I-Puppet iyisistimu yokuphatha ukucushwa. Isetshenziselwa ukuletha ababungazi esimweni esifiselekayo futhi igcine lesi simo.

Sengisebenze noPuppet iminyaka engaphezu kwemihlanu manje. Lo mbhalo empeleni uwukuhlanganiswa okuhunyushwe futhi kwahlelwa kabusha kwamaphuzu abalulekile avela kumadokhumenti asemthethweni, okuzovumela abasaqalayo ukuthi baqonde ngokushesha ingqikithi yePuppet.

Imininingwane eyisisekelo

Uhlelo lokusebenza lwe-Puppet luyiseva yeklayenti, nakuba luphinde lusekele ukusebenza okungenasiphakeli nokusebenza okulinganiselwe.

Imodeli yokudonsa yokusebenza isetshenziswa: ngokuzenzakalelayo, kanye njalo ngesigamu sehora, amaklayenti athinta iseva ukuze acushwe futhi ayisebenzise. Uma usebenze ne-Ansible, bese besebenzisa imodeli ehlukile yokucindezela: umlawuli uqala inqubo yokusebenzisa ukucushwa, amaklayenti ngokwawo ngeke asebenzise lutho.

Ngesikhathi sokuxhumana kwenethiwekhi, ukubethela kwe-TLS okunezindlela ezimbili kuyasetshenziswa: iseva neklayenti banokhiye babo abayimfihlo nezitifiketi ezihambisanayo. Ngokuvamile iseva ikhipha izitifiketi zamaklayenti, kodwa ngokomthetho kungenzeka ukusebenzisa i-CA yangaphandle.

Isingeniso ku-manifesto

Kumatemu opopayi kuseva yopopayi xhuma ama-node (ama-node). Ukucushwa kwamanodi kubhaliwe kuma-manifesto ngolimi lokuhlela olukhethekile - I-Puppet DSL.

I-DSL ye-Puppet iwulimi olumemezelayo. Ichaza isimo esifiswayo se-node ngendlela yokumenyezelwa kwezinsiza ngazinye, isibonelo:

• Ifayela likhona futhi linokuqukethwe okuthile.
• Iphakheji ifakiwe.
• Inkonzo isiqalile.

Izinsiza zingaxhunywa:

• Kukhona ukuncika, kuthinta indlela izinsiza ezisetshenziswa ngayo.
  Isibonelo, "qala ufake iphakheji, bese uhlela ifayela lokumisa, bese uqala isevisi."
• Kunezaziso - uma insiza ishintshile, ithumela izaziso kuzisetshenziswa ezibhaliselwe kuyo.
  Isibonelo, uma ifayela lokumisa lishintsha, ungakwazi ukuqala kabusha isevisi ngokuzenzakalelayo.

Ukwengeza, i-Puppet DSL inemisebenzi nokuguquguquka, kanye nezitatimende ezinemibandela nabakhethi. Izindlela ezehlukene zesifanekiso nazo ziyasekelwa - i-EPP ne-ERB.

I-Puppet ibhalwe ngo-Ruby, ngakho-ke izinto eziningi zokwakha kanye namagama athathwe lapho. I-Ruby ikuvumela ukuthi unwebe i-Puppet - engeza ingqondo eyinkimbinkimbi, izinhlobo ezintsha zezinsiza, imisebenzi.

Ngenkathi i-Puppet isebenza, izibonakaliso zenodi ngayinye ethile kuseva zihlanganiswa zibe uhla lwemibhalo. Directory iwuhlu lwezinsiza kanye nobudlelwano bazo ngemva kokubala inani lemisebenzi, okuguquguqukayo kanye nokwandiswa kwezitatimende ezinemibandela.

I-syntax ne-codestyle

Nazi izigaba zemibhalo esemthethweni ezokusiza ukuthi uqonde i-syntax uma izibonelo ezinikeziwe zinganele:

• I-syntax yezakhiwo zolimi ezehlukene.
• I-syntax yensiza.
• I-syntax yokuchaza ama-node.

Nasi isibonelo sokuthi i-manifest ibukeka kanjani:

# Комментарии пишутся, как и много где, после решётки.
#
# Описание конфигурации ноды начинается с ключевого слова node,
# за которым следует селектор ноды — хостнейм (с доменом или без)
# или регулярное выражение для хостнеймов, или ключевое слово default.
#
# После этого в фигурных скобках описывается собственно конфигурация ноды.
#
# Одна и та же нода может попасть под несколько селекторов. Про приоритет
# селекторов написано в статье про синтаксис описания нод.
node 'hostname', 'f.q.d.n', /regexp/ {
  # Конфигурация по сути является перечислением ресурсов и их параметров.
  #
  # У каждого ресурса есть тип и название.
  #
  # Внимание: не может быть двух ресурсов одного типа с одинаковыми названиями!
  #
  # Описание ресурса начинается с его типа. Тип пишется в нижнем регистре.
  # Про разные типы ресурсов написано ниже.
  #
  # После типа в фигурных скобках пишется название ресурса, потом двоеточие,
  # дальше идёт опциональное перечисление параметров ресурса и их значений.
  # Значения параметров указываются через т.н. hash rocket (=>).
  resource { 'title':
    param1 => value1,
    param2 => value2,
    param3 => value3,
  }
}

Ukuhlehla kanye nokunqamuka komugqa akuyona ingxenye edingekayo ye-manifest, kodwa kukhona okunconyiwe umhlahlandlela wesitayela. Isifinyezo:

• Ama-indenti anezikhala ezimbili, amathebhu awasetshenziswa.
• Ama-curly braces ahlukaniswa yisikhala; amakholoni awahlukaniswa yisikhala.
• Okhefana ngemva kwepharamitha ngayinye, kuhlanganise neyokugcina. Ipharamitha ngayinye ikumugqa ohlukile. Okuhlukile kwenzelwa icala ngaphandle kwamapharamitha kanye nepharamitha eyodwa: ungabhala emugqeni owodwa futhi ngaphandle kwekhefana (isb. resource { 'title': } и resource { 'title': param => value }).
• Imicibisholo kumapharamitha kufanele ibe sezingeni elifanayo.
• Imicibisholo yobudlelwano bensiza ibhalwe phambi kwabo.

Indawo yamafayela ku-pappetserver

Ukuze uthole incazelo eyengeziwe, ngizokwethula umqondo we-"root directory". Umkhombandlela wempande wuhla lwemibhalo oluqukethe ukucushwa kwePuppet kwenodi ethile.

Uhlu lwemibhalo lwempande luyahlukahluka kuye ngenguqulo yePuppet kanye nezindawo ezisetshenzisiwe. Izindawo ezizungezile zingamasethi azimele okumiswa agcinwa kunkhombandlela ehlukene. Imvamisa isetshenziswa ngokuhlanganiswa ne-git, lapho izimo zidalwa kusuka kumagatsha e-git. Ngakho-ke, i-node ngayinye itholakala endaweni eyodwa noma kwenye. Lokhu kungalungiswa ku-node ngokwayo, noma ku-ENC, engizokhuluma ngayo esihlokweni esilandelayo.

• Enguqulweni yesithathu ("i-Puppet endala") umkhombandlela wesisekelo wawukhona /etc/puppet. Ukusetshenziswa kwezindawo kuyinketho - ngokwesibonelo, asizisebenzisi nePuppet endala. Uma izindawo ezizungezile zisetshenziswa, ngokuvamile zigcinwa kuzo /etc/puppet/environments, umkhombandlela wempande uzoba uhla lwemibhalo lwendawo. Uma izindawo zingasetshenziswa, umkhombandlela wempande uzoba wuhla lwemibhalo oluyisisekelo.
• Kusukela kunguqulo yesine (“i-Puppet entsha”), ukusetshenziswa kwezindawo kwaba isibopho, futhi uhla lwemibhalo oluyisisekelo lwayiswa /etc/puppetlabs/code. Ngokunjalo, izindawo zigcinwa kuyo /etc/puppetlabs/code/environments, umkhombandlela wezimpande wuhla lwemibhalo lwendawo.

Kumelwe kube nohla lwemibhalo olungaphansi kumsuka wemibhalo manifests, equkethe i-manifest eyodwa noma ngaphezulu echaza amanodi. Ngaphezu kwalokho, kufanele kube ne-subdirectory modules, equkethe amamojula. Ngizokutshela ukuthi yimaphi amamojula kamuva. Ngaphezu kwalokho, i-Puppet endala ingase ibe nohlu lwemibhalo olungaphansi files, equkethe amafayela ahlukahlukene esiwakopishela kumanodi. Ku-Puppet entsha, wonke amafayela abekwe kumamojula.

Amafayela e-manifest anesandiso .pp.

Izibonelo zokulwa ezimbalwa

Incazelo ye-node nensiza ekuyo

Ku-node server1.testdomain ifayela kufanele lenziwe /etc/issue ngokuqukethwe Debian GNU/Linux n l. Ifayela kufanele kube elomsebenzisi neqembu root, amalungelo okufinyelela kufanele abe 644.

Sibhala i-manifesto:

node 'server1.testdomain' {   # блок конфигурации, относящийся к ноде server1.testdomain
    file { '/etc/issue':   # описываем файл /etc/issue
        ensure  => present,   # этот файл должен существовать
        content => 'Debian GNU/Linux n l',   # у него должно быть такое содержимое
        owner   => root,   # пользователь-владелец
        group   => root,   # группа-владелец
        mode    => '0644',   # права на файл. Они заданы в виде строки (в кавычках), потому что иначе число с 0 в начале будет воспринято как записанное в восьмеричной системе, и всё пойдёт не так, как задумано
    }
}

Ubudlelwano phakathi kwezinsiza ku-node

Ku-node server2.testdomain i-nginx kufanele isebenze, isebenza ngokucushwa okulungiselelwe ngaphambilini.

Masiyibolise inkinga:

• Iphakheji idinga ukufakwa nginx.
• Kuyadingeka ukuthi amafayela okumisa akopishwe kuseva.
• Isevisi idinga ukusebenza nginx.
• Uma ukucushwa kubuyekeziwe, isevisi kufanele iqalwe kabusha.

Sibhala i-manifesto:

node 'server2.testdomain' {   # блок конфигурации, относящийся к ноде server2.testdomain
    package { 'nginx':   # описываем пакет nginx
        ensure => installed,   # он должен быть установлен
    }
  # Прямая стрелка (->) говорит о том, что ресурс ниже должен
  # создаваться после ресурса, описанного выше.
  # Такие зависимости транзитивны.
    -> file { '/etc/nginx':   # описываем файл /etc/nginx
        ensure  => directory,   # это должна быть директория
        source  => 'puppet:///modules/example/nginx-conf',   # её содержимое нужно брать с паппет-сервера по указанному адресу
        recurse => true,   # копировать файлы рекурсивно
        purge   => true,   # нужно удалять лишние файлы (те, которых нет в источнике)
        force   => true,   # удалять лишние директории
    }
  # Волнистая стрелка (~>) говорит о том, что ресурс ниже должен
  # подписаться на изменения ресурса, описанного выше.
  # Волнистая стрелка включает в себя прямую (->).
    ~> service { 'nginx':   # описываем сервис nginx
        ensure => running,   # он должен быть запущен
        enable => true,   # его нужно запускать автоматически при старте системы
    }
  # Когда ресурс типа service получает уведомление,
  # соответствующий сервис перезапускается.
}

Ukuze lokhu kusebenze, udinga cishe indawo yefayela elandelayo kuseva yopopayi:

/etc/puppetlabs/code/environments/production/ # (это для нового Паппета, для старого корневой директорией будет /etc/puppet)
├── manifests/
│   └── site.pp
└── modules/
    └── example/
        └── files/
            └── nginx-conf/
                ├── nginx.conf
                ├── mime.types
                └── conf.d/
                    └── some.conf

Izinhlobo Zezinsiza

Uhlu oluphelele lwezinhlobo zezinsiza ezisekelwayo lungatholakala lapha embhalweni, lapha ngizochaza izinhlobo ezinhlanu eziyisisekelo, okuyinto ekusebenzeni kwami ​​​​zanele ukuxazulula izinkinga eziningi.

ifayela

Ilawula amafayela, izinkomba, ama-symlink, okuqukethwe kwawo, namalungelo okufinyelela.

Amapharamitha:

• igama lensiza - indlela eya kufayela (uyazikhethela)
• indlela - indlela eya kufayela (uma ingacacisiwe egameni)
• ukuqinisekisa - uhlobo lwefayela:
  • absent - susa ifayela
  • present - kufanele kube nefayela lanoma yiluphi uhlobo (uma lingekho ifayela, kuzokwakhiwa ifayela elijwayelekile)
  • file - ifayela elivamile
  • directory - umkhombandlela
  • link - i-symlink
• sokuqukethwe - okuqukethwe kwefayela (ifanele amafayela ajwayelekile kuphela, ayikwazi ukusetshenziswa kanyekanye umthombo noma umgomo)
• umthombo - isixhumanisi sendlela ofuna ukukopisha kuyo okuqukethwe kwefayela (angeke isetshenziswe kanye sokuqukethwe noma umgomo). Ingacaciswa njenge-URI enohlelo puppet: (bese kuzosetshenziswa amafayela asuka kuseva yopopayi), kanye nohlelo http: (Ngithemba ukuthi kucacile ukuthi kuzokwenzekani kuleli cala), ngisho nangomdwebo file: noma njengendlela ephelele ngaphandle kwe-schema (khona ifayela elivela ku-FS yendawo endaweni lizosetshenziswa)
• umgomo - lapho i-symlink kufanele ikhombe khona (angeke isetshenziswe ndawonye ne sokuqukethwe noma umthombo)
• umnikazi - umsebenzisi okufanele abe ngumnikazi wefayela
• iqembu — iqembu ifayela okufanele libe kulo
• imodi - izimvume zefayela (njengeyunithi yezinhlamvu)
• buyisela - inika amandla ukucutshungulwa kohla lwemibhalo oluphindaphindayo
• ukuhlanza - inika amandla ukususa amafayela angachazwanga ku-Puppet
• qinisa - inika amandla ukususa uhla lwemibhalo olungachazwanga kuPuppet

Iphakheji

Ifaka futhi isuse amaphakheji. Iyakwazi ukuphatha izaziso - ifaka kabusha iphakheji uma ipharamitha icacisiwe faka_ukuvuselela_ukuvuselela.

Amapharamitha:

• igama lensiza - igama lephakheji (uyazikhethela)
• Igama - igama lephakheji (uma lingashiwongo egameni)
• umhlinzeki - Umphathi wephakheji ozosetshenziswa
• ukuqinisekisa - isimo esifiswayo sephakheji:
  • present, installed - noma iyiphi inguqulo efakiwe
  • latest - inguqulo yakamuva ifakiwe
  • absent - kususiwe (apt-get remove)
  • purged - isusiwe kanye namafayela okumisa (apt-get purge)
  • held - inguqulo yephakheji ikhiyiwe (apt-mark hold)
  • любая другая строка — inguqulo eshiwo ifakiwe
• faka_ukuvuselela_ukuvuselela - uma true, ngemva kokuthola isaziso iphakheji izophinda ifakwe. Iwusizo ekusabalaliseni okusekelwe emthonjeni, lapho ukwakha kabusha amaphakheji kungase kudingeke lapho kushintsha amapharamitha wokwakha. Okuzenzakalelayo false.

service

Ilawula amasevisi. Iyakwazi ukucubungula izaziso - iqala kabusha isevisi.

Amapharamitha:

• igama lensiza - isevisi okufanele iphathwe (uma uthanda)
• Igama - isevisi edinga ukuphathwa (uma ingacacisiwe egameni)
• ukuqinisekisa - isimo sesevisi oyifunayo:
  • running - yethuliwe
  • stopped - wema
• Vumela - ilawula amandla okuqalisa isevisi:
  • true - i-autorun ivuliwe (systemctl enable)
  • mask - zifihliwe (systemctl mask)
  • false - i-autorun ivaliwe (systemctl disable)
• Qala kabusha - umyalo wokuqalisa kabusha isevisi
• Isimo — umyalo wokuhlola isimo sesevisi
• iqale kabusha — khombisa ukuthi initscript yesevisi iyakusekela ukuqalisa kabusha. Uma false futhi ipharamitha icacisiwe Qala kabusha — kusetshenziswa inani lale parameter. Uma false kanye nepharamitha Qala kabusha akucacisiwe - isevisi imisiwe futhi iqalwe kabusha (kodwa i-systemd isebenzisa umyalo systemctl restart).
• isimo — khombisa ukuthi initscript yesevisi iyawusekela yini umyalo status. Uma false, bese kusetshenziswa inani lepharamitha Isimo. Okuzenzakalelayo true.

Exec

Isebenzisa imiyalo yangaphandle. Uma ungacacisi amapharamitha idala, kuphela uma, ngaphandle noma ngokuqabuleka, umyalo uzoqhutshwa njalo uma iPuppet iqhutshwa. Iyakwazi ukucubungula izaziso - isebenzisa umyalo.

Amapharamitha:

• igama lensiza - umyalo okufanele wenziwe (uyazikhethela)
• umyalo - umyalo okufanele wenziwe (uma ungacacisiwe egameni)
• indlela — izindlela ongabheka kuzo ifayela elisebenzisekayo
• kuphela uma - uma umyalo oshiwo kule parameter uqediwe ngekhodi yokubuyisela eyiziro, umyalo omkhulu uzokwenziwa
• ngaphandle - uma umyalo oshiwo kule pharamitha ugcwaliswa ngekhodi yokubuya engeyona iqanda, umyalo omkhulu uzokwenziwa
• idala - uma ifayela elishiwo kule parameter lingekho, umyalo oyinhloko uzosetshenziswa
• ngokuqabuleka - uma true, khona-ke umyalo uzosetshenziswa kuphela lapho lesi senzo sithola isaziso kwezinye izinsiza
• cwd — uhla lwemibhalo okuzosetshenziswa kulo umyalo
• umsebenzisi - umsebenzisi ozosebenzisa kuye umyalo
• umhlinzeki - ungawusebenzisa kanjani umyalo:
  • iposix - inqubo yengane imane idalwe, qiniseka ukuthi uyayicacisa indlela
  • igobolondo - umyalo wethulwa kugobolondo /bin/sh, angeke ichazwe indlela, ungasebenzisa i-globbing, amapayipi nezinye izici zegobolondo. Ivamise ukutholwa ngokuzenzakalela uma kukhona izinhlamvu ezikhethekile (|, ;, &&, || njll).

cron

Ilawula ama-cronjob.

Amapharamitha:

• igama lensiza - uhlobo oluthile nje lwesihlonzi
• ukuqinisekisa - Isimo somsebenzi:
  • present - dala uma ingekho
  • absent - susa uma ikhona
• umyalo - yimuphi umyalo okufanele ugijime
• imvelo - kuyiphi indawo lapho osebenzisa khona umyalo (uhlu lwezinto eziguquguqukayo zendawo kanye namanani azo nge =)
• umsebenzisi — kumuphi umsebenzisi ongasebenzisa umyalo
• iminithi, ihora, usuku lwesonto, inyanga, inyanga - ukugijima nini i-cron. Uma noma yisiphi salezi zibaluli singacacisiwe, inani laso ku-crontab lizoba *.

Ku-Puppet 6.0 cron engathi ikhishwe ebhokisini ku-puppetserver, ngakho-ke akukho mibhalo esizeni esijwayelekile. Kodwa yena usebhokisini ku-ejenti ye-puppet, ngakho-ke asikho isidingo sokuyifaka ngokuhlukile. Ungabona imibhalo yayo emibhalweni yenguqulo yesihlanu ye-Puppet, noma ku-GitHub.

Mayelana nezinsiza ngokujwayelekile

Izidingo zokuhluka kwensiza

Iphutha elivame kakhulu esihlangana nalo Isimemezelo esiyimpinda. Leli phutha lenzeka lapho izinsiza ezimbili noma ngaphezulu zohlobo olufanayo ezinegama elifanayo kuvela ohlwini lwemibhalo.

Ngakho-ke, ngizobhala futhi: iveza endaweni efanayo akufanele iqukathe izinsiza zohlobo olufanayo ezinesihloko esifanayo!

Kwesinye isikhathi kuba nesidingo sokufaka amaphakheji anegama elifanayo, kodwa ngabaphathi bephakheji abahlukile. Kulokhu, udinga ukusebenzisa ipharamitha nameukugwema iphutha:

package { 'ruby-mysql':
  ensure   => installed,
  name     => 'mysql',
  provider => 'gem',
}
package { 'python-mysql':
  ensure   => installed,
  name     => 'mysql',
  provider => 'pip',
}

Ezinye izinhlobo zezinsiza zinezinketho ezifanayo zokusiza ukugwema impinda − name у service, command у Exec, njalo njalo.

I-Metaparameters

Uhlobo ngalunye lwesisetshenziswa lunemingcele ethile, kungakhathaliseki ukuthi lunjani.

Uhlu olugcwele lwamapharamitha we-meta emibhalweni ye-Puppet.

Uhlu olufushane:

• zidinga — le parameter ikhombisa ukuthi iyiphi izinsiza le nsiza encike kuzo.
• ngaphambi - Le parameter icacisa ukuthi yiziphi izinsiza ezincike kulo mthombo.
• ubhalise — le pharamitha icacisa ukuthi yiziphi izinsiza le nsiza ethola kuzo izaziso.
• azise - Le parameter icacisa ukuthi yiziphi izinsiza ezithola izaziso ezivela kulo mthombo.

Wonke ama-metaparameter asohlwini amukela isixhumanisi esisodwa sensiza noma izixhumanisi eziningi kubakaki abayisikwele.

Izixhumanisi zezinsiza

Isixhumanisi sensiza simane sikhuluma ngesisetshenziswa. Asetshenziswa kakhulu ukukhombisa ukuncika. Ukubhekisela esisetshenziswa esingekho kuzodala iphutha lokuhlanganisa.

I-syntax yesixhumanisi imi kanje: uhlobo lwensiza olunohlamvu olukhulu (uma igama lohlobo liqukethe amakholoni aphindwe kabili, khona-ke ingxenye ngayinye yegama phakathi kwamakholoni ibhalwe ngosonhlamvukazi), bese igama lensiza kubakaki abayisikwele (indaba yegama ayishintshi!). Akufanele kube nezikhala; abakaki abayisikwele babhalwa ngokushesha ngemuva kwegama lohlobo.

Isibonelo:

file { '/file1': ensure => present }
file { '/file2':
  ensure => directory,
  before => File['/file1'],
}
file { '/file3': ensure => absent }
File['/file1'] -> File['/file3']

Ukuncika kanye nezaziso

Amadokhumenti lapha.

Njengoba kushiwo ngaphambili, ukuncika okulula phakathi kwezinsiza kuyashintsha. Ngendlela, qaphela lapho ungeza ukuncika - ungakha ukuncika kwe-cyclic, okuzodala iphutha lokuhlanganisa.

Ngokungafani nokuncika, izaziso azidluli. Imithetho elandelayo iyasebenza ezazisweni:

• Uma insiza ithola isaziso, iyabuyekezwa. Izenzo zokubuyekeza zincike ohlotsheni lwensiza − Exec uphethe umyalo, service iqala kabusha isevisi, Iphakheji ifaka kabusha iphakheji. Uma insiza ingenaso isenzo sokubuyekeza esichaziwe, akukho okwenzekayo.
• Ngesikhathi esisodwa sePuppet, insiza ibuyekezwa isikhathi esingaphezu kwesisodwa. Lokhu kungenzeka ngoba izaziso zifaka phakathi ukuncika futhi igrafu yokuncika ayinayo imijikelezo.
• Uma i-Puppet ishintsha isimo sensiza, insiza ithumela izaziso kuzo zonke izinsiza ezibhaliselwe kuyo.
• Uma insiza ibuyekezwa, ithumela izaziso kuzo zonke izinsiza ezibhaliselwe kuyo.

Ukuphatha amapharamitha angacacisiwe

Njengomthetho, uma ipharamitha ethile yensiza ingenalo inani elizenzakalelayo futhi le pharamitha ingacacisiwe ku-manifest, khona-ke iPuppet ngeke iguqule lesi sici kusisetshenziswa esihambisanayo kunodi. Isibonelo, uma insiza yohlobo ifayela ipharamitha ayicacisiwe owner, khona-ke iPuppet ngeke ishintshe umnikazi wefayela elihambisanayo.

Isingeniso samakilasi, okuguquguqukayo nezincazelo

Ake sithi sinamanodi amaningana anengxenye efanayo yokucushwa, kodwa futhi kukhona umehluko - ngaphandle kwalokho singakuchaza konke endaweni eyodwa. node {}. Yiqiniso, ungakwazi ukukopisha izingxenye ezifanayo zokucushwa, kodwa ngokuvamile lokhu kuyisixazululo esibi - ukucushwa kuyakhula, futhi uma ushintsha ingxenye evamile yokucushwa, kuzodingeka uhlele into efanayo ezindaweni eziningi. Ngesikhathi esifanayo, kulula ukwenza iphutha, futhi ngokuvamile, isimiso se-DRY (ungaziphindi) sasungulwa ngesizathu.

Ukuxazulula le nkinga kukhona umklamo onjenge class.

Amakilasi

Класс iyibhulokhi enegama lekhodi ye-poppet. Amakilasi ayadingeka ukuze usebenzise kabusha ikhodi.

Okokuqala ikilasi lidinga ukuchazwa. Incazelo ngokwayo ayingezi noma yiziphi izinsiza noma kuphi. Isigaba sichazwa ku-manifest:

# Описание класса начинается с ключевого слова class и его названия.
# Дальше идёт тело класса в фигурных скобках.
class example_class {
    ...
}

Emva kwalokhu ikilasi lingasetshenziswa:

# первый вариант использования — в стиле ресурса с типом class
class { 'example_class': }
# второй вариант использования — с помощью функции include
include example_class
# про отличие этих двух вариантов будет рассказано дальше

Isibonelo esivela kumsebenzi odlule - ake sisuse ukufakwa nokucushwa kwe-nginx ekilasini:

class nginx_example {
    package { 'nginx':
        ensure => installed,
    }
    -> file { '/etc/nginx':
        ensure => directory,
        source => 'puppet:///modules/example/nginx-conf',
        recure => true,
        purge  => true,
        force  => true,
    }
    ~> service { 'nginx':
        ensure => running,
        enable => true,
    }
}

node 'server2.testdomain' {
    include nginx_example
}

Okuguquguqukayo

Ikilasi elivela esibonelweni sangaphambilini aliguquki nhlobo ngoba lihlala liletha ukucushwa kwe-nginx okufanayo. Masenze indlela eya kokuguquguqukayo kokucushwa, khona-ke leli klasi lingasetshenziswa ukufaka i-nginx nganoma yikuphi ukucushwa.

Kungenziwa usebenzisa okuguquguqukayo.

Qaphela: okuguquguqukayo ku-Puppet akushintsheki!

Ngaphezu kwalokho, okuguquguqukayo kungafinyelelwa kuphela ngemva kokuba kumenyezelwe, ngaphandle kwalokho inani lokuguquguquka lizoba undef.

Isibonelo sokusebenza neziguquguqukayo:

# создание переменных
$variable = 'value'
$var2 = 1
$var3 = true
$var4 = undef
# использование переменных
$var5 = $var6
file { '/tmp/text': content => $variable }
# интерполяция переменных — раскрытие значения переменных в строках. Работает только в двойных кавычках!
$var6 = "Variable with name variable has value ${variable}"

Upopayi unawo izikhala zamagama, futhi okuguquguqukayo, ngokufanelekile, banayo indawo yokubonakala: Okuguquguqukayo okunegama elifanayo kungachazwa ezindaweni ezihlukene zamagama. Lapho kuxazululwa inani lokuguquguquka, okuguquguqukayo kuseshwa endaweni yamanje yamagama, bese kuba endaweni yamagama evalekile, njalo njalo.

Izibonelo ze-Namespace:

• global - okuguquguqukayo ngaphandle kwekilasi noma incazelo yenodi iya lapho;
• indawo yamagama yenodi encazelweni yenodi;
• indawo yamagama yekilasi encazelweni yekilasi.

Ukuze ugweme ukungaqondakali lapho ufinyelela okuguquguqukayo, ungacacisa indawo yegama egameni eliguquguqukayo:

# переменная без пространства имён
$var
# переменная в глобальном пространстве имён
$::var
# переменная в пространстве имён класса
$classname::var
$::classname::var

Masivume ukuthi indlela eya ekucushweni kwe-nginx ilele kokuguquguqukayo $nginx_conf_source. Khona-ke iklasi lizobukeka kanje:

class nginx_example {
    package { 'nginx':
        ensure => installed,
    }
    -> file { '/etc/nginx':
        ensure => directory,
        source => $nginx_conf_source,   # здесь используем переменную вместо фиксированной строки
        recure => true,
        purge  => true,
        force  => true,
    }
    ~> service { 'nginx':
        ensure => running,
        enable => true,
    }
}

node 'server2.testdomain' {
    $nginx_conf_source = 'puppet:///modules/example/nginx-conf'
    include nginx_example
}

Kodwa-ke, isibonelo esinikeziwe sibi ngoba kukhona "ulwazi oluyimfihlo" ukuthi endaweni ethile ekilasini kusetshenziswe okuguquguqukayo okunegama elinjalo nelinjalo. Kulunge kakhulu ukwenza lolu lwazi lube jikelele - amakilasi angaba namapharamitha.

Imingcele yekilasi yizinto eziguquguqukayo endaweni yamagama yekilasi, zicaciswe kunhlokweni yekilasi futhi zingasetshenziswa njengokuguquguquka okujwayelekile emzimbeni wekilasi. Amanani epharamitha acacisiwe lapho kusetshenziswa ikilasi ku-manifest.

Ipharamitha ingasethwa ibe inani elizenzakalelayo. Uma ipharamitha ingenalo inani elizenzakalelayo futhi inani alisethiwe lapho lisetshenziswa, lizodala iphutha lokuhlanganisa.

Ake sihlukanise ikilasi esibonelweni esingenhla bese sengeza amapharamitha amabili: eyokuqala, edingekayo, iyindlela eya ekucushweni, kanti eyesibili, ozikhethela yona, yigama lephakheji eline nginx (ku-Debian, ngokwesibonelo, kukhona amaphakheji. nginx, nginx-light, nginx-full).

# переменные описываются сразу после имени класса в круглых скобках
class nginx_example (
  $conf_source,
  $package_name = 'nginx-light', # параметр со значением по умолчанию
) {
  package { $package_name:
    ensure => installed,
  }
  -> file { '/etc/nginx':
    ensure  => directory,
    source  => $conf_source,
    recurse => true,
    purge   => true,
    force   => true,
  }
  ~> service { 'nginx':
    ensure => running,
    enable => true,
  }
}

node 'server2.testdomain' {
  # если мы хотим задать параметры класса, функция include не подойдёт* — нужно использовать resource-style declaration
  # *на самом деле подойдёт, но про это расскажу в следующей серии. Ключевое слово "Hiera".
  class { 'nginx_example':
    conf_source => 'puppet:///modules/example/nginx-conf',   # задаём параметры класса точно так же, как параметры для других ресурсов
  }
}

Ku-Puppet, okuguquguqukayo kuyabhalwa. Yidla izinhlobo eziningi zedatha. Izinhlobo zedatha ngokuvamile zisetshenziselwa ukuqinisekisa amanani epharamitha adluliselwe kumakilasi nezincazelo. Uma ipharamitha ephasisiwe ingafani nohlobo olushiwo, kuzokwenzeka iphutha lokuhlanganisa.

Uhlobo lubhalwa ngokushesha ngaphambi kwegama lepharamitha:

class example (
  String $param1,
  Integer $param2,
  Array $param3,
  Hash $param4,
  Hash[String, String] $param5,
) {
  ...
}

Amakilasi: faka igama lekilasi vs isigaba{'classname':}

Ikilasi ngalinye liwumthombo wohlobo class. Njenganoma yiluphi olunye uhlobo lwensiza, azikwazi ukuba nezimo ezimbili zesigaba esifanayo endaweni eyodwa.

Uma uzama ukwengeza ikilasi endaweni efanayo kabili usebenzisa class { 'classname':} (awukho umehluko, ngamapharamitha ahlukene noma afanayo), kuzoba nephutha lokuhlanganisa. Kodwa uma usebenzisa ikilasi ngesitayela sensiza, ungakwazi ukusetha ngokusobala wonke amapharamitha ku-manifest.

Nokho, uma usebenzisa include, khona-ke ikilasi lingengezwa izikhathi eziningi ngokuthanda kwakho. Iqiniso liwukuthi include kuwumsebenzi ongenangqondo ohlola ukuthi ikilasi lengeziwe yini kuhla lwemibhalo. Uma ikilasi lingekho ohlwini lwemibhalo, liyayengeza, futhi uma selivele likhona, alenzi lutho. Kodwa uma usebenzisa include Awukwazi ukusetha amapharamitha ekilasi ngesikhathi sokumenyezelwa kwekilasi - yonke imingcele edingekayo kufanele isethwe kumthombo wedatha wangaphandle - i-Hiera noma i-ENC. Sizokhuluma ngazo esihlokweni esilandelayo.

Iyachaza

Njengoba kushiwo ebhulokhini elidlule, iklasi elifanayo alikwazi ukuba khona endaweni engaphezu kwesisodwa. Nokho, kwezinye izimo udinga ukwazi ukusebenzisa ibhulokhi efanayo yekhodi enemingcele ehlukene endaweni efanayo. Ngamanye amazwi, kunesidingo sohlobo lwensiza lwayo.

Isibonelo, ukuze ufake imojula ye-PHP, senza okulandelayo ku-Avito:

1. Faka iphakheji ngale mojuli.
2. Masidale ifayela lokumisa lale mojuli.
3. Sakha i-symlink ku-config ye-php-fpm.
4. Sakha i-symlink ku-config ye-php cli.

Ezimweni ezinjalo, umklamo onjenge chaza (chaza, uhlobo oluchaziwe, uhlobo lwensiza echaziwe). I-Define ifana nesigaba, kodwa kunomehluko: okokuqala, i-Define ngayinye iwuhlobo lwensiza, hhayi insiza; okwesibili, incazelo ngayinye inepharamitha engacacile $title, lapho igama lensiza liya khona lapho limenyezelwa. Njengoba nje endabeni yamakilasi, incazelo kufanele iqale ichazwe, ngemva kwalokho ingasetshenziswa.

Isibonelo esenziwe lula ngemojuli ye-PHP:

define php74::module (
  $php_module_name = $title,
  $php_package_name = "php7.4-${title}",
  $version = 'installed',
  $priority = '20',
  $data = "extension=${title}.son",
  $php_module_path = '/etc/php/7.4/mods-available',
) {
  package { $php_package_name:
    ensure          => $version,
    install_options => ['-o', 'DPkg::NoTriggers=true'],  # триггеры дебиановских php-пакетов сами создают симлинки и перезапускают сервис php-fpm - нам это не нужно, так как и симлинками, и сервисом мы управляем с помощью Puppet
  }
  -> file { "${php_module_path}/${php_module_name}.ini":
    ensure  => $ensure,
    content => $data,
  }
  file { "/etc/php/7.4/cli/conf.d/${priority}-${php_module_name}.ini":
    ensure  => link,
    target  => "${php_module_path}/${php_module_name}.ini",
  }
  file { "/etc/php/7.4/fpm/conf.d/${priority}-${php_module_name}.ini":
    ensure  => link,
    target  => "${php_module_path}/${php_module_name}.ini",
  }
}

node server3.testdomain {
  php74::module { 'sqlite3': }
  php74::module { 'amqp': php_package_name => 'php-amqp' }
  php74::module { 'msgpack': priority => '10' }
}

Indlela elula yokubamba iphutha lesimemezelo esiyimpinda iku-Define. Lokhu kwenzeka uma incazelo inensiza enegama elingaguquki, futhi kunezimo ezimbili noma ngaphezulu zale ncazelo kwenye indawo.

Kulula ukuzivikela kulokhu: zonke izinsiza ezingaphakathi kwencazelo kumele zibe negama kuye ngokuthi $title. Okunye ukungezwa kwezinsiza okungenangqondo; esimweni esilula, kwanele ukuhambisa izinsiza ezivamile kuzo zonke izimo zencazelo zibe isigaba esihlukile futhi ufake lesi sigaba encazelweni - umsebenzi. include ntula amandla.

Kukhona ezinye izindlela zokufinyelela ukungakwazi amandla lapho wengeza izinsiza, okungukuthi ukusebenzisa imisebenzi defined и ensure_resources, kodwa ngizokutshela ngakho esiqeshini esilandelayo.

Ukuncika nezaziso zamakilasi nezincazelo

Amakilasi nezincazelo zengeza imithetho elandelayo ekuphatheni ukuncika nezaziso:

• ukuncika ekilasini/incazelo yengeza ukuncika kuzo zonke izinsiza zekilasi/incazelo;
• ikilasi/i-define define inezela ukuncika kuwo wonke amakilasi/izinsiza ezichazayo;
• class/define isaziso sazisa zonke izinsiza zekilasi/define;
• class/define subscription babhalisa kuzo zonke izinsiza zekilasi/define.

Izitatimende ezinemibandela nabakhethi

Amadokhumenti lapha.

if

Kulula lapha:

if ВЫРАЖЕНИЕ1 {
  ...
} elsif ВЫРАЖЕНИЕ2 {
  ...
} else {
  ...
}

ngaphandle

ngaphandle uma i-if iphambene: ibhulokhi yekhodi izosetshenziswa uma isisho singamanga.

unless ВЫРАЖЕНИЕ {
  ...
}

icala

Akukho lutho oluyinkimbinkimbi nalapha. Ungasebenzisa amanani avamile (amayunithi ezinhlamvu, izinombolo, njll.), izinkulumo ezivamile, nezinhlobo zedatha njengamavelu.

case ВЫРАЖЕНИЕ {
  ЗНАЧЕНИЕ1: { ... }
  ЗНАЧЕНИЕ2, ЗНАЧЕНИЕ3: { ... }
  default: { ... }
}

Abakhethi

Isikhethi siwukwakha ulimi olufana ne case, kodwa esikhundleni sokwenza ibhulokhi yekhodi, ibuyisela inani.

$var = $othervar ? { 'val1' => 1, 'val2' => 2, default => 3 }

Amamojula

Uma ukulungiselelwa kukuncane, kungagcinwa kalula ku-manifest eyodwa. Kodwa lapho sichaza ukucushwa okwengeziwe, amakilasi namanodi engeziwe kuba khona ku-manifest, iyakhula, futhi kuba nzima ukusebenza nayo.

Ngaphezu kwalokho, kunenkinga yokusebenzisa kabusha ikhodi - uma yonke ikhodi iku-manifest eyodwa, kunzima ukwabelana ngale khodi nabanye. Ukuxazulula lezi zinkinga ezimbili, i-Puppet inebhizinisi elibizwa ngokuthi amamojula.

Amamojula - lawa amasethi amakilasi, izincazelo kanye nezinye izinhlangano ze-Puppet ezibekwe ohlwini lwemibhalo oluhlukile. Ngamanye amazwi, imojuli iwucezu oluzimele lwe-Puppet logic. Isibonelo, kungase kube nemodyuli yokusebenza nge-nginx, futhi izoqukatha lokho kanye kuphela okudingekayo ukuze usebenze nge-nginx, noma kungase kube nemodyuli yokusebenza nge-PHP, njalonjalo.

Amamojula enziwe inguqulo, futhi ukuncika kwamamojula kwamanye nawo kuyasekelwa. Kukhona inqolobane evulekile yamamojula - I-Puppet Forge.

Kuseva yephaphethi, amamojula atholakala kuhla lwemibhalo olungaphansi lwamamojula ohlu lwezimpande. Ngaphakathi kwemojuli ngayinye kunohlelo olujwayelekile lwemibhalo - i-manifest, amafayela, izifanekiso, i-lib, njalonjalo.

Isakhiwo sefayela kumojuli

Umsuka wemojuli ungase ube nezinhla zemibhalo ezilandelayo ezinamagama achazayo:

• manifests - iqukethe i-manifestos
• files - iqukethe amafayela
• templates - iqukethe izifanekiso
• lib — iqukethe ikhodi yeRuby

Lolu akulona uhlu oluphelele lwezinkomba namafayela, kodwa kwanele kulesi sihloko okwamanje.

Amagama ezisetshenziswa namagama amafayela kumojuli

Amadokhumenti lapha.

Izinsiza (amakilasi, izincazelo) kumojula azikwazi ukuqanjwa noma yini oyithandayo. Ukwengeza, kukhona ukuxhumana okuqondile phakathi kwegama lensiza kanye negama lefayela lapho uPuppet ezobheka khona incazelo yalowo mthombo. Uma wephula imithetho yokuqamba amagama, khona-ke iPuppet ngeke ithole incazelo yensiza, futhi uzothola iphutha lokuhlanganisa.

Imithetho ilula:

• Zonke izinsiza kumojuli kufanele zibe kumojuli yamagama. Uma imojuli ibizwa foo, khona-ke zonke izinsiza ezikuyo kufanele ziqanjwe foo::<anything>, noma nje foo.
• Insiza enegama lemojuli kufanele ibe sefayelini init.pp.
• Kwezinye izinsiza, uhlelo lokuqamba ifayela lumi kanje:
  • isiqalo esinegama lemojuli siyalahlwa
  • wonke amakholoni aphindwe kabili, uma ekhona, athathelwa indawo ngama-slash
  • isandiso sengeziwe .pp

Ngizobonisa ngesibonelo. Ake sithi ngibhala imojuli nginx. Iqukethe izinsiza ezilandelayo:

• class nginx kuchazwe ku-manifest init.pp;
• class nginx::service kuchazwe ku-manifest service.pp;
• chaza nginx::server kuchazwe ku-manifest server.pp;
• chaza nginx::server::location kuchazwe ku-manifest server/location.pp.

Amaphethini

Impela wena ngokwakho uyazi ukuthi ziyini izifanekiso; ngeke ngizichaze ngokuningiliziwe lapha. Kodwa ngizokushiya uma kwenzeka isixhumanisi ku-Wikipedia.

Indlela yokusebenzisa izifanekiso: Incazelo yesifanekiso inganwetshwa kusetshenziswa umsebenzi template, edluliswa indlela eya kusifanekiso. Ngezinsiza zohlobo ifayela esetshenziswa kanye nepharamitha content. Ngokwesibonelo, kanje:

file { '/tmp/example': content => template('modulename/templatename.erb')

Buka indlela <modulename>/<filename> kusho ifayela <rootdir>/modules/<modulename>/templates/<filename>.

Ngaphezu kwalokho, kukhona umsebenzi inline_template — ithola umbhalo wesifanekiso njengokufakwayo, hhayi igama lefayela.

Ngaphakathi kwezifanekiso, ungasebenzisa zonke izinhlobo ze-Puppet kuhlelo lwamanje.

I-Puppet isekela izifanekiso ngefomethi ye-ERB ne-EPP:

• Amadokhumenti e-EPP.
• Imibhalo ye-ERB.

Kafushane mayelana ne-ERB

Izakhiwo zokulawula:

• <%= ВЫРАЖЕНИЕ %> — faka inani lenkulumo
• <% ВЫРАЖЕНИЕ %> — bala inani lesisho (ngaphandle kokusifaka). Izitatimende ezinemibandela (uma) kanye namaluphu (ngalinye) kuvamise ukuya lapha.
• <%# КОММЕНТАРИЙ %>

Izinkulumo ku-ERB zibhalwe ngo-Ruby (ERB empeleni i-Embedded Ruby).

Ukuze ufinyelele okuguquguqukayo ku-manifest, udinga ukwengeza @ egameni eliguquguqukayo. Ukuze ususe ukunqamuka komugqa okuvela ngemva kokwakhiwa kokulawula, udinga ukusebenzisa ithegi yokuvala -%>.

Isibonelo sokusebenzisa isifanekiso

Ake sithi ngibhala imojuli yokulawula i-ZooKeeper. Ikilasi elinesibopho sokudala ukucushwa libukeka kanjena:

class zookeeper::configure (
  Array[String] $nodes,
  Integer $port_client,
  Integer $port_quorum,
  Integer $port_leader,
  Hash[String, Any] $properties,
  String $datadir,
) {
  file { '/etc/zookeeper/conf/zoo.cfg':
    ensure  => present,
    content => template('zookeeper/zoo.cfg.erb'),
  }
}

Futhi isifanekiso esihambisanayo zoo.cfg.erb - Ngakho:

<% if @nodes.length > 0 -%>
<% @nodes.each do |node, id| -%>
server.<%= id %>=<%= node %>:<%= @port_leader %>:<%= @port_quorum %>;<%= @port_client %>
<% end -%>
<% end -%>

dataDir=<%= @datadir %>

<% @properties.each do |k, v| -%>
<%= k %>=<%= v %>
<% end -%>

Amaqiniso kanye nezinguquko ezakhelwe ngaphakathi

Ngokuvamile ingxenye ethile yokucushwa incike kulokho okwenzekayo njengamanje ku-node. Isibonelo, kuya ngokuthi kuyini ukukhishwa kwe-Debian, udinga ukufaka inguqulo eyodwa noma enye yephakheji. Ungakwazi ukuqapha konke lokhu ngesandla, ukubhala kabusha kubonisa uma amanodi eshintsha. Kodwa lena akuyona indlela ebucayi; i-automation ingcono kakhulu.

Ukuze uthole ulwazi mayelana nama-node, i-Puppet inendlela ebizwa ngokuthi amaqiniso. Amaqiniso - lolu ulwazi mayelana ne-node, etholakala kuma-manifest ngesimo sokuguquguquka okujwayelekile endaweni yamagama yomhlaba wonke. Isibonelo, igama lomsingathi, inguqulo yesistimu yokusebenza, ukwakheka kwephrosesa, uhlu lwabasebenzisi, uhlu lwezixhumanisi zenethiwekhi namakheli abo, nokunye okuningi. Amaqiniso ayatholakala kuma-manifest nezifanekiso njengokuguquguquka okujwayelekile.

Isibonelo sokusebenza namaqiniso:

notify { "Running OS ${facts['os']['name']} version ${facts['os']['release']['full']}": }
# ресурс типа notify просто выводит сообщение в лог

Uma sikhuluma ngokusemthethweni, iqiniso linegama (iyunithi yezinhlamvu) kanye nenani (izinhlobo ezihlukahlukene ziyatholakala: izintambo, amaqoqo, izichazamazwi). Yidla isethi yamaqiniso akhelwe ngaphakathi. Ungabhala neyakho. Abaqoqi bamaqiniso bayachazwa njengemisebenzi kuRubynoma amafayela asebenzisekayo. Amaqiniso angabuye ethulwe ngefomu amafayela ombhalo anedatha kumanodi.

Ngesikhathi sokusebenza, i-ejenti ye-puppet ikopisha kuqala bonke abaqoqi bamaqiniso abatholakalayo kusukela ku-pappetserver kuya endaweni, ngemva kwalokho iyethule futhi ithumele amaqiniso aqoqiwe kuseva; Ngemva kwalokhu, iseva iqala ukuhlanganisa ikhathalogi.

Amaqiniso ngendlela yamafayela asebenzisekayo

Amaqiniso anjalo abekwe kumamojula ohlwini lwemibhalo facts.d. Yiqiniso, amafayela kufanele asebenziseke. Uma zisebenza, kufanele zikhiphe ulwazi ekuphumeni okujwayelekile ngefomethi ye-YAML noma ye-key=value.

Ungakhohlwa ukuthi amaqiniso asebenza kuwo wonke ama-node alawulwa yiseva ye-poppet lapho imojuli yakho isetshenziswa khona. Ngakho-ke, embhalweni, qiniseka ukuthi ubheka ukuthi uhlelo lunazo zonke izinhlelo namafayela adingekayo ukuze iqiniso lakho lisebenze.

#!/bin/sh
echo "testfact=success"

#!/bin/sh
echo '{"testyamlfact":"success"}'

Ruby amaqiniso

Amaqiniso anjalo abekwe kumamojula ohlwini lwemibhalo lib/facter.

# всё начинается с вызова функции Facter.add с именем факта и блоком кода
Facter.add('ladvd') do
# в блоках confine описываются условия применимости факта — код внутри блока должен вернуть true, иначе значение факта не вычисляется и не возвращается
  confine do
    Facter::Core::Execution.which('ladvdc') # проверим, что в PATH есть такой исполняемый файл
  end
  confine do
    File.socket?('/var/run/ladvd.sock') # проверим, что есть такой UNIX-domain socket
  end
# в блоке setcode происходит собственно вычисление значения факта
  setcode do
    hash = {}
    if (out = Facter::Core::Execution.execute('ladvdc -b'))
      out.split.each do |l|
        line = l.split('=')
        next if line.length != 2
        name, value = line
        hash[name.strip.downcase.tr(' ', '_')] = value.strip.chomp(''').reverse.chomp(''').reverse
      end
    end
    hash  # значение последнего выражения в блоке setcode является значением факта
  end
end

Amaqiniso ombhalo

Amaqiniso anjalo abekwe kuma-node ohlwini lwemibhalo /etc/facter/facts.d kuPuppet endala noma /etc/puppetlabs/facts.d kuPuppet entsha.

examplefact=examplevalue

---
examplefact2: examplevalue2
anotherfact: anothervalue

Ukuthola Amaqiniso

Kunezindlela ezimbili zokufinyelela amaqiniso:

• ngesichazamazwi $facts: $facts['fqdn'];
• usebenzisa igama leqiniso njengegama eliguquguqukayo: $fqdn.

Kungcono ukusebenzisa isichazamazwi $facts, noma okungcono nakakhulu, bonisa indawo yamagama yomhlaba wonke ($::facts).

Nasi isigaba esifanele samadokhumenti.

Izinguquko ezakhelwe ngaphakathi

Ngaphandle kwamaqiniso, kukhona futhi ezinye eziguquguqukayo, etholakala endaweni yamagama yomhlaba wonke.

• amaqiniso athembekile — izinto eziguquguqukayo ezithathwe kusitifiketi seklayenti (njengoba isitifiketi ngokuvamile sikhishwa kuseva ye-poppet, umenzeli akakwazi nje ukuthatha futhi ashintshe isitifiketi saso, ngakho okuguquguqukayo “kuyathenjwa”): igama lesitifiketi, umsingathi kanye negama lesizinda, izandiso ezivela kusitifiketi.
• amaqiniso eseva -okuguquguqukayo okuhlobene nolwazi mayelana neseva-inguqulo, igama, ikheli le-IP leseva, imvelo.
• amaqiniso e-ejenti — okuguquguqukayo kwengezwe ngokuqondile yi-ejenti yopopathi, hhayi ngeqiniso — igama lesitifiketi, inguqulo ye-ejenti, uhlobo lopopayi.
• master variables - Izinguquko zePappetmaster (sic!). Icishe ifane ne-in amaqiniso eseva, kanye namanani epharamitha yokumisa ayatholakala.
• okuguquguqukayo komqambi — okuguquguqukayo komhlanganisi okuhlukile kububanzi ngamunye: igama lemojula yamanje kanye negama lemojuli okufinyelelwe kuyo into yamanje. Angasetshenziswa, isibonelo, ukuhlola ukuthi amakilasi akho ayimfihlo awasetshenziswa ngokuqondile kwamanye amamojula.

Ukwengeza 1: kanjani ukusebenzisa futhi ukulungisa iphutha konke lokhu?

I-athikili ibiqukethe izibonelo eziningi zekhodi yopopayi, kodwa ayizange isitshele nhlobo ukuthi le khodi iqhutshwa kanjani. Hhayi-ke ngiyazilungisa.

I-ejenti yanele ukusebenzisa i-Puppet, kodwa ezimweni eziningi uzodinga neseva.

Umenzeli

Okungenani kusukela kunguqulo yesi-XNUMX, amaphakheji we-puppet-ejenti avela Inqolobane esemthethweni yePuppetlabs ziqukethe konke ukuncika (irubi namagugu ahambisanayo), ngakho-ke abukho ubunzima bokufaka (ngikhuluma ngokusabalalisa okusekelwe ku-Debian - asisebenzisi ukusatshalaliswa okusekelwe ku-RPM).

Esimweni esilula, ukusebenzisa ukucushwa kwe-puppet, kwanele ukwethula i-ejenti kwimodi engenaseva: inqobo nje uma ikhodi ye-puppet ikopishelwe ku-node, qalisa. puppet apply <путь к манифесту>:

atikhonov@atikhonov ~/puppet-test $ cat helloworld.pp 
node default {
    notify { 'Hello world!': }
}
atikhonov@atikhonov ~/puppet-test $ puppet apply helloworld.pp 
Notice: Compiled catalog for atikhonov.localdomain in environment production in 0.01 seconds
Notice: Hello world!
Notice: /Stage[main]/Main/Node[default]/Notify[Hello world!]/message: defined 'message' as 'Hello world!'
Notice: Applied catalog in 0.01 seconds

Kungcono, kunjalo, ukusetha iseva bese usebenzisa ama-ejenti kumanodi ngemodi ye-daemon - khona-ke kanye njalo ngesigamu sehora bazosebenzisa ukucushwa okulandiwe kusuka kuseva.

Ungalingisa imodeli ye-push yomsebenzi - hamba ku-node oyithandayo bese uqala sudo puppet agent -t. Ukhiye -t (--test) empeleni ihlanganisa izinketho ezimbalwa ezingavulwa ngazodwana. Lezi zinketho zihlanganisa okulandelayo:

• ungasebenzisi kumodi ye-daemon (ngokuzenzakalelayo i-ejenti iqala ngemodi ye-daemon);
• vala ngemuva kokusebenzisa ikhathalogi (ngokuzenzakalelayo, i-ejenti izoqhubeka nokusebenza futhi isebenzise ukumisa kanye njalo ngesigamu sehora);
• bhala ilogi yomsebenzi enemininingwane;
• bonisa izinguquko kumafayela.

I-ejenti inemodi yokusebenza ngaphandle kwezinguquko - ungayisebenzisa uma ungaqiniseki ukuthi ubhale ukumisa okulungile futhi ufuna ukuhlola ukuthi yini ngempela i-ejenti ezoshintsha ngesikhathi sokusebenza. Le modi inikwe amandla ipharamitha --noop kulayini womyalo: sudo puppet agent -t --noop.

Ngaphezu kwalokho, ungakwazi ukunika amandla ilogi yokulungisa iphutha lomsebenzi - kuwo, i-puppet ibhala ngazo zonke izenzo ezizenzayo: mayelana nensiza okwamanje ecubungulayo, mayelana nemingcele yalesi sisetshenziswa, mayelana nokuthi yiziphi izinhlelo eziqalayo. Yiqiniso lena ipharamitha --debug.

Iseva

Ngeke ngicabangele ukusethwa okugcwele kwe-pappetserver kanye nokufaka ikhodi kuyo kulesi sihloko; ngizosho kuphela ukuthi ngaphandle kwebhokisi kukhona inguqulo esebenza ngokugcwele yeseva engadingi ukucushwa okwengeziwe ukuze isebenze nenombolo encane amanodi (athi, aze afike ekhulwini). Inombolo enkulu yama-node izodinga ukulungiswa - ngokuzenzakalelayo, i-puppetserver iqala izisebenzi ezingaphezu kwezine, ukuze usebenze kakhulu udinga ukwandisa inani labo futhi ungakhohlwa ukwandisa imingcele yememori, ngaphandle kwalokho iseva izoqoqa udoti isikhathi esiningi.

Ukuthunyelwa kwekhodi - uma uyidinga ngokushesha futhi kalula, bheka (ku-r10k)[https://github.com/puppetlabs/r10k], ekufakweni okuncane kufanele kube ngokwanele.

Isengezo 2: Imihlahlandlela Yokubhala Ikhodi

1. Beka yonke ingqondo emakilasini nasezincazelweni.
2. Gcina amakilasi nezincazelo kumamojula, hhayi kumanodi achazayo.
3. Sebenzisa amaqiniso.
4. Ungazenzi ama-ifs ngokusekelwe kumagama abasingathi.
5. Zizwe ukhululekile ukwengeza amapharamitha wamakilasi nezincazelo - lokhu kungcono kunomqondo osobala ofihliwe emzimbeni wekilasi/uchaze.

Ngizochaza ukuthi kungani ngincoma ukwenza lokhu esihlokweni esilandelayo.

isiphetho

Asiqedele ngesingeniso. Esihlokweni esilandelayo ngizokutshela nge-Hiera, ENC kanye nePuppetDB.

Abasebenzisi ababhalisiwe kuphela abangabamba iqhaza kuhlolovo. Ngena ngemvume, wamukelekile.

Eqinisweni, kuningi okubalulekile - ngingabhala izindatshana ngezihloko ezilandelayo, ngivotele lokho ongathanda ukufunda ngakho:

• 59,1%Ukwakhiwa kopopathi okuthuthukisiwe - ezinye zezinga elilandelayo: izihibe, imephu nezinye izinkulumo ze-lambda, abaqoqi bezinsiza, izinsiza ezithunyelwa kwamanye amazwe kanye nokuxhumana phakathi kwabasingathi nge-Puppet, amathegi, abahlinzeki, izinhlobo zedatha engabonakali.13
• 31,8%"Ngingumqondisi kamama" noma ukuthi thina ku-Avito senze kanjani ubungane namaseva amaningana we-poppet wezinguqulo ezahlukene, futhi, ngokomthetho, ingxenye mayelana nokuphatha iseva ye-poppet.7
• 81,8%Sibhala kanjani ikhodi ye-puppet: i-instrumentation, imibhalo, ukuhlolwa, i-CI/CD.18

Bangu-22 abasebenzisi abavotile. Abasebenzisi abangu-9 bagobile.

Source: www.habr.com