Puppet 指令參數介紹
前言:
Puppet的工作原理:
puppet master啟動預設是監聽tcp協定的8140端口.通過ruby的webrick web接收agent端的請求,根據請求内容與master的統一接口檔案site.pp檔案比對,将比對到的主機資源編譯成catalog向agent分發,agent接收到請求後在本地應用.
Puppet 指令分為獨立指令和內建指令,puppet3.0版本後就沒有了獨立指令,內建指令也是未來的一個趨勢,是以隻寫puppet內建指令.
通常檢視幫助都知道使用-h,檢視puppet 指令幫助也一樣.
puppet 指令參數:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
<code>[root@puppet puppet]</code><code># puppet help</code>
<code>Usage: puppet <subcommand> [options] <action> [options]</code>
<code>Available subcommands:</code>
<code> </code>
<code> </code><code>agent The puppet agent daemon </code><code>#puppet agent守護程序</code>
<code> </code><code>apply Apply Puppet manifests locally </code><code>#應用puppet資源清單</code>
<code> </code><code>ca Local Puppet Certificate Authority management. </code><code>#管理本地puppet證書</code>
<code> </code><code>catalog Compile, save, view, and convert catalogs. </code><code>#編譯,儲存,檢視,轉換catalog</code>
<code> </code><code>cert Manage certificates and requests </code><code>#管理puppet認證</code>
<code> </code><code>certificate Provide access to the CA </code><code>for</code> <code>certificate management. </code><code>#提供CA憑證接入管理</code>
<code> </code><code>certificate_request Manage certificate requests. </code><code>#管理證書請求</code>
<code> </code><code>certificate_revocation_list Manage the list of revoked certificates. </code><code>#顯示删除證書清單</code>
<code> </code><code>config Interact with Puppet's settings. </code><code>#puppet 配置選項</code>
<code> </code><code>describe Display help about resource types </code><code>#顯示資源類型幫助</code>
<code> </code><code>device Manage remote network devices </code><code>#管理遠端網絡裝置</code>
<code> </code><code>doc Generate Puppet documentation and references </code><code>#puppet 文檔生成和引用工具</code>
<code> </code><code>facts Retrieve and store facts. </code><code>#存儲facts傳回資訊</code>
<code> </code><code>file</code> <code>Retrieve and store files </code><code>in</code> <code>a filebucket </code><code>#在filebucket中檔案個數和存儲檔案</code>
<code> </code><code>filebucket Store and retrieve files </code><code>in</code> <code>a filebucket </code><code>#檔案恢複與還原</code>
<code> </code><code>help Display Puppet help. </code><code>#顯示puppet 幫助資訊</code>
<code> </code><code>inspect Send an inspection report </code><code>#發送檢查報告的</code>
<code> </code><code>instrumentation_data Manage instrumentation listener accumulated data. DEPRECATED. </code><code>#管理監聽資料</code>
<code> </code><code>instrumentation_listener Manage instrumentation listeners. DEPRECATED. </code><code>#管理監聽狀态</code>
<code> </code><code>instrumentation_probe Manage instrumentation probes. Deprecated </code><code>#管理監聽探測</code>
<code> </code><code>key Create, save, and remove certificate keys.</code><code>#建立,儲存,删除證書秘鑰檔案</code>
<code> </code><code>kick Remotely control puppet agent </code><code>#puppet agent主動更新</code>
<code> </code><code>man</code> <code>Display Puppet manual pages. </code><code>#顯示puppet 幫助頁</code>
<code> </code><code>master The puppet master daemon </code><code>#puppet master守護程序</code>
<code> </code><code>module Creates, installs and searches </code><code>for</code> <code>modules on the Puppet Forge. </code><code>#通過puppet forge建立,安裝,搜尋子產品</code>
<code> </code><code>node View and manage node definitions. </code><code>#檢視和管理節點</code>
<code> </code><code>parser Interact directly with the parser. </code><code>#*.pp檔案文法檢查指令</code>
<code> </code><code>plugin Interact with the Puppet plugin system. </code><code>#插件管理</code>
<code> </code><code>queue Deprecated queuing daemon </code><code>for</code> <code>asynchronous storeconfigs </code><code>#puppet隊列</code>
<code> </code><code>report Create, display, and submit reports. </code><code>#建立,顯示,送出報告</code>
<code> </code><code>resource The resource abstraction layer shell </code><code>#資源RAL,僅供API使用</code>
<code> </code><code>resource_type View classes, defined resource types, and nodes from all manifests. </code><code>#檢視類、預設資源與來自manifests的節點資訊.</code>
<code> </code><code>secret_agent Mimics puppet agent. </code><code>#模拟agent</code>
<code> </code><code>status View puppet server status. </code><code>#檢視服務狀态</code>
<code>See </code><code>'puppet help <subcommand> <action>'</code> <code>for</code> <code>help on a specific subcommand action.</code>
<code>See </code><code>'puppet help <subcommand>'</code> <code>for</code> <code>help on a specific subcommand.</code>
<code>Puppet v3.8.7</code>
puppet master 指令參數:(注釋部分過多就不貼出來了,挑主要的)
<code>[root@puppet puppet]</code><code># puppet master --help</code>
<code>* --daemonize: </code><code>#将程序發送到背景運作,是master預設參數</code>
<code> </code><code>Send the process into the background. This is the default.</code>
<code> </code><code>(This is a Puppet setting, and can go </code><code>in</code> <code>puppet.conf. Note the special </code><code>'no-'</code>
<code> </code><code>prefix </code><code>for</code> <code>boolean settings on the </code><code>command</code> <code>line.)</code>
<code>* --no-daemonize: </code><code>#将啟動程序輸出資訊發送到标準輸出,簡單了解不打到背景運作</code>
<code> </code><code>Do not send the process into the background.</code>
<code>* --debug:</code><code>#debug模式</code>
<code> </code><code>Enable full debugging.</code>
<code>* --help: </code><code>#幫助資訊</code>
<code> </code><code>Print this help message.</code>
<code>* --logdest: </code><code>#指定輸出日志的路徑和檔案名,可以選擇系統log和控制終端或者指定路徑,預設為控制終端.</code>
<code> </code><code>Where to send log messages. Choose between </code><code>'syslog'</code> <code>(the POSIX syslog</code>
<code> </code><code>service), </code><code>'console'</code><code>, or the path to a log </code><code>file</code><code>. If debugging or verbosity is</code>
<code> </code><code>enabled, this defaults to </code><code>'console'</code><code>. Otherwise, it defaults to </code><code>'syslog'</code><code>.</code>
<code> </code><code>A path ending with </code><code>'.json'</code> <code>will receive structured output </code><code>in</code> <code>JSON </code><code>format</code><code>. The</code>
<code> </code><code>log </code><code>file</code> <code>will not have an ending </code><code>']'</code> <code>automatically written to it due to the</code>
<code> </code><code>appending nature of logging. It must be appended manually to </code><code>make</code> <code>the content</code>
<code> </code><code>valid JSON.</code>
<code>* --masterport: </code><code>#Master自定義端口.</code>
<code> </code><code>The port on </code><code>which</code> <code>to listen </code><code>for</code> <code>traffic.</code>
<code> </code><code>(This is a Puppet setting, and can go </code><code>in</code> <code>puppet.conf.)</code>
<code>* --verbose: </code><code>#輸出擴充資訊</code>
<code> </code><code>Enable verbosity.</code>
<code>* --version: </code><code>#顯示Master版本資訊</code>
<code> </code><code>Print the puppet version number and </code><code>exit</code><code>.</code>
<code>* --compile: </code><code>#編譯後的catalog以json的格式輸出到 $vardir/yaml/目錄,</code>
<code> </code><code>Compile a catalogue and output it </code><code>in</code> <code>JSON from the puppet master. Uses</code>
<code> </code><code>facts contained </code><code>in</code> <code>the $vardir</code><code>/yaml/</code> <code>directory to compile the catalog.</code>
Puppet agent參數:
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
<code>[root@puppet puppet]</code><code># puppet agent --help</code>
<code>#</code>
<code>* --certname: </code><code>#指定用戶端certname(唯一ID),通常以域名命名</code>
<code> </code><code>Set the certname (unique ID) of the client. The master reads this</code>
<code> </code><code>unique identifying string, </code><code>which</code> <code>is usually </code><code>set</code> <code>to the node's</code>
<code> </code><code>fully-qualified domain name, to determine </code><code>which</code> <code>configurations the</code>
<code> </code><code>node will receive. Use this option to debug setup problems or</code>
<code> </code><code>implement unusual node identification schemes.</code>
<code>* --daemonize: </code><code>#啟動程序發送到背景守護程序,預設選項</code>
<code>* --no-daemonize: </code><code>#不發送到背景守護程序</code>
<code>* --debug: </code><code>#debug調試模式</code>
<code>* --detailed-exitcodes: </code><code>#提供詳細的退出代碼</code>
<code> </code><code>Provide transaction information via </code><code>exit</code> <code>codes. If this is enabled, an </code><code>exit</code>
<code> </code><code>code of </code><code>'2'</code> <code>means there were changes, an </code><code>exit</code> <code>code of </code><code>'4'</code> <code>means there were</code>
<code> </code><code>failures during the transaction, and an </code><code>exit</code> <code>code of </code><code>'6'</code> <code>means there were both</code>
<code> </code><code>changes and failures.</code>
<code>* --digest: </code><code>#指定證書指紋算法,預設為md5</code>
<code> </code><code>Change the certificate fingerprinting digest algorithm. The default is</code>
<code> </code><code>SHA256. Valid values depends on the version of OpenSSL installed, but</code>
<code> </code><code>will likely contain MD5, MD2, SHA1 and SHA256.</code>
<code>* --disable: </code><code>#禁用puppet agent 在此節點執行,agent的守護程序還是運作的,隻是此節點不去master同步配置了.</code>
<code> </code><code>Disable working on the </code><code>local</code> <code>system. This puts a lock </code><code>file</code> <code>in</code> <code>place,</code>
<code> </code><code>causing </code><code>'puppet agent'</code> <code>not to work on the system </code><code>until</code> <code>the lock </code><code>file</code>
<code> </code><code>is removed. This is useful </code><code>if</code> <code>you are testing a configuration and </code><code>do</code>
<code> </code><code>not want the central configuration to override the </code><code>local</code> <code>state </code><code>until</code>
<code> </code><code>everything is tested and committed.</code>
<code> </code><code>Disable can also take an optional message that will be reported by the</code>
<code> </code><code>'puppet agent'</code> <code>at the next disabled run.</code>
<code> </code><code>'puppet agent'</code> <code>uses the same lock </code><code>file</code> <code>while</code> <code>it is running, so no </code><code>more</code>
<code> </code><code>than one </code><code>'puppet agent'</code> <code>process is working at a </code><code>time</code><code>.</code>
<code> </code><code>'puppet agent'</code> <code>exits after executing this.</code>
<code>* --</code><code>enable</code><code>: </code><code>#啟用,允許執行puppet agent -t 同步配置.</code>
<code> </code><code>Enable working on the </code><code>local</code> <code>system. This removes any lock </code><code>file</code><code>,</code>
<code> </code><code>causing </code><code>'puppet agent'</code> <code>to start managing the </code><code>local</code> <code>system again</code>
<code> </code><code>(although it will </code><code>continue</code> <code>to use its normal scheduling, so it might</code>
<code> </code><code>not start </code><code>for</code> <code>another half hour).</code>
<code>* --fingerprint: </code><code>#顯示目前證書的指紋</code>
<code> </code><code>Display the current certificate or certificate signing request</code>
<code> </code><code>fingerprint and </code><code>then</code> <code>exit</code><code>. Use the </code><code>'--digest'</code> <code>option to change the</code>
<code> </code><code>digest algorithm used.</code>
<code>* --help:</code>
<code> </code><code>Print this help message</code>
<code>* --logdest: </code><code>#日志發送方式,預設采用syslog配置</code>
<code> </code><code>service), </code><code>'eventlog'</code> <code>(the Windows Event Log), </code><code>'console'</code><code>, or the path to a log</code>
<code> </code><code>file</code><code>. If debugging or verbosity is enabled, this defaults to </code><code>'console'</code><code>.</code>
<code> </code><code>Otherwise, it defaults to </code><code>'syslog'</code> <code>on POSIX systems and </code><code>'eventlog'</code> <code>on Windows.</code>
<code>* --masterport: </code><code>#指令puppet端口的</code>
<code> </code><code>The port on </code><code>which</code> <code>to contact the puppet master.</code>
<code>* --no-client: </code><code>#不要建立用戶端配置檔案,當listen=true 時才有意義</code>
<code> </code><code>Do not create a config client. This will cause the daemon to start</code>
<code> </code><code>but not check configuration unless it is triggered with `puppet</code>
<code> </code><code>kick`. This only makes sense when puppet agent is being run with</code>
<code> </code><code>listen = </code><code>true</code> <code>in</code> <code>puppet.conf or was started with the `--listen` option.</code>
<code>* --noop: </code><code>#使用'noop'模式,僅運作測試,catalog不在agent端應用.</code>
<code> </code><code>Use </code><code>'noop'</code> <code>mode where the daemon runs </code><code>in</code> <code>a no-</code><code>op</code> <code>or dry-run mode. This</code>
<code> </code><code>is useful </code><code>for</code> <code>seeing what changes Puppet will </code><code>make</code> <code>without actually</code>
<code> </code><code>executing the changes.</code>
<code>* --onetime: </code><code>#運作一次,配合--no-daemonize使用</code>
<code> </code><code>Run the configuration once. Runs a single (normally daemonized) Puppet</code>
<code> </code><code>run. Useful </code><code>for</code> <code>interactively running puppet agent when used </code><code>in</code>
<code> </code><code>conjunction with the --no-daemonize option.</code>
<code>* --</code><code>test</code><code>: </code><code>#測試,但是會在本地應用catalog</code>
<code> </code><code>Enable the most common options used </code><code>for</code> <code>testing. These are </code><code>'onetime'</code><code>,</code>
<code> </code><code>'verbose'</code><code>, </code><code>'ignorecache'</code><code>, </code><code>'no-daemonize'</code><code>, </code><code>'no-usecacheonfailure'</code><code>,</code>
<code> </code><code>'detailed-exitcodes'</code><code>, </code><code>'no-splay'</code><code>, and </code><code>'show_diff'</code><code>.</code>
<code>* --verbose: </code><code>#顯示puppet擴充資訊</code>
<code> </code><code>Turn on verbose reporting.</code>
<code>* --version: </code><code>#顯示puppet版本資訊</code>
<code>* --waitforcert: </code><code>#agent向master證書認證等待時間,預設為agent2分鐘向master請求一次,如果設為0,表示不等待.</code>
<code> </code><code>This option only matters </code><code>for</code> <code>daemons that </code><code>do</code> <code>not yet have certificates</code>
<code> </code><code>and it is enabled by default, with a value of 120 (seconds). This</code>
<code> </code><code>causes </code><code>'puppet agent'</code> <code>to connect to the server every 2 minutes and ask</code>
<code> </code><code>it to sign a certificate request. This is useful </code><code>for</code> <code>the initial setup</code>
<code> </code><code>of a puppet client. You can turn off waiting </code><code>for</code> <code>certificates by</code>
<code> </code><code>specifying a </code><code>time</code> <code>of 0.</code>
Agent端嘗試運作玩玩,沒有資源也可以運作:
<code>[root@sh-proxy2 ~]</code><code># puppet agent -t</code>
<code>Info: Retrieving pluginfacts</code>
<code>Info: Retrieving plugin</code>
<code>Info: Caching catalog </code><code>for</code> <code>sh-proxy2.localdomain</code>
<code>Info: Applying configuration version </code><code>'1504617222'</code>
<code>Notice: Finished catalog run </code><code>in</code> <code>0.02 seconds</code>
注釋:如果有資源可以看到整個資源的更改,和是否運作成功.目前隻能看到通路Master的耗時.
注意:Agent的運作方式有兩種:1)指令直接連接配接master做更新.2)守護程序運作,每30分鐘檢測更新(這個時間自己可以設定).公司的生産直接将puppet agent -t 加到crontab計劃任務做更新(參考借鑒).
舉例:
<code>[root@sh-proxy2 ~]</code><code># crontab -l</code>
<code>28,58 * * * * </code><code>/usr/bin/puppet</code> <code>agent -t &></code><code>/dev/null</code>
舉例:agent服務并沒donw,但是agent端也不能從master更新資源.使用--enable開啟,再使用puppet agent -t繼續更新資源.
<code>[root@sh-proxy2 ~]</code><code># puppet agent --disable</code>
<code>[root@sh-proxy2 ~]</code><code># /etc/init.d/puppet status</code>
<code>puppet (pid 37949) is running...</code>
<code>Notice: Skipping run of Puppet configuration client; administratively disabled (Reason: </code><code>'reason not specified'</code><code>);</code>
<code>Use </code><code>'puppet agent --enable'</code> <code>to re-</code><code>enable</code><code>.</code>
本文轉自青衫解衣 51CTO部落格,原文連結:http://blog.51cto.com/215687833/1963179
![json擷取資料的三種方式[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)