Puppet C/S初探 site.pp文件介紹(十)
Puppet生產中常用的就是C/S架構./etc/puppet/manifests/site.pp文件是puppet站點導航文件,Agent訪問Master的一切配置管理工作都有site.pp文件開始,site.pp文件作用是讓Master載入並尋找Agent的配置信息.site.pp文件默認在/etc/puppet/manifests/目錄中.
manifests是puppet的資源清單目錄,puppet的所有資源配置文件都以*.pp文件作為擴展名.manifests和site.pp文件的路徑可以在/etc/puppet.conf文件中的[master]段修改,通過修改puppet.conf中的manifestdir來修改manifest的資源文件目錄,修改manifest值來改變更新puppet入口導航文件.
默認master啟動會監聽8140端口,agent監聽8139端口.
[[email protected] manifests]# ss -antlp | grep puppet
LISTEN 0 5 *:8139 *:* users:(("puppet",31325,5))
LISTEN 0 5 *:8140 *:* users:(("puppet",32174,5))puppet的日誌輸出路徑默認為系統的syslog.
[[email protected] manifests]# tail -f /var/log/messages Sep 13 23:38:58 puppet puppet-master[34213]: Starting Puppet master version 3.8.7 Sep 13 23:39:04 puppet puppet-agent[31325]: Caught TERM; exiting Sep 13 23:39:04 puppet puppet-agent[34266]: Reopening log files Sep 13 23:39:05 puppet puppet-agent[34266]: Puppet --listen / kick is deprecated. See http://links.puppetlabs.com/puppet-kick-deprecation Sep 13 23:39:05 puppet puppet-agent[34266]: Starting Puppet client version 3.8.7 Sep 13 23:39:06 puppet puppet-master[34213]: Compiled catalog for puppet.localdomain in environment production in 0.03 seconds Sep 13 23:39:06 puppet puppet-agent[34270]: hello world Sep 13 23:39:06 puppet puppet-agent[34270]: (/Stage[main]/Main/Notify[hello world]/message) defined ‘message‘ as ‘hello world‘ Sep 13 23:39:06 puppet puppet-agent[34270]: Finished catalog run in 0.01 seconds Sep 13 23:39:06 puppet puppet-master[34213]: Report processor failed: Connection refused - connect(2)
通常master也不是隨便一臺機器就可以連接的,一般都會配火墻規則(下面是舉例,真實環境具體對待).
# iptables -A INPUT -p icmp # iptables -A INPUT -i lo -j ACCEPT # iptables -A INPUT -d 192.168.30.134 -p tcp -m multiport --dports 80,443,8139,8140 -j ACCEPT # iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT # iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
默認安裝完puppetmaster是不存在site.pp文件,手動創建site.pp文件(安裝篇已經將puppet和svn結合,所以在win客戶端操作svn創建):
註意:如果使用svn托管了puppet代碼,中途直接在服務器寫代碼會導致svn版本庫沖突.
報錯如下:
svn: URL ‘svn://192.168.30.134/modules/test‘ of existing directory ‘/etc/puppet/modules/apache‘ does not match expected URL ‘svn://192.168.30.134/modules/apache‘
解決:登陸puppet master服務器,rm -rf /etc/puppet/*,重新從svn check即可.
操作如下:
[[email protected] puppet]# rm -rf * [[email protected] puppet]# ls [[email protected] puppet]# svn checkout svn://192.168.30.134 /etc/puppet/ Restored ‘/etc/puppet/puppet.conf‘ Restored ‘/etc/puppet/namespaceauth.conf‘ Restored ‘/etc/puppet/auth.conf‘ Restored ‘/etc/puppet/fileserver.conf‘ Restored ‘/etc/puppet/autosign.conf‘ A /etc/puppet/modules A /etc/puppet/modules/test A /etc/puppet/modules/apache A /etc/puppet/modules/apache/files A /etc/puppet/modules/apache/lib A /etc/puppet/modules/apache/manifests A /etc/puppet/modules/apache/manifests/init.pp A /etc/puppet/modules/apache/templates A /etc/puppet/manifests A /etc/puppet/manifests/site.pp A /etc/puppet/manifests/nodes.pp Checked out revision 64.
測試puppet代碼:
puppet notify指令和shell中的echo指令相似,之前的文章介紹過,很多puppet功能測試都會選擇notify指令.
測試節點sh-proxy2更新:
[[email protected] ~]# puppet agent -t Info: Retrieving pluginfacts Info: Retrieving plugin Info: Caching catalog for sh-proxy2.localdomain Info: Applying configuration version ‘1505315382‘ Notice: hello world Notice: /Stage[main]/Main/Notify[hello world]/message: defined ‘message‘ as ‘hello world‘ Notice: Finished catalog run in 0.02 seconds
測試節點sh-web1更新:
[[email protected] ~]# puppet agent -t Notice: Ignoring --listen on onetime run Info: Retrieving pluginfacts Info: Retrieving plugin Info: Caching catalog for sh-web1.localdomain Info: Applying configuration version ‘1505315382‘ Notice: hello world Notice: /Stage[main]/Main/Notify[hello world]/message: defined ‘message‘ as ‘hello world‘ Notice: Finished catalog run in 0.02 seconds
舉例:(多節點匹配操作)
新建模塊apache
cd /etc/puppet/modules
# mkdir apache/{templates,files,lib,manifests}模塊清單文件說明:
uppet模塊,模塊名稱只能使用小寫字母開頭,可以包含小寫字母、數字、下劃線,但不能使用"main"或"settings"。
modules/apache/
files 文件存儲目錄
httpd.conf puppet:///modules/Module_name/module_file
templates: 模板目錄,訪問路徑template("modulename/Tomplatename")
*.erp
manifests: 清單目錄
init.pp 必須包含且只能包含一個與模塊同名的類
httpd.pp 每個清單文件通常只包含一個類,類名不可以與模塊重名,除模塊名外可以隨意命名
lib :ruby插件存儲目錄,用於實現一些自定義的功能
示例:
安裝apache軟件httpd的init.pp文件.
class apache ($sta = "present") {
package {"httpd":
ensure=> $sta,
}
}文件路徑即代碼如圖:
文件說明:
site.pp文件和nodes.pp文件.
site.pp文件為agent訪問master的導航入口文件(site.pp文件直接可以定義資源,class等,批量操作建議引入其他文件).
manifest 可以有多個,manifest之間可以相互調用使用import.
import :導入所有
如下:
import "nodes"
nodes.pp文件作用匹配主機,主機管理文件.
模糊匹配:node /^sh-(web|proxy)\d+/
精確匹配:node "sh-proxy2"
如下:
agent端更新操作測試:
[[email protected] puppet]# puppet agent -t Info: Retrieving pluginfacts Info: Retrieving plugin Info: Caching catalog for sh-proxy2.localdomain Info: Applying configuration version ‘1505376917‘ Notice: /Stage[main]/Apache/Package[httpd]/ensure: created Notice: Finished catalog run in 7.14 seconds
本文出自 “青衫解衣” 博客,請務必保留此出處http://215687833.blog.51cto.com/6724358/1965551
Puppet C/S初探 site.pp文件介紹(十)