Puppet 资源公有属性的其他描述方式(三十)
Puppet 资源公有属性的其他描述方式puppet的资源公有属性中还可以通过"->"和"~>"两种特殊符号来描述资源与资源之间的关系.
->:用于表示资源与资源之间的先后关系,等同于before和require两个资源公有属性.
~>:用于表示资源之间的通知,等同于notify和subscribe练个资源公有属性.
示例: "->"用法
安装httpd并运行httpd服务的puppet代码如下:
# cat httpd2.pp
package {"httpd":
ensure => present,
provider => 'yum',
}
service {"httpd":
ensure => running,
enable => true,
}
Package["httpd"] -> Service["httpd"]
运行结果:
# puppet apply httpd2.pp
Notice: Compiled catalog for sh-web1.localdomain in environment production in 0.06 seconds
Notice: /Stage/Main/Package/ensure: created
Notice: /Stage/Main/Service/ensure: ensure changed 'stopped' to 'running'
Notice: Finished catalog run in 3.02 seconds
# /etc/init.d/httpd status
httpd (pid81254) is running...
示例: "~>"用法
# cat httpd.pp
package {"httpd":
ensure => present,
provider => 'yum',
}
service {"httpd":
ensure => running,
enable => true,
}
file {'/etc/httpd/conf/httpd.conf':
ensure => file,
}
Package["httpd"] -> File ['/etc/httpd/conf/httpd.conf'] ~> Service["httpd"]
运行结果:
# puppet apply httpd.pp
Notice: Compiled catalog for sh-web1.localdomain in environment production in 0.07 seconds
Notice: /Stage/Main/Package/ensure: created
Notice: /Stage/Main/Service/ensure: ensure changed 'stopped' to 'running'
Notice: Finished catalog run in 3.25 seconds
# /etc/init.d/httpd status
httpd (pid81493) is running...
生产上并不会像上面那样去写,一个资源可能很大,篇幅很长.
如下两种写法:
第一种:
# cat httpd2.pp
package {"httpd":
ensure => present,
provider => 'yum',
}
->
service {"httpd":
ensure => running,
enable => true,
}
第二种:
# cat httpd2.pp
package {"httpd":
ensure => present,
provider => 'yum',
} ->
service {"httpd":
ensure => running,
enable => true,
}
# puppet apply httpd2.pp
Notice: Compiled catalog for sh-web1.localdomain in environment production in 0.04 seconds
Notice: /Stage/Main/Package/ensure: created
Notice: /Stage/Main/Service/ensure: ensure changed 'stopped' to 'running'
Notice: Finished catalog run in 2.28 seconds
注意:大部分都是第二种写法,"->"或"~>"跟在花括号的后面,但是个人习惯用第一种反正更新puppet不报错也能得到想要结果就ok.
audit审计
audit资源公有属性主要用于资源属性的审计,当某资源状态变化时,它可以将变化的内容抓夹到系统日志中.
puppet代码如下:
# cat file.pp
file {"/etc/password":
audit => [ owner,mode ],
}
运行过程,会看到改变通知.
# puppet apply file.pp
Notice: Compiled catalog for sh-web1.localdomain in environment production in 0.07 seconds
Notice: /Stage/Main/File/owner: audit change: newly-recorded value absent
Notice: /Stage/Main/File/mode: audit change: newly-recorded value absent
Notice: Finished catalog run in 0.05 seconds
页:
[1]