编写配置类_配置管理101：编写P清单

编写配置类

介绍 (Introduction)

In a nutshell, server configuration management (also popularly referred to as IT Automation) is a solution for turning your infrastructure administration into a codebase, describing all processes necessary for deploying a server in a set of provisioning scripts that can be versioned and easily reused. It can greatly improve the integrity of any server infrastructure over time.

简而言之，服务器配置管理(通常也称为IT自动化)是一种将基础架构管理转换为代码库的解决方案，它以一组版本控制且易于重用的配置脚本描述了部署服务器所需的所有过程。 随着时间的推移，它可以大大提高任何服务器基础架构的完整性。

In a previous guide, we talked about the main benefits of implementing a configuration management strategy for your server infrastructure, how configuration management tools work, and what these tools typically have in common.

在上一指南中 ，我们讨论了为服务器基础结构实施配置管理策略的主要好处，配置管理工具如何工作以及这些工具通常具有什么共同点。

This part of the series will walk you through the process of automating server provisioning using Puppet, a popular configuration management tool capable of managing complex infrastructure in a transparent way, using a master server to orchestrate the configuration of the nodes. We will focus on the language terminology, syntax and features necessary for creating a simplified example to fully automate the deployment of an Ubuntu 18.04 web server using Apache.

本系列的这一部分将引导您完成使用Puppet自动化服务器配置的过程，Puppet是一种流行的配置管理工具，能够使用主服务器来编排节点的配置，从而以透明的方式管理复杂的基础架构。 我们将专注于创建简化示例以使用Apache完全自动化Ubuntu 18.04 Web服务器的部署所必需的语言术语，语法和功能。

This is the list of steps we need to automate in order to reach our goal:

这是我们要实现目标需要自动化的步骤的列表：

1. Update the apt cache

   更新apt缓存

2. Install Apache
   安装Apache
3. Create a custom document root directory
   创建一个自定义文档的根目录

4. Place an index.html file in the custom document root

   将index.html文件放在自定义文档的根目录中

5. Apply a template to set up our custom virtual host
   应用模板来设置我们的自定义虚拟主机
6. Restart Apache
   重新启动Apache

We will start by having a look at the terminology used by Puppet, followed by an overview of the main language features that can be used to write manifests. At the end of this guide, we will share the complete example so you can try it by yourself.

我们将从查看Puppet使用的术语开始，然后概述可用于编写清单的主要语言功能。 在本指南的最后，我们将分享完整的示例，以便您可以自己尝试。

Note: this guide is intended to introduce you to the Puppet language and how to write manifests to automate your server provisioning. For a more introductory view of Puppet, including the steps necessary for installing and getting started with this tool, please refer to Puppet’s official documentation.

注意：本指南旨在向您介绍Puppet语言以及如何编写清单来自动执行服务器配置。 有关Puppet的更多介绍性视图，包括安装和使用此工具入门所需的步骤，请参阅Puppet的官方文档 。

入门 (Getting Started)

Before we can move to a more hands-on view of Puppet, it is important that we get acquainted with important terminology and concepts introduced by this tool.

在进一步了解Puppet之前，必须熟悉该工具引入的重要术语和概念，这一点很重要。

人偶条款 (Puppet Terms)

• Puppet Master: the master server that controls configuration on the nodes

  Puppet Master ：控制节点上配置的主服务器

• Puppet Agent Node: a node controlled by a Puppet Master

  人偶代理节点 ：人偶主节点控制的节点

• Manifest: a file that contains a set of instructions to be executed

  清单 ：包含一组要执行的指令的文件

• Resource: a portion of code that declares an element of the system and how its state should be changed. For instance, to install a package we need to define a package resource and ensure its state is set to “installed”

  资源 ：代码的一部分，用于声明系统的元素以及如何更改其状态。 例如，要安装软件包，我们需要定义软件包资源并确保其状态设置为“已安装”

• Module: a collection of manifests and other related files organized in a pre-defined way to facilitate sharing and reusing parts of a provisioning

  模块 ：以预定义方式组织的清单和其他相关文件的集合，以促进共享和重用部分配置

• Class: just like with regular programming languages, classes are used in Puppet to better organize the provisioning and make it easier to reuse portions of the code

  类 ：与常规编程语言一样，Puppet中使用类来更好地组织配置并使其更易于重用部分代码

• Facts: global variables containing information about the system, like network interfaces and operating system

  事实 ：包含有关系统信息的全局变量，例如网络接口和操作系统

• Services: used to trigger service status changes, like restarting or stopping a service

  服务 ：用于触发服务状态更改，例如重新启动或停止服务

Puppet provisionings are written using a custom DSL (domain specific language) that is based on Ruby.

使用基于Ruby的自定义DSL(域特定语言)编写人偶配置。

资源资源 (Resources)

With Puppet, tasks or steps are defined by declaring resources. Resources can represent packages, files, services, users, and commands. They might have a state, which will trigger a system change in case the state of a declared resource is different from what is currently on the system. For instance, a package resource set to installed in your manifest will trigger a package installation on the system if the package was not previously installed.

使用Puppet，可以通过声明资源来定义任务或步骤。 资源可以表示包，文件，服务，用户和命令。 它们可能具有状态，如果已声明资源的状态与系统上当前的状态不同，则会触发系统更改。 举例来说，一个包的资源集合到installed ，如果以前未安装包在你的清单将触发系统的软件包安装。

This is what a package resource looks like:

包资源如下所示：

package { 'nginx':
    ensure  => 'installed'
}

You can execute any arbitrary command by declaring an exec resource, like the following:

您可以通过声明exec资源来执行任意命令，如下所示：

exec { 'apt-get update':
    command => '/usr/bin/apt-get update'
}

Note that the apt-get update portion on the first line is not the actual command declaration, but an identifier for this unique resource. Often we need to reference other resources from within a resource, and we use their identifier for that. In this case, the identifier is apt-get update, but it could be any other string.

请注意，第一行的apt-get update部分不是实际的命令声明，而是此唯一资源的标识符。 通常，我们需要从资源中引用其他资源，并为此使用它们的标识符。 在这种情况下，标识符是apt-get update ，但是它可以是任何其他字符串。

资源依赖 (Resource Dependency)

When writing manifests, it is important to keep in mind that Puppet doesn’t evaluate the resources in the same order they are defined. This is a common source of confusion for those who are getting started with Puppet. Resources must explicitly define dependency between each other, otherwise there’s no guarantee of which resource will be evaluated, and consequently executed, first.

在编写清单时，请记住，Puppet不会按照定义资源的顺序来评估资源。 对于那些开始使用Puppet的人来说，这是一个常见的困惑源。 资源必须明确定义彼此之间的依赖关系，否则无法保证首先评估哪个资源并因此执行。

As a simple example, let’s say you want execute a command, but you need to make sure a dependency is installed first:

举一个简单的例子，假设您要执行命令，但是需要确保首先安装了依赖项：

package { 'python-software-properties':
    ensure => 'installed'
}

exec { 'add-repository':
    command => '/usr/bin/add-apt-repository ppa:ondrej/php5 -y'
    require => Package['python-software-properties']
}

The require option receives as parameter a reference to another resource. In this case, we are referring to the Package resource identified as python-software-properties. It’s important to notice that while we use exec, package, and such for declaring resources (with lowercase), when referring to previously defined resources, we use Exec, Package, and so on (capitalized).

require选项接收对另一个资源的引用作为参数。 在这种情况下，我们指的是被标识为python-software-properties的Package资源。 重要的是要注意，尽管我们使用exec ， package等声明资源(小写)，但在引用先前定义的资源时，我们使用Exec ， Package等(大写)。

Now let’s say you need to make sure a task is executed before another. For a case like this, we can use the before option instead:

现在，假设您需要确保先执行一个任务。 对于这种情况，我们可以改用before选项：

package { 'curl':
    ensure => 'installed'
    before => Exec['install script']
}

exec { 'install script':
    command => '/usr/bin/curl http://example.com/some-script.sh'

清单格式 (Manifest Format)

Manifests are basically a collection of resource declarations, using the extension .pp. Below you can find an example of a simple playbook that performs two tasks: updates the apt cache and installs vim afterwards:

清单基本上是资源声明的集合，使用扩展名.pp 。 在下面，您可以找到一个简单的剧本的示例，该剧本可以执行两个任务：更新apt缓存并随后安装vim ：

exec { 'apt-get update':
    command => '/usr/bin/apt-get update'
}

package { 'vim':
    ensure => 'installed'
    require => Exec['apt-get update']
}

Before the end of this guide we will see a more real-life example of a manifest, explained in detail. The next section will give you an overview of the most important elements and features that can be used to write Puppet manifests.

在本指南结束之前，我们将看到清单的更真实示例，并进行了详细说明。 下一节将概述可用于编写Puppet清单的最重要的元素和功能。

写作清单 (Writing Manifests)

使用变量 (Working with Variables)

Variables can be defined at any point in a manifest. The most common types of variables are strings and arrays of strings, but other types are also supported, such as booleans and hashes.

可以在清单的任何位置定义变量。 最常见的变量类型是字符串和字符串数组，但是还支持其他类型，例如布尔值和哈希值。

The example below defines a string variable that is later used inside a resource:

下面的示例定义了一个字符串变量，该变量稍后在资源内部使用：

$package = "vim"

package { $package:
   ensure => "installed"
}

使用循环 (Using Loops)

Loops are typically used to repeat a task using different input values. For instance, instead of creating 10 tasks for installing 10 different packages, you can create a single task and use a loop to repeat the task with all the different packages you want to install.

循环通常用于使用不同的输入值重复执行任务。 例如，您不必创建10个任务来安装10个不同的软件包，而是可以创建一个任务并使用循环对要安装的所有不同软件包重复执行该任务。

The simplest way to repeat a task with different values in Puppet is by using arrays, like in the example below:

在Puppet中重复执行具有不同值的任务的最简单方法是使用数组，如以下示例所示：

$packages = ['vim', 'git', 'curl']

package { $packages:
   ensure => "installed"
}

As of version 4, Puppet supports additional ways for iterating through tasks. The example below does the same thing as the previous example, but this time using the each iterator. This option gives you more flexibility for looping through resource definitions:

从版本4开始，Puppet支持其他遍历任务的方式。 下面的示例与上一个示例具有相同的作用，但是这次使用了each迭代器。 此选项为您循环资源定义提供了更大的灵活性：

$packages.each |String $package| {
  package { $package:
    ensure => "installed"
  }
}

使用条件 (Using Conditionals)

Conditionals can be used to dynamically decide whether or not a block of code should be executed, based on a variable or an output from a command, for instance.

例如，条件变量可用于基于变量或命令的输出来动态决定是否应执行代码块。

Puppet supports most of the conditional structures you can find with traditional programming languages, like if/else and case statements. Additionally, some resources like exec will support attributes that work like a conditional, but only accept a command output as condition.

Puppet支持您可以在传统编程语言中找到的大多数条件结构，例如if/else和case语句。 此外，某些资源(例如exec将支持类似于条件的属性，但仅接受命令输出作为条件。

Let’s say you want to execute a command based on a fact. In this case, as you want to test the value of a variable, you need to use one of the conditional structures supported, like if/else:

假设您要基于事实执行命令。 在这种情况下，由于要测试变量的值，需要使用支持的条件结构之一，例如if/else ：

if $osfamily != 'Debian' {
 warning('This manifest is not supported on this OS.')
}
else {
 notify { 'Good to go!': }
}

Another common situation is when you want to condition the execution of a command based on the output from another command. For cases like this you can use onlyif or unless, like in the example below. This command will only be executed when the output from /bin/which php is successful, that is, the command exits with status 0:

另一个常见的情况是，您希望根据另一个命令的输出来限制命令的执行。 对于这样的情况下，你可以使用onlyif或unless在下面的例子中，等等。 仅当/bin/which php的输出成功时才执行此命令，即，该命令以状态0退出：

exec { "Test":
 command => "/bin/echo PHP is installed here > /tmp/test.txt",
 onlyif => "/bin/which php"
}

Similarly, unless will execute the command all times, except when the command under unless exits successfully:

同样， unless将一直执行命令， unless成功退出下的命令：

exec { "Test":
 command => "/bin/echo PHP is NOT installed here > /tmp/test.txt",
 unless => "/bin/which php"
}

使用模板 (Working with Templates)

Templates are typically used to set up configuration files, allowing for the use of variables and other features intended to make these files more versatile and reusable. Puppet supports two different formats for templates: Embedded Puppet (EPP) and Embedded Ruby (ERB). The EPP format, however, works only with recent versions of Puppet (starting from version 4.0).

模板通常用于设置配置文件，从而允许使用变量和其他功能，以使这些文件更加通用和可重复使用。 Puppet支持两种不同的模板格式：Embedded Puppet(EPP)和Embedded Ruby(ERB)。 但是，EPP格式仅适用于最新版本的Puppet(从4.0版开始)。

Below is an example of an ERB template for setting up an Apache virtual host, using a variable for setting up the document root for this host:

以下是使用变量来设置此主机的文档根目录的，用于设置Apache虚拟主机的ERB模板的示例：

<VirtualHost *:80>
    ServerAdmin webmaster@localhost
    DocumentRoot <%= @doc_root %>

    <Directory <%= @doc_root %>>
        AllowOverride All
        Require all granted
    </Directory>
</VirtualHost>

In order to apply the template, we need to create a file resource that renders the template content with the template method. This is how you would apply this template to replace the default Apache virtual host:

为了应用模板，我们需要创建一个file资源，该资源使用template方法呈现模板内容。 这是您应用此模板替换默认的Apache虚拟主机的方式：

file { "/etc/apache2/sites-available/000-default.conf":
    ensure => "present",
    content => template("apache/vhost.erb") 
}

Puppet makes a few assumptions when dealing with local files, in order to enforce organization and modularity. In this case, Puppet would look for a vhost.erb template file inside a folder apache/templates, inside your modules directory.

为了执行组织和模块化，Puppet在处理本地文件时会做一些假设。 在这种情况下，Puppet会在模块目录中的apache/templates文件夹中寻找vhost.erb模板文件。

定义和触发服务 (Defining and Triggering Services)

Service resources are used to make sure services are initialized and enabled. They are also used to trigger service restarts.

服务资源用于确保服务已初始化并启用。 它们还用于触发服务重启。

Let’s take into consideration our previous template usage example, where we set up an Apache virtual host. If you want to make sure Apache is restarted after a virtual host change, you first need to create a service resource for the Apache service. This is how such resource is defined in Puppet:

让我们考虑之前的模板用法示例，在该示例中，我们设置了Apache虚拟主机。 如果要确保在更改虚拟主机后重新启动Apache，则首先需要为Apache服务创建服务资源。 这是在Puppet中定义此类资源的方式：

service { 'apache2':
    ensure => running,
    enable => true
}

Now, when defining the resource, you need to include a notify option in order to trigger a restart:

现在，在定义资源时，您需要包括一个notify选项，以触发重新启动：

file { "/etc/apache2/sites-available/000-default.conf":
    ensure => "present",
    content => template("vhost.erb"),
    notify => Service['apache2'] 
}

清单示例 (Example Manifest)

Now let’s have a look at a manifest that will automate the installation of an Apache web server within an Ubuntu 14.04 system, as discussed in this guide’s introduction.

现在，让我们看一下清单，该清单将在Ubuntu 14.04系统中自动安装Apache Web服务器，如本指南的简介中所述。

The complete example, including the template file for setting up Apache and an HTML file to be served by the web server, can be found on Github. The folder also contains a Vagrantfile that lets you test the manifest in a simplified setup, using a virtual machine managed by Vagrant.

可以在Github上找到完整的示例，包括用于设置Apache的模板文件和由Web服务器提供服务HTML文件。 该文件夹还包含一个Vagrant文​​件，可让您使用Vagrant管理的虚拟机以简化的设置测试清单。

Below you can find the complete manifest:

您可以在下面找到完整的清单：

default.pp

default.pp

• $doc_root = "/var/www/example"
  $ doc_root =“ / var / www / example”
• exec { 'apt-get update':
  exec {'apt-get update'：
• command => '/usr/bin/apt-get update'
  命令=>'/ usr / bin / apt-get更新'
• }
  }
• package { 'apache2':
  软件包{'apache2'：
• ensure => "installed",
  确保=>“已安装”，
• require => Exec['apt-get update']
  require => Exec ['apt-get update']
• }
  }
• file { $doc_root:
  文件{$ doc_root：
• ensure => "directory",
  确保=>“目录”，
• owner => "www-data",
  所有者=>“ www-data”，
• group => "www-data",
  组=>“ www-data”，
• mode => 644
  模式=> 644
• }
  }
• file { "$doc_root/index.html":
  文件{“ $ doc_root / index.html”：
• ensure => "present",
  确保=>“ present”，
• source => "puppet:///modules/main/index.html",
  来源=>“人偶：///modules/main/index.html”，
• require => File[$doc_root]
  要求=>文件[$ doc_root]
• }
  }
• file { "/etc/apache2/sites-available/000-default.conf":
  文件{“ /etc/apache2/sites-available/000-default.conf”：
• ensure => "present",
  确保=>“ present”，
• content => template("main/vhost.erb"),
  内容=>模板(“ main / vhost.erb”)，
• notify => Service['apache2'],
  通知=>服务['apache2']，
• require => Package['apache2']
  需要=>包['apache2']
• }
  }
• service { 'apache2':
  服务{'apache2'：
• ensure => running,
  确保=>运行，
• enable => true
  启用=> true
• }
  }

清单说明 (Manifest Explained)

1行 (line 1)

The manifest starts with a variable definition, $doc_root. This variable is later used in a resource declaration.

清单以变量定义$doc_root开头。 稍后在资源声明中使用此变量。

3-5行 (lines 3-5)

This exec resource executes an apt-get update command.

该执行资源执行apt-get update命令。

7-10行 (lines 7-10)

This package resource installs the package apache2, defining that the apt-get update resource is a requirement, which means that it will only be executed after the required resource is evaluated.

该软件包资源安装了软件包apache2 ，该软件包定义了apt-get update资源是必需的，这意味着它将仅在评估了所需资源之后才执行。

12-17行 (lines 12-17)

We use a file resource here to create a new directory that will serve as our document root. The file resource can be used to create directories and files, and it’s also used for applying templates and copying local files to the remote server. This task can be executed at any point of the provisioning, so we didn’t need to set any require here.

我们在这里使用文件资源来创建一个新目录，该目录将用作我们的文档根目录。 file资源可用于创建目录和文件，也可用于应用模板并将本地文件复制到远程服务器。 此任务可以在供应的任何时候执行，因此我们require在此处设置任何require 。

19-23行 (lines 19-23)

We use another file resource here, this time to copy our local index.html file to the document root inside the server. We use the source parameter to let Puppet know where to find the original file. This nomenclature is based on the way Puppet handles local files; if you have a look at the Github example repository, you will see how the directory structure should be created in order to let Puppet find this resource. The document root directory needs to be created prior to this resource execution, that’s why we include a require option referencing the previous resource.

我们在这里使用另一个文件资源，这次将我们的本地index.html文件复制到服务器内部的文档根目录中。 我们使用source参数让Puppet知道在哪里可以找到原始文件。 该术语基于Puppet处理本地文件的方式。 如果您查看Github示例存储库 ，您将看到应该如何创建目录结构以便让Puppet查找此资源。 在执行此资源之前，需要先创建文档根目录，这就是为什么我们包含引用先前资源的require选项的原因。

25-30行 (lines 25-30)

A new file resource is used to apply the Apache template and notify the service for a restart. For this example, our provisioning is organized in a module called main, and that’s why the template source is main/vhost.erb. We use a require statement to make sure the template resource only gets executed after the package apache2 is installed, otherwise the directory structure used by Apache may not be present yet.

新的文件资源用于应用Apache模板并通知服务重新启动。 在此示例中，我们的供应是在名为main的模块中组织的，这就是模板源为main / vhost.erb的原因 。 我们使用require语句来确保仅在安装apache2软件包后才执行模板资源，否则Apache所使用的目录结构可能还不存在。

32-35行 (lines 32-35)

Finally, the service resource declares the apache2 service, which we notify for a restart from the resource that applies the virtual host template.

最后， 服务资源声明了apache2服务，我们通知它从应用虚拟主机模板的资源中重新启动。

结论 (Conclusion)

Puppet is a powerful configuration management tool that uses an expressive custom DSL for managing server resources and automate tasks. Its language offers advanced resources that can give extra flexibility to your provisioning setups; it is important to remember that resources are not evaluated in the same order they are defined, and for that reason you need to be careful when defining dependencies between resources in order to establish the right chain of execution.

Puppet是功能强大的配置管理工具，它使用表达性的自定义DSL来管理服务器资源和自动执行任务。 它的语言提供了高级资源，可以为您的配置设置提供额外的灵活性。 重要的是要记住不要以定义资源的顺序来评估资源，因此，在定义资源之间的依赖关系以建立正确的执行链时，您需要小心。

In the next guide of this series, we will have a look at Chef, another powerful configuration management tool that leverages the Ruby programming language to automate infrastructure administration and provisioning.

在本系列的下一个指南中 ，我们将介绍Chef，这是另一个功能强大的配置管理工具，它利用Ruby编程语言来自动化基础结构管理和供应。

翻译自: https://www.digitalocean.com/community/tutorials/configuration-management-101-writing-puppet-manifests

编写配置类