#### Puppet擴展篇2-如何使用虛擬資源解決puppet沖突問題
虛擬資源是一種用來管理多種配置共同依賴同一資源的方法。如果多個類依賴同一個資源時則可避免寫多個資源,也可以解決資源重定義的錯誤。虛擬資源經常用于用戶管理中,虛擬資源只會被聲明一次,但可以運用一次或多次。
要使用虛擬資源是需要在資源聲明開頭加上字符“@”來使資源虛擬化。然后再使用下面兩種方法之一來實例化虛擬資源:
- "飛船"語法<||>
- realize函數
# 1. 定義兩個用戶,puppet和root,并將其虛擬化
注意定義虛擬資源必須在全局作用域或者節點作用域中定義,簡單的理解,以下目錄中site.pp就是全局作用域,包含nodes目錄(site.pp中import了nodes目錄),在節點node下定義的虛擬資源屬于節點作用域,其他模塊中的都屬于局部作用域。
### 1.1 在全局作用域中創建對應的pp文件
~~~
[root@linuxmaster1poc testing]# tree manifests/
manifests/
├── nodes
│ ├── puppetclient.pp
│ ├── virtual_group.pp
│ └── virtual_user.pp
└── site.pp
1 directory, 4 files
~~~
### 1.2 創建虛擬用戶puppet、root、xiaonuo
~~~
[root@linuxmaster1poc testing]# vim manifests/nodes/virtual_user.pp
class alluser{
include alluser::puppet,alluser::root
}
class alluser::puppet{
@user { 'puppet':
ensure => present,
uid => '52',
gid => '52',
home => '/var/lib/puppet',
shell => '/sbin/nologin',
}
}
class alluser::root{
@user { 'root':
ensure => present,
uid => '0',
gid => '0',
home => '/root',
shell => '/bin/bash',
}
}
class alluser::xiaonuo{
@user { 'xiaonuo':
ensure => present,
uid => '600',
gid => '600',
home => '/home/xiaonuo',
shell => '/sbin/nologin',
}
}
~~~
### 1.3 創建虛擬組puppet、root和xiaonuo
~~~
[root@linuxmaster1poc testing]# vim manifests/nodes/virtual_group.pp
class allgroup{
include allgroup::puppet,allgroup::root
}
class allgroup::puppet{
@group { 'puppet':
ensure => present,
name => 'puppet',
gid => '52',
allowdupe => false,
members => 'puppet',
}
}
class allgroup::root{
@group { 'root':
ensure => present,
name => 'root',
gid => '0',
allowdupe => false,
members => 'root',
}
}
class allgroup::xiaonuo{
@group { 'xiaonuo':
ensure => present,
name => 'xiaonuo',
gid => '600',
allowdupe => false,
members => 'xiaonuo',
}
}
~~~
# 2. 編寫puppet模塊,將虛擬資源用戶puppet和組puppet實化
### 2.1 編寫pupppet模塊
~~~
[root@linuxmaster1poc testing]# tree environment/modules/puppet
environment/modules/puppet
├── files
├── manifests
│ ├── config.pp
│ ├── init.pp
│ ├── install.pp
│ ├── params.pp
│ └── service.pp
├── README
└── templates
├── auth.conf.erb
├── namespaceauth.conf.erb
└── puppet.conf.erb
3 directories, 9 files
~~~
### 2.2 編寫puppet_linux57poc模塊
~~~
[root@linuxmaster1poc testing]# tree agents/modules/puppet_linux57poc/
agents/modules/puppet_linux57poc/
├── files
├── manifests
│ └── init.pp
└── templates
├── facts.txt.erb
└── motd.erb
3 directories, 3 files
~~~
### 2.3 實例化虛擬資源
**2.3.1 在puppet模塊中實例化**
~~~
[root@linuxmaster1poc testing]# vim environment/modules/puppet/manifests/config.pp
class puppet::config{
include puppet::params
include puppet::puppet_config,puppet::namespaceauth_config,puppet::auth_config,puppet::user,puppet::group
include alluser,allgroup #必須將節點作用域中的類包含進來
}
class puppet::puppet_config{
file { '/etc/puppet/puppet.conf':
ensure => present,
content => template('puppet/puppet.conf.erb'),
owner => 'puppet',
group => 'puppet',
mode => '0644',
backup => main,
require => Class['puppet::install','puppet::user','puppet::group'],
notify => Class['puppet::service'],
}
}
class puppet::auth_config{
file { '/etc/puppet/auth.conf':
ensure => present,
content => template('puppet/auth.conf.erb'),
owner => 'puppet',
group => 'puppet',
mode => '0644',
backup => main,
require => Class['puppet::install','puppet::user','puppet::group'],
notify => Class['puppet::service'],
}
}
class puppet::namespaceauth_config{
file { '/etc/puppet/namespaceauth.conf':
ensure => present,
content => template('puppet/namespaceauth.conf.erb'),
owner => 'puppet',
group => 'puppet',
mode => '0644',
backup => main,
require => Class['puppet::install','puppet::user','puppet::group'],
notify => Class['puppet::service'],
}
}
class puppet::user{ #使用飛船語法實化用戶puppet資源
# realize User['puppet']
User <| title == 'puppet' |>
}
class puppet::group{ #使用realize函數實化組puppet資源
realize Group['puppet']
# Group <| title == 'puppet' |>
}
~~~
**2.3.2 在puppet_linux57poc模塊中實例化**
~~~
[root@linuxmaster1poc testing]# cat agents/modules/puppet_linux57poc/manifests/init.pp
class puppet_linux57poc{
include puppet_linux57poc::motd_install,puppet_linux57poc::motd_config,puppet_linux57poc::facts,puppet_linux57poc::user,puppet_linux57poc::group
include alluser,allgroup #必須將節點作用域中的類包含進來
}
class puppet_linux57poc::motd_install{
package{ setup:
ensure => present,
}
}
class puppet_linux57poc::motd_config{
file{ "/etc/motd":
owner => "xiaonuo",
group => "root",
mode => 0440,
content => template("puppet_linux57poc/motd.erb"),
backup => 'main',
require => Class['puppet_linux57poc::motd_install','puppet_linux57poc::user','puppet_linux57poc::group']
}
}
class puppet_linux57poc::facts{
file{ "/etc/mcollective/facts.txt":
owner => "root",
group => "root",
mode => 0400,
content => template("puppet_linux57poc/facts.txt.erb"),
backup => 'main',
require => Class['puppet_linux57poc::motd_install','puppet_linux57poc::user','puppet_linux57poc::group']
}
}
class puppet_linux57poc::user{ #使用realize函數實化用戶xiaonuo和root資源
realize( User['xiaonuo'],
User['root'] )
}
class puppet_linux57poc::group{ #使用realize函數實化組xiaonuo和root資源
realize( Group['xiaonuo'],
Group['root'] )
}
~~~
# 3. 測試
### 3.1 測試puppet模塊(略)
### 3.2 測試puppet_linux57poc模塊
**3.2.1 查看當前系統是否有xiaonuo用戶和組**
~~~
[root@linux57poc puppet]# id xiaonuo
id: xiaonuo: No such user
[root@linux57poc puppet]# cat /etc/group | grep xiaonuo
[root@linux57poc puppet]#
[root@linux57poc puppet]# ll /etc/motd
-rwxrwxrwx 1 puppet puppet 313 Jan 2 06:17 /etc/motd
~~~
**3.2.2 同步puppetmaster**
~~~
[root@linux57poc puppet]# puppet agent -t --environment=testing
info: Retrieving plugin
info: Loading facts in /var/lib/puppet/lib/facter/fact_apply.rb
info: Caching catalog for puppet_linux57poc.dev.shanghaigm.com
info: Applying configuration version '1389555288'
notice: /Stage[main]/Allservice::Lm_sensors_service/Service[lm_sensors]/ensure: ensure changed 'running' to 'stopped'
notice: /Group[xiaonuo]/ensure: created
notice: /Stage[main]/Alluser::Xiaonuo/User[xiaonuo]/ensure: created
...
info: FileBucket adding {md5}b2090646c444c5ddf1533749743ebd71
info: /Stage[main]/Mcollective::Facter/File[/etc/mcollective/facts.yaml]: Filebucketed /etc/mcollective/facts.yaml to main with sum b2090646c444c5ddf1533749743ebd71
notice: /Stage[main]/Sysctl::Exec/Exec[sysctl -p >/dev/null &]/returns: executed successfully
notice: /Stage[main]/Puppet_linux57poc::Motd_config/File[/etc/motd]/owner: owner changed 'puppet' to 'xiaonuo'
notice: /Stage[main]/Puppet_linux57poc::Motd_config/File[/etc/motd]/group: group changed 'puppet' to 'root'
notice: /Stage[main]/Puppet_linux57poc::Motd_config/File[/etc/motd]/mode: mode changed '0777' to '0440'
notice: /Stage[main]/Allservice::Bluetooth_service/Service[bluetooth]/ensure: ensure changed 'running' to 'stopped'
notice: Finished catalog run in 4.54 seconds
~~~
**3.2.3 驗證結果是否正確**
~~~
[root@linux57poc puppet]# id xiaonuo
uid=600(xiaonuo) gid=600(xiaonuo) groups=600(xiaonuo)
[root@linux57poc puppet]# cat /etc/group | grep xiaonuo
xiaonuo:x:600:
[root@linux57poc puppet]# ll /etc/motd
-r--r----- 1 xiaonuo root 313 Jan 2 06:17 /etc/motd
[root@linux57poc puppet]#
~~~
- 序
- 第一章:Puppet基礎篇
- 編寫此系列文檔的目的
- 如何學習和使用Puppet
- 安裝Puppet前期的準備工作
- 安裝、配置并使用Puppet
- 如何建立master和agent之間的認證關系
- Puppet更新方式的選型
- 編寫第一個完整測試模塊puppet
- 編寫第二個完整測試模塊yum
- Puppetmaster多環境配置
- 自定義fact實現的四種方式介紹
- 第二章:Puppet擴展篇
- 自定義fact結合ENC(hirea)的應用實踐
- 如何使用虛擬資源解決puppet沖突問題
- 如何擴展master的SSL傳輸性能(apache)
- 如何擴展master的SSL傳輸性能(nginx)
- 通過多進程增強master的負載均衡能力(nginx+mongrel)
- 通過橫向擴展puppetmaster增加架構的靈活性
- puppet代碼與版本控制系統的結合
- Puppet dashboard的部署及測試
- 第三章:MCollective架構篇
- MCollecitve架構的引入
- MCollective+MQ架構的部署
- Puppet插件的部署及測試
- MCollective各種插件的部署及測試
- MCollective安全性設計
- MQ的安全性設計
- 多MQ下MCollective高可用部署
- 第四章:Foreman架構的引入
- Foreman作為自動化運維工具為什么會如此強大
- 安裝前環境準備
- 安裝Foreman1.5架構(all-in-one)
- 安裝Foreman1.6架構(foreman與puppetmaster分離)
- 安裝Foreman1.7架構(源碼,僅測試使用)
- 整合puppetmaster
- Foreman結合mcollective完成push動作
- Foreman結合puppetssh完成push動作
- Foreman的ENC環境與fact環境的對比
- hostgroup如何轉換為本地的fact
- 智能變量與puppet模塊參數化類的結合
- Foreman報告系統的使用
- Foreman-proxy如何做負載均衡
- Foreman上如何展現代碼及文件內容
- Foreman如何和虛擬化管理軟件結合
- 如何借助Foreman完成自動化部署操作系統(一)
- 如何借助Foreman完成自動化部署操作系統(二)
- Foreman CLI(Hammer)工具的使用
- Foreman目前的不足之處