AmazingCounters.com

Puppet小试牛刀

ansible比较适合做“一次性”的工作,例如,系统部署、应用发布、打补丁等等,而且ansible一次性默认只能在5台主机上批量执行命令,规模再大点的就不太适用了,这时。候就轮到Puppet上场了。Puppet是由Ruby语言开发,执行高效,而且Puppet的foreman可以提供比较高大上的web界面,更方便使用和管理节点。Puppet历史悠久,使用率比ansible更高,且其功能和性能更加稳定,唯一不足的是Puppet的运行需要agent端也安装Puppet,下面列出常用自动化部署工具对比

Puppet基础

puppet的基础概念和架构

puppet的工作模型:

  • 单机模型(standalone):手动应用清单;
  • master/agent:由agent周期性地向Master请求清单并自动应用于本地;

单机模型:
配置文件:/etc/puppet/puppet.conf
主程序:/usr/bin/puppet
puppet程序:Usage: puppet <subcommand> [options] <action> [options]
puppet help <subcommand>' for help on a specific subcommand.
puppet help <subcommand> <action>' for help on a specific subcommand action.
puppet apply:Applies a standalone Puppet manifest to the local system.
puppet apply  [-d|--debug]  [-v|--verbose]  [-e|--execute]  [--noop]  <file>
puppet describe:Prints help about Puppet resource types, providers, and metaparameters.

puppet describe [-h|--help] [-s|--short] [-p|--providers] [-l|--list] [-m|--meta] [type]

  • -l:列出所有资源类型;
  • -s:显示指定类型的简要帮助信息;
  • -m:显示指定类型的元参数,一般与-s一同使用;

资源定义:向资源类型的属性赋值来实现,可称为资源类型实例化;定义了资源实例的文件即清单,manifest;
定义资源的语法:
type {'title':
attribute1 => value1,
atrribute2 => value2,
……
}

注意:type必须使用小写字符;title是一个字符串,在同一类型中必须惟一;
资源属性中的三个特殊属性:

  • Namevar, 可简称为name;
  • ensure:资源的目标状态;
  • Provider:指明资源的管理接口;

Puppet的资源类型

group:Manage groups.

属性:

  • name:组名;
  • gid:GID;
  • system:是否为系统组,true OR false;
  • ensure:目标状态,present/absent;
  • members:成员用户;

user:Manage users.
属性:

  • name:用户名;
  • uid: UID;
  • gid:基本组ID;
  • groups:附加组,不能包含基本组;
  • comment:注释;
  • expiry:过期时间 ;
  • home:家目录;
  • shell:默认shell类型;
  • system:是否为系统用户 ;
  • ensure:present/absent;
  • password:加密后的密码串;

资源引用:Type['title']     类型的首字母必须大写;
关系元参数:before/require

A before B: B依赖于A,定义在A资源中;
{
...
before    => Type['B'],
...
}
B require A: B依赖于A,定义在B资源中;
{
...
require    => Type['A'],
...
}
View Code

package:Manage packages.
属性:

  • ensure:installed, present, latest, absent, any version string (implies present)
  • name:包名;
  • source:程序包来源,仅对不会自动下载相关程序包的provider有用,例如rpm或dpkg;
  • provider:指明安装方式;

service:Manage running services.
属性:

  • ensure:Whether a service should be running. Valid values are `stopped` (also called `false`), `running` (also called `true`).
  • enable:Whether a service should be enabled to start at boot. Valid values are `true`, `false`, `manual`.
  • name:
  • path:The search path for finding init scripts. 如:/bin/:/sbin/:/usr/sbin/:/usr/bin: 脚本的搜索路径,默认为/etc/init.d/;
  • hasrestart: (true)
  • hasstatus:
  • start:手动定义启动命令,如‘service start redis’
  • stop:
  • status:
  • restart:Specify a *restart* command manually. If left unspecified, the service will be stopped and then started. 通常用于定义reload操作;

file:Manages files, including their content, ownership, and permissions.

  • ensure:Possible values are `present`, `absent`, `file`, `directory`, and `link`.
  • path:文件路径;
  • source:源文件;
  • content:文件内容;
  • target:符号链接的目标文件;
  • owner:属主
  • group:属组
  • mode:权限;
  • atime/ctime/mtime:时间戳;

资源有特殊属性:
名称变量(namevar):name可省略,此时将由title表示;
ensure:定义资源的目标状态;
元参数:metaparameters
依赖关系:before、require
通知关系:通知相关的其它资源进行“刷新”操作;notify/subscribe

A notify B:B依赖于A,且A发生改变后会通知B;
{
...
notify => Type['B'],
...
}
B subscribe A:B依赖于A,且B监控A资源的变化产生的事件;
{
...
subscribe => Type['A'],
...
}    
View Code

示例1:

file{'test.txt':
    path => '/tmp/test.txt',
    ensure => file,
    source => '/etc/fstab',
}

file{'test.symlink':
    path => '/tmp/test.symlink',
    ensure => link,
    target => '/tmp/test.txt',
    require => File['test.txt'],
}

file{'test.dir':
    path => '/tmp/test.dir',
    ensure => directory,
    source => '/etc/yum.repos.d/',
    recurse => true,
}
View Code

示例2:

service{'httpd':
  ensure => running,
  enable => true,
  restart => 'systemctl restart httpd.service',
#   subscribe => File['httpd.conf'],
}

package{'httpd':
  ensure => installed,
}

file{'httpd.conf':
  path => '/etc/httpd/conf/httpd.conf',
  source => '/root/manifests/httpd.conf',
  ensure => file,
  notify => Service['httpd'],
}

Package['httpd'] -> File['httpd.conf'] -> Service['httpd']
View Code

exec:相当于ansible的command和shell.

  • **command** (*namevar*):要运行的命令;
  • cwd:The directory from which to run the command.
  • **creates**:文件路径,仅此路径表示的文件不存在时,command方才执行;
  • user/group:运行命令的用户身份;
  • path:The search path used for command execution. Commands must be fully qualified if no path is specified.
  • onlyif:此属性指定一个命令,此命令正常(退出码为0)运行时,当前command才会运行;
  • unless:此属性指定一个命令,此命令非正常(退出码为非0)运行时,当前command才会运行;
  • refresh:重新执行当前command的替代命令;
  • refreshonly:仅接收到订阅的资源的通知时方才运行;

cron:指定周期性任务计划

  • command:要执行的任务;
  • ensure:present/absent;
  • hour:
  • minute:
  • monthday:
  • month:
  • weekday:
  • user:以哪个用户的身份运行命令
  • target:添加为哪个用户的任务
  • name:cron job的名称;

示例:

cron{'timesync':
    command => '/usr/sbin/ntpdate 172.18.0.1 &> /dev/null',
    ensure => present,
    minute => '*/3',
    user => 'root',
}    
View Code

notify:Sends an arbitrary message to the agent run-time log.
属性:

  • message:信息内容
  • name:信息名称;

核心类型:

  • group: 组
  • user:用户
  • packge:程序包
  • service:服务
  • file:文件
  • exec:执行自定义命令,要求幂等
  • cron:周期性任务计划
  • notify:通知

可以为资源定义tag,格式:

type{'title':
...
tag => 'TAG1',
}
type{'title':
...
tag => ['TAG1','TAG2',...],
} 

手动调用:
puppet apply --tags TAG1,TAG2,... FILE.PP

Puppet的变量、语法和类

puppet variable:$variable_name=value
数据类型:

  • 字符型:引号可有可无;但单引号为强引用,双引号为弱引用;
  • 数值型:默认均识别为字符串,仅在数值上下文才以数值对待;
  • 数组:[]中以逗号分隔元素列表;
  • 布尔型值:true, false;
  • hash:{}中以逗号分隔k/v数据列表; 键为字符型,值为任意puppet支持的类型;{ 'mon' => 'Monday', 'tue' => 'Tuesday', };
  • undef:未定义 ;

正则表达式:
(?<ENABLED OPTION>:<PATTERN>)
(?-<DISABLED OPTION>:<PATTERN>)
OPTIONS:
i:忽略字符大小写;
m:把.当换行符;
x:忽略<PATTERN>中的空白字符
(?i-mx:PATTERN)
puppet的变量种类:
facts:直接运行facter即可查看,由facter提供;top scope;

内建变量:
master端变量,$servername, $serverip, $serverversion
agent端变量 ,$clientcert, $clientversion, $environment
parser变量,$module_name
用户自定义变量:
变量有作用域,称为Scope;

  • top scope:  $::var_name
  • node scope
  • class scope

puppet流程控制语句:
if语句:

if CONDITION {
...
} else {
...
}

CONDITION的给定方式:
(1) 变量
(2) 比较表达式
(3) 有返回值的函数

case语句:

case CONTROL_EXPRESSION {
case1: { ... }
case2: { ... }
case3: { ... }
...
default: { ... }
}

CONTROL_EXPRESSION:
(1) 变量
(2) 表达式
(3) 有返回值的函数
各case的给定方式:
(1) 直接字串;
(2) 变量
(3) 有返回值的函数
(4) 正则表达式模式;
(5) default

 

例:

case $osfamily {
"RedHat": { $webserver='httpd' }
/(?i-mx:debian)/: { $webserver='apache2' }
default: { $webserver='httpd' }
}

package{"$webserver":
ensure => installed,
before => [ File['httpd.conf'], Service['httpd'] ],
}

file{'httpd.conf':
path => '/etc/httpd/conf/httpd.conf',
source => '/root/manifests/httpd.conf',
ensure => file,
}

service{'httpd':
ensure => running,
enable => true,
restart => 'systemctl restart httpd.service',
subscribe => File['httpd.conf'],
}    
View Code

selector语句:

CONTROL_VARIABLE ? {
case1 => value1,
case2 => value2,
...
default => valueN,
}

CONTROL_VARIABLE的给定方法:
(1) 变量
(2) 有返回值的函数
各case的给定方式:
(1) 直接字串;
(2) 变量
(3) 有返回值的函数
(4) 正则表达式模式;
(5) default
注意:不能使用列表格式;但可以是其它的selecor;
例1:

class nginx {
    package{'nginx':
        ensure => installed,
    }

    service{'nginx':
        ensure => running,
        enable => true,
        restart => '/usr/sbin/nginx -s reload',
    }
}

class nginx::web inherits nginx {
        Service['nginx'] {
    subscribe => File['ngx-web.conf'],
}

file{'ngx-web.conf':
    path => '/etc/nginx/conf.d/ngx-web.conf',
    ensure => file,
    source => '/root/manifests/ngx-web.conf',
}
}

class nginx::proxy inherits nginx {
    Service['nginx'] {
        subscribe => File['ngx-proxy.conf'],
    }

    file{'ngx-proxy.conf':
        path => '/etc/nginx/conf.d/ngx-proxy.conf',
        ensure => file,
        source => '/root/manifests/ngx-proxy.conf',
    }
}
View Code

例2:

$webserver = $osfamily ? {
    "Redhat" => 'httpd',
    /(?i-mx:debian)/ => 'apache2',
    default => 'httpd',
}


package{"$webserver":
    ensure => installed,
    before => [ File['httpd.conf'], Service['httpd'] ],
}

file{'httpd.conf':
    path => '/etc/httpd/conf/httpd.conf',
    source => '/root/manifests/httpd.conf',
    ensure => file,
}

service{'httpd':
    ensure => running,
    enable => true,
    restart => 'systemctl restart httpd.service',
    subscribe => File['httpd.conf'],
}    
View Code

puppet的类:
类:puppet中命名的代码模块,常用于定义一组通用目标的资源,可在puppet全局调用;类可以被继承,也可以包含子类;
语法格式:
class NAME {
...puppet code...
}

class NAME(parameter1, parameter2) {
...puppet code...
}

类代码只有声明后才会执行,调用方式:

(1) include CLASS_NAME1, CLASS_NAME2, ...

(2) class{'CLASS_NAME':

attribute => value,

}

示例1:

class apache2 {
    $webpkg = $operatingsystem ? {
    /(?i-mx:(centos|redhat|fedora))/ => 'httpd',
    /(?i-mx:(ubuntu|debian))/ => 'apache2',
    default => 'httpd',
    }

    package{"$webpkg":
        ensure => installed,
    }

    file{'/etc/httpd/conf/httpd.conf':
        ensure => file,
        owner => root,
        group => root,
        source => '/tmp/httpd.conf',
        require => Package["$webpkg"],
        notify => Service['httpd'],
    }

    service{'httpd':
        ensure => running,
        enable => true,
    }
}

include apache2 
View Code

示例2:

class dbserver($pkg,$srv) {
    package{"$pkg":
    ensure => latest,
    }

    service{"$srv":
        ensure => running,
    }
}

if $operatingsystem == "CentOS" or $operatingsystem == "RedHat" {
    case $operatingsystemmajrelease {
        '7': { $pkgname = 'mariadb-server' $srvname='mariadb' }
        default: { $pkgname = 'mysql-server' $srvname='mysqld' }
        }
 }

class{'dbserver':
    pkg => "$pkgname",
    srv => "$srvname",
}  
View Code

 

类继承的方式:

class SUB_CLASS_NAME inherits PARENT_CLASS_NAME {
...puppet code...
}
示例1:

class nginx {
    package{'nginx':
    ensure => installed,
}

service{'nginx':
    ensure => running,
    enable => true,
    restart => '/usr/sbin/nginx -s reload',
}
}

class nginx::web inherits nginx {
    Service['nginx'] {
    subscribe => File['ngx-web.conf'],
}

file{'ngx-web.conf':
    path => '/etc/nginx/conf.d/ngx-web.conf',
    ensure => file,
    source => '/root/manifests/ngx-web.conf',
}
}

class nginx::proxy inherits nginx {
    Service['nginx'] {
    subscribe => File['ngx-proxy.conf'],
}

file{'ngx-proxy.conf':
    path => '/etc/nginx/conf.d/ngx-proxy.conf',
    ensure => file,
    source => '/root/manifests/ngx-proxy.conf',
}
}
View Code

示例2:

class redis {
    package{'redis':
        ensure => latest,
    } ->

    service{'redis':
        ensure => running,
        enable => true,
    }
}

class redis::master inherits redis {
    file{'/etc/redis.conf':
        ensure => file,
        source => '/root/manifests/redis-master.conf',
        owner => redis,
        group => root,
    }

    Service['redis'] {
        subscribe => File['/etc/redis.conf'],
    }
}

class redis::slave inherits redis {
    file{'/etc/redis.conf':
        ensure => file,
        source => '/root/manifests/redis-slave.conf',
        owner => redis,
        group => root,
    }

    Service['redis'] {
        subscribe => File['/etc/redis.conf'],
    }
}    
                            
View Code

在子类中为父类的资源新增属性或覆盖指定的属性的值:
Type['title'] {
attribute1 => value,
...
}
在子类中为父类的资源的某属性增加新值:
Type['title'] {
attribute1 +> value,
...
}

puppet模板

erb:模板语言,embedded ruby;
puppet兼容的erb语法:https://docs.puppet.com/puppet/latest/reference/lang_template_erb.html
file{'title':
ensure => file,
path =>
content => template('/PATH/TO/ERB_FILE'),
}
文本文件中内嵌变量替换机制:<%= @VARIABLE_NAME %>
示例:

class nginx {
    package{'nginx':
        ensure => installed,
    }

    service{'nginx':
        ensure => running,
        enable => true,
        require => Package['nginx'],
    }
}

class nginx::web inherits nginx {
    file{'ngx-web.conf':
        path => '/etc/nginx/conf.d/ngx-web.conf',
        ensure => file,
        require => Package['nginx'],
        source => '/root/manifests/nginx/ngx-web.conf',
    }

    file{'nginx.conf':
        path => '/etc/nginx/nginx.conf',
        ensure => file,
        content => template('/root/manifests/nginx.conf.erb'),
        require => Package['nginx'],
    }

    Service['nginx'] {
        subscribe => [ File['ngx-web.conf'], File['nginx.conf'] ],
    }
}

include nginx::web            
View Code

puppet模块:
模块就是一个按约定的、预定义的层级结构存放了多个文件或子目录的目录,目录里的这些文件或子目录必须遵循一定格式的命名规范;
puppet会在配置的路径下查找所需要的模块;

模块名只能以小写字母开头,可以包含小写字母、数字和下划线;但不能使用”main"和"settings“;

  • manifests/init.pp:必须一个类定义,类名称必须与模块名称相同;
  • files/:静态文件;
  • puppet URL:
  • puppet:///modules/MODULE_NAME/FILE_NAME
  • templates/:
  • tempate('MOD_NAME/TEMPLATE_FILE_NAME')
  • lib/:插件目录,常用于存储自定义的facts以及自定义类型;
  • spec/:类似于tests目录,存储lib/目录下插件的使用帮助和范例;
  • tests/:当前模块的使用帮助或使用范例文件;

注意:
1、puppet 3.8及以后的版本中,资源清单文件的文件名要与文件子类名保持一致,例如某子类名为“base_class::child_class”,其文件名应该为child_class.pp;
2、无需在资源清单文件中使用import语句;
3、manifests目录下可存在多个清单文件,每个清单文件包含一个类,其文件名同类名;
puppet config命令:

获取或设定puppet配置参数:puppet config print [argument]
puppet查找模块文件的路径:modulepath

mariadb模块中的清单文件示例:

class mariadb($datadir='/var/lib/mysql') {
    package{'mariadb-server':
       ensure => installed,
    }

    file{"$datadir":
       ensure => directory,
        owner => mysql,
        group => mysql,
        require => [ Package['mariadb-server'], Exec['createdir'], ],
    }

    exec{'createdir':
       command => "mkdir -pv $datadir",
        require => Package['mariadb-server'],
        path => '/bin:/sbin:/usr/bin:/usr/sbin',
        creates => “$datadir",
    }

    file{'my.cnf':
        path => '/etc/my.cnf',
        content => template('mariadb/my.cnf.erb'),
        require => Package['mariadb-server'],
        notify => Service['mariadb'],
    }

    service{'mariadb':
        ensure => running,
        enable => true,
        require => [ Exec['createdir'], File["$datadir"], ],
    }
}
View Code

 

 

Puppet官网下载:https://puppet.com/products/open-source-projects
阿里云镜像下载:https://yum.puppet.com/

posted @ 2017-11-24 22:33  黑夜繁星  阅读(426)  评论(0编辑  收藏  举报
AmazingCounters.com