Learning Puppet — Manifests

Begin

In a text editor — vimemacs, or nano — create a file with the following contents and filename: written and applied your first Puppet manifest.

[[email protected] ~]# useradd testuser
[[email protected] ~]# cat /etc/passwd |grep test
testuser:x:536:536::/home/testuser:/bin/bash
[[email protected] ~]# pwd
/root
[[email protected] ~]# vim user-absent.pp
[[email protected] ~]# cat user-absent.pp
user {‘testuser‘:
ensure => absent,
}
[[email protected] ~]# puppet apply /root/user-absent.pp
Notice: Compiled catalog for yum01.test.com in environment production in 7.99 seconds
Notice: /Stage[main]/Main/User[testuser]/ensure: removed
Notice: Finished catalog run in 4.34 seconds
[[email protected] ~]# puppet apply /root/user-absent.pp
Notice: Compiled catalog for yum01.test.com in environment production in 0.27 seconds
Notice: Finished catalog run in 0.03 seconds
[[email protected] ~]# cat /etc/passwd |grep test

Manifests

Puppet programs are called “manifests,” and they use the .pp file extension.

The core of the Puppet language is the resource declaration. A resource declaration describes a desired state for one resource.

Puppet Apply

Like resource in the last chapter, apply is a Puppet subcommand. It takes the name of a manifest file as its argument, and enforces the desired state described in the manifest.

We’ll use it below to test small manifests, but it can be used for larger jobs too. In fact, it can do nearly everything an agent/master Puppet environment can do.

Resource Declarations

Let’s start by looking at a single resource:

[[email protected] ~]# ls -l /tmp/ |grep test
[[email protected] ~]# vim file-1.pp
[[email protected] ~]# cat file-1.pp
file {‘testfile‘:
path => ‘/tmp/testfile‘,
ensure => present,
mode => 0640,
content => "i am a test file",
}

  • The type (file, in this case)
  • An opening curly brace ({)
    • The title (testfile)
    • A colon (:)
    • A set of attribute => value pairs, with a comma after each pair (path => ‘/tmp/testfile‘, etc.)
  • A closing curly brace (})

[[email protected] ~]# pwd
/root
[[email protected] ~]# puppet apply /root/file-1.pp
Notice: Compiled catalog for yum01.test.com in environment production in 0.18 seconds
Notice: /Stage[main]/Main/File[testfile]/ensure: created
Notice: Finished catalog run in 0.32 seconds
[[email protected] ~]# ls -l /tmp/ |grep test
-rw-r----- 1 root root 16 Nov 6 06:50 testfile
[[email protected] ~]# cat /tmp/testfile
i am a test file

Puppet noticed that the file didn’t exist, and created it. It set the desired content and mode at the same time.

If we try changing the mode and applying the manifest again, Puppet will fix it:

[[email protected] ~]# chmod 666 /tmp/testfile
[[email protected] ~]# ls -l /tmp/ |grep test
-rw-rw-rw- 1 root root 16 Nov 6 06:50 testfile
[[email protected] ~]# puppet apply /root/file-1.pp
Notice: Compiled catalog for yum01.test.com in environment production in 0.22 seconds
Notice: /Stage[main]/Main/File[testfile]/mode: mode changed ‘0666‘ to ‘0640‘
Notice: Finished catalog run in 0.27 seconds
[[email protected] ~]# ls -l /tmp/ |grep test
-rw-r----- 1 root root 16 Nov 6 06:50 testfile

Once More, With Feeling!

Now that you know resource declarations, let’s play with the file type some more. We’ll:

  • Put multiple resources of different types in the same manifest
  • Use new values for the ensure attribute
  • Find an attribute with a special relationship to the resource title
  • See what happens when we leave off certain attributes
  • See some automatic permission adjustments on directories

[[email protected] ~]# vim file-2.pp
[[email protected] ~]# cat file-2.pp
file {‘/tmp/test1‘:
ensure => file,
content => "hi.\n",
}

file {‘/tmp/test2‘:
ensure => directory,
mode => 0644,
}

file {‘/tmp/test3‘:
ensure => link,
target => ‘/tmp/test1‘,
}

notify {" iam nofitying you":}
notify {"so am i" :}

[[email protected] ~]# puppet apply /root/file-2.pp
Notice: Compiled catalog for yum01.test.com in environment production in 0.18 seconds
Notice: /Stage[main]/Main/File[/tmp/test1]/ensure: defined content as ‘{md5}4e9141e3aa25c784aa6bc0b2892c12d9‘
Notice: /Stage[main]/Main/File[/tmp/test3]/ensure: created
Notice: /Stage[main]/Main/File[/tmp/test2]/ensure: created
Notice: iam nofitying you
Notice: /Stage[main]/Main/Notify[ iam nofitying you]/message: defined ‘message‘ as ‘ iam nofitying you‘
Notice: so am i
Notice: /Stage[main]/Main/Notify[so am i]/message: defined ‘message‘ as ‘so am i‘
Notice: Finished catalog run in 0.14 seconds

New Ensure Values, Different States

The ensure attribute is somewhat special. It’s available on most (but not all) resource types, and it controls whether the resource exists, with the definition of “exists” being somewhat local.

With files, there are several ways to exist:

  • As a normal file (ensure => file)
  • As a directory (ensure => directory)
  • As a symlink (ensure => link)
  • As any of the above (ensure => present)
  • As nothing (ensure => absent).

Titles and Namevars

Notice how our original file resource had a path attribute, but our next three left it out?

Almost every resource type has one attribute whose value defaults to the resource’s title. For the file resource, that’s path. Most of the time (usergrouppackage…), it’sname.

The Site Manifest and Puppet Agen

We’ve seen how to use puppet apply to directly apply manifests on one system. The puppet master/agent services work very similarly, but with a few key differences:

Puppet apply:

  • A user executes a command, triggering a Puppet run.
  • Puppet apply reads the manifest passed to it, compiles it into a catalog, and applies the catalog.

Puppet agent/master:

  • Puppet agent runs as a service, and triggers a Puppet run about every half hour (configurable).
  • Puppet agent does not have access to any manifests; instead, it requests a pre-compiled catalog from a puppet master server.
  • The puppet master always reads one special manifest, called the “site manifest” or site.pp. It uses this to compile a catalog, which it sends back to the agent. ----site.pp
  • After getting the catalog, the agent applies it.

This way, you can have many machines being configured by Puppet, while only maintaining your manifests on one (or a few) servers. This also gives some extra security, as described above under “Compilation.”

Exercise: Use Puppet Agent/Master to Apply the Same Configuration

To see how the same manifest code works in puppet agent:

[[email protected] manifests]# pwd
/etc/puppet/manifests
[[email protected] manifests]# vim file.pp
[[email protected] manifests]# cat file.pp
file {‘/tmp/test11111111‘:
ensure => file,
content => "hi. this is a test 111111 file \n",
}
[[email protected] manifests]# vim site.pp
[[email protected] manifests]# cat site.pp
import ‘file.pp‘

[[email protected] ~]# puppet agent --test
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for yum01.test.com
Info: Applying configuration version ‘1415262208‘
Notice: /Stage[main]/Main/File[/tmp/test11111111]/ensure: defined content as ‘{md5}cb94281a2c8ccc1c3a64aa2c0e04721e‘
Notice: Finished catalog run in 0.14 seconds
[[email protected] ~]# cat /tmp/test11111111
hi. this is a test 111111 file

refer: https://docs.puppetlabs.com/learning/manifests.html

时间: 2024-10-07 10:21:44

Learning Puppet — Manifests的相关文章

Learning Puppet — Resource Ordering

Learning Puppet — Resource Ordering Learn about dependencies and refresh events, manage the relationships between resources, and discover the fundamental Puppet design pattern. Disorder Let’s look back on one of our manifests from the last page: [[em

windows puppet manifests 文件维护

初级 puppet windows agent实现简单的msi格式安装包安装及bat文件创建; windows puppet manifests 文件维护

Learning Puppet — Resources and the RAL

Learning Puppet — Resources and the RAL Welcome to Learning Puppet! This series covers the basics of writing Puppet code Begin Log into the Learning Puppet VM as root, and run puppet resource service. This command will return something like the follo

Learning Puppet — Variables, Conditionals, and Facts

Begin $my_variable = "A bunch of text" notify {$my_variable:} Yup, that’s a variable, all right. refer: https://docs.puppetlabs.com/learning/variables.html

puppet知识简记

Puppet 开始 安装 aptitude install puppet puppetmaster 工作机制 puppet是通过ssl方式进行安全通信的,在正常同步前,需要进行证书的获取和认证 puppet运行机制大概是这样: 客户端向服务端发送facts信息,请求返回catalog, 服务端检查类文件等的关于客户端的信息打包catalog返回给客户端, 客户端按照catalog进行一系列检查同步操作. puppet资源类型及属性 3.1 资源 资源是puppet处理主机而分解的基本元素,资源的

puppet基础学习(二)

puppet基础学习(二) 六.ResourceOrdering(资源定序) 使用变化参数before , require , notify , subscribe catalog是对一个给定的系统的所有资源及关系的编译,在编译catalog时,除非我们指定资源的执行顺序,不然puppet是以其自己的顺序管理,大多数时候puppet指定适当的方式,例如puppet管理用户gigabyte应该存在和文件夹/home/gigabyte/bin应该存在并属于用户gigabyte时,puppet会自动指

Puppet node节点的特性(十二)

前言: 生产机器很多通常会新建nodes.pp文件和site.pp文件平级,存放于/etc/puppet/manifests/nodes.pp文件,这种方法比较常用.当然也有其他办法直接写入site.pp文件. nodes.pp文件主机匹配,支持正则表达式和继承. //:正则匹配 "":精确匹配 inherits:继承 实例: 先正则匹配然后在精确匹配. node /sh-(proxy|web)\d+/ {   case $::hostname {     "sh-proxy

利用Puppet全自动部署tomcat

上一篇聊了puppet的安装部署方法,如果你还没有安装puppet,请点击下方链接查看具体安装方法: <搭建Puppet自动化部署环境> 这篇来看一下如何利用Puppet全自动部署tomcat,在Puppet中有很多资源,其中比较常用的包括: package    通过程序安装软件 service    启动或停止服务 file      文件传输 exec      执行命令 由于tomcat用源码包安装的居多,所有下面主要用到file和exec资源 一.打开文件传输功能 1.vim /et

puppet安装和部署

环境 [[email protected] ~]# cat /etc/redhat-release CentOS release 6.6 (Final) http://downloads.puppetlabs.com/facter/facter-1.5.8.tar.gz http://downloads.puppetlabs.com/puppet/puppet-2.6.1.tar.gz 软件包: [[email protected] tools]# ll 总用量 1532 -rw-r--r--