Puppet资源关系与审计
本文介绍Puppet配置管理工具中资源之间的依赖关系定义方法,包括先后顺序与通知机制,并展示了如何使用审计属性记录资源状态的变化。
Puppet 资源公有属性的其他描述方式
puppet的资源公有属性中还可以通过"->"和"~>"两种特殊符号来描述资源与资源之间的关系.
->:用于表示资源与资源之间的先后关系,等同于before和require两个资源公有属性.
~>:用于表示资源之间的通知,等同于notify和subscribe练个资源公有属性.
示例: "->"用法
安装httpd并运行httpd服务的puppet代码如下:
|
1
2
3
4
5
6
7
8
9
10
|
[root@sh-web1 ~]# cat httpd2.pp
package {"httpd":
ensure => present,
provider => 'yum',
}service {"httpd":
ensure => running,
enable => true,
}Package["httpd"] -> Service["httpd"]
|
运行结果:
|
1
2
3
4
5
6
7
|
[root@sh-web1 ~]# puppet apply httpd2.pp
Notice: Compiled catalog for sh-web1.localdomain in environment production in 0.06 seconds
Notice: /Stage[main]/Main/Package[httpd]/ensure: created
Notice: /Stage[main]/Main/Service[httpd]/ensure: ensure changed 'stopped' to 'running'
Notice: Finished catalog run in 3.02 seconds
[root@sh-web1 ~]# /etc/init.d/httpd status
httpd (pid 81254) is running... |
示例: "~>"用法
|
1
2
3
4
5
6
7
8
9
10
11
12
13
|
[root@sh-web1 ~]# cat httpd.pp
package {"httpd":
ensure => present,
provider => 'yum',
}service {"httpd":
ensure => running,
enable => true,
}file {'/etc/httpd/conf/httpd.conf':
ensure => file,
}Package["httpd"] -> File ['/etc/httpd/conf/httpd.conf'] ~> Service["httpd"]
|
运行结果:
|
1
2
3
4
5
6
7
|
[root@sh-web1 ~]# puppet apply httpd.pp
Notice: Compiled catalog for sh-web1.localdomain in environment production in 0.07 seconds
Notice: /Stage[main]/Main/Package[httpd]/ensure: created
Notice: /Stage[main]/Main/Service[httpd]/ensure: ensure changed 'stopped' to 'running'
Notice: Finished catalog run in 3.25 seconds
[root@sh-web1 ~]# /etc/init.d/httpd status
httpd (pid 81493) is running... |
生产上并不会像上面那样去写,一个资源可能很大,篇幅很长.
如下两种写法:
第一种:
|
1
2
3
4
5
6
7
8
9
10
|
[root@sh-web1 ~]# cat httpd2.pp
package {"httpd":
ensure => present,
provider => 'yum',
}->service {"httpd":
ensure => running,
enable => true,
} |
第二种:
|
1
2
3
4
5
6
7
8
9
|
[root@sh-web1 ~]# cat httpd2.pp
package {"httpd":
ensure => present,
provider => 'yum',
} ->service {"httpd":
ensure => running,
enable => true,
} |
|
1
2
3
4
5
|
[root@sh-web1 ~]# puppet apply httpd2.pp
Notice: Compiled catalog for sh-web1.localdomain in environment production in 0.04 seconds
Notice: /Stage[main]/Main/Package[httpd]/ensure: created
Notice: /Stage[main]/Main/Service[httpd]/ensure: ensure changed 'stopped' to 'running'
Notice: Finished catalog run in 2.28 seconds
|
注意:大部分都是第二种写法,"->"或"~>"跟在花括号的后面,但是个人习惯用第一种反正更新puppet不报错也能得到想要结果就ok.
audit审计
audit资源公有属性主要用于资源属性的审计,当某资源状态变化时,它可以将变化的内容抓夹到系统日志中.
puppet代码如下:
|
1
2
3
4
|
[root@sh-web1 ~]# cat file.pp
file {"/etc/password":
audit => [ owner,mode ],
} |
运行过程,会看到改变通知.
|
1
2
3
4
5
|
[root@sh-web1 ~]# puppet apply file.pp
Notice: Compiled catalog for sh-web1.localdomain in environment production in 0.07 seconds
Notice: /Stage[main]/Main/File[/etc/password]/owner: audit change: newly-recorded value absent
Notice: /Stage[main]/Main/File[/etc/password]/mode: audit change: newly-recorded value absent
Notice: Finished catalog run in 0.05 seconds
|
本文转自青衫解衣 51CTO博客,原文链接:http://blog.51cto.com/215687833/1978109
扫一扫
134
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
