puppet交流網站 www.kisspuppet.com
日常情況下都是通過puppetmaster端進行推送變更,推送可以用MC實作,至于變更的復原可以通過SVN活該Git輔助實作。
存在這樣一種情況,在一個複雜的環境中,存在多個管理者,而你是負責變更推送的,他們隻是做應用的,很多時候是需要登入系統權限的,有一次,一個管理者為了滿足他的應用并沒有告知給你,登入到系統之後,修改了一個配置檔案,完後也沒有儲存,而這個配置檔案恰恰是你這邊puppetmaster管理的配置檔案,在你做puppet推送之後,那個管理者的配置檔案被還原了。而那個管理者發現應用出了問題,要求你給他還原,你如何做呢?
答案是可以通過filebucket功能完成,那麼那麼多機器,如何集中管理這些單版本呢。
1、首先定義filebucket子產品
要求所有節點都将被修改的配置檔案儲存至本地的
/puppet/version/hosts/${fact_certname}
,其中變量fact_cartname為擷取的certname名自定義的fact變量,如何自定義fact可參考http://kisskisspuppet.com/2013/11/15/my-fact/
[root@linuxmaster1poc manifests]# cat site.pp
import 'nodes/*.pp'
$puppetserver = ‘puppetmaster.kisspuppet.com’
filebucket { ‘main’:
path => "/puppet/version/hosts/${fact_certname}",
} 備注:有以上子產品之後,隻要在file子產品中添加
backup => 'main',
,那麼這個檔案就會被儲存到以上目錄中。
2、定義clientbucketdir和bucketdir
參數clientbucketdir為當file子產品中沒有定義
backup => 'main',
時被儲存的路徑,預設在
/var/lib/puppet/clientbucket
參數bucketdir為使用
puppet filebucket backup [file]
儲存的路徑
[root@linux57poc ~]# cat /etc/puppet/puppet.conf
[main]
user = puppet
group = puppet
vardir = /var/lib/puppet
logdir = /var/log/puppet
rundir = /var/run/puppet
ssldir = $vardir/ssl
pluginsync = true
clientbucketdir = /puppet/version/hosts/puppet_linux57poc.kisspuppet.com
bucketdir = /puppet/version/hosts/puppet_linux57poc.kisspuppet.com
[agent]
server = puppetmaster.kisspuppet.com
classfile = $vardir/classes.txt
localconfig = $vardir/localconfig
runinterval=86400
report = true
authconfig = /etc/puppet/namespaceauth.conf
usecacheonfailure = false
certname = puppet_linux57poc.kisspuppet.com
environment = production
# listen = true
# puppetport = 8139
# bindaddress = 192.168.100.125 3、file子產品中添加
backup => 'main',
class puppet_linux57poc{
include puppet_linux57poc::motd,puppet_linux57poc::facts
}
class puppet_linux57poc::motd{
package{ setup:
ensure => present,
}
file{ "/etc/motd":
owner => "root",
group => "root",
mode => 0400,
content => template("puppet_linux57poc/motd.erb"),
backup => 'main',
require => Package["setup"],
}
}
class puppet_linux57poc::facts{
file{ "/etc/mcollective/facts.txt":
owner => "root",
group => "root",
mode => 0400,
content => template("puppet_linux57poc/facts.txt.erb"),
backup => 'main',
}
} 4、測試filebucket的恢複功能
修改節點被管理的配置檔案/etc/motd,然後運作puppet指令還原
[root@linux57poc ~]# echo aa>>/etc/motd
[root@linux57poc ~]# puppet agent -t
info: Retrieving plugin
info: Loading facts in /var/lib/puppet/lib/facter/fact_apply.rb
info: Caching catalog for puppet_linux57poc.kisspuppet.com
info: Applying configuration version '1386061716'
notice: /Stage[main]/Mcollective::Facter/File[/etc/mcollective/facts.yaml]/content:
--- /etc/mcollective/facts.yaml 2013-12-03 17:26:35.000000000 +0800
+++ /tmp/puppet-file20131203-14159-i1qgrq-0 2013-12-03 17:56:59.000000000 +0800
@@ -1,89 +1,89 @@
。。。
info: FileBucket adding {md5}3997ee041b3277fda12dbd849fac47e7
info: /Stage[main]/Mcollective::Facter/File[/etc/mcollective/facts.yaml]: Filebucketed /etc/mcollective/facts.yaml to main with sum 3997ee041b3277fda12dbd849fac47e7
notice: /Stage[main]/Puppet_linux57poc::Motd/File[/etc/motd]/content:
--- /etc/motd 2013-12-03 17:56:49.000000000 +0800
+++ /tmp/puppet-file20131203-14159-1c90psx-0 2013-12-03 17:56:59.000000000 +0800
@@ -7,4 +7,3 @@
rubyversion = 1.8.7
....................
------------------------------------------------
-aa
info: FileBucket adding {md5}6db65f0eb756ee96ef8e615e914fa0ee
info: /Stage[main]/Puppet_linux57poc::Motd/File[/etc/motd]: Filebucketed /etc/motd to main with sum 6db65f0eb756ee96ef8e615e914fa0ee
notice: /Stage[main]/Puppet_linux57poc::Motd/File[/etc/motd]/content: content changed '{md5}6db65f0eb756ee96ef8e615e914fa0ee' to '{md5}7c6613a110541a050c8a8f51fc89dab2'
notice: Finished catalog run in 0.69 seconds 可以看到
/etc/motd
的MD5值從
'6db65f0eb756ee96ef8e615e914fa0ee'
變成
'7c6613a110541a050c8a8f51fc89dab2'
[root@linux57poc ~]# ll /puppet/version/hosts/puppet_linux57poc.kisspuppet.com/6/d/b/6/5/f/0/e/6db65f0eb756ee96ef8e615e914fa0ee/
total 8
-r--r----- 1 nfsnobody nfsnobody 311 Dec 3 17:56 contents
-rw-r----- 1 nfsnobody nfsnobody 10 Dec 3 17:56 paths [root@linux57poc ~]# puppet filebucket --local backup /etc/motd
/etc/motd: 6db65f0eb756ee96ef8e615e914fa0ee
[root@linux57poc ~]# ll /puppet/version/hosts/puppet_linux57poc.kisspuppet.com/6/d/b/6/5/f/0/e/6db65f0eb756ee96ef8e615e914fa0ee/
total 8
-r--r----- 1 nfsnobody nfsnobody 311 Dec 3 17:56 contents
-rw-r----- 1 nfsnobody nfsnobody 10 Dec 3 17:56 paths
[root@linux57poc ~]#
[root@linux57poc ~]# >/etc/motd
[root@linux57poc ~]# puppet filebucket --local restore /etc/motd 6db65f0eb756ee96ef8e615e914fa0ee
[root@linux57poc ~]# cat /etc/motd
------------a few of facter values-------------
myhostname = linux57poc
eth0_ip = 192.168.100.125
kernel = 2.6.18-274.el5
system release = Red Hat Enterprise Linux Server release 5.7 (Tikanga)
puppetversion = 2.7.23
rubyversion = 1.8.7
....................
------------------------------------------------
aa
[root@linux57poc ~]# [root@linuxreportpoc ~]# ll /puppet/version/hosts
total 12
drwxr-x--- 12 nfsnobody nfsnobody 4096 Dec 3 17:56 puppet_linux57poc.kisspuppet.com
drwxr-x--- 10 nfsnobody nfsnobody 4096 Dec 3 17:08 puppet_linux58poc.kisspuppet.com
drwxr-x--- 11 nfsnobody nfsnobody 4096 Dec 3 17:09 puppet_linux64poc.kisspuppet.com ![《Puppet實戰手冊》——導讀[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)