Article

ops 发布于 2016-04-22 更新于 2016-10-12 6 min read

puppet basic

# 简单使用

# 安装

# quick

Puppet的一些概念 https://docs.puppet.com/puppet/latest/reference/lang_summary.html
快速入门 https://docs.puppet.com/puppet/4.4/reference/quick_start.html

# simple example

https://docs.puppet.com/puppet/4.4/reference/quick_start_user_group.html

puppet apply -e “user { ‘jargyle’: ensure => present, }” puppet apply -e “group { ‘web’: ensure => present, }”

puppet resource -e group web puppet resource -e user jargyle

cd /etc/puppetlabs/code/environments/production/manifests

[root@cu2 manifests]# vi site.pp group { ‘web’: ensure => present, # absent, present }

user { ‘jargyle’: ensure => present, home => ‘/home/jargyle’, shell => ‘/bin/bash’, password_max_age => ‘99999’, password_min_age => ‘0’, groups => web, }

puppet parser validate site.pp

https://docs.puppet.com/puppet/4.4/reference/type.html

# module helloworld

https://docs.puppet.com/puppet/4.4/reference/quick_start_helloworld.html
https://docs.puppet.com/puppet/4.4/reference/quick_start_adding_classes_nix.html
https://docs.puppet.com/puppet/4.4/reference/modules_metadata.html

[root@cu2 modules]# mkdir -p helloworld/manifests [root@cu2 manifests]# vi init.pp class helloworld { notify { ‘Hello World’: } } [root@cu2 manifests]# vi motd.pp class helloworld::motd {

file { ‘/etc/motd’: owner => ‘root’, group => ‘root’, mode => ‘0644’, content => “Hello World!\n”, }

}

[root@cu2 manifests]# vi …/…/…/manifests/site.pp node default { class { ‘helloworld’: } class { ‘helloworld::motd’: } } [root@cu2 manifests]# puppet parser validate …/…/…/manifests/site.pp

[root@cu2 manifests]# cat site.pp node default {

file { ‘/etc/cron.hourly’: ensure => directory, }

package { [‘ntp’, ‘ntpdate’]: ensure => installed, }

/* if $fqdn != ‘cu2.esw.cn’ { class { ‘ntp’: runmode => ‘cron’, cron_command => ‘ntpdate cu2’, require => [ Package[‘ntp’, ‘ntpdate’], File[‘/etc/cron.hourly’] ], } } */

– hosts /* 多网卡的时刻需要注意 class { ‘hosts’: dynamic_mode => true, dynamic_ip => $::ipaddress_bond0 } / if $fqdn =~ /..ds.ctyun/ { class { ‘hosts’: dynamic_mode => true, } }

cron {‘run-puppet’: command => “source /etc/profile; puppet agent --test >/tmp/puppet-cron.log 2>&1”, minute => inline_template(‘<%= @hostname.hash.abs % 60 %>’), }

file{‘/etc/puppetlabs/mcollective/facts.yaml’: owner => root, group => root, mode => ‘400’, loglevel => debug, # reduce noise in Puppet reports content => inline_template(“<%= scope.to_hash.reject { |k,v| k.to_s =~ /(uptime_seconds|timestamp|free)/ }.to_yaml %>”), # exclude rapidly changing facts } }

# modules install

https://docs.puppet.com/puppet/latest/reference/modules_installing.html

The full name of a Forge module is formatted as username-modulename.

https://docs.puppet.com/puppet/latest/reference/modules_fundamentals.html#writing-modules

[root@cu2 code]# cd environments/production/modules/ [root@cu2 modules]# puppet module generate --skip-interview winse-hello

[root@cu2 modules]# puppet module install puppetlabs-stdlib Notice: Preparing to install into /etc/puppetlabs/code/environments/production/modules … Notice: Downloading from https://forgeapi.puppetlabs.com … Notice: Installing – do not interrupt … /etc/puppetlabs/code/environments/production/modules └── puppetlabs-stdlib (v4.11.0) [root@cu2 modules]# puppet module list /etc/puppetlabs/code/environments/production/modules ├── puppetlabs-stdlib (v4.11.0) └── winse-hello (v0.1.0) /etc/puppetlabs/code/modules (no modules installed) /opt/puppetlabs/puppet/modules (no modules installed)

sudo puppet module install ~/puppetlabs-apache-0.10.0.tar.gz --ignore-dependencies

Listing Installed Modules Use the module tool’s list action to see which modules you have installed (and which directory they’re installed in).

Use the --tree option to view the modules arranged by dependency instead of by location on disk.

puppet4 插件同步选项默认是开启的 pluginsync=true，不需要额外的操作。

# https://github.com/example42/puppet-nrpe/issues/1
[root@cu2 modules]# tar zxvf puppet-hosts-2.0.18.tar.gz  
[root@cu2 modules]# tar zxvf puppi-2.1.12.tar.gz 
[root@cu2 modules]# ll
total 16
drwxr-xr-x 3 root root 4096 Apr 22 14:37 helloworld
drwxrwxr-x 6 root root 4096 Aug 10  2015 hosts
drwxrwxr-x 7 root root 4096 Aug  8  2015 puppi
drwxr-xr-x 6 root root 4096 Jan 12 19:08 stdlib

[root@cu2 modules]# vi /etc/puppetlabs/code/environments/production/manifests/site.pp 
node default {
  class { 'hosts': 
    dynamic_mode => true,
  }
}

# 效果。好像要活跃的主机才会添加，顺序执行两边 agent -t 就可以把所有的agent全部加到hosts文件
[root@hadoop-slaver3 ~]# puppet agent -t
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Info: Caching catalog for hadoop-slaver3.ds.ctyun
Info: Applying configuration version '1461309849'
Notice: Applied catalog in 0.06 seconds
[root@hadoop-slaver3 ~]# cat /etc/hosts
# HEADER: This file was autogenerated at 2016-04-22 07:23:45 +0000
# HEADER: by puppet.  While it can still be managed manually, it
# HEADER: is definitely not recommended.
172.17.0.5      hadoop-slaver3
127.0.0.1       localhost
::1     localhost       ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

172.17.42.1     cu2     cu2.esw.cn
172.17.0.5      hadoop-slaver3.ds.ctyun hadoop-slaver3
172.17.0.1      hadoop-master1.ds.ctyun hadoop-master1
172.17.0.2      hadoop-master2.ds.ctyun hadoop-master2
172.17.0.3      hadoop-slaver1.ds.ctyun hadoop-slaver1
172.17.0.4      hadoop-slaver2.ds.ctyun hadoop-slaver2

docker不能修改系统时间！！

https://github.com/example42/puppet-ntp

[root@cu2 ~]# cd /etc/puppetlabs/code/environments/production/modules/
[root@cu2 modules]# ll
total 20
drwxr-xr-x 3 root root 4096 Apr 22 14:37 helloworld
drwxrwxr-x 6 root root 4096 Aug 10  2015 hosts
drwxrwxr-x 5 root root 4096 Oct 30 00:24 ntp
drwxrwxr-x 7 root root 4096 Aug  8  2015 puppi
drwxr-xr-x 6 root root 4096 Jan 12 19:08 stdlib

[root@cu2 ~]# cat /etc/puppetlabs/code/environments/production/manifests/site.pp 
node default {

  file { '/etc/cron.hourly':
    ensure => directory,
  }
 
  package { ['ntp', 'ntpdate']:
    ensure => installed,
  }

  class { 'ntp':
    runmode => 'cron',
    cron_command => 'ntpdate cu2',
    require => [ Package['ntp', 'ntpdate'], File['/etc/cron.hourly'] ],
  }

  if $fqdn =~ /.*\.ds\.ctyun/  {
    class { 'hosts':
      dynamic_mode => true,
    }
  }

}

[root@hadoop-master2 puppetlabs]# puppet agent -t
...
[root@hadoop-master2 puppetlabs]# ll /etc/cron.hourly/
total 4
-rwxr-xr-x 1 root root 197 Apr 22 08:59 ntpdate
[root@hadoop-master2 puppetlabs]# cat /etc/cron.hourly/ntpdate 
#!/bin/bash
# Managed by Puppet
export PATH=$PATH:/usr/bin:/usr/sbin:/bin:/sbin

# Wait up to 600 seconds 
randomsec=$RANDOM
let "randomsec %= 600"
sleep $randomsec

ntpdate cu2 >/dev/null

exit 0

sudo

[root@cu2 modules]# mv saz-sudo-3.1.0 sudo
[root@cu2 modules]# ll
total 20
drwxrwxr-x 6 hadoop root  4096 Aug 10  2015 hosts
drwxrwxr-x 5 hadoop root  4096 Oct 30  2015 ntp
drwxrwxr-x 7 hadoop root  4096 Aug  8  2015 puppi
drwxr-xr-x 6 hadoop root  4096 Jan 12 19:08 stdlib
drwxr-xr-x 8 hadoop games 4096 Jun  6  2015 sudo
[root@cu2 modules]# puppet apply -e "include sudo
> sudo::conf { 'hadoop':
> content => 'hadoop ALL=(ALL) NOPASSWD: ALL',
> }
> "
Notice: Compiled catalog for cu2.esw.cn in environment production in 0.64 seconds
Notice: /Stage[main]/Sudo/File[/etc/sudoers]/content: content changed '{md5}d31d7fefba87710cfaf3be96d81104d3' to '{md5}dc7c9180ad39e78a8c91291f4743437b'
Notice: /Stage[main]/Sudo/File[/etc/sudoers.d/]/mode: mode changed '0750' to '0550'
Notice: /Stage[main]/Main/Sudo::Conf[hadoop]/File[10_hadoop]/ensure: defined content as '{md5}627f25fd210c1351a6ed664c93b5be37'
Notice: /Stage[main]/Main/Sudo::Conf[hadoop]/Exec[sudo-syntax-check for file /etc/sudoers.d/10_hadoop]: Triggered 'refresh' from 1 events
Notice: Applied catalog in 0.43 seconds

上面简单的列出了 puppet 的简单使用，但是如果有大文件。。。

# 文件

有时可为了传输临时的几个文件，要个单独整一个module比较麻烦，可以使用fileserver直接在site.pp中进行更新同步处理。

添加fileserver.conf配置

[aj_files]
    path /etc/puppetlabs/code/environments/production/files
    allow *

同时修改files目录的权限： chown -R puppet files

在site.pp中添加更新文件的配置

file {'/etc/ssh/sshd_config':
  ensure   => 'file',
  source   => 'puppet:///aj_files/etc/ssh/sshd_config',
  notify   => Service['sshd'],
}

service{'sshd':
  ensure     => 'running',
  enable     => 'true',
  hasstatus  => 'true', 
  hasrestart => 'true',
  restart    => '/etc/init.d/sshd reload',  #将restart改成reload
}

文件比较多时，可以使用循环：

$binaries = ["facter", "hiera", "mco", "puppet", "puppetserver"]

# function call with lambda:
$binaries.each |String $binary| {
  file {"/usr/bin/$binary":
    ensure => link,
    target => "/opt/puppetlabs/bin/$binary",
  }
}

或者

# one-off defined resource type, in
# /etc/puppetlabs/code/environments/production/modules/puppet/manifests/binary/symlink.pp
define puppet::binary::symlink ($binary = $title) {
  file {"/usr/bin/$binary":
    ensure => link,
    target => "/opt/puppetlabs/bin/$binary",
  }
}

# using defined type for iteration, somewhere else in your manifests
$binaries = ["facter", "hiera", "mco", "puppet", "puppetserver"]

puppet::binary::symlink { $binaries: }

# 模板

https://docs.puppet.com/puppet/latest/reference/lang_relationships.html#ordering-and-notification

# 节点定义

# 官网文档

Discussion

在 GitHub 上讨论

欢迎通过 GitHub Issue 留言或反馈。每条讨论都会关联到对应文章的源文件路径。

2016-04-22-puppet-basic.md

查看已有讨论新建 Issue