1、puppet基础

Puppet：IT基础设施自动化管理工具
参考文章：
https://yq.aliyun.com/articles/120228
http://www.51niux.com/?id=105
http://www.zsythink.net/archives/category/%E8%BF%90%E7%BB%B4%E7%9B%B8%E5%85%B3/puppet/
可以管理整个生命周期：
provisioning：自动化安装系统
configuration：配置
orchestration：编排 
reporting：报告
Puppet是C/S架构的，所以需要在client端安装agent，那么在安装agent之前，client是不受server端控制的，那么该如何在大量的client上安装agent呢？
可以在自动部署系统的时候直接把puppet的agent加入到系统中，当部署好的系统启动时，client会自动去查找server端。
master/agent
master：puppet server
agent：接受每一个master发来的指令，接受指令后完成操作，agent端拥有管控功能，几乎可以实现所有功能；
      所以只要将需要实现的功能扔到master端，master就会分发到agent端，agent就会实现大部分功能，所以puppet的中心在agent上；
   所以agent是真正执行相应管理操作的核心部件。但是agent只能管理单个节点，所以需要master协调、管理agent端；
   agent会周期性的去master端请求与自己相关的配置，并根据master端提供的配置，确保本地(agent)的配置符合master端的要求；
master和agent两端通过逻辑认证，就可以通信，agent在本地(即client端)拥有权限。
puppet的工作模式:
声明性、基于模型的配置语言：

定义：puppet的master端要指明每一个agent，为每个agent提供配置，管理员使用puppet配置语言定义基础配置信息
模拟：master端定义完配置信息，puppet的agent就会在本地模拟、此时运行，没有错误后再执行；
强制：强制当前节点与定义的目标状态保持一致；
报告：执行完成后，agent端通过puppet api将执行结果发送给接收者

Puppet是如何工作的：

Configuration Language：配置语言
Transactional Layer：事务层，资源之间可能会有依赖关系
Resource Abstration Layer：资源抽象层
资源类型：例如用户、组、文件、服务、cron任务等等；
属性及状态 与 其实现方式是分离的：
期望状态： 
puppet的核心组件：资源
资源清单：manifests
资源清单及清单中的资源定义的所依赖文件、模板等数据按特定结构组织起即为"模板"
Puppet本地工作模式

Puppet的master\agent工作模式

站点清单是为一个主机所定义的清单，即一个站点相当于一个主机； 
清单主要是用来放资源的，
Puppet是如何工作的？
这里大致分为三个模块，紫色模块、黄色模块、蓝色模块
第一个主机用到了两个蓝色模块，说明这台主机用到了蓝色模块中的不同的资源资源清单
每一个agent到master端去请求与自己相关的配置的时候，将会将请求发送给master端，发送时还会报告自己的facter，master端收到报告后会查找此主机的名称，并找与主机名称相对应的站点清单文件，站点清单定义了这个主机需要的清单，master会把这些清单调出来进行编译，然后发给agent。
m
定义模块是为了代码重用的，模块可以理解为是清单的组合

学习puppet主要学习它的配置语言是如何使用的。puppet也可以在单机模式进行使用，即在agent上配置资源清单，直接在agent上执行

puppet的agent端安装配置

单机安装puppet时：

agent端需要安装puppet和facter，因为agent端链接master端需要报告自己的facter。

如果是C/S架构的话，master端则需要安装puppet-server，如果master端需要跟自己交互，也需要安装puppet

# yum list all | grep -i "puppet"   //查看epel源中收录的rpm包

https://yum.puppet.com/index_by_lastModified_reverse.html

yum.repos.d]# wget https://yum.puppet.com/puppet-release-el-7.noarch.rpm

yum.repos.d]# rpm -ivh puppet-release-el-.noarch.rpm
warning: puppet-release-el-.noarch.rpm: Header V4 RSA/SHA256 Signature, key ID ef8d349f: NOKEY
Preparing...                          ################################# [%]
Updating / installing...
   :puppet-release-1.0.-.el7       ################################# [%]

yum.repos.d]# yum install puppet

# rpm -ql puppet-agent

# puppet help   //查看命令的用法格式

Usage: puppet <subcommand> [options] <action> [options]

Available subcommands:

  agent             The puppet agent daemon
  apply             Apply Puppet manifests locally
  ca                Local Puppet Certificate Authority management.
  catalog           Compile, save, view, and convert catalogs.
  cert              Manage certificates and requests
  certificate       Provide access to the CA for certificate management.
  certificate_request  Manage certificate requests.
  certificate_revocation_list  Manage the list of revoked certificates.
  config            Interact with Puppet's settings.
  describe          Display help about resource types
  device            Manage remote network devices
  doc               Generate Puppet documentation and references
  facts             Retrieve and store facts.
  file              Retrieve and store files in a filebucket
  filebucket        Store and retrieve files in a filebucket
  help              Display Puppet help.
  inspect           Send an inspection report
  instrumentation_data  Manage instrumentation listener accumulated data.
  instrumentation_listener  Manage instrumentation listeners.
  instrumentation_probe  Manage instrumentation probes.
  key               Create, save, and remove certificate keys.
  kick              Remotely control puppet agent
  man               Display Puppet manual pages.
  master            The puppet master daemon
  module            Creates, installs and searches for modules on the Puppet Forge.
  node              View and manage node definitions.
  parser            Interact directly with the parser.
  plugin            Interact with the Puppet plugin system.
  queue             Deprecated queuing daemon for asynchronous storeconfigs
  report            Create, display, and submit reports.
  resource          The resource abstraction layer shell
  resource_type     View classes, defined resource types, and nodes from all manifests.
  secret_agent      Mimics puppet agent.
  status            View puppet server status.

See 'puppet help <subcommand> <action>' for help on a specific subcommand action.
See 'puppet help <subcommand>' for help on a specific subcommand.
Puppet v3.6.2

# puppet describe -l

# puppet describe RESOURCE_TYPE

These are the types known to puppet:
augeas          - Apply a change or an array of changes to the  ...
computer        - Computer object management using DirectorySer ...
cron            - Installs and manages cron jobs
exec            - Executes external commands
file            - Manages files, including their content, owner ...
filebucket      - A repository for storing and retrieving file  ...
group           - Manage groups
host            - Installs and manages host entries
interface       - This represents a router or switch interface
k5login         - Manage the `.k5login` file for a user
macauthorization - Manage the Mac OS X authorization database
mailalias       - .. no documentation ..
maillist        - Manage email lists
mcx             - MCX object management using DirectoryService  ...
mount           - Manages mounted filesystems, including puttin ...
nagios_command  - The Nagios type command
nagios_contact  - The Nagios type contact
nagios_contactgroup - The Nagios type contactgroup
nagios_host     - The Nagios type host
nagios_hostdependency - The Nagios type hostdependency
nagios_hostescalation - The Nagios type hostescalation
nagios_hostextinfo - The Nagios type hostextinfo
nagios_hostgroup - The Nagios type hostgroup
nagios_service  - The Nagios type service
nagios_servicedependency - The Nagios type servicedependency
nagios_serviceescalation - The Nagios type serviceescalation
nagios_serviceextinfo - The Nagios type serviceextinfo
nagios_servicegroup - The Nagios type servicegroup
nagios_timeperiod - The Nagios type timeperiod
notify          - .. no documentation ..
package         - Manage packages
resources       - This is a metatype that can manage other reso ...
router          - .. no documentation ..
schedule        - Define schedules for Puppet
scheduled_task  - Installs and manages Windows Scheduled Tasks
selboolean      - Manages SELinux booleans on systems with SELi ...
selmodule       - Manages loading and unloading of SELinux poli ...
service         - Manage running services
ssh_authorized_key - Manages SSH authorized keys
sshkey          - Installs and manages ssh host keys
stage           - A resource type for creating new run stages
tidy            - Remove unwanted files based on specific crite ...
user            - Manage users
vlan            - .. no documentation ..
whit            - Whits are internal artifacts of Puppet's curr ...
yumrepo         - The client-side description of a yum reposito ...
zfs             - Manage zfs
zone            - Manages Solaris zones
zpool           - Manage zpools