Puppet 命令參數介紹(三)
阿新 • • 發佈:2017-09-06
puppet 命令參數介紹 (三)
Puppet 命令參數介紹
前言:
Puppet的工作原理:
puppet master啟動默認是監聽tcp協議的8140端口.通過ruby的webrick web接收agent端的請求,根據請求內容與master的統一接口文件site.pp文件匹配,將匹配到的主機資源編譯成catalog向agent分發,agent接收到請求後在本地應用.
Puppet 命令分為獨立命令和集成命令,puppet3.0版本後就沒有了獨立命令,集成命令也是未來的一個趨勢,所以只寫puppet集成命令.
通常查看幫助都知道使用-h,查看puppet 命令幫助也一樣.
puppet 命令參數:
[[email protected] puppet]# puppet help Usage: puppet <subcommand> [options] <action> [options] Available subcommands: agent The puppet agent daemon #puppet agent守護進程 apply Apply Puppet manifests locally #應用puppet資源清單 ca Local Puppet Certificate Authority management. #管理本地puppet證書 catalog Compile, save, view, and convert catalogs. #編譯,保存,查看,轉換catalog cert Manage certificates and requests #管理puppet認證 certificate Provide access to the CA for certificate management. #提供CA證書接入管理 certificate_request Manage certificate requests. #管理證書請求 certificate_revocation_list Manage the list of revoked certificates. #顯示刪除證書列表 config Interact with Puppet‘s settings. #puppet 配置選項 describe Display help about resource types #顯示資源類型幫助 device Manage remote network devices #管理遠程網絡設備 doc Generate Puppet documentation and references #puppet 文檔生成和引用工具 facts Retrieve and store facts. #存儲facts返回信息 file Retrieve and store files in a filebucket #在filebucket中文件個數和存儲文件 filebucket Store and retrieve files in a filebucket #文件恢復與還原 help Display Puppet help. #顯示puppet 幫助信息 inspect Send an inspection report #發送檢查報告的 instrumentation_data Manage instrumentation listener accumulated data. DEPRECATED. #管理監聽數據 instrumentation_listener Manage instrumentation listeners. DEPRECATED. #管理監聽狀態 instrumentation_probe Manage instrumentation probes. Deprecated #管理監聽探測 key Create, save, and remove certificate keys.#創建,保存,刪除證書秘鑰文件 kick Remotely control puppet agent #puppet agent主動更新 man Display Puppet manual pages. #顯示puppet 幫助頁 master The puppet master daemon #puppet master守護進程 module Creates, installs and searches for modules on the Puppet Forge. #通過puppet forge創建,安裝,搜索模塊 node View and manage node definitions. #查看和管理節點 parser Interact directly with the parser. #*.pp文件語法檢查命令 plugin Interact with the Puppet plugin system. #插件管理 queue Deprecated queuing daemon for asynchronous storeconfigs #puppet隊列 report Create, display, and submit reports. #創建,顯示,提交報告 resource The resource abstraction layer shell #資源RAL,僅供API使用 resource_type View classes, defined resource types, and nodes from all manifests. #查看類、默認資源與來自manifests的節點信息. secret_agent Mimics puppet agent. #模擬agent status View puppet server status. #查看服務狀態 See ‘puppet help <subcommand> <action>‘ for help on a specific subcommand action. See ‘puppet help <subcommand>‘ for help on a specific subcommand. Puppet v3.8.7
puppet master 命令參數:(註釋部分過多就不貼出來了,挑主要的)
[[email protected] puppet]# puppet master --help * --daemonize: #將進程發送到後臺運行,是master默認參數 Send the process into the background. This is the default. (This is a Puppet setting, and can go in puppet.conf. Note the special ‘no-‘ prefix for boolean settings on the command line.) * --no-daemonize: #將啟動進程輸出信息發送到標準輸出,簡單理解不打到後臺運行 Do not send the process into the background. (This is a Puppet setting, and can go in puppet.conf. Note the special ‘no-‘ prefix for boolean settings on the command line.) * --debug:#debug模式 Enable full debugging. * --help: #幫助信息 Print this help message. * --logdest: #指定輸出日誌的路徑和文件名,可以選擇系統log和控制終端或者指定路徑,默認為控制終端. Where to send log messages. Choose between ‘syslog‘ (the POSIX syslog service), ‘console‘, or the path to a log file. If debugging or verbosity is enabled, this defaults to ‘console‘. Otherwise, it defaults to ‘syslog‘. A path ending with ‘.json‘ will receive structured output in JSON format. The log file will not have an ending ‘]‘ automatically written to it due to the appending nature of logging. It must be appended manually to make the content valid JSON. * --masterport: #Master自定義端口. The port on which to listen for traffic. (This is a Puppet setting, and can go in puppet.conf.) * --verbose: #輸出擴展信息 Enable verbosity. * --version: #顯示Master版本信息 Print the puppet version number and exit. * --compile: #編譯後的catalog以json的格式輸出到 $vardir/yaml/目錄, Compile a catalogue and output it in JSON from the puppet master. Uses facts contained in the $vardir/yaml/ directory to compile the catalog.
Puppet agent參數:
[[email protected] puppet]# puppet agent --help # * --certname: #指定客戶端certname(唯一ID),通常以域名命名 Set the certname (unique ID) of the client. The master reads this unique identifying string, which is usually set to the node‘s fully-qualified domain name, to determine which configurations the node will receive. Use this option to debug setup problems or implement unusual node identification schemes. (This is a Puppet setting, and can go in puppet.conf.) * --daemonize: #啟動進程發送到後臺守護進程,默認選項 Send the process into the background. This is the default. (This is a Puppet setting, and can go in puppet.conf. Note the special ‘no-‘ prefix for boolean settings on the command line.) * --no-daemonize: #不發送到後臺守護進程 Do not send the process into the background. (This is a Puppet setting, and can go in puppet.conf. Note the special ‘no-‘ prefix for boolean settings on the command line.) * --debug: #debug調試模式 Enable full debugging. * --detailed-exitcodes: #提供詳細的退出代碼 Provide transaction information via exit codes. If this is enabled, an exit code of ‘2‘ means there were changes, an exit code of ‘4‘ means there were failures during the transaction, and an exit code of ‘6‘ means there were both changes and failures. * --digest: #指定證書指紋算法,默認為md5 Change the certificate fingerprinting digest algorithm. The default is SHA256. Valid values depends on the version of OpenSSL installed, but will likely contain MD5, MD2, SHA1 and SHA256. * --disable: #禁用puppet agent 在此節點執行,agent的守護進程還是運行的,只是此節點不去master同步配置了. Disable working on the local system. This puts a lock file in place, causing ‘puppet agent‘ not to work on the system until the lock file is removed. This is useful if you are testing a configuration and do not want the central configuration to override the local state until everything is tested and committed. Disable can also take an optional message that will be reported by the ‘puppet agent‘ at the next disabled run. ‘puppet agent‘ uses the same lock file while it is running, so no more than one ‘puppet agent‘ process is working at a time. ‘puppet agent‘ exits after executing this. * --enable: #啟用,允許執行puppet agent -t 同步配置. Enable working on the local system. This removes any lock file, causing ‘puppet agent‘ to start managing the local system again (although it will continue to use its normal scheduling, so it might not start for another half hour). ‘puppet agent‘ exits after executing this. * --fingerprint: #顯示當前證書的指紋 Display the current certificate or certificate signing request fingerprint and then exit. Use the ‘--digest‘ option to change the digest algorithm used. * --help: Print this help message * --logdest: #日誌發送方式,默認采用syslog配置 Where to send log messages. Choose between ‘syslog‘ (the POSIX syslog service), ‘eventlog‘ (the Windows Event Log), ‘console‘, or the path to a log file. If debugging or verbosity is enabled, this defaults to ‘console‘. Otherwise, it defaults to ‘syslog‘ on POSIX systems and ‘eventlog‘ on Windows. A path ending with ‘.json‘ will receive structured output in JSON format. The log file will not have an ending ‘]‘ automatically written to it due to the appending nature of logging. It must be appended manually to make the content valid JSON. * --masterport: #指令puppet端口的 The port on which to contact the puppet master. (This is a Puppet setting, and can go in puppet.conf.) * --no-client: #不要創建客戶端配置文件,當listen=true 時才有意義 Do not create a config client. This will cause the daemon to start but not check configuration unless it is triggered with `puppet kick`. This only makes sense when puppet agent is being run with listen = true in puppet.conf or was started with the `--listen` option. * --noop: #使用‘noop‘模式,僅運行測試,catalog不在agent端應用. Use ‘noop‘ mode where the daemon runs in a no-op or dry-run mode. This is useful for seeing what changes Puppet will make without actually executing the changes. (This is a Puppet setting, and can go in puppet.conf. Note the special ‘no-‘ prefix for boolean settings on the command line.) * --onetime: #運行一次,配合--no-daemonize使用 Run the configuration once. Runs a single (normally daemonized) Puppet run. Useful for interactively running puppet agent when used in conjunction with the --no-daemonize option. (This is a Puppet setting, and can go in puppet.conf. Note the special ‘no-‘ prefix for boolean settings on the command line.) * --test: #測試,但是會在本地應用catalog Enable the most common options used for testing. These are ‘onetime‘, ‘verbose‘, ‘ignorecache‘, ‘no-daemonize‘, ‘no-usecacheonfailure‘, ‘detailed-exitcodes‘, ‘no-splay‘, and ‘show_diff‘. * --verbose: #顯示puppet擴展信息 Turn on verbose reporting. * --version: #顯示puppet版本信息 Print the puppet version number and exit. * --waitforcert: #agent向master證書認證等待時間,默認為agent2分鐘向master請求一次,如果設為0,表示不等待. This option only matters for daemons that do not yet have certificates and it is enabled by default, with a value of 120 (seconds). This causes ‘puppet agent‘ to connect to the server every 2 minutes and ask it to sign a certificate request. This is useful for the initial setup of a puppet client. You can turn off waiting for certificates by specifying a time of 0. (This is a Puppet setting, and can go in puppet.conf. Note the special ‘no-‘ prefix for boolean settings on the command line.)
Agent端嘗試運行玩玩,沒有資源也可以運行:
[[email protected] ~]# puppet agent -t Info: Retrieving pluginfacts Info: Retrieving plugin Info: Caching catalog for sh-proxy2.localdomain Info: Applying configuration version ‘1504617222‘ Notice: Finished catalog run in 0.02 seconds
註釋:如果有資源可以看到整個資源的更改,和是否運行成功.目前只能看到訪問Master的耗時.
註意:Agent的運行方式有兩種:1)命令直接連接master做更新.2)守護進程運行,每30分鐘檢測更新(這個時間自己可以設置).公司的生產直接將puppet agent -t 加到crontab計劃任務做更新(參考借鑒).
舉例:
[[email protected] ~]# crontab -l 28,58 * * * * /usr/bin/puppet agent -t &>/dev/null
舉例:agent服務並沒donw,但是agent端也不能從master更新資源.使用--enable開啟,再使用puppet agent -t繼續更新資源.
[[email protected] ~]# puppet agent --disable [[email protected] ~]# /etc/init.d/puppet status puppet (pid 37949) is running... [[email protected] ~]# puppet agent -t Notice: Skipping run of Puppet configuration client; administratively disabled (Reason: ‘reason not specified‘); Use ‘puppet agent --enable‘ to re-enable.
本文出自 “螞蟻” 博客,請務必保留此出處http://215687833.blog.51cto.com/6724358/1963179
Puppet 命令參數介紹(三)