Home | 简体中文 | 繁体中文 | 杂文 | Github | 知乎专栏 | Facebook | Linkedin | Youtube | 打赏(Donations) | About
知乎专栏

125.5. manifests

http://docs.puppetlabs.com/learning/

125.5.1. node

default 针对所有节点

node default {
	file {
    	"/tmp/helloworld.txt": content => "hello, world";
	}
}
			
# cat /etc/puppet/manifests/site.pp
node default {
	file {
		"/tmp/puppettest1.txt":
			content => "hello,first puppet manifest";
	}
}
			

指定节点

# cat /etc/puppet/manifests/test.pp
node www {
    file { "/var/www/index.html":
        source => "/tmp/something",
        mode   => 666;
    }
}
			

多个节点

node 'www','images' {
	...
	...
}
			

125.5.2. group, user 用户组管理

http://docs.puppetlabs.com/references/latest/type.html#user

http://docs.puppetlabs.com/references/latest/type.html#group

如果没有指定name的话就会建立和资源名一样的用户名/组名,如果指定了name就以name指定的用户名/组名为主

125.5.2.1. group

用户组的添加

node 'node1.example.com' {
#为该节点添加一个名字为test的组,并设置组ID为1000,如果不指定name的值,所创建的用户就为web。
	group { "web":
        ensure => "present",
        gid => 1000,
        name => "test";
        }
#为该节点添加一个httpd的组,并且设置ID和web一样
	group { "httpd":
        ensure => "present",
        gid => 1000,
        allowdupe => true;
        }
#为该节点删除一个apache的组。
	group { "apache":
        ensure => "absent",
        }
}
				

用户组的删除

node 'node1.example.com' {
#为该节点删除一个web的组。
	group { "web":
        ensure => "absent",
        }
}
				

125.5.2.2. user

用户的添加

#创建一个用户并且密码为空
user {"svn":
        ensure => "present",
        shell => "/sbin/nologin";
}

#创建一个www用户,设置用户描述为webmaster,shell为bash,
user {"www":
        ensure => "present",
        comment => "webmaster user",
        name => "www",
        shell => "/sbin/bash";
}

#创建一个gid为80的用户组:
group { "www":
        ensure => "present",
        gid => 80,
        }
				

用户的删除

user { "neo":
    ensure => "absent",
}
				

创建用户并指定密码

生成密码

# grub-md5-crypt
Password:
Retype password:
$1$ZlJ1u0$tdv/dr8pYuHh.eT47F6b70
				
user { "www":
    ensure => "present",
    uid => 80,
    gid => 80,
    home => "/var/www",
    shell => "/bin/bash",
    managehome => true,
 	password => '$1$ZlJ1u0$tdv/dr8pYuHh.eT47F6b70';
}

file {"/var/www":
        group => 80,
        owner => 80,
        mode => 700,
        ensure => directory;
}
				

125.5.3. file

file { "/var/www/my/file":
    source => "/path/in/nfs/or/something",
    mode   => 666;
}
			

125.5.3.1. ensure

ensure => absent; 	#absent是检测文件是否存在,如果存在则删除
ensure => present; 	#present正好相反,如果不存在则创建
ensure => directory; #创建一个目录的方法
force = > true; 	#删除一个目录必须加上这个参数
source => "PATH"; 	#指定数据来源
backup => ".backup_$uptime_seconds"; 覆盖前备份文件
				

创建目录实例

file { "/tmp/cache":
  owner => "www",
  group => "www",
  mode => 700,
  ensure => directory;
}
 				

125.5.3.2. source

source 表示 agent节点上的目录

node www {
    file { "/var/www":
        owner => "nginx",
        group => "nginx",
        mode => 700,
        ensure => directory;
    }

    file { "/var/www/index.html":
        source => "/tmp/something",
        mode   => 666;
    }
}
				

从master上获取文件

fileserver.conf 配置如下

[files]
path /var/lib/puppet/files
allow *
				

site.pp配置如下

file { "/tmp/test.txt":
        source  => "puppet://puppet.example.com/files/test.txt",
    }
				

此处的files为fileserver.conf中定义模块

125.5.3.3. owner, group, mode

file
{ "/opt/testfile":
	owner => "puppet",
	group => "puppet",
	mode => 777;
}
				

125.5.4. package

present, installed	安装包
absent,pureged		卸载包
			
# start
package {
       "dnsmasq":
               ensure => installed;
       }

file {
       "/etc/resolv.conf":
               require => Service["dnsmasq"],
               content => "nameserver 127.0.0.1\n";
       }
service {
       "dnsmasq":
               ensure => running,
               pattern => "dnsmasq" ,
               require => Package["dnsmasq"];
       }
# end
			
package {
	"httpd":
		ensure    => installed;    	安装httpd,或用present也表示安装
	["vim","vsftpd"]:
		ensure=>absent;  			删除vim 和vsftpd软件,使用pureged表示彻底删除软件
}
			
$package_list = [ "screen", "strace", "sudo" ]
package { $package_list: ensure => "installed" }
			
package { "lamp":
	ensure => present,
	provider => rpm,
	source => "http://192.168.0.1/lamp.rpm";
}
			

125.5.5. service

service { 'sshd':
      ensure     => running,
      enable     => true,
      hasrestart => true,
      hasstatus  => true,
      subscribe  => File['/etc/ssh/sshd_config'],
}
			

125.5.6. exec

exec { "creates file":
	cwd => "/tmp",  														#指定命令执行的目录。如果目录不存在,则命令执行失败。
	command => "/bin/echo helloworld > /tmp/hello.txt",
	user => "root",
	path => "/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin";	#命令执行的搜索路径。如果path没有被定义,命令需要使用绝对路径。
}
			
exec { “/srv/puppet/shell/test.sh”:
    cwd => “/srv/puppet”,
    timeout => 7200,
    logoutput => on_failure,
    user => root,
    path => ["/sbin", "/usr/sbin", "/usr/local/sbin", "/usr/local/bin", "/usr/bin", "/bin", "/usr/local/java/jre/bin"],
    require => File["/srv/puppet/shell/test.sh"]
}
			

125.5.7. cron

cron{ ntpdate:
      command => "/usr/sbin/ntpdate 172.16.0.1",
      user => root,
      minute =>'*/5',
      require => Package["crontabs"];
}
			
file { "/etc/cron.hourly/backup":
	mode => 755,
	owner => root,
	group => root,
	require => Package[mysql],
	content => template("db/backup.erb");
}