Puppet
環境 [#u0b9862f]
Mac [#f7bc3d48]
-MacOS 10.11 -Vagrant 1.8.1 -Virtual Box バージョン 5.0.14
VM [#hd4fa423]
-puppet 3.1.1 -ruby1.8.7(yum)
説明 [#td460121]
-Vagrant固有の箇所については省略してます。※vagrant up,halt,destroyなど
第3章 Vagrantで開発環境を用意する [#z273b244]
[Mac]
$ mkdir
/Github;cd
/Github
$ git clone git://github.cim/kentaro/puppet-book-support.git
$ cd puppet-book-support
$ vagrant up
$ vagrant ssh <-- sshログインできることを確認して、ログアウト
$ vagrant ssh-config --host pptest1 >>
/.ssh/config <-- ssh pptest1 でSSH出来るようになる。※pptest1の箇所は何でもOK
第4章 Hello, Puppet! [#m940683c]
Hello World!デプロイする [#p57f7294]
[Mac]
$ vagrant ssh
[VM]
$ puppet --version
3.1.1
$ cd /vagrant/puppet-book-support/puppet/hello_puppet
$ puppet apply hello_world.pp
Notice: Scope(Class[main]): Hello, World!
Notice: Finished catalog run in 0.03 seconds
zshをインストール [#zb9108a3]
[VM]
$ cd /vagrant/puppet-book-support/puppet/hello_puppet
$ sudo puppet apply zsh.pp
Notice: /Stage[main]//Package[zsh]/ensure: created
Notice: Finished catalog run in 19.85 seconds
$ which zsh
/bin/zsh
gemでPuppetをインストールする場合 [#zc00d047]
[Mac]
$ vagrant ssh
[VM]
$ which ruby
/usr/bin/which: no ruby
$ su -
# yum install ruby rubygems
# which ruby
/usr/bin/ruby
# ruby version
ruby 1.8.7
# which gem
/usr/bin/gem
# gem --version
1.3.7
# gem install puppet --no-rdoc --no-ri
Successfully installed facter-2.4.6
Successfully installed json_pure-1.8.3
Successfully installed hiera-3.0.6
Successfully installed puppet-4.3.2
4 gems installed
# gem list --local | grep puppet
puppet (4.3.2)
以上
第5章 nginxのmanifestを書く [#n9a9a66a]
[VM]
$ cd /vagrant/puppet
$ mkdir nginx_original
$ cd nginx_original
$ vim nginx_original
---
yumrepo { 'nginx':
descr => 'nginx yum repository',
baseurl => 'http://nginx.org/packages/rhel/$releasever/$basearch/',
enabled => '1',
gpgcheck => 0,
}
package { 'nginx':
ensure => installed,
require => Yumrepo['nginx'],
}
$port = 80
file { '/etc/nginx/conf.d/my.conf':
ensure => present,
owner => 'root',
group => 'root',
mode => '0644',
content => template('my.conf'),
require => Package['nginx'],
notify => Service['nginx'],
}
$target = 'Puppet'
file { '/usr/share/nginx/html/index.html':
ensure => present,
owner => 'root',
group => 'root',
mode => '0644',
content => template('index.html'),
require => Package['nginx'],
}
service { 'nginx':
enable => true,
ensure => running,
hasrestart => true,
require => File['/etc/nginx/conf.d/my.conf'],
}
---
$ mkdir template
$ vim index.html
---
Hello <%= target %>
---
$ vim my.conf
---
server {
listen <%=port %>;
server_name localhost;
location / {
root /usr/share/nginx/html;
index index.html;
}
}
---
$ cd ../
$ sudo puppet apply --templatedir=template/ nginx.pp
Notice: /Stage[main]//Yumrepo[nginx]/descr: descr changed '' to 'nginx yum repository'
Notice: /Stage[main]//Yumrepo[nginx]/baseurl: baseurl changed '' to 'http://nginx.org/packages/rhel/$releasever/$basearch/'
Notice: /Stage[main]//Yumrepo[nginx]/enabled: enabled changed '' to '1'
Notice: /Stage[main]//Yumrepo[nginx]/gpgcheck: gpgcheck changed '' to '0'
Notice: /Stage[main]//Package[nginx]/ensure: created
Notice: /Stage[main]//File[/usr/share/nginx/html/index.html]/content: content changed '{md5}e3eb0a1df437f3f97a64aca5952c8ea0' to '{md5}58e958909fda3cd0f1a86ac8b0ba25b4'
Notice: /Stage[main]//File[/etc/nginx/conf.d/my.conf]/ensure: created
Notice: /Stage[main]//Service[nginx]/ensure: ensure changed 'stopped' to 'running'
Notice: /Stage[main]//Service[nginx]: Triggered 'refresh' from 1 events
Notice: Finished catalog run in 17.01 seconds
$ curl http://localhost/
Hello Puppet
dependency relationshipについて [#o222eee2]
+yumリポジトリを登録する –依存関係無し +nginxパッケージをインストールする –依存関係有り→require => Yumrepo[’nginx’], +設定ファイルを配置する –依存関係有り→require => Package[’nginx’], notify => Service[’nginx’], +サービスを起動する –依存関係有り→require => Package[’nginx’],
第6章 パッケージをインストールする [#fe49c930]
パターン1 [#s0f09e58]
$ vim package.pp
package {'zsh':
ensure => installed,
}
パターン2 [#q956cc26]
package {
[
'gcc',
'rsync',
'wget',
]:
ensure => installed,
}
パターン3 [#vfd5007f]
$packages = [
'gcc',
'rsync',
'wget',
]
package {$packages:
ensure => installed,
}
第7章 yumリポジトリを登録する [#kc9fab3b]
yumrepo { 'nginx':
descr => 'nginx yum repository',
baseurl => 'http://nginx.org/packages/centos/6/$basearch/',
enabled => 1,
gpgcheck => 0,
}
第8章 サービスを起動する [#u50e3343]
パターン1 > 特定のファイルに変更があったら、nginxが再起動する [#n49124e3]
service { 'nginx':
ensure => running,
enable => true,
hasrestart => true,
require => File['/etc/nginx/conf.d/my.conf'],
subscribe => File['/etc/nginx/conf.d/my.conf'],
}
パターン2 > ファイルが置かれたらservice nginxに通知 > nginxが再起動する [#n0868cad]
service { 'nginx':
ensure => running,
enable => trure,
hasrestart => true,
require => File['/etc/nginx/conf.d/my.conf'],
}
file {'/etc/nginx/conf.d/my.conf':
ensure => present,
owner => 'root',
group => 'root',
mode => '0644',
content => template('my.conf'),
require => Package['nginx'],
notify => Service['nginx'],
}
第9章 ファイルやディレクトリを作成する [#ta750f35]
パターン1(ファイルの作成) [#q9280eaa]
$ vim test.pp
file {'/tmp/hello_puppet.txt':
content => "Hello,Puppet!!¥n",
}
$ puppet apply test.pp
Notice: /Stage[main]//File[/tmp/hello_puppet.txt]/ensure: defined content as '{md5}a6010e5381b0fcaae7b38e67e446775d'
Notice: Finished catalog run in 0.03 seconds
$ cat /tmp/hello_puppet.txt
Hello,Puppet!!
パターン2(ファイルの作成,オリジナル) [#n5193d9e]
$ mkdir template
$ vim template/resolv.conf
nameserver 8.8.8.8
nameserver 8.8.4.4
$ vim resolv.pp
file {'/etc/resolv.conf':
ensure => present,
owner => root,
group => root,
mode => 0644,
content => template('resolv.conf'),
}
$ sudo puppet apply resolv.pp
Notice: /Stage[main]//File[/etc/resolv.conf]/content: content changed '{md5}1ebb0185f2893f6ff73e29a7bee53e2d' to '{md5}c7ea09d26e26605227076e0514a33038'
Notice: Finished catalog run in 0.03 seconds
$ cat /etc/resolv.conf
nameserver 8.8.8.8
nameserver 8.8.4.4
パターン3(ファイルの作成,変数) [#w825cb1a]
$ vim test.pp
$content = "Hello,Puppet!!"
file {'/tmp/hello_puppet_template.txt':
content => template("hello_puppet_template.erb"),
}
$ vim template/hello_puppet_template.erb
<%= content %>
$ sudo puppet apply test.pp --templatedir=template/
Notice: /Stage[main]//File[/tmp/hello_puppet_template.txt]/ensure: defined content as '{md5}a6010e5381b0fcaae7b38e67e446775d'
Notice: Finished catalog run in 0.03 seconds
パターン1(ディレクトリの作成)※下記方法だと再帰的にディレクトリを作成できないので注意 [#mdc1ba23]
$ vim test.pp
file {'/tmp/hello_puppet/':
ensure => directory,
owner => 'root',
group => 'root',
mode => '0755',
}
$ sudo puppet apply test.pp <= rootの所有者,グループにするのでsudoが必要
Notice: /Stage[main]//File[/tmp/hello_puppet]/ensure: created
Notice: Finished catalog run in 0.03 seconds
$ ls -l /tmp/
drwxr-xr-x 2 root root 4096 3月 18 00:52 2016 hello_puppet
パターン1(シンボリックリンクの作成) [#f4e7d921]
$ vim test.pp
file {'/tmp/hoge':
ensure => link,
target => '/etc/hosts',
owner => 'root',
group => 'root',
mode => '0644',
}
$ sudo puppet apply test.pp
Notice: /Stage[main]//File[/tmp/hoge]/ensure: created
Notice: Finished catalog run in 0.03 seconds
$ ls -l /tmp
lrwxrwxrwx 1 root root 10 3月 18 01:10 2016 hoge -> /etc/hosts
第10章 ユーザやグループを作成する [#s4fd0cf3]
ユーザーの作成 [#c3b9edaf]
$ vim user.pp
user {'testuser':
ensure => present,
comment => 'testuser',
home => '/home/testuser',
managehome => true,
shell => '/bin/zsh',
}
managehome をtrueにすることで、ensureがpresentの際はホームディレクトリを作成し、ensureがabsentの時はホームディレクトリを削除する
$ sudo puppet apply user.pp
Notice: /Stage[main]//User[testuser]/ensure: created
Notice: Finished catalog run in 0.10 seconds
$ ls -l /home/
drwx------ 2 testuser testuser 4096 3月 20 04:08 2016 testuser
グループの作成 [#zdfa7fd7]
$ vim group.pp
group {'developers':
ensure => present,
gid => 999,
}
$ sudo puppet apply group.pp
Notice: /Stage[main]//Group[developers]/ensure: created
Notice: Finished catalog run in 0.07 seconds
$ sudo cat /etc/group | grep developers
developers:x:999:
ユーザーとグループを作成して、指定したグループに所属させる [#z3fbdac7]
$ vim user.pp
user {'testuser':
ensure => present,
gid => 'guest',
comment => 'testuser',
home => '/home/testuser',
managehome => true,
shell => '/bin/zsh',
}
group {'guest':
ensure => present,
gid => 1000,
}
$ sudo puppet apply user.pp
Notice: /Stage[main]//Group[guest]/ensure: created
Notice: /Stage[main]//User[testuser]/gid: gid changed '503' to 'guest'
Notice: Finished catalog run in 0.10 seconds
第11章 任意のコマンドを実行する -exec [#cf89d88e]
※xbuildの実行についてはリポジトリ内のマニフェストを実行しても正常に処理されなかったため一旦飛ばす。
execコマンドでファイルを作成 [#ld6c1dcc]
$ vim test.pp
exec { "touch test.txt":
user => 'vagrant',
cwd => '/tmp',
path => ['/bin','/usr/bin'],
creates => '/tmp/test.txt',
}
cwd → このパスで実行する
path → pathを指定しないとコマンドが実行できない
creates → 冪等性を保つために指定する。これがあると再実行した際にtouchコマンドは実行されない。
$ sudo puppet apply test.pp <--sudoを付けないと特定ユーザーとしてのコマンドは実行できないというエラーが表示される。
Notice: /Stage[main]//Exec[touch test.txt]/returns: executed successfully
Notice: Finished catalog run in 0.09 seconds
$ ls -l /tmp/
-rw-r--r-- 1 vagrant vagrant 0 3月 23 00:36 2016 test.txt
$ sudo puppet apply test.pp
Notice: Finished catalog run in 0.02 seconds
$ ls -l /tmp/
-rw-r--r-- 1 vagrant vagrant 0 3月 23 00:36 2016 test.txt
↑変化無し=上書きされていないことがわかる。
第12章 td-agentのmanifestを書く [#t7723e06]
説明のみのため飛ばす
第13章 resource typeのグルーピング - class [#uee3640e]
$ cd /vagrant/puppet
$ mkdir class
$ vim td-agent.pp
class td-agent {
include td-agent::install
include td-agent::config
include td-agent::service
Class['td-agent::install']
-> Class['td-agent::config']
> Class['td-agent::service']
}
class td-agent::install{
yumrepo { 'treasuredata':
descr => 'treasuredata',
name => 'treasuredata',
baseurl => 'http://packages.treasure-data.com/redhat/$basearch/',
enabled => 1,
gpgcheck => 0,
}
package {'td-agent':
ensure => installed,
require => Yumrepo['treasuredata'],
}
}
class td-agent::config{
file {'/etc/td-agent/td-agent.conf':
content => template('td-agent.conf'),
}
}
class td-agent::service{
service {'td-agent':
enable => true,
ensure => running,
hasrestart => true,
}
}
include td-agent
$ vim td-agent.conf
<source>
type forward
</source>
<match debug **>
type stdout
</match>
$ sudo puppet apply td-agent.pp
$ sudo service td-agent status
td-agent (pid 6815) is running...
$ echo '{"hello":"puppet"}' | /usr/lib64/fluent/ruby/bin/fluent-cat debug.test
$ cat /var/log/td-agent/td-agent.log
2016-03-31 09:33:08 +0900 debug.test: {"hello":"puppet"}
第14章 manifestに関連するファイルをまとめる - module [#i354041b]
$ mkdir -p modules/td-agent $ mkdir manifests $ mkdir templates $ vim init.pp
class td-agent {
include td-agent::install
include td-agent::config
include td-agent::service
Class['td-agent::install']
-> Class['td-agent::config']
> Class['td-agent::service']
}
$ vim install.pp
class td-agent::install {
yumrepo { 'treasuredata':
name => 'treasuredata',
descr => 'treasuredata repo',
baseurl => 'http://packages.treasure-data.com/redhat/$basearch/',
enabled => 1,
gpgcheck => 0,
}
package { 'td-agent':
ensure => installed,
require => Yumrepo['treasuredata'],
}
}
$ vim service.pp
class td-agent::service {
service { 'td-agent':
enable => true,
ensure => running,
hasrestart => true,
}
}
$ vim config.pp
class td-agent::config {
file { '/etc/td-agent/td-agent.conf':
content => template("td-agent/td-agent.conf"),
}
file {'/etc/td-agent/conf.d':
ensure => directory,
}
}
$ vim templates/td-agent.conf
include conf.d/*.conf
<source>
type forward
</source>
# Debug
<match debug.**>
type stdout
</match>
# ivent log
<match fluent.**>
type file
path /var/log/td-agent/fluent.log
</match>
# not match
<match **>
type file
path /var/log/td-agent/no_match.log
</match>
# drb
<source>
type debug_agent
port 24230
</source>
$ sudo puppet apply --modulepath=. --execute 'include td-agent'