变量复用
说明:
变量定义后可以直接调用变量名称使用
范例:
$etcd_controller1='10.100.84.22'
$etcd_controller2='10.100.84.23'
$etcd_controller3='10.100.84.24'
$etcd_host1='gx-yun-084022.vclound.com'
$etcd_host2='gx-yun-084023.vclound.com'
$etcd_host3='gx-yun-084024.vclound.com'
$etcd_connect="$etcd_host1=http://$etcd_host1:2380,$etcd_host2=http://$etcd_host2:2380,$etcd_host3=http://$etcd_host3:2380"
$etcdcluster="$etcd_controller1:2379,$etcd_controller2:2379,$etcd_controller3:2379"
变量的判断
说明:
1. 对主机地址进行匹配, (可以利用 case , if 的方式进行判断, 效果一样)
2. 针对不同的主机, 定义不同的变量使用
范例
$myipaddress=$ipaddress_vlanbr0
if $myipaddress =~ /^10\.201\.\\*/ {
$ntpserver = '10.201.100.21'
} elsif $myipaddress =~ /^10\.200\.\\*/ {
$ntpserver = '10.200.100.21'
} elsif $myipaddress =~ /^10\.205\.\\*/ {
$ntpserver = '10.205.100.25'
} elsif $myipaddress =~ /^192\.168\.\\*/ {
$ntpserver = [ '10.199.129.21', '10.199.129.22' ]
} elsif $myipaddress =~ /^10\.100\.\\*/ {
$ntpserver = [ '10.199.129.21', '10.199.129.22' ]
}
case 语法
作用:
1. 对主机地址进行匹配,
2. 利用匹配规则, 令不同的主机执行不同的命令
范例:
case $myipaddress {
$etcd_controller1, $etcd_controller2, $etcd_controller3 : {
exec { 'exit':
user => root, group => root,
path => '/bin:/sbin:/usr/bin:/usr/sbin',
unless => [ "/usr/bin/nmap $fqdn -p 2380 | /usr/bin/grep -o open" ],
require => [ Package['nmap'], Class['initial'], Class['etcd::service'] ],
}
}
default : {
exec { 'exit':
user => root, group => root,
path => '/bin:/sbin:/usr/bin:/usr/sbin',
unless => [ "/usr/bin/nmap $etcd_controller1 -p 2380 | /usr/bin/grep -o open && /usr/bin/nmap $etcd_controller2 -p 2380 | /usr/bin/grep -o open && /usr/bin/nmap $etcd_controller3 -p 2380 | /usr/bin/grep -o open" ],
require => Package['nmap'],
}
}
}
配置文件特殊语法
参考下面语法 (config.pp)
convoy_config {
'Service/LimitMEMLOCK': value => $convoyLimitMEMLOCK;
'Service/LimitSTACK': value => $convoyLimitSTACK;
'Service/LimitNPROC': value => $convoyLimitNPROC;
'Service/LimitNOFILE': value => $convoyLimitNOFILE;
'Service/LimitCORE': value => $convoyLimitCORE;
}
当执行 puppet 后, 可以得到下面的常见的配置文件配置结果 (实际会得到 等号后的变量值 )
[Service]
LimitMEMLOCK = $convoyLimitMEMLOCK
LimitSTACK = $convoyLimitSTACK
LimitNPROC = $convoyLimitNPROC
LimitNOFILE = $convoyLimitNOFILE
LimitCORE = $convoyLimitCORE
要使用这样的配置方法, 必须添加下面两个模块库文件
/etc/puppet/modules/convoy
├── lib
│ └── puppet
│ ├── provider
│ │ └── convoy_config
│ │ └── ini_setting.rb <- 添加
│ └── type
│ └── convoy_config.rb <- 添加
├── manifests
│ ├── config.pp <- 添加后, 配置才生效
│ ├── directlvm.pp
│ ├── init.pp
/etc/puppet/modules/convoy/lib/puppet/provider/convoy_config/ini_setting.rb
Puppet::Type.type(:convoy_config).provide(
:ini_setting,
:parent => Puppet::Type.type(:ini_setting).provider(:ruby)
) do
def section
resource[:name].split('/', 2).first
end
def setting
resource[:name].split('/', 2).last
end
def separator
'='
end
def self.file_path
'/usr/lib/systemd/system/convoy.service'
end
def file_path
self.class.file_path
end
end
/etc/puppet/modules/convoy/lib/puppet/type/convoy_config.rb
Puppet::Type.newtype(:convoy_config) do
ensurable
newparam(:name, :namevar => true) do
desc 'Section/setting name to manage from /usr/lib/systemd/system/convoy.service'
newvalues(/\S+\/\S+/)
end
newproperty(:value) do
desc 'The value of the setting to be defined.'
munge do |value|
value = value.to_s.strip
value.capitalize! if value =~ /^(true|false)$/i
value
end
end
end
firewalld 配置
模块下载位置
https://github.com/crayfishx/puppet-firewalld
配置语法
一段端口配置方法
firewalld_port { 'Open port 1000-50000 in the public zone tcp':
ensure => present,
zone => 'public',
port => 1000-50000,
protocol => 'tcp',
}
firewalld_port { 'Open port 1000-50000 in the public zone udp':
ensure => present,
zone => 'public',
port => 1000-50000,
protocol => 'udp',
}
一个端口配置方法
firewalld_port { 'Open port 2476 in the public zone':
ensure => present,
zone => 'public',
port => 2476,
protocol => 'tcp',
}
firewalld_port { 'Open port 8080 in the public zone':
ensure => present,
zone => 'public',
port => 8080,
protocol => 'tcp',
}
138
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
