日常情况下都是通过puppetmaster端进行推送变更,推送可以用MC实现,至于变更的回滚可以通过SVN活该Git辅助实现。
存在这样一种情况,在一个复杂的环境中,存在多个管理员,而你是负责变更推送的,他们只是做应用的,很多时候是需要登录系统权限的,有一次,一个管理员为了满足他的应用并没有告知给你,登录到系统之后,修改了一个配置文件,完后也没有保存,而这个配置文件恰恰是你这边puppetmaster管理的配置文件,在你做puppet推送之后,那个管理员的配置文件被还原了。而那个管理员发现应用出了问题,要求你给他还原,你如何做呢?
答案是可以通过filebucket功能完成,那么那么多机器,如何集中管理这些单版本呢。
1、首先定义filebucket模块
要求所有节点都将被修改的配置文件保存至本地的/puppet/version/hosts/${fact_certname}
,其中变量fact_cartname为获取的certname名自定义的fact变量,如何自定义fact可参考http://kisskisspuppet.com/2013/11/15/my-fact/
1
2
3
4
5
6
|
[root@linuxmaster1poc manifests]# cat site.pp
import
'nodes/*.pp'
$puppetserver = ‘puppetmaster.kisspuppet.com’
filebucket { ‘main’:
path =>
"/puppet/version/hosts/${fact_certname}"
,
}
|
备注:有以上模块之后,只要在file模块中添加backup => 'main',
,那么这个文件就会被保存到以上目录中。
2、定义clientbucketdir和bucketdir
参数clientbucketdir为当file模块中没有定义backup => 'main',
时被保存的路径,默认在/var/lib/puppet/clientbucket
参数bucketdir为使用puppet filebucket backup [file]
保存的路径
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
[root@linux57poc ~]# cat /etc/puppet/puppet.conf
[main]
user = puppet
group = puppet
var
dir = /
var
/lib/puppet
logdir = /
var
/log/puppet
rundir = /
var
/run/puppet
ssldir = $
var
dir/ssl
pluginsync =
true
clientbucketdir = /puppet/version/hosts/puppet_linux57poc.kisspuppet.com
bucketdir = /puppet/version/hosts/puppet_linux57poc.kisspuppet.com
[agent]
server = puppetmaster.kisspuppet.com
classfile = $
var
dir/classes.txt
localconfig = $
var
dir/localconfig
runinterval=
86400
report =
true
authconfig = /etc/puppet/namespaceauth.conf
usecacheonfailure =
false
certname = puppet_linux57poc.kisspuppet.com
environment = production
# listen =
true
# puppetport =
8139
# bindaddress =
192.168
.
100.125
|
3、file模块中添加 backup => 'main',
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
class
puppet_linux57poc{
include
puppet_linux57poc::motd,puppet_linux57poc::facts
}
class
puppet_linux57poc::motd{
package
{ setup:
ensure => present,
}
file{
"/etc/motd"
:
owner =>
"root"
,
group =>
"root"
,
mode =>
0400
,
content => template(
"puppet_linux57poc/motd.erb"
),
backup =>
'main'
,
require => Package[
"setup"
],
}
}
class
puppet_linux57poc::facts{
file{
"/etc/mcollective/facts.txt"
:
owner =>
"root"
,
group =>
"root"
,
mode =>
0400
,
content => template(
"puppet_linux57poc/facts.txt.erb"
),
backup =>
'main'
,
}
}
|
4、测试filebucket的恢复功能
修改节点被管理的配置文件/etc/motd,然后运行puppet命令还原
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
[root@linux57poc ~]# echo aa>>/etc/motd
[root@linux57poc ~]# puppet agent -t
info: Retrieving plugin
info: Loading facts
in
/
var
/lib/puppet/lib/facter/fact_apply.rb
info: Caching catalog
for
puppet_linux57poc.kisspuppet.com
info: Applying configuration version
'1386061716'
notice: /Stage[main]/Mcollective::Facter/File[/etc/mcollective/facts.yaml]/content:
--- /etc/mcollective/facts.yaml
2013
-
12
-
03
17
:
26
:
35.000000000
+
0800
+++ /tmp/puppet-file20131203-
14159
-i1qgrq-
0
2013
-
12
-
03
17
:
56
:
59.000000000
+
0800
@@ -
1
,
89
+
1
,
89
@@
。。。
info: FileBucket adding {md5}3997ee041b3277fda12dbd849fac47e7
info: /Stage[main]/Mcollective::Facter/File[/etc/mcollective/facts.yaml]: Filebucketed /etc/mcollective/facts.yaml to main
with
sum 3997ee041b3277fda12dbd849fac47e7
notice: /Stage[main]/Puppet_linux57poc::Motd/File[/etc/motd]/content:
--- /etc/motd
2013
-
12
-
03
17
:
56
:
49.000000000
+
0800
+++ /tmp/puppet-file20131203-
14159
-1c90psx-
0
2013
-
12
-
03
17
:
56
:
59.000000000
+
0800
@@ -
7
,
4
+
7
,
3
@@
rubyversion =
1.8
.
7
....................
------------------------------------------------
-aa
info: FileBucket adding {md5}6db65f0eb756ee96ef8e615e914fa0ee
info: /Stage[main]/Puppet_linux57poc::Motd/File[/etc/motd]: Filebucketed /etc/motd to main
with
sum 6db65f0eb756ee96ef8e615e914fa0ee
notice: /Stage[main]/Puppet_linux57poc::Motd/File[/etc/motd]/content: content changed
'{md5}6db65f0eb756ee96ef8e615e914fa0ee'
to
'{md5}7c6613a110541a050c8a8f51fc89dab2'
notice: Finished catalog run
in
0.69
seconds
|
可以看到/etc/motd
的MD5值从'6db65f0eb756ee96ef8e615e914fa0ee'
变成'7c6613a110541a050c8a8f51fc89dab2'
1
2
3
4
|
[root@linux57poc ~]# ll /puppet/version/hosts/puppet_linux57poc.kisspuppet.com/
6
/d/b/
6
/
5
/f/
0
/e/6db65f0eb756ee96ef8e615e914fa0ee/
total
8
-r--r-----
1
nfsnobody nfsnobody
311
Dec
3
17
:
56
contents
-rw-r-----
1
nfsnobody nfsnobody
10
Dec
3
17
:
56
paths
|
通过puppet filebucket恢复
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
[root@linux57poc ~]# puppet filebucket --local backup /etc/motd
/etc/motd: 6db65f0eb756ee96ef8e615e914fa0ee
[root@linux57poc ~]# ll /puppet/version/hosts/puppet_linux57poc.kisspuppet.com/
6
/d/b/
6
/
5
/f/
0
/e/6db65f0eb756ee96ef8e615e914fa0ee/
total
8
-r--r-----
1
nfsnobody nfsnobody
311
Dec
3
17
:
56
contents
-rw-r-----
1
nfsnobody nfsnobody
10
Dec
3
17
:
56
paths
[root@linux57poc ~]#
[root@linux57poc ~]# >/etc/motd
[root@linux57poc ~]# puppet filebucket --local restore /etc/motd 6db65f0eb756ee96ef8e615e914fa0ee
[root@linux57poc ~]# cat /etc/motd
------------a few of facter values-------------
myhostname = linux57poc
eth0_ip =
192.168
.
100.125
kernel =
2.6
.
18
-
274
.el5
system release = Red Hat Enterprise Linux Server release
5.7
(Tikanga)
puppetversion =
2.7
.
23
rubyversion =
1.8
.
7
....................
------------------------------------------------
aa
[root@linux57poc ~]#
|
如何集中管理呢,可以将所有节点那个目录挂在到一台服务器上,这样就集中了,然后可以通过扫描命令进行查看
1
2
3
4
5
|
[root@linuxreportpoc ~]# ll /puppet/version/hosts
total
12
drwxr-x---
12
nfsnobody nfsnobody
4096
Dec
3
17
:
56
puppet_linux57poc.kisspuppet.com
drwxr-x---
10
nfsnobody nfsnobody
4096
Dec
3
17
:
08
puppet_linux58poc.kisspuppet.com
drwxr-x---
11
nfsnobody nfsnobody
4096
Dec
3
17
:
09
puppet_linux64poc.kisspuppet.com
|