1, know puppet

1.1Introduction

What is puppet, let’s explain it without professional terms. Let’s describe some work scenarios first, and understand these work scenarios, naturally we will know what puppet is.

(1) Scene 1:

The administrator wants to create a user named”along” on 100 servers at the same time. What should I do? Of course, we can”manually solve”, log in to each server, and then create one user one by one, if you really This is done, then I can only say, count you!!! However, since this article is about puppet, we will definitely recommend you to use puppet to solve this problem.

 

(2) Scene 2:

The company bought a bunch of cloud servers. These servers may eventually provide the same services. Now administrators need to install some of the same applications on this server. After the installation is complete, the applications on these servers need to be automatically started. What to do, of course, manual solution is yours, brother I served, you said you write a script to solve, um, this is a way, I may also write a script before I know puppet, but we are introducing puppet, We will recommend you to use puppet to solve this problem.

 

(3) Scene 3:

In some servers, we perform large-scale repetitive operations, we can use puppet.

 

After reading the above three scenarios, you should have guessed whatpuppetis doing. Yes, it’s a bit rougher. You can understand it as a batch processing tool, but you can’t fully understand it as a batch processing tool. Because in addition to batch processing, he has some other features and features, we think so for the first time, so that we can get started.

 

1.2Introduction

(1) I have to puppet understanding

Toolslikepuppethave several professional nouns that can be used to refer to them: “Configuration ManagementTools”,” Automated Operation and MaintenanceManagement Tools”.

In Linux, common configuration management tools are puppet, salt stack, ansible, chef, etc. Their functions are similar. Puppet is the big brother in this field, and it takes a long time (I said that the founding time is long. Do not go wrong????), maturity, are widely used,Google, twitter, RedHat, the Cisco and other large companies have used its powerful, Puppet is using ruby research and development,salt stack and ansible belong to the python line,ansible and saltstack are a rising star compared to puppet, and we may summarize them later, but for now, we only talk about puppet.

 

(2) Introduction to technical terms

  •  1 puppet is a centralized configuration management system for Linux/Unix platforms. It uses its own puppet description language to manage configuration files, users, crontasks, packages, system services, and more. Puppet refers to these system entities as resources. The design goal of puppet is to simplify the management of these resources and properly handle the dependencies between resources.
  •  2 Puppet is an open source Ruby-based system configuration management tool. Puppet is a C/S structure. All puppet clients communicate with the same server-side puppet. Each puppet client connects to the server every half hour(can be set), downloads the latest configuration file, and configures the server strictly according to the configuration file. After the configuration is complete, the puppet client can feed back a message to the server. If there is an error, it will also feed back a message to the server.
  •  3 Puppet is an artifact for large-scale cluster management. It is developed inRubyitselfand is based on the C/S architecture. The client deployed on each machine will connect to the Master to check the resource change every other specified time. If the resource changes, the corresponding action will be performed according to the configuration action.
  •  4Puppetabstracts all operational objects into resources, currently coveringmorethan40kinds, such as:File, User, Group, Host, Package, Service, Cron, Exec, etc. I will tell you one by one.
  •  5 Puppetabstracts resources so that each machine can“clear” what “state” it“ should” be, and the client decides to take the specified action based on whether it is currently reached. This allows Puppet to be used not only for traditional application deployments,  but also for more efficient configuration management than application deployment. You can even connect your own development platform on the Master to manage various“resources” through centralized configuration to achieve a highly flexible automated management system.

 

1.3 puppet

  • Resources: is the core of puppet, defined in the resource list through resource declaration. Equivalent to the module in ansible, but the abstraction is more thorough.
  • Class: A list of resources.
  • Module:Contains multiple classes.Equivalentto the role inansible.
  • Site list: The host is the core and which modules are applied.

This article mainly explains resources; the classes, modules, and site lists are all explained in the next section.

 

1.4 puppet common resource types

Group group
User user
Packge Package
Service service
File file
Exec Execute a custom command
Cron Periodic mission plan
Notify Notice
Yumrepo source
Host Host resolution in /etc/hosts

 

1.5 puppet command to use

(1) Query resource type and help information

 

1 puppet describe [-h|–help] [-s|–short] [-p|–providers] [-l|–list] [-m|–meta] [type]
  • -l: list all resource types;
  • -s: Displaybriefhelp information for the specified type; that is, basic options
  • -m: Displaymeta arguments of the specified type, generally used with-s; these options are only used to describe this type

 

(2) Execute resource list command

 

1 puppet apply [-h|–help] [-V|–version] [-d|–debug] [-v|–verbose] [-e|–execute] [–detailed-exitcodes] [-l|–logdest <file>] [–noop] [–catalog <catalog>] [–write-catalog-summary] <file>
  •   -d: Turn on debugging information and display a lot of information
  •   -v: display details
  •   -e: execute the given command directly
  •   -l: The execution result is saved to the file of the specified log, otherwise the execution result will be output to the standard output.
  •   –noop: dry run dry run, just test the run side, not really execute
  •   –catalog: Apply the JSON directory

 

1.6 advantages and disadvantages of puppet

The use and activity of such vertical management systems greatly reduces the burden on the operators and operators in terms of repeatability and batch operation, and can effectively accomplish the established operation and maintenance sub-goals in their respective fields. However, the drawback is that it can only be processed efficiently for specific problems in a certain vertical field, and it is difficult to deal with the correlation between them. Because the essence of operation and maintenance is to ensure the availability of services, and the automatic operation and maintenance is to completely deal with the part that needs human intervention under the premise of complete guarantee, so the criterion for judging its advantages and disadvantages is-with manual processing Compared with the guarantee of the service has not improved. If it is only to solve the alarm and deploy these single actions, the follow-up still needs people to deal with, pay attention to, and judge. There is still a distance from this target. It is not a tool to be able to talk about real automation.

Puppet is an open source software automation configuration and deployment tool. It is simple and powerful, and is getting more and more attention. Now many large IT companies are using puppet to manage and deploy software in the cluster, such as google. the use of puppet manage more than6000platformmacdesktop (2007year data).

The puppet design architecture is based on the c/s architecture. The server side saves all the configuration code for the client server. It is called manifest in the puppet. After the client downloads the manifest, the server can be configured according to the manifest, such as package management, user management and file management.

 

2, puppet usage model and workflow

puppet usage model into single use model and master / agent model;  single use herein mainly on the model, to facilitate entry.

2.1 master/agent model

From the above professional explanation, we can know that puppet is C/S architecture, that is, it has a server and a client, and the administrator can manage each managed one through the puppet server (master). server, but requires puppet client as an intermediary, that is to say, puppet client as an agent (agent), receives puppet configuration information server, according to the server (Master sent from) configuration information for the managed server configuration, The actual configuration operation is the puppet client. Thepuppetserver is only responsible for preparing the configuration information and sending it to the puppet client for the client to perform specific operations. Thepuppetclient has another function, which is to send a report to the puppet server. After the client performs the relevant configuration according to the configuration information, the execution information is sent to the server, such as the success or failure of the execution, the execution result, etc. By default, the puppet client initiates the puppet server once every 30 minutes. Request, request configuration information of the managed server, The puppet server sends the configuration information to the client, and the client judges according to the reverse information to determine whether the managed server meets the administrator-defined configuration. The  working mode of the puppet is the C/S architecture, which can also be understood as The working mode of master/agent is too weak to describe in words.

So, let’s take the two servers and talk about the specific workflow between them, but here we need to explain that the workflow of puppet working under the master/agent model is more complicated than what we have summarized. One point, but for the convenience of getting started, we only take a part of the core process to summarize, in the actual application, we will continue to enrich these processes.

Process analysis:

1 The client puppet agent requests the catalog. As we have already said, the catalog is actually the configuration file corresponding to the managed server (the processed configuration file), the server master receives the request from the agent, and then finds the”site corresponding to the managed server.”The list”, or”host list”, because a”managed server”may serve multiple”role” at the same time, each role may correspond to a”manifest”(that is, a list), so we can Each managed server is configured with a”site list”, which can also be understood as a”list”, but it is a list of one server.

2 After the server master finds the list of sites of the managed server, according to the list of sites, find out which”list” the corresponding server needs, because one server may need more”lists”. In the above figure, only one is drawn for the sake of example. List, but this does not mean there must be only one.

3 master will process all the”lists”found and process them as catalog.

④ master treated catalog sent to the agent terminal.

5 agent receives the catalog sent by the master, then, the agent will query the”current state of the managed server” to see if the current state of the server meets the target state defined in the catalog.

⑥If”is the current state management server”and” catalog defined target state” consistent, then the resource corresponding operation will not be executed if”the current state management server”and” catalog defined target state” inconsistent Then, the operation corresponding to the resource will be executed in order to let the”managed server”reach the “target state” specified by the administrator.

7After the”state judgment” of the previous step, the corresponding operation is executed, and the corresponding report information is generated regardless of whether the execution is successful or not.

8 The agent sends the generated report information to the master.

The above process is the workflow ofpuppetinmaster/agentmode. As we said, by default, the clientrequests configuration information from theserver every30minutes, and then determines whether the current server is based on the configuration information returned by the server. In the target state defined by the administrator, if the managed server is not in the target state defined by the administrator, the corresponding operation needs to be performed, so that the managed host is finally in the target state defined by the administrator, and we do not have to wait every time.In 30minutes, we canpush thecatalogfrom themasterto theagent, and tell theagentthat the configuration has changed. Please perform the corresponding operation.This is a postscript, we will talk later.

 

2.2stand-alone model

Of course,puppet can also work in the master/agent mode. We can install only the puppet client on the managed server and use the client to manually execute the corresponding configuration file. The information in the configuration file is not sent through the puppet server. But through the local configuration file, it is also possible, we temporarily call this work mode that does not require puppet server is stand-alone mode, we can use the stand-alone mode to practice when learning puppet, but in the production environment, normally used for master / agent ways to use Puppet.

Implementation to define multiple manifests –> complier –> catalog –> apply

3, puppet resources explain

3.1 puppet resource introduction

3.1.1Program Installation and Environment

First of all, we still need to install puppet,puppet installation can be installed using source code, you can also use rpm(official), epel source, officially provided yum repository to install (by downloading the official rpm package can specify the official yum repository ).

Here, we are using yum installation.

 

1 [root@along ~]
# yum -y install puppet

3.1.2Introduction to puppet Resources

(1) Resource abstraction

Puppet abstracts resources from three dimensions:

  •  Similar resources are abstracted into the same resource “type”, such as package resources, user resources, and service resources;
  •  Strip the description of a resource property or state from its implementation. For example, just install a package without worrying about it by yum, pkg add, ports, or other means;
  •  Describe only the target state of the resource, that is, the result of its implementation, rather than its specific process, such as”determine that nginx is running “rather than specifically describing it as”running the nginx command to start it up”;

These three are also called puppet’s resource abstraction layer(RAL)

RAL by the type (Type)and(provider providers, i.e. different OS specific implementation on)composition.

(2) Resource definition

1 resource definition is realized by assigning a value to a resource type attribute, which may be called resource type instantiation;

2defines the file of the resource instance, ie the manifest, manifest;

3The syntax for defining resources is as follows:

 

12345 type{‘title’:attribute1  => value1,
atrribute2  => value2,
……}

Note: type must use lowercase characters;  title is a string that must be unique within the same type; each attribute needs to be separated by “,” and the last “,” can be omitted.

For example, you can have both a “service” resource called “nginx” and a “package” resource, but there can only be one resource named “nginx” in a resource of type “package”.

 

(3) Three special attributes in the resource attribute:

  •  Namevar: can be simply referred to as name;
  •  Ensure: the target state of the resource;
  •  Provider: indicates the management interface of the resource;

 

3.2 group:Manage groups

3.2.1Type attribute options

(1) AttributesParameters:

  •  Name: thename of thegroup;
  •  Gid:GID;
  •  System: whether it is a system group,true OR false;
  •  of Ensure: target state,Present(create)/ Absent-(deletion);
  •  Members: member users;

(2)puppet describe group -s -m   can be used to query this type of option before use

Enterprise-level_automated_operation_and_maintenance_tools---puppet_3.png

 

3.2.2Demo

1editmanifest (list)

 

123456 [root@alongmanifest]
# vim group.pp
group{‘mygrp’:name =>’mygrp’,
ensure=> present,
gid =>2000,
}

2 Execute and verify the manifest

 

123456789101112131415161718 [root@along manifest]# puppet apply -v –noop group.pp

Notice: Compiled catalogforalonginenvironment productionin0.18 seconds
Info: Applying configuration version’1550042227’Notice:/Stage
[main]/Main/Group[mygrp]/ensure
: current_value absent, should be present (noop)
Notice: Class[Main]: Would have triggered
‘refresh’from 1 events
Notice: Stage[main]: Would have triggered
‘refresh’from 1 events
Info: Creating statefile
/var/lib/puppet/state/state.yaml
Notice: Finished catalog runin0.03 seconds

[root@along manifest]

# puppet apply -v group.pp

Notice: Compiled catalogforalonginenvironment productionin0.06 secondsInfo: Applying configuration version’1550042298’
Notice:/Stage
[main]/Main/Group[mygrp]/ensure: created
Notice: Finished catalog runin0.09 seconds
[root@along manifest]
# cat /etc/group |grep mygrpmygrp:x:2000:

3.3 user:Manage users

3.3.1 Type Attribute Options

(1) AttributesParameters:

  •  Name: the username;
  •  Uid: UID;
  •  Gid: basic groupID;
  •  Groups: Additional groups not contain basic groups;
  •  Comment: comment
  •  expiry: expiration time;
  •  Home: home directory;
  •  Shell: the defaultshelltype;
  •  System: whether it is a system user;
  •  Ensure:present/absentexists/does not exist;
  •  Password: the encrypted password string;

(2)puppet describe user -s -m   can be used to query this type of option before use

Enterprise-level_automated_operation_and_maintenance_tools---puppet_4.png

 

3.3.2Demo

1 edit manifest (list)

 

1234567891011 [root@along

manifest]

# vim user1.pp

user{

‘along1’

:

ensure

=> present,

system =>

false

,

comment =>

‘Test user’

,

shell =>

‘/usr/sbin/nologin’

,

home =>

‘/app/along’

,

managehome =>

true

,

groups =>

‘mygrp’

,

uid =>

3000

,

}

2executionmanifest


?

12345678 [root@along manifest]# puppet apply -v –noop user1.pp

[root@along manifest]

# puppet apply -v user1.pp

Notice: Compiled catalog

for

along

in

environment production

in

0.08 seconds

Info: Applying configuration version

‘1550042932’

Notice:

/Stage

[main]

/Main/User

[along1]

/ensure

: created

Notice: Finished catalog run

in

0.12 seconds

[root@along manifest]

# cat /etc/passwd |grep along1

along1:x:3000:3000:Test user:

/mnt/along

:

/usr/sbin/nologin

3.4 package: Manage packages

3.4.1 Type Attribute Options

1 attribute:

  •  Ensure: installed, present, latest, absent, any version string (implies present)
  •  Name: the package name;
  •   SOurce: package source, only useful for providers that do not automatically download related packages,  such as rpm or dpkg;
  •   Provider: indicates the installation method;rpm/yum/…

2 puppet describe package -s -m   can query this type of option

Enterprise-level_automated_operation_and_maintenance_tools---puppet_5.png

 

3.4.2Demo

1 create a manifest

 

12345 [root@along

manifest]

# vim pkg.pp

package{

‘redis’

:

ensure

=> installed,

provider => yum

}

2 execution manifest

 

123456789 [root@along manifest]# puppet apply –noop -v pkg.pp

[root@along manifest]

# puppet apply -v pkg.pp

Notice: Compiled catalog

for

along

in

environment production

in

0.26 seconds

Warning: The package

type

‘s allow_virtual parameter will be changing its default value from

false

to

true

in

a future release. If you

do

not want to allow virtual packages, please explicitly

set

allow_virtual to

false

.

(at

/usr/share/ruby/vendor_ruby/puppet/type

.rb:816:

in

`set_default’)

Info: Applying configuration version

‘1550044027’

Notice:

/Stage

[main]

/Main/Package

[redis]

/ensure

: created

Notice: Finished catalog run

in

6.09 seconds

[root@along manifest]

# rpm -ql redis

3.5 service: Manage running services

3.5.1 Type Attribute Options

1 attribute:

  •  Ensure:running\true(on) or stopped/false(stop)
  •   Enable: Whether to boot from:true(power on),false(not self-start),manual(manual)
  •  Name: the name of the service
  •   Binary: If the service is not started by system ctl/service, you need to specify the startup command; for example, nginx -s start
  •   Path: If the service is not started by system ctl/service, it is started by script, indicating the path path.Multiple values ​​should be separated by a colon or provided as an array. The search path of the script, the default is/etc/init.d/;
  •   Hasrestart: whether to support restart this parameter restart;true / fault;true means support
  •   Hasstatus: Whether to support status parameter view status; true/false
  •   Start: manually define the start command;
  •   Stop: manually define the close command;
  •   Status: Ifhasstatusmanually defines the view information command for false;
  •   Restart: manually define there load operation if has restart is false

2 puppet describe service -s -m   can query this type of option

Enterprise-level_automated_operation_and_maintenance_tools---puppet_6.png

 

3.5.2 Demo1: Turn on the redis service

1 Write a list of manifest resources

 

12345 [root@along

manifest]

# vim srv1.pp

service{

‘redis’

:

ensure

=> running,

enable =>

true

,

}

2execution


?

123456789 [root@along manifest]# puppet apply -v –noop srv1.pp

[root@along manifest]

# puppet apply -v srv1.pp

Notice: Compiled catalog

for

along

in

environment production

in

0.08 seconds

Info: Applying configuration version

‘1550044320’

Notice:

/Stage

[main]

/Main/Service

[redis]

/ensure

: ensure changed

‘stopped’

to

‘running’

Info:

/Stage

[main]

/Main/Service

[redis]: Unscheduling refresh on Service[redis]

Notice: Finished catalog run

in

0.11 seconds

[root@along manifest]

# ss -nutl |grep 6379

tcp    LISTEN     0      128    127.0.0.1:6379                  *:*

3.5.2Demo1: Download the memcached package and open the service

1 Write a list of manifest resources

[root@along manifest]#vim srv2.pppackage {'memcached':Ensure=>installed,}Service{'memcached':Ensure=>running,Enable=>false,Require=> Package['memcached']}

2 execution

 

123456789101112 [root@along manifest]# puppet apply -v –noop srv2.pp

[root@along manifest]

# puppet apply -v srv2.pp

Notice: Compiled catalog

for

along

in

environment production

in

0.35 seconds

Warning: The package

type

‘s allow_virtual parameter will be changing its default value from

false

to

true

in

a future release. If you

do

not want to allow virtual packages, please explicitly

set

allow_virtual to

false

.

(at

/usr/share/ruby/vendor_ruby/puppet/type

.rb:816:

in

`set_default’)

Info: Applying configuration version

‘1550044434’

Notice:

/Stage

[main]

/Main/Package

[memcached]

/ensure

: created

Notice:

/Stage

[main]

/Main/Service

[memcached]

/ensure

: ensure changed

‘stopped’

to

‘running’

Info:

/Stage

[main]

/Main/Service

[memcached]: Unscheduling refresh on Service[memcached]

Notice: Finished catalog run

in

3.28 seconds

[root@along manifest]

# ss -nutlp |grep memcached

udp    UNCONN     0      0         *:11211                 *:*

users

:((

“memcached”

,pid=8573,fd=28))

3.6 file: Manage files, including their content, ownership, and permissions

3.6.1 Type Attribute Options

(1) type of attributes, options

1 attribute

  •   of Ensure:`present`creation,` absent`delete, `file`create regular file,` directory`create directories, link`create a soft link.
  •   File: The type is a normal file whose content is generated by the content attribute or copied by the file path pointed to by the source attribute.
  •   Link: The type is a symbolic link file, and the target file whose link must be specified by the target attribute;
  •   Directory: The type is a directory, which can be copied and generated by the path pointed to by source. Therecurseattribute indicates whether it is recursively copied.
  •  Path: the file path;
  •   Source: the source file; you need to specify when copying the contents of the file
  •   Content: file content; write file content directly
  •   Target: the target file of the symbolic link;
  •   Owner: owner
  •   Group: group
  •   Mode: permission;
  •   A time/c time/m time: timestamp;
  •  Access time: access time, a time, read file content
  • Modify time: modify the time, m time, change the file content (data)
  •  Change time: change time, c time, metadata changes

2 puppet describe file -s -m |tail -20

Enterprise-level_automated_operation_and_maintenance_tools---puppet_9.png

 

3.6.2 Demo1: Createtest.txtand write the content directly

Createtest.txtand write the content directly

1write a manifest list

 

 

[root@along manifest]#vim file1.ppfile{'/mnt/test.txt':Ensure=>file,Content=>"How are you?\nHow old are you?\n",Owner=>'along1',Group=>'mygrp',Mode=>'0400'}

 

 

2 execution

 

1234567891011 [root@along manifest]# puppet apply -v –noop file1.pp

[root@along manifest]

# puppet apply -v file1.pp

Notice: Compiled catalog

for

along

in

environment production

in

0.07 seconds

Info: Applying configuration version

‘1550044597’

Notice:

/Stage

[main]

/Main/File

[

/mnt/test

.txt]

/ensure

: defined content as

‘{md5}93c1208b855bf27a44bb2eb1b022b8cd’

Notice: Finished catalog run

in

0.04 seconds

[root@along manifest]

# ll /mnt/test.txt

-r——– 1 along1 mygrp 30 Feb 13 15:56

/mnt/test

.txt

[root@along manifest]

# cat /mnt/test.txt

How are you?

How old are you?

3.6.3 Demo2: Create a file and copy the contents of another file; then create a soft link file for this file

1 write a manifest list

 

 

[root@along manifest]#vim file2.ppfile{'redis.conf':Path=>'/mnt/redis.conf',Ensure=>file,Source=>'/root/manifest/files/redis.conf'}File{'symlink.conf':Ensure=>link,Path=>'/mnt/symlink.conf',Target=>'/mnt/redis.conf',the require=> File ['redis.conf']}

 

 

Tip: If you want to specify the source, it is best to copy the source file to this directory first, because in themaster-agent mode, you cannot ensure that the file on the agent machine has a file to be copied; this operation needs to be in/root. /manifests/files/Prepare theredis.confile.

 

12 [root@along manifest]# mkdir files

[root@along manifest]

# cp /etc/redis.conf /root/manifest/files/

2 execution

 

12345678910 [root@along manifest]# puppet apply -v –noop file2.pp

[root@along manifest]

# puppet apply -v file2.pp

Notice: Compiled catalog

for

along

in

environment production

in

0.07 seconds

Info: Applying configuration version

‘1550045858’

Notice:

/Stage

[main]

/Main/File

[redis.conf]

/ensure

: defined content as

‘{md5}d98629fded012cd2a25b9db0599a9251’

Notice:

/Stage

[main]

/Main/File

[

symlink

.conf]

/ensure

: created

Notice: Finished catalog run

in

0.05 seconds

[root@along manifest]

# ll /mnt/redis.conf /mnt/symlink.conf

-rw-r—– 1  777 root 46729 Feb 13 16:17

/mnt/redis

.conf

lrwxrwxrwx 1 root root    15 Feb 13 16:17

/mnt/symlink

.conf ->

/mnt/redis

.conf

3.6.4Demo3: Create a directory and recursively copy another directory

Create a directory and recursively copy another directory

1write a manifest list

 

 

[root@along manifest]#vim file3.ppfile{'test.dir':Ensure=>directory,Path=>'/app/test.dir',Source=>'/etc/httpd',recurse=> to true#recursive copy}

 

 

note:

Directory replication directory,  is to recursively copy all files under the directory;

Do not use path for the directory, source for the file, do not copy this file to the directory; only the directory replication directory

 

2 execution

 

123456789101112131415161718 [root@along manifest]# puppet apply -v file3.pp

Notice: Compiled catalog

for

along

in

environment production

in

0.07 seconds

Info: Applying configuration version

‘1550046089’

Notice:

/Stage

[main]

/Main/File

[

test

.

dir

]

/ensure

: created

Notice:

/Stage

[main]

/Main/File

[

/mnt/test

.

dir

/along

]

/ensure

: created

Notice:

/Stage

[main]

/Main/File

[

/mnt/test

.

dir

/along/

.bash_logout]

/ensure

: defined content as

‘{md5}6a5bc1cc5f80a48b540bc09d082b5855’

Notice:

/Stage

[main]

/Main/File

[

/mnt/test

.

dir

/symlink

.conf]

/ensure

: created

Notice:

/Stage

[main]

/Main/File

[

/mnt/test

.

dir

/along/

.bash_profile]

/ensure

: defined content as

‘{md5}f939eb71a81a9da364410b799e817202’

Notice:

/Stage

[main]

/Main/File

[

/mnt/test

.

dir

/redis

.conf]

/ensure

: defined content as

‘{md5}d98629fded012cd2a25b9db0599a9251’

Notice:

/Stage

[main]

/Main/File

[

/mnt/test

.

dir

/along/

.bashrc]

/ensure

: defined content as

‘{md5}2f8222b4f275c4f18e69c34f66d2631b’

Notice:

/Stage

[main]

/Main/File

[

/mnt/test

.

dir

/test

.txt]

/ensure

: defined content as

‘{md5}93c1208b855bf27a44bb2eb1b022b8cd’

Notice: Finished catalog run

in

0.08 seconds

[root@along manifest]

# ll /mnt/test.dir/

total 52

drwx—— 2 along1 along1    62 Feb 13 16:21 along

-rw-r—– 1    777 root   46729 Feb 13 16:21 redis.conf

lrwxrwxrwx 1 root   root      15 Feb 13 16:21

symlink

.conf ->

/mnt/redis

.conf

-r——– 1 along1 mygrp     30 Feb 13 16:21

test

.txt

3.6.5 Demo4: Download the redis package, copy the configuration file, start the redis service

Download the redis package, copy the configuration file, start the redis service

1write a manifest list

 

 

[root@along manifest]#vim srv3.pppackage{'redis':Ensure=>installed,}File{'/etc/redis.conf':Ensure=>file,Source=>'/root/manifest/files/redis.conf',owner=>'Redis',Group=>'root',Mode=>'0640'}Service{'redis':Ensure=>running,Enable=>false}Package['redis'] -> File['/etc/redis.conf'] -> Service['redis']

 

 

Note: Imodified the port ofthe/root/manifest/files/redis.confconfiguration file to6300 inadvance.

 

2 execution

 

1234567891011121314 [root@along manifest]# puppet apply -v –noop srv3.pp

[root@along manifest]

# puppet apply -v srv3.pp

Notice: Compiled catalog

for

along

in

environment production

in

0.46 seconds

Warning: The package

type

‘s allow_virtual parameter will be changing its default value from

false

to

true

in

a future release. If you

do

not want to allow virtual packages, please explicitly

set

allow_virtual to

false

.

(at

/usr/share/ruby/vendor_ruby/puppet/type

.rb:816:

in

`set_default’)

Info: Applying configuration version

‘1550046351’

Notice:

/Stage

[main]

/Main/Package

[redis]

/ensure

: created

Info:

/Stage

[main]

/Main/File

[

/etc/redis

.conf]: Filebucketed

/etc/redis

.conf to puppet with

sum

d98629fded012cd2a25b9db0599a9251

Notice:

/Stage

[main]

/Main/File

[

/etc/redis

.conf]

/content

: content changed

‘{md5}d98629fded012cd2a25b9db0599a9251’

to

‘{md5}d3fc0c22e1a90f88a895242b2a251dad’

Notice:

/Stage

[main]

/Main/Service

[redis]

/ensure

: ensure changed

‘stopped’

to

‘running’

Info:

/Stage

[main]

/Main/Service

[redis]: Unscheduling refresh on Service[redis]

Notice: Finished catalog run

in

3.65 seconds

[root@along manifest]

# ss -nutlp |grep 6300

tcp    LISTEN     0      128    127.0.0.1:6300                  *:*

users

:((

“redis-server”

,pid=11628,fd=4))

3.7 exec: Execute external commands

Note: Any command in an exec resource must be able to run multiple times without damage—that is, it must be idempotent.

3.7.1Type Attribute Options

  •  Command: the command to run;
  •  Cwd: the directory used to run the command
  •  Creates:  file path, the command is executed only if the file represented by this path does not exist;
  •  User/group: the identity of the user running the command;
  •  Path: The search path used to execute the command. If no path is specified, the command must be fully qualified.
  •  Only if: This attribute specifies a command, this command is normal (exit code is0), the current command will run when running;
  •  Unless: This attribute specifies a command. This command is abnormal (the exit code is non-zero). The current command will run when running.
  •  Refresh: Re-execute the replacement command of the current command;
  •  Refresh only:Runs only when notification of the subscribed resource is received;

Enterprise-level_automated_operation_and_maintenance_tools---puppet_18.png

 

3.7.2Demo1: Creating a directory

Create a directory

1write a manifest list

[root@along manifest]#vim cmd1.ppexec{'cmd':Command=>'[ -e /mnt/testdir ] || mkdir /mnt/testdir',Path=> ['/bin','sbin','/usr/bin','/usr/sbin'],#creates => '/mnt/testdir' Determine if the directory exists}

Analysis: first determine whether the directory exists, there is no need to create a directory,  so that the command is idempotent; even if the directory already exists, there will be no error

 

2 execution

 

123456789101112 [root@along manifest]# puppet apply -v cmd1.pp

Notice: Compiled catalog

for

along

in

environment production

in

0.02 seconds

Info: Applying configuration version

‘1550047003’

Notice:

/Stage

[main]

/Main/Exec

[cmd]

/returns

: executed successfully

Notice: Finished catalog run

in

0.03 seconds

[root@along manifest]

# ll -d /mnt/testdir/

drwxr-xr-x 2 root root 6 Feb 13 16:36

/mnt/testdir/

[root@along manifest]

# puppet apply -v cmd1.pp

Notice: Compiled catalog

for

along

in

environment production

in

0.02 seconds

Info: Applying configuration version

‘1550047046’

Notice:

/Stage

[main]

/Main/Exec

[cmd]

/returns

: executed successfully

Notice: Finished catalog run

in

0.03 seconds

3.7.3 Demo2: Creating a User

 

1234567891011121314 —编写manifest 清单[root@along manifest]

# vim cmd2.pp

exec

{

‘user’

:

command

=>

‘useradd along’

,

path =>

‘/bin:sbin:/usr/bin:/usr/sbin’

,

unless =>

‘id along’

}

—执行

[root@along manifest]

# puppet apply -v cmd2.pp

Notice: Compiled catalog

for

along

in

environment production

in

0.02 seconds

Info: Applying configuration version

‘1550047187’

Notice: Finished catalog run

in

0.03 seconds

[root@along manifest]

# id along

uid=1000(along) gid=1000(along)

groups

=1000(along)

3.7.4Demo3: Download, turn on redis

1 write a manifest list

 

 

[root@along manifest]#vim cmd3.pppackage{'redis':Ensure=>installed,}File{'/etc/redis.conf':Ensure=>file,Source=>'/root/manifest/files/redis.conf',owner=>'Redis',Group=>'root',Mode=>'0640'}Exec{'redis':Command=>'/usr/bin/systemctl start redis',Refresh=>"/usr/bin/systemctl restart redis",User=>'Redis',Group=>'redis',}Package['redis'] -> File['/etc/redis.conf'] ~> Exec['redis']

 

 

Note: When the configuration file is modified, the action is triggered, and the refresh command is executed instead of command.

2 execution

 

1234567891011 [root@along manifest]# vim files/redis.conf   把redis 端口修改为7777,再执行

port 7777

[root@along manifest]

# puppet apply -v cmd3.pp

Notice: Compiled catalog

for

along

in

environment production

in

0.38 seconds

Warning: The package

type

‘s allow_virtual parameter will be changing its default value from

false

to

true

in

a future release. If you

do

not want to allow virtual packages, please explicitly

set

allow_virtual to

false

.

(at

/usr/share/ruby/vendor_ruby/puppet/type

.rb:816:

in

`set_default’)

Info: Applying configuration version

‘1550109397’

Notice:

/Stage

[main]

/Main/Exec

[redis]

/returns

: executed successfully

Notice: Finished catalog run

in

0.12 seconds

[root@along manifest]

# ss -nutlp |grep redis

tcp    LISTEN     0      128    127.0.0.1:7777                  *:*

users

:((

“redis-server”

,pid=4988,fd=4))

3.8 cron: Installing and managing cron jobs

EachcronresourcecreatedbyPuppetrequires a command and at least one cycle attribute(hour, minute, month, month, weekday, or special)

3.8.1 Type Attribute Options

  •  Command: the task to be performed;
  •  Ensure:present/absent;
  •  Hour:
  •  Minute:
  •  Month day:
  •  Month:
  •  Weekday:
  •  User: which user to run the command as
  •  Target: the task of which user to add
  •  Name: the name of the cron job;

Enterprise-level_automated_operation_and_maintenance_tools---puppet_21.png

 

3.8.2 Demo

1write a manifest list

Download the ntpdate package and make a scheduled task,syncingevery5minutes

 

 

[root@along manifest]#vim cron.pppackage{'ntpdate':Ensure=>installed,}Cron{'mysync':Command=>'/usr/sbin/ntpdate 192.168.10.1 &> /dec/null',Ensure=>present,Minute=>"*/5",Target=>'root'}

 

 

 

2 execution

 

123456789101112131415 [root@along manifest]# puppet apply -v cron.pp

Notice: Compiled catalog

for

along

in

environment production

in

0.29 seconds

Warning: The package

type

‘s allow_virtual parameter will be changing its default value from

false

to

true

in

a future release. If you

do

not want to allow virtual packages, please explicitly

set

allow_virtual to

false

.

(at

/usr/share/ruby/vendor_ruby/puppet/type

.rb:816:

in

`set_default’)

Info: Applying configuration version

‘1550109974’

Notice:

/Stage

[main]

/Main/Cron

[mysync]

/ensure

: created

Notice:

/Stage

[main]

/Main/Package

[ntpdate]

/ensure

: created

Notice: Finished catalog run

in

3.20 seconds

[root@along manifest]

# crontab -l

# HEADER: This file was autogenerated at 2019-02-14 10:06:14 +0800 by puppet.

# HEADER: While it can still be managed manually, it is definitely not recommended.

# HEADER: Note particularly that the comments starting with ‘Puppet Name’ should

# HEADER: not be deleted, as doing so could cause duplicate cron jobs.

# Puppet Name: mysync

*

/5

* * * *

/usr/sbin/ntpdate

192.168.10.1 &>

/dec/null

3.9 notify: Send an arbitrary message to the agent runtime log

3.9.1 Type Attribute Options

  •  Message: information content
  •  Name: the name of the information;

 

3.9.2 Demo

 

123456789101112 —编写manifest 清单[root@along manifest]

# vim notify.pp

notify{

‘syhi’

:

message =>

“hi there.”

}

—执行

[root@along manifest]

# puppet apply -v notify.pp

Notice: Compiled catalog

for

along

in

environment production

in

0.01 seconds

Info: Applying configuration version

‘1550110275’

Notice: hi there.

Notice:

/Stage

[main]

/Main/Notify

[syhi]

/message

: defined

‘message’

as

‘hi there.’

Notice: Finished catalog run

in

0.04 seconds

3.10 Common resources for non-core types:yum repo, host

(1)yum repo:yum source

Enterprise-level_automated_operation_and_maintenance_tools---puppet_24.png

 

(2)host: definename resolution in/etc/hosts

Enterprise-level_automated_operation_and_maintenance_tools---puppet_25.png

 

4, the special attributes of the resource

4.1 Inter-resource dependencies and notification relationships

4.1.1 dependency metadata parameters:before/require

(1) Format:3implementation method

1 A before B: B depends on A and is defined in the A resource;

{...Before=> Type['B'],...}

2 B require A: B depends on A and is defined in the B resource;

{...Require=> Type['A'],...}

3 A -> B,B depends on A

 

(2) Note:

1 before,requireand->can use one of them

2resource reference:Type[‘title’]

The first letter of the type must be capitalized

 

(3) Demo: Create a user that needs to depend on a group

1 create a manifest

 

 

[root@along manifest]#vim user2.pp[root@along manifest]#cat user2.ppgroup{'redhat':Ensure=>present,#before => User['ilinux'], #方案1}User{'ilinux':Ensure=>present,Comment=>"ilinux.io",Groups=>'redhat',Require=> Group['redhat'],#方案2}#Group['redhat'] -> User['ilinux'] #方案3

 

 

 

2 execution, first created the group redhat, then created the user in linux

 

123456 [root@along manifest]# puppet apply -v user2.pp

Notice: Compiled catalog

for

along

in

environment production

in

0.14 seconds

Info: Applying configuration version

‘1550043297’

Notice:

/Stage

[main]

/Main/Group

[redhat]

/ensure

: created

Notice:

/Stage

[main]

/Main/User

[ilinux]

/ensure

: created

Notice: Finished catalog run

in

0.12 seconds

4.1.2Notification Relationship: Notify other related resources to perform”refresh” operations

(1) Format:notify/subscribe

1 notify:A notify B:B depends on A, and will notify B after A changes;

{...Notify=> Type['B'],...}

2 subscribe:B subscribe A:B depends on A, and B monitors events generated by changes in A resources;

{...Subscribe=> Type['A'],...}

3 A ~ B,B depends on the abbreviated version of A

 

(2) Example: download the redis package, copy the configuration file, start the redis service

1modify thesrv3.pp manifest list

 

 

[root@along manifest]#vim srv3.pppackage{'redis':Ensure=>installed,}File{'/etc/redis.conf':Ensure=>file,Source=>'/root/manifest/files/redis.conf',owner=>'Redis',Group=>'root',Mode=>'0640',#notify => Service['redis']}Service{'redis':Ensure=>running,Enable=>false,Hasrestart=>true,#subscribe => File['/etc/redis.conf']}Package['redis'] -> File['/etc/redis.conf'] ~> Service['redis']

 

 

 

2 execution

 

12345678910111213141516 [root@along manifest]# puppet apply -v –noop srv3.pp

[root@along manifest]

# puppet apply -v srv3.pp

Notice: Compiled catalog

for

along

in

environment production

in

0.42 seconds

Warning: The package

type

‘s allow_virtual parameter will be changing its default value from

false

to

true

in

a future release. If you

do

not want to allow virtual packages, please explicitly

set

allow_virtual to

false

.

(at

/usr/share/ruby/vendor_ruby/puppet/type

.rb:816:

in

`set_default’)

Info: Applying configuration version

‘1550046675’

Notice:

/Stage

[main]

/Main/Package

[redis]

/ensure

: created

Info: FileBucket got a duplicate

file

{md5}d98629fded012cd2a25b9db0599a9251

Info:

/Stage

[main]

/Main/File

[

/etc/redis

.conf]: Filebucketed

/etc/redis

.conf to puppet with

sum

d98629fded012cd2a25b9db0599a9251

Notice:

/Stage

[main]

/Main/File

[

/etc/redis

.conf]

/content

: content changed

‘{md5}d98629fded012cd2a25b9db0599a9251’

to

‘{md5}d3fc0c22e1a90f88a895242b2a251dad’

Info:

/Stage

[main]

/Main/File

[

/etc/redis

.conf]: Scheduling refresh of Service[redis]

Notice:

/Stage

[main]

/Main/Service

[redis]

/ensure

: ensure changed

‘stopped’

to

‘running’

Info:

/Stage

[main]

/Main/Service

[redis]: Unscheduling refresh on Service[redis]

Notice: Finished catalog run

in

5.25 seconds

[root@along manifest]

# ss -nutlp |grep redis

tcp    LISTEN     0      128    127.0.0.1:6300                  *:*

users

:((

“redis-server”

,pid=12492,fd=4))

3Modify/root/manifest/files/redis.conf  tochangethe port to6000

 

1234567891011121314 [root@along manifest]# vim files/redis.conf

port 6000

[root@along manifest]

# puppet apply -v srv3.pp    再执行,因为文件发生了修改,触发了重启服务,端口也确实改为了6000

Notice: Compiled catalog

for

along

in

environment production

in

0.44 seconds

Warning: The package

type

‘s allow_virtual parameter will be changing its default value from

false

to

true

in

a future release. If you

do

not want to allow virtual packages, please explicitly

set

allow_virtual to

false

.

(at

/usr/share/ruby/vendor_ruby/puppet/type

.rb:816:

in

`set_default’)

Info: Applying configuration version

‘1550046726’

Info:

/Stage

[main]

/Main/File

[

/etc/redis

.conf]: Filebucketed

/etc/redis

.conf to puppet with

sum

d3fc0c22e1a90f88a895242b2a251dad

Notice:

/Stage

[main]

/Main/File

[

/etc/redis

.conf]

/content

: content changed

‘{md5}d3fc0c22e1a90f88a895242b2a251dad’

to

‘{md5}46e070a908eb1aca5c908e62dd4296b9’

Info:

/Stage

[main]

/Main/File

[

/etc/redis

.conf]: Scheduling refresh of Service[redis]

Notice:

/Stage

[main]

/Main/Service

[redis]: Triggered

‘refresh’

from 1 events

Notice: Finished catalog run

in

0.23 seconds

[root@along manifest]

# ss -nutlp |grep redis

tcp    LISTEN     0      128    127.0.0.1:6000                  *:*

users

:((

“redis-server”

,pid=12785,fd=4))

4.2 tag label

Like ansible, puppet can also define a”tag” -a tag. After tagging, we can run only a tagged part, not all, when running the resource. This makes it easier for us to operate.

A resource can have one tag or more.

(1) Format:

Resource definition:

 

 

Type{'title':...Tag=>'TAG1',}Type{'title':...Tag=> ['TAG1','TAG2',...],}

 

 

 

Manually called:

1 puppet apply –tags TAG1,TAG2,… FILE.PP

 

(2) Example:

1 create a manifest

 

1234567891011121314151617181920twenty one [root@along manifest]# vim srv3.pp

package{

‘redis’

:

ensure => installed,

}

file

{

‘/etc/redis.conf’

:

ensure  =>

file

,

source

=>

‘/root/manifests/files/redis.conf’

,

owner   =>

‘redis’

,

group   =>

‘root’

,

mode    =>

‘0640’

,

tag     =>

‘conf’

}

service{

‘redis’

:

ensure  => running,

enable

=>

false

,

hasrestart =>

true

}

Package[

‘redis’

] -> File[

‘/etc/redis.conf’

] ~> Service[

‘redis’

]

2 execution

 

5, puppet variable

The puppet variable starts with “$”, the assignment operator is “=”, and the syntax is $variable_name=value.

(1) Data type:

  •  Character type: quotes may or may not be; however, single quotes are strong references, double quotes are weak references; support for escapes;
  •  Numeric: The default is recognized as a string, and is treated as a numeric value only in the numeric context;
  •  Array: Alist of elements separated by commas in[];
  •  Boolean value: true, false; cannot be quoted;
  •  Hash:{}separates the k/v data list with a comma; the key is a character type, and the value is any type supported by puppet;{ ‘mon’ => ‘Monday’, ‘tue’ => ‘Tuesday’, };
  •  Undef: the value type of a variable that has never been declared;

 

(2) Regular expression:

(?<ENABLED OPTION>:<PATTERN>)(?-<DISABLED OPTION>:<PATTERN>)OPTIONS:i: ignore character case;m: put a newline character;x: ignorewhitespace characters in <PATTERN>;

Note: You cannot assign a value to a variable. It can only be used to accept the position of the=~or!~operator.

 

(3)Variable types of puppet

There are three types of puppet, such a facts, built-in variables, and user-defined variables.

    •  Facts:
      •  Providedbyfacter;top scope;
    •  Built-in variables:
      •  master-side variables:$ ServerName, $ ServerIP, $ ServerVersion
      •  Agentside variable:$clientcert, $clientversion, $environment
      •  Parservariable: $module_name
    •  User-defined variable

 

(4) Scope of the variable

  •  Different variables also have different scopes. We call it Scope.
  •  There are three scopes, top scope, node scope, and class scope.
  •  The effective scope is sorted as:top scope > node scope > class scope

Enterprise-level_automated_operation_and_maintenance_tools---puppet_32.png