puppet学习笔记之node/package/service/file/user/group/cron/exec管理

标签：puppet

#节点管理;
node ‘puppet.63638790.cn‘,‘puppet-agent-188‘,‘puppet-agent-190‘ {
        include package::install
        include services::system
        include services::lamp
        include privileges
        include software::distribution
        include directory::distribution
        include user::add
        include user::delete
        #include group::add
        include group::delete
        include crontab
        include exec::shell
}
########################################################
#软件包管理;
#以数组的方式来定义需要安装的软件包;
class package::install {
        package { ["nmap","telnet","mlocate","vim-enhanced","wget","bison","httpd","mysql","mysql-server"]:
                ensure => latest,
                allow_virtual => false,
        }
}
######################################################
#系统服务管理;
#有些人iptalbes的running测试没成功,stopped 测试OK,不知道为什么?
#这是由于您停掉iptables后,再使用iptables -nL命令查看iptables的状态导致,不信您可以测试一下,这是血的教训哈；
class services::system {
        service { 
["iptables","auditd","sshd","crond","rsyslog"]:
        ensure => ‘running‘,
        #ensure => ‘stopped‘,
hasstatus => true,
hasrestart => true,
path => "/etc/init.d",
enable => "true",    #设置开机自启动;
#start => "/etc/init.d/iptables start";
        }
}
class services::lamp {
        service { 
"/etc/init.d/mysqld":
name => "mysqld",
        ensure => ‘running‘,
hasstatus => true,
hasrestart => true,
path => "/etc/init.d",
enable => "true",    #设置开机自启动;
#start => "/etc/init.d/mysqld start";
        }
service {
"httpd":
ensure => "running",
}
}
#######################################################
#文件及目录管理;
#文件权限(4种方式);
class privileges {
File {                            #统一设置文件默认属性;
ensure => present,
owner => "apache",
group => "apache",
mode => "644",
}
file {
"www":
path => "/var/www/html/",
recurse => true,
}
file {
#ensure => present|absent|file|directory|link,
["/etc/passwd","/etc/shadow","/etc/resolv.conf"]:    #数组方式自定义文件属性;
owner => "root",
group => "root",
mode => "644";
"/etc/ssh/sshd_config":           #title=name方式自定义文件属性;
owner => "root",
group => "root",
mode => "600";
"hosts":                          #title!=name方式自定义文件属性;  
name => "/etc/hosts",
owner => "root",
group => "root",
mode => "644";
}
}
#文件分发;
#需要先配置文件服务,编辑/etc/puppet/fileserver.conf文件;
#如果服务端的文件有更改，客户端会重新同步;同理,如果客户端的文件被改动,同样会重新同步,以服务端的文件为准;
class software::distribution {
file {
["/data","/data/backup","/data/share"]:
ensure => "directory";
}
file {
"key.sql":
name => "key.sql",
path => "/data/share/key.sql",
source => "puppet://puppet-master-180/files/key.sql",
}
file {
"optimize.sh":
path => "/data/share/cname.sh",#客户端路径及文件名可以随意指定,只要目录存在即可;
source => "puppet://puppet-master-180/files/optimize.sh",
backup => ".bak_$uptime_seconds",#存在同名文件,MD5值不同,先备份再覆盖;
}
file {
"httpd.conf":
path => "/etc/httpd/conf/httpd.conf",
source => "puppet://puppet-master-180/conf/httpd.conf",
backup => ".bak_$uptime_seconds",
}
exec {
"service httpd restart":
command => "service httpd restart",
        path => "/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin",
subscribe => File["httpd.conf"],
refreshonly => "true";#当上面定义的httpd.conf文件有变化的时候,触发重启服务的指令;
}
}
#目录分发;
#需要先配置目录服务,编辑/etc/puppet/fileserver.conf文件;
class directory::distribution {
file {
"soft":
name => "soft",
path => "/data/soft",
source => "puppet://puppet-master-180/directory/soft",
recurse => true,    #在远程和本地都进行递归调用;
}
}
#########################################################
#用户管理;
#puppet默认不会在/home目录下创建用户的家目录;
#新增用户不用指定gid，由于gid不存在，会报错，默认会自动创建跟uid一样的gid;
#Password的值用grub-md5-crypt生成，并且注意用单引号把它括起来;
class user::add {
user {
"add user":
name => "nd",
uid => 2015,
#gid => 2015,
password => ‘$1$zHS7H$zF6NeOpE.ruAfwn5V8bEg/‘,
home => "/home/nd",
shell => "/bin/bash",
allowdupe => false,    #不允许相同的UID存在;
}
}
class user::delete {
user {
["lp","games","ftp"]:
ensure => "absent",
}
}
######################################################
#用户组管理;
class group::add {
group {
"add group":
ensure => "present",
name => "csgroup",
gid => "2010",
allowdupe => false,
}
}
class group::delete {
group {
["lp","games","ftp"]:
ensure => "absent",
}
}
#####################################################
#计划任务;
#到客户端使用命令:crontab -l 查询结果;
class crontab {
cron {
"sync ntpdate":
command => "sh /tmp/shell.sh",
user => "root",
minute => "03",
hour => "03",
}
}
#######################################################
#执行外部命令及脚本管理;
class exec::shell {
        exec { 
"ntpdate":
        cwd => "/tmp",
        command => "sh /tmp/shell.sh",#客户端脚本必须存在,否则会报错;
        user => "root",
        path => "/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin",
        }
exec {
"exec-mkdir-test":
#cwd => "/data/share",#命令执行的路径,如指定的路径不存在,命令执行将失败,系统命令部分可不用指定;
command => "mkdir -p /data/share/{test,test1,test2}",
user => "root",
        path => "/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin",
}
}
#END

本文出自 “方寸小山” 博客，请务必保留此出处http://63638790.blog.51cto.com/513514/1659725

puppet学习笔记之node/package/service/file/user/group/cron/exec管理

标签：puppet

原文地址：http://63638790.blog.51cto.com/513514/1659725