Puppet 命令参数介绍
前言:
Puppet的工作原理:
puppet master启动默认是监听tcp协议的8140端口.通过ruby的webrick web接收agent端的请求,根据请求内容与master的统一接口文件site.pp文件匹配,将匹配到的主机资源编译成catalog向agent分发,agent接收到请求后在本地应用.
Puppet 命令分为独立命令和集成命令,puppet3.0版本后就没有了独立命令,集成命令也是未来的一个趋势,所以只写puppet集成命令.
通常查看帮助都知道使用-h,查看puppet 命令帮助也一样.
puppet 命令参数:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
<code>[root@puppet puppet]</code><code># puppet help</code>
<code>Usage: puppet <subcommand> [options] <action> [options]</code>
<code>Available subcommands:</code>
<code> </code>
<code> </code><code>agent The puppet agent daemon </code><code>#puppet agent守护进程</code>
<code> </code><code>apply Apply Puppet manifests locally </code><code>#应用puppet资源清单</code>
<code> </code><code>ca Local Puppet Certificate Authority management. </code><code>#管理本地puppet证书</code>
<code> </code><code>catalog Compile, save, view, and convert catalogs. </code><code>#编译,保存,查看,转换catalog</code>
<code> </code><code>cert Manage certificates and requests </code><code>#管理puppet认证</code>
<code> </code><code>certificate Provide access to the CA </code><code>for</code> <code>certificate management. </code><code>#提供CA证书接入管理</code>
<code> </code><code>certificate_request Manage certificate requests. </code><code>#管理证书请求</code>
<code> </code><code>certificate_revocation_list Manage the list of revoked certificates. </code><code>#显示删除证书列表</code>
<code> </code><code>config Interact with Puppet's settings. </code><code>#puppet 配置选项</code>
<code> </code><code>describe Display help about resource types </code><code>#显示资源类型帮助</code>
<code> </code><code>device Manage remote network devices </code><code>#管理远程网络设备</code>
<code> </code><code>doc Generate Puppet documentation and references </code><code>#puppet 文档生成和引用工具</code>
<code> </code><code>facts Retrieve and store facts. </code><code>#存储facts返回信息</code>
<code> </code><code>file</code> <code>Retrieve and store files </code><code>in</code> <code>a filebucket </code><code>#在filebucket中文件个数和存储文件</code>
<code> </code><code>filebucket Store and retrieve files </code><code>in</code> <code>a filebucket </code><code>#文件恢复与还原</code>
<code> </code><code>help Display Puppet help. </code><code>#显示puppet 帮助信息</code>
<code> </code><code>inspect Send an inspection report </code><code>#发送检查报告的</code>
<code> </code><code>instrumentation_data Manage instrumentation listener accumulated data. DEPRECATED. </code><code>#管理监听数据</code>
<code> </code><code>instrumentation_listener Manage instrumentation listeners. DEPRECATED. </code><code>#管理监听状态</code>
<code> </code><code>instrumentation_probe Manage instrumentation probes. Deprecated </code><code>#管理监听探测</code>
<code> </code><code>key Create, save, and remove certificate keys.</code><code>#创建,保存,删除证书秘钥文件</code>
<code> </code><code>kick Remotely control puppet agent </code><code>#puppet agent主动更新</code>
<code> </code><code>man</code> <code>Display Puppet manual pages. </code><code>#显示puppet 帮助页</code>
<code> </code><code>master The puppet master daemon </code><code>#puppet master守护进程</code>
<code> </code><code>module Creates, installs and searches </code><code>for</code> <code>modules on the Puppet Forge. </code><code>#通过puppet forge创建,安装,搜索模块</code>
<code> </code><code>node View and manage node definitions. </code><code>#查看和管理节点</code>
<code> </code><code>parser Interact directly with the parser. </code><code>#*.pp文件语法检查命令</code>
<code> </code><code>plugin Interact with the Puppet plugin system. </code><code>#插件管理</code>
<code> </code><code>queue Deprecated queuing daemon </code><code>for</code> <code>asynchronous storeconfigs </code><code>#puppet队列</code>
<code> </code><code>report Create, display, and submit reports. </code><code>#创建,显示,提交报告</code>
<code> </code><code>resource The resource abstraction layer shell </code><code>#资源RAL,仅供API使用</code>
<code> </code><code>resource_type View classes, defined resource types, and nodes from all manifests. </code><code>#查看类、默认资源与来自manifests的节点信息.</code>
<code> </code><code>secret_agent Mimics puppet agent. </code><code>#模拟agent</code>
<code> </code><code>status View puppet server status. </code><code>#查看服务状态</code>
<code>See </code><code>'puppet help <subcommand> <action>'</code> <code>for</code> <code>help on a specific subcommand action.</code>
<code>See </code><code>'puppet help <subcommand>'</code> <code>for</code> <code>help on a specific subcommand.</code>
<code>Puppet v3.8.7</code>
puppet master 命令参数:(注释部分过多就不贴出来了,挑主要的)
<code>[root@puppet puppet]</code><code># puppet master --help</code>
<code>* --daemonize: </code><code>#将进程发送到后台运行,是master默认参数</code>
<code> </code><code>Send the process into the background. This is the default.</code>
<code> </code><code>(This is a Puppet setting, and can go </code><code>in</code> <code>puppet.conf. Note the special </code><code>'no-'</code>
<code> </code><code>prefix </code><code>for</code> <code>boolean settings on the </code><code>command</code> <code>line.)</code>
<code>* --no-daemonize: </code><code>#将启动进程输出信息发送到标准输出,简单理解不打到后台运行</code>
<code> </code><code>Do not send the process into the background.</code>
<code>* --debug:</code><code>#debug模式</code>
<code> </code><code>Enable full debugging.</code>
<code>* --help: </code><code>#帮助信息</code>
<code> </code><code>Print this help message.</code>
<code>* --logdest: </code><code>#指定输出日志的路径和文件名,可以选择系统log和控制终端或者指定路径,默认为控制终端.</code>
<code> </code><code>Where to send log messages. Choose between </code><code>'syslog'</code> <code>(the POSIX syslog</code>
<code> </code><code>service), </code><code>'console'</code><code>, or the path to a log </code><code>file</code><code>. If debugging or verbosity is</code>
<code> </code><code>enabled, this defaults to </code><code>'console'</code><code>. Otherwise, it defaults to </code><code>'syslog'</code><code>.</code>
<code> </code><code>A path ending with </code><code>'.json'</code> <code>will receive structured output </code><code>in</code> <code>JSON </code><code>format</code><code>. The</code>
<code> </code><code>log </code><code>file</code> <code>will not have an ending </code><code>']'</code> <code>automatically written to it due to the</code>
<code> </code><code>appending nature of logging. It must be appended manually to </code><code>make</code> <code>the content</code>
<code> </code><code>valid JSON.</code>
<code>* --masterport: </code><code>#Master自定义端口.</code>
<code> </code><code>The port on </code><code>which</code> <code>to listen </code><code>for</code> <code>traffic.</code>
<code> </code><code>(This is a Puppet setting, and can go </code><code>in</code> <code>puppet.conf.)</code>
<code>* --verbose: </code><code>#输出扩展信息</code>
<code> </code><code>Enable verbosity.</code>
<code>* --version: </code><code>#显示Master版本信息</code>
<code> </code><code>Print the puppet version number and </code><code>exit</code><code>.</code>
<code>* --compile: </code><code>#编译后的catalog以json的格式输出到 $vardir/yaml/目录,</code>
<code> </code><code>Compile a catalogue and output it </code><code>in</code> <code>JSON from the puppet master. Uses</code>
<code> </code><code>facts contained </code><code>in</code> <code>the $vardir</code><code>/yaml/</code> <code>directory to compile the catalog.</code>
Puppet agent参数:
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
<code>[root@puppet puppet]</code><code># puppet agent --help</code>
<code>#</code>
<code>* --certname: </code><code>#指定客户端certname(唯一ID),通常以域名命名</code>
<code> </code><code>Set the certname (unique ID) of the client. The master reads this</code>
<code> </code><code>unique identifying string, </code><code>which</code> <code>is usually </code><code>set</code> <code>to the node's</code>
<code> </code><code>fully-qualified domain name, to determine </code><code>which</code> <code>configurations the</code>
<code> </code><code>node will receive. Use this option to debug setup problems or</code>
<code> </code><code>implement unusual node identification schemes.</code>
<code>* --daemonize: </code><code>#启动进程发送到后台守护进程,默认选项</code>
<code>* --no-daemonize: </code><code>#不发送到后台守护进程</code>
<code>* --debug: </code><code>#debug调试模式</code>
<code>* --detailed-exitcodes: </code><code>#提供详细的退出代码</code>
<code> </code><code>Provide transaction information via </code><code>exit</code> <code>codes. If this is enabled, an </code><code>exit</code>
<code> </code><code>code of </code><code>'2'</code> <code>means there were changes, an </code><code>exit</code> <code>code of </code><code>'4'</code> <code>means there were</code>
<code> </code><code>failures during the transaction, and an </code><code>exit</code> <code>code of </code><code>'6'</code> <code>means there were both</code>
<code> </code><code>changes and failures.</code>
<code>* --digest: </code><code>#指定证书指纹算法,默认为md5</code>
<code> </code><code>Change the certificate fingerprinting digest algorithm. The default is</code>
<code> </code><code>SHA256. Valid values depends on the version of OpenSSL installed, but</code>
<code> </code><code>will likely contain MD5, MD2, SHA1 and SHA256.</code>
<code>* --disable: </code><code>#禁用puppet agent 在此节点执行,agent的守护进程还是运行的,只是此节点不去master同步配置了.</code>
<code> </code><code>Disable working on the </code><code>local</code> <code>system. This puts a lock </code><code>file</code> <code>in</code> <code>place,</code>
<code> </code><code>causing </code><code>'puppet agent'</code> <code>not to work on the system </code><code>until</code> <code>the lock </code><code>file</code>
<code> </code><code>is removed. This is useful </code><code>if</code> <code>you are testing a configuration and </code><code>do</code>
<code> </code><code>not want the central configuration to override the </code><code>local</code> <code>state </code><code>until</code>
<code> </code><code>everything is tested and committed.</code>
<code> </code><code>Disable can also take an optional message that will be reported by the</code>
<code> </code><code>'puppet agent'</code> <code>at the next disabled run.</code>
<code> </code><code>'puppet agent'</code> <code>uses the same lock </code><code>file</code> <code>while</code> <code>it is running, so no </code><code>more</code>
<code> </code><code>than one </code><code>'puppet agent'</code> <code>process is working at a </code><code>time</code><code>.</code>
<code> </code><code>'puppet agent'</code> <code>exits after executing this.</code>
<code>* --</code><code>enable</code><code>: </code><code>#启用,允许执行puppet agent -t 同步配置.</code>
<code> </code><code>Enable working on the </code><code>local</code> <code>system. This removes any lock </code><code>file</code><code>,</code>
<code> </code><code>causing </code><code>'puppet agent'</code> <code>to start managing the </code><code>local</code> <code>system again</code>
<code> </code><code>(although it will </code><code>continue</code> <code>to use its normal scheduling, so it might</code>
<code> </code><code>not start </code><code>for</code> <code>another half hour).</code>
<code>* --fingerprint: </code><code>#显示当前证书的指纹</code>
<code> </code><code>Display the current certificate or certificate signing request</code>
<code> </code><code>fingerprint and </code><code>then</code> <code>exit</code><code>. Use the </code><code>'--digest'</code> <code>option to change the</code>
<code> </code><code>digest algorithm used.</code>
<code>* --help:</code>
<code> </code><code>Print this help message</code>
<code>* --logdest: </code><code>#日志发送方式,默认采用syslog配置</code>
<code> </code><code>service), </code><code>'eventlog'</code> <code>(the Windows Event Log), </code><code>'console'</code><code>, or the path to a log</code>
<code> </code><code>file</code><code>. If debugging or verbosity is enabled, this defaults to </code><code>'console'</code><code>.</code>
<code> </code><code>Otherwise, it defaults to </code><code>'syslog'</code> <code>on POSIX systems and </code><code>'eventlog'</code> <code>on Windows.</code>
<code>* --masterport: </code><code>#指令puppet端口的</code>
<code> </code><code>The port on </code><code>which</code> <code>to contact the puppet master.</code>
<code>* --no-client: </code><code>#不要创建客户端配置文件,当listen=true 时才有意义</code>
<code> </code><code>Do not create a config client. This will cause the daemon to start</code>
<code> </code><code>but not check configuration unless it is triggered with `puppet</code>
<code> </code><code>kick`. This only makes sense when puppet agent is being run with</code>
<code> </code><code>listen = </code><code>true</code> <code>in</code> <code>puppet.conf or was started with the `--listen` option.</code>
<code>* --noop: </code><code>#使用'noop'模式,仅运行测试,catalog不在agent端应用.</code>
<code> </code><code>Use </code><code>'noop'</code> <code>mode where the daemon runs </code><code>in</code> <code>a no-</code><code>op</code> <code>or dry-run mode. This</code>
<code> </code><code>is useful </code><code>for</code> <code>seeing what changes Puppet will </code><code>make</code> <code>without actually</code>
<code> </code><code>executing the changes.</code>
<code>* --onetime: </code><code>#运行一次,配合--no-daemonize使用</code>
<code> </code><code>Run the configuration once. Runs a single (normally daemonized) Puppet</code>
<code> </code><code>run. Useful </code><code>for</code> <code>interactively running puppet agent when used </code><code>in</code>
<code> </code><code>conjunction with the --no-daemonize option.</code>
<code>* --</code><code>test</code><code>: </code><code>#测试,但是会在本地应用catalog</code>
<code> </code><code>Enable the most common options used </code><code>for</code> <code>testing. These are </code><code>'onetime'</code><code>,</code>
<code> </code><code>'verbose'</code><code>, </code><code>'ignorecache'</code><code>, </code><code>'no-daemonize'</code><code>, </code><code>'no-usecacheonfailure'</code><code>,</code>
<code> </code><code>'detailed-exitcodes'</code><code>, </code><code>'no-splay'</code><code>, and </code><code>'show_diff'</code><code>.</code>
<code>* --verbose: </code><code>#显示puppet扩展信息</code>
<code> </code><code>Turn on verbose reporting.</code>
<code>* --version: </code><code>#显示puppet版本信息</code>
<code>* --waitforcert: </code><code>#agent向master证书认证等待时间,默认为agent2分钟向master请求一次,如果设为0,表示不等待.</code>
<code> </code><code>This option only matters </code><code>for</code> <code>daemons that </code><code>do</code> <code>not yet have certificates</code>
<code> </code><code>and it is enabled by default, with a value of 120 (seconds). This</code>
<code> </code><code>causes </code><code>'puppet agent'</code> <code>to connect to the server every 2 minutes and ask</code>
<code> </code><code>it to sign a certificate request. This is useful </code><code>for</code> <code>the initial setup</code>
<code> </code><code>of a puppet client. You can turn off waiting </code><code>for</code> <code>certificates by</code>
<code> </code><code>specifying a </code><code>time</code> <code>of 0.</code>
Agent端尝试运行玩玩,没有资源也可以运行:
<code>[root@sh-proxy2 ~]</code><code># puppet agent -t</code>
<code>Info: Retrieving pluginfacts</code>
<code>Info: Retrieving plugin</code>
<code>Info: Caching catalog </code><code>for</code> <code>sh-proxy2.localdomain</code>
<code>Info: Applying configuration version </code><code>'1504617222'</code>
<code>Notice: Finished catalog run </code><code>in</code> <code>0.02 seconds</code>
注释:如果有资源可以看到整个资源的更改,和是否运行成功.目前只能看到访问Master的耗时.
注意:Agent的运行方式有两种:1)命令直接连接master做更新.2)守护进程运行,每30分钟检测更新(这个时间自己可以设置).公司的生产直接将puppet agent -t 加到crontab计划任务做更新(参考借鉴).
举例:
<code>[root@sh-proxy2 ~]</code><code># crontab -l</code>
<code>28,58 * * * * </code><code>/usr/bin/puppet</code> <code>agent -t &></code><code>/dev/null</code>
举例:agent服务并没donw,但是agent端也不能从master更新资源.使用--enable开启,再使用puppet agent -t继续更新资源.
<code>[root@sh-proxy2 ~]</code><code># puppet agent --disable</code>
<code>[root@sh-proxy2 ~]</code><code># /etc/init.d/puppet status</code>
<code>puppet (pid 37949) is running...</code>
<code>Notice: Skipping run of Puppet configuration client; administratively disabled (Reason: </code><code>'reason not specified'</code><code>);</code>
<code>Use </code><code>'puppet agent --enable'</code> <code>to re-</code><code>enable</code><code>.</code>
本文转自青衫解衣 51CTO博客,原文链接:http://blog.51cto.com/215687833/1963179