3182235786a
作用:自动为客户端配置YUM源,为使用yum安装软件包提供便捷1、服务端配置yum模块(1)模块清单1234567891011[root@puppet ~]# tree /etc/puppet/modules/yum/。
/etc/puppet/modules/yum/├── files│ ├── yum.conf│ └── RPM-GPG-KEY-CentOS-6├── manifests│ ├── config.pp
│ ├── init.pp│ ├── install.pp│ └── params.pp└── templates说明:这里只针对centos 6.5版本测试,其他的可以此类推,需要注意的就是本地源的光盘加载问题(见测试环节)
(2)定义参数类12345678910111213141516171819[root@puppet ~]# vi /etc/puppet/modules/yum/manifests/params.ppclass yum::params {
case $operatingsystemrelease{ 6.5: { $yum_centos_descr = centos base rpm packages #本地仓库描述信息
$yum_centos_baseurl = file:///media/cdrom/ #IOS文件或光盘mount到本地的路径 $yum_centos_pki = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 #YUMREPO文件中指定PKI文件路径
$yum_centos_pki_name = /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 #PKI文件路径,复制一份到puppet的modules中 $yum_centos_pki_download = puppet:///modules/yum/RPM-GPG-KEY-CentOS-6
$yum_puppet_descr = puppet rpm packages for centos #puppet仓库描述信息 $yum_puppet_baseurl = http://yum.puppetlabs.com/el/6/products/$basearch #puppet仓库路径
$yum_163_descr = 163 rpm packages for centos #163仓库描述信息 $yum_163_baseurl = http://mirrors.163.com/centos/$releasever/contrib/$basearch/ #163仓库路径
} default: { fail(“Module yum is not supported on ${::operatingsystem}”) #6.5版本以外的会提示不支持,如有5.5、5.4这样的版本可按参考6.5进行参数定义
} }}注意:PKI文件RPM-GPG-KEY-CentOS-6是光盘中的存在的,系统不一样,名称也不一样,需要确认说明:变量$operatingsystemrelease是通过facter获取计算机的信息的,运行下面的命令可查看计算机相关信息:。
12[root@puppet ~]# facter | grep operatingsystemreleaseoperatingsystemrelease => 6.5(3)定义安装类123456789
1011121314151617181920212223242526272829303132333435363738394041424344[root@puppet ~]# vi /etc/puppet/modules/yum/manifests/install.pp
class yum::install{ #1、确保yum被安装 package { yum: ensure => installed, } #2、创建光盘挂载目录 file { /media/cdrom:
ensure => directory, owner => root, group => root, } #3、确保光盘被挂载#方法一:EXEC# exec { “mount_cdrom”:
# path => “/usr/bin:/usr/sbin:/bin”,# command => /bin/mount /dev/cdrom /media/cdrom/,# creates => /media/cdrom/RPM-GPG-KEY-CentOS-6,
# require => File[/media/cdrom],# }#方法二:MOUNT mount { mount_cdrom: name => “/media/cdrom”, #挂载到的目标目录
ensure => mounted, #要求被挂载状态 fstype => “iso9660”, #光盘的文件类型,使用mount命令或cat /etc/fstab查看
device => “/dev/cdrom”, #光盘的设备,是个链接,实际指向/dev/sr0 options => “ro”, #以只读方式挂载光盘
atboot => true, #允许开机启动时挂载上 remounts => true, #允许重新挂载 require => File[/media/cdrom], #要求挂载目标目录存在
} #4、安装源前先备份 file { /etc/yum.repos.d/bak: ensure => directory, owner => root, group => root,
} exec { “repos_bak”: path => “/usr/bin:/usr/sbin:/bin”, command => mv -f /etc/yum.repos.d/[^c]*.repo /etc/yum.repos.d/bak/, #将不是小写c开头的repo文件强制移动到备份目录
creates => /etc/yum.repos.d/bak/CentOS-Base.repo, #当备份目录存在这个文件时不再执行此资源 require => File[/etc/yum.repos.d/bak], #要求备份目录存在
}}说明:新生成的repo文件都是小写c开头的,因此将不是c开头([^c]*)的repo文件移至bak,原文件都是CentOS开头的,外加一个puppetlabs.repo,可以将[^c]*.repo改成CentOS*.repo,只将原文件备份。
(4)定义配置类123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051
52535455565758596061626364656667686970717273[root@puppet ~]# vi /etc/puppet/modules/yum/manifests/config.pp
class yum::config{ include yum::params include yum::config_file,yum::config_key,yum::config_repo}#1、定义配置文件
class yum::config_file{ file { /etc/yum.conf: #yum主配置文件yum.conf路径 ensure => present, #要求文件处于存在状态
owner => root, #属主为root group => root, #属组为root mode => 0644, #文件权限为644
source => puppet:///modules/yum/yum.conf, #自动搜索yum模块下的files目录,因此省略/files require => Class[yum::install], #要求在配置之前先安装yum软件包
} file { /etc/yum.repos.d/centos-base.repo: #设置光盘repo的一些属性,文件名是yumrepo中的标题名定义的,必须一致 ensure => present,
owner => root, group => root, mode => 0644, require => Class[yum::config_repo], #要求设置之前yumrepo资源centos-base必须存在
} file { /etc/yum.repos.d/centos-puppet.repo: ensure => present, owner => root, group => root,
mode => 0644, require => Class[yum::config_repo], } file { /etc/yum.repos.d/centos-163.repo:
ensure => present, owner => root, group => root, mode => 0644, require => Class[yum::config_repo],
}}#2、定义pki证书文件class yum::config_key{ #设置pki证书的一些属性及下载位置 file { $yum::params::yum_centos_pki_name: #证书名称在参数类中定义
ensure => present, owner => root, group => root, mode => 0644, source => $yum::params::yum_centos_pki_download, #证书下载地址在参数类中定义
}}#3、定义基本yum仓库、puppet仓库和163仓库class yum::config_repo{ yumrepo { centos-base: #创建yumrepo资源cenos-base
descr => $yum::params::yum_centos_descr, #设置描述信息 baseurl => $yum::params::yum_centos_baseurl, #设置yum源下载地址
enabled => 1, #激活yum源 gpgcheck => 1, #设置要求通过pki校验
gpgkey => $yum::params::yum_centos_pki, #设置pki文件的位置 require => Class[yum::config_key], #要求pki文件必须存在
priority => 1, #设置repo的优先级为1(越小越高) } yumrepo { centos-puppet: descr => $yum::params::yum_puppet_descr,
baseurl => $yum::params::yum_puppet_baseurl, enabled => 1, gpgcheck => 0, #不要求通过pki校验
priority => 2, } yumrepo { centos-163: descr => $yum::params::yum_163_descr, baseurl => $yum::params::yum_163_baseurl,
enabled => 1, gpgcheck => 0, priority => 3, }}说明:创建了三个YUM源,都以centos(小写)开头的,客户端安装puppet时生成了puppetlabs.repo源,因此这里的centos-puppet源也可以省略。
(7)定义yum主类1234[root@puppet ~]# vi /etc/puppet/modules/yum/manifests/init.ppclass yum { include yum::params,yum::install,yum::config
}(8)定义节点文件,调用模块1234[root@puppet ~]# vi /etc/puppet/manifests/centostest.ppnode “centostest.ewin.com” {
include ntp, yum}(9)应用节点文件12[root@puppet ~]# vi /etc/puppet/manifests/site.ppimport “centostest.pp”
(10)复制文件将以下两个文件从客户端复制一份到服务端/etc/puppet/modules/yum/files下/etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6/etc/yum.conf
注意在文件头部加上以***释,测试的时候方便分辨1### config by puppet ###2、测试(1)客户端执行测试1234[root@centostest ~]# puppet agent –server puppet.ewin.com -test –noop
Info: Caching catalog for centostest.ewin.comInfo: Applying configuration version 1415332221Notice: Finished catalog run in 1.09 seconds
(2)查看客户端日志1234567891011[root@centostest ~]# tailf /var/log/messagesNov 7 11:50:20 centostest puppet-agent[8809]: (/Stage[main]/Yum::Install/File[/media/cdrom]/ensure) created
Nov 7 11:50:20 centostest puppet-agent[8809]: (/Stage[main]/Yum::Install/Exec[mount_cdrom]/returns) executed successfully
Nov 7 11:50:22 centostest puppet-agent[8809]: (/Stage[main]/Yum::Install/File[/etc/yum.repos.d/bak]/ensure) created
Nov 7 11:50:22 centostest puppet-agent[8809]: (/Stage[main]/Yum::Install/Exec[repos_bak]/returns) executed successfully
Nov 7 11:50:23 centostest puppet-agent[8809]: (/Stage[main]/Yum::Config_key/File[/etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6]/content) content changed {md5}e8e57fd1a55dc5c6d82e60a444781b96 to {md5}a27c559bf7660f101317ac3b41a7600b
Nov 7 11:50:23 centostest puppet-agent[8809]: (/Stage[main]/Yum::Config_repo/Yumrepo[centos-base]/ensure) created
Nov 7 11:50:24 centostest puppet-agent[8809]: (/Stage[main]/Yum::Config_repo/Yumrepo[centos-puppet]/ensure) created
Nov 7 11:50:24 centostest puppet-agent[8809]: (/Stage[main]/Yum::Config_repo/Yumrepo[centos-163]/ensure) created
Nov 7 11:50:24 centostest puppet-agent[8809]: (/Stage[main]/Yum::Config_file/File[/etc/yum.conf]/content) content changed {md5}5d8b0bf30a8ee9d66a9cb2642186ac37 to {md5}8c1fab4142147877a3f77f89eb8ccb7c
Nov 7 11:50:24 centostest puppet-agent[8809]: Finished catalog run in 4.27 seconds结论:可看到cdrom目录创建、挂载命令执行成功、备份命令成功、同步了PKI文件和CON文件、创建了三个YUMREPO
(3)查看客户端挂载的光盘目录123456[root@centostest ~]# ls /media/cdrom/CentOS_BuildTag isolinux RPM-GPG-KEY-CentOS-Debug-6
EFI Packages RPM-GPG-KEY-CentOS-Security-6EULA RELEASE-NOTES-en-US.html RPM-GPG-KEY-CentOS-Testing-6
GPL repodata TRANS.TBLimages RPM-GPG-KEY-CentOS-6结论:挂载成功,如果用的EXEC方法将会判断RPM-GPG-KEY-CentOS-6存在时不会再执行Exec,而且此文件是原文件,不是新建的空文件。
经测试umount /media/cdrom卸载光盘后会自动重启挂载上,甚至卸载再删除/media/cdrom目录,也会恢复,有兴趣的可以试试(4)查看YUM源备份123[root@centostest ~]# ls /etc/yum.repos.d/bak/。
CentOS-Base.repo CentOS-Media.repo CentOS-Vault.repoCentOS-Debuginfo.repo puppetlabs.repo(5)查看客户端同步的文件
123456789[root@centostest ~]# cat /etc/yum.conf### config by puppet ###[main]…[root@centostest ~]# cat /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
### config by puppet ###—–BEGIN PGP PUBLIC KEY BLOCK—–Version: GnuPG v1.4.5 (GNU/Linux)…结论:从文件头部注释信息可以确认文件同步成功
(6)查看YUM list1234567891011121314[root@centostest ~]# yum clean allLoaded plugins: fastestmirror, refresh-packagekit, security
Cleaning repos: base puppetlabs-deps puppetlabs-productsCleaning up EverythingCleaning up list of fastest mirrors
[root@centostest ~]# yum listLoaded plugins: fastestmirror, refresh-packagekit, securityDetermining fastest mirrors
centos-163 | 2.9 kB 00:00centos-163/primary_db | 1.2 kB 00:00
centos-base | 4.0 kB 00:00 …centos-base/primary_db | 4.4 MB 00:00 …
centos-puppet | 2.5 kB 00:00centos-puppet/primary_db 13% [=- ] 5.9 B/s | 17 kB –:– ETA
结论:YUM三个仓库都能成功加载,通过yum clean all再yum list可观察1234567891011[root@centostest ~]# yum list puppetLoaded plugins: fastestmirror, refresh-packagekit, security。
Loading mirror speeds from cached hostfilehttp://mirrors.163.com/centos/6/contrib/x86_64/repodata/repomd.xml:
[Errno 12] Timeout on http://mirrors.163.com/centos/6/contrib/x86_64/repodata/repomd.xml:(28, Operation too slow. Less than 1 bytes/sec transfered the last 30 seconds)
Trying other mirror.Installed Packagespuppet.noarch 3.7.1-1.el6 @puppetlabs-products
Available Packagespuppet.noarch 3.7.3-1.el6 centos-puppet结论:可以看到从163的源查找puppet超时,已安装的包是从@puppetlabs安装的,有效的包是在centos-puppet源中。
3、yum仓库资源123456yumrepo { “repo163”: #YUM源文件.repo的文件名 descr => “163 repo”, #仓库的描述 baseurl => “http://mirrors.163.com/centos/$releasever/contrib/$basearch/”, #仓库的url
gpgcheck => “0”, #是否检查仓库中的软件包GPG签名,可设置的值为0或者1. enabled => “1”, #是否开启或者禁用仓库,可设置的值为1或者0.1为开启,0为禁用
}123456789101112131415{ enablegroups => , #是否可以使用yumgroup参数,如yumgroup list,yumgroup install等exclude => , #排除那些软件的安装与更新,支持shell通配符。
failovermethod => , #可设置的值为priority,roundrobin.gpgkey => , #仓库的软件包签名,GPG密钥的URLinclude => , #包含配置url.。
includepkgs => , #只有匹配的软件包才能安装或者更新keepalive => , #设置http/1.1选项,可设置的为0或者1.metadata_expire => , #元组数据的过期时间,单位时间为秒。
miirorlist => , #仓库的镜像列表name => , #仓库名字priority => , #优先级,可设置的是从1-99.protect => , #启用或者禁用对这个仓库的保护。
可设置的值为0或者1.proxy => , #设置代理}4、mount挂载资源挂载共享文件夹12345mount { “/mount”: #挂载的目标目录,等同于name参数
device => “192.168.0.1:/share/nfs”, #挂载的来源设备 fstype => “nfs”, #文件系统类型 options => “_netdev,vers=3,tcp,rsize=8192,wsize=8192,noauto”, #其他选项
}挂载samba123456mount {“/media”: ensure => mounted, device => “//172.22.2.89/public”, fstype => cifs,
options => “username=perofu,password=123456”;}参数说明12345678910mount { mount_cdrom: name => “/media/cdrom”, #挂载到的目标目录
ensure => mounted, #要求被挂载状态 fstype => “iso9660”, #光盘的文件类型 device => “/dev/cdrom”, #光盘的设备,是个链接,指向/dev/sr0
options => “ro”, #以只读方式挂载光盘 atboot => true, #允许开机启动时挂载上 remounts => true, #允许重新挂载 require => File[/media/cdrom], #要求挂载目标目录存在
}查看文件系统类型:12345[root@centostest ~]# mount/dev/mapper/vg_centostest-lv_root on / type ext4 (rw)/dev/sda1 on /boot type ext4 (rw)
/dev/mapper/vg_centostest-lv_home on /home type ext4 (rw)/dev/sr0 on /media/cdrom type iso9660 (ro)发现以下报错,是因为没有加上options => “ro”,因为光盘是只读的。
12[mount_cdrom]) Could not evaluate: Execution of /bin/mount /media/cdrom returned 32:mount: block device /dev/sr0 is write-protected, mounting read-only
