1.概述

名称概述

Puppet：集中式的配置管理工具，通过自有配置语言对节点进行目标状态定义，并能够基于网络实现目标状态的维护。

master：中心配置库

agent：读取并应用配置的节点

manifest：清单

用于定义并保存资源，是一个资源组织工具

modules：模块

多个资源组成一个模块，类的集合

类：

层次型组织组件一种方式（继承），资源的集合，include调用

node：节点

多个模块定义一个节点

模板配置语言：

（基于agent的facter获取系统配置信息，替换配置本地配置）

资源

支持变量（自定义变量、puppet内置变量、facter变量）、条件语句、正则表达式

Puppet Dashboard（第三方）：

从数据库种获取，展示agentd返回状态信息

工作模型

• define：使用puppet语言来定义资源状态
• 模拟：根据资源关系图，puppet模拟部署（无损运行c）测试代码
• 强制：比对客户端主机状态和定义的资源状态是否一致，自动强制执行
• report：通过puppet api将日志发送到第三方监控工具（dashboard，foreman）

2.单机环境

下载地址：http://yum.puppetlabs.com/el/6.5/products/x86_64/

系统	CentOS release 6.8 (Final)
单机	192.168.195.207

[root@localhost ~]#yum install ruby # puppet基于ruby

安装

[root@localhost ~]#yum install puppet-3.8.7-1.el6.noarch.rpm facter-2.4.6-1.el6.x86_64.rpm # 安装所需包
错误：Package: puppet-3.8.7-1.el6.noarch (/puppet-3.8.7-1.el6.noarch)Requires: ruby-shadow
错误：Package: puppet-3.8.7-1.el6.noarch (/puppet-3.8.7-1.el6.noarch)Requires: hiera >= 1.0.0
错误：Package: puppet-3.8.7-1.el6.noarch (/puppet-3.8.7-1.el6.noarch)Requires: rubygem-json
错误：Package: puppet-3.8.7-1.el6.noarch (/puppet-3.8.7-1.el6.noarch)Requires: ruby-augeas

解决Requires: ruby-shadow，Requires: hiera >= 1.0.0等依赖

[root@localhost ~]#rpm -ivh puppetlabs-release-6-12.noarch.rpm # 安装yum源
[root@localhost ~]#yum install puppet-3.8.7-1.el6.noarch.rpm facter-2.4.6-1.el6.x86_64.rpm

3.语法

变量

$变量a = $变量b 是? {值1 => 值11,值2 => 值22,
}
# 变量b是值1就赋值值11给变量a，最后一个要逗号，否则不生效
$ssl = $operatingsystem ? {solaris => SMCossl,default => openssl
}
# 访问非当前作用于的变量
$vhostdir = $顶级作用于::次级作用于::变量
# 执行facter，会列出系统内置变量
agent： $enviroment， $clientcert， $clientversion
master： $serverip， $servername， $serversion
# 正则表达式，启用i表示忽略字符大小写，不支持m表示把.当作换行符，x忽略模式中的空白字符和注释
$package = $operatingsystem ? {/(?i-mx:ubuntu|debian)/  => 'apache2',/(?i-mx:centos|fedora|redhat)/ => 'httpd',
}

操作符

比较			逻辑			算术
==	等值比较		and	与		+	加
!=	不等比较		or	或		-	减
<	小于		!(not)	非		/	除
>	大于					*	乘
<=	小等					<<	左移
>=	大等					>>	右移
=~	正则匹配
!~	正则不匹
in	存在

if

if CONDITION1 {...
}
elif CONDITION2{...
}
else{...
}
[root@localhost ~]# vim /tmp/test4.pp
if $operatingsystem =~ /^(?i-mx:(centos|redhat))/ {notice("Welcome to $1 linux server")
}
# $1是()匹配的值
[root@localhost ~]# puppet apply /tmp/test4.pp
Notice: Scope(Class[main]): Welcom to CentOS linux.
Notice: Compiled catalog for localhost in environment production in 0.04 seconds
Notice: Finished catalog run in 0.02 seconds

case

case CONTROL_EXP {case1,...: {statement...}case2,...: {statement...}default: {statement...}
}
[root@localhost ~]# vim /tmp/test5.pp
case $operatingsystem {'Solaris':              { notice("Welcome to Solaris") }'RedHat', 'CentOS':     { notice("Welcome to RedHat OSFamily")}/^(Debian|Ubuntu)$/:    { notice("Welcome to $1 linux")}default:                {notice("Welcome, alien *_...")}
}
[root@localhost ~]# puppet apply /tmp/test5.pp
Notice: Scope(Class[main]): Welcome to RedHat OSFamily
Notice: Compiled catalog for localhost in environment production in 0.05 seconds
Notice: Finished catalog run in 0.01 seconds

selector（返回值）

CONTROL_VARIABLE ? {case1   => value1case2   => value2...default => valueN
}
[root@localhost ~]# vim /tmp/test6.pp
$webserver = $operatingsystem ? {/(?i-mx:ubuntu|debain)/         => 'apache2',/(?i-mx:centos|fedora|redhat)/  => 'httpd',
}
notice($webserver)
[root@localhost ~]# puppet apply /tmp/test6.pp
Notice: Scope(Class[main]): httpd
Notice: Compiled catalog for localhost in environment production in 0.04 seconds
Notice: Finished catalog run in 0.01 seconds

4.资源配置

命令格式

[root@localhost ~]#rpm -ql puppet | less # 查看puppet安装信息
[root@localhost ~]#puppet help
Usage: puppet <subcommand> [options] <action> [options]apply             Apply Puppet manifests locally # 应用资源describe          Display help about resource types # 描述资源

资源定义

[root@localhost ~]#puppet describe -h
* --list:List all types
[root@localhost ~]#puppet describe -l # 资源类型列表
cron            - Installs and manages cron jobs
exec            - Executes external commands
file            - Manages files, including their content, owner ...
group           - Manage groups
notify          - .. no documentation ..
service         - Manage running services
user            - Manage users
package         - Manage packages
# 资源定义在manifest文件里，定义格式
type {'title':attribute1 => value1,a2 => v2,
}

通知资源notify

[root@localhost ~]#puppet describe notify # 描述notify类型资源
- **message**
- **name**
- **withpath**
[root@localhost ~]#vim /etc/test.pp # 定义notify类型的资源
notify {'notice':message => 'welcome to puppet',
}
[root@localhost ~]#puppet apply /tmp/test.pp # 应用资源，通知信息
Notice: Compiled catalog for localhost in environment production in 0.04 seconds
Notice: welcome to puppet
Notice: /Stage[main]/Main/Notify[notice]/message: defined 'message' as 'welcome to puppet'
Notice: Finished catalog run in 0.02 seconds

软件包资源package

[root@localhost ~]# puppet describe package # 描述package类型资源
- **ensure**    `present` (also called `installed`), `absent`,`purged`, `held`, `latest`
# 程序包状态
- **name**    资源的名称=软件包的名字
Providers
---------aix, appdmg, apple, apt, aptitude, aptrpm, blastwave, dpkg, fink,freebsd, gem, hpux, macports, msi, nim, openbsd, opkg, pacman, pip, pkg,pkgdmg, pkgin, pkgutil, portage, ports, portupgrade, rpm, rug, sun,sunfreeware, up2date, urpmi, windows, yum, zypper
# 软件包管理器，默认yum安装
- **source**    指定程序文件路径
- **install_options**package { 'mysql':ensure          => installed,source          => 'N:/packages/mysql-5.5.16-winx64.msi',install_options => [ '/S', { 'INSTALLDIR' => 'C:\mysql-5.5' } ],}
[root@localhost ~]# vim /tmp/nginx.pp # 定义package类型资源
package {'nginx':ensure => present,name   => nginx,
}
[root@localhost ~]# vim /etc/yum.repos.d/nginx.repo # 要应用这个资源，必须能够yum安装nginx
[nginx]
name = nginx repo
baseurl = http://nginx.org/packages/centos/6/$basearch/
gpgcheck = 0
enabled = 1
# 新建yum源，url的系统版本centos,6视环境而定
[root@localhost ~]# puppet apply /tmp/nginx.pp # 应用资源，安装nginx
Notice: Compiled catalog for localhost in environment production in 0.22 seconds
Notice: /Stage[main]/Main/Package[nginx]/ensure: created
Notice: Finished catalog run in 16.50 seconds
[root@localhost ~]# rpm -q nginx # 已经安装
nginx-1.10.3-1.el6.ngx.x86_64
# 设置absent，应用会移除package

服务资源service

[root@localhost ~]# puppet describe service # 描述service类型资源
- **ensure**    `stopped` (also called `false`), `running` (also called `true`)
- **enable**    start at boot `true`, `false`, `manual`
- **name**
- **path**    path for finding init scripts
- **stop/start/status**Specify a *stop/start/status* command manually.
[root@localhost ~]# vim /tmp/nginx.pp # 定义service类型资源
package {'nginx':ensure => present,name   => nginx,
}service {'nginx':ensure => true,name   => nginx,enable => true,
}
[root@localhost ~]# puppet apply /tmp/nginx.pp # 应用，80端口不占用下
Notice: Compiled catalog for localhost in environment production in 0.36 seconds
Notice: /Stage[main]/Main/Package[nginx]/ensure: created
Notice: /Stage[main]/Main/Service[nginx]/ensure: ensure changed 'stopped' to 'running'
Notice: Finished catalog run in 45.73 seconds
Notice: Finished catalog run in 45.73 seconds
[root@localhost ~]# service nginx status
nginx (pid  2902) 正在运行...
[root@localhost ~]# chkconfig --list nginx
nginx           0:关闭    1:关闭    2:启用    3:启用    4:启用    5:启用    6:关闭

文件资源file

[root@localhost ~]# puppet describe file # 描述文件资源
# 管理文件、目录、符号链接
# 生成文件内容
# 管理文件权限、属性
# 通过source属性到指定位置下载文件
# 通过recurse属性来获取目录
- **ensure**    `present` `absent` 是|不是 `file` `directory` `link`
- **backup**    通过filebucket资源备份文件，值通常为filebucket资源
# 文件内容：content,source,target
- **content**    文件内容
- **source**    下载文件，格式：puppet:///modules/MODULE_NAME/FILE_NAME
- **target**    为符号链接指定目标
- **links**    'follow' 'manage'
- **path** (*namevar*)    对象文件路径
- **mode**    "owner," "group," and "other" 421
- **force**    强制删除文件、链接或目录，仅在ensure=>absent
- **purge**    清空指定目录中存在的，但未在资源中定义的文件
- **recurse**    目录递归，`true`, `false`, `yes`, `no`
- **replace**    替换`true`, `false`, `inf`, `remote`
[root@localhost ~]# vim /tmp/file.pp # 定义文件资源
$str = 1 ? {1 => 'abc file'
}
file {'abc.txt':ensure  => present,content => "$str",path    => "/tmp/abc.txt"
}
file {'symbol':ensure => link,path   => "/tmp/link_abc",target => "/tmp/abc.txt"
}
file {'symbol2':ensure => present,path   => "/tmp/lin2_abc",target => "/tmp/abc.txt",links  => follow,
}
[root@localhost ~]# puppet apply /tmp/file.pp # 应用
Notice: Compiled catalog for localhost in environment production in 0.08 seconds
Notice: /Stage[main]/Main/File[abc.txt]/ensure: created
Notice: Finished catalog run in 0.02 seconds
[root@localhost ~]# ls -al /tmp/abc.txt /tmp/link_abc /tmp/lin2_abc # 查看目录
-rw-r--r--. 1 root root  8 3月  14 03:38 /tmp/abc.txt
lrwxrwxrwx. 1 root root 12 3月  14 03:53 /tmp/lin2_abc -> /tmp/abc.txt
lrwxrwxrwx. 1 root root 12 3月  14 03:48 /tmp/link_abc -> /tmp/abc.txt
[root@localhost ~]# cat /tmp/abc.txt # 查看文件
abc file

执行exec

# 通常在不得不用时使用，完成puppet无法实现的功能
# command： 要执行的命令，通常为命令文件的完整路径
# path： 命令搜索路径
# group/user： 执行用户组/用户
# onlyif： 0/1,表示命令的状态返回值为0/1时执行
# refresh： 接收到其他资源通知时，如何刷新执行
# refreshonly： 仅当依赖的文件资源发生改变时，才执行
# tries： 执行次数，默认1
# try_sleep： 执行间隔
[root@localhost ~]# vim /tmp/exec.pp # 定义exec资源，输出会重定向
exec {'echo command':command => "touch /tmp/tmp.xxx",path    => '/bin:/sbin:/usr/bin:/usr/sbin',
}
[root@localhost ~]# puppet apply /tmp/exec.pp # 应用资源
Notice: Compiled catalog for localhost in environment production in 0.05 seconds
Notice: /Stage[main]/Main/Exec[echo command]/returns: executed successfully
Notice: Finished catalog run in 0.09 seconds
[root@localhost ~]# ls /tmp/tmp.xxx # 查看
/tmp/tmp.xxx

用户组group

[root@localhost ~]# puppet describe group # 描述user资源
- **ensure**  Create or remove the group，`present`, `absent`
- **name**  组名
- **gid**  GID
- **system**  系统组，`true`, `false`, `yes`, `no`
[root@localhost ~]# vim /tmp/test3.pp # 定义group资源
group {'testgp':ensure => present,gid    => 1001,
}
[root@localhost ~]# puppet apply /tmp/test3.pp -v # 应用资源
Notice: Compiled catalog for localhost in environment production in 0.10 seconds
Info: Applying configuration version '1489440108'
Notice: /Stage[main]/Main/Group[testgp]/ensure: created
Notice: Finished catalog run in 0.14 seconds

用户user

[root@localhost ~]# puppet describe user # 秒速user资源
- **gid**
- **groups**
- **home**
- **name**
- **uid**
- **system**
- **shell**
- **password**
- **managehome**  true false
[root@localhost ~]# openssl passwd -1 -salt `openssl rand -hex 4` # 生成密码加密串
Password:
$1$7d03e65a$ss3hIid.JUTZadq6PbGPh1
[root@localhost ~]# vim /tmp/test3.pp
group {'testgp':ensure => present,gid    => 1001,
} ->
user {'testuser':ensure => present,gid    => 1001,uid    => 1001,home   => '/home/test',shell  => '/bin/bash',password => '$1$7d03e65a$ss3hIid.JUTZadq6PbGPh1',managehome => true,
}
[root@localhost ~]# puppet apply /tmp/test3.pp # 应用资源

周期性任务cron

[root@localhost ~]# puppet describe cron # 秒速cron资源
Example:cron { logrotate:ensure  => present,command => "/usr/sbin/logrotate",user    => root,hour    => 2, # [2, 4] 定时 # ['2-4'] 时间内minute  => 0}

资源高级配置

资源引用

Type['title']   例：Package['nginx']

    元参数

用于定义资源间的依赖关系，及应用次序，通知机制：

特殊属性：require（后于）或before（先于），notify（通知）或subscribe（订阅）

[root@localhost ~]# vim /tmp/nginx.pp # 默认是先定义先执行，先应用先执行
package {'nginx':ensure => present,name   => nginx,before => Service['nginx']
}service {'nginx':ensure => true,name   => nginx,enable => true,require => Package['nginx'],
}

[root@localhost ~]# vim /tmp/test1.pp
file {'/tmp/test2.txt':ensure  => file,content => "hello puppet",notify  => Exec['monitor'],
}exec {'monitor':command     => 'echo "/tmp/test2.txt changed." >> /tmp/monitor.txt',refreshonlt => true,subscribe   => File['/tmp/test2.txt'],path        => "/bin:/sbin:/usr/bin:/usr/sbin",
}
[root@localhost ~]# puppet apply /tmp/test1.pp -v
Notice: Compiled catalog for localhost in environment production in 0.11 seconds
Info: Applying configuration version '1489438469'
Info: Computing checksum on file /tmp/test2.txt
Info: FileBucket got a duplicate file {md5}d41d8cd98f00b204e9800998ecf8427e
Info: /Stage[main]/Main/File[/tmp/test2.txt]: Filebucketed /tmp/test2.txt to puppet with sum d41d8cd98f00b204e9800998ecf8427e
Notice: /Stage[main]/Main/File[/tmp/test2.txt]/content: content changed '{md5}d41d8cd98f00b204e9800998ecf8427e' to '{md5}19ee62e0c6b5f00aaf9b02280c0dad66'
Info: /Stage[main]/Main/File[/tmp/test2.txt]: Scheduling refresh of Exec[monitor]
Notice: /Stage[main]/Main/Exec[monitor]/returns: executed successfully
Notice: /Stage[main]/Main/Exec[monitor]: Triggered 'refresh' from 1 events
Notice: Finished catalog run in 0.25 seconds
[root@localhost ~]# cat /tmp/test
test1.pp   test2.txt  test.pp
[root@localhost ~]# cat /tmp/test2.txt
hello puppet[root@localhost ~]# cat /tmp/monitor.txt
/tmp/test2.txt changed.

    应用链

"->"用于定义次序链，"~>"用于定义通知链

Package['nginx'] -> File['nginx.conf'] ~> Service['nginx']

package {'nginx':ensure => present,...
}->
file {'nginx':...
}~> # 默认restart
service {'nginx':ensure => true,enable => true,restart => '/etc/rc.d/init.d/nginx reload',  # 优先使用本地
}

5.类

用于通用目标或目的的一组资源，在全局可被调用

    不带参数类

[root@localhost ~]# vim /tmp/class.pp
class nginx{package {'nginx':ensure => present,}service {'nginx':ensure => true,require => Package['nginx'],}
}
include nginx
# 启用类
# include 类名
# require 类名
# class {'类名':}
[root@localhost ~]# puppet apply /tmp/class.pp
Notice: Compiled catalog for localhost in environment production in 0.37 seconds
Notice: /Stage[main]/Nginx/Package[nginx]/ensure: created
Notice: /Stage[main]/Nginx/Service[nginx]/ensure: ensure changed 'stopped' to 'running'
Notice: Finished catalog run in 10.40 seconds

    带参数的类

# 清空原始web下
[root@localhost ~]# vim /tmp/class_par.pp
$webserver = $operatingsystem ? {/^(?i-mx:redhat|centos|fedora)/ => 'httpd',/^(?i-mx:ubuntu|debian)/        => 'apache2'
}
class httpd ($pkgname = 'apache2') {package {"$pkgname":ensure => present,}service {"$pkgname":ensure => true,require => Package["$pkgname"],}
}
class {"httpd":pkgname => $webserver,
}
[root@localhost ~]# puppet apply /tmp/class_par.pp
Notice: Compiled catalog for localhost in environment production in 0.37 seconds
Notice: /Stage[main]/Httpd/Package[httpd]/ensure: created
Notice: /Stage[main]/Httpd/Service[httpd]/ensure: ensure changed 'stopped' to 'running'
Notice: Finished catalog run in 4.95 seconds

    类继承

class C_NAME inherits PARENT_CLASS_NAME {}
子类的命名方式：nginx::rproxy[root@localhost ~]# vim /tmp/class_inherit_node.pp
import "/tmp/class_inherit.pp"
include nginx::web
[root@localhost ~]# vim /tmp/class_inherit.pp # 定义入口资源文件
class nginx {package {"nginx":ensure => present,}
}
class nginx::proxy inherits nginx {file {"/etc/nginx/nginx.conf":ensure => file,source => "/tmp/nginx/nginx_proxy.conf",notify => Service['nginx'],}service {"nginx":ensure => true,}
}
class nginx::web inherits nginx {file {"/etc/nginx/nginx.conf":ensure => file,source => "/tmp/nginx/nginx_web.conf",notify => Service['nginx'],}service {"nginx":ensure => true,}
}
[root@localhost ~]# mkdir /tmp/nginx # 设置测试所需文件
[root@localhost ~]# cp /etc/nginx/nginx.conf /tmp/nginx/nginx_web.conf
[root@localhost ~]# cp /etc/nginx/nginx.conf /tmp/nginx/nginx_proxy.conf
[root@localhost ~]# vim /tmp/nginx/nginx_web.conf
worker_processes  4;
[root@localhost ~]# service httpd stop
停止 httpd：                                               [确定]
[root@localhost ~]# service nginx status
nginx 已停
[root@localhost ~]# puppet apply /tmp/class_inherit_node.pp  # 应用资源
Warning: The use of 'import' is deprecated at /tmp/class_inherit_node.pp:2. See http://links.puppetlabs.com/puppet-import-deprecation(at /usr/lib/ruby/site_ruby/1.8/puppet/parser/parser_support.rb:110:in `import')
Notice: Compiled catalog for localhost in environment production in 0.45 seconds
Notice: /Stage[main]/Nginx::Web/Service[nginx]/ensure: ensure changed 'stopped' to 'running'
Notice: Finished catalog run in 0.22 seconds
[root@localhost ~]# cat /etc/nginx/nginx.conf | grep 'worker_processes'
worker_processes  4;

6.模块

为了实现某种完备功能而组织成一个独立的，自我包含的目录结构（目录名称=模块名称）

• files        文件存储目录
• manifests    清单存储目录
  • init.pp    一个模块同名类，应用起点，import其他资源
  • 每个清单文件通常包含一个类
• templaters    模板存储目录(.erb)
• lib    ruby插件存储目录
• 默认是/etc/puppet/modules路径下查找，include启用在init.pp中模块同名类或import的其他类
• puppet apply --modulepath=/etc/puppet/modules/ -e "include nginx, nginx::web"

[root@localhost ~]# cd /etc/puppet/modules/
[root@localhost modules]# mkdir nginx
[root@localhost modules]# mkdir -pv nginx/{manifests,files,templates,lib}
mkdir: 已创建目录 "nginx/manifests"
mkdir: 已创建目录 "nginx/files"
mkdir: 已创建目录 "nginx/templates"
mkdir: 已创建目录 "nginx/lib"
[root@localhost modules]# vim nginx/manifests/nginx_web.pp class nginx::web inherits nginx {file {"/etc/nginx/nginx.conf":ensure => file,source => "puppet:///modules/nginx/nginx_web.conf",notify => Service['nginx'],require => Package['nginx'],}service {"nginx":ensure => true,}
}
[root@localhost modules]# vim nginx/manifests/nginx_proxy.pp class nginx::proxy inherits nginx {file {"/etc/nginx/nginx.conf":ensure => file,source => "puppet:///modules/nginx/nginx_proxy.conf",notify => Service['nginx'],require => Package['nginx'],}service {"nginx":ensure => true,}
}
[root@localhost modules]# vim nginx/manifests/init.pp
class nginx {package {"nginx":ensure => present,}
}
import "nginx_web.pp","nginx_proxy.pp"
[root@localhost modules]# cp /tmp/nginx/nginx_* nginx/file/
[root@localhost modules]# service httpd stop
[root@localhost modules]# service nginx stop
[root@localhost modules]# puppet apply --modulepath=/etc/puppet/modules/ -e "include nginx, nginx::web"
Warning: The use of 'import' is deprecated at /etc/puppet/modules/nginx/manifests/init.pp:7. See http://links.puppetlabs.com/puppet-import-deprecation(at /usr/lib/ruby/site_ruby/1.8/puppet/parser/parser_support.rb:110:in `import')
Notice: Compiled catalog for localhost in environment production in 0.43 seconds
Notice: /Stage[main]/Nginx/Package[nginx]/ensure: created
Notice: /Stage[main]/Nginx::Web/File[/etc/nginx/nginx.conf]/content: content changed '{md5}f7984934bd6cab883e1f33d5129834bb' to '{md5}43af14050809e44e3af2515762545a50'
Notice: /Stage[main]/Nginx::Web/Service[nginx]/ensure: ensure changed 'stopped' to 'running'
Notice: Finished catalog run in 23.88 seconds'
[root@localhost modules]# service nginx status
nginx (pid  13084) 正在运行...
[root@localhost modules]# cat /etc/nginx/nginx.conf | grep worker_p
worker_processes  4;

不用import

[root@localhost modules]# vim nginx/manifests/init.pp
class nginx {package {"nginx":ensure => present,}
}
[root@localhost modules]# vim nginx/manifests/nginx_web.pp
class nginx::web inherits nginx {file {"/etc/nginx/nginx.conf":ensure => file,source => "puppet:///modules/nginx/nginx_web.conf",notify => Service['nginx'],require => Package['nginx'],}service {"nginx":ensure => true,}
}
[root@localhost modules]# mv nginx/manifests/nginx_web.pp nginx/manifests/web.pp
[root@localhost modules]# puppet apply --modulepath=/etc/puppet/modules/ -e "include nginx, nginx::web"
Notice: Compiled catalog for localhost in environment production in 0.45 seconds
Notice: /Stage[main]/Nginx/Package[nginx]/ensure: created
Notice: /Stage[main]/Nginx::Web/File[/etc/nginx/nginx.conf]/content: content changed '{md5}f7984934bd6cab883e1f33d5129834bb' to '{md5}43af14050809e44e3af2515762545a50'
Notice: /Stage[main]/Nginx::Web/Service[nginx]/ensure: ensure changed 'stopped' to 'running'
Notice: Finished catalog run in 11.70 seconds
[root@localhost modules]# service nginx status
nginx (pid  13584) 正在运行...
[root@localhost modules]# cat /etc/nginx/nginx.conf | grep worker_p
worker_processes  4;

puppet3版本不建议用import，在模块nginx下，init.pp只定义模块同名nginx类；在nginx模块下，定义的其他类的资源文件，类名要与文件名同名。

应用时，include nginx就是默认init.pp里的类，nginx::web就是查找manifests里的web资源文件的web类

7.节点

定义节点：也需要在清单文件中，文件后缀名为.pp;在master/agent，所有节点清单文件入口文件为site.pp
    node ‘node_name’ {
        节点专用变量
        类声明
    }

一类节点使用一个清单文件，所有清单文件都在site.pp中使用include包含进来

只要模块放在专用的类就可以直接查找

[root@localhost manifests]# vim /etc/puppet/modules/nginx/manifests/init.pp
class nginx {package {"nginx":ensure => present,}
}
[root@localhost manifests]# vim /etc/puppet/modules/nginx/manifests/web.pp
class nginx::web inherits nginx {file {"/etc/nginx/nginx.conf":ensure => file,source => "puppet:///modules/nginx/nginx_web.conf",notify => Service['nginx'],require => Package['nginx'],}service {"nginx":ensure => true,}
}
[root@localhost manifests]# pwd # 在装有puppet_server的节点上，会自动生成puppet/manifests
/etc/puppet/manifests
[root@localhost manifests]# hostname
localhost.localdomain
[root@localhost manifests]# vim site.pp
node 'localhost' {include nginx::web
}
[root@localhost manifests]# puppet apply site.pp
Notice: Compiled catalog for localhost in environment production in 0.43 seconds
Notice: /Stage[main]/Nginx/Package[nginx]/ensure: created
Notice: /Stage[main]/Nginx::Web/File[/etc/nginx/nginx.conf]/content: content changed '{md5}f7984934bd6cab883e1f33d5129834bb' to '{md5}43af14050809e44e3af2515762545a50'
Notice: /Stage[main]/Nginx::Web/Service[nginx]/ensure: ensure changed 'stopped' to 'running'
Notice: Finished catalog run in 40.25 seconds
[root@localhost manifests]# service nginx status
nginx (pid  13968) 正在运行...
[root@localhost manifests]# cat /etc/nginx/nginx.conf | grep worker_p
worker_processes  4;
# 父类的资源在子类里是可见的，web类require包 会自动通知nginx资源应用

8.模板

<%= Ruby Expression %>：替换为表达式的值
     使用@加变量名

<% ruby code %>:仅执行代码，不做任何替换，常用于条件判断或循环语句、设定变量以及在输出之前对数据进行处理

<%# commit %>:注释

<%%:输出<%
     %%>:显示%>

调用模块变量：变量完全限定名称

迭代和条件判断
     使用模板生成文件时，使用的文件属性为content

content  => template ('module_name/template_file_name')

[root@localhost ~]# cd /etc/puppet/modules/nginx/
[root@localhost nginx]# rm -rf files/*
root@localhost nginx]# cp /etc/nginx/conf.d/default.conf files/nginx_web.conf
[root@localhost nginx]# cp /etc/nginx/conf.d/default.conf files/nginx_rproxy.conf
server_name  web_server;
[root@localhost nginx]# vim files/nginx_rproxy.conflocation / {#root   /usr/share/nginx/html;#index  index.html index.htm;rproxy_pass http://172.0.0.1}
[root@localhost nginx]# cp /etc/nginx/nginx.conf templates/
[root@localhost nginx]# vim templates/nginx.conf
worker_processes  <%= @processorcount %>;
# 替换变量一定要有值，这里是facter变量，值为1
[root@localhost nginx]# mv templates/nginx.conf templates/nginx.conf.erb
[root@localhost nginx]# vim manifests/init.pp
class nginx {package {"nginx":ensure => present,}file {"nginx.conf":ensure => file,content => template('nginx/nginx.conf.erb'),path => '/etc/nginx/nginx.conf',mode => '0644',require => Package['nginx'],}
}
# 替换是content，template在nginx模板下找template目录里模板文件，不用加template
[root@localhost nginx]# vim manifests/web.pp
class nginx::web inherits nginx {file {"nginx_web.conf":ensure => file,source => "puppet:///modules/nginx/nginx_web.conf",path => '/etc/nginx/conf.d/default.conf',notify => Service['nginx'],require => Package['nginx'],mode => '0644',}service {"nginx":ensure => true,enable => true,restart => '/etc/init.d/nginx reload',subscribe => File['nginx.conf', 'nginx_web.conf'],}
}
[root@localhost nginx]# vim manifests/rproxy.pp
class nginx::proxy inherits nginx {file {"nginx_rproxy.conf":ensure => file,source => "puppet:///modules/nginx/nginx_proxy.conf",path => '/etc/ngxin/conf.d/default.conf',require => Package['nginx'],mode => '0644',notify => Service['nginx'],}service {"nginx":ensure => true,enable => true,restart => '/etc/init.d/nginx reload',subscribe => File['nginx.conf', 'nginx_rproxy.conf'],}
}
[root@localhost nginx]# service nginx status
nginx (pid  14598) 正在运行...
[root@localhost nginx]# cat /etc/nginx/nginx.conf | grep worker_p
worker_processes  1;
[root@localhost nginx]# cat /etc/nginx/conf.d/default.conf | grep server_nameserver_name  web_server;