Puppet 命令参数介绍
前言:
Puppet的工作原理:
puppet master启动默认是监听tcp协议的8140端口.通过ruby的webrick web接收agent端的请求,根据请求内容与master的统一接口文件site.pp文件匹配,将匹配到的主机资源编译成catalog向agent分发,agent接收到请求后在本地应用.
Puppet 命令分为独立命令和集成命令,puppet3.0版本后就没有了独立命令,集成命令也是未来的一个趋势,所以只写puppet集成命令.
通常查看帮助都知道使用-h,查看puppet 命令帮助也一样.
puppet 命令参数:
[root@puppet puppet]# puppet help Usage: puppet <subcommand> [options] <action> [options] Available subcommands: agent The puppet agent daemon #puppet agent守护进程 apply Apply Puppet manifests locally #应用puppet资源清单 ca Local Puppet Certificate Authority management. #管理本地puppet证书 catalog Compile, save, view, and convert catalogs. #编译,保存,查看,转换catalog cert Manage certificates and requests #管理puppet认证 certificate Provide access to the CA for certificate management. #提供CA证书接入管理 certificate_request Manage certificate requests. #管理证书请求 certificate_revocation_list Manage the list of revoked certificates. #显示删除证书列表 config Interact with Puppet‘s settings. #puppet 配置选项 describe Display help about resource types #显示资源类型帮助 device Manage remote network devices #管理远程网络设备 doc Generate Puppet documentation and references #puppet 文档生成和引用工具 facts Retrieve and store facts. #存储facts返回信息 file Retrieve and store files in a filebucket #在filebucket中文件个数和存储文件 filebucket Store and retrieve files in a filebucket #文件恢复与还原 help Display Puppet help. #显示puppet 帮助信息 inspect Send an inspection report #发送检查报告的 instrumentation_data Manage instrumentation listener accumulated data. DEPRECATED. #管理监听数据 instrumentation_listener Manage instrumentation listeners. DEPRECATED. #管理监听状态 instrumentation_probe Manage instrumentation probes. Deprecated #管理监听探测 key Create, save, and remove certificate keys.#创建,保存,删除证书秘钥文件 kick Remotely control puppet agent #puppet agent主动更新 man Display Puppet manual pages. #显示puppet 帮助页 master The puppet master daemon #puppet master守护进程 module Creates, installs and searches for modules on the Puppet Forge. #通过puppet forge创建,安装,搜索模块 node View and manage node definitions. #查看和管理节点 parser Interact directly with the parser. #*.pp文件语法检查命令 plugin Interact with the Puppet plugin system. #插件管理 queue Deprecated queuing daemon for asynchronous storeconfigs #puppet队列 report Create, display, and submit reports. #创建,显示,提交报告 resource The resource abstraction layer shell #资源RAL,仅供API使用 resource_type View classes, defined resource types, and nodes from all manifests. #查看类、默认资源与来自manifests的节点信息. secret_agent Mimics puppet agent. #模拟agent status View puppet server status. #查看服务状态 See ‘puppet help <subcommand> <action>‘ for help on a specific subcommand action. See ‘puppet help <subcommand>‘ for help on a specific subcommand. Puppet v3.8.7
puppet master 命令参数:(注释部分过多就不贴出来了,挑主要的)
[root@puppet puppet]# puppet master --help * --daemonize: #将进程发送到后台运行,是master默认参数 Send the process into the background. This is the default. (This is a Puppet setting, and can go in puppet.conf. Note the special ‘no-‘ prefix for boolean settings on the command line.) * --no-daemonize: #将启动进程输出信息发送到标准输出,简单理解不打到后台运行 Do not send the process into the background. (This is a Puppet setting, and can go in puppet.conf. Note the special ‘no-‘ prefix for boolean settings on the command line.) * --debug:#debug模式 Enable full debugging. * --help: #帮助信息 Print this help message. * --logdest: #指定输出日志的路径和文件名,可以选择系统log和控制终端或者指定路径,默认为控制终端. Where to send log messages. Choose between ‘syslog‘ (the POSIX syslog service), ‘console‘, or the path to a log file. If debugging or verbosity is enabled, this defaults to ‘console‘. Otherwise, it defaults to ‘syslog‘. A path ending with ‘.json‘ will receive structured output in JSON format. The log file will not have an ending ‘]‘ automatically written to it due to the appending nature of logging. It must be appended manually to make the content valid JSON. * --masterport: #Master自定义端口. The port on which to listen for traffic. (This is a Puppet setting, and can go in puppet.conf.) * --verbose: #输出扩展信息 Enable verbosity. * --version: #显示Master版本信息 Print the puppet version number and exit. * --compile: #编译后的catalog以json的格式输出到 $vardir/yaml/目录, Compile a catalogue and output it in JSON from the puppet master. Uses facts contained in the $vardir/yaml/ directory to compile the catalog.
Puppet agent参数:
[root@puppet puppet]# puppet agent --help # * --certname: #指定客户端certname(唯一ID),通常以域名命名 Set the certname (unique ID) of the client. The master reads this unique identifying string, which is usually set to the node‘s fully-qualified domain name, to determine which configurations the node will receive. Use this option to debug setup problems or implement unusual node identification schemes. (This is a Puppet setting, and can go in puppet.conf.) * --daemonize: #启动进程发送到后台守护进程,默认选项 Send the process into the background. This is the default. (This is a Puppet setting, and can go in puppet.conf. Note the special ‘no-‘ prefix for boolean settings on the command line.) * --no-daemonize: #不发送到后台守护进程 Do not send the process into the background. (This is a Puppet setting, and can go in puppet.conf. Note the special ‘no-‘ prefix for boolean settings on the command line.) * --debug: #debug调试模式 Enable full debugging. * --detailed-exitcodes: #提供详细的退出代码 Provide transaction information via exit codes. If this is enabled, an exit code of ‘2‘ means there were changes, an exit code of ‘4‘ means there were failures during the transaction, and an exit code of ‘6‘ means there were both changes and failures. * --digest: #指定证书指纹算法,默认为md5 Change the certificate fingerprinting digest algorithm. The default is SHA256. Valid values depends on the version of OpenSSL installed, but will likely contain MD5, MD2, SHA1 and SHA256. * --disable: #禁用puppet agent 在此节点执行,agent的守护进程还是运行的,只是此节点不去master同步配置了. Disable working on the local system. This puts a lock file in place, causing ‘puppet agent‘ not to work on the system until the lock file is removed. This is useful if you are testing a configuration and do not want the central configuration to override the local state until everything is tested and committed. Disable can also take an optional message that will be reported by the ‘puppet agent‘ at the next disabled run. ‘puppet agent‘ uses the same lock file while it is running, so no more than one ‘puppet agent‘ process is working at a time. ‘puppet agent‘ exits after executing this. * --enable: #启用,允许执行puppet agent -t 同步配置. Enable working on the local system. This removes any lock file, causing ‘puppet agent‘ to start managing the local system again (although it will continue to use its normal scheduling, so it might not start for another half hour). ‘puppet agent‘ exits after executing this. * --fingerprint: #显示当前证书的指纹 Display the current certificate or certificate signing request fingerprint and then exit. Use the ‘--digest‘ option to change the digest algorithm used. * --help: Print this help message * --logdest: #日志发送方式,默认采用syslog配置 Where to send log messages. Choose between ‘syslog‘ (the POSIX syslog service), ‘eventlog‘ (the Windows Event Log), ‘console‘, or the path to a log file. If debugging or verbosity is enabled, this defaults to ‘console‘. Otherwise, it defaults to ‘syslog‘ on POSIX systems and ‘eventlog‘ on Windows. A path ending with ‘.json‘ will receive structured output in JSON format. The log file will not have an ending ‘]‘ automatically written to it due to the appending nature of logging. It must be appended manually to make the content valid JSON. * --masterport: #指令puppet端口的 The port on which to contact the puppet master. (This is a Puppet setting, and can go in puppet.conf.) * --no-client: #不要创建客户端配置文件,当listen=true 时才有意义 Do not create a config client. This will cause the daemon to start but not check configuration unless it is triggered with `puppet kick`. This only makes sense when puppet agent is being run with listen = true in puppet.conf or was started with the `--listen` option. * --noop: #使用‘noop‘模式,仅运行测试,catalog不在agent端应用. Use ‘noop‘ mode where the daemon runs in a no-op or dry-run mode. This is useful for seeing what changes Puppet will make without actually executing the changes. (This is a Puppet setting, and can go in puppet.conf. Note the special ‘no-‘ prefix for boolean settings on the command line.) * --onetime: #运行一次,配合--no-daemonize使用 Run the configuration once. Runs a single (normally daemonized) Puppet run. Useful for interactively running puppet agent when used in conjunction with the --no-daemonize option. (This is a Puppet setting, and can go in puppet.conf. Note the special ‘no-‘ prefix for boolean settings on the command line.) * --test: #测试,但是会在本地应用catalog Enable the most common options used for testing. These are ‘onetime‘, ‘verbose‘, ‘ignorecache‘, ‘no-daemonize‘, ‘no-usecacheonfailure‘, ‘detailed-exitcodes‘, ‘no-splay‘, and ‘show_diff‘. * --verbose: #显示puppet扩展信息 Turn on verbose reporting. * --version: #显示puppet版本信息 Print the puppet version number and exit. * --waitforcert: #agent向master证书认证等待时间,默认为agent2分钟向master请求一次,如果设为0,表示不等待. This option only matters for daemons that do not yet have certificates and it is enabled by default, with a value of 120 (seconds). This causes ‘puppet agent‘ to connect to the server every 2 minutes and ask it to sign a certificate request. This is useful for the initial setup of a puppet client. You can turn off waiting for certificates by specifying a time of 0. (This is a Puppet setting, and can go in puppet.conf. Note the special ‘no-‘ prefix for boolean settings on the command line.)
Agent端尝试运行玩玩,没有资源也可以运行:
[root@sh-proxy2 ~]# puppet agent -t Info: Retrieving pluginfacts Info: Retrieving plugin Info: Caching catalog for sh-proxy2.localdomain Info: Applying configuration version ‘1504617222‘ Notice: Finished catalog run in 0.02 seconds
注释:如果有资源可以看到整个资源的更改,和是否运行成功.目前只能看到访问Master的耗时.
注意:Agent的运行方式有两种:1)命令直接连接master做更新.2)守护进程运行,每30分钟检测更新(这个时间自己可以设置).公司的生产直接将puppet agent -t 加到crontab计划任务做更新(参考借鉴).
举例:
[root@sh-proxy2 ~]# crontab -l 28,58 * * * * /usr/bin/puppet agent -t &>/dev/null
举例:agent服务并没donw,但是agent端也不能从master更新资源.使用--enable开启,再使用puppet agent -t继续更新资源.
[root@sh-proxy2 ~]# puppet agent --disable [root@sh-proxy2 ~]# /etc/init.d/puppet status puppet (pid 37949) is running... [root@sh-proxy2 ~]# puppet agent -t Notice: Skipping run of Puppet configuration client; administratively disabled (Reason: ‘reason not specified‘); Use ‘puppet agent --enable‘ to re-enable.
本文出自 “蚂蚁” 博客,请务必保留此出处http://215687833.blog.51cto.com/6724358/1963179
原文地址:http://215687833.blog.51cto.com/6724358/1963179