作用

利用 puppet 对 centos, redhat 等操作系统进行软件包 (rpm) 进行管理 管理包括, 软件源管理, 安装, 删除, 升级软件包

模块

利用 puppet 自带 yumrepo, package 模块即可 操作系统会利用 yum 命令进行管理软件包 yum 源由 yumrepo 模块管理 软件由 package 模块管理

帮助

https://docs.puppet.com/puppet/latest/types/yumrepo.html https://docs.puppet.com/puppet/latest/type.html#package

puppet 调用顺序

/etc/puppet/puppet.conf |-> /etc/puppet/manifests/main-site.pp |-> /etc/puppet/manifests/terry/terry-parameter.pp |-> /etc/puppet/manifests/terry/terry-site.pp |-> /etc/puppet/manifests/terry/terry-yumrepo.pp |-> /etc/puppet/manifests/terry/terry-package.pp

说明:

/etc/puppet/puppet.conf 中通过下面配置执行下一个文件

manifest = /etc/puppet/manifests/main-site.pp

/etc/puppet/manifests/main-site.pp 通过下面配置执行下一个文件

import ‘terry/terry-parameter.pp’ import ‘terry-site.pp’

/etc/puppet/manifests/terry/terry-parameter.pp (用于定了了全局变量) 下一章说明 /etc/puppet/manifests/terry/terry-site.pp 定义了主机需要执行那些自定义行为, 使用那些资源, 当前调用了 yumrepo 模块与 package 模块 import ‘terry-sysctl.pp’ import ‘terry-hosts.pp’ import ‘terry-yumrepo.pp’ import ‘terry-package.pp’

/etc/puppet/manifests/terry/terry-yumrepo.pp 定义了 客户端 yum 源 /etc/puppet/manifests/terry/terry-package.pp 定义了 客户端需要管理的软件包

yum 源配置说明

参考 /etc/puppet/manifests/terry/terry-yumrepo.pp

exec { "yum makecache": user => root, group => root, cwd => "/", path => "/usr/bin:/usr/sbin:/bin", } if $operatingsystemrelease == "7.2" { yumrepo { "vipshop-inner": descr => "vipshop-inner repo", baseurl => "http://mirrors.vclound.com/centos/7.2/os/x86_64/", gpgcheck => "0", enabled => "1", priority => "1", require => Exec['yum makecache'], } yumrepo { "vclound": descr => "vclound repo", baseurl => "http://mirrors.vclound.com/vclound/rhel7/x86_64", gpgcheck => "0", enabled => "1", priority => "2", require => Exec['yum makecache'], } }elsif $operatingsystemrelease == "6.6" { yumrepo { "vipshop-inner": descr => "vipshop-inner repo", baseurl => "http://mirrors.vclound.com/centos/6.6/os/x86_64/", gpgcheck => "0", enabled => "1", priority => "2", require => Exec['yum makecache'], } yumrepo { "vclound": descr => "vclound repo", baseurl => "http://mirrors.vclound.com/vclound/rhel6/x86_64", gpgcheck => "0", enabled => "1", priority => "3", require => Exec['yum makecache'], } yumrepo { "patch": descr => "centos6 path", baseurl => "http://mirrors.vclound.com/apps/6/x86_64/kernel", gpgcheck => "0", enabled => "1", priority => "1", require => Exec['yum makecache'], } }

说明

1. 这里调用了 exec 模块, 用于执行系统命令 "yum makecache" 2. 调用 yumrepo 模块, 定义了当前客户端的 yum 源 3. require 参数, 用于人工介入, 定义整个模板中模块的执行顺序, 当前每个 yumrepo 模块中都添加了这个参数, 令 yum makecache 命令可以在所有源文件都创建成功后才执行 4. 调用到判断语法 if ... elsif ... 即, 当前配置只针对 rhel 7.2 及 6.6 作出修改, 配置版本则不执行

yumrepo 模块说明:

yumrepo { "patch": <- yum配置名称 descr => "centos6 path" <- 描述 baseurl => "http://mirrors.vclound.com/apps/6/x86_64/kernel", <- rpm 下载 url gpgcheck => "0", <- gpg校验 enabled => "1", <- 当前配置是否生效, 0 则不生效 priority => "1", <- yum 源的优先级 require => Exec['yum makecache'], <- puppet 命令执行的依赖关系定义 }

package 配置说明

参考 /etc/puppet/manifests/terry/terry-package.pp

package { [ 'net-snmp-devel', 'perl-libwww-perl', 'curl', 'acpid' ] : ensure => present, require => Yumrepo['vipshop-inner'], } package { 'bash': name => 'bash', ensure => '4.1.2-29.el6', require => Yumrepo['patch'], } package { [ 'glibc', 'glibc-common', 'glibc-devel', 'glibc-headers', 'glibc-utils' ]: ensure => latest, require => Yumrepo['patch'], }

说明:

1. 当前只对系统管理上述三组软件包管理 2. net-snmp ... apicd, bash, glibc ... glibc-utils 等定义的是软件包名称 3. 对于第一组 net-snmp ... 软件包, puppet 只需要客户端安装了即可 4. 对于第二组, bash, 需要客户端安装指定的版本 5. 对于第三组, glibc .. 需要客户端进行自动更新到最新版本[因为发现了默认版本有漏洞]

package 模块说明

package { 'glibc', 'glibc-common', 'glibc-devel', 'glibc-headers', 'glibc-utils': <- 这里定义了软件包名称 ensure => latest, <- present 安装, absent 删除, purged 连同依赖删除, latest 最新按本. require => Yumrepo['patch'], <- 定义了执行顺序, 即, 确保 yum 源存在才进行升级 }

客户端配置参考

客户端连接服务器方法参考

[root@terryzeng-gz-qa-dns-d4yzu /]# puppet agent -t Warning: Setting modulepath is deprecated in puppet.conf. See http://links.puppetlabs.com/env-settings-deprecations (at /usr/lib/ruby/site_ruby/1.8/puppet/settings.rb:1095:in `issue_deprecations') Info: Retrieving pluginfacts Info: Retrieving plugin Info: Loading facts in /var/lib/puppet/lib/facter/root_home.rb Info: Loading facts in /var/lib/puppet/lib/facter/list_addrs.rb Info: Loading facts in /var/lib/puppet/lib/facter/pe_version.rb Info: Loading facts in /var/lib/puppet/lib/facter/puppet_vardir.rb Info: Loading facts in /var/lib/puppet/lib/facter/facter_dot_d.rb Info: Caching catalog for terryzeng-gz-qa-dns-d4yzu.vclound.com Info: Applying configuration version '1485312936' Notice: /Stage[main]/Main/Exec[yum makecache]/returns: executed successfully Notice: /Stage[main]/Main/Package[glibc-headers]/ensure: ensure changed '2.12-1.149.el6' to '0:2.12-1.149.el6_6.9' Notice: /Stage[main]/Main/Package[glibc-devel]/ensure: ensure changed '2.12-1.149.el6' to '0:2.12-1.149.el6_6.9' Notice: /Stage[main]/Main/Package[glibc-utils]/ensure: ensure changed '2.12-1.149.el6' to '0:2.12-1.149.el6_6.9' Notice: /Stage[main]/Main/Package[glibc-common]/ensure: ensure changed '2.12-1.149.el6' to '0:2.12-1.149.el6_6.9' Notice: /Stage[main]/Main/Package[glibc]/ensure: ensure changed '2.12-1.149.el6' to '0:2.12-1.149.el6_6.9' Notice: Finished catalog run in 36.21 seconds

验证结果

[root@terryzeng-gz-qa-dns-d4yzu /]# rpm -qa | grep -E 'net-snmp-devel|perl-libwww-perl|curl|acpid|bash|glibc' glibc-common-2.12-1.149.el6.x86_64 bash-4.1.2-29.el6.x86_64 python-pycurl-7.19.0-8.el6.x86_64 perl-libwww-perl-5.833-2.el6.noarch curl-7.19.7-37.el6_5.3.x86_64 glibc-devel-2.12-1.149.el6.x86_64 net-snmp-devel-5.5-50.el6_6.1.x86_64 acpid-1.0.10-2.1.el6.x86_64 glibc-utils-2.12-1.149.el6.x86_64 glibc-2.12-1.149.el6.x86_64 glibc-headers-2.12-1.149.el6.x86_64 libcurl-7.19.7-37.el6_5.3.x86_64 相关资源：python入门教程(PDF版)