puppet资源file详细介绍(附案例)

一、资源介绍

Description

Manages files, including their content, ownership, and permissions.

The file type can manage normal files, directories, and symlinks; the type should be specified in the ensure attribute. Note that symlinks cannot be managed on Windows systems.

File contents can be managed directly with the content attribute, or downloaded from a remote source using the source attribute; the latter can also be used to recursively serve directories (when the recurse attribute is set to true or local). On Windows, note that file contents are managed in binary mode; Puppet never automatically translates line endings.

Autorequires: If Puppet is managing the user or group that owns a file, the file resource will autorequire them. If Puppet is managing any parent directories of a file, the file resource will autorequire them.

Attributes

file { 'resource title':
  path                    => # (namevar) The path to the file to manage.  Must be fully...
  ensure                  => # Whether the file should exist, and if so what...
  backup                  => # Whether (and how) file content should be backed...
  checksum                => # The checksum type to use when determining...
  content                 => # The desired contents of a file, as a string...
  ctime                   => # A read-only state to check the file ctime. On...
  force                   => # Perform the file operation even if it will...
  group                   => # Which group should own the file.  Argument can...
  ignore                  => # A parameter which omits action on files matching 
  links                   => # How to handle links during file actions.  During 
  mode                    => # The desired permissions mode for the file, in...
  mtime                   => # A read-only state to check the file mtime. On...
  owner                   => # The user to whom the file should belong....
  provider                => # The specific backend to use for this `file...
  purge                   => # Whether unmanaged files should be purged. This...
  recurse                 => # Whether and how to do recursive file management. 
  recurselimit            => # How deeply to do recursive management.  Values...
  replace                 => # Whether to replace a file or symlink that...
  selinux_ignore_defaults => # If this is set then Puppet will not ask SELinux...
  selrange                => # What the SELinux range component of the context...
  selrole                 => # What the SELinux role component of the context...
  seltype                 => # What the SELinux type component of the context...
  seluser                 => # What the SELinux user component of the context...
  show_diff               => # Whether to display differences when the file...
  source                  => # A source file, which will be copied into place...
  source_permissions      => # Whether (and how) Puppet should copy owner...
  sourceselect            => # Whether to copy all valid sources, or just the...
  target                  => # The target for creating a link.  Currently...
  type                    => # A read-only state to check the file...
  # ...plus any applicable metaparameters.
}

1、实现功能

1.1、支持文件和目录

1.2、设置文件及目录的所有者及权限

1.3、恢复文件(包括文件的内容、权限及所有者)

1.4、清理目录以及子目录

二、系统环境

1、puppet服务端

Release:RHEL6.4  
HOSTNAME: puppetserver.kisspuppet.com  
TCP/IP: 172.16.200.100/24
Packages:     
puppet-server-2.7.21-1.el6.noarch
mcollective-client-2.2.4
activemq-5.5.0

2、puppet节点

Release: RHEL5.8  
HOSTNAME: agent1.kisspuppet.com  
TCP/IP: 172.16.200.101/24 
Packages:
puppet-2.7.21-1.el5
mcollective-2.2.4-1.el5

3、puppet节点

Release: RHEL6.4  
HOSTNAME: agent3.kisspuppet.com  
TCP/IP: 172.16.200.103/24 
Packages:
puppet-2.7.21-1.el6
mcollective-2.2.4-1.el6

3、支持参数

1.1 ensure => {present|absent|directory|file|link}, 指定文件的目标状态
=> present, 检查文件是否存在,不存在则新建之
=> absent, 检查文件是否存在,存在则删除之
=> directory, 指定这是一个目录,不存在则创建

1.2 owner|user => root, 所属用户,也可以用UID

1.3 group => puppet, 所属用户组,也可以用GID

1.4 mode => 0644, 权限属性,四位八进制数

1.5 source => "puppet:///modules/ssh/etc/ssh/sshd_config" | source => "/etc/passwd" 文件获取地址,以puppet:///开头为从master下载,正常路径则在agent本地读取 
备注:"puppet://"等价于主配置文件puppet.config中的modulepath值

1.6 path => "/etc/postfix/main.cf",  文件完整路径。默认与title相同可不写
eg.
file { "main.cf":
  path => "/etc/postfix/main.cf",
}

1.7 content => "hello",|content => template("postfix/main.cf.erb"),  文件的具体内容,亦可由erb模板生成,选择这个可不写资源source

1.8 backup => 'main',| backup => ".$backup_date.bak", 节点更新之前上一个版本备份方式;backup => 'main',需要结合资源filebucket实现

1.9 recurse => '{true|false|inf|remote}', 对目录是(true)否(false)递归(ensure => directory时有效) 

1.10 puppet依赖关系资源有三个,分别为require,before,after
require => Class["mysql::install"], | require => Package["setup"],  当前资源或者类被要求的资源或者类所依赖,需要被要求的资源或者类先执行成功后在执行自己的资源或者类
before  在某个资源之前执行
package { "openssh-server":
...
  before => File["/etc/ssh/sshd_config"],
}

after 在某个资源之后执行
file {"/etc/ssh/sshd_config":
...
  after => Package["openssh-server"],
}

1.11 puppet触发更新有两个,分别为notify,subscribe,写的位置不同。
notify {"operatingsystem is $operatingsystem":  将输出内容记录到日志里面,可在调试的时候查看。
  withpath => true|false,  #是否打印全路径
}
notify => Class["mysql::service"], 当前类或者资源的文件被改动后通知服务重启。
subscribe => Class["ssh::config"], 该资源有更新时,通知另一个资源执行相应的动作。目前支持subscribe只有exec、service、mount

1.12 link软连接设置 /etc/file2 -> /etc/passwd
file{ "/etc/file2":
...
  ensure => link,
  target => "/etc/passwd",
}

1.13 purge => true  清理目录下面没有被资源被管理的文件都会被清除
force => true   和purge => true配合使用才能删除目录,mode => 0700保证具有删除权限
ignore => file|directory, 忽略某一个目录或者文件做任何操作

三、资源示例

1、示例一

1.1 实现功能
*要求从服务器指定路径下载motd文件
*要求文件权限为700,属组和属主都为puppet
*要求setup包在motd文件下载之前被安装

1.2 配置说明
class motd::motd {
  package{ setup:
    ensure  => present,
  }
  file{ "/etc/motd":
    owner   => "puppet",
    group   => "puppet",
    mode    => 0700,
    source  => "puppet://$puppetserver/modules/motd/etc/motd",
    require => Package["setup"],
  }

1.3 客户端agent1上测试
[root@agent1 ~]# puppet agent --test
info: Caching catalog for agent1.kisspuppet.com
info: Applying configuration version '1378193573'
notice: /File[/etc/motd]/ensure: defined content as '{md5}0acb622c16dbdecb670d8920d96bdd30'
notice: Finished catalog run in 0.41 seconds
[root@agent1 ~]# ll /etc/motd
-rwx------ 1 puppet puppet 82 Sep  3 15:33 /etc/motd

2、示例二

2.1 实现功能
*在节点上创建/etc/passwd的软连接为/etc/file2

2.2 配置说明
class motd::file2 {
  file{ "/etc/file2":
    owner  => "puppet",
    group  => "puppet",
    ensure => link,
    target => "/etc/passwd",
  }
}

2.3 客户端agent1上测试
[root@agent1 ~]# puppet agent --test
info: Caching catalog for agent1.kisspuppet.com
info: Applying configuration version '1378194373'
notice: /File[/etc/file2]/ensure: created
notice: Finished catalog run in 0.07 seconds
[root@agent1 ~]# ll /etc/file2
lrwxrwxrwx 1 puppet puppet 11 Sep  3 15:46 /etc/file2 -> /etc/passwd

3、示例三

3.1 实现功能
*在节点上创建/etc/dir1目录
*要求目录下面除了dir2外的所有目录及文件的权限为0700,所有者为puppet
*要求每次更新将"This is dir1!"写入日志里面

3.2 配置说明
class motd::dir1 {
  file{ "/etc/dir1":
    owner   => "puppet",
    group   => "puppet",
    mode    => 0700,
    ensure  => directory,
    recurse => true,
    purge   => true,
    force   => true,
    ignore  => "dir2",
  }
  notify { "This is dir1!":
#   withpath => true,
  }
}

3.3 客户端agent1上测试
[root@agent1 ~]# puppet agent --test
info: Caching catalog for agent1.kisspuppet.com
info: Applying configuration version '1378195554'
notice: This is dir1!
notice: /Stage[main]/Motd::Dir1/Notify[This is dir1!]/message: defined 'message' as 'This is dir1!'
notice: /File[/etc/dir1/dir3]/owner: owner changed 'root' to 'puppet'
notice: /File[/etc/dir1/dir3]/group: group changed 'root' to 'puppet'
notice: /File[/etc/dir1/dir3]/mode: mode changed '0755' to '0700'
notice: /File[/etc/dir1/dir3]/seluser: seluser changed 'root' to 'system_u'
notice: /File[/etc/dir1/dir3/file3]/owner: owner changed 'root' to 'puppet'
notice: /File[/etc/dir1/dir3/file3]/group: group changed 'root' to 'puppet'
notice: /File[/etc/dir1/dir3/file3]/mode: mode changed '0644' to '0700'
notice: /File[/etc/dir1/dir3/file3]/seluser: seluser changed 'root' to 'system_u'
notice: Finished catalog run in 0.11 seconds
[root@agent1 ~]# 
[root@agent1 ~]# 
[root@agent1 ~]# ll /etc/dir1/
total 16
drwxrwxrwx 2 puppet puppet 4096 Sep  3 16:00 dir2
drwx------ 2 puppet puppet 4096 Sep  3 16:06 dir3

4、示例四

4.1 实现功能
*在节点上创建/etc/dir2目录,权限为0700,所有者为puppet
*要求目录下面只允许有dir1目录,并且dir1目录及下一级目录或文件权限属性保持原有不变

4.2 配置说明
class motd::dir2 {
  file{ "/etc/dir2":
    owner   => "puppet",
    group   => "puppet",
    mode    => 0700,
    ensure  => directory,
    recurse => true,
    purge   => true,
    force   => true,
    ignore  => "dir1",
  }
}

4.3 客户端agent1上测试
[root@agent1 ~]# puppet agent --test
info: Retrieving plugin
info: Loading facts in /var/lib/puppet/lib/facter/my_apply2.rb
info: Loading facts in /var/lib/puppet/lib/facter/my_apply1.rb
info: Loading facts in /var/lib/puppet/lib/facter/my_apply3.rb
info: Loading facts in /var/lib/puppet/lib/facter/backup_date.rb
info: Caching catalog for agent1.kisspuppet.com
info: Applying configuration version '1378195951'
notice: /File[/etc/dir2]/ensure: created
notice: Finished catalog run in 0.05 seconds
[root@agent1 ~]# mkdir /etc/dir2/dir1
[root@agent1 ~]# mkdir /etc/dir2/dir2
[root@agent1 ~]# touch /etc/dir2/dir1/file1
[root@agent1 ~]# touch /etc/dir2/dir2/file2
[root@agent1 ~]# puppet agent --test
info: Retrieving plugin
info: Loading facts in /var/lib/puppet/lib/facter/my_apply2.rb
info: Loading facts in /var/lib/puppet/lib/facter/my_apply1.rb
info: Loading facts in /var/lib/puppet/lib/facter/my_apply3.rb
info: Loading facts in /var/lib/puppet/lib/facter/backup_date.rb
info: Caching catalog for agent1.kisspuppet.com
info: Applying configuration version '1378195951'
info: /File[/etc/dir2/dir2]: Recursively backing up to filebucket
info: FileBucket adding {md5}d41d8cd98f00b204e9800998ecf8427e
info: /File[/etc/dir2/dir2]: Filebucketed /etc/dir2/dir2/file2 to puppet with sum d41d8cd98f00b204e9800998ecf8427e
notice: /File[/etc/dir2/dir2]/ensure: removed
notice: Finished catalog run in 0.09 seconds
[root@agent1 ~]# ll /etc/dir2/
total 8
drwxr-xr-x 2 root root 4096 Sep  3 16:13 dir1
[root@agent1 ~]# 

欢迎puppet爱好者加入自动化运维交流总QQ群:296934942