Winse Blog

走走停停, 熙熙攘攘, 忙忙碌碌, 不知何畏.

Puppet Basic

简单使用

安装

quick

simple example

https://docs.puppet.com/puppet/4.4/reference/quick_start_user_group.html

puppet apply -e "user { 'jargyle': ensure => present, }"
puppet apply -e "group { 'web': ensure => present, }"

puppet resource -e group web
puppet resource -e user jargyle

cd /etc/puppetlabs/code/environments/production/manifests

[root@cu2 manifests]# vi site.pp
group { 'web':
  ensure => present, # absent, present
}

user { 'jargyle':
  ensure => present,
  home => '/home/jargyle',
  shell => '/bin/bash',
  password_max_age => '99999',
  password_min_age => '0',
  groups => web,
}

puppet parser validate site.pp

module helloworld

/ if $fqdn != ‘cu2.eshore.cn’ { class { ‘ntp’: runmode => ‘cron’, cron_command => ‘ntpdate cu2’, require => [ Package[‘ntp’, ‘ntpdate’], File[‘/etc/cron.hourly’] ], } } /

– hosts / 多网卡的时刻需要注意 class { ‘hosts’: dynamic_mode => true, dynamic_ip => $::ipaddress_bond0 } / if $fqdn =~ /.*.ds.ctyun/ { class { ‘hosts’: dynamic_mode => true, } }

cron {‘run-puppet’: command => “source /etc/profile; puppet agent –test >/tmp/puppet-cron.log 2>&1”, minute => inline_template(‘<%= @hostname.hash.abs % 60 %>’), }

file{‘/etc/puppetlabs/mcollective/facts.yaml’: owner => root, group => root, mode => ‘400’, loglevel => debug, # reduce noise in Puppet reports content => inline_template(“<%= scope.to_hash.reject { |k,v| k.to_s =~ /(uptime_seconds|timestamp|free)/ }.to_yaml %>”), # exclude rapidly changing facts } }

modules install

https://docs.puppet.com/puppet/latest/reference/modules_installing.html

The full name of a Forge module is formatted as username-modulename.

https://docs.puppet.com/puppet/latest/reference/modules_fundamentals.html#writing-modules

[root@cu2 code]# cd environments/production/modules/
[root@cu2 modules]# puppet module generate --skip-interview winse-hello

[root@cu2 modules]# puppet module install puppetlabs-stdlib
Notice: Preparing to install into /etc/puppetlabs/code/environments/production/modules ...
Notice: Downloading from https://forgeapi.puppetlabs.com ...
Notice: Installing -- do not interrupt ...
/etc/puppetlabs/code/environments/production/modules
└── puppetlabs-stdlib (v4.11.0)
[root@cu2 modules]# puppet module list
/etc/puppetlabs/code/environments/production/modules
├── puppetlabs-stdlib (v4.11.0)
└── winse-hello (v0.1.0)
/etc/puppetlabs/code/modules (no modules installed)
/opt/puppetlabs/puppet/modules (no modules installed)

sudo puppet module install ~/puppetlabs-apache-0.10.0.tar.gz –ignore-dependencies

Listing Installed Modules Use the module tool’s list action to see which modules you have installed (and which directory they’re installed in).

Use the –tree option to view the modules arranged by dependency instead of by location on disk.

puppet4 插件同步选项默认是开启的 pluginsync=true,不需要额外的操作。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
# https://github.com/example42/puppet-nrpe/issues/1
[root@cu2 modules]# tar zxvf puppet-hosts-2.0.18.tar.gz  
[root@cu2 modules]# tar zxvf puppi-2.1.12.tar.gz 
[root@cu2 modules]# ll
total 16
drwxr-xr-x 3 root root 4096 Apr 22 14:37 helloworld
drwxrwxr-x 6 root root 4096 Aug 10  2015 hosts
drwxrwxr-x 7 root root 4096 Aug  8  2015 puppi
drwxr-xr-x 6 root root 4096 Jan 12 19:08 stdlib

[root@cu2 modules]# vi /etc/puppetlabs/code/environments/production/manifests/site.pp 
node default {
  class { 'hosts': 
    dynamic_mode => true,
  }
}

# 效果。好像要活跃的主机才会添加,顺序执行两边 agent -t 就可以把所有的agent全部加到hosts文件
[root@hadoop-slaver3 ~]# puppet agent -t
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Info: Caching catalog for hadoop-slaver3.ds.ctyun
Info: Applying configuration version '1461309849'
Notice: Applied catalog in 0.06 seconds
[root@hadoop-slaver3 ~]# cat /etc/hosts
# HEADER: This file was autogenerated at 2016-04-22 07:23:45 +0000
# HEADER: by puppet.  While it can still be managed manually, it
# HEADER: is definitely not recommended.
172.17.0.5      hadoop-slaver3
127.0.0.1       localhost
::1     localhost       ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

172.17.42.1     cu2     cu2.eshore.cn
172.17.0.5      hadoop-slaver3.ds.ctyun hadoop-slaver3
172.17.0.1      hadoop-master1.ds.ctyun hadoop-master1
172.17.0.2      hadoop-master2.ds.ctyun hadoop-master2
172.17.0.3      hadoop-slaver1.ds.ctyun hadoop-slaver1
172.17.0.4      hadoop-slaver2.ds.ctyun hadoop-slaver2
  • ntp

docker不能修改系统时间!!

https://github.com/example42/puppet-ntp

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
[root@cu2 ~]# cd /etc/puppetlabs/code/environments/production/modules/
[root@cu2 modules]# ll
total 20
drwxr-xr-x 3 root root 4096 Apr 22 14:37 helloworld
drwxrwxr-x 6 root root 4096 Aug 10  2015 hosts
drwxrwxr-x 5 root root 4096 Oct 30 00:24 ntp
drwxrwxr-x 7 root root 4096 Aug  8  2015 puppi
drwxr-xr-x 6 root root 4096 Jan 12 19:08 stdlib

[root@cu2 ~]# cat /etc/puppetlabs/code/environments/production/manifests/site.pp 
node default {

  file { '/etc/cron.hourly':
    ensure => directory,
  }
 
  package { ['ntp', 'ntpdate']:
    ensure => installed,
  }

  class { 'ntp':
    runmode => 'cron',
    cron_command => 'ntpdate cu2',
    require => [ Package['ntp', 'ntpdate'], File['/etc/cron.hourly'] ],
  }

  if $fqdn =~ /.*\.ds\.ctyun/  {
    class { 'hosts':
      dynamic_mode => true,
    }
  }

}


[root@hadoop-master2 puppetlabs]# puppet agent -t
...
[root@hadoop-master2 puppetlabs]# ll /etc/cron.hourly/
total 4
-rwxr-xr-x 1 root root 197 Apr 22 08:59 ntpdate
[root@hadoop-master2 puppetlabs]# cat /etc/cron.hourly/ntpdate 
#!/bin/bash
# Managed by Puppet
export PATH=$PATH:/usr/bin:/usr/sbin:/bin:/sbin

# Wait up to 600 seconds 
randomsec=$RANDOM
let "randomsec %= 600"
sleep $randomsec

ntpdate cu2 >/dev/null

exit 0
  • sudo
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
[root@cu2 modules]# mv saz-sudo-3.1.0 sudo
[root@cu2 modules]# ll
total 20
drwxrwxr-x 6 hadoop root  4096 Aug 10  2015 hosts
drwxrwxr-x 5 hadoop root  4096 Oct 30  2015 ntp
drwxrwxr-x 7 hadoop root  4096 Aug  8  2015 puppi
drwxr-xr-x 6 hadoop root  4096 Jan 12 19:08 stdlib
drwxr-xr-x 8 hadoop games 4096 Jun  6  2015 sudo
[root@cu2 modules]# puppet apply -e "include sudo
> sudo::conf { 'hadoop':
> content => 'hadoop ALL=(ALL) NOPASSWD: ALL',
> }
> "
Notice: Compiled catalog for cu2.eshore.cn in environment production in 0.64 seconds
Notice: /Stage[main]/Sudo/File[/etc/sudoers]/content: content changed '{md5}d31d7fefba87710cfaf3be96d81104d3' to '{md5}dc7c9180ad39e78a8c91291f4743437b'
Notice: /Stage[main]/Sudo/File[/etc/sudoers.d/]/mode: mode changed '0750' to '0550'
Notice: /Stage[main]/Main/Sudo::Conf[hadoop]/File[10_hadoop]/ensure: defined content as '{md5}627f25fd210c1351a6ed664c93b5be37'
Notice: /Stage[main]/Main/Sudo::Conf[hadoop]/Exec[sudo-syntax-check for file /etc/sudoers.d/10_hadoop]: Triggered 'refresh' from 1 events
Notice: Applied catalog in 0.43 seconds

上面简单的列出了 puppet 的简单使用,但是如果有大文件。。。

文件

有时可为了传输临时的几个文件,要个单独整一个module比较麻烦,可以使用fileserver直接在site.pp中进行更新同步处理。

  1. 添加fileserver.conf配置
1
2
3
[aj_files]
    path /etc/puppetlabs/code/environments/production/files
    allow *

同时修改files目录的权限: chown -R puppet files

  1. 在site.pp中添加更新文件的配置
1
2
3
4
5
6
7
8
9
10
11
12
13
file {'/etc/ssh/sshd_config':
  ensure   => 'file',
  source   => 'puppet:///aj_files/etc/ssh/sshd_config',
  notify   => Service['sshd'],
}

service{'sshd':
  ensure     => 'running',
  enable     => 'true',
  hasstatus  => 'true', 
  hasrestart => 'true',
  restart    => '/etc/init.d/sshd reload',  #将restart改成reload
}

文件比较多时,可以使用循环:

1
2
3
4
5
6
7
8
9
$binaries = ["facter", "hiera", "mco", "puppet", "puppetserver"]

# function call with lambda:
$binaries.each |String $binary| {
  file {"/usr/bin/$binary":
    ensure => link,
    target => "/opt/puppetlabs/bin/$binary",
  }
}

或者

1
2
3
4
5
6
7
8
9
10
11
12
13
# one-off defined resource type, in
# /etc/puppetlabs/code/environments/production/modules/puppet/manifests/binary/symlink.pp
define puppet::binary::symlink ($binary = $title) {
  file {"/usr/bin/$binary":
    ensure => link,
    target => "/opt/puppetlabs/bin/$binary",
  }
}

# using defined type for iteration, somewhere else in your manifests
$binaries = ["facter", "hiera", "mco", "puppet", "puppetserver"]

puppet::binary::symlink { $binaries: }

模板

https://docs.puppet.com/puppet/latest/reference/lang_relationships.html#ordering-and-notification

节点定义

官网文档

Comments