Home | Mirror | Search

5. manifests

http://docs.puppetlabs.com/learning/

5.1. node

default 針對所有節點

node default {
	file {
    	"/tmp/helloworld.txt": content => "hello, world";
	}
}
			
# cat /etc/puppet/manifests/site.pp
node default {
	file {
		"/tmp/puppettest1.txt":
			content => "hello,first puppet manifest";
	}
}
			

指定節點

# cat /etc/puppet/manifests/test.pp
node www {
    file { "/var/www/index.html":
        source => "/tmp/something",
        mode   => 666;
    }
}
			

多個節點

node 'www','images' {
	...
	...
}
			

5.2. group, user 用戶組管理

http://docs.puppetlabs.com/references/latest/type.html#user

http://docs.puppetlabs.com/references/latest/type.html#group

如果沒有指定name的話就會建立和資源名一樣的用戶名/組名,如果指定了name就以name指定的用戶名/組名為主

5.2.1. group

用戶組的添加

node 'node1.example.com' {
#為該節點添加一個名字為test的組,並設置組ID為1000,如果不指定name的值,所創建的用戶就為web。
	group { "web":
        ensure => "present",
        gid => 1000,
        name => "test";
        }
#為該節點添加一個httpd的組,並且設置ID和web一樣
	group { "httpd":
        ensure => "present",
        gid => 1000,
        allowdupe => true;
        }
#為該節點刪除一個apache的組。
	group { "apache":
        ensure => "absent",
        }
}
				

用戶組的刪除

node 'node1.example.com' {
#為該節點刪除一個web的組。
	group { "web":
        ensure => "absent",
        }
}
				

5.2.2. user

用戶的添加

#創建一個用戶並且密碼為空
user {"svn":
        ensure => "present",
        shell => "/sbin/nologin";
}

#創建一個www用戶,設置用戶描述為webmaster,shell為bash,
user {"www":
        ensure => "present",
        comment => "webmaster user",
        name => "www",
        shell => "/sbin/bash";
}

#創建一個gid為80的用戶組:
group { "www":
        ensure => "present",
        gid => 80,
        }
				

用戶的刪除

user { "neo":
    ensure => "absent",
}
				

創建用戶並指定密碼

生成密碼

# grub-md5-crypt
Password:
Retype password:
$1$ZlJ1u0$tdv/dr8pYuHh.eT47F6b70
				
user { "www":
    ensure => "present",
    uid => 80,
    gid => 80,
    home => "/var/www",
    shell => "/bin/bash",
    managehome => true,
 	password => '$1$ZlJ1u0$tdv/dr8pYuHh.eT47F6b70';
}

file {"/var/www":
        group => 80,
        owner => 80,
        mode => 700,
        ensure => directory;
}
				

5.3. file

file { "/var/www/my/file":
    source => "/path/in/nfs/or/something",
    mode   => 666;
}
			

5.3.1. ensure

ensure => absent; 	#absent是檢測檔案是否存在,如果存在則刪除
ensure => present; 	#present正好相反,如果不存在則創建
ensure => directory; #創建一個目錄的方法
force = > true; 	#刪除一個目錄必須加上這個參數
source => "PATH"; 	#指定數據來源
backup => ".backup_$uptime_seconds"; 覆蓋前備份檔案
				

創建目錄實例

file { "/tmp/cache":
  owner => "www",
  group => "www",
  mode => 700,
  ensure => directory;
}
 				

5.3.2. source

source 表示 agent節點上的目錄

node www {
    file { "/var/www":
        owner => "nginx",
        group => "nginx",
        mode => 700,
        ensure => directory;
    }

    file { "/var/www/index.html":
        source => "/tmp/something",
        mode   => 666;
    }
}
				

從master上獲取檔案

fileserver.conf 配置如下

[files]
path /var/lib/puppet/files
allow *
				

site.pp配置如下

file { "/tmp/test.txt":
        source  => "puppet://puppet.example.com/files/test.txt",
    }
				

此處的files為fileserver.conf中定義模組

5.3.3. owner, group, mode

file
{ "/opt/testfile":
	owner => "puppet",
	group => "puppet",
	mode => 777;
}
				

5.4. package

present, installed	安裝包
absent,pureged		卸載包
			
# start
package {
       "dnsmasq":
               ensure => installed;
       }

file {
       "/etc/resolv.conf":
               require => Service["dnsmasq"],
               content => "nameserver 127.0.0.1\n";
       }
service {
       "dnsmasq":
               ensure => running,
               pattern => "dnsmasq" ,
               require => Package["dnsmasq"];
       }
# end
			
package {
	"httpd":
		ensure    => installed;    	安裝httpd,或用present也表示安裝
	["vim","vsftpd"]:
		ensure=>absent;  			刪除vim 和vsftpd軟件,使用pureged表示徹底刪除軟件
}
			
$package_list = [ "screen", "strace", "sudo" ]
package { $package_list: ensure => "installed" }
			
package { "lamp":
	ensure => present,
	provider => rpm,
	source => "http://192.168.0.1/lamp.rpm";
}
			

5.5. service

service { 'sshd':
      ensure     => running,
      enable     => true,
      hasrestart => true,
      hasstatus  => true,
      subscribe  => File['/etc/ssh/sshd_config'],
}
			

5.6. exec

exec { "creates file":
	cwd => "/tmp",  														#指定命令執行的目錄。如果目錄不存在,則命令執行失敗。
	command => "/bin/echo helloworld > /tmp/hello.txt",
	user => "root",
	path => "/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin";	#命令執行的搜索路徑。如果path沒有被定義,命令需要使用絶對路徑。
}
			
exec { “/srv/puppet/shell/test.sh”:
    cwd => “/srv/puppet”,
    timeout => 7200,
    logoutput => on_failure,
    user => root,
    path => ["/sbin", "/usr/sbin", "/usr/local/sbin", "/usr/local/bin", "/usr/bin", "/bin", "/usr/local/java/jre/bin"],
    require => File["/srv/puppet/shell/test.sh"]
}
			

5.7. cron

cron{ ntpdate:
      command => "/usr/sbin/ntpdate 172.16.0.1",
      user => root,
      minute =>'*/5',
      require => Package["crontabs"];
}
			
file { "/etc/cron.hourly/backup":
	mode => 755,
	owner => root,
	group => root,
	require => Package[mysql],
	content => template("db/backup.erb");
}
			
comments powered by Disqus