin:/sbin:/usr/bin:/usr/sbin',
onlyif => 'test -d /tmp'
}
[root@node12 ~]#
执行清单并验证
[root@node12 ~]# ll /tmp/
total 8
srwx------ 1 mongod mongod 0 Dec 2 18:59 mongodb-27017.sock
lrwxrwxrwx 1 root root 11 Dec 2 13:58 passwd -> /etc/passwd
drwx------ 3 root root 17 Dec 2 18:59 systemd-private-62bd808f926f45528710005f2104130c-chronyd.service-wtp0Tm
drwxr-xr-x 2 jerry jerry 6 Dec 2 13:34 test
-r-------- 1 jerry jerry 23 Dec 2 13:27 test1
drwxr-xr-x 3 root root 93 Dec 2 13:45 test.repos.d
-rw-r--r-- 1 jerry root 17 Dec 2 13:19 test.txt
drwxr-xr-x 2 root root 6 Dec 2 19:17 tom
[root@node12 ~]# puppet apply -v --noop exec3.pp
Notice: Compiled catalog for node12.test.org in environment production in 0.02 seconds
Info: Applying configuration version '1606910431'
Notice: /Stage[main]/Main/Exec[create file]/returns: current_value notrun, should be 0 (noop)
Notice: Class[Main]: Would have triggered 'refresh' from 1 events
Notice: Stage[main]: Would have triggered 'refresh' from 1 events
Notice: Finished catalog run in 0.02 seconds
[root@node12 ~]# puppet apply -v exec3.pp
Notice: Compiled catalog for node12.test.org in environment production in 0.02 seconds
Info: Applying configuration version '1606910443'
Notice: /Stage[main]/Main/Exec[create file]/returns: executed successfully
Notice: Finished catalog run in 0.03 seconds
[root@node12 ~]# ll /tmp
total 8
-rw-r--r-- 1 root root 0 Dec 2 20:00 jerry.sh
srwx------ 1 mongod mongod 0 Dec 2 18:59 mongodb-27017.sock
lrwxrwxrwx 1 root root 11 Dec 2 13:58 passwd -> /etc/passwd
drwx------ 3 root root 17 Dec 2 18:59 systemd-private-62bd808f926f45528710005f2104130c-chronyd.service-wtp0Tm
drwxr-xr-x 2 jerry jerry 6 Dec 2 13:34 test
-r-------- 1 jerry jerry 23 Dec 2 13:27 test1
drwxr-xr-x 3 root root 93 Dec 2 13:45 test.repos.d
-rw-r--r-- 1 jerry root 17 Dec 2 13:19 test.txt
drwxr-xr-x 2 root root 6 Dec 2 19:17 tom
[root@node12 ~]#
提示:可以看到jerry.sh文件创建成功了;
3、cron:该类型资源主要用于在被管控端管理周期计划任务
主要属性
command:要执行的任务;
ensure:描述是目标状态,取值present/absent;
hour:定义小时时间;
minute:定义分钟时间;
monthday:定义月份的某一天时间;
month:定义月份
weekday:定义周时间;
user:以哪个用户的身份运行命令;
target:添加为哪个用户的任务;
name:cron job的名称;
示例:创建时间同步周期计划任务
[root@node12 ~]# cat cron.pp
cron{"timesync":
command => '/usr/sbin/ntpdate 192.168.0.99 &> /dev/null',
ensure => present,
minute => '*/5',
user => 'root'
}
[root@node12 ~]#
执行清单,看看是否生成周期计划任务?
[root@node12 ~]# crontab -l
no crontab for root
[root@node12 ~]# puppet apply -v --noop cron.pp
Notice: Compiled catalog for node12.test.org in environment production in 0.02 seconds
Info: Applying configuration version '1606913457'
Notice: /Stage[main]/Main/Cron[timesync]/ensure: current_value absent, should be present (noop)
Notice: Class[Main]: Would have triggered 'refresh' from 1 events
Notice: Stage[main]: Would have triggered 'refresh' from 1 events
Notice: Finished catalog run in 0.02 seconds
[root@node12 ~]# puppet apply -v cron.pp
Notice: Compiled catalog for node12.test.org in environment production in 0.02 seconds
Info: Applying configuration version '1606913462'
Notice: /Stage[main]/Main/Cron[timesync]/ensure: created
Notice: Finished catalog run in 0.02 seconds
[root@node12 ~]# crontab -l
# HEADER: This file was autogenerated at 2020-12-02 20:51:02 +0800 by puppet.
# HEADER: While it can still be managed manually, it is definitely not recommended.
# HEADER: Note particularly that the comments starting with 'Puppet Name' should
# HEADER: not be deleted, as doing so could cause duplicate cron jobs.
# Puppet Name: timesync
*/5 * * * * /usr/sbin/ntpdate 192.168.0.99 &> /dev/null
[root@node12 ~]#
提示:可以看到周期计划任务已经创建;
4、notify:该类型资源主要用来向agent运行日志发送消息,如果是单机模型,则输出到屏幕,如果是master/agent模型则记录到日志中;
主要属性
message:信息内容;
name:信息名称;
示例
[root@node12 ~]# cat notify.pp
notify{"say hello ":
message => "hello everyone .."
}
[root@node12 ~]# puppet apply -v notify.pp
Notice: Compiled catalog for node12.test.org in environment production in 0.01 seconds
Info: Applying configuration version '1606914189'
Notice: hello everyone ..
Notice: /Stage[main]/Main/Notify[say hello ]/message: defined 'message' as 'hello everyone ..'
Notice: Finished catalog run in 0.03 seconds
[root@node12 ~]#
ok,以上是puppet中4中核心资源的使用和相关演示,以及资源与资源间的通知/订阅关系的定义;
自动化运维工具之Puppet常用资源(二)的更多相关文章
- 自动化运维工具之Puppet常用资源(一)
前文我们聊到了puppet的架构,单机模型和master/agent模型的工作流程以及puppet的基础使用,回顾请参考https://www.cnblogs.com/qiuhom-1874/p/14 ...
- 自动化运维工具之Puppet基础入门
一.简介 puppet是什么?它能做什么? puppet是一个IT基础设施自动化运维工具,它能够帮助系统管理员管理基础设施的整个生命周期:比如,安装服务,提供配置文件,启动服务等等一系列操作:基于pu ...
- 自动化运维工具之Puppet变量、正则表达式、流程控制、类和模板
前文我们了解了puppet的file.exec.cron.notify这四种核心资源类型的使用以及资源见定义通知/订阅关系,回顾请参考https://www.cnblogs.com/qiuhom-18 ...
- 自动化运维工具之Puppet模块
前文我们了解来puppet的变量.流程控制.正则表达式.类和模板的相关话题,回顾请参考https://www.cnblogs.com/qiuhom-1874/p/14079208.html:今天我们来 ...
- 自动化运维工具之Puppet master/agent模型、站点清单和puppet多环境设定
前文我们了解了puppe中模块的使用,回顾请参考https://www.cnblogs.com/qiuhom-1874/p/14086315.html:今天我来了解下puppet的master/age ...
- 自动化运维工具ansible中常用模块总结
1.yum模块: name:要操作的软件包名字,可以是一个url或者本地rpm包路径,如name=nginx update_cache:更新软件包缓存,如update_cache=yes则更新软件包缓 ...
- 自动化运维工具——ansible详解(二)
Ansible playbook 简介 playbook 是 ansible 用于配置,部署,和管理被控节点的剧本. 通过 playbook 的详细描述,执行其中的一系列 tasks ,可以让远端主机 ...
- 自动化运维工具——ansible命令使用(二)
一.Ansible系列命令使用 ansible命令执行过程 1 . 加载自己的配置文件 默认/etc/ansible/ansible.cfg 2 . 加载自己对应的模块文件,如command 3 . ...
- Ansible自动化运维工具及其常用模块
Ansible自动化运维工具及其常用模块 目录 Ansible自动化运维工具及其常用模块 一.Ansible简介 1. Ansible概述 2. Ansible作用 3. Ansible的工作模块 4 ...
随机推荐
- [LuoguP3808] 【模板】AC自动机(简单版)数组版
待填坑 Code #include<iostream> #include<cstdio> #include<queue> #include<cstring&g ...
- 转载:解密Redis持久化
本文内容来源于Redis作者博文,Redis作者说,他看到的所有针对Redis的讨论中,对Redis持久化的误解是最大的,于是他写了一篇长文来对Redis的持久化进行了系统性的论述.文章非常长,也很值 ...
- 一个名为不安全的类Unsafe
最近为了更加深入了解NIO的实现原理,学习NIO的源码时,遇到了一个问题.即在WindowsSelectorImpl中的 pollWrapper属性,当我点进去查看它的PollArrayWrapper ...
- php 使用 phpword 操作 word 读取 word
思路 1. 加载word文件.2. 循环判断加载出来的数据.( 数据下面有很多个节点 )( 节点是按照数据的类型分类的 例如 无样式的文本是RunText,换行是TextBreak,表格是table. ...
- php ci下添加一个创建常用的模块和控制器方法
我这么写是非常不好的 ,这些都可以写在lirbraries里面 (ci就是这么干的) 我这里是自己用 大概一个模型 没那么多讲究 现在core/CodeIgniter.php 文件 if($modle ...
- Dem地形数据转换为cass支持的dat格式教程
一.获取dem数据各类精度的dem高程数据下载这里不赘述,可以查阅这篇文章:高程数据下载 这里我们以12.5m精度的dem为例进行转换: 二.将dem数据转换为文本我们这里先将地形数据加载入globa ...
- Java 实现输入公历日期输出农历日期、生肖、天干地支、节日、节气等信息
最近的工作中客户要求前台页面展示日历,日历内容包括:农历年月日日.公历年月日.生肖.天干地支.农历节日.公历节日.24节气等信息,之前在网上查找资料关于Java实现方面的文章不少,但是大多数针对节气. ...
- 内网渗透 day7-linux信息收集
linux信息搜集 目录 1. linux信息搜集 2. nmap漏洞复现 3. msf linux模块反弹shell 1. linux信息搜集 id 查看当前用户的权限和所在的管理组 python ...
- Linux杂谈: 实现一种简单实用的线程池(C语言)
基本功能 1. 实现一个线程的队列,队列中的线程启动后不再释放: 2. 没有任务执行时,线程处于pending状态,等待唤醒,不占cpu: 3. 当有任务需要执行时,从线程队列中取出一个线程执行任务: ...
- 主动关闭 time wait结构体
/* * This is a TIME_WAIT sock. It works around the memory consumption * problems of sockets in such ...