puppet手册之建立软件安装源

[导读]

本文是接着puppet cookbook系列中文翻译文档而来,本小节的主要的内容是

从第三方软件源安装软件,以及如何建立软件安装源,例如:centos系统的 yum 源,

debian,ubuntu的apt软件源,以及我们在使用puppet过程中去gem安装软件,

那么如何建立gem源,都将在本小节揭晓.

[正文]

                                                                                             从第三方仓库安装软件包

大多数情况下,你从主要发行版本仓库安装软件包,因些一个简单的package资源
可以做到.

package { "exim4": ensure => installed }

但是,有时你需要的软件包只能在第三方仓库里才能找到(例如,Ubuntu 的PPA),
或者是由第三方提供的比主流发生版本较新版本的软件包.

如果手动管理机器,你通常需要在安装软件包之前先添加仓库源到/etc/apt/sources.list.d(如
果有必要,还要导入仓库的密钥).我们可以使用Puppet来自动完成这些过程.

怎么办呢…
1.添加以下内容到你的代码:

package { "python-software-properties": ensure => installed }
exec { "/usr/bin/add-apt-repository ppa:mathiaz/puppet-backports":
creates => "/etc/apt/sources.list.d/mathiaz-puppet-backports-lucid.list",
require => Package["python-software-properties"],
}

2.运行Puppet:

# puppet agent --test
info: Retrieving plugin
info: Caching catalog for cookbook.bitfieldconsulting.com
info: Applying configuration version '1304773240'
notice: /Stage[main]//Node[cookbook]/Exec[/usr/bin/add-apt-
repository ppa:mathiaz/puppet-backports]/returns: executed
successfully
notice: Finished catalog run in 5.97 seconds

它是如何工作的…
1.python-software-properties 提供了add-apt- repository命令,

add-apt-repository简化了添加额外的软件源的过程:

package { "python-software-properties": ensure => installed }

2.然后调用exec 命令来添加所需要的配置:

exec { "/usr/bin/add-apt-repository ppa:mathiaz/puppet-backports":

3.因此,exec不是每次都随Puppet运行,我们指定了命令生成的文件,因此,如果
文件已经生成,那么exec将会跳过,并不执行exec资源.

creates => "/etc/apt/sources.list.d/mathiaz-puppet-backports-lucid.list",

你可能想在/etc/apt/sources.list.d目录下,删除不必要的仓库源,像之前
章节介绍的递归file资源.

另请参阅:
使用递归文件资源创建目录树

                                                            建立Apt软件仓库源
“We will control the horizontal. We will control the vertical.”
- The Outer Limits

运行自己的软件包仓库有几个优点.你可以自己发布软件.你可以控制版本的上游或者
把第三方软件包的版本放进仓库.你可以很快的找到你的服务器,可以避免因为网络慢
或者不可靠的镜像站点去下载安装软件包.

即使你不需要创建自己的软件包,你可能需要下载所需的关键依赖包的版本,并保存在
自己的仓库里,从而防止上游任何改变而引出的意外.(例如,你的发行版本镜像源到期
而关闭).所以它很方指定ensure=>laster来更新到最新版本.

这也使得使用Puppet很容易自动更新这些软件包,你可能偶尔需要更新
一个软件包(例如,当安全更新可用的时候),但是,如果你不控制
仓库,如果你不想升级就面对危险.不升级会给你的系统带来麻烦.

自己建仓库两全其美,你可以使用Puppet 自动更新软件包,但是,前提软件是要
从仓库源更新,当新版本可用时,只需要复制到源去.你可以在软件包安装到线上环境
前进行测试,然后再放到生产线上的源.

准备…

你需要’使用ERB 模板’的章节中的apache模块,如果不存在请自己创建.
在这个例子中,我的软件源名称为 packages.bitfieldconsulting.com,那是
因为我想这样叫,当然你可以取一个不同名,那样的话你要替换例子中的整个源的名称.

怎么办呢…

# mkdir /etc/puppet/modules/repo
# mkdir /etc/puppet/modules/repo/manifests
# mkdir /etc/puppet/modules/repo/files

2.创建/etc/puppet/modules/repo/manifests/init.pp文件,内容如下:

import "*"

3.创建 /etc/puppet/modules/repo/manifests/bitfield-server. pp文件,内容如下:

class repo::bitfield-server {
include apache
package { "reprepro": ensure => installed }
file { [ "/var/apt",
"/var/apt/conf" ]:
ensure => directory,
}
file { "/var/apt/conf/distributions":
source => "puppet:///modules/repo/distributions",
require => File["/var/apt/conf"],
}
file { "/etc/apache2/sites-available/apt-repo":
source => "puppet:///modules/repo/apt-repo.conf",
require => Package["apache2-mpm-worker"],
}
file { "/etc/apache2/sites-enabled/apt-repo":
ensure => symlink,
target => "/etc/apache2/sites-available/apt-repo",
require => File["/etc/apache2/sites-available/apt-repo"],
notify => Service["apache2"],
}
}

4.创建/etc/puppet/modules/repo/files/distributions 文件,内容如下:

Origin: Bitfield Consulting
Label: bitfield
Suite: stable
Codename: lucid
Architectures: amd64 i386
Components: main non-free contrib
Description: Custom and cached packages for Bitfield Consulting

5.创建 /etc/puppet/modules/repo/files/apt-repo.conf文件,内容如下:

<VirtualHost *:80>
DocumentRoot /var/apt
ServerName packages.bitfieldconsulting.com
ErrorLog /var/log/apache2/packages.bitfieldconsulting.com.
error.log
LogLevel warn
CustomLog /var/log/apache2/packages.bitfieldconsulting.com.
access.log combined
ServerSignature On
# Allow directory listings so that people can browse the
repository from their browser too
<Directory "/var/apt">
Options Indexes FollowSymLinks MultiViews
DirectoryIndex index.html
AllowOverride Options
Order allow,deny
allow from all
</Directory>
# Hide the conf/ directory for all repositories
<Directory "/var/apt/conf">
Order allow,deny
Deny from all
Satisfy all
</Directory>
# Hide the db/ directory for all repositories
<Directory "/var/apt/db">
Order allow,deny
Deny from all
Satisfy all
</Directory>
</VirtualHost>

5. 在某个节点上添加下面的代码:

include repo::bitfield-server

6. 运行Puppet:

# puppet agent --test
info: Retrieving plugin
info: Caching catalog for cookbook.bitfieldconsulting.com
info: Applying configuration version '1304775601'
notice: /Stage[main]/Repo::Bitfield-server/File[/var/apt]/ensure:created
notice: /Stage[main]/Repo::Bitfield-server/File[/var/apt/conf]/ensure: created
notice: /Stage[main]/Repo::Bitfield-server/File[/var/apt/conf/
distributions]/ensure: defined content as '{md5}65dc791b876f53318a35fcc42c770283'
notice: /Stage[main]/Repo::Bitfield-server/Package[reprepro]/ensure: created
notice: /Stage[main]/Repo::Bitfield-server/File[/etc/apache2/sites-enabled/apt-repo]/ensure: created
notice: /Stage[main]/Repo::Bitfield-server/File[/etc/apache2/
sites-available/apt-repo]/ensure: defined content as '{md5}2da4686957e5acf49220047fe6f6e6e1'
info: /Stage[main]/Repo::Bitfield-server/File[/etc/apache2/sites-enabled/apt-repo]: Scheduling refresh of Service[apache2]
notice: /Stage[main]/Apache/Service[apache2]: Triggered 'refresh'from 1 events
notice: Finished catalog run in 16.32 seconds

它是如何工作的…

其实,你并不很需要APT 仓库,它可以通过HTPP下载,所以你刚才需要一个虚拟主机,
你可以把实际的rpm文件存放在你喜欢的位置,只要一个conf/distributions文件,
这是提供仓库的APT信息.
1.bitfield-server类的第一部分,是确保我们已经安装配置好Apache:

class repo::bitfield-server {
include apache

2.reprepro 工具用于管理仓库本身,非常有用(例如,添加一个新的软件包):

package { "reprepro": ensure => installed }

3.我们创建一个仓库的根目录/var/apt,平时还有conf/distributions文件:

file { [ "/var/apt",
"/var/apt/conf" ]:
ensure => directory,
}
file { "/var/apt/conf/distributions":
source => "puppet:///modules/repo/distributions",
require => File["/var/apt/conf"],
}

4.类的其它部分是发布一个虚拟主机,并使它能够响应

packages.bitfieldconsulting.com请求:
file { "/etc/apache2/sites-available/apt-repo":
source => "puppet:///modules/repo/apt-repo.conf",
require => Package["apache2-mpm-worker"],
}
file { "/etc/apache2/sites-enabled/apt-repo":
ensure => symlink,
target => "/etc/apache2/sites-available/apt-repo",
require => File["/etc/apache2/sites-available/apt-repo"],
notify => Service["apache2"],
}

还有更多
当然,一个好的仓库不能没有软件包,在本节中,我们将看到如何添加包,以及如何
配置服务器从仓库下载软件包.

添加软件包

要添加一上软件包到仓库,先下载它然后使用reprepro添加它到仓库:

# cd /tmp
# wget http://archive.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p8+dfsg-
1ubuntu2.1_i386.deb
# cd /var/apt
# reprepro includedeb lucid /tmp/ntp_4.2.4p8+dfsg-1ubuntu2.1_i386.deb
Exporting indices...

配置节点使用仓库
1.创建/etc/puppet/modules/repo/manifests/bitfield.pp文件,
内容如下(请根据实际替换IP为地址为你的仓库主机所在的IP地址):

class repo::bitfield {
host { "packages.bitfieldconsulting.com":
ip => "10.0.2.15",
ensure => present,puppet手册之建立软件安装源
target => "/etc/hosts",
}
file { "/etc/apt/sources.list.d/bitfield.list":
content => "deb http://packages.bitfieldconsulting.com/lucid mainn",
require => Host["packages.bitfieldconsulting.com"],
notify => Exec["bitfield-update"],
}
exec { "bitfield-update":
command => "/usr/bin/apt-get update",
require => File["/etc/apt/sources.list.d/bitfield.list"],
refreshonly => true,
}
}

如果你有DNS 服务器或者你可以控制你的DNS 区域,你可以跳过主机条目.

2.应用这个类到节点:

node cookbook {
include repo::bitfield
}

3.测试NTP软件包是否能从仓库中的找到:

# apt-cache madison ntp
ntp | 1:4.2.4p8+dfsg-1ubuntu2.1 | http://us.archive.ubuntu.
com/ubuntu/ lucid-updates/main Packages
ntp | 1:4.2.4p8+dfsg-1ubuntu2.1 | http://packages.
bitfieldconsulting.com/ lucid/main Packages
ntp | 1:4.2.4p8+dfsg-1ubuntu2 | http://us.archive.ubuntu.
com/ubuntu/ lucid/main Packages
ntp | 1:4.2.4p8+dfsg-1ubuntu2 | http://us.archive.ubuntu.
com/ubuntu/ lucid/main Sources
ntp | 1:4.2.4p8+dfsg-1ubuntu2.1 | http://us.archive.ubuntu.
com/ubuntu/ lucid-updates/main Sources

3.签名你的软件包
供生产线使用,你应该给仓库和软件包设置GPG 密钥;更多更关如何使用GPG密钥,
可以看Sander Marechal的文章,主题为建立和管理APT 源非常有用.链接地址为
http://www.jejik.com/articles/2006/09/setting_up_and_ managing_an_apt_repository_with_reprepro/

                                                   建立一个gem 源

每个系统管理员都有一个梦想,没有不兼容的软件包和系统,如果你管理Ruby或者
Rails应用程序,你需要使用Rubygems来处理.维护自己的gem源有很多优点,就
像建立一个APT 源一样:你可以控制软件包的版本和应用,如果你需要,你也可以
用它来分发你的gems.

怎么办呢….
1.创建/etc/puppet/modules/repo/manifests/gem-server.pp文件,内容
如下:

class repo::gem-server {
include apache
file { "/etc/apache2/sites-available/gemrepo":
source => "puppet:///modules/repo/gemrepo.conf",
require => Package["apache2-mpm-worker"],
notify => Service["apache2"],
}
file { "/etc/apache2/sites-enabled/gemrepo":
ensure => symlink,
target => "/etc/apache2/sites-available/gemrepo",
require => File["/etc/apache2/sites-available/gemrepo"],
notify => Service["apache2"],
}
file { "/var/gemrepo":
ensure => directory,
}
}

2.创建/etc/puppet/modules/repo/files/gemrepo.conf 文件,内容如下:

<VirtualHost *:80>
ServerAdmin john@bitfieldconsulting.com
ServerName gems.bitfieldconsulting.com
ErrorLog logs/gems.bitfieldconsulting.com-error_log
CustomLog logs/gems.bitfieldconsulting.com-access_log common
Alias / /var/gemrepo/
<Location />
Options Indexes
</Location>
</VirtualHost>

3.添加下面代码到你的节点:

node cookbook {
include repo::gem-server
}

4.运行Puppet:

# puppet agent --test
info: Retrieving plugin
info: Caching catalog for cookbook.bitfieldconsulting.com
info: Applying configuration version '1304949279'
notice: /Stage[main]/Repo::Gem-server/File[/etc/apache2/sites-
available/gemrepo]/ensure: defined content as '{md5}ae1fd948098f14
503de02441d02a825d'
info: /Stage[main]/Repo::Gem-server/File[/etc/apache2/sites-
available/gemrepo]: Scheduling refresh of Service[apache2]
notice: /Stage[main]/Repo::Gem-server/File[/etc/apache2/sites-
enabled/gemrepo]/ensure: created
info: /Stage[main]/Repo::Gem-server/File[/etc/apache2/sites-
enabled/gemrepo]: Scheduling refresh of Service[apache2]
notice: /Stage[main]/Apache/Service[apache2]: Triggered 'refresh'from 2 events
notice: /Stage[main]/Repo::Gem-server/File[/var/gemrepo]/ensure:created
notice: Finished catalog run in 6.52 seconds

它是如何工作的….
极其像APT 源,并遵循相同的原则,我们定义了一个gem仓库的目录,并定义了一个虚拟
主机,确保它能响应gems.bitfieldconsulting.com请求.

还有更多…
同样的,你如果把某些东西放到gem仓库也是非常有用的,下面会演示如何去做,
以及如何配置节点能访问gem 仓库.

添加gems

增加一个新的gems到你的仓库非常简单.把gem 放到 /var/gemrepo/gems ,并在
/var/gemrepo目录运行gem generate_index命令.

# gem generate_index

使用gem 仓库

和APT 仓库一样,确保节点知道gems 源主机的主机名bitfieldconsulting.com,
,它通常使用Puppet来部署主机条目,或者配置DNS.
然后,你可以在Puppet指定一个软件包,如下所示:

package { "json":
provider => "gem",
source => "http://gems.bitfieldconsulting.com",
}

顺便说一句,由于在天朝,rubygems.org无法正常使用,你懂的,需要拨vpn才可以,推荐大家使用

taobao的镜像作为源.地址为:http://ruby.taobao.org/


[总结]

puppet cookbook系列未完待续,下一小节,就介绍最后两小节的,在puppet中如何使用源文件

来自动构建软件包,以及在puppet中如何比较软件包的版本,因为我们在运维工作中,经常

会遇到软件包要统一版本管理,我们可以在puppet使用versioncmp来比较app版本,进而

让我们明确是否需要更新app版本.详情,期待下文.

3 thoughts on “puppet手册之建立软件安装源

  1. Pingback: puppet手册从源文件构建软件包以及如何利用puppet比较软件包版本 | MySQLOPS 数据库与运维自动化技术分享

  2. I personally blog also and I’m publishing something alike to this excellent blog post, “puppet手册之建立软件安装源 | MySQLOPS 数据库与运维自动化技术分享”.

    Do you really mind in cases where I actuallyutilize a number of your personal points?

    Regards ,Uwe

发表评论

电子邮件地址不会被公开。 必填项已用*标注

您可以使用这些HTML标签和属性: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>