检查语法错误
puppet parser validate xx.pp
在客户端测试但是不应用
puppet agent --test --noop
基于安全的考虑,使用预签名证书
puppet cert --generate <hostname>
1 使用如下命令为 client1.example.com 生成预签名证书: 2 3 puppet cert --generate client1.example.com 4 Puppet 现在将为客户端 client1.example.com 生成并签署客户端证书。 5 6 传输三个所需的文件到新的客户端:包括客户端私钥、客户端证书和 CA 证书。 这三个文件位于: 7 8 /etc/puppet/ssl/private_keys/client1.example.com.pem 9 /etc/puppet/ssl/certs/client1.example.com.pem 10 /etc/puppet/ssl/certs/ca.pem 11 复制上述三个文件到客户端相应的目录下,Puppet 会自动进行身份验证从而省略证书请求这一步骤。 值得注意的是 Puppet 的 SSL 证书的位置依赖于 puppet.conf 中的 ssldir 设置。
查看帮助
puppet --help #很重要,可以了解puppet的语法,使用
1 [root@agent1 src]# puppet help 2 3 Usage: puppet <subcommand> [options] <action> [options] 4 5 Available subcommands: 6 7 agent The puppet agent daemon 8 apply Apply Puppet manifests locally 9 ca Local Puppet Certificate Authority management. 10 catalog Compile, save, view, and convert catalogs. 11 cert Manage certificates and requests 12 certificate Provide access to the CA for certificate management. 13 certificate_request Manage certificate requests. 14 certificate_revocation_list Manage the list of revoked certificates. 15 config Interact with Puppet's settings. 16 describe Display help about resource types 17 device Manage remote network devices 18 doc Generate Puppet documentation and references 19 facts Retrieve and store facts. 20 file Retrieve and store files in a filebucket 21 filebucket Store and retrieve files in a filebucket 22 help Display Puppet help. 23 inspect Send an inspection report 24 instrumentation_data Manage instrumentation listener accumulated data. DEPRECATED. 25 instrumentation_listener Manage instrumentation listeners. DEPRECATED. 26 instrumentation_probe Manage instrumentation probes. Deprecated 27 key Create, save, and remove certificate keys. 28 kick Remotely control puppet agent 29 man Display Puppet manual pages. 30 master The puppet master daemon 31 module Creates, installs and searches for modules on the Puppet Forge. 32 node View and manage node definitions. 33 parser Interact directly with the parser. 34 plugin Interact with the Puppet plugin system. 35 queue Deprecated queuing daemon for asynchronous storeconfigs 36 report Create, display, and submit reports. 37 resource The resource abstraction layer shell 38 resource_type View classes, defined resource types, and nodes from all manifests. 39 secret_agent Mimics puppet agent. 40 status View puppet server status. 41 42 See 'puppet help <subcommand> <action>' for help on a specific subcommand action. 43 See 'puppet help <subcommand>' for help on a specific subcommand.
Puppet 的 filebucket备份
1,通常使用的办法(官方教材)
1 cat /etc/puppet/manifests/site.pp 2 filebucket { 'main': 3 path => false, # This is required for remote filebuckets.#只在server端备份,client不备份 4 server => 'puppet.example.com', # Optional; defaults to the configured puppet master. 5 } 6 7 File { backup => main, } #全局生效Puppet 对所有的文件执行这样的默认备份策略
说明下path The path to the local filebucket; defaults to the value of the clientbucketdir setting. To use a remote filebucket, you must set this attribute to false. path默认是在client里 默认备份是在/var/lib/puppet/clientbucket/里,加上path=false是说明备份在server端
2自定义备份在当前目录下
如下这样在定义文件服务的时候加个:
1 file { "/etc/sudoers": 2 mode => "440", 3 source => "puppet:///modules/admin/sudoers", 4 backup => ".bak", #增加的 5 }
同步后。就会在client端原始目录下创建备份文件
3 什么也不配置,会在client端生成备份文件在/var/lib/puppet/clientbucket/
[root@agent1 ~]# ls -l /var/lib/puppet/clientbucket/d/4/1/d/8/c/d/9/d41d8cd98f00b204e9800998ecf8427e/ total 4 -r--r-----. 1 root root 0 Jan 9 21:45 contents -rw-r-----. 1 root root 10 Jan 9 21:45 paths
简单说下:
contens 文件的内容即为原始文件,paths 文件的内容即为原始文件的路径。
对于第三种情况下的恢复
创建检索filebucket
1 find /var/lib/puppet/clientbucket -name paths -exec cat {} ; -execdir pwd ; -exec date +"%F %T" ; -exec echo ;
会查找出所有的备份文件
1 /etc/sudoers 2 /var/lib/puppet/clientbucket/c/0/7/d/0/a/a/2/ 3 c07d0aa2d43d58ea7b5c5307f532a0b1 4 2010-12-27 07:13:21 5 6 /etc/sudoers 7 /var/lib/puppet/clientbucket/1/0/9/0/e/2/8/a/1090e28a70ebaae872c2e 8 c78894f49eb 9 2010-12-27 07:12:20