自動化運維工具之Puppet經常使用資源(一)
前文咱們聊到了puppet的架構,單機模型和master/agent模型的工做流程以及puppet的基礎使用,回顧請參考http://www.javashuo.com/article/p-urpdfsry-nw.html;今天咱們主要來了解下puppet的核心資源的使用;html
什麼是資源?node
在puppet中,資源就是指咱們要操做被管控端主機的對象;puppet中的資源概念有點相似ansible中的模塊,在ansible中不一樣模塊有着不一樣的功能,好比用戶管理,咱們就要用user模塊,文件管理就要用file模塊,執行命令有shell模塊和command模塊;puppet中的資源也是相似的做用,不一樣的是puppet中資源是高度抽象的;所謂高度抽象就是指用戶無需關心底層操做系統接口;好比咱們要在被管控端安裝一個nginx軟件,若是用puppet來實現,咱們直接使用package這個資源便可完成,用戶不用考慮底層究竟是windows仍是centos或者ubuntu,puppet它可以自動識別,而後採用不一樣的安裝方法;而在ansible中對於不一樣操做系統,使用的模塊有所不一樣,好比redhat系列要使用yum這個模塊,debain系列要使用apt模塊;puppet把類似的資源被抽象成同一種資源類型,好比程序包資源,用戶資源以及服務資源等;將資源屬性或狀態的描述與其實現方式剝離開;如安裝程序包用戶無需關心使用什麼方法去實現,只須要描述清楚資源的目標狀態以及相關屬性信息便可;nginx
puppet經常使用資源的使用redis
一、group:該資源類型主要用來管理被管控端主機上的組;shell
主要屬性ubuntu
name:該屬性主要用來描述組名,namevar若是默認不人工手動指定,則以title字符串來替代;windows
gid:該屬性用來描述GID(組ID);centos
system:該屬性用來描述是否爲系統組,取值yes/no或者true/false;ruby
ensure:該屬性用來描述目標狀態(即用戶期待目標主機對應該資源的指望狀態),取值present/absent;bash
members:該屬性用來描述組中的成員用戶信息;
示例:建立一個test組
[root@node12 ~]# cat group.pp
group{'create_group':
name => 'test',
gid => 1212,
system => false,
ensure => present,
}
[root@node12 ~]#
模擬運行以上資源清單檢查是否有語法錯誤
[root@node12 ~]# puppet apply -v --noop group.pp Notice: Compiled catalog for node12.test.org in environment production in 0.05 seconds Info: Applying configuration version '1606827824' Notice: /Stage[main]/Main/Group[create_group]/ensure: current_value absent, should be present (noop) Notice: Class[Main]: Would have triggered 'refresh' from 1 events Notice: Stage[main]: Would have triggered 'refresh' from 1 events Notice: Finished catalog run in 0.02 seconds [root@node12 ~]#
應用到本地主機
[root@node12 ~]# puppet apply -v group.pp Notice: Compiled catalog for node12.test.org in environment production in 0.05 seconds Info: Applying configuration version '1606827835' Notice: /Stage[main]/Main/Group[create_group]/ensure: created Notice: Finished catalog run in 0.08 seconds [root@node12 ~]#
驗證:查看本機是否建立test組?對應gid是不是咱們指定的gid?
[root@node12 ~]# getent group test test:x:1212: [root@node12 ~]#
二、user:該資源類型主要用來管理被管控端主機上的用戶,如新建用戶,刪除用戶等等;
主要屬性
name:用戶名,namevar
uid:UID;
gid:基本組id;
groups:附加組,不能包含基本組;
comment:註釋;
expiry:過時時間;
home:家目錄;
shell:默認shell類型;
system:是否爲系統用戶,取值yes/no或者true/false;
ensure:用戶指望的目標狀態,取值present/absent;
password:加密後的密碼串;
示例:建立一個用戶
[root@node12 ~]# cat user.pp
user{"create_user":
name => "jerry",
uid => 1213,
groups => ["test","test1","test2","test3"],
comment => "this is create test user",
system => no,
ensure => present,
}
[root@node12 ~]#
驗證語法和應用到本機
[root@node12 ~]# puppet apply -v --noop user.pp Notice: Compiled catalog for node12.test.org in environment production in 0.06 seconds Info: Applying configuration version '1606829084' Notice: /Stage[main]/Main/User[create_user]/ensure: current_value absent, should be present (noop) Notice: Class[Main]: Would have triggered 'refresh' from 1 events Notice: Stage[main]: Would have triggered 'refresh' from 1 events Notice: Finished catalog run in 0.02 seconds [root@node12 ~]# puppet apply -v user.pp Notice: Compiled catalog for node12.test.org in environment production in 0.06 seconds Info: Applying configuration version '1606829091' Notice: /Stage[main]/Main/User[create_user]/ensure: created Notice: Finished catalog run in 0.05 seconds [root@node12 ~]#
驗證:查看jerry用戶是否建立完成,對應屬性是不是咱們指定的屬性呢?
[root@node12 ~]# id jerry uid=1213(jerry) gid=1213(jerry) groups=1213(jerry),1000(test1),1001(test2),1002(test3),1212(test) [root@node12 ~]# getent passwd jerry jerry:x:1213:1213:this is create test user:/home/jerry:/bin/bash [root@node12 ~]#
以上示例在指定附加組是系統上已經存在的狀況,若是指定的組沒有這麼辦呢?咱們知道puppet執行資源清單時,有一個很重要的特性,冪等性;所謂冪等性就是指無論執行多少遍資源清單,對應的目標狀態會保持一致,若是應系統指定的資源不是用戶定義的目標狀態,puppet會強制讓其狀態保持爲目標狀態,若是對應系統資源狀態知足咱們定義的目標狀態,則不執行或跳過;結合上述說的,在建立用戶時,指定的附加組不存在,理論上咱們應該先確保對應組存在,而後再建立用戶;因此用戶資源可能依賴組資源;簡單講user資源依賴group資源,在建立用戶時,對應的附加組應該提早建立;
在puppet中資源和資源是有依賴關係的,定義資源和資源間的依賴關係有兩種方式,以下
A before B: A優先於B,定義在A資源中;
{
...
before => Type['B'],
...
}
B require A: B依賴於A,定義在B資源中;
{
...
require => Type['A'],
...
}
示例:不定義依賴,應用資源清單,看看tom用戶是否會被建立?
[root@node12 ~]# cat user.pp
user{"tom":
groups => ["mygrp","testgrp"],
comment => "this is create test user",
system => no,
ensure => present,
# require => [Group["mygrp"],Group["testgrp"]]
}
[root@node12 ~]# puppet apply -v --noop user.pp
Notice: Compiled catalog for node12.test.org in environment production in 0.06 seconds
Info: Applying configuration version '1606832440'
Notice: /Stage[main]/Main/User[tom]/ensure: current_value absent, should be present (noop)
Notice: Class[Main]: Would have triggered 'refresh' from 1 events
Notice: Stage[main]: Would have triggered 'refresh' from 1 events
Notice: Finished catalog run in 0.02 seconds
[root@node12 ~]# puppet apply -v user.pp
Notice: Compiled catalog for node12.test.org in environment production in 0.06 seconds
Info: Applying configuration version '1606832447'
Error: Could not create user tom: Execution of '/usr/sbin/useradd -c this is create test user -G mygrp,testgrp -M tom' returned 6: useradd: group 'mygrp' does not exist
useradd: group 'testgrp' does not exist
Error: /Stage[main]/Main/User[tom]/ensure: change from absent to present failed: Could not create user tom: Execution of '/usr/sbin/useradd -c this is create test user -G mygrp,testgrp -M tom' returned 6: useradd: group 'mygrp' does not exist
useradd: group 'testgrp' does not exist
Notice: Finished catalog run in 0.03 seconds
[root@node12 ~]# id tom
id: tom: no such user
[root@node12 ~]#
提示:在puppet資源清單中「#」號表明註釋;能夠看到建立用戶時,指定一個不存在的組給對應用戶作附加組,它會提示咱們對應的組不存在;固然對應的tom也不會被成功新建;
示例:定義依賴關係,再次執行資源清單,看看tom是否會被新建呢?
[root@node12 ~]#
[root@node12 ~]# cat user.pp
user{"tom":
groups => ["mygrp","testgrp"],
comment => "this is create test user",
system => no,
ensure => present,
require => [Group["mygrp"],Group["testgrp"]]
}
[root@node12 ~]# puppet apply -v --noop user.pp
Notice: Compiled catalog for node12.test.org in environment production in 0.10 seconds
Error: Could not find dependency Group[mygrp] for User[tom] at /root/user.pp:7
[root@node12 ~]#
提示:這裏雖然定義了依賴的資源,可是它這裏提示咱們爲在當前資源清單中找到對應的依賴資源定義內容;這裏須要注意一點引用資源的方式是Type["resouce name"],其中type指資源類型,而且首字母必須大寫;
在資源清單中定義被依賴的資源,再次執行資源清單,看看tom用戶是否被建立?
[root@node12 ~]# cat user.pp
user{"tom":
groups => ["mygrp","testgrp"],
comment => "this is create test user",
system => no,
ensure => present,
require => [Group["mygrp"],Group["testgrp"]]
}
group{"mygrp":
ensure => present,
}
group{"testgrp":
ensure => present,
}
[root@node12 ~]# puppet apply -v --noop user.pp
Notice: Compiled catalog for node12.test.org in environment production in 0.10 seconds
Info: Applying configuration version '1606833022'
Notice: /Stage[main]/Main/Group[mygrp]/ensure: current_value absent, should be present (noop)
Notice: /Stage[main]/Main/Group[testgrp]/ensure: current_value absent, should be present (noop)
Notice: /Stage[main]/Main/User[tom]/ensure: current_value absent, should be present (noop)
Notice: Class[Main]: Would have triggered 'refresh' from 3 events
Notice: Stage[main]: Would have triggered 'refresh' from 1 events
Notice: Finished catalog run in 0.02 seconds
[root@node12 ~]# puppet apply -v user.pp
Notice: Compiled catalog for node12.test.org in environment production in 0.10 seconds
Info: Applying configuration version '1606833042'
Notice: /Stage[main]/Main/Group[mygrp]/ensure: created
Notice: /Stage[main]/Main/Group[testgrp]/ensure: created
Notice: /Stage[main]/Main/User[tom]/ensure: created
Notice: Finished catalog run in 0.08 seconds
[root@node12 ~]# id tom
uid=1214(tom) gid=1216(tom) groups=1216(tom),1214(mygrp),1215(testgrp)
[root@node12 ~]#
提示:能夠看到在定義了依賴關係之後,被依賴的資源要先執行;簡單講定義依賴關係就是指定資源執行的前後順序;
除了以上方式定義資源執行的前後順序,還可使用如下方式定義資源執行的前後順序
在被依賴的資源中使用before屬性指定要優先那個資源執行
[root@node12 ~]# cat user.pp
user{"tom":
groups => ["mygrp","testgrp"],
comment => "this is create test user",
system => no,
ensure => present,
# require => [Group["mygrp"],Group["testgrp"]]
}
group{"mygrp":
ensure => present,
before => User["tom"],
}
group{"testgrp":
ensure => present,
before => User["tom"],
}
[root@node12 ~]#
單獨定義資源執行順序
[root@node12 ~]# cat user.pp
user{"tom":
groups => ["mygrp","testgrp"],
comment => "this is create test user",
system => no,
ensure => present,
}
group{"mygrp":
ensure => present,
}
group{"testgrp":
ensure => present,
}
Group["testgrp"] -> Group["mygrp"] -> User["tom"]
[root@node12 ~]#
提示:以上清單內容表示Group["testgrp"]要優先於Group["mygrp"]優先於User["tom"]資源;
刪除testgrp,mygrp組和tom用戶
[root@node12 ~]# groupdel mygrp [root@node12 ~]# groupdel testgrp [root@node12 ~]# userdel tom
不定義資源執行順序,應用資源清單的順序是
提示:默認在一個資源清單中的資源會自動解決依賴關係,一般被依賴的資源會從上至下依次執行;
定義資源執行順序,應用資源清單,看看對應資源執行順序是不是咱們定義的資源順序呢?
提示:能夠看到定義了資源執行順序之後,資源的執行順序就是咱們定義的順序;
三、package:該資源類型用於管理被控端的包資源;
主要屬性
name:包名稱,namevar;
ensure:目標狀態,取值有installed/present/latest,absent/purgud;
source:程序包來源,僅對不會自動下載相關程序包的provider有用,例如rpm或dpkg;
provider:指定安裝方式;
示例:安裝redis服務
[root@node12 ~]# cat package.pp
package{"redis":
ensure => installed,
}
[root@node12 ~]#
應用資源清單
[root@node12 ~]# rpm -q redis package redis is not installed [root@node12 ~]# puppet apply -v --noop package.pp Notice: Compiled catalog for node12.test.org in environment production in 0.18 seconds Warning: The package type's allow_virtual parameter will be changing its default value from false to true in a future release. If you do not want to allow virtual packages, please explicitly set allow_virtual to false. (at /usr/share/ruby/vendor_ruby/puppet/type.rb:816:in `set_default') Info: Applying configuration version '1606835569' Notice: /Stage[main]/Main/Package[redis]/ensure: current_value absent, should be present (noop) Notice: Class[Main]: Would have triggered 'refresh' from 1 events Notice: Stage[main]: Would have triggered 'refresh' from 1 events Notice: Finished catalog run in 0.08 seconds [root@node12 ~]# puppet apply -v package.pp Notice: Compiled catalog for node12.test.org in environment production in 0.19 seconds Warning: The package type's allow_virtual parameter will be changing its default value from false to true in a future release. If you do not want to allow virtual packages, please explicitly set allow_virtual to false. (at /usr/share/ruby/vendor_ruby/puppet/type.rb:816:in `set_default') Info: Applying configuration version '1606835576' Notice: /Stage[main]/Main/Package[redis]/ensure: created Notice: Finished catalog run in 2.88 seconds [root@node12 ~]# rpm -q redis redis-3.2.12-2.el7.x86_64 [root@node12 ~]#
四、service:該資源類型用於管理被控端的服務;
主要屬性
ensure:定義目標狀態,取值有running/stopped或者true/false;
enable:是否設置爲開機啓動,取值true/false;
name:服務名稱,namevar
path:腳本的搜索路徑,默認爲/etc/init.d/;
binary:二進制程序路徑,主要用於指定編譯後的二進制程序路徑;
hasrestart:是否有重啓命令;
hasstatus:是否有status命令;
start:手動定義啓動服務命令;
stop:手動定義中止服務命令;
status:手動定義查看服務狀態命令;
restart:手動定義重啓服務命令;
示例:啓動redis
[root@node12 ~]# cat redis.pp
service{"redis":
ensure => running,
enable => true,
}
[root@node12 ~]#
應用資源清單
[root@node12 ~]# ss -tnl State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 *:22 *:* LISTEN 0 100 127.0.0.1:25 *:* LISTEN 0 128 *:27017 *:* LISTEN 0 128 :::22 :::* LISTEN 0 100 ::1:25 :::* [root@node12 ~]# puppet apply -v --noop redis.pp Notice: Compiled catalog for node12.test.org in environment production in 0.06 seconds Info: Applying configuration version '1606835960' Notice: /Stage[main]/Main/Service[redis]/ensure: current_value stopped, should be running (noop) Info: /Stage[main]/Main/Service[redis]: Unscheduling refresh on Service[redis] Notice: Class[Main]: Would have triggered 'refresh' from 1 events Notice: Stage[main]: Would have triggered 'refresh' from 1 events Notice: Finished catalog run in 0.04 seconds [root@node12 ~]# puppet apply -v redis.pp Notice: Compiled catalog for node12.test.org in environment production in 0.07 seconds Info: Applying configuration version '1606835968' Notice: /Stage[main]/Main/Service[redis]/ensure: ensure changed 'stopped' to 'running' Info: /Stage[main]/Main/Service[redis]: Unscheduling refresh on Service[redis] Notice: Finished catalog run in 0.09 seconds [root@node12 ~]# ss -tnl State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 127.0.0.1:6379 *:* LISTEN 0 128 *:22 *:* LISTEN 0 100 127.0.0.1:25 *:* LISTEN 0 128 *:27017 *:* LISTEN 0 128 :::22 :::* LISTEN 0 100 ::1:25 :::* [root@node12 ~]# systemctl is-enabled redis enabled [root@node12 ~]#
提示:能夠看到應用清單文件之後,對應redis服務已經正常啓動,並設置開機啓動;
示例:中止redis服務,並禁用其開機啓動
[root@node12 ~]# cat redis.pp
service{"redis":
ensure => stopped,
enable => false,
}
[root@node12 ~]# puppet apply -v --noop redis.pp
Notice: Compiled catalog for node12.test.org in environment production in 0.07 seconds
Info: Applying configuration version '1606836096'
Notice: /Stage[main]/Main/Service[redis]/ensure: current_value running, should be stopped (noop)
Notice: Class[Main]: Would have triggered 'refresh' from 1 events
Notice: Stage[main]: Would have triggered 'refresh' from 1 events
Notice: Finished catalog run in 0.04 seconds
[root@node12 ~]# puppet apply -v redis.pp
Notice: Compiled catalog for node12.test.org in environment production in 0.07 seconds
Info: Applying configuration version '1606836102'
Notice: /Stage[main]/Main/Service[redis]/ensure: ensure changed 'running' to 'stopped'
Notice: Finished catalog run in 0.11 seconds
[root@node12 ~]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 *:27017 *:*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
[root@node12 ~]# systemctl is-enabled redis
disabled
[root@node12 ~]#
提示:能夠看到執行了資源清單之後,對應服務就停掉了而且也禁用了開機啓動;
- 1. 自動化運維工具之Puppet經常使用資源(二)
- 2. puppet自動化運維之exec資源
- 3. 自動化運維工具之Puppet
- 4. Puppet---自動化運維工具(進階)
- 5. 自動化運維工具——puppet詳解
- 6. 自動化運維工具-Puppet
- 7. 自動化運維工具Puppet
- 8. 自動化運維工具 ~puppet~
- 9. 運維自動化工具---Puppet
- 10. 自動化運維工具 puppet
- 更多相關文章...
- • Docker 資源彙總 - Docker教程
- • Maven 自動化部署 - Maven教程
- • PHP開發工具
- • 使用阿里雲OSS+CDN部署前端頁面與加速靜態資源
-
每一个你不满意的现在,都有一个你没有努力的曾经。
- 1. Duang!超快Wi-Fi來襲
- 2. 機器學習-補充03 神經網絡之**函數(Activation Function)
- 3. git上開源maven項目部署 多module maven項目(多module maven+redis+tomcat+mysql)後臺部署流程學習記錄
- 4. ecliple-tomcat部署maven項目方式之一
- 5. eclipse新導入的項目經常可以看到「XX cannot be resolved to a type」的報錯信息
- 6. Spark RDD的依賴於DAG的工作原理
- 7. VMware安裝CentOS-8教程詳解
- 8. YDOOK:Java 項目 Spring 項目導入基本四大 jar 包 導入依賴,怎樣在 IDEA 的項目結構中導入 jar 包 導入依賴
- 9. 簡單方法使得putty(windows10上)可以免密登錄樹莓派
- 10. idea怎麼用本地maven