Puppetコマンドパラメータの説明(三)
11991 ワード
Puppetコマンドパラメータの説明
前言:
Puppetの動作原理:
puppet master起動のデフォルトは、tcpプロトコルを傍受する8140ポートである.rubyのwebrick webを介してagent側の要求を受信し、要求内容に基づいてmasterの統一インタフェースファイルsite.ppファイルマッチングは、マッチングホストリソースをcatalogにコンパイルしてagentに配布し、agentは要求を受信してローカルに適用する.
Puppetコマンドは独立コマンドと統合コマンド、puppet 3に分けられます.0バージョン以降は独立したコマンドはなく、統合コマンドも将来のトレンドであるため、puppet統合コマンドのみを書く.
通常、ヘルプを表示するには-hを使用することが知られており、puppetコマンドを表示するヘルプも同様である.
puppetコマンドパラメータ:
puppet masterコマンドパラメータ:(注釈部分が多すぎると貼り付けられず、主なものを選ぶ)
Puppet agentパラメータ:
エージェント側はゲームを実行しようとしています.リソースがなくても実行できます.
注記:リソースがある場合は、リソース全体の変更と正常に実行されたかどうかを確認できます.現在はMasterへのアクセスにかかる時間しか見られません.
注意:Agentの実行方法は2種類あります:1)コマンドは直接masterに接続して更新します.2)デーモンプロセスは実行して、30分ごとに更新を検出します(この時間は自分で設定できます).会社の生産は直接puppet agent-tをcrontab計画任務に追加して更新する(参考).
例:
例えば、agentサービスにはdonwはないが、agent側もmasterからリソースを更新することはできない.--enableを使用してオープンし、puppet agent-tを使用してリソースの更新を続行します.
前言:
Puppetの動作原理:
puppet master起動のデフォルトは、tcpプロトコルを傍受する8140ポートである.rubyのwebrick webを介してagent側の要求を受信し、要求内容に基づいてmasterの統一インタフェースファイルsite.ppファイルマッチングは、マッチングホストリソースをcatalogにコンパイルしてagentに配布し、agentは要求を受信してローカルに適用する.
Puppetコマンドは独立コマンドと統合コマンド、puppet 3に分けられます.0バージョン以降は独立したコマンドはなく、統合コマンドも将来のトレンドであるため、puppet統合コマンドのみを書く.
通常、ヘルプを表示するには-hを使用することが知られており、puppetコマンドを表示するヘルプも同様である.
puppetコマンドパラメータ:
[root@puppet puppet]# puppet help
Usage: puppet [options] [options]
Available subcommands:
agent The puppet agent daemon #puppet agent
apply Apply Puppet manifests locally # puppet
ca Local Puppet Certificate Authority management. # puppet
catalog Compile, save, view, and convert catalogs. # , , , catalog
cert Manage certificates and requests # puppet
certificate Provide access to the CA for certificate management. # CA
certificate_request Manage certificate requests. #
certificate_revocation_list Manage the list of revoked certificates. #
config Interact with Puppet's settings. #puppet
describe Display help about resource types #
device Manage remote network devices #
doc Generate Puppet documentation and references #puppet
facts Retrieve and store facts. # facts
file Retrieve and store files in a filebucket # filebucket
filebucket Store and retrieve files in a filebucket #
help Display Puppet help. # puppet
inspect Send an inspection report #
instrumentation_data Manage instrumentation listener accumulated data. DEPRECATED. #
instrumentation_listener Manage instrumentation listeners. DEPRECATED. #
instrumentation_probe Manage instrumentation probes. Deprecated #
key Create, save, and remove certificate keys.# , ,
kick Remotely control puppet agent #puppet agent
man Display Puppet manual pages. # puppet
master The puppet master daemon #puppet master
module Creates, installs and searches for modules on the Puppet Forge. # puppet forge , ,
node View and manage node definitions. #
parser Interact directly with the parser. #*.pp
plugin Interact with the Puppet plugin system. #
queue Deprecated queuing daemon for asynchronous storeconfigs #puppet
report Create, display, and submit reports. # , ,
resource The resource abstraction layer shell # RAL, API
resource_type View classes, defined resource types, and nodes from all manifests. # 、 manifests .
secret_agent Mimics puppet agent. # agent
status View puppet server status. #
See 'puppet help ' for help on a specific subcommand action.
See 'puppet help ' for help on a specific subcommand.
Puppet v3.8.7 puppet masterコマンドパラメータ:(注釈部分が多すぎると貼り付けられず、主なものを選ぶ)
[root@puppet puppet]# puppet master --help
* --daemonize: # , master
Send the process into the background. This is the default.
(This is a Puppet setting, and can go in puppet.conf. Note the special 'no-'
prefix for boolean settings on the command line.)
* --no-daemonize: # ,
Do not send the process into the background.
(This is a Puppet setting, and can go in puppet.conf. Note the special 'no-'
prefix for boolean settings on the command line.)
* --debug:#debug
Enable full debugging.
* --help: #
Print this help message.
* --logdest: # , log , .
Where to send log messages. Choose between 'syslog' (the POSIX syslog
service), 'console', or the path to a log file. If debugging or verbosity is
enabled, this defaults to 'console'. Otherwise, it defaults to 'syslog'.
A path ending with '.json' will receive structured output in JSON format. The
log file will not have an ending ']' automatically written to it due to the
appending nature of logging. It must be appended manually to make the content
valid JSON.
* --masterport: #Master .
The port on which to listen for traffic.
(This is a Puppet setting, and can go in puppet.conf.)
* --verbose: #
Enable verbosity.
* --version: # Master
Print the puppet version number and exit.
* --compile: # catalog json $vardir/yaml/ ,
Compile a catalogue and output it in JSON from the puppet master. Uses
facts contained in the $vardir/yaml/ directory to compile the catalog.Puppet agentパラメータ:
[root@puppet puppet]# puppet agent --help
#
* --certname: # certname( ID),
Set the certname (unique ID) of the client. The master reads this
unique identifying string, which is usually set to the node's
fully-qualified domain name, to determine which configurations the
node will receive. Use this option to debug setup problems or
implement unusual node identification schemes.
(This is a Puppet setting, and can go in puppet.conf.)
* --daemonize: # ,
Send the process into the background. This is the default.
(This is a Puppet setting, and can go in puppet.conf. Note the special 'no-'
prefix for boolean settings on the command line.)
* --no-daemonize: #
Do not send the process into the background.
(This is a Puppet setting, and can go in puppet.conf. Note the special 'no-'
prefix for boolean settings on the command line.)
* --debug: #debug
Enable full debugging.
* --detailed-exitcodes: #
Provide transaction information via exit codes. If this is enabled, an exit
code of '2' means there were changes, an exit code of '4' means there were
failures during the transaction, and an exit code of '6' means there were both
changes and failures.
* --digest: # , md5
Change the certificate fingerprinting digest algorithm. The default is
SHA256. Valid values depends on the version of OpenSSL installed, but
will likely contain MD5, MD2, SHA1 and SHA256.
* --disable: # puppet agent ,agent , master .
Disable working on the local system. This puts a lock file in place,
causing 'puppet agent' not to work on the system until the lock file
is removed. This is useful if you are testing a configuration and do
not want the central configuration to override the local state until
everything is tested and committed.
Disable can also take an optional message that will be reported by the
'puppet agent' at the next disabled run.
'puppet agent' uses the same lock file while it is running, so no more
than one 'puppet agent' process is working at a time.
'puppet agent' exits after executing this.
* --enable: # , puppet agent -t .
Enable working on the local system. This removes any lock file,
causing 'puppet agent' to start managing the local system again
(although it will continue to use its normal scheduling, so it might
not start for another half hour).
'puppet agent' exits after executing this.
* --fingerprint: #
Display the current certificate or certificate signing request
fingerprint and then exit. Use the '--digest' option to change the
digest algorithm used.
* --help:
Print this help message
* --logdest: # , syslog
Where to send log messages. Choose between 'syslog' (the POSIX syslog
service), 'eventlog' (the Windows Event Log), 'console', or the path to a log
file. If debugging or verbosity is enabled, this defaults to 'console'.
Otherwise, it defaults to 'syslog' on POSIX systems and 'eventlog' on Windows.
A path ending with '.json' will receive structured output in JSON format. The
log file will not have an ending ']' automatically written to it due to the
appending nature of logging. It must be appended manually to make the content
valid JSON.
* --masterport: # puppet
The port on which to contact the puppet master.
(This is a Puppet setting, and can go in puppet.conf.)
* --no-client: # , listen=true
Do not create a config client. This will cause the daemon to start
but not check configuration unless it is triggered with `puppet
kick`. This only makes sense when puppet agent is being run with
listen = true in puppet.conf or was started with the `--listen` option.
* --noop: # 'noop' , ,catalog agent .
Use 'noop' mode where the daemon runs in a no-op or dry-run mode. This
is useful for seeing what changes Puppet will make without actually
executing the changes.
(This is a Puppet setting, and can go in puppet.conf. Note the special 'no-'
prefix for boolean settings on the command line.)
* --onetime: # , --no-daemonize
Run the configuration once. Runs a single (normally daemonized) Puppet
run. Useful for interactively running puppet agent when used in
conjunction with the --no-daemonize option.
(This is a Puppet setting, and can go in puppet.conf. Note the special 'no-'
prefix for boolean settings on the command line.)
* --test: # , catalog
Enable the most common options used for testing. These are 'onetime',
'verbose', 'ignorecache', 'no-daemonize', 'no-usecacheonfailure',
'detailed-exitcodes', 'no-splay', and 'show_diff'.
* --verbose: # puppet
Turn on verbose reporting.
* --version: # puppet
Print the puppet version number and exit.
* --waitforcert: #agent master , agent2 master , 0, .
This option only matters for daemons that do not yet have certificates
and it is enabled by default, with a value of 120 (seconds). This
causes 'puppet agent' to connect to the server every 2 minutes and ask
it to sign a certificate request. This is useful for the initial setup
of a puppet client. You can turn off waiting for certificates by
specifying a time of 0.
(This is a Puppet setting, and can go in puppet.conf. Note the special 'no-'
prefix for boolean settings on the command line.)エージェント側はゲームを実行しようとしています.リソースがなくても実行できます.
[root@sh-proxy2 ~]# puppet agent -t
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for sh-proxy2.localdomain
Info: Applying configuration version '1504617222'
Notice: Finished catalog run in 0.02 seconds注記:リソースがある場合は、リソース全体の変更と正常に実行されたかどうかを確認できます.現在はMasterへのアクセスにかかる時間しか見られません.
注意:Agentの実行方法は2種類あります:1)コマンドは直接masterに接続して更新します.2)デーモンプロセスは実行して、30分ごとに更新を検出します(この時間は自分で設定できます).会社の生産は直接puppet agent-tをcrontab計画任務に追加して更新する(参考).
例:
[root@sh-proxy2 ~]# crontab -l
28,58 * * * * /usr/bin/puppet agent -t &>/dev/null例えば、agentサービスにはdonwはないが、agent側もmasterからリソースを更新することはできない.--enableを使用してオープンし、puppet agent-tを使用してリソースの更新を続行します.
[root@sh-proxy2 ~]# puppet agent --disable
[root@sh-proxy2 ~]# /etc/init.d/puppet status
puppet (pid 37949) is running...
[root@sh-proxy2 ~]# puppet agent -t
Notice: Skipping run of Puppet configuration client; administratively disabled (Reason: 'reason not specified');
Use 'puppet agent --enable' to re-enable.