配置并使用阿里yum源安装
rm -rf /etc/yum.repos.d/*
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
yum -y install puppet
资源清单
[root@centos7 ~]# puppet help
Usage: puppet <subcommand> [options] <action> [options]
Available subcommands:
agent The puppet agent daemon
apply Apply Puppet manifests locally
ca Local Puppet Certificate Authority management.
catalog Compile, save, view, and convert catalogs.
cert Manage certificates and requests
certificate Provide access to the CA for certificate management.
certificate_request Manage certificate requests.
certificate_revocation_list Manage the list of revoked certificates.
config Interact with Puppet's settings.
describe Display help about resource types
device Manage remote network devices
doc Generate Puppet documentation and references
facts Retrieve and store facts.
file Retrieve and store files in a filebucket
filebucket Store and retrieve files in a filebucket
help Display Puppet help.
inspect Send an inspection report
instrumentation_data Manage instrumentation listener accumulated data.
instrumentation_listener Manage instrumentation listeners.
instrumentation_probe Manage instrumentation probes.
key Create, save, and remove certificate keys.
kick Remotely control puppet agent
man Display Puppet manual pages.
master The puppet master daemon
module Creates, installs and searches for modules on the Puppet Forge.
node View and manage node definitions.
parser Interact directly with the parser.
plugin Interact with the Puppet plugin system.
queue Deprecated queuing daemon for asynchronous storeconfigs
report Create, display, and submit reports.
resource The resource abstraction layer shell
resource_type View classes, defined resource types, and nodes from all manifests.
secret_agent Mimics puppet agent.
status View puppet server status.
See 'puppet help <subcommand> <action>' for help on a specific subcommand action.
See 'puppet help <subcommand>' for help on a specific subcommand.
Puppet v3.6.2
[root@centos7 ~]# puppet help describe 查看资源清单的帮助
puppet-describe(8) -- Display help about resource types
========
SYNOPSIS
--------
Prints help about Puppet resource types, providers, and metaparameters.
USAGE
-----
puppet describe [-h|--help] [-s|--short] [-p|--providers] [-l|--list] [-m|--meta]
OPTIONS
-------
* --help:
Print this help text
* --providers:
Describe providers in detail for each type
* --list:
List all types
* --meta:
List all metaparameters
* --short:
List only parameters without detail
EXAMPLE
-------
$ puppet describe --list
$ puppet describe file --providers
$ puppet describe user -s -m
AUTHOR
------
David Lutterkort
COPYRIGHT
---------
Copyright (c) 2011 Puppet Labs, LLC Licensed under the Apache 2.0 License
[root@centos7 ~]# puppet describe --list 查看资源清单支持的类型
These are the types known to puppet:
augeas - Apply a change or an array of changes to the ...
computer - Computer object management using DirectorySer ...
cron - Installs and manages cron jobs
exec - Executes external commands
file - Manages files, including their content, owner ...
filebucket - A repository for storing and retrieving file ...
group - Manage groups
host - Installs and manages host entries
interface - This represents a router or switch interface
k5login - Manage the `.k5login` file for a user
macauthorization - Manage the Mac OS X authorization database
mailalias - .. no documentation ..
maillist - Manage email lists
mcx - MCX object management using DirectoryService ...
mount - Manages mounted filesystems, including puttin ...
nagios_command - The Nagios type command
nagios_contact - The Nagios type contact
nagios_contactgroup - The Nagios type contactgroup
nagios_host - The Nagios type host
nagios_hostdependency - The Nagios type hostdependency
nagios_hostescalation - The Nagios type hostescalation
nagios_hostextinfo - The Nagios type hostextinfo
nagios_hostgroup - The Nagios type hostgroup
nagios_service - The Nagios type service
nagios_servicedependency - The Nagios type servicedependency
nagios_serviceescalation - The Nagios type serviceescalation
nagios_serviceextinfo - The Nagios type serviceextinfo
nagios_servicegroup - The Nagios type servicegroup
nagios_timeperiod - The Nagios type timeperiod
notify - .. no documentation ..
package - Manage packages
resources - This is a metatype that can manage other reso ...
router - .. no documentation ..
schedule - Define schedules for Puppet
scheduled_task - Installs and manages Windows Scheduled Tasks
selboolean - Manages SELinux booleans on systems with SELi ...
selmodule - Manages loading and unloading of SELinux poli ...
service - Manage running services
ssh_authorized_key - Manages SSH authorized keys
sshkey - Installs and manages ssh host keys
stage - A resource type for creating new run stages
tidy - Remove unwanted files based on specific crite ...
user - Manage users
vlan - .. no documentation ..
whit - Whits are internal artifacts of Puppet's curr ...
yumrepo - The client-side description of a yum reposito ...
zfs - Manage zfs
zone - Manages Solaris zones
zpool - Manage zpools
[root@centos7 ~]# puppet describe --list
These are the types known to puppet:
augeas - Apply a change or an array of changes to the ...
computer - Computer object management using DirectorySer ...
cron - Installs and manages cron jobs
exec - Executes external commands
file - Manages files, including their content, owner ...
filebucket - A repository for storing and retrieving file ...
group - Manage groups
host - Installs and manages host entries
interface - This represents a router or switch interface
k5login - Manage the `.k5login` file for a user
macauthorization - Manage the Mac OS X authorization database
mailalias - .. no documentation ..
maillist - Manage email lists
mcx - MCX object management using DirectoryService ...
mount - Manages mounted filesystems, including puttin ...
nagios_command - The Nagios type command
nagios_contact - The Nagios type contact
nagios_contactgroup - The Nagios type contactgroup
nagios_host - The Nagios type host
nagios_hostdependency - The Nagios type hostdependency
nagios_hostescalation - The Nagios type hostescalation
nagios_hostextinfo - The Nagios type hostextinfo
nagios_hostgroup - The Nagios type hostgroup
nagios_service - The Nagios type service
nagios_servicedependency - The Nagios type servicedependency
nagios_serviceescalation - The Nagios type serviceescalation
nagios_serviceextinfo - The Nagios type serviceextinfo
nagios_servicegroup - The Nagios type servicegroup
nagios_timeperiod - The Nagios type timeperiod
notify - .. no documentation ..
package - Manage packages
resources - This is a metatype that can manage other reso ...
router - .. no documentation ..
schedule - Define schedules for Puppet
scheduled_task - Installs and manages Windows Scheduled Tasks
selboolean - Manages SELinux booleans on systems with SELi ...
selmodule - Manages loading and unloading of SELinux poli ...
service - Manage running services
ssh_authorized_key - Manages SSH authorized keys
sshkey - Installs and manages ssh host keys
stage - A resource type for creating new run stages
tidy - Remove unwanted files based on specific crite ...
user - Manage users
vlan - .. no documentation ..
whit - Whits are internal artifacts of Puppet's curr ...
yumrepo - The client-side description of a yum reposito ...
zfs - Manage zfs
zone - Manages Solaris zones
zpool - Manage zpools
[root@centos7 ~]# puppet describe package #安装程序包的类型
package
=======
Manage packages. There is a basic dichotomy in package
support right now: Some package types (e.g., yum and apt) can
retrieve their own package files, while others (e.g., rpm and sun)
cannot. For those package formats that cannot retrieve their own files,
you can use the `source` parameter to point to the correct file.
Puppet will automatically guess the packaging format that you are
using based on the platform you are on, but you can override it
using the `provider` parameter; each provider defines what it
requires in order to function, and you must meet those requirements
to use a given provider.
**Autorequires:** If Puppet is managing the files specified as a
package's `adminfile`, `responsefile`, or `source`, the package
resource will autorequire those files.
Parameters
----------
- **adminfile**
A file containing package defaults for installing packages.
This is currently only used on Solaris. The value will be
validated according to system rules, which in the case of
Solaris means that it should either be a fully qualified path
or it should be in `/var/sadm/install/admin`.
- **allow_virtual**
Specifies if virtual package names are allowed for install and
uninstall.
Valid values are `true`, `false`, `yes`, `no`.
Requires features virtual_packages.
- **allowcdrom**
Tells apt to allow cdrom sources in the sources.list file.
Normally apt will bail if you try this.
Valid values are `true`, `false`.
- **category**
A read-only parameter set by the package.
- **configfiles**
Whether configfiles should be kept or replaced. Most packages
types do not support this parameter. Defaults to `keep`.
Valid values are `keep`, `replace`.
- **description**
A read-only parameter set by the package.
- **ensure**
What state the package should be in. On packaging systems that can
retrieve new packages on their own, you can choose which package to
retrieve by specifying a version number or `latest` as the ensure
value. On packaging systems that manage configuration files separately
from "normal" system files, you can uninstall config files by
specifying `purged` as the ensure value. This defaults to `installed`.
Valid values are `present` (also called `installed`), `absent`,
`purged`, `held`, `latest`. Values can match `/./`.
- **flavor**
OpenBSD supports 'flavors', which are further specifications for
which type of package you want.
- **install_options**
An array of additional options to pass when installing a package. These
options are package-specific, and should be documented by the software
vendor. One commonly implemented option is `INSTALLDIR`:
package { 'mysql':
ensure => installed,
source => 'N:/packages/mysql-5.5.16-winx64.msi',
install_options => [ '/S', { 'INSTALLDIR' => 'C:\mysql-5.5' } ],
}
Each option in the array can either be a string or a hash, where each
key and value pair are interpreted in a provider specific way. Each
option will automatically be quoted when passed to the install command.
On Windows, this is the **only** place in Puppet where backslash
separators should be used. Note that backslashes in double-quoted
strings _must_ be double-escaped and backslashes in single-quoted
strings _may_ be double-escaped.
Requires features install_options.
- **instance**
A read-only parameter set by the package.
- **name**
The package name. This is the name that the packaging
system uses internally, which is sometimes (especially on Solaris)
a name that is basically useless to humans. If you want to
abstract package installation, then you can use aliases to provide
a common name to packages:
# In the 'openssl' class
$ssl = $operatingsystem ? {
solaris => SMCossl,
default => openssl
}
# It is not an error to set an alias to the same value as the
# object name.
package { $ssl:
ensure => installed,
alias => openssl
}
. etc. .
$ssh = $operatingsystem ? {
solaris => SMCossh,
default => openssh
}
# Use the alias to specify a dependency, rather than
# having another selector to figure it out again.
package { $ssh:
ensure => installed,
alias => openssh,
require => Package[openssl]
}
- **package_settings**
Settings that can change the contents or configuration of a package.
The formatting and effects of package_settings are provider-specific;
any
provider that implements them must explain how to use them in its
documentation. (Our general expectation is that if a package is
installed but its settings are out of sync, the provider should
re-install that package with the desired settings.)
An example of how package_settings could be used is FreeBSD's port build
options --- a future version of the provider could accept a hash of
options,
and would reinstall the port if the installed version lacked the correct
settings.
package { 'www/apache22':
package_settings => { 'SUEXEC' => false }
}
Again, check the documentation of your platform's package provider to
see
the actual usage.
Requires features package_settings.
- **platform**
A read-only parameter set by the package.
- **responsefile**
A file containing any necessary answers to questions asked by
the package. This is currently used on Solaris and Debian. The
value will be validated according to system rules, but it should
generally be a fully qualified path.
- **root**
A read-only parameter set by the package.
- **source**
Where to find the actual package. This must be a local file
(or on a network file system) or a URL that your specific
packaging type understands; Puppet will not retrieve files for you,
although you can manage packages as `file` resources.
- **status**
A read-only parameter set by the package.
- **uninstall_options**
An array of additional options to pass when uninstalling a package.
These
options are package-specific, and should be documented by the software
vendor. For example:
package { 'VMware Tools':
ensure => absent,
uninstall_options => [ { 'REMOVE' => 'Sync,VSS' } ],
}
Each option in the array can either be a string or a hash, where each
key and value pair are interpreted in a provider specific way. Each
option will automatically be quoted when passed to the uninstall
command.
On Windows, this is the **only** place in Puppet where backslash
separators should be used. Note that backslashes in double-quoted
strings _must_ be double-escaped and backslashes in single-quoted
strings _may_ be double-escaped.
Requires features uninstall_options.
- **vendor**
A read-only parameter set by the package.
Providers
---------
aix, appdmg, apple, apt, aptitude, aptrpm, blastwave, dpkg, fink,
freebsd, gem, hpux, macports, msi, nim, openbsd, opkg, pacman, pip, pkg,
pkgdmg, pkgin, pkgutil, portage, ports, portupgrade, rpm, rug, sun,
sunfreeware, up2date, urpmi, windows, yum, zypper
[root@centos7 ~]# puppet describe -m package 只显示源参数
package
=======
Manage packages. There is a basic dichotomy in package
support right now: Some package types (e.g., yum and apt) can
retrieve their own package files, while others (e.g., rpm and sun)
cannot. For those package formats that cannot retrieve their own files,
you can use the `source` parameter to point to the correct file.
Puppet will automatically guess the packaging format that you are
using based on the platform you are on, but you can override it
using the `provider` parameter; each provider defines what it
requires in order to function, and you must meet those requirements
to use a given provider.
**Autorequires:** If Puppet is managing the files specified as a
package's `adminfile`, `responsefile`, or `source`, the package
resource will autorequire those files.
Parameters
----------
- **adminfile**
A file containing package defaults for installing packages.
This is currently only used on Solaris. The value will be
validated according to system rules, which in the case of
Solaris means that it should either be a fully qualified path
or it should be in `/var/sadm/install/admin`.
- **allow_virtual**
Specifies if virtual package names are allowed for install and
uninstall.
Valid values are `true`, `false`, `yes`, `no`.
Requires features virtual_packages.
- **allowcdrom**
Tells apt to allow cdrom sources in the sources.list file.
Normally apt will bail if you try this.
Valid values are `true`, `false`.
- **category**
A read-only parameter set by the package.
- **configfiles**
Whether configfiles should be kept or replaced. Most packages
types do not support this parameter. Defaults to `keep`.
Valid values are `keep`, `replace`.
- **description**
A read-only parameter set by the package.
- **ensure**
What state the package should be in. On packaging systems that can
retrieve new packages on their own, you can choose which package to
retrieve by specifying a version number or `latest` as the ensure
value. On packaging systems that manage configuration files separately
from "normal" system files, you can uninstall config files by
specifying `purged` as the ensure value. This defaults to `installed`.
Valid values are `present` (also called `installed`), `absent`,
`purged`, `held`, `latest`. Values can match `/./`.
- **flavor**
OpenBSD supports 'flavors', which are further specifications for
which type of package you want.
- **install_options**
An array of additional options to pass when installing a package. These
options are package-specific, and should be documented by the software
vendor. One commonly implemented option is `INSTALLDIR`:
package { 'mysql':
ensure => installed,
source => 'N:/packages/mysql-5.5.16-winx64.msi',
install_options => [ '/S', { 'INSTALLDIR' => 'C:\mysql-5.5' } ],
}
Each option in the array can either be a string or a hash, where each
key and value pair are interpreted in a provider specific way. Each
option will automatically be quoted when passed to the install command.
On Windows, this is the **only** place in Puppet where backslash
separators should be used. Note that backslashes in double-quoted
strings _must_ be double-escaped and backslashes in single-quoted
strings _may_ be double-escaped.
Requires features install_options.
- **instance**
A read-only parameter set by the package.
- **name**
The package name. This is the name that the packaging
system uses internally, which is sometimes (especially on Solaris)
a name that is basically useless to humans. If you want to
abstract package installation, then you can use aliases to provide
a common name to packages:
# In the 'openssl' class
$ssl = $operatingsystem ? {
solaris => SMCossl,
default => openssl
}
# It is not an error to set an alias to the same value as the
# object name.
package { $ssl:
ensure => installed,
alias => openssl
}
. etc. .
$ssh = $operatingsystem ? {
solaris => SMCossh,
default => openssh
}
# Use the alias to specify a dependency, rather than
# having another selector to figure it out again.
package { $ssh:
ensure => installed,
alias => openssh,
require => Package[openssl]
}
- **package_settings**
Settings that can change the contents or configuration of a package.
The formatting and effects of package_settings are provider-specific;
any
provider that implements them must explain how to use them in its
documentation. (Our general expectation is that if a package is
installed but its settings are out of sync, the provider should
re-install that package with the desired settings.)
An example of how package_settings could be used is FreeBSD's port build
options --- a future version of the provider could accept a hash of
options,
and would reinstall the port if the installed version lacked the correct
settings.
package { 'www/apache22':
package_settings => { 'SUEXEC' => false }
}
Again, check the documentation of your platform's package provider to
see
the actual usage.
Requires features package_settings.
- **platform**
A read-only parameter set by the package.
- **responsefile**
A file containing any necessary answers to questions asked by
the package. This is currently used on Solaris and Debian. The
value will be validated according to system rules, but it should
generally be a fully qualified path.
- **root**
A read-only parameter set by the package.
- **source**
Where to find the actual package. This must be a local file
(or on a network file system) or a URL that your specific
packaging type understands; Puppet will not retrieve files for you,
although you can manage packages as `file` resources.
- **status**
A read-only parameter set by the package.
- **uninstall_options**
An array of additional options to pass when uninstalling a package.
These
options are package-specific, and should be documented by the software
vendor. For example:
package { 'VMware Tools':
ensure => absent,
uninstall_options => [ { 'REMOVE' => 'Sync,VSS' } ],
}
Each option in the array can either be a string or a hash, where each
key and value pair are interpreted in a provider specific way. Each
option will automatically be quoted when passed to the uninstall
command.
On Windows, this is the **only** place in Puppet where backslash
separators should be used. Note that backslashes in double-quoted
strings _must_ be double-escaped and backslashes in single-quoted
strings _may_ be double-escaped.
Requires features uninstall_options.
- **vendor**
A read-only parameter set by the package.
Meta Parameters
---------------
- **alias**
Creates an alias for the resource. Puppet uses this internally when you
provide a symbolic title and an explicit namevar value:
file { 'sshdconfig':
path => $operatingsystem ? {
solaris => '/usr/local/etc/ssh/sshd_config',
default => '/etc/ssh/sshd_config',
},
source => '...'
}
service { 'sshd':
subscribe => File['sshdconfig'],
}
When you use this feature, the parser sets `sshdconfig` as the title,
and the library sets that as an alias for the file so the dependency
lookup in `Service['sshd']` works. You can use this metaparameter
yourself,
but note that aliases generally only work for creating relationships;
anything
else that refers to an existing resource (such as amending or overriding
resource attributes in an inherited class) must use the resource's exact
title. For example, the following code will not work:
file { '/etc/ssh/sshd_config':
owner => root,
group => root,
alias => 'sshdconfig',
}
File['sshdconfig'] {
mode => 644,
}
There's no way here for the Puppet parser to know that these two stanzas
should be affecting the same file.
- **audit**
Marks a subset of this resource's unmanaged attributes for auditing.
Accepts an
attribute name, an array of attribute names, or `all`.
Auditing a resource attribute has two effects: First, whenever a catalog
is applied with puppet apply or puppet agent, Puppet will check whether
that attribute of the resource has been modified, comparing its current
value to the previous run; any change will be logged alongside any
actions
performed by Puppet while applying the catalog.
Secondly, marking a resource attribute for auditing will include that
attribute in inspection reports generated by puppet inspect; see the
puppet inspect documentation for more details.
Managed attributes for a resource can also be audited, but note that
changes made by Puppet will be logged as additional modifications. (I.e.
if a user manually edits a file whose contents are audited and managed,
puppet agent's next two runs will both log an audit notice: the first
run
will log the user's edit and then revert the file to the desired state,
and the second run will log the edit made by Puppet.)
- **before**
One or more resources that depend on this resource, expressed as
[resource
Multiple resources can be specified as an array of references. When this
ypes.html#resource-references).
Multiple resources can be specified as an array of references. When this
attribute is present:
* This resource will be applied _before_ the dependent resource(s).
This is one of the four relationship metaparameters, along with
`require`, `notify`, and `subscribe`. For more context, including the
alternate chaining arrow (`->` and `~>`) syntax, see
[the language page on
relationships](http://docs.puppetlabs.com/puppet/latest/reference/lang_r
elationships.html).
- **loglevel**
Sets the level that information will be logged.
The log levels have the biggest impact when logs are sent to
syslog (which is currently the default).
Valid values are `debug`, `info`, `notice`, `warning`, `err`, `alert`,
`emerg`, `crit`, `verbose`.
- **noop**
Whether to apply this resource in noop mode.
When applying a resource in noop mode, Puppet will check whether it is
in sync,
like it does when running normally. However, if a resource attribute is
not in
the desired state (as declared in the catalog), Puppet will take no
action, and will instead report the changes it _would_ have made. These
simulated changes will appear in the report sent to the puppet master,
or
be shown on the console if running puppet agent or puppet apply in the
foreground. The simulated changes will not send refresh events to any
subscribing or notified resources, although Puppet will log that a
refresh
event _would_ have been sent.
**Important note:**
[The `noop`
allows you to globally enable or disable noop mode, but it will _not_
ml#noop)
allows you to globally enable or disable noop mode, but it will _not_
override
the `noop` metaparameter on individual resources. That is, the value of
the
global `noop` setting will _only_ affect resources that do not have an
explicit
value set for their `noop` attribute.
Valid values are `true`, `false`.
- **notify**
One or more resources that depend on this resource, expressed as
[resource
Multiple resources can be specified as an array of references. When this
ypes.html#resource-references).
Multiple resources can be specified as an array of references. When this
attribute is present:
* This resource will be applied _before_ the notified resource(s).
* If Puppet makes changes to this resource, it will cause all of the
notified resources to _refresh._ (Refresh behavior varies by resource
type: services will restart, mounts will unmount and re-mount, etc.
Not
all types can refresh.)
This is one of the four relationship metaparameters, along with
`before`, `require`, and `subscribe`. For more context, including the
alternate chaining arrow (`->` and `~>`) syntax, see
[the language page on
relationships](http://docs.puppetlabs.com/puppet/latest/reference/lang_r
elationships.html).
- **require**
One or more resources that this resource depends on, expressed as
[resource
Multiple resources can be specified as an array of references. When this
ypes.html#resource-references).
Multiple resources can be specified as an array of references. When this
attribute is present:
* The required resource(s) will be applied **before** this resource.
This is one of the four relationship metaparameters, along with
`before`, `notify`, and `subscribe`. For more context, including the
alternate chaining arrow (`->` and `~>`) syntax, see
[the language page on
relationships](http://docs.puppetlabs.com/puppet/latest/reference/lang_r
elationships.html).
- **schedule**
A schedule to govern when Puppet is allowed to manage this resource.
The value of this metaparameter must be the `name` of a `schedule`
resource. This means you must declare a schedule resource, then
refer to it by name; see
[the docs for the `schedule`
type](http://docs.puppetlabs.com/references/latest/type.html#schedule)
for more info.
schedule { 'everyday':
period => daily,
range => "2-4"
}
exec { "/usr/bin/apt-get update":
schedule => 'everyday'
}
Note that you can declare the schedule resource anywhere in your
manifests, as long as it ends up in the final compiled catalog.
- **stage**
Which run stage this class should reside in.
**Note: This metaparameter can only be used on classes,** and only when
declaring them with the resource-like syntax. It cannot be used on
normal
resources or on classes declared with `include`.
By default, all classes are declared in the `main` stage. To assign a
class
to a different stage, you must:
* Declare the new stage as a [`stage`
resource](http://docs.puppetlabs.com/references/latest/type.html#stage).
* Declare an order relationship between the new stage and the `main`
stage.
* Use the resource-like syntax to declare the class, and set the `stage`
metaparameter to the name of the desired stage.
For example:
stage { 'pre':
before => Stage['main'],
}
class { 'apt-updates':
stage => 'pre',
}
- **subscribe**
One or more resources that this resource depends on, expressed as
[resource
Multiple resources can be specified as an array of references. When this
ypes.html#resource-references).
Multiple resources can be specified as an array of references. When this
attribute is present:
* The subscribed resource(s) will be applied _before_ this resource.
* If Puppet makes changes to any of the subscribed resources, it will
cause
this resource to _refresh._ (Refresh behavior varies by resource
type: services will restart, mounts will unmount and re-mount, etc.
Not
all types can refresh.)
This is one of the four relationship metaparameters, along with
`before`, `require`, and `notify`. For more context, including the
alternate chaining arrow (`->` and `~>`) syntax, see
[the language page on
relationships](http://docs.puppetlabs.com/puppet/latest/reference/lang_r
elationships.html).
- **tag**
Add the specified tags to the associated resource. While all resources
are automatically tagged with as much information as possible
(e.g., each class and definition containing the resource), it can
be useful to add your own tags to a given resource.
Multiple tags can be specified as an array:
file {'/etc/hosts':
ensure => file,
source => 'puppet:///modules/site/hosts',
mode => 0644,
tag => ['bootstrap', 'minimumrun', 'mediumrun'],
}
Tags are useful for things like applying a subset of a host's
configuration
with [the `tags` setting](/references/latest/configuration.html#tags)
(e.g. `puppet agent --test --tags bootstrap`) or filtering alerts with
[the `tagmail` report
processor](http://docs.puppetlabs.com/references/latest/report.html#tagm
ail).
Providers
---------
aix, appdmg, apple, apt, aptitude, aptrpm, blastwave, dpkg, fink,
freebsd, gem, hpux, macports, msi, nim, openbsd, opkg, pacman, pip, pkg,
pkgdmg, pkgin, pkgutil, portage, ports, portupgrade, rpm, rug, sun,
sunfreeware, up2date, urpmi, windows, yum, zypper
资源的定义之组的管理
[root@centos7 ~]# puppet describe group
group
=====
Manage groups. On most platforms this can only create groups.
Group membership must be managed on individual users.
On some platforms such as OS X, group membership is managed as an
attribute of the group, not the user record. Providers must have
the feature 'manages_members' to manage the 'members' property of
a group record.
Parameters
----------
- **allowdupe**
Whether to allow duplicate GIDs. Defaults to `false`.
Valid values are `true`, `false`, `yes`, `no`.
- **attribute_membership**
Whether specified attribute value pairs should be treated as the only
attributes
of the user or whether they should merely
be treated as the minimum list.
Valid values are `inclusive`, `minimum`.
- **attributes**
Specify group AIX attributes in an array of `key=value` pairs.
Requires features manages_aix_lam.
- **auth_membership**
whether the provider is authoritative for group membership.
- **ensure**
Create or remove the group.
Valid values are `present`, `absent`.
- **forcelocal**
Forces the mangement of local accounts when accounts are also
being managed by some other NSS
Valid values are `true`, `false`, `yes`, `no`.
Requires features libuser.
- **gid**
The group ID. Must be specified numerically. If no group ID is
specified when creating a new group, then one will be chosen
automatically according to local system standards. This will likely
result in the same group having different GIDs on different systems,
which is not recommended.
On Windows, this property is read-only and will return the group's
security
identifier (SID).
- **ia_load_module**
The name of the I&A module to use to manage this user
Requires features manages_aix_lam.
- **members**
The members of the group. For directory services where group
membership is stored in the group objects, not the users.
Requires features manages_members.
- **name**
The group name. While naming limitations vary by operating system,
it is advisable to restrict names to the lowest common denominator,
which is a maximum of 8 characters beginning with a letter.
Note that Puppet considers group names to be case-sensitive, regardless
of the platform's own rules; be sure to always use the same case when
referring to a given group.
- **system**
Whether the group is a system group with lower GID.
Valid values are `true`, `false`, `yes`, `no`.
Providers
---------
aix, directoryservice, groupadd, ldap, pw, windows_adsi
资源定义的要素
资源定义:向资源类型的属性赋值来实现,可称为资源类型实例化;
定义了资源实例的文件即清单,manifest;
定义资源的语法:
type {'title':
attribute1 => value1,
atrribute2 => value2,
……
}
注意:type必须使用小写字符;title是一个字符串,在同一类型中必须惟一;
资源属性中的三个特殊属性:
Namevar, 可简称为name;
ensure:资源的目标状态;
Provider:指明资源的管理接口;
资源类型之group组的定义
group:
Manage groups.
属性:
name:组名;
gid:GID;
system:是否为系统组,true OR false;
ensure:目标状态,present/absent;
members:成员用户;
[root@centos7 ~]# vim chenxi.pp 定义一个资源
group{'cx':
ensure => present,
}
[root@centos7 ~]# puppet help apply 查看运行帮助
puppet-apply(8) -- Apply Puppet manifests locally
========
SYNOPSIS
--------
Applies a standalone Puppet manifest to the local system.
USAGE
-----
puppet apply [-h|--help] [-V|--version] [-d|--debug] [-v|--verbose]
[-e|--execute] [--detailed-exitcodes] [-l|--logdest <file>] [--noop]
[--catalog <catalog>] [--write-catalog-summary] <file>
DESCRIPTION
-----------
This is the standalone puppet execution tool; use it to apply
individual manifests.
When provided with a modulepath, via command line or config file, puppet
apply can effectively mimic the catalog that would be served by puppet
master with access to the same modules, although there are some subtle
differences. When combined with scheduling and an automated system for
pushing manifests, this can be used to implement a serverless Puppet
site.
Most users should use 'puppet agent' and 'puppet master' for site-wide
manifests.
OPTIONS
-------
Note that any setting that's valid in the configuration
file is also a valid long argument. For example, 'tags' is a
valid setting, so you can specify '--tags <class>,<tag>'
as an argument.
See the configuration file documentation at
http://docs.puppetlabs.com/references/stable/configuration.html for the
full list of acceptable parameters. A commented list of all
configuration options can also be generated by running puppet with
'--genconfig'.
* --debug:
Enable full debugging.
* --detailed-exitcodes:
Provide transaction information via exit codes. If this is enabled, an exit
code of '2' means there were changes, an exit code of '4' means there were
failures during the transaction, and an exit code of '6' means there were both
changes and failures.
* --help:
Print this help message
* --loadclasses:
Load any stored classes. 'puppet agent' caches configured classes
(usually at /etc/puppet/classes.txt), and setting this option causes
all of those classes to be set in your puppet manifest.
* --logdest:
Where to send messages. Choose between syslog, the console, and a log
file. Defaults to sending messages to the console.
* --noop:
Use 'noop' mode where Puppet runs in a no-op or dry-run mode. This
is useful for seeing what changes Puppet will make without actually
executing the changes.
* --execute:
Execute a specific piece of Puppet code
* --test:
Enable the most common options used for testing. These are 'verbose',
'detailed-exitcodes' and 'show_diff'.
* --verbose:
Print extra information.
* --catalog:
Apply a JSON catalog (such as one generated with 'puppet master --compile'). You can
either specify a JSON file or pipe in JSON from standard input.
* --write-catalog-summary
After compiling the catalog saves the resource list and classes list to the node
in the state directory named classes.txt and resources.txt
EXAMPLE
-------
$ puppet apply -l /tmp/manifest.log manifest.pp
$ puppet apply --modulepath=/root/dev/modules -e "include ntpd::server"
$ puppet apply --catalog catalog.json
AUTHOR
------
Luke Kanies
COPYRIGHT
---------
Copyright (c) 2011 Puppet Labs, LLC Licensed under the Apache 2.0 License
[root@centos7 ~]# puppet apply -v -d --noop chenxi.pp 干跑输出调试等信息及过程
Notice: Compiled catalog for centos7.3-chenxi3 in environment production in 0.13 seconds
Debug: Puppet::Type::Group::ProviderDirectoryservice: file /usr/bin/dscl does not exist
Debug: Failed to load library 'ldap' for feature 'ldap'
Debug: Puppet::Type::Group::ProviderLdap: feature ldap is missing
Debug: Puppet::Type::Group::ProviderPw: file pw does not exist
Debug: Creating default schedules
Debug: Using settings: adding file resource 'confdir': 'File[/etc/puppet]{:path=>"/etc/puppet", :ensure=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false
}'Debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/dsimport does not exist
Debug: Failed to load library 'ldap' for feature 'ldap'
Debug: Puppet::Type::User::ProviderLdap: feature ldap is missing
Debug: Puppet::Type::User::ProviderPw: file pw does not exist
Debug: Puppet::Type::User::ProviderUser_role_add: file roleadd does not exist
Debug: Using settings: adding file resource 'vardir': 'File[/var/lib/puppet]{:path=>"/var/lib/puppet", :owner=>"puppet", :group=>"puppet", :ensure=>:directory, :loglev
el=>:debug, :links=>:follow, :backup=>false}'Debug: Using settings: adding file resource 'logdir': 'File[/var/log/puppet]{:path=>"/var/log/puppet", :mode=>"750", :owner=>"puppet", :group=>"puppet", :ensure=>:dire
ctory, :loglevel=>:debug, :links=>:follow, :backup=>false}'Debug: Using settings: adding file resource 'statedir': 'File[/var/lib/puppet/state]{:path=>"/var/lib/puppet/state", :mode=>"1755", :ensure=>:directory, :loglevel=>:de
bug, :links=>:follow, :backup=>false}'Debug: Using settings: adding file resource 'rundir': 'File[/var/run/puppet]{:path=>"/var/run/puppet", :mode=>"755", :owner=>"puppet", :group=>"puppet", :ensure=>:dire
ctory, :loglevel=>:debug, :links=>:follow, :backup=>false}'Debug: Using settings: adding file resource 'libdir': 'File[/var/lib/puppet/lib]{:path=>"/var/lib/puppet/lib", :ensure=>:directory, :loglevel=>:debug, :links=>:follow,
:backup=>false}'Debug: Using settings: adding file resource 'certdir': 'File[/var/lib/puppet/ssl/certs]{:path=>"/var/lib/puppet/ssl/certs", :mode=>"755", :owner=>"puppet", :group=>"pu
ppet", :ensure=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false}'Debug: Using settings: adding file resource 'ssldir': 'File[/var/lib/puppet/ssl]{:path=>"/var/lib/puppet/ssl", :mode=>"771", :owner=>"puppet", :group=>"puppet", :ensur
e=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false}'Debug: Using settings: adding file resource 'publickeydir': 'File[/var/lib/puppet/ssl/public_keys]{:path=>"/var/lib/puppet/ssl/public_keys", :mode=>"755", :owner=>"pup
pet", :group=>"puppet", :ensure=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false}'Debug: Using settings: adding file resource 'requestdir': 'File[/var/lib/puppet/ssl/certificate_requests]{:path=>"/var/lib/puppet/ssl/certificate_requests", :mode=>"75
5", :owner=>"puppet", :group=>"puppet", :ensure=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false}'Debug: Using settings: adding file resource 'privatekeydir': 'File[/var/lib/puppet/ssl/private_keys]{:path=>"/var/lib/puppet/ssl/private_keys", :mode=>"750", :owner=>"
puppet", :group=>"puppet", :ensure=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false}'Debug: Using settings: adding file resource 'privatedir': 'File[/var/lib/puppet/ssl/private]{:path=>"/var/lib/puppet/ssl/private", :mode=>"750", :owner=>"puppet", :gro
up=>"puppet", :ensure=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false}'Debug: Using settings: adding file resource 'clientyamldir': 'File[/var/lib/puppet/client_yaml]{:path=>"/var/lib/puppet/client_yaml", :mode=>"750", :ensure=>:directory
, :loglevel=>:debug, :links=>:follow, :backup=>false}'Debug: Using settings: adding file resource 'client_datadir': 'File[/var/lib/puppet/client_data]{:path=>"/var/lib/puppet/client_data", :mode=>"750", :ensure=>:director
y, :loglevel=>:debug, :links=>:follow, :backup=>false}'Debug: Using settings: adding file resource 'clientbucketdir': 'File[/var/lib/puppet/clientbucket]{:path=>"/var/lib/puppet/clientbucket", :mode=>"750", :ensure=>:direc
tory, :loglevel=>:debug, :links=>:follow, :backup=>false}'Debug: Using settings: adding file resource 'graphdir': 'File[/var/lib/puppet/state/graphs]{:path=>"/var/lib/puppet/state/graphs", :ensure=>:directory, :loglevel=>:deb
ug, :links=>:follow, :backup=>false}'Debug: Using settings: adding file resource 'pluginfactdest': 'File[/var/lib/puppet/facts.d]{:path=>"/var/lib/puppet/facts.d", :ensure=>:directory, :loglevel=>:debug,
:links=>:follow, :backup=>false}'Debug: /File[/etc/puppet]/seluser: Found seluser default 'system_u' for /etc/puppet
Debug: /File[/etc/puppet]/selrole: Found selrole default 'object_r' for /etc/puppet
Debug: /File[/etc/puppet]/seltype: Found seltype default 'puppet_etc_t' for /etc/puppet
Debug: /File[/etc/puppet]/selrange: Found selrange default 's0' for /etc/puppet
Debug: /File[/var/lib/puppet]/seluser: Found seluser default 'system_u' for /var/lib/puppet
Debug: /File[/var/lib/puppet]/selrole: Found selrole default 'object_r' for /var/lib/puppet
Debug: /File[/var/lib/puppet]/seltype: Found seltype default 'puppet_var_lib_t' for /var/lib/puppet
Debug: /File[/var/lib/puppet]/selrange: Found selrange default 's0' for /var/lib/puppet
Debug: /File[/var/log/puppet]/seluser: Found seluser default 'system_u' for /var/log/puppet
Debug: /File[/var/log/puppet]/selrole: Found selrole default 'object_r' for /var/log/puppet
Debug: /File[/var/log/puppet]/seltype: Found seltype default 'puppet_log_t' for /var/log/puppet
Debug: /File[/var/log/puppet]/selrange: Found selrange default 's0' for /var/log/puppet
Debug: /File[/var/lib/puppet/state]/seluser: Found seluser default 'system_u' for /var/lib/puppet/state
Debug: /File[/var/lib/puppet/state]/selrole: Found selrole default 'object_r' for /var/lib/puppet/state
Debug: /File[/var/lib/puppet/state]/seltype: Found seltype default 'puppet_var_lib_t' for /var/lib/puppet/state
Debug: /File[/var/lib/puppet/state]/selrange: Found selrange default 's0' for /var/lib/puppet/state
Debug: /File[/var/run/puppet]/seluser: Found seluser default 'system_u' for /var/run/puppet
Debug: /File[/var/run/puppet]/selrole: Found selrole default 'object_r' for /var/run/puppet
Debug: /File[/var/run/puppet]/seltype: Found seltype default 'puppet_var_run_t' for /var/run/puppet
Debug: /File[/var/run/puppet]/selrange: Found selrange default 's0' for /var/run/puppet
Debug: /File[/var/lib/puppet/lib]/seluser: Found seluser default 'system_u' for /var/lib/puppet/lib
Debug: /File[/var/lib/puppet/lib]/selrole: Found selrole default 'object_r' for /var/lib/puppet/lib
Debug: /File[/var/lib/puppet/lib]/seltype: Found seltype default 'puppet_var_lib_t' for /var/lib/puppet/lib
Debug: /File[/var/lib/puppet/lib]/selrange: Found selrange default 's0' for /var/lib/puppet/lib
Debug: /File[/var/lib/puppet/ssl/certs]/seluser: Found seluser default 'system_u' for /var/lib/puppet/ssl/certs
Debug: /File[/var/lib/puppet/ssl/certs]/selrole: Found selrole default 'object_r' for /var/lib/puppet/ssl/certs
Debug: /File[/var/lib/puppet/ssl/certs]/seltype: Found seltype default 'puppet_var_lib_t' for /var/lib/puppet/ssl/certs
Debug: /File[/var/lib/puppet/ssl/certs]/selrange: Found selrange default 's0' for /var/lib/puppet/ssl/certs
Debug: /File[/var/lib/puppet/ssl]/seluser: Found seluser default 'system_u' for /var/lib/puppet/ssl
Debug: /File[/var/lib/puppet/ssl]/selrole: Found selrole default 'object_r' for /var/lib/puppet/ssl
Debug: /File[/var/lib/puppet/ssl]/seltype: Found seltype default 'puppet_var_lib_t' for /var/lib/puppet/ssl
Debug: /File[/var/lib/puppet/ssl]/selrange: Found selrange default 's0' for /var/lib/puppet/ssl
Debug: /File[/var/lib/puppet/ssl/public_keys]/seluser: Found seluser default 'system_u' for /var/lib/puppet/ssl/public_keys
Debug: /File[/var/lib/puppet/ssl/public_keys]/selrole: Found selrole default 'object_r' for /var/lib/puppet/ssl/public_keys
Debug: /File[/var/lib/puppet/ssl/public_keys]/seltype: Found seltype default 'puppet_var_lib_t' for /var/lib/puppet/ssl/public_keys
Debug: /File[/var/lib/puppet/ssl/public_keys]/selrange: Found selrange default 's0' for /var/lib/puppet/ssl/public_keys
Debug: /File[/var/lib/puppet/ssl/certificate_requests]/seluser: Found seluser default 'system_u' for /var/lib/puppet/ssl/certificate_requests
Debug: /File[/var/lib/puppet/ssl/certificate_requests]/selrole: Found selrole default 'object_r' for /var/lib/puppet/ssl/certificate_requests
Debug: /File[/var/lib/puppet/ssl/certificate_requests]/seltype: Found seltype default 'puppet_var_lib_t' for /var/lib/puppet/ssl/certificate_requests
Debug: /File[/var/lib/puppet/ssl/certificate_requests]/selrange: Found selrange default 's0' for /var/lib/puppet/ssl/certificate_requests
Debug: /File[/var/lib/puppet/ssl/private_keys]/seluser: Found seluser default 'system_u' for /var/lib/puppet/ssl/private_keys
Debug: /File[/var/lib/puppet/ssl/private_keys]/selrole: Found selrole default 'object_r' for /var/lib/puppet/ssl/private_keys
Debug: /File[/var/lib/puppet/ssl/private_keys]/seltype: Found seltype default 'puppet_var_lib_t' for /var/lib/puppet/ssl/private_keys
Debug: /File[/var/lib/puppet/ssl/private_keys]/selrange: Found selrange default 's0' for /var/lib/puppet/ssl/private_keys
Debug: /File[/var/lib/puppet/ssl/private]/seluser: Found seluser default 'system_u' for /var/lib/puppet/ssl/private
Debug: /File[/var/lib/puppet/ssl/private]/selrole: Found selrole default 'object_r' for /var/lib/puppet/ssl/private
Debug: /File[/var/lib/puppet/ssl/private]/seltype: Found seltype default 'puppet_var_lib_t' for /var/lib/puppet/ssl/private
Debug: /File[/var/lib/puppet/ssl/private]/selrange: Found selrange default 's0' for /var/lib/puppet/ssl/private
Debug: /File[/var/lib/puppet/client_yaml]/seluser: Found seluser default 'system_u' for /var/lib/puppet/client_yaml
Debug: /File[/var/lib/puppet/client_yaml]/selrole: Found selrole default 'object_r' for /var/lib/puppet/client_yaml
Debug: /File[/var/lib/puppet/client_yaml]/seltype: Found seltype default 'puppet_var_lib_t' for /var/lib/puppet/client_yaml
Debug: /File[/var/lib/puppet/client_yaml]/selrange: Found selrange default 's0' for /var/lib/puppet/client_yaml
Debug: /File[/var/lib/puppet/client_data]/seluser: Found seluser default 'system_u' for /var/lib/puppet/client_data
Debug: /File[/var/lib/puppet/client_data]/selrole: Found selrole default 'object_r' for /var/lib/puppet/client_data
Debug: /File[/var/lib/puppet/client_data]/seltype: Found seltype default 'puppet_var_lib_t' for /var/lib/puppet/client_data
Debug: /File[/var/lib/puppet/client_data]/selrange: Found selrange default 's0' for /var/lib/puppet/client_data
Debug: /File[/var/lib/puppet/clientbucket]/seluser: Found seluser default 'system_u' for /var/lib/puppet/clientbucket
Debug: /File[/var/lib/puppet/clientbucket]/selrole: Found selrole default 'object_r' for /var/lib/puppet/clientbucket
Debug: /File[/var/lib/puppet/clientbucket]/seltype: Found seltype default 'puppet_var_lib_t' for /var/lib/puppet/clientbucket
Debug: /File[/var/lib/puppet/clientbucket]/selrange: Found selrange default 's0' for /var/lib/puppet/clientbucket
Debug: /File[/var/lib/puppet/state/graphs]/seluser: Found seluser default 'system_u' for /var/lib/puppet/state/graphs
Debug: /File[/var/lib/puppet/state/graphs]/selrole: Found selrole default 'object_r' for /var/lib/puppet/state/graphs
Debug: /File[/var/lib/puppet/state/graphs]/seltype: Found seltype default 'puppet_var_lib_t' for /var/lib/puppet/state/graphs
Debug: /File[/var/lib/puppet/state/graphs]/selrange: Found selrange default 's0' for /var/lib/puppet/state/graphs
Debug: /File[/var/lib/puppet/facts.d]/seluser: Found seluser default 'system_u' for /var/lib/puppet/facts.d
Debug: /File[/var/lib/puppet/facts.d]/selrole: Found selrole default 'object_r' for /var/lib/puppet/facts.d
Debug: /File[/var/lib/puppet/facts.d]/seltype: Found seltype default 'puppet_var_lib_t' for /var/lib/puppet/facts.d
Debug: /File[/var/lib/puppet/facts.d]/selrange: Found selrange default 's0' for /var/lib/puppet/facts.d
Debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/puppet]
Debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet]
Debug: /File[/var/lib/puppet/ssl/certs]: Autorequiring File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/ssl]: Autorequiring File[/var/lib/puppet]
Debug: /File[/var/lib/puppet/ssl/public_keys]: Autorequiring File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/ssl/certificate_requests]: Autorequiring File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/ssl/private_keys]: Autorequiring File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/ssl/private]: Autorequiring File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/client_yaml]: Autorequiring File[/var/lib/puppet]
Debug: /File[/var/lib/puppet/client_data]: Autorequiring File[/var/lib/puppet]
Debug: /File[/var/lib/puppet/clientbucket]: Autorequiring File[/var/lib/puppet]
Debug: /File[/var/lib/puppet/state/graphs]: Autorequiring File[/var/lib/puppet/state]
Debug: /File[/var/lib/puppet/facts.d]: Autorequiring File[/var/lib/puppet]
Debug: /File[/var/lib/puppet/facts.d]/ensure: created
Debug: /File[/var/lib/puppet/ssl]/ensure: created
Debug: /File[/var/lib/puppet/ssl/private_keys]/ensure: created
Debug: /File[/var/lib/puppet/ssl/public_keys]/ensure: created
Debug: /File[/var/lib/puppet/ssl/certs]/ensure: created
Debug: /File[/var/lib/puppet/client_data]/ensure: created
Debug: /File[/var/lib/puppet/state]/ensure: created
Debug: /File[/var/lib/puppet/state/graphs]/ensure: created
Debug: /File[/var/lib/puppet/client_yaml]/ensure: created
Debug: /File[/var/lib/puppet/ssl/private]/ensure: created
Debug: /File[/var/lib/puppet/lib]/ensure: created
Debug: /File[/var/lib/puppet/clientbucket]/ensure: created
Debug: /File[/var/lib/puppet/ssl/certificate_requests]/ensure: created
Debug: Finishing transaction 21958000
Info: Applying configuration version '1506249736'
Notice: /Stage[main]/Main/Group[cx]/ensure: current_value absent, should be present (noop)
Debug: /Stage[main]/Main/Group[cx]: The container Class[Main] will propagate my refresh event
Notice: Class[Main]: Would have triggered 'refresh' from 1 events
Debug: Class[Main]: The container Stage[main] will propagate my refresh event
Notice: Stage[main]: Would have triggered 'refresh' from 1 events
Debug: Finishing transaction 27457800
Debug: Storing state
Info: Creating state file /var/lib/puppet/state/state.yaml
Debug: Stored state in 0.05 seconds
Notice: Finished catalog run in 0.08 seconds
Debug: Using settings: adding file resource 'rrddir': 'File[/var/lib/puppet/rrd]{:path=>"/var/lib/puppet/rrd", :mode=>"750", :owner=>"puppet", :group=>"puppet", :ensur
e=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false}'Debug: /File[/var/lib/puppet/rrd]/seluser: Found seluser default 'system_u' for /var/lib/puppet/rrd
Debug: /File[/var/lib/puppet/rrd]/selrole: Found selrole default 'object_r' for /var/lib/puppet/rrd
Debug: /File[/var/lib/puppet/rrd]/seltype: Found seltype default 'puppet_var_lib_t' for /var/lib/puppet/rrd
Debug: /File[/var/lib/puppet/rrd]/selrange: Found selrange default 's0' for /var/lib/puppet/rrd
Debug: /File[/var/lib/puppet/rrd]/ensure: created
Debug: Finishing transaction 25919000
Debug: Received report to process from centos7.3-chenxi3
Debug: Processing report from centos7.3-chenxi3 with processor Puppet::Reports::Store
[root@centos7 ~]# puppet apply -v --noop chenxi.pp 干跑并输出详细信息
Notice: Compiled catalog for centos7.3-chenxi3 in environment production in 0.11 seconds
Info: Applying configuration version '1506250001'
Notice: /Stage[main]/Main/Group[cx]/ensure: current_value absent, should be present (noop)
Notice: Class[Main]: Would have triggered 'refresh' from 1 events
Notice: Stage[main]: Would have triggered 'refresh' from 1 events
Notice: Finished catalog run in 0.04 seconds
[root@centos7 ~]# puppet apply -v chenxi.pp 正正运行并创建组
Notice: Compiled catalog for centos7.3-chenxi3 in environment production in 0.12 seconds
Info: Applying configuration version '1506250371'
Notice: /Stage[main]/Main/Group[cx]/ensure: created
Notice: Finished catalog run in 0.16 seconds
[root@centos7 ~]# tail /etc/group
postdrop:x:90:
postfix:x:89:
ntp:x:38:
stapusr:x:156:
stapsys:x:157:
stapdev:x:158:
tcpdump:x:72:
chenxi:x:1000:
puppet:x:52:
cx:x:1001: 创建成功组
