实时警报通知:微信告警通知的重要性解析
522
2023-03-15
Puppet模块(二):YUM模块及Yumrepo资源和Mount资源
作用:自动为客户端配置YUM源,为使用yum安装软件包提供便捷。
1、服务端配置yum模块
(1)模块清单
1 2 3 4 5 6 7 8 9 10 11 | [root@puppet ~]# tree /etc/puppet/modules/yum/ /etc/puppet/modules/yum/ ├── files │ ├── yum.conf │ └── RPM-GPG-KEY-CentOS-6 ├── manifests │ ├── config.pp │ ├── init.pp │ ├── install.pp │ └── params.pp └── templates |
1234567891011[root@puppet ~]# tree /etc/puppet/modules/yum//etc/puppet/modules/yum/├── files│ ├── yum.conf│ └── RPM-GPG-KEY-CentOS-6├── manifests│ ├── config.pp│ ├── init.pp│ ├── install.pp│ └── params.pp└── templates
说明:这里只针对centos 6.5版本测试,其他的可以此类推,需要注意的就是本地源的光盘加载问题(见测试环节)
(2)定义参数类
注意:PKI文件RPM-GPG-KEY-CentOS-6是光盘中的存在的,系统不一样,名称也不一样,需要确认。
说明:变量$operatingsystemrelease是通过facter获取计算机的信息的,运行下面的命令可查看计算机相关信息:
1 2 | [root@puppet ~]# facter | grep operatingsystemrelease operatingsystemrelease => 6.5 |
12[root@puppet ~]# facter | grep operatingsystemreleaseoperatingsystemrelease => 6.5
(3)定义安装类
说明:新生成的repo文件都是小写c开头的,因此将不是c开头([^c]*)的repo文件移至bak,
原文件都是CentOS开头的,外加一个puppetlabs.repo,可以将[^c]*.repo改成CentOS*.repo,只将原文件备份。
(4)定义配置类
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 | [root@puppet ~]# vi /etc/puppet/modules/yum/manifests/config.pp class yum::config{ include yum::params include yum::config_file,yum::config_key,yum::config_repo } #1、定义配置文件 class yum::config_file{ file { '/etc/yum.conf': #yum主配置文件yum.conf路径 ensure => present, #要求文件处于存在状态 owner => 'root', #属主为root group => 'root', #属组为root mode => '0644', #文件权限为644 source => 'puppet:///modules/yum/yum.conf', #自动搜索yum模块下的files目录,因此省略/files require => Class['yum::install'], #要求在配置之前先安装yum软件包 } file { '/etc/yum.repos.d/centos-base.repo': #设置光盘repo的一些属性,文件名是yumrepo中的标题名定义的,必须一致 ensure => present, owner => 'root', group => 'root', mode => '0644', require => Class['yum::config_repo'], #要求设置之前yumrepo资源centos-base必须存在 } file { '/etc/yum.repos.d/centos-puppet.repo': ensure => present, owner => 'root', group => 'root', mode => '0644', require => Class['yum::config_repo'], } file { '/etc/yum.repos.d/centos-163.repo': ensure => present, owner => 'root', group => 'root', mode => '0644', require => Class['yum::config_repo'], } } #2、定义pki证书文件 class yum::config_key{ #设置pki证书的一些属性及下载位置 file { $yum::params::yum_centos_pki_name: #证书名称在参数类中定义 ensure => present, owner => 'root', group => 'root', mode => '0644', source => $yum::params::yum_centos_pki_download, #证书下载地址在参数类中定义 } } #3、定义基本yum仓库、puppet仓库和163仓库 class yum::config_repo{ yumrepo { centos-base: #创建yumrepo资源cenos-base descr => $yum::params::yum_centos_descr, #设置描述信息 baseurl => $yum::params::yum_centos_baseurl, #设置yum源下载地址 enabled => 1, #激活yum源 gpgcheck => 1, #设置要求通过pki校验 gpgkey => $yum::params::yum_centos_pki, #设置pki文件的位置 require => Class['yum::config_key'], #要求pki文件必须存在 priority => 1, #设置repo的优先级为1(越小越高) } yumrepo { centos-puppet: descr => $yum::params::yum_puppet_descr, baseurl => $yum::params::yum_puppet_baseurl, enabled => 1, gpgcheck => 0, #不要求通过pki校验 priority => 2, } yumrepo { centos-163: descr => $yum::params::yum_163_descr, baseurl => $yum::params::yum_163_baseurl, enabled => 1, gpgcheck => 0, priority => 3, } } |
12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273[root@puppet ~]# vi /etc/puppet/modules/yum/manifests/config.ppclass yum::config{ include yum::params include yum::config_file,yum::config_key,yum::config_repo}#1、定义配置文件class yum::config_file{ file { '/etc/yum.conf': #yum主配置文件yum.conf路径 ensure => present, #要求文件处于存在状态 owner => 'root', #属主为root group => 'root', #属组为root mode => '0644', #文件权限为644 source => 'puppet:///modules/yum/yum.conf', #自动搜索yum模块下的files目录,因此省略/files require => Class['yum::install'], #要求在配置之前先安装yum软件包 } file { '/etc/yum.repos.d/centos-base.repo': #设置光盘repo的一些属性,文件名是yumrepo中的标题名定义的,必须一致 ensure => present, owner => 'root', group => 'root', mode => '0644', require => Class['yum::config_repo'], #要求设置之前yumrepo资源centos-base必须存在 } file { '/etc/yum.repos.d/centos-puppet.repo': ensure => present, owner => 'root', group => 'root', mode => '0644', require => Class['yum::config_repo'], } file { '/etc/yum.repos.d/centos-163.repo': ensure => present, owner => 'root', group => 'root', mode => '0644', require => Class['yum::config_repo'], }}#2、定义pki证书文件class yum::config_key{ #设置pki证书的一些属性及下载位置 file { $yum::params::yum_centos_pki_name: #证书名称在参数类中定义 ensure => present, owner => 'root', group => 'root', mode => '0644', source => $yum::params::yum_centos_pki_download, #证书下载地址在参数类中定义 }}#3、定义基本yum仓库、puppet仓库和163仓库class yum::config_repo{ yumrepo { centos-base: #创建yumrepo资源cenos-base descr => $yum::params::yum_centos_descr, #设置描述信息 baseurl => $yum::params::yum_centos_baseurl, #设置yum源下载地址 enabled => 1, #激活yum源 gpgcheck => 1, #设置要求通过pki校验 gpgkey => $yum::params::yum_centos_pki, #设置pki文件的位置 require => Class['yum::config_key'], #要求pki文件必须存在 priority => 1, #设置repo的优先级为1(越小越高) } yumrepo { centos-puppet: descr => $yum::params::yum_puppet_descr, baseurl => $yum::params::yum_puppet_baseurl, enabled => 1, gpgcheck => 0, #不要求通过pki校验 priority => 2, } yumrepo { centos-163: descr => $yum::params::yum_163_descr, baseurl => $yum::params::yum_163_baseurl, enabled => 1, gpgcheck => 0, priority => 3, }}
说明:创建了三个YUM源,都以centos(小写)开头的,客户端安装puppet时生成了puppetlabs.repo源,因此这里的centos-puppet源也可以省略。
(7)定义yum主类
1 2 3 4 | [root@puppet ~]# vi /etc/puppet/modules/yum/manifests/init.pp class yum { include yum::params,yum::install,yum::config } |
1234[root@puppet ~]# vi /etc/puppet/modules/yum/manifests/init.ppclass yum { include yum::params,yum::install,yum::config}
(8)定义节点文件,调用模块
(9)应用节点文件
1 2 | [root@puppet ~]# vi /etc/puppet/manifests/site.pp import "centostest.pp" |
12[root@puppet ~]# vi /etc/puppet/manifests/site.ppimport "centostest.pp"
(10)复制文件
将以下两个文件从客户端复制一份到服务端/etc/puppet/modules/yum/files下
/etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
/etc/yum.conf
注意在文件头部加上以***释,测试的时候方便分辨
1 | ### config by puppet ### |
1### config by puppet ###
2、测试
(1)客户端执行测试
(2)查看客户端日志
1 2 3 4 5 6 7 8 9 10 11 | [root@centostest ~]# tailf /var/log/messages Nov 7 11:50:20 centostest puppet-agent[8809]: (/Stage[main]/Yum::Install/File[/media/cdrom]/ensure) created Nov 7 11:50:20 centostest puppet-agent[8809]: (/Stage[main]/Yum::Install/Exec[mount_cdrom]/returns) executed successfully Nov 7 11:50:22 centostest puppet-agent[8809]: (/Stage[main]/Yum::Install/File[/etc/yum.repos.d/bak]/ensure) created Nov 7 11:50:22 centostest puppet-agent[8809]: (/Stage[main]/Yum::Install/Exec[repos_bak]/returns) executed successfully Nov 7 11:50:23 centostest puppet-agent[8809]: (/Stage[main]/Yum::Config_key/File[/etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6]/content) content changed '{md5}e8e57fd1a55dc5c6d82e60a444781b96' to '{md5}a27c559bf7660f101317ac3b41a7600b' Nov 7 11:50:23 centostest puppet-agent[8809]: (/Stage[main]/Yum::Config_repo/Yumrepo[centos-base]/ensure) created Nov 7 11:50:24 centostest puppet-agent[8809]: (/Stage[main]/Yum::Config_repo/Yumrepo[centos-puppet]/ensure) created Nov 7 11:50:24 centostest puppet-agent[8809]: (/Stage[main]/Yum::Config_repo/Yumrepo[centos-163]/ensure) created Nov 7 11:50:24 centostest puppet-agent[8809]: (/Stage[main]/Yum::Config_file/File[/etc/yum.conf]/content) content changed '{md5}5d8b0bf30a8ee9d66a9cb2642186ac37' to '{md5}8c1fab4142147877a3f77f89eb8ccb7c' Nov 7 11:50:24 centostest puppet-agent[8809]: Finished catalog run in 4.27 seconds |
1234567891011[root@centostest ~]# tailf /var/log/messagesNov 7 11:50:20 centostest puppet-agent[8809]: (/Stage[main]/Yum::Install/File[/media/cdrom]/ensure) createdNov 7 11:50:20 centostest puppet-agent[8809]: (/Stage[main]/Yum::Install/Exec[mount_cdrom]/returns) executed successfullyNov 7 11:50:22 centostest puppet-agent[8809]: (/Stage[main]/Yum::Install/File[/etc/yum.repos.d/bak]/ensure) createdNov 7 11:50:22 centostest puppet-agent[8809]: (/Stage[main]/Yum::Install/Exec[repos_bak]/returns) executed successfullyNov 7 11:50:23 centostest puppet-agent[8809]: (/Stage[main]/Yum::Config_key/File[/etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6]/content) content changed '{md5}e8e57fd1a55dc5c6d82e60a444781b96' to '{md5}a27c559bf7660f101317ac3b41a7600b'Nov 7 11:50:23 centostest puppet-agent[8809]: (/Stage[main]/Yum::Config_repo/Yumrepo[centos-base]/ensure) createdNov 7 11:50:24 centostest puppet-agent[8809]: (/Stage[main]/Yum::Config_repo/Yumrepo[centos-puppet]/ensure) createdNov 7 11:50:24 centostest puppet-agent[8809]: (/Stage[main]/Yum::Config_repo/Yumrepo[centos-163]/ensure) createdNov 7 11:50:24 centostest puppet-agent[8809]: (/Stage[main]/Yum::Config_file/File[/etc/yum.conf]/content) content changed '{md5}5d8b0bf30a8ee9d66a9cb2642186ac37' to '{md5}8c1fab4142147877a3f77f89eb8ccb7c'Nov 7 11:50:24 centostest puppet-agent[8809]: Finished catalog run in 4.27 seconds
结论:可看到cdrom目录创建、挂载命令执行成功、备份命令成功、同步了PKI文件和CON文件、创建了三个YUMREPO
(3)查看客户端挂载的光盘目录
1 2 3 4 5 6 | [root@centostest ~]# ls /media/cdrom/ CentOS_BuildTag isolinux RPM-GPG-KEY-CentOS-Debug-6 EFI Packages RPM-GPG-KEY-CentOS-Security-6 EULA RELEASE-NOTES-en-US.html RPM-GPG-KEY-CentOS-Testing-6 GPL repodata TRANS.TBL images RPM-GPG-KEY-CentOS-6 |
123456[root@centostest ~]# ls /media/cdrom/CentOS_BuildTag isolinux RPM-GPG-KEY-CentOS-Debug-6EFI Packages RPM-GPG-KEY-CentOS-Security-6EULA RELEASE-NOTES-en-US.html RPM-GPG-KEY-CentOS-Testing-6GPL repodata TRANS.TBLimages RPM-GPG-KEY-CentOS-6
结论:挂载成功,如果用的EXEC方法将会判断RPM-GPG-KEY-CentOS-6存在时不会再执行Exec,而且此文件是原文件,不是新建的空文件。
经测试umount /media/cdrom卸载光盘后会自动重启挂载上,甚至卸载再删除/media/cdrom目录,也会恢复,有兴趣的可以试试。
(4)查看YUM源备份
1 2 3 | [root@centostest ~]# ls /etc/yum.repos.d/bak/ CentOS-Base.repo CentOS-Media.repo CentOS-Vault.repo CentOS-Debuginfo.repo puppetlabs.repo |
123[root@centostest ~]# ls /etc/yum.repos.d/bak/CentOS-Base.repo CentOS-Media.repo CentOS-Vault.repoCentOS-Debuginfo.repo puppetlabs.repo
(5)查看客户端同步的文件
1 2 3 4 5 6 7 8 9 | [root@centostest ~]# cat /etc/yum.conf ### config by puppet ### [main] ... [root@centostest ~]# cat /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 ### config by puppet ### -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.5 (GNU/Linux) ... |
123456789[root@centostest ~]# cat /etc/yum.conf### config by puppet ###[main]...[root@centostest ~]# cat /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6### config by puppet ###-----BEGIN PGP PUBLIC KEY BLOCK-----Version: GnuPG v1.4.5 (GNU/Linux)...
结论:从文件头部注释信息可以确认文件同步成功
(6)查看YUM list
1 2 3 4 5 6 7 8 9 10 11 12 13 14 | [root@centostest ~]# yum clean all Loaded plugins: fastestmirror, refresh-packagekit, security Cleaning repos: base puppetlabs-deps puppetlabs-products Cleaning up Everything Cleaning up list of fastest mirrors [root@centostest ~]# yum list Loaded plugins: fastestmirror, refresh-packagekit, security Determining fastest mirrors centos-163 | 2.9 kB 00:00 centos-163/primary_db | 1.2 kB 00:00 centos-base | 4.0 kB 00:00 ... centos-base/primary_db | 4.4 MB 00:00 ... centos-puppet | 2.5 kB 00:00 centos-puppet/primary_db 13% [=- ] 5.9 B/s | 17 kB --:-- ETA |
1234567891011121314[root@centostest ~]# yum clean allLoaded plugins: fastestmirror, refresh-packagekit, securityCleaning repos: base puppetlabs-deps puppetlabs-productsCleaning up EverythingCleaning up list of fastest mirrors[root@centostest ~]# yum listLoaded plugins: fastestmirror, refresh-packagekit, securityDetermining fastest mirrorscentos-163 | 2.9 kB 00:00centos-163/primary_db | 1.2 kB 00:00centos-base | 4.0 kB 00:00 ...centos-base/primary_db | 4.4 MB 00:00 ...centos-puppet | 2.5 kB 00:00centos-puppet/primary_db 13% [=- ] 5.9 B/s | 17 kB --:-- ETA
结论:YUM三个仓库都能成功加载,通过yum clean all再yum list可观察。
结论:可以看到从163的源查找puppet超时,已安装的包是从@puppetlabs安装的,有效的包是在centos-puppet源中。
3、yum仓库资源
4、mount挂载资源
挂载共享文件夹
1 2 3 4 5 | mount { "/mount": #挂载的目标目录,等同于name参数 device => "192.168.0.1:/share/nfs", #挂载的来源设备 fstype => "nfs", #文件系统类型 options => "_netdev,vers=3,tcp,rsize=8192,wsize=8192,noauto", #其他选项 } |
12345mount { "/mount": #挂载的目标目录,等同于name参数 device => "192.168.0.1:/share/nfs", #挂载的来源设备 fstype => "nfs", #文件系统类型 options => "_netdev,vers=3,tcp,rsize=8192,wsize=8192,noauto", #其他选项}
挂载samba
1 2 3 4 5 6 | mount {"/media": ensure => mounted, device => "//172.22.2.89/public", fstype => cifs, options => "username=perofu,password=123456"; } |
123456mount {"/media": ensure => mounted, device => "//172.22.2.89/public", fstype => cifs, options => "username=perofu,password=123456";}
参数说明
1 2 3 4 5 6 7 8 9 10 | mount { 'mount_cdrom': name => "/media/cdrom", #挂载到的目标目录 ensure => mounted, #要求被挂载状态 fstype => "iso9660", #光盘的文件类型 device => "/dev/cdrom", #光盘的设备,是个链接,指向/dev/sr0 options => "ro", #以只读方式挂载光盘 atboot => true, #允许开机启动时挂载上 remounts => true, #允许重新挂载 require => File['/media/cdrom'], #要求挂载目标目录存在 } |
12345678910mount { 'mount_cdrom': name => "/media/cdrom", #挂载到的目标目录 ensure => mounted, #要求被挂载状态 fstype => "iso9660", #光盘的文件类型 device => "/dev/cdrom", #光盘的设备,是个链接,指向/dev/sr0 options => "ro", #以只读方式挂载光盘 atboot => true, #允许开机启动时挂载上 remounts => true, #允许重新挂载 require => File['/media/cdrom'], #要求挂载目标目录存在}
查看文件系统类型:
1 2 3 4 5 | [root@centostest ~]# mount /dev/mapper/vg_centostest-lv_root on / type ext4 (rw) /dev/sda1 on /boot type ext4 (rw) /dev/mapper/vg_centostest-lv_home on /home type ext4 (rw) /dev/sr0 on /media/cdrom type iso9660 (ro) |
12345[root@centostest ~]# mount/dev/mapper/vg_centostest-lv_root on / type ext4 (rw)/dev/sda1 on /boot type ext4 (rw)/dev/mapper/vg_centostest-lv_home on /home type ext4 (rw)/dev/sr0 on /media/cdrom type iso9660 (ro)
发现以下报错,是因为没有加上options => "ro",因为光盘是只读的。
1 2 | [mount_cdrom]) Could not evaluate: Execution of '/bin/mount /media/cdrom' returned 32: mount: block device /dev/sr0 is write-protected, mounting read-only |
12[mount_cdrom]) Could not evaluate: Execution of '/bin/mount /media/cdrom' returned 32:mount: block device /dev/sr0 is write-protected, mounting read-only
发表评论
暂时没有评论,来抢沙发吧~