前文我们聊到了puppet的架构,单机模型和master/agent模型的工作流程以及puppet的基础使用,回顾请参考https://www.cnblogs.com/qiuhom-1874/p/14052241.html;今天我们主要来了解下puppet的核心资源的使用;

  什么是资源?

  在puppet中,资源就是指我们要操作被管控端主机的对象;puppet中的资源概念有点类似ansible中的模块,在ansible中不同模块有着不同的功能,比如用户管理,我们就要用user模块,文件管理就要用file模块,执行命令有shell模块和command模块;puppet中的资源也是类似的作用,不同的是puppet中资源是高度抽象的;所谓高度抽象就是指用户无需关心底层操作系统接口;比如我们要在被管控端安装一个nginx软件,如果用puppet来实现,我们直接使用package这个资源即可完成,用户不用考虑底层到底是windows还是centos或者ubuntu,puppet它能够自动识别,然后采用不同的安装方法;而在ansible中对于不同操作系统,使用的模块有所不同,比如redhat系列要使用yum这个模块,debain系列要使用apt模块;puppet把相似的资源被抽象成同一种资源类型,比如程序包资源,用户资源以及服务资源等;将资源属性或状态的描述与其实现方式剥离开;如安装程序包用户无需关心使用什么方法去实现,只需要描述清楚资源的目标状态以及相关属性信息即可;

  puppet常用资源的使用

  1、group:该资源类型主要用来管理被管控端主机上的组;

    主要属性

    name:该属性主要用来描述组名,namevar如果默认不人工手动指定,则以title字符串来替代;

    gid:该属性用来描述GID(组ID);

    system:该属性用来描述是否为系统组,取值yes/no或者true/false;

    ensure:该属性用来描述目标状态(即用户期待目标主机对应该资源的期望状态),取值present/absent;

    members:该属性用来描述组中的成员用户信息;

  示例:创建一个test组

[root@node12 ~]# cat group.pp

group{'create_group':

        name    => 'test',

        gid     => 1212,

        system  => false,

        ensure  => present,

}

[root@node12 ~]#

  模拟运行以上资源清单检查是否有语法错误

[root@node12 ~]# puppet apply -v --noop group.pp

Notice: Compiled catalog for node12.test.org in environment production in 0.05 seconds

Info: Applying configuration version '1606827824'

Notice: /Stage[main]/Main/Group[create_group]/ensure: current_value absent, should be present (noop)

Notice: Class[Main]: Would have triggered 'refresh' from 1 events

Notice: Stage[main]: Would have triggered 'refresh' from 1 events

Notice: Finished catalog run in 0.02 seconds

[root@node12 ~]#

  应用到本地主机

[root@node12 ~]# puppet apply -v  group.pp

Notice: Compiled catalog for node12.test.org in environment production in 0.05 seconds

Info: Applying configuration version '1606827835'

Notice: /Stage[main]/Main/Group[create_group]/ensure: created

Notice: Finished catalog run in 0.08 seconds

[root@node12 ~]#

  验证:查看本机是否创建test组?对应gid是否是我们指定的gid?

[root@node12 ~]# getent group test

test:x:1212:

[root@node12 ~]#

  2、user:该资源类型主要用来管理被管控端主机上的用户,如新建用户,删除用户等等;

  主要属性

    name:用户名,namevar

    uid:UID;

    gid:基本组id;

    groups:附加组,不能包含基本组;

    comment:注释;

    expiry:过期时间;

    home:家目录;

    shell:默认shell类型;

    system:是否为系统用户,取值yes/no或者true/false;

    ensure:用户期望的目标状态,取值present/absent;

    password:加密后的密码串;

  示例:创建一个用户

[root@node12 ~]# cat user.pp

user{"create_user":

        name    => "jerry",

        uid     => 1213,

        groups  => ["test","test1","test2","test3"],

        comment => "this is create test user",

        system  => no,

        ensure  => present,

}

[root@node12 ~]#

  验证语法和应用到本机

[root@node12 ~]# puppet apply -v --noop user.pp

Notice: Compiled catalog for node12.test.org in environment production in 0.06 seconds

Info: Applying configuration version '1606829084'

Notice: /Stage[main]/Main/User[create_user]/ensure: current_value absent, should be present (noop)

Notice: Class[Main]: Would have triggered 'refresh' from 1 events

Notice: Stage[main]: Would have triggered 'refresh' from 1 events

Notice: Finished catalog run in 0.02 seconds

[root@node12 ~]# puppet apply -v  user.pp

Notice: Compiled catalog for node12.test.org in environment production in 0.06 seconds

Info: Applying configuration version '1606829091'

Notice: /Stage[main]/Main/User[create_user]/ensure: created

Notice: Finished catalog run in 0.05 seconds

[root@node12 ~]#

  验证:查看jerry用户是否创建完成,对应属性是否是我们指定的属性呢?

[root@node12 ~]# id jerry

uid=1213(jerry) gid=1213(jerry) groups=1213(jerry),1000(test1),1001(test2),1002(test3),1212(test)

[root@node12 ~]# getent passwd jerry

jerry:x:1213:1213:this is create test user:/home/jerry:/bin/bash

[root@node12 ~]#

  以上示例在指定附加组是系统上已经存在的情况,如果指定的组没有这么办呢?我们知道puppet执行资源清单时,有一个很重要的特性,幂等性;所谓幂等性就是指不管执行多少遍资源清单,对应的目标状态会保持一致,如果应系统指定的资源不是用户定义的目标状态,puppet会强制让其状态保持为目标状态,如果对应系统资源状态满足我们定义的目标状态,则不执行或跳过;结合上述说的,在创建用户时,指定的附加组不存在,理论上我们应该先确保对应组存在,然后再创建用户;所以用户资源可能依赖组资源;简单讲user资源依赖group资源,在创建用户时,对应的附加组应该提前创建;

  在puppet中资源和资源是有依赖关系的,定义资源和资源间的依赖关系有两种方式,如下

  A before B: A优先于B,定义在A资源中;

{

    ...

    before	=> Type['B'],

    ...

}

  B require A: B依赖于A,定义在B资源中;

{

  ...

  require	=> Type['A'],

  ...

}

  示例:不定义依赖,应用资源清单,看看tom用户是否会被创建?

[root@node12 ~]# cat user.pp

user{"tom":

        groups  => ["mygrp","testgrp"],

        comment => "this is create test user",

        system  => no,

        ensure  => present,

#       require => [Group["mygrp"],Group["testgrp"]]

}

[root@node12 ~]# puppet apply -v --noop  user.pp

Notice: Compiled catalog for node12.test.org in environment production in 0.06 seconds

Info: Applying configuration version '1606832440'

Notice: /Stage[main]/Main/User[tom]/ensure: current_value absent, should be present (noop)

Notice: Class[Main]: Would have triggered 'refresh' from 1 events

Notice: Stage[main]: Would have triggered 'refresh' from 1 events

Notice: Finished catalog run in 0.02 seconds

[root@node12 ~]# puppet apply -v   user.pp

Notice: Compiled catalog for node12.test.org in environment production in 0.06 seconds

Info: Applying configuration version '1606832447'

Error: Could not create user tom: Execution of '/usr/sbin/useradd -c this is create test user -G mygrp,testgrp -M tom' returned 6: useradd: group 'mygrp' does not exist

useradd: group 'testgrp' does not exist

Error: /Stage[main]/Main/User[tom]/ensure: change from absent to present failed: Could not create user tom: Execution of '/usr/sbin/useradd -c this is create test user -G mygrp,testgrp -M tom' returned 6: useradd: group 'mygrp' does not exist

useradd: group 'testgrp' does not exist

Notice: Finished catalog run in 0.03 seconds

[root@node12 ~]# id tom

id: tom: no such user

[root@node12 ~]#

  提示:在puppet资源清单中“#”号代表注释;可以看到创建用户时,指定一个不存在的组给对应用户做附加组,它会提示我们对应的组不存在;当然对应的tom也不会被成功新建;

  示例:定义依赖关系,再次执行资源清单,看看tom是否会被新建呢?

[root@node12 ~]#

[root@node12 ~]# cat user.pp

user{"tom":

        groups  => ["mygrp","testgrp"],

        comment => "this is create test user",

        system  => no,

        ensure  => present,

        require => [Group["mygrp"],Group["testgrp"]]

}

[root@node12 ~]# puppet apply -v --noop  user.pp

Notice: Compiled catalog for node12.test.org in environment production in 0.10 seconds

Error: Could not find dependency Group[mygrp] for User[tom] at /root/user.pp:7

[root@node12 ~]#

  提示:这里虽然定义了依赖的资源,但是它这里提示我们为在当前资源清单中找到对应的依赖资源定义内容;这里需要注意一点引用资源的方式是Type["resouce name"],其中type指资源类型,并且首字母必须大写;

  在资源清单中定义被依赖的资源,再次执行资源清单,看看tom用户是否被创建?

[root@node12 ~]# cat user.pp

user{"tom":

        groups  => ["mygrp","testgrp"],

        comment => "this is create test user",

        system  => no,

        ensure  => present,

        require => [Group["mygrp"],Group["testgrp"]]

}

group{"mygrp":

        ensure  => present,

}

group{"testgrp":

        ensure  => present,

}

[root@node12 ~]# puppet apply -v --noop  user.pp

Notice: Compiled catalog for node12.test.org in environment production in 0.10 seconds

Info: Applying configuration version '1606833022'

Notice: /Stage[main]/Main/Group[mygrp]/ensure: current_value absent, should be present (noop)

Notice: /Stage[main]/Main/Group[testgrp]/ensure: current_value absent, should be present (noop)

Notice: /Stage[main]/Main/User[tom]/ensure: current_value absent, should be present (noop)

Notice: Class[Main]: Would have triggered 'refresh' from 3 events

Notice: Stage[main]: Would have triggered 'refresh' from 1 events

Notice: Finished catalog run in 0.02 seconds

[root@node12 ~]# puppet apply -v   user.pp

Notice: Compiled catalog for node12.test.org in environment production in 0.10 seconds

Info: Applying configuration version '1606833042'

Notice: /Stage[main]/Main/Group[mygrp]/ensure: created

Notice: /Stage[main]/Main/Group[testgrp]/ensure: created

Notice: /Stage[main]/Main/User[tom]/ensure: created

Notice: Finished catalog run in 0.08 seconds

[root@node12 ~]# id tom

uid=1214(tom) gid=1216(tom) groups=1216(tom),1214(mygrp),1215(testgrp)

[root@node12 ~]#

  提示:可以看到在定义了依赖关系以后,被依赖的资源要先执行;简单讲定义依赖关系就是指定资源执行的先后顺序;

  除了以上方式定义资源执行的先后顺序,还可以使用以下方式定义资源执行的先后顺序

  在被依赖的资源中使用before属性指定要优先那个资源执行

[root@node12 ~]# cat user.pp

user{"tom":

        groups  => ["mygrp","testgrp"],

        comment => "this is create test user",

        system  => no,

        ensure  => present,

#       require => [Group["mygrp"],Group["testgrp"]]

}

group{"mygrp":

        ensure  => present,

        before  => User["tom"],

}

group{"testgrp":

        ensure  => present,

        before  => User["tom"],

}

[root@node12 ~]#

  单独定义资源执行顺序

[root@node12 ~]# cat user.pp

user{"tom":

        groups  => ["mygrp","testgrp"],

        comment => "this is create test user",

        system  => no,

        ensure  => present,

}

group{"mygrp":

        ensure  => present,

}

group{"testgrp":

        ensure  => present,

}

Group["testgrp"] -> Group["mygrp"] -> User["tom"]

[root@node12 ~]#

  提示:以上清单内容表示Group["testgrp"]要优先于Group["mygrp"]优先于User["tom"]资源;

  删除testgrp,mygrp组和tom用户

[root@node12 ~]# groupdel mygrp

[root@node12 ~]# groupdel testgrp

[root@node12 ~]# userdel tom

  不定义资源执行顺序,应用资源清单的顺序是

  提示:默认在一个资源清单中的资源会自动解决依赖关系,通常被依赖的资源会从上至下依次执行;

  定义资源执行顺序,应用资源清单,看看对应资源执行顺序是否是我们定义的资源顺序呢?

  提示:可以看到定义了资源执行顺序以后,资源的执行顺序就是我们定义的顺序;

  3、package:该资源类型用于管理被控端的包资源;

  主要属性

    name:包名称,namevar;

    ensure:目标状态,取值有installed/present/latest,absent/purgud;

    source:程序包来源,仅对不会自动下载相关程序包的provider有用,例如rpm或dpkg;

    provider:指定安装方式;

  示例:安装redis服务

[root@node12 ~]# cat package.pp

package{"redis":

        ensure  => installed,

}

[root@node12 ~]#

  应用资源清单

[root@node12 ~]# rpm -q redis

package redis is not installed

[root@node12 ~]# puppet apply -v --noop package.pp

Notice: Compiled catalog for node12.test.org in environment production in 0.18 seconds

Warning: The package type's allow_virtual parameter will be changing its default value from false to true in a future release. If you do not want to allow virtual packages, please explicitly set allow_virtual to false.

   (at /usr/share/ruby/vendor_ruby/puppet/type.rb:816:in `set_default')

Info: Applying configuration version '1606835569'

Notice: /Stage[main]/Main/Package[redis]/ensure: current_value absent, should be present (noop)

Notice: Class[Main]: Would have triggered 'refresh' from 1 events

Notice: Stage[main]: Would have triggered 'refresh' from 1 events

Notice: Finished catalog run in 0.08 seconds

[root@node12 ~]# puppet apply -v  package.pp

Notice: Compiled catalog for node12.test.org in environment production in 0.19 seconds

Warning: The package type's allow_virtual parameter will be changing its default value from false to true in a future release. If you do not want to allow virtual packages, please explicitly set allow_virtual to false.

   (at /usr/share/ruby/vendor_ruby/puppet/type.rb:816:in `set_default')

Info: Applying configuration version '1606835576'

Notice: /Stage[main]/Main/Package[redis]/ensure: created

Notice: Finished catalog run in 2.88 seconds

[root@node12 ~]# rpm -q redis

redis-3.2.12-2.el7.x86_64

[root@node12 ~]#

  4、service:该资源类型用于管理被控端的服务;

  主要属性

    ensure:定义目标状态,取值有running/stopped或者true/false;

    enable:是否设置为开机启动,取值true/false;

    name:服务名称,namevar

    path:脚本的搜索路径,默认为/etc/init.d/;

    binary:二进制程序路径,主要用于指定编译后的二进制程序路径;

    hasrestart:是否有重启命令;

    hasstatus:是否有status命令;

    start:手动定义启动服务命令;

    stop:手动定义停止服务命令;

    status:手动定义查看服务状态命令;

    restart:手动定义重启服务命令;

  示例:启动redis

[root@node12 ~]# cat redis.pp

service{"redis":

        ensure  => running,

        enable  => true,

}

[root@node12 ~]#

  应用资源清单

[root@node12 ~]# ss -tnl

State      Recv-Q Send-Q         Local Address:Port                        Peer Address:Port

LISTEN     0      128                        *:22                                     *:*

LISTEN     0      100                127.0.0.1:25                                     *:*

LISTEN     0      128                        *:27017                                  *:*

LISTEN     0      128                       :::22                                    :::*

LISTEN     0      100                      ::1:25                                    :::*

[root@node12 ~]# puppet apply -v --noop redis.pp

Notice: Compiled catalog for node12.test.org in environment production in 0.06 seconds

Info: Applying configuration version '1606835960'

Notice: /Stage[main]/Main/Service[redis]/ensure: current_value stopped, should be running (noop)

Info: /Stage[main]/Main/Service[redis]: Unscheduling refresh on Service[redis]

Notice: Class[Main]: Would have triggered 'refresh' from 1 events

Notice: Stage[main]: Would have triggered 'refresh' from 1 events

Notice: Finished catalog run in 0.04 seconds

[root@node12 ~]# puppet apply -v redis.pp

Notice: Compiled catalog for node12.test.org in environment production in 0.07 seconds

Info: Applying configuration version '1606835968'

Notice: /Stage[main]/Main/Service[redis]/ensure: ensure changed 'stopped' to 'running'

Info: /Stage[main]/Main/Service[redis]: Unscheduling refresh on Service[redis]

Notice: Finished catalog run in 0.09 seconds

[root@node12 ~]# ss -tnl

State      Recv-Q Send-Q         Local Address:Port                        Peer Address:Port

LISTEN     0      128                127.0.0.1:6379                                   *:*

LISTEN     0      128                        *:22                                     *:*

LISTEN     0      100                127.0.0.1:25                                     *:*

LISTEN     0      128                        *:27017                                  *:*

LISTEN     0      128                       :::22                                    :::*

LISTEN     0      100                      ::1:25                                    :::*

[root@node12 ~]# systemctl is-enabled redis

enabled

[root@node12 ~]#

  提示:可以看到应用清单文件以后,对应redis服务已经正常启动,并设置开机启动;

  示例:停止redis服务,并禁用其开机启动

[root@node12 ~]# cat redis.pp

service{"redis":

        ensure  => stopped,

        enable  => false,

}

[root@node12 ~]# puppet apply -v --noop redis.pp

Notice: Compiled catalog for node12.test.org in environment production in 0.07 seconds

Info: Applying configuration version '1606836096'

Notice: /Stage[main]/Main/Service[redis]/ensure: current_value running, should be stopped (noop)

Notice: Class[Main]: Would have triggered 'refresh' from 1 events

Notice: Stage[main]: Would have triggered 'refresh' from 1 events

Notice: Finished catalog run in 0.04 seconds

[root@node12 ~]# puppet apply -v redis.pp

Notice: Compiled catalog for node12.test.org in environment production in 0.07 seconds

Info: Applying configuration version '1606836102'

Notice: /Stage[main]/Main/Service[redis]/ensure: ensure changed 'running' to 'stopped'

Notice: Finished catalog run in 0.11 seconds

[root@node12 ~]# ss -tnl

State      Recv-Q Send-Q         Local Address:Port                        Peer Address:Port

LISTEN     0      128                        *:22                                     *:*

LISTEN     0      100                127.0.0.1:25                                     *:*

LISTEN     0      128                        *:27017                                  *:*

LISTEN     0      128                       :::22                                    :::*

LISTEN     0      100                      ::1:25                                    :::*

[root@node12 ~]# systemctl is-enabled redis

disabled

[root@node12 ~]#

  提示:可以看到执行了资源清单以后,对应服务就停掉了并且也禁用了开机启动;

自动化运维工具之Puppet常用资源(一)的更多相关文章

  1. 自动化运维工具之Puppet常用资源(二)

    前文我们了解了部分puppet的资源的使用,以及资源和资源的依赖关系的定义,回顾请参考https://www.cnblogs.com/qiuhom-1874/p/14071459.html:今天我们继 ...

  2. 自动化运维工具之Puppet基础入门

    一.简介 puppet是什么?它能做什么? puppet是一个IT基础设施自动化运维工具,它能够帮助系统管理员管理基础设施的整个生命周期:比如,安装服务,提供配置文件,启动服务等等一系列操作:基于pu ...

  3. 自动化运维工具之Puppet变量、正则表达式、流程控制、类和模板

    前文我们了解了puppet的file.exec.cron.notify这四种核心资源类型的使用以及资源见定义通知/订阅关系,回顾请参考https://www.cnblogs.com/qiuhom-18 ...

  4. 自动化运维工具之Puppet模块

    前文我们了解来puppet的变量.流程控制.正则表达式.类和模板的相关话题,回顾请参考https://www.cnblogs.com/qiuhom-1874/p/14079208.html:今天我们来 ...

  5. 自动化运维工具之Puppet master/agent模型、站点清单和puppet多环境设定

    前文我们了解了puppe中模块的使用,回顾请参考https://www.cnblogs.com/qiuhom-1874/p/14086315.html:今天我来了解下puppet的master/age ...

  6. 自动化运维工具ansible中常用模块总结

    1.yum模块: name:要操作的软件包名字,可以是一个url或者本地rpm包路径,如name=nginx update_cache:更新软件包缓存,如update_cache=yes则更新软件包缓 ...

  7. Ansible自动化运维工具及其常用模块

    Ansible自动化运维工具及其常用模块 目录 Ansible自动化运维工具及其常用模块 一.Ansible简介 1. Ansible概述 2. Ansible作用 3. Ansible的工作模块 4 ...

  8. 自动化运维工具——ansible详解(一)

    ansible 简介 ansible 是什么? ansible是新出现的自动化运维工具,基于Python开发,集合了众多运维工具(puppet.chef.func.fabric)的优点,实现了批量系统 ...

  9. 企业级自动化运维工具应用实战-ansible

    背景 公司计划在年底做一次大型市场促销活动,全面冲刺下交易额,为明年的上市做准备.公司要求各业务组对年底大促做准备,运维部要求所有业务容量进行三倍的扩容,并搭建出多套环境可以共开发和测试人员做测试,运 ...

随机推荐

  1. PLC模拟量采集模块分辨率是什么意思?

    14位分辨率的模块(mo kuai)和16位分辨率的模块有什么不同的地方? 14位的模块最高位是符号位,我们用S表示符号位,那么这个模块的数值范围(fàn wéi)就是S111 1111 1111 1 ...

  2. NB-IoT的PSM模式有什么优点

    在NB-IoT系统中,PSM模式的优点是可进行长时间休眠,缺点是对终端接收(Mobile Terminated,MT)业务响应不及时,主要应用于远程抄表等对下行实时性要求不高的业务.实际上,物联网设备 ...

  3. windows搭建ftp

    控制面板                此时输入电脑用户名和密码可在自己电脑访问,但是其它电脑不能访问 接下来防火墙允许的应用将FTP服务器打钩 控制面板\系统和安全\Windows Defender ...

  4. 【Azure 环境】存储在Azure上的文件,使用IE/Edge时自动打开的问题,如何变为下载而非自动打开

    问题描述 存储,作为云服务最重要的一部分.当需要从云存储中下载文件时,时常面临一些格式的文件被浏览器自动打开而非下载,那如何来解决这个问题呢? 在Azure中,存储的服务有以下方式: Azure Bl ...

  5. rpm包的卸载与安装

    1. rpm包的管理介绍:一种用于互联网下载包的打包及安装工具,它包含在某些Linux分发版中,它生成具有RPM扩展名的文件,RPM是RedHat Package Manager(RedHat软件包管 ...

  6. SQLServer连接cache数据库

    开始文章之前首先要了解一下什么是Caché数据库. Caché数据库是美国Intersystems公司产品,后关系型数据库(Post Relational database)中的领头羊.Caché数据 ...

  7. yaf拓展安装步骤

    1.wget http://pecl.php.net/get/yaf-3.0.7.tgz //下载yaf.tar 2.tar zxvf yaf-3.0.7.tgz //解压 3.cd yaf-3.0. ...

  8. 14Flask重要知识

    一,李辉<Flask Web开发实战> 1,内网穿透 内网穿透工具可以快速让flask项目运行: 1,https://localtunnel.github.io/www/ 2,https: ...

  9. 【JVM第七篇】执行引擎

    写在前面的话:本文是在观看尚硅谷JVM教程后,整理的学习笔记.其观看地址如下:尚硅谷2020最新版宋红康JVM教程 执行引擎是Java虚拟机中的核心组成部分. 执行引擎的作用就是解析虚拟机字节码指令, ...

  10. MySQL架构(面)

    和其它数据库相比,MySQL有点与众不同,它的架构可以在多种不同场景中应用并发挥良好作用.主要体现在存储引擎的架构上,插件式的存储引擎架构将查询处理和其它的系统任务以及数据的存储提取相分离.这种架构可 ...