自动化运维工具之Puppet常用资源(二)
前文我们了解了部分puppet的资源的使用,以及资源和资源的依赖关系的定义,回顾请参考https://www.cnblogs.com/qiuhom-1874/p/14071459.html;今天我们继续puppet常用资源的使用相关话题;
1、file:该资源类型主要用来管理被控端主机上的文件;该资源作用相当于ansible中的copy和file两个模块的功能;它可以实现文件的新建,删除,复制等功能;
主要属性
ensure:用于描述文件的类型和目标状态的,常用的文件类型有3中,第一种是普通文件(file),其内容由content属性生成或复制由source属性指向的文件路径来创建;第二种是目录(directory),可通过source指向的路径复制生成,recurse属性指明是否递归复制;第三种是符合链接文件(link),必须由target属性指明其链接的目标文件;取值有present/absent,file,directory,link;
path:文件路径(namevar)
source:源文件;
content:文件内容;
target:符号链接的目标文件;
owner:属主;
group:属组;
mode:权限;
ctime/mtime:时间戳;
示例:指定内容创建新文件
- [root@node12 ~]# cat file.pp
- file{"/tmp/test.txt":
- ensure => file,
- content => "this is test file",
- mode => 0644,
- owner => 'jerry',
- group => 'root'
- }
- [root@node12 ~]#
提示:以上资源清单定义了在/tmp目录下新建一个test.txt的文件,其文件内容是“this is test file”,属主是jerry,属组是root,权限是0644;
检查资源清单语法
- [root@node12 ~]# puppet apply -v --noop file.pp
- Notice: Compiled catalog for node12.test.org in environment production in 0.05 seconds
- Info: Applying configuration version '1606886216'
- Notice: /Stage[main]/Main/File[/tmp/test.txt]/ensure: current_value absent, should be file (noop)
- Notice: Class[Main]: Would have triggered 'refresh' from 1 events
- Notice: Stage[main]: Would have triggered 'refresh' from 1 events
- Notice: Finished catalog run in 0.03 seconds
- [root@node12 ~]#
应用资源清单
- [root@node12 ~]# ll /tmp
- total 0
- srwx------ 1 mongod mongod 0 Dec 2 13:04 mongodb-27017.sock
- drwx------ 3 root root 17 Dec 2 13:04 systemd-private-d48e3508588440ff9b36efa29faed224-chronyd.service-V7fHnq
- [root@node12 ~]# puppet apply -v file.pp
- Notice: Compiled catalog for node12.test.org in environment production in 0.05 seconds
- Info: Applying configuration version '1606886384'
- Notice: /Stage[main]/Main/File[/tmp/test.txt]/ensure: defined content as '{md5}973131af48aa1d25bf187dacaa5ca7c0'
- Notice: Finished catalog run in 0.03 seconds
- [root@node12 ~]#
验证:查看/tmp/目录下是否生成了test.txt文件,内容和属主,属组和权限是否是我们指定的内容呢?
- [root@node12 ~]# ll /tmp
- total 4
- srwx------ 1 mongod mongod 0 Dec 2 13:04 mongodb-27017.sock
- drwx------ 3 root root 17 Dec 2 13:04 systemd-private-d48e3508588440ff9b36efa29faed224-chronyd.service-V7fHnq
- -rw-r--r-- 1 jerry root 17 Dec 2 13:19 test.txt
- [root@node12 ~]# cat /tmp/test.txt
- this is test file[root@node12 ~]#
提示:可以看到在/tmp目录下生成了test.txt文件,其属主是jerry,属组是root,权限是644,内容是“this is test file”,完全是我们指定的属性;
示例:复制一个文件生成另一个文件
- [root@node12 ~]# cat copyfile.pp
- file{"/tmp/test1":
- ensure => file,
- source => '/etc/issue',
- owner => 'jerry',
- group => 'jerry',
- mode => 400,
- }
- [root@node12 ~]#
验证:应用资源清单,看看对应/tmp/目录下是否会生成test1文件?文件属主属组和权限信息是否是我们指定的属性信息呢?
- [root@node12 ~]# ll /tmp
- total 4
- srwx------ 1 mongod mongod 0 Dec 2 13:04 mongodb-27017.sock
- drwx------ 3 root root 17 Dec 2 13:04 systemd-private-d48e3508588440ff9b36efa29faed224-chronyd.service-V7fHnq
- -rw-r--r-- 1 jerry root 17 Dec 2 13:19 test.txt
- [root@node12 ~]# puppet apply -v --noop copyfile.pp
- Notice: Compiled catalog for node12.test.org in environment production in 0.06 seconds
- Info: Applying configuration version '1606886863'
- Notice: /Stage[main]/Main/File[/tmp/test1]/ensure: current_value absent, should be file (noop)
- Notice: Class[Main]: Would have triggered 'refresh' from 1 events
- Notice: Stage[main]: Would have triggered 'refresh' from 1 events
- Notice: Finished catalog run in 0.04 seconds
- [root@node12 ~]# puppet apply -v copyfile.pp
- Notice: Compiled catalog for node12.test.org in environment production in 0.05 seconds
- Info: Applying configuration version '1606886868'
- Notice: /Stage[main]/Main/File[/tmp/test1]/ensure: defined content as '{md5}f078fe086dfc22f64b5dca2e1b95de2c'
- Notice: Finished catalog run in 0.04 seconds
- [root@node12 ~]# ll /tmp
- total 8
- srwx------ 1 mongod mongod 0 Dec 2 13:04 mongodb-27017.sock
- drwx------ 3 root root 17 Dec 2 13:04 systemd-private-d48e3508588440ff9b36efa29faed224-chronyd.service-V7fHnq
- -r-------- 1 jerry jerry 23 Dec 2 13:27 test1
- -rw-r--r-- 1 jerry root 17 Dec 2 13:19 test.txt
- [root@node12 ~]# cat /tmp/test1
- \S
- Kernel \r on an \m
- [root@node12 ~]#
提示:可以看到对应目录下生成了我们指定的文件,其内容是我们指定的source属性所对应的文件内容;属主/组和权限都是我们指定的属性;
示例:创建空目录
- [root@node12 ~]# cat directory.pp
- file{"/tmp/test":
- ensure => directory,
- owner => 'jerry',
- group => 'jerry',
- mode => 755,
- }
- [root@node12 ~]#
应用资源清单并验证对应目录是否创建?
- [root@node12 ~]# ll /tmp/
- total 8
- srwx------ 1 mongod mongod 0 Dec 2 13:04 mongodb-27017.sock
- drwx------ 3 root root 17 Dec 2 13:04 systemd-private-d48e3508588440ff9b36efa29faed224-chronyd.service-V7fHnq
- -r-------- 1 jerry jerry 23 Dec 2 13:27 test1
- -rw-r--r-- 1 jerry root 17 Dec 2 13:19 test.txt
- [root@node12 ~]# puppet apply -v --noop directory.pp
- Notice: Compiled catalog for node12.test.org in environment production in 0.05 seconds
- Info: Applying configuration version '1606887273'
- Notice: /Stage[main]/Main/File[/tmp/test]/ensure: current_value absent, should be directory (noop)
- Notice: Class[Main]: Would have triggered 'refresh' from 1 events
- Notice: Stage[main]: Would have triggered 'refresh' from 1 events
- Notice: Finished catalog run in 0.03 seconds
- [root@node12 ~]# puppet apply -v directory.pp
- Notice: Compiled catalog for node12.test.org in environment production in 0.05 seconds
- Info: Applying configuration version '1606887279'
- Notice: /Stage[main]/Main/File[/tmp/test]/ensure: created
- Notice: Finished catalog run in 0.03 seconds
- [root@node12 ~]# ll /tmp
- total 8
- srwx------ 1 mongod mongod 0 Dec 2 13:04 mongodb-27017.sock
- drwx------ 3 root root 17 Dec 2 13:04 systemd-private-d48e3508588440ff9b36efa29faed224-chronyd.service-V7fHnq
- drwxr-xr-x 2 jerry jerry 6 Dec 2 13:34 test
- -r-------- 1 jerry jerry 23 Dec 2 13:27 test1
- -rw-r--r-- 1 jerry root 17 Dec 2 13:19 test.txt
- [root@node12 ~]#
示例:复制目录
- [root@node12 ~]# cat copydirectory.pp
- file{"copy directory":
- ensure => directory,
- path => '/tmp/test.repos.d',
- source => '/etc/yum.repos.d/'
- }
- [root@node12 ~]#
应用资源清单并且验证对应目录是否生成?
- [root@node12 ~]# puppet apply -v copydirectory.pp
- Notice: Compiled catalog for node12.test.org in environment production in 0.05 seconds
- Info: Applying configuration version '1606887595'
- Notice: /Stage[main]/Main/File[copy directory]/ensure: created
- Notice: Finished catalog run in 0.04 seconds
- [root@node12 ~]# ll /tmp
- total 8
- srwx------ 1 mongod mongod 0 Dec 2 13:04 mongodb-27017.sock
- drwx------ 3 root root 17 Dec 2 13:04 systemd-private-d48e3508588440ff9b36efa29faed224-chronyd.service-V7fHnq
- drwxr-xr-x 2 jerry jerry 6 Dec 2 13:34 test
- -r-------- 1 jerry jerry 23 Dec 2 13:27 test1
- drwxr-xr-x 2 root root 6 Dec 2 13:39 test.repos.d
- -rw-r--r-- 1 jerry root 17 Dec 2 13:19 test.txt
- [root@node12 ~]# ll /tmp/test.repos.d/
- total 0
- [root@node12 ~]#
提示:这里只是复制了一个空目录过来,对应目录下没有任何文件,如果需要递归复制,需要加上recurse属性为true;
递归复制目录
- [root@node12 ~]# cat copydirectory.pp
- file{"copy directory":
- ensure => directory,
- path => '/tmp/test.repos.d',
- source => '/etc/yum.repos.d/',
- recurse => true
- }
- [root@node12 ~]# puppet apply -v copydirectory.pp
- Notice: Compiled catalog for node12.test.org in environment production in 0.05 seconds
- Info: Applying configuration version '1606887954'
- Notice: /Stage[main]/Main/File[/tmp/test.repos.d/centos7-aliyun-epel.repo]/ensure: defined content as '{md5}ad7e2bf9550cde4f863d5157d9dea4cb'
- Notice: /Stage[main]/Main/File[/tmp/test.repos.d/bak]/ensure: created
- Notice: /Stage[main]/Main/File[/tmp/test.repos.d/bak/CentOS-Base.repo]/ensure: defined content as '{md5}9098fc723b1e00c92e8515f06980d83e'
- Notice: /Stage[main]/Main/File[/tmp/test.repos.d/bak/CentOS-Debuginfo.repo]/ensure: defined content as '{md5}e9e506425094f43b5c8f053090dbf4d4'
- Notice: /Stage[main]/Main/File[/tmp/test.repos.d/bak/CentOS-Vault.repo]/ensure: defined content as '{md5}9fdd3d91192aa05427c3a9684eeb1345'
- Notice: /Stage[main]/Main/File[/tmp/test.repos.d/bak/CentOS-CR.repo]/ensure: defined content as '{md5}445ed4f0ee3888384e854fb8527a7cde'
- Notice: /Stage[main]/Main/File[/tmp/test.repos.d/bak/CentOS-Sources.repo]/ensure: defined content as '{md5}04d662bb1648477bf50e658a20c10145'
- Notice: /Stage[main]/Main/File[/tmp/test.repos.d/CentOS-Base.repo]/ensure: defined content as '{md5}4861d3b742e8e8c05b67e3abf7904f17'
- Notice: /Stage[main]/Main/File[/tmp/test.repos.d/mongodb.repo]/ensure: defined content as '{md5}fbe938506cda5002d9b8068e6bb4a355'
- Notice: /Stage[main]/Main/File[/tmp/test.repos.d/bak/CentOS-Media.repo]/ensure: defined content as '{md5}1d7797c5082bd565facd68c5aa9352bf'
- Notice: /Stage[main]/Main/File[/tmp/test.repos.d/bak/CentOS-fasttrack.repo]/ensure: defined content as '{md5}52d296f7a45f56c85d18473eca5bab16'
- Notice: Finished catalog run in 0.12 seconds
- [root@node12 ~]# ll /tmp/test.repos.d/
- total 12
- drwxr-xr-x 2 root root 187 Dec 2 13:45 bak
- -rw-r--r-- 1 root root 665 Dec 2 13:45 centos7-aliyun-epel.repo
- -rw-r--r-- 1 root root 2524 Dec 2 13:45 CentOS-Base.repo
- -rw-r--r-- 1 root root 206 Dec 2 13:45 mongodb.repo
- [root@node12 ~]# ll /tmp/test.repos.d/bak/
- total 28
- -rw-r--r-- 1 root root 1664 Dec 2 13:45 CentOS-Base.repo
- -rw-r--r-- 1 root root 1309 Dec 2 13:45 CentOS-CR.repo
- -rw-r--r-- 1 root root 649 Dec 2 13:45 CentOS-Debuginfo.repo
- -rw-r--r-- 1 root root 314 Dec 2 13:45 CentOS-fasttrack.repo
- -rw-r--r-- 1 root root 630 Dec 2 13:45 CentOS-Media.repo
- -rw-r--r-- 1 root root 1331 Dec 2 13:45 CentOS-Sources.repo
- -rw-r--r-- 1 root root 3830 Dec 2 13:45 CentOS-Vault.repo
- [root@node12 ~]#
提示:可以看到在资源清单中加上recurse属性为true后,再次执行资源清单,对应源目录下的所有文件,子目录及文件都递归的复制到path所指定的目录下了;这里需要注意一点,如果源是文件,目标是目录,则复制过去的是一个文件并非是把文件复制到目录下;所以puppet中的文件复制是同类型文件间的复制;
创建符号链接文件
- [root@node12 ~]# cat createlink.pp
- file{"create link file":
- ensure => link,
- path => '/tmp/passwd',
- target => '/etc/passwd',
- }
- [root@node12 ~]#
提示:以上资源清单定义了把/tmp/passwd文件连接至/etc/passwd,即在创建/tmp/passwd符号连接文件,并将其目标链接文件指向/etc/passwd文件;
应用清单文件,看看对应符号链接文件是否生成?
- [root@node12 ~]# ll /tmp
- total 8
- srwx------ 1 mongod mongod 0 Dec 2 13:04 mongodb-27017.sock
- drwx------ 3 root root 17 Dec 2 13:04 systemd-private-d48e3508588440ff9b36efa29faed224-chronyd.service-V7fHnq
- drwxr-xr-x 2 jerry jerry 6 Dec 2 13:34 test
- -r-------- 1 jerry jerry 23 Dec 2 13:27 test1
- drwxr-xr-x 3 root root 93 Dec 2 13:45 test.repos.d
- -rw-r--r-- 1 jerry root 17 Dec 2 13:19 test.txt
- [root@node12 ~]# puppet apply -v --noop createlink.pp
- Notice: Compiled catalog for node12.test.org in environment production in 0.05 seconds
- Info: Applying configuration version '1606888721'
- Notice: /Stage[main]/Main/File[create link file]/ensure: current_value absent, should be link (noop)
- Notice: Class[Main]: Would have triggered 'refresh' from 1 events
- Notice: Stage[main]: Would have triggered 'refresh' from 1 events
- Notice: Finished catalog run in 0.03 seconds
- [root@node12 ~]# puppet apply -v createlink.pp
- Notice: Compiled catalog for node12.test.org in environment production in 0.06 seconds
- Info: Applying configuration version '1606888731'
- Notice: /Stage[main]/Main/File[create link file]/ensure: created
- Notice: Finished catalog run in 0.04 seconds
- [root@node12 ~]# ll /tmp
- total 8
- srwx------ 1 mongod mongod 0 Dec 2 13:04 mongodb-27017.sock
- lrwxrwxrwx 1 root root 11 Dec 2 13:58 passwd -> /etc/passwd
- drwx------ 3 root root 17 Dec 2 13:04 systemd-private-d48e3508588440ff9b36efa29faed224-chronyd.service-V7fHnq
- drwxr-xr-x 2 jerry jerry 6 Dec 2 13:34 test
- -r-------- 1 jerry jerry 23 Dec 2 13:27 test1
- drwxr-xr-x 3 root root 93 Dec 2 13:45 test.repos.d
- -rw-r--r-- 1 jerry root 17 Dec 2 13:19 test.txt
- [root@node12 ~]#
提示:可以看到/tmp目录下生成了一个passwd的符号链接文件,并目标链接文件指向的是/etc/passwd文件;
定义资源与资源间的通知或订阅关系
我们知道一个服务的配置文件发生了变化,如果要让其配置生效,通常会重新启动服务或重新载入配置文件内容;在ansible中当一个服务的配置文件发生变化,是通过定义handler和notify来触发对应的服务执行重启或重载配置操作;在puppet中当一个服务的配置文件发生变化触发对应服务重启或重新载入配置,需要定义资源与资源间的通知或订阅关系;其语法如下
notify:前资源通知后资源
- {
- ...
- notify => Type['B'],
- ...
- }
subscribe:后资源订阅前资源
- {
- ...
- subscribe => Type['B'],
- ...
- }
提示:以上两种方式选择其中一种即可;这里需要注意的是引用资源其类型首字母必须大写;同时定义资源与资源通知或订阅关系,其隐含了资源执行的先后顺序(依赖关系);
示例:定义安装redis,提供配置文件,和启动服务,并且当配置文件发生变化通知redis服务重启;
- [root@node12 ~]# cat redis.pp
- package{"redis":
- ensure => installed,
- }
- file{"/etc/redis.conf":
- ensure => file,
- source => '/root/redis.conf',
- notify => Service["redis"],
- }
- service{"redis":
- ensure => running,
- enable => true,
- hasrestart => true,
- restart => 'systemctl restart redis',
- }
- [root@node12 ~]#
提示:以上资源清单中定义了3个资源,并且指定了当配置文件发生变化就通知redis服务重启;
上述清单在file资源中通知service资源,我们也可以在service中订阅file资源;如下
- [root@node12 ~]# cat redis.pp
- package{"redis":
- ensure => installed,
- }
- file{"/etc/redis.conf":
- ensure => file,
- source => '/root/redis.conf',
- # notify => Service["redis"],
- }
- service{"redis":
- ensure => running,
- enable => true,
- hasrestart => true,
- restart => 'systemctl restart redis',
- subscribe => File["/etc/redis.conf"],
- }
- [root@node12 ~]#
除了上述方式,我们也可以定义通知/订阅资源链
- [root@node12 ~]# cat redis.pp
- package{"redis":
- ensure => installed,
- }
- file{"/etc/redis.conf":
- ensure => file,
- source => '/root/redis.conf',
- # notify => Service["redis"],
- }
- service{"redis":
- ensure => running,
- enable => true,
- hasrestart => true,
- restart => 'systemctl restart redis',
- # subscribe => File["/etc/redis.conf"],
- }
- Package["redis"] -> File["/etc/redis.conf"] ~> Service["redis"]
- [root@node12 ~]#
提示:定义通知/订阅资源链,需要用到~>来表示前资源发生变化通知后资源;
本地redis.conf内容
- [root@node12 ~]# cat redis.conf
- bind 0.0.0.0
- protected-mode yes
- port 6379
- tcp-backlog 511
- timeout 0
- tcp-keepalive 300
- daemonize no
- supervised no
- pidfile /var/run/redis_6379.pid
- loglevel notice
- logfile /var/log/redis/redis.log
- databases 16
- save 900 1
- save 300 10
- save 60 10000
- stop-writes-on-bgsave-error yes
- rdbcompression yes
- rdbchecksum yes
- dbfilename dump.rdb
- dir /var/lib/redis
- slave-serve-stale-data yes
- slave-read-only yes
- repl-diskless-sync no
- repl-diskless-sync-delay 5
- repl-disable-tcp-nodelay no
- slave-priority 100
- appendonly no
- appendfilename "appendonly.aof"
- appendfsync everysec
- no-appendfsync-on-rewrite no
- auto-aof-rewrite-percentage 100
- auto-aof-rewrite-min-size 64mb
- aof-load-truncated yes
- lua-time-limit 5000
- slowlog-log-slower-than 10000
- slowlog-max-len 128
- latency-monitor-threshold 0
- notify-keyspace-events ""
- hash-max-ziplist-entries 512
- hash-max-ziplist-value 64
- list-max-ziplist-size -2
- list-compress-depth 0
- set-max-intset-entries 512
- zset-max-ziplist-entries 128
- zset-max-ziplist-value 64
- hll-sparse-max-bytes 3000
- activerehashing yes
- client-output-buffer-limit normal 0 0 0
- client-output-buffer-limit slave 256mb 64mb 60
- client-output-buffer-limit pubsub 32mb 8mb 60
- hz 10
- aof-rewrite-incremental-fsync yes
- [root@node12 ~]#
提示:以上内容是默认redis配置,我们只修改了其监听地址为0.0.0.0;
应用资源清单
- [root@node12 ~]# rpm -q redis
- package redis is not installed
- [root@node12 ~]# ss -tnl
- State Recv-Q Send-Q Local Address:Port Peer Address:Port
- LISTEN 0 128 *:22 *:*
- LISTEN 0 100 127.0.0.1:25 *:*
- LISTEN 0 128 *:27017 *:*
- LISTEN 0 128 :::22 :::*
- LISTEN 0 100 ::1:25 :::*
- [root@node12 ~]# puppet apply -v --noop redis.pp
- Notice: Compiled catalog for node12.test.org in environment production in 0.29 seconds
- Warning: The package type's allow_virtual parameter will be changing its default value from false to true in a future release. If you do not want to allow virtual packages, please explicitly set allow_virtual to false.
- (at /usr/share/ruby/vendor_ruby/puppet/type.rb:816:in `set_default')
- Info: Applying configuration version '1606891263'
- Notice: /Stage[main]/Main/Package[redis]/ensure: current_value absent, should be present (noop)
- Notice: /Stage[main]/Main/File[/etc/redis.conf]/ensure: current_value absent, should be file (noop)
- Info: /Stage[main]/Main/File[/etc/redis.conf]: Scheduling refresh of Service[redis]
- Notice: /Stage[main]/Main/Service[redis]/ensure: current_value stopped, should be running (noop)
- Info: /Stage[main]/Main/Service[redis]: Unscheduling refresh on Service[redis]
- Notice: Class[Main]: Would have triggered 'refresh' from 3 events
- Notice: Stage[main]: Would have triggered 'refresh' from 1 events
- Notice: Finished catalog run in 0.12 seconds
- [root@node12 ~]# puppet apply -v redis.pp
- Notice: Compiled catalog for node12.test.org in environment production in 0.30 seconds
- Warning: The package type's allow_virtual parameter will be changing its default value from false to true in a future release. If you do not want to allow virtual packages, please explicitly set allow_virtual to false.
- (at /usr/share/ruby/vendor_ruby/puppet/type.rb:816:in `set_default')
- Info: Applying configuration version '1606891271'
- Notice: /Stage[main]/Main/Package[redis]/ensure: created
- Info: /Stage[main]/Main/File[/etc/redis.conf]: Filebucketed /etc/redis.conf to puppet with sum d98629fded012cd2a25b9db0599a9251
- Notice: /Stage[main]/Main/File[/etc/redis.conf]/content: content changed '{md5}d98629fded012cd2a25b9db0599a9251' to '{md5}12e59b058c0ef61ad52bcfa2d4de58ff'
- Notice: /Stage[main]/Main/File[/etc/redis.conf]/owner: owner changed 'redis' to 'root'
- Notice: /Stage[main]/Main/File[/etc/redis.conf]/mode: mode changed '0640' to '0644'
- Info: /Stage[main]/Main/File[/etc/redis.conf]: Scheduling refresh of Service[redis]
- Info: /Stage[main]/Main/File[/etc/redis.conf]: Scheduling refresh of Service[redis]
- Info: /Stage[main]/Main/File[/etc/redis.conf]: Scheduling refresh of Service[redis]
- Notice: /Stage[main]/Main/Service[redis]/ensure: ensure changed 'stopped' to 'running'
- Info: /Stage[main]/Main/Service[redis]: Unscheduling refresh on Service[redis]
- Notice: Finished catalog run in 4.81 seconds
- [root@node12 ~]# ss -tnl
- State Recv-Q Send-Q Local Address:Port Peer Address:Port
- LISTEN 0 128 *:6379 *:*
- LISTEN 0 128 *:22 *:*
- LISTEN 0 100 127.0.0.1:25 *:*
- LISTEN 0 128 *:27017 *:*
- LISTEN 0 128 :::22 :::*
- LISTEN 0 100 ::1:25 :::*
- [root@node12 ~]# grep -Ei "^bind|port" /etc/redis.conf
- bind 0.0.0.0
- port 6379
- [root@node12 ~]#
提示:可以看到应用资源清单后,安装redis包,提供配置,启动服务就一并完成了;
修改配置文件再次执行资源清单,看看对应服务是否会发生重启,应用新配置呢?
- [root@node12 ~]# grep -Ei "^bind|port" /root/redis.conf
- bind 0.0.0.0
- port 16379
- [root@node12 ~]#
提示:以上把/root/目录下的redis.conf文件中的prot修改成16379;
执行资源清单
- [root@node12 ~]# ss -tnl
- State Recv-Q Send-Q Local Address:Port Peer Address:Port
- LISTEN 0 128 *:6379 *:*
- LISTEN 0 128 *:22 *:*
- LISTEN 0 100 127.0.0.1:25 *:*
- LISTEN 0 128 *:27017 *:*
- LISTEN 0 128 :::22 :::*
- LISTEN 0 100 ::1:25 :::*
- [root@node12 ~]# puppet apply -v redis.pp
- Notice: Compiled catalog for node12.test.org in environment production in 0.30 seconds
- Warning: The package type's allow_virtual parameter will be changing its default value from false to true in a future release. If you do not want to allow virtual packages, please explicitly set allow_virtual to false.
- (at /usr/share/ruby/vendor_ruby/puppet/type.rb:816:in `set_default')
- Info: Applying configuration version '1606891609'
- Info: /Stage[main]/Main/File[/etc/redis.conf]: Filebucketed /etc/redis.conf to puppet with sum 12e59b058c0ef61ad52bcfa2d4de58ff
- Notice: /Stage[main]/Main/File[/etc/redis.conf]/content: content changed '{md5}12e59b058c0ef61ad52bcfa2d4de58ff' to '{md5}13a04cb20de2d787e0e18c1c13560cab'
- Info: /Stage[main]/Main/File[/etc/redis.conf]: Scheduling refresh of Service[redis]
- Notice: /Stage[main]/Main/Service[redis]: Triggered 'refresh' from 1 events
- Notice: Finished catalog run in 0.26 seconds
- [root@node12 ~]# ss -tnl
- State Recv-Q Send-Q Local Address:Port Peer Address:Port
- LISTEN 0 128 *:22 *:*
- LISTEN 0 100 127.0.0.1:25 *:*
- LISTEN 0 128 *:16379 *:*
- LISTEN 0 128 *:27017 *:*
- LISTEN 0 128 :::22 :::*
- LISTEN 0 100 ::1:25 :::*
- [root@node12 ~]#
提示:可以看到再次执行资源清单,对应服务也应用了新的配置,说明redis服务发生了重启;我们定义的资源间通知或订阅关系生效了;
2、exec:该资源类型主要用于描述在被控端执行命令;
主要属性
command:要执行的命令(namevar);
creates:文件路径,仅此路径表示的文件不存在时,command方才执行;
user/group:运行命令的用户身份;
cwd:切换工作目录;
path:命令搜索路径,即在那些路径下可以搜索到对应命令,类似PATH环境变量;
onlyif:此属性指定一个命令,此命令正常(退出码为0)运行时,当前command才会运行;
unless:此属性指定一个命令,此命令非正常(退出码为非0)运行时,当前command才会运行;
refresh:重新执行当前command的替代命令;
refreshonly:仅接收到订阅的资源的通知时方才运行;
示例:使用mkdir命令在被控端主机上创建目录,条件是当指定的目录不存在时才创建;
- [root@node12 ~]# cat exec.pp
- exec{"create directory":
- command => 'mkdir /tmp/tom',
- path => '/bin:/sbin:/usr/bin:/usr/sbin',
- unless => 'test -d /tmp/tom',
- }
- [root@node12 ~]#
提示:以上清单表示如果被控端的/tmp/tom不存在时,则在被控端执行mkdir /tmp/tom,执行mkdir这个命令的搜索路径为/bin:/sbin:/usr/bin:/usr/sbin;
应用清单,看看对应目录是否会被创建?
- [root@node12 ~]# ll /tmp/
- total 8
- srwx------ 1 mongod mongod 0 Dec 2 18:59 mongodb-27017.sock
- lrwxrwxrwx 1 root root 11 Dec 2 13:58 passwd -> /etc/passwd
- drwx------ 3 root root 17 Dec 2 18:59 systemd-private-62bd808f926f45528710005f2104130c-chronyd.service-wtp0Tm
- drwxr-xr-x 2 jerry jerry 6 Dec 2 13:34 test
- -r-------- 1 jerry jerry 23 Dec 2 13:27 test1
- drwxr-xr-x 3 root root 93 Dec 2 13:45 test.repos.d
- -rw-r--r-- 1 jerry root 17 Dec 2 13:19 test.txt
- [root@node12 ~]# puppet apply -v --noop exec.pp
- Notice: Compiled catalog for node12.test.org in environment production in 0.07 seconds
- Info: Applying configuration version '1606907819'
- Notice: /Stage[main]/Main/Exec[create directory]/returns: current_value notrun, should be 0 (noop)
- Notice: Class[Main]: Would have triggered 'refresh' from 1 events
- Notice: Stage[main]: Would have triggered 'refresh' from 1 events
- Notice: Finished catalog run in 0.04 seconds
- [root@node12 ~]# puppet apply -v exec.pp
- Notice: Compiled catalog for node12.test.org in environment production in 0.02 seconds
- Info: Applying configuration version '1606907836'
- Notice: /Stage[main]/Main/Exec[create directory]/returns: executed successfully
- Notice: Finished catalog run in 0.03 seconds
- [root@node12 ~]# ll /tmp/
- total 8
- srwx------ 1 mongod mongod 0 Dec 2 18:59 mongodb-27017.sock
- lrwxrwxrwx 1 root root 11 Dec 2 13:58 passwd -> /etc/passwd
- drwx------ 3 root root 17 Dec 2 18:59 systemd-private-62bd808f926f45528710005f2104130c-chronyd.service-wtp0Tm
- drwxr-xr-x 2 jerry jerry 6 Dec 2 13:34 test
- -r-------- 1 jerry jerry 23 Dec 2 13:27 test1
- drwxr-xr-x 3 root root 93 Dec 2 13:45 test.repos.d
- -rw-r--r-- 1 jerry root 17 Dec 2 13:19 test.txt
- drwxr-xr-x 2 root root 6 Dec 2 19:17 tom
- [root@node12 ~]#
提示:以上是/tmp/tom目录不存在就创建,现在已经创建好了,再次执行命令按道理是要报错说目录已存在;
验证:再次执行清单,看看是否会报错?
- [root@node12 ~]# ll /tmp/
- total 8
- srwx------ 1 mongod mongod 0 Dec 2 18:59 mongodb-27017.sock
- lrwxrwxrwx 1 root root 11 Dec 2 13:58 passwd -> /etc/passwd
- drwx------ 3 root root 17 Dec 2 18:59 systemd-private-62bd808f926f45528710005f2104130c-chronyd.service-wtp0Tm
- drwxr-xr-x 2 jerry jerry 6 Dec 2 13:34 test
- -r-------- 1 jerry jerry 23 Dec 2 13:27 test1
- drwxr-xr-x 3 root root 93 Dec 2 13:45 test.repos.d
- -rw-r--r-- 1 jerry root 17 Dec 2 13:19 test.txt
- drwxr-xr-x 2 root root 6 Dec 2 19:17 tom
- [root@node12 ~]# puppet apply -v exec.pp
- Notice: Compiled catalog for node12.test.org in environment production in 0.02 seconds
- Info: Applying configuration version '1606907999'
- Notice: Finished catalog run in 0.02 seconds
- [root@node12 ~]#
提示:可以看到再次执行并没有报错,这是因为我们加了unless这个属性去判断是否满足执行命令的条件;只有满足执行命令的条件后,对应命令才可被执行;为了保证多次执行资源清单的幂等性,在执行某些不幂等的命令一定要加上条件;
示例:当redis配置文件发生改变以后,就重启redis
- [root@node12 ~]# cat exec2.pp
- exec{"systemctl restart redis":
- path => '/bin:/sbin:/usr/bin:/usr/sbin',
- refreshonly => true,
- }
- file{"/etc/redis.conf":
- ensure => file,
- source => '/root/redis.conf',
- }
- File["/etc/redis.conf"] ~> Exec["systemctl restart redis"]
- [root@node12 ~]#
提示:以上清单内容表示当/etc/redis.conf文件内容发生变化,就通知执行重启redis服务命令;
当前redis配置文件监听端口
- [root@node12 ~]# ss -tnl
- State Recv-Q Send-Q Local Address:Port Peer Address:Port
- LISTEN 0 128 *:22 *:*
- LISTEN 0 100 127.0.0.1:25 *:*
- LISTEN 0 128 *:16379 *:*
- LISTEN 0 128 *:27017 *:*
- LISTEN 0 128 :::22 :::*
- LISTEN 0 100 ::1:25 :::*
- [root@node12 ~]# grep -Ei "^bind|port" /etc/redis.conf
- bind 0.0.0.0
- port 16379
- [root@node12 ~]#
修改/root/redis.conf文件中的端口信息为6379
- [root@node12 ~]# grep -Ei "^bind|port" /root/redis.conf
- bind 0.0.0.0
- port 6379
- [root@node12 ~]#
执行清单,看看对应redis是否会监听在6379这个端口上?
- [root@node12 ~]# ss -tnl
- State Recv-Q Send-Q Local Address:Port Peer Address:Port
- LISTEN 0 128 *:22 *:*
- LISTEN 0 100 127.0.0.1:25 *:*
- LISTEN 0 128 *:16379 *:*
- LISTEN 0 128 *:27017 *:*
- LISTEN 0 128 :::22 :::*
- LISTEN 0 100 ::1:25 :::*
- [root@node12 ~]# puppet apply -v --noop exec2.pp
- Notice: Compiled catalog for node12.test.org in environment production in 0.07 seconds
- Info: Applying configuration version '1606909853'
- Notice: /Stage[main]/Main/File[/etc/redis.conf]/content: current_value {md5}13a04cb20de2d787e0e18c1c13560cab, should be {md5}12e59b058c0ef61ad52bcfa2d4de58ff (noop)
- Info: /Stage[main]/Main/File[/etc/redis.conf]: Scheduling refresh of Exec[systemctl restart redis]
- Notice: /Stage[main]/Main/Exec[systemctl restart redis]: Would have triggered 'refresh' from 1 events
- Notice: Class[Main]: Would have triggered 'refresh' from 2 events
- Notice: Stage[main]: Would have triggered 'refresh' from 1 events
- Notice: Finished catalog run in 0.02 seconds
- [root@node12 ~]# puppet apply -v exec2.pp
- Notice: Compiled catalog for node12.test.org in environment production in 0.07 seconds
- Info: Applying configuration version '1606909859'
- Info: FileBucket got a duplicate file {md5}13a04cb20de2d787e0e18c1c13560cab
- Info: /Stage[main]/Main/File[/etc/redis.conf]: Filebucketed /etc/redis.conf to puppet with sum 13a04cb20de2d787e0e18c1c13560cab
- Notice: /Stage[main]/Main/File[/etc/redis.conf]/content: content changed '{md5}13a04cb20de2d787e0e18c1c13560cab' to '{md5}12e59b058c0ef61ad52bcfa2d4de58ff'
- Info: /Stage[main]/Main/File[/etc/redis.conf]: Scheduling refresh of Exec[systemctl restart redis]
- Notice: /Stage[main]/Main/Exec[systemctl restart redis]: Triggered 'refresh' from 1 events
- Notice: Finished catalog run in 0.11 seconds
- [root@node12 ~]# ss -tnl
- State Recv-Q Send-Q Local Address:Port Peer Address:Port
- LISTEN 0 128 *:6379 *:*
- LISTEN 0 128 *:22 *:*
- LISTEN 0 100 127.0.0.1:25 *:*
- LISTEN 0 128 *:27017 *:*
- LISTEN 0 128 :::22 :::*
- LISTEN 0 100 ::1:25 :::*
- [root@node12 ~]#
提示:可以看到redis服务已经监听在6379这个端口了;说明重启redis服务命令执行成功;
示例:创建文件,条件是只有对应父目录存在,则新建文件;
- [root@node12 ~]# cat exec3.pp
- exec{"create file":
- command => 'touch /tmp/jerry.sh',
- path => '/bin:/sbin:/usr/bin:/usr/sbin',
- onlyif => 'test -d /tmp'
- }
- [root@node12 ~]#
执行清单并验证
- [root@node12 ~]# ll /tmp/
- total 8
- srwx------ 1 mongod mongod 0 Dec 2 18:59 mongodb-27017.sock
- lrwxrwxrwx 1 root root 11 Dec 2 13:58 passwd -> /etc/passwd
- drwx------ 3 root root 17 Dec 2 18:59 systemd-private-62bd808f926f45528710005f2104130c-chronyd.service-wtp0Tm
- drwxr-xr-x 2 jerry jerry 6 Dec 2 13:34 test
- -r-------- 1 jerry jerry 23 Dec 2 13:27 test1
- drwxr-xr-x 3 root root 93 Dec 2 13:45 test.repos.d
- -rw-r--r-- 1 jerry root 17 Dec 2 13:19 test.txt
- drwxr-xr-x 2 root root 6 Dec 2 19:17 tom
- [root@node12 ~]# puppet apply -v --noop exec3.pp
- Notice: Compiled catalog for node12.test.org in environment production in 0.02 seconds
- Info: Applying configuration version '1606910431'
- Notice: /Stage[main]/Main/Exec[create file]/returns: current_value notrun, should be 0 (noop)
- Notice: Class[Main]: Would have triggered 'refresh' from 1 events
- Notice: Stage[main]: Would have triggered 'refresh' from 1 events
- Notice: Finished catalog run in 0.02 seconds
- [root@node12 ~]# puppet apply -v exec3.pp
- Notice: Compiled catalog for node12.test.org in environment production in 0.02 seconds
- Info: Applying configuration version '1606910443'
- Notice: /Stage[main]/Main/Exec[create file]/returns: executed successfully
- Notice: Finished catalog run in 0.03 seconds
- [root@node12 ~]# ll /tmp
- total 8
- -rw-r--r-- 1 root root 0 Dec 2 20:00 jerry.sh
- srwx------ 1 mongod mongod 0 Dec 2 18:59 mongodb-27017.sock
- lrwxrwxrwx 1 root root 11 Dec 2 13:58 passwd -> /etc/passwd
- drwx------ 3 root root 17 Dec 2 18:59 systemd-private-62bd808f926f45528710005f2104130c-chronyd.service-wtp0Tm
- drwxr-xr-x 2 jerry jerry 6 Dec 2 13:34 test
- -r-------- 1 jerry jerry 23 Dec 2 13:27 test1
- drwxr-xr-x 3 root root 93 Dec 2 13:45 test.repos.d
- -rw-r--r-- 1 jerry root 17 Dec 2 13:19 test.txt
- drwxr-xr-x 2 root root 6 Dec 2 19:17 tom
- [root@node12 ~]#
提示:可以看到jerry.sh文件创建成功了;
3、cron:该类型资源主要用于在被管控端管理周期计划任务
主要属性
command:要执行的任务;
ensure:描述是目标状态,取值present/absent;
hour:定义小时时间;
minute:定义分钟时间;
monthday:定义月份的某一天时间;
month:定义月份
weekday:定义周时间;
user:以哪个用户的身份运行命令;
target:添加为哪个用户的任务;
name:cron job的名称;
示例:创建时间同步周期计划任务
- [root@node12 ~]# cat cron.pp
- cron{"timesync":
- command => '/usr/sbin/ntpdate 192.168.0.99 &> /dev/null',
- ensure => present,
- minute => '*/5',
- user => 'root'
- }
- [root@node12 ~]#
执行清单,看看是否生成周期计划任务?
- [root@node12 ~]# crontab -l
- no crontab for root
- [root@node12 ~]# puppet apply -v --noop cron.pp
- Notice: Compiled catalog for node12.test.org in environment production in 0.02 seconds
- Info: Applying configuration version '1606913457'
- Notice: /Stage[main]/Main/Cron[timesync]/ensure: current_value absent, should be present (noop)
- Notice: Class[Main]: Would have triggered 'refresh' from 1 events
- Notice: Stage[main]: Would have triggered 'refresh' from 1 events
- Notice: Finished catalog run in 0.02 seconds
- [root@node12 ~]# puppet apply -v cron.pp
- Notice: Compiled catalog for node12.test.org in environment production in 0.02 seconds
- Info: Applying configuration version '1606913462'
- Notice: /Stage[main]/Main/Cron[timesync]/ensure: created
- Notice: Finished catalog run in 0.02 seconds
- [root@node12 ~]# crontab -l
- # HEADER: This file was autogenerated at 2020-12-02 20:51:02 +0800 by puppet.
- # HEADER: While it can still be managed manually, it is definitely not recommended.
- # HEADER: Note particularly that the comments starting with 'Puppet Name' should
- # HEADER: not be deleted, as doing so could cause duplicate cron jobs.
- # Puppet Name: timesync
- */5 * * * * /usr/sbin/ntpdate 192.168.0.99 &> /dev/null
- [root@node12 ~]#
提示:可以看到周期计划任务已经创建;
4、notify:该类型资源主要用来向agent运行日志发送消息,如果是单机模型,则输出到屏幕,如果是master/agent模型则记录到日志中;
主要属性
message:信息内容;
name:信息名称;
示例
- [root@node12 ~]# cat notify.pp
- notify{"say hello ":
- message => "hello everyone .."
- }
- [root@node12 ~]# puppet apply -v notify.pp
- Notice: Compiled catalog for node12.test.org in environment production in 0.01 seconds
- Info: Applying configuration version '1606914189'
- Notice: hello everyone ..
- Notice: /Stage[main]/Main/Notify[say hello ]/message: defined 'message' as 'hello everyone ..'
- Notice: Finished catalog run in 0.03 seconds
- [root@node12 ~]#
ok,以上是puppet中4中核心资源的使用和相关演示,以及资源与资源间的通知/订阅关系的定义;
自动化运维工具之Puppet常用资源(二)的更多相关文章
- 自动化运维工具之Puppet常用资源(一)
前文我们聊到了puppet的架构,单机模型和master/agent模型的工作流程以及puppet的基础使用,回顾请参考https://www.cnblogs.com/qiuhom-1874/p/14 ...
- 自动化运维工具之Puppet基础入门
一.简介 puppet是什么?它能做什么? puppet是一个IT基础设施自动化运维工具,它能够帮助系统管理员管理基础设施的整个生命周期:比如,安装服务,提供配置文件,启动服务等等一系列操作:基于pu ...
- 自动化运维工具之Puppet变量、正则表达式、流程控制、类和模板
前文我们了解了puppet的file.exec.cron.notify这四种核心资源类型的使用以及资源见定义通知/订阅关系,回顾请参考https://www.cnblogs.com/qiuhom-18 ...
- 自动化运维工具之Puppet模块
前文我们了解来puppet的变量.流程控制.正则表达式.类和模板的相关话题,回顾请参考https://www.cnblogs.com/qiuhom-1874/p/14079208.html:今天我们来 ...
- 自动化运维工具之Puppet master/agent模型、站点清单和puppet多环境设定
前文我们了解了puppe中模块的使用,回顾请参考https://www.cnblogs.com/qiuhom-1874/p/14086315.html:今天我来了解下puppet的master/age ...
- 自动化运维工具ansible中常用模块总结
1.yum模块: name:要操作的软件包名字,可以是一个url或者本地rpm包路径,如name=nginx update_cache:更新软件包缓存,如update_cache=yes则更新软件包缓 ...
- 自动化运维工具——ansible详解(二)
Ansible playbook 简介 playbook 是 ansible 用于配置,部署,和管理被控节点的剧本. 通过 playbook 的详细描述,执行其中的一系列 tasks ,可以让远端主机 ...
- 自动化运维工具——ansible命令使用(二)
一.Ansible系列命令使用 ansible命令执行过程 1 . 加载自己的配置文件 默认/etc/ansible/ansible.cfg 2 . 加载自己对应的模块文件,如command 3 . ...
- Ansible自动化运维工具及其常用模块
Ansible自动化运维工具及其常用模块 目录 Ansible自动化运维工具及其常用模块 一.Ansible简介 1. Ansible概述 2. Ansible作用 3. Ansible的工作模块 4 ...
随机推荐
- NoSQL数据库的四大分类的分析
分类 Examples举例 典型应用场景 数据模型 优点 缺点 键值(key-value) Tokyo Cabinet/Tyrant, Redis, Voldemort, Oracle BDB 内容缓 ...
- c#导入文件
string[] lines = System.IO.File.ReadAllLines(@"C:\Users\Administrator\Desktop\2.txt",Encod ...
- 教你写个简单到的 Redis Client 框架 - .NET Core
目录 1,关于 Redis RESP 定义数据类型 2,定义异步消息状态机 3,定义命令发送模板 4,定义 Redis Client 5,实现简单的 RESP 解析 6,实现命令发送客户端 7,如何使 ...
- php随机填充字符串内容
public function getStr($str=false){ $poems="从,善,如,登,从,恶,如,崩,已,知,花,意,未,见,其,花,,,已,见,其,花,,,未,闻,花,名 ...
- 激情的来源 Imagine how much you love it !
激情来自哪里?我想可能我找到了,精髓就在那个标题! 想象你有多么爱它!你就会爱上他,想象你有多么喜欢某一个东西,你很有可能就喜欢上他,着手去了解他,接触他. 如果带着这种想象状态的激情,工作和学习会有 ...
- X-Height
术语x-height是指给定字体中,任何给定尺寸下小写字母x的高度. 它提供了一种描述任意字体一般比例的方法. 在印刷中,x-height是一行文字的基线与小写字母(即不包括上升笔画或下降笔画)的主体 ...
- TCP特点
1.基于字节流:面向连接:可靠传输:缓冲传输:全双工:流量控制.TCP如何保证可靠性:差错:校验和丢包:超时重传+确认失序:seq(序号)重复:seq(序号)1.数据被分割成TCP认为最合适发送的数据 ...
- 安装vmware tool
首先简单介绍一下vmware tool的作用: 1.最大的好处是可以直接把windows界面的文件拖进linux虚拟机内. 2.鼠标可以直接从虚拟机移动到windows等等好处. 步骤 1.点击虚拟机 ...
- rhel8/centos8网络网卡设置ping不通,连接不上,各种问题
[解决问题]: 1-ping不通宿主机 2-ping不通外网 3-ping不通网关 4-网络中心VMnet8 VMnet1 VMnet0 不见了 5-rhel8网络设置全攻略 环境:win10宿主机+ ...
- 基础网络路由命令(tracert、route print 、netstat )
网络知识有限,平时自己积累,捣鼓自己电脑使用,如是一样菜鸟,请勿自行在服务器端使用. 快捷键Ctrl+C 结束跟踪 快捷键 ↑ 可以查询上次输入的命令 window+R组合键,输入C ...