美文网首页
puppet自动化介绍及资源之用户组的定义

puppet自动化介绍及资源之用户组的定义

作者: 尘曦的雨 | 来源:发表于2017-09-24 11:02 被阅读38次

配置并使用阿里yum源安装

rm -rf /etc/yum.repos.d/*
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo 
 yum -y install puppet

资源清单

[root@centos7 ~]# puppet help

Usage: puppet <subcommand> [options] <action> [options]

Available subcommands:
    
  agent             The puppet agent daemon
  apply             Apply Puppet manifests locally
  ca                Local Puppet Certificate Authority management.
  catalog           Compile, save, view, and convert catalogs.
  cert              Manage certificates and requests
  certificate       Provide access to the CA for certificate management.
  certificate_request  Manage certificate requests.
  certificate_revocation_list  Manage the list of revoked certificates.
  config            Interact with Puppet's settings.
  describe          Display help about resource types
  device            Manage remote network devices
  doc               Generate Puppet documentation and references
  facts             Retrieve and store facts.
  file              Retrieve and store files in a filebucket
  filebucket        Store and retrieve files in a filebucket
  help              Display Puppet help.
  inspect           Send an inspection report
  instrumentation_data  Manage instrumentation listener accumulated data.
  instrumentation_listener  Manage instrumentation listeners.
  instrumentation_probe  Manage instrumentation probes.
  key               Create, save, and remove certificate keys.
  kick              Remotely control puppet agent
  man               Display Puppet manual pages.
  master            The puppet master daemon
  module            Creates, installs and searches for modules on the Puppet Forge.
  node              View and manage node definitions.
  parser            Interact directly with the parser.
  plugin            Interact with the Puppet plugin system.
  queue             Deprecated queuing daemon for asynchronous storeconfigs
  report            Create, display, and submit reports.
  resource          The resource abstraction layer shell
  resource_type     View classes, defined resource types, and nodes from all manifests.
  secret_agent      Mimics puppet agent.
  status            View puppet server status.

See 'puppet help <subcommand> <action>' for help on a specific subcommand action.
See 'puppet help <subcommand>' for help on a specific subcommand.
Puppet v3.6.2
[root@centos7 ~]# puppet help describe   查看资源清单的帮助

puppet-describe(8) -- Display help about resource types
========

SYNOPSIS
--------
Prints help about Puppet resource types, providers, and metaparameters.


USAGE
-----
puppet describe [-h|--help] [-s|--short] [-p|--providers] [-l|--list] [-m|--meta]


OPTIONS
-------
* --help:
  Print this help text

* --providers:
  Describe providers in detail for each type

* --list:
  List all types

* --meta:
  List all metaparameters

* --short:
  List only parameters without detail


EXAMPLE
-------
    $ puppet describe --list
    $ puppet describe file --providers
    $ puppet describe user -s -m


AUTHOR
------
David Lutterkort


COPYRIGHT
---------
Copyright (c) 2011 Puppet Labs, LLC Licensed under the Apache 2.0 License

[root@centos7 ~]# puppet describe --list   查看资源清单支持的类型
These are the types known to puppet:
augeas          - Apply a change or an array of changes to the  ...
computer        - Computer object management using DirectorySer ...
cron            - Installs and manages cron jobs
exec            - Executes external commands
file            - Manages files, including their content, owner ...
filebucket      - A repository for storing and retrieving file  ...
group           - Manage groups
host            - Installs and manages host entries
interface       - This represents a router or switch interface
k5login         - Manage the `.k5login` file for a user
macauthorization - Manage the Mac OS X authorization database
mailalias       - .. no documentation ..
maillist        - Manage email lists
mcx             - MCX object management using DirectoryService  ...
mount           - Manages mounted filesystems, including puttin ...
nagios_command  - The Nagios type command
nagios_contact  - The Nagios type contact
nagios_contactgroup - The Nagios type contactgroup
nagios_host     - The Nagios type host
nagios_hostdependency - The Nagios type hostdependency
nagios_hostescalation - The Nagios type hostescalation
nagios_hostextinfo - The Nagios type hostextinfo
nagios_hostgroup - The Nagios type hostgroup
nagios_service  - The Nagios type service
nagios_servicedependency - The Nagios type servicedependency
nagios_serviceescalation - The Nagios type serviceescalation
nagios_serviceextinfo - The Nagios type serviceextinfo
nagios_servicegroup - The Nagios type servicegroup
nagios_timeperiod - The Nagios type timeperiod
notify          - .. no documentation ..
package         - Manage packages
resources       - This is a metatype that can manage other reso ...
router          - .. no documentation ..
schedule        - Define schedules for Puppet
scheduled_task  - Installs and manages Windows Scheduled Tasks
selboolean      - Manages SELinux booleans on systems with SELi ...
selmodule       - Manages loading and unloading of SELinux poli ...
service         - Manage running services
ssh_authorized_key - Manages SSH authorized keys
sshkey          - Installs and manages ssh host keys
stage           - A resource type for creating new run stages
tidy            - Remove unwanted files based on specific crite ...
user            - Manage users
vlan            - .. no documentation ..
whit            - Whits are internal artifacts of Puppet's curr ...
yumrepo         - The client-side description of a yum reposito ...
zfs             - Manage zfs
zone            - Manages Solaris zones
zpool           - Manage zpools

[root@centos7 ~]# puppet describe --list
These are the types known to puppet:
augeas          - Apply a change or an array of changes to the  ...
computer        - Computer object management using DirectorySer ...
cron            - Installs and manages cron jobs
exec            - Executes external commands
file            - Manages files, including their content, owner ...
filebucket      - A repository for storing and retrieving file  ...
group           - Manage groups
host            - Installs and manages host entries
interface       - This represents a router or switch interface
k5login         - Manage the `.k5login` file for a user
macauthorization - Manage the Mac OS X authorization database
mailalias       - .. no documentation ..
maillist        - Manage email lists
mcx             - MCX object management using DirectoryService  ...
mount           - Manages mounted filesystems, including puttin ...
nagios_command  - The Nagios type command
nagios_contact  - The Nagios type contact
nagios_contactgroup - The Nagios type contactgroup
nagios_host     - The Nagios type host
nagios_hostdependency - The Nagios type hostdependency
nagios_hostescalation - The Nagios type hostescalation
nagios_hostextinfo - The Nagios type hostextinfo
nagios_hostgroup - The Nagios type hostgroup
nagios_service  - The Nagios type service
nagios_servicedependency - The Nagios type servicedependency
nagios_serviceescalation - The Nagios type serviceescalation
nagios_serviceextinfo - The Nagios type serviceextinfo
nagios_servicegroup - The Nagios type servicegroup
nagios_timeperiod - The Nagios type timeperiod
notify          - .. no documentation ..
package         - Manage packages
resources       - This is a metatype that can manage other reso ...
router          - .. no documentation ..
schedule        - Define schedules for Puppet
scheduled_task  - Installs and manages Windows Scheduled Tasks
selboolean      - Manages SELinux booleans on systems with SELi ...
selmodule       - Manages loading and unloading of SELinux poli ...
service         - Manage running services
ssh_authorized_key - Manages SSH authorized keys
sshkey          - Installs and manages ssh host keys
stage           - A resource type for creating new run stages
tidy            - Remove unwanted files based on specific crite ...
user            - Manage users
vlan            - .. no documentation ..
whit            - Whits are internal artifacts of Puppet's curr ...
yumrepo         - The client-side description of a yum reposito ...
zfs             - Manage zfs
zone            - Manages Solaris zones
zpool           - Manage zpools

[root@centos7 ~]# puppet describe package   #安装程序包的类型
package
=======
Manage packages.  There is a basic dichotomy in package
support right now:  Some package types (e.g., yum and apt) can
retrieve their own package files, while others (e.g., rpm and sun)
cannot.  For those package formats that cannot retrieve their own files,
you can use the `source` parameter to point to the correct file.
Puppet will automatically guess the packaging format that you are
using based on the platform you are on, but you can override it
using the `provider` parameter; each provider defines what it
requires in order to function, and you must meet those requirements
to use a given provider.
**Autorequires:** If Puppet is managing the files specified as a
package's `adminfile`, `responsefile`, or `source`, the package
resource will autorequire those files.


Parameters
----------

- **adminfile**
    A file containing package defaults for installing packages.
    This is currently only used on Solaris.  The value will be
    validated according to system rules, which in the case of
    Solaris means that it should either be a fully qualified path
    or it should be in `/var/sadm/install/admin`.

- **allow_virtual**
    Specifies if virtual package names are allowed for install and
    uninstall.
    Valid values are `true`, `false`, `yes`, `no`. 
    Requires features virtual_packages.

- **allowcdrom**
    Tells apt to allow cdrom sources in the sources.list file.
    Normally apt will bail if you try this.
    Valid values are `true`, `false`. 

- **category**
    A read-only parameter set by the package.

- **configfiles**
    Whether configfiles should be kept or replaced.  Most packages
    types do not support this parameter. Defaults to `keep`.
    Valid values are `keep`, `replace`. 

- **description**
    A read-only parameter set by the package.

- **ensure**
    What state the package should be in. On packaging systems that can
    retrieve new packages on their own, you can choose which package to
    retrieve by specifying a version number or `latest` as the ensure
    value. On packaging systems that manage configuration files separately
    from "normal" system files, you can uninstall config files by
    specifying `purged` as the ensure value. This defaults to `installed`.
    Valid values are `present` (also called `installed`), `absent`,
    `purged`, `held`, `latest`. Values can match `/./`.

- **flavor**
    OpenBSD supports 'flavors', which are further specifications for
    which type of package you want.

- **install_options**
    An array of additional options to pass when installing a package. These
    options are package-specific, and should be documented by the software
    vendor.  One commonly implemented option is `INSTALLDIR`:
    package { 'mysql':
          ensure          => installed,
          source          => 'N:/packages/mysql-5.5.16-winx64.msi',
          install_options => [ '/S', { 'INSTALLDIR' => 'C:\mysql-5.5' } ],
        }
    
    Each option in the array can either be a string or a hash, where each
    key and value pair are interpreted in a provider specific way.  Each
    option will automatically be quoted when passed to the install command.
    
    On Windows, this is the **only** place in Puppet where backslash
    separators should be used.  Note that backslashes in double-quoted
    strings _must_ be double-escaped and backslashes in single-quoted
    strings _may_ be double-escaped.



Requires features install_options.

- **instance**
    A read-only parameter set by the package.

- **name**
    The package name.  This is the name that the packaging
    system uses internally, which is sometimes (especially on Solaris)
    a name that is basically useless to humans.  If you want to
    abstract package installation, then you can use aliases to provide
    a common name to packages:
    # In the 'openssl' class
        $ssl = $operatingsystem ? {
          solaris => SMCossl,
          default => openssl
        }
    # It is not an error to set an alias to the same value as the
        # object name.
        package { $ssl:
          ensure => installed,
          alias  => openssl
        }
    . etc. .
    $ssh = $operatingsystem ? {
          solaris => SMCossh,
          default => openssh
        }
    # Use the alias to specify a dependency, rather than
        # having another selector to figure it out again.
        package { $ssh:
          ensure  => installed,
          alias   => openssh,
      require => Package[openssl]
    }


- **package_settings**
    Settings that can change the contents or configuration of a package.
    The formatting and effects of package_settings are provider-specific;
    any
    provider that implements them must explain how to use them in its
    documentation. (Our general expectation is that if a package is
    installed but its settings are out of sync, the provider should
    re-install that package with the desired settings.)
    An example of how package_settings could be used is FreeBSD's port build
    options --- a future version of the provider could accept a hash of
    options,
    and would reinstall the port if the installed version lacked the correct
    settings.
        package { 'www/apache22':
          package_settings => { 'SUEXEC' => false }
        }
    Again, check the documentation of your platform's package provider to
    see
the actual usage.
Requires features package_settings.

- **platform**
    A read-only parameter set by the package.

- **responsefile**
    A file containing any necessary answers to questions asked by
    the package.  This is currently used on Solaris and Debian.  The
    value will be validated according to system rules, but it should
    generally be a fully qualified path.

- **root**
    A read-only parameter set by the package.

- **source**
    Where to find the actual package. This must be a local file
    (or on a network file system) or a URL that your specific
    packaging type understands; Puppet will not retrieve files for you,
    although you can manage packages as `file` resources.

- **status**
    A read-only parameter set by the package.

- **uninstall_options**
    An array of additional options to pass when uninstalling a package.
    These
    options are package-specific, and should be documented by the software
    vendor.  For example:
    package { 'VMware Tools':
          ensure            => absent,
          uninstall_options => [ { 'REMOVE' => 'Sync,VSS' } ],
        }
    
    Each option in the array can either be a string or a hash, where each
    key and value pair are interpreted in a provider specific way.  Each
    option will automatically be quoted when passed to the uninstall
    command.
    
    On Windows, this is the **only** place in Puppet where backslash
    separators should be used.  Note that backslashes in double-quoted
    strings _must_ be double-escaped and backslashes in single-quoted
    strings _may_ be double-escaped.



Requires features uninstall_options.

- **vendor**
    A read-only parameter set by the package.

Providers
---------
    aix, appdmg, apple, apt, aptitude, aptrpm, blastwave, dpkg, fink,
    freebsd, gem, hpux, macports, msi, nim, openbsd, opkg, pacman, pip, pkg,
    pkgdmg, pkgin, pkgutil, portage, ports, portupgrade, rpm, rug, sun,
    sunfreeware, up2date, urpmi, windows, yum, zypper
[root@centos7 ~]# puppet describe -m package  只显示源参数

package
=======
Manage packages.  There is a basic dichotomy in package
support right now:  Some package types (e.g., yum and apt) can
retrieve their own package files, while others (e.g., rpm and sun)
cannot.  For those package formats that cannot retrieve their own files,
you can use the `source` parameter to point to the correct file.
Puppet will automatically guess the packaging format that you are
using based on the platform you are on, but you can override it
using the `provider` parameter; each provider defines what it
requires in order to function, and you must meet those requirements
to use a given provider.
**Autorequires:** If Puppet is managing the files specified as a
package's `adminfile`, `responsefile`, or `source`, the package
resource will autorequire those files.


Parameters
----------

- **adminfile**
    A file containing package defaults for installing packages.
    This is currently only used on Solaris.  The value will be
    validated according to system rules, which in the case of
    Solaris means that it should either be a fully qualified path
    or it should be in `/var/sadm/install/admin`.

- **allow_virtual**
    Specifies if virtual package names are allowed for install and
    uninstall.
    Valid values are `true`, `false`, `yes`, `no`. 
    Requires features virtual_packages.

- **allowcdrom**
    Tells apt to allow cdrom sources in the sources.list file.
    Normally apt will bail if you try this.
    Valid values are `true`, `false`. 

- **category**
    A read-only parameter set by the package.

- **configfiles**
    Whether configfiles should be kept or replaced.  Most packages
    types do not support this parameter. Defaults to `keep`.
    Valid values are `keep`, `replace`. 

- **description**
    A read-only parameter set by the package.

- **ensure**
    What state the package should be in. On packaging systems that can
    retrieve new packages on their own, you can choose which package to
    retrieve by specifying a version number or `latest` as the ensure
    value. On packaging systems that manage configuration files separately
    from "normal" system files, you can uninstall config files by
    specifying `purged` as the ensure value. This defaults to `installed`.
    Valid values are `present` (also called `installed`), `absent`,
    `purged`, `held`, `latest`. Values can match `/./`.

- **flavor**
    OpenBSD supports 'flavors', which are further specifications for
    which type of package you want.

- **install_options**
    An array of additional options to pass when installing a package. These
    options are package-specific, and should be documented by the software
    vendor.  One commonly implemented option is `INSTALLDIR`:
    package { 'mysql':
          ensure          => installed,
          source          => 'N:/packages/mysql-5.5.16-winx64.msi',
          install_options => [ '/S', { 'INSTALLDIR' => 'C:\mysql-5.5' } ],
        }
    
    Each option in the array can either be a string or a hash, where each
    key and value pair are interpreted in a provider specific way.  Each
    option will automatically be quoted when passed to the install command.
    
    On Windows, this is the **only** place in Puppet where backslash
    separators should be used.  Note that backslashes in double-quoted
    strings _must_ be double-escaped and backslashes in single-quoted
    strings _may_ be double-escaped.



Requires features install_options.

- **instance**
    A read-only parameter set by the package.

- **name**
    The package name.  This is the name that the packaging
    system uses internally, which is sometimes (especially on Solaris)
    a name that is basically useless to humans.  If you want to
    abstract package installation, then you can use aliases to provide
    a common name to packages:
    # In the 'openssl' class
        $ssl = $operatingsystem ? {
          solaris => SMCossl,
          default => openssl
        }
    # It is not an error to set an alias to the same value as the
        # object name.
        package { $ssl:
          ensure => installed,
          alias  => openssl
        }
    . etc. .
    $ssh = $operatingsystem ? {
          solaris => SMCossh,
          default => openssh
        }
    # Use the alias to specify a dependency, rather than
        # having another selector to figure it out again.
        package { $ssh:
          ensure  => installed,
          alias   => openssh,
      require => Package[openssl]
    }


- **package_settings**
    Settings that can change the contents or configuration of a package.
    The formatting and effects of package_settings are provider-specific;
    any
    provider that implements them must explain how to use them in its
    documentation. (Our general expectation is that if a package is
    installed but its settings are out of sync, the provider should
    re-install that package with the desired settings.)
    An example of how package_settings could be used is FreeBSD's port build
    options --- a future version of the provider could accept a hash of
    options,
    and would reinstall the port if the installed version lacked the correct
    settings.
        package { 'www/apache22':
          package_settings => { 'SUEXEC' => false }
        }
    Again, check the documentation of your platform's package provider to
    see
the actual usage.
Requires features package_settings.

- **platform**
    A read-only parameter set by the package.

- **responsefile**
    A file containing any necessary answers to questions asked by
    the package.  This is currently used on Solaris and Debian.  The
    value will be validated according to system rules, but it should
    generally be a fully qualified path.

- **root**
    A read-only parameter set by the package.

- **source**
    Where to find the actual package. This must be a local file
    (or on a network file system) or a URL that your specific
    packaging type understands; Puppet will not retrieve files for you,
    although you can manage packages as `file` resources.

- **status**
    A read-only parameter set by the package.

- **uninstall_options**
    An array of additional options to pass when uninstalling a package.
    These
    options are package-specific, and should be documented by the software
    vendor.  For example:
    package { 'VMware Tools':
          ensure            => absent,
          uninstall_options => [ { 'REMOVE' => 'Sync,VSS' } ],
        }
    
    Each option in the array can either be a string or a hash, where each
    key and value pair are interpreted in a provider specific way.  Each
    option will automatically be quoted when passed to the uninstall
    command.
    
    On Windows, this is the **only** place in Puppet where backslash
    separators should be used.  Note that backslashes in double-quoted
    strings _must_ be double-escaped and backslashes in single-quoted
    strings _may_ be double-escaped.



Requires features uninstall_options.

- **vendor**
    A read-only parameter set by the package.

Meta Parameters
---------------

- **alias**
    Creates an alias for the resource.  Puppet uses this internally when you
    provide a symbolic title and an explicit namevar value:
    file { 'sshdconfig':
          path => $operatingsystem ? {
            solaris => '/usr/local/etc/ssh/sshd_config',
            default => '/etc/ssh/sshd_config',
          },
          source => '...'
        }
    service { 'sshd':
          subscribe => File['sshdconfig'],
        }
    
    When you use this feature, the parser sets `sshdconfig` as the title,
    and the library sets that as an alias for the file so the dependency
    lookup in `Service['sshd']` works.  You can use this metaparameter
    yourself,
    but note that aliases generally only work for creating relationships;
    anything
    else that refers to an existing resource (such as amending or overriding
    resource attributes in an inherited class) must use the resource's exact
    title. For example, the following code will not work:
    file { '/etc/ssh/sshd_config':
          owner => root,
          group => root,
          alias => 'sshdconfig',
        }
    File['sshdconfig'] {
          mode => 644,
        }
    
    There's no way here for the Puppet parser to know that these two stanzas
    should be affecting the same file.


- **audit**
    Marks a subset of this resource's unmanaged attributes for auditing.
    Accepts an
    attribute name, an array of attribute names, or `all`.
    Auditing a resource attribute has two effects: First, whenever a catalog
    is applied with puppet apply or puppet agent, Puppet will check whether
    that attribute of the resource has been modified, comparing its current
    value to the previous run; any change will be logged alongside any
    actions
    performed by Puppet while applying the catalog.
    Secondly, marking a resource attribute for auditing will include that
    attribute in inspection reports generated by puppet inspect; see the
    puppet inspect documentation for more details.
    Managed attributes for a resource can also be audited, but note that
    changes made by Puppet will be logged as additional modifications. (I.e.
    if a user manually edits a file whose contents are audited and managed,
    puppet agent's next two runs will both log an audit notice: the first
    run
    will log the user's edit and then revert the file to the desired state,
    and the second run will log the edit made by Puppet.)

- **before**
    One or more resources that depend on this resource, expressed as
    [resource
    Multiple resources can be specified as an array of references. When this
    ypes.html#resource-references).
    Multiple resources can be specified as an array of references. When this
    attribute is present:
    * This resource will be applied _before_ the dependent resource(s).
    This is one of the four relationship metaparameters, along with
    `require`, `notify`, and `subscribe`. For more context, including the
    alternate chaining arrow (`->` and `~>`) syntax, see
    [the language page on
    relationships](http://docs.puppetlabs.com/puppet/latest/reference/lang_r
    elationships.html).

- **loglevel**
    Sets the level that information will be logged.
    The log levels have the biggest impact when logs are sent to
    syslog (which is currently the default).
    Valid values are `debug`, `info`, `notice`, `warning`, `err`, `alert`,
    `emerg`, `crit`, `verbose`. 

- **noop**
    Whether to apply this resource in noop mode.
    When applying a resource in noop mode, Puppet will check whether it is
    in sync,
    like it does when running normally. However, if a resource attribute is
    not in
    the desired state (as declared in the catalog), Puppet will take no
    action, and will instead report the changes it _would_ have made. These
    simulated changes will appear in the report sent to the puppet master,
    or
    be shown on the console if running puppet agent or puppet apply in the
    foreground. The simulated changes will not send refresh events to any
    subscribing or notified resources, although Puppet will log that a
    refresh
    event _would_ have been sent.
    **Important note:**
    [The `noop`
    allows you to globally enable or disable noop mode, but it will _not_
    ml#noop)
    allows you to globally enable or disable noop mode, but it will _not_
    override
    the `noop` metaparameter on individual resources. That is, the value of
    the
    global `noop` setting will _only_ affect resources that do not have an
    explicit
    value set for their `noop` attribute.
Valid values are `true`, `false`. 

- **notify**
    One or more resources that depend on this resource, expressed as
    [resource
    Multiple resources can be specified as an array of references. When this
    ypes.html#resource-references).
    Multiple resources can be specified as an array of references. When this
    attribute is present:
    * This resource will be applied _before_ the notified resource(s).
    * If Puppet makes changes to this resource, it will cause all of the
      notified resources to _refresh._ (Refresh behavior varies by resource
      type: services will restart, mounts will unmount and re-mount, etc.
    Not
      all types can refresh.)
    This is one of the four relationship metaparameters, along with
    `before`, `require`, and `subscribe`. For more context, including the
    alternate chaining arrow (`->` and `~>`) syntax, see
    [the language page on
    relationships](http://docs.puppetlabs.com/puppet/latest/reference/lang_r
    elationships.html).

- **require**
    One or more resources that this resource depends on, expressed as
    [resource
    Multiple resources can be specified as an array of references. When this
    ypes.html#resource-references).
    Multiple resources can be specified as an array of references. When this
    attribute is present:
    * The required resource(s) will be applied **before** this resource.
    This is one of the four relationship metaparameters, along with
    `before`, `notify`, and `subscribe`. For more context, including the
    alternate chaining arrow (`->` and `~>`) syntax, see
    [the language page on
    relationships](http://docs.puppetlabs.com/puppet/latest/reference/lang_r
    elationships.html).

- **schedule**
    A schedule to govern when Puppet is allowed to manage this resource.
    The value of this metaparameter must be the `name` of a `schedule`
    resource. This means you must declare a schedule resource, then
    refer to it by name; see
    [the docs for the `schedule`
    type](http://docs.puppetlabs.com/references/latest/type.html#schedule)
    for more info.
    schedule { 'everyday':
          period => daily,
          range  => "2-4"
        }
    exec { "/usr/bin/apt-get update":
          schedule => 'everyday'
        }
    
    Note that you can declare the schedule resource anywhere in your
    manifests, as long as it ends up in the final compiled catalog.


- **stage**
    Which run stage this class should reside in.
    **Note: This metaparameter can only be used on classes,** and only when
    declaring them with the resource-like syntax. It cannot be used on
    normal
    resources or on classes declared with `include`.
    By default, all classes are declared in the `main` stage. To assign a
    class
    to a different stage, you must:
    * Declare the new stage as a [`stage`
    resource](http://docs.puppetlabs.com/references/latest/type.html#stage).
    * Declare an order relationship between the new stage and the `main`
    stage.
    * Use the resource-like syntax to declare the class, and set the `stage`
      metaparameter to the name of the desired stage.
    For example:
        stage { 'pre':
          before => Stage['main'],
        }
    class { 'apt-updates':
      stage => 'pre',
    }

- **subscribe**
    One or more resources that this resource depends on, expressed as
    [resource
    Multiple resources can be specified as an array of references. When this
    ypes.html#resource-references).
    Multiple resources can be specified as an array of references. When this
    attribute is present:
    * The subscribed resource(s) will be applied _before_ this resource.
    * If Puppet makes changes to any of the subscribed resources, it will
    cause
      this resource to _refresh._ (Refresh behavior varies by resource
      type: services will restart, mounts will unmount and re-mount, etc.
    Not
      all types can refresh.)
    This is one of the four relationship metaparameters, along with
    `before`, `require`, and `notify`. For more context, including the
    alternate chaining arrow (`->` and `~>`) syntax, see
    [the language page on
    relationships](http://docs.puppetlabs.com/puppet/latest/reference/lang_r
    elationships.html).

- **tag**
    Add the specified tags to the associated resource.  While all resources
    are automatically tagged with as much information as possible
    (e.g., each class and definition containing the resource), it can
    be useful to add your own tags to a given resource.
    Multiple tags can be specified as an array:
        file {'/etc/hosts':
          ensure => file,
          source => 'puppet:///modules/site/hosts',
          mode   => 0644,
          tag    => ['bootstrap', 'minimumrun', 'mediumrun'],
        }
    Tags are useful for things like applying a subset of a host's
    configuration
    with [the `tags` setting](/references/latest/configuration.html#tags)
    (e.g. `puppet agent --test --tags bootstrap`) or filtering alerts with
    [the `tagmail` report
    processor](http://docs.puppetlabs.com/references/latest/report.html#tagm
    ail).

Providers
---------
    aix, appdmg, apple, apt, aptitude, aptrpm, blastwave, dpkg, fink,
    freebsd, gem, hpux, macports, msi, nim, openbsd, opkg, pacman, pip, pkg,
    pkgdmg, pkgin, pkgutil, portage, ports, portupgrade, rpm, rug, sun,
    sunfreeware, up2date, urpmi, windows, yum, zypper

资源的定义之组的管理

[root@centos7 ~]# puppet describe group

group
=====
Manage groups. On most platforms this can only create groups.
Group membership must be managed on individual users.
On some platforms such as OS X, group membership is managed as an
attribute of the group, not the user record. Providers must have
the feature 'manages_members' to manage the 'members' property of
a group record.


Parameters
----------

- **allowdupe**
    Whether to allow duplicate GIDs. Defaults to `false`.
    Valid values are `true`, `false`, `yes`, `no`. 

- **attribute_membership**
    Whether specified attribute value pairs should be treated as the only
    attributes
    of the user or whether they should merely
    be treated as the minimum list.
    Valid values are `inclusive`, `minimum`. 

- **attributes**
    Specify group AIX attributes in an array of `key=value` pairs.
    Requires features manages_aix_lam.

- **auth_membership**
    whether the provider is authoritative for group membership.

- **ensure**
    Create or remove the group.
Valid values are `present`, `absent`. 

- **forcelocal**
    Forces the mangement of local accounts when accounts are also
    being managed by some other NSS
    Valid values are `true`, `false`, `yes`, `no`. 
    Requires features libuser.

- **gid**
    The group ID.  Must be specified numerically.  If no group ID is
    specified when creating a new group, then one will be chosen
    automatically according to local system standards. This will likely
    result in the same group having different GIDs on different systems,
    which is not recommended.
    On Windows, this property is read-only and will return the group's
    security
identifier (SID).

- **ia_load_module**
    The name of the I&A module to use to manage this user
    Requires features manages_aix_lam.

- **members**
    The members of the group. For directory services where group
    membership is stored in the group objects, not the users.
    Requires features manages_members.

- **name**
    The group name. While naming limitations vary by operating system,
    it is advisable to restrict names to the lowest common denominator,
    which is a maximum of 8 characters beginning with a letter.
    Note that Puppet considers group names to be case-sensitive, regardless
    of the platform's own rules; be sure to always use the same case when
    referring to a given group.

- **system**
    Whether the group is a system group with lower GID.
    Valid values are `true`, `false`, `yes`, `no`. 

Providers
---------
    aix, directoryservice, groupadd, ldap, pw, windows_adsi
资源定义的要素
资源定义:向资源类型的属性赋值来实现,可称为资源类型实例化;
                定义了资源实例的文件即清单,manifest;
                
                定义资源的语法:
                    type {'title':
                        attribute1  => value1,
                        atrribute2  => value2,
                        ……
                    }
                    
                注意:type必须使用小写字符;title是一个字符串,在同一类型中必须惟一;
                
            资源属性中的三个特殊属性:
                Namevar, 可简称为name;
                ensure:资源的目标状态; 
                Provider:指明资源的管理接口;
资源类型之group组的定义
    group:
                    Manage groups.
                    
                    属性:
                        name:组名;
                        gid:GID;
                        system:是否为系统组,true OR false;
                        ensure:目标状态,present/absent;
                        members:成员用户;
                        
[root@centos7 ~]# vim chenxi.pp   定义一个资源

group{'cx':
        ensure => present,
}

[root@centos7 ~]# puppet help apply  查看运行帮助

puppet-apply(8) -- Apply Puppet manifests locally
========

SYNOPSIS
--------
Applies a standalone Puppet manifest to the local system.


USAGE
-----
puppet apply [-h|--help] [-V|--version] [-d|--debug] [-v|--verbose]
  [-e|--execute] [--detailed-exitcodes] [-l|--logdest <file>] [--noop]
  [--catalog <catalog>] [--write-catalog-summary] <file>


DESCRIPTION
-----------
This is the standalone puppet execution tool; use it to apply
individual manifests.

When provided with a modulepath, via command line or config file, puppet
apply can effectively mimic the catalog that would be served by puppet
master with access to the same modules, although there are some subtle
differences. When combined with scheduling and an automated system for
pushing manifests, this can be used to implement a serverless Puppet
site.

Most users should use 'puppet agent' and 'puppet master' for site-wide
manifests.


OPTIONS
-------
Note that any setting that's valid in the configuration
file is also a valid long argument. For example, 'tags' is a
valid setting, so you can specify '--tags <class>,<tag>'
as an argument.

See the configuration file documentation at
http://docs.puppetlabs.com/references/stable/configuration.html for the
full list of acceptable parameters. A commented list of all
configuration options can also be generated by running puppet with
'--genconfig'.

* --debug:
  Enable full debugging.

* --detailed-exitcodes:
  Provide transaction information via exit codes. If this is enabled, an exit
  code of '2' means there were changes, an exit code of '4' means there were
  failures during the transaction, and an exit code of '6' means there were both
  changes and failures.

* --help:
  Print this help message

* --loadclasses:
  Load any stored classes. 'puppet agent' caches configured classes
  (usually at /etc/puppet/classes.txt), and setting this option causes
  all of those classes to be set in your puppet manifest.

* --logdest:
  Where to send messages. Choose between syslog, the console, and a log
  file. Defaults to sending messages to the console.

* --noop:
  Use 'noop' mode where Puppet runs in a no-op or dry-run mode. This
  is useful for seeing what changes Puppet will make without actually
  executing the changes.

* --execute:
  Execute a specific piece of Puppet code

* --test:
  Enable the most common options used for testing. These are 'verbose',
  'detailed-exitcodes' and 'show_diff'.

* --verbose:
  Print extra information.

* --catalog:
  Apply a JSON catalog (such as one generated with 'puppet master --compile'). You can
  either specify a JSON file or pipe in JSON from standard input.

* --write-catalog-summary
  After compiling the catalog saves the resource list and classes list to the node
  in the state directory named classes.txt and resources.txt

EXAMPLE
-------
    $ puppet apply -l /tmp/manifest.log manifest.pp
    $ puppet apply --modulepath=/root/dev/modules -e "include ntpd::server"
    $ puppet apply --catalog catalog.json


AUTHOR
------
Luke Kanies


COPYRIGHT
---------
Copyright (c) 2011 Puppet Labs, LLC Licensed under the Apache 2.0 License
[root@centos7 ~]# puppet apply -v -d --noop chenxi.pp   干跑输出调试等信息及过程
Notice: Compiled catalog for centos7.3-chenxi3 in environment production in 0.13 seconds
Debug: Puppet::Type::Group::ProviderDirectoryservice: file /usr/bin/dscl does not exist
Debug: Failed to load library 'ldap' for feature 'ldap'
Debug: Puppet::Type::Group::ProviderLdap: feature ldap is missing
Debug: Puppet::Type::Group::ProviderPw: file pw does not exist
Debug: Creating default schedules
Debug: Using settings: adding file resource 'confdir': 'File[/etc/puppet]{:path=>"/etc/puppet", :ensure=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false
}'Debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/dsimport does not exist
Debug: Failed to load library 'ldap' for feature 'ldap'
Debug: Puppet::Type::User::ProviderLdap: feature ldap is missing
Debug: Puppet::Type::User::ProviderPw: file pw does not exist
Debug: Puppet::Type::User::ProviderUser_role_add: file roleadd does not exist
Debug: Using settings: adding file resource 'vardir': 'File[/var/lib/puppet]{:path=>"/var/lib/puppet", :owner=>"puppet", :group=>"puppet", :ensure=>:directory, :loglev
el=>:debug, :links=>:follow, :backup=>false}'Debug: Using settings: adding file resource 'logdir': 'File[/var/log/puppet]{:path=>"/var/log/puppet", :mode=>"750", :owner=>"puppet", :group=>"puppet", :ensure=>:dire
ctory, :loglevel=>:debug, :links=>:follow, :backup=>false}'Debug: Using settings: adding file resource 'statedir': 'File[/var/lib/puppet/state]{:path=>"/var/lib/puppet/state", :mode=>"1755", :ensure=>:directory, :loglevel=>:de
bug, :links=>:follow, :backup=>false}'Debug: Using settings: adding file resource 'rundir': 'File[/var/run/puppet]{:path=>"/var/run/puppet", :mode=>"755", :owner=>"puppet", :group=>"puppet", :ensure=>:dire
ctory, :loglevel=>:debug, :links=>:follow, :backup=>false}'Debug: Using settings: adding file resource 'libdir': 'File[/var/lib/puppet/lib]{:path=>"/var/lib/puppet/lib", :ensure=>:directory, :loglevel=>:debug, :links=>:follow,
 :backup=>false}'Debug: Using settings: adding file resource 'certdir': 'File[/var/lib/puppet/ssl/certs]{:path=>"/var/lib/puppet/ssl/certs", :mode=>"755", :owner=>"puppet", :group=>"pu
ppet", :ensure=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false}'Debug: Using settings: adding file resource 'ssldir': 'File[/var/lib/puppet/ssl]{:path=>"/var/lib/puppet/ssl", :mode=>"771", :owner=>"puppet", :group=>"puppet", :ensur
e=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false}'Debug: Using settings: adding file resource 'publickeydir': 'File[/var/lib/puppet/ssl/public_keys]{:path=>"/var/lib/puppet/ssl/public_keys", :mode=>"755", :owner=>"pup
pet", :group=>"puppet", :ensure=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false}'Debug: Using settings: adding file resource 'requestdir': 'File[/var/lib/puppet/ssl/certificate_requests]{:path=>"/var/lib/puppet/ssl/certificate_requests", :mode=>"75
5", :owner=>"puppet", :group=>"puppet", :ensure=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false}'Debug: Using settings: adding file resource 'privatekeydir': 'File[/var/lib/puppet/ssl/private_keys]{:path=>"/var/lib/puppet/ssl/private_keys", :mode=>"750", :owner=>"
puppet", :group=>"puppet", :ensure=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false}'Debug: Using settings: adding file resource 'privatedir': 'File[/var/lib/puppet/ssl/private]{:path=>"/var/lib/puppet/ssl/private", :mode=>"750", :owner=>"puppet", :gro
up=>"puppet", :ensure=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false}'Debug: Using settings: adding file resource 'clientyamldir': 'File[/var/lib/puppet/client_yaml]{:path=>"/var/lib/puppet/client_yaml", :mode=>"750", :ensure=>:directory
, :loglevel=>:debug, :links=>:follow, :backup=>false}'Debug: Using settings: adding file resource 'client_datadir': 'File[/var/lib/puppet/client_data]{:path=>"/var/lib/puppet/client_data", :mode=>"750", :ensure=>:director
y, :loglevel=>:debug, :links=>:follow, :backup=>false}'Debug: Using settings: adding file resource 'clientbucketdir': 'File[/var/lib/puppet/clientbucket]{:path=>"/var/lib/puppet/clientbucket", :mode=>"750", :ensure=>:direc
tory, :loglevel=>:debug, :links=>:follow, :backup=>false}'Debug: Using settings: adding file resource 'graphdir': 'File[/var/lib/puppet/state/graphs]{:path=>"/var/lib/puppet/state/graphs", :ensure=>:directory, :loglevel=>:deb
ug, :links=>:follow, :backup=>false}'Debug: Using settings: adding file resource 'pluginfactdest': 'File[/var/lib/puppet/facts.d]{:path=>"/var/lib/puppet/facts.d", :ensure=>:directory, :loglevel=>:debug, 
:links=>:follow, :backup=>false}'Debug: /File[/etc/puppet]/seluser: Found seluser default 'system_u' for /etc/puppet
Debug: /File[/etc/puppet]/selrole: Found selrole default 'object_r' for /etc/puppet
Debug: /File[/etc/puppet]/seltype: Found seltype default 'puppet_etc_t' for /etc/puppet
Debug: /File[/etc/puppet]/selrange: Found selrange default 's0' for /etc/puppet
Debug: /File[/var/lib/puppet]/seluser: Found seluser default 'system_u' for /var/lib/puppet
Debug: /File[/var/lib/puppet]/selrole: Found selrole default 'object_r' for /var/lib/puppet
Debug: /File[/var/lib/puppet]/seltype: Found seltype default 'puppet_var_lib_t' for /var/lib/puppet
Debug: /File[/var/lib/puppet]/selrange: Found selrange default 's0' for /var/lib/puppet
Debug: /File[/var/log/puppet]/seluser: Found seluser default 'system_u' for /var/log/puppet
Debug: /File[/var/log/puppet]/selrole: Found selrole default 'object_r' for /var/log/puppet
Debug: /File[/var/log/puppet]/seltype: Found seltype default 'puppet_log_t' for /var/log/puppet
Debug: /File[/var/log/puppet]/selrange: Found selrange default 's0' for /var/log/puppet
Debug: /File[/var/lib/puppet/state]/seluser: Found seluser default 'system_u' for /var/lib/puppet/state
Debug: /File[/var/lib/puppet/state]/selrole: Found selrole default 'object_r' for /var/lib/puppet/state
Debug: /File[/var/lib/puppet/state]/seltype: Found seltype default 'puppet_var_lib_t' for /var/lib/puppet/state
Debug: /File[/var/lib/puppet/state]/selrange: Found selrange default 's0' for /var/lib/puppet/state
Debug: /File[/var/run/puppet]/seluser: Found seluser default 'system_u' for /var/run/puppet
Debug: /File[/var/run/puppet]/selrole: Found selrole default 'object_r' for /var/run/puppet
Debug: /File[/var/run/puppet]/seltype: Found seltype default 'puppet_var_run_t' for /var/run/puppet
Debug: /File[/var/run/puppet]/selrange: Found selrange default 's0' for /var/run/puppet
Debug: /File[/var/lib/puppet/lib]/seluser: Found seluser default 'system_u' for /var/lib/puppet/lib
Debug: /File[/var/lib/puppet/lib]/selrole: Found selrole default 'object_r' for /var/lib/puppet/lib
Debug: /File[/var/lib/puppet/lib]/seltype: Found seltype default 'puppet_var_lib_t' for /var/lib/puppet/lib
Debug: /File[/var/lib/puppet/lib]/selrange: Found selrange default 's0' for /var/lib/puppet/lib
Debug: /File[/var/lib/puppet/ssl/certs]/seluser: Found seluser default 'system_u' for /var/lib/puppet/ssl/certs
Debug: /File[/var/lib/puppet/ssl/certs]/selrole: Found selrole default 'object_r' for /var/lib/puppet/ssl/certs
Debug: /File[/var/lib/puppet/ssl/certs]/seltype: Found seltype default 'puppet_var_lib_t' for /var/lib/puppet/ssl/certs
Debug: /File[/var/lib/puppet/ssl/certs]/selrange: Found selrange default 's0' for /var/lib/puppet/ssl/certs
Debug: /File[/var/lib/puppet/ssl]/seluser: Found seluser default 'system_u' for /var/lib/puppet/ssl
Debug: /File[/var/lib/puppet/ssl]/selrole: Found selrole default 'object_r' for /var/lib/puppet/ssl
Debug: /File[/var/lib/puppet/ssl]/seltype: Found seltype default 'puppet_var_lib_t' for /var/lib/puppet/ssl
Debug: /File[/var/lib/puppet/ssl]/selrange: Found selrange default 's0' for /var/lib/puppet/ssl
Debug: /File[/var/lib/puppet/ssl/public_keys]/seluser: Found seluser default 'system_u' for /var/lib/puppet/ssl/public_keys
Debug: /File[/var/lib/puppet/ssl/public_keys]/selrole: Found selrole default 'object_r' for /var/lib/puppet/ssl/public_keys
Debug: /File[/var/lib/puppet/ssl/public_keys]/seltype: Found seltype default 'puppet_var_lib_t' for /var/lib/puppet/ssl/public_keys
Debug: /File[/var/lib/puppet/ssl/public_keys]/selrange: Found selrange default 's0' for /var/lib/puppet/ssl/public_keys
Debug: /File[/var/lib/puppet/ssl/certificate_requests]/seluser: Found seluser default 'system_u' for /var/lib/puppet/ssl/certificate_requests
Debug: /File[/var/lib/puppet/ssl/certificate_requests]/selrole: Found selrole default 'object_r' for /var/lib/puppet/ssl/certificate_requests
Debug: /File[/var/lib/puppet/ssl/certificate_requests]/seltype: Found seltype default 'puppet_var_lib_t' for /var/lib/puppet/ssl/certificate_requests
Debug: /File[/var/lib/puppet/ssl/certificate_requests]/selrange: Found selrange default 's0' for /var/lib/puppet/ssl/certificate_requests
Debug: /File[/var/lib/puppet/ssl/private_keys]/seluser: Found seluser default 'system_u' for /var/lib/puppet/ssl/private_keys
Debug: /File[/var/lib/puppet/ssl/private_keys]/selrole: Found selrole default 'object_r' for /var/lib/puppet/ssl/private_keys
Debug: /File[/var/lib/puppet/ssl/private_keys]/seltype: Found seltype default 'puppet_var_lib_t' for /var/lib/puppet/ssl/private_keys
Debug: /File[/var/lib/puppet/ssl/private_keys]/selrange: Found selrange default 's0' for /var/lib/puppet/ssl/private_keys
Debug: /File[/var/lib/puppet/ssl/private]/seluser: Found seluser default 'system_u' for /var/lib/puppet/ssl/private
Debug: /File[/var/lib/puppet/ssl/private]/selrole: Found selrole default 'object_r' for /var/lib/puppet/ssl/private
Debug: /File[/var/lib/puppet/ssl/private]/seltype: Found seltype default 'puppet_var_lib_t' for /var/lib/puppet/ssl/private
Debug: /File[/var/lib/puppet/ssl/private]/selrange: Found selrange default 's0' for /var/lib/puppet/ssl/private
Debug: /File[/var/lib/puppet/client_yaml]/seluser: Found seluser default 'system_u' for /var/lib/puppet/client_yaml
Debug: /File[/var/lib/puppet/client_yaml]/selrole: Found selrole default 'object_r' for /var/lib/puppet/client_yaml
Debug: /File[/var/lib/puppet/client_yaml]/seltype: Found seltype default 'puppet_var_lib_t' for /var/lib/puppet/client_yaml
Debug: /File[/var/lib/puppet/client_yaml]/selrange: Found selrange default 's0' for /var/lib/puppet/client_yaml
Debug: /File[/var/lib/puppet/client_data]/seluser: Found seluser default 'system_u' for /var/lib/puppet/client_data
Debug: /File[/var/lib/puppet/client_data]/selrole: Found selrole default 'object_r' for /var/lib/puppet/client_data
Debug: /File[/var/lib/puppet/client_data]/seltype: Found seltype default 'puppet_var_lib_t' for /var/lib/puppet/client_data
Debug: /File[/var/lib/puppet/client_data]/selrange: Found selrange default 's0' for /var/lib/puppet/client_data
Debug: /File[/var/lib/puppet/clientbucket]/seluser: Found seluser default 'system_u' for /var/lib/puppet/clientbucket
Debug: /File[/var/lib/puppet/clientbucket]/selrole: Found selrole default 'object_r' for /var/lib/puppet/clientbucket
Debug: /File[/var/lib/puppet/clientbucket]/seltype: Found seltype default 'puppet_var_lib_t' for /var/lib/puppet/clientbucket
Debug: /File[/var/lib/puppet/clientbucket]/selrange: Found selrange default 's0' for /var/lib/puppet/clientbucket
Debug: /File[/var/lib/puppet/state/graphs]/seluser: Found seluser default 'system_u' for /var/lib/puppet/state/graphs
Debug: /File[/var/lib/puppet/state/graphs]/selrole: Found selrole default 'object_r' for /var/lib/puppet/state/graphs
Debug: /File[/var/lib/puppet/state/graphs]/seltype: Found seltype default 'puppet_var_lib_t' for /var/lib/puppet/state/graphs
Debug: /File[/var/lib/puppet/state/graphs]/selrange: Found selrange default 's0' for /var/lib/puppet/state/graphs
Debug: /File[/var/lib/puppet/facts.d]/seluser: Found seluser default 'system_u' for /var/lib/puppet/facts.d
Debug: /File[/var/lib/puppet/facts.d]/selrole: Found selrole default 'object_r' for /var/lib/puppet/facts.d
Debug: /File[/var/lib/puppet/facts.d]/seltype: Found seltype default 'puppet_var_lib_t' for /var/lib/puppet/facts.d
Debug: /File[/var/lib/puppet/facts.d]/selrange: Found selrange default 's0' for /var/lib/puppet/facts.d
Debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/puppet]
Debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet]
Debug: /File[/var/lib/puppet/ssl/certs]: Autorequiring File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/ssl]: Autorequiring File[/var/lib/puppet]
Debug: /File[/var/lib/puppet/ssl/public_keys]: Autorequiring File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/ssl/certificate_requests]: Autorequiring File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/ssl/private_keys]: Autorequiring File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/ssl/private]: Autorequiring File[/var/lib/puppet/ssl]
Debug: /File[/var/lib/puppet/client_yaml]: Autorequiring File[/var/lib/puppet]
Debug: /File[/var/lib/puppet/client_data]: Autorequiring File[/var/lib/puppet]
Debug: /File[/var/lib/puppet/clientbucket]: Autorequiring File[/var/lib/puppet]
Debug: /File[/var/lib/puppet/state/graphs]: Autorequiring File[/var/lib/puppet/state]
Debug: /File[/var/lib/puppet/facts.d]: Autorequiring File[/var/lib/puppet]
Debug: /File[/var/lib/puppet/facts.d]/ensure: created
Debug: /File[/var/lib/puppet/ssl]/ensure: created
Debug: /File[/var/lib/puppet/ssl/private_keys]/ensure: created
Debug: /File[/var/lib/puppet/ssl/public_keys]/ensure: created
Debug: /File[/var/lib/puppet/ssl/certs]/ensure: created
Debug: /File[/var/lib/puppet/client_data]/ensure: created
Debug: /File[/var/lib/puppet/state]/ensure: created
Debug: /File[/var/lib/puppet/state/graphs]/ensure: created
Debug: /File[/var/lib/puppet/client_yaml]/ensure: created
Debug: /File[/var/lib/puppet/ssl/private]/ensure: created
Debug: /File[/var/lib/puppet/lib]/ensure: created
Debug: /File[/var/lib/puppet/clientbucket]/ensure: created
Debug: /File[/var/lib/puppet/ssl/certificate_requests]/ensure: created
Debug: Finishing transaction 21958000
Info: Applying configuration version '1506249736'
Notice: /Stage[main]/Main/Group[cx]/ensure: current_value absent, should be present (noop)
Debug: /Stage[main]/Main/Group[cx]: The container Class[Main] will propagate my refresh event
Notice: Class[Main]: Would have triggered 'refresh' from 1 events
Debug: Class[Main]: The container Stage[main] will propagate my refresh event
Notice: Stage[main]: Would have triggered 'refresh' from 1 events
Debug: Finishing transaction 27457800
Debug: Storing state
Info: Creating state file /var/lib/puppet/state/state.yaml
Debug: Stored state in 0.05 seconds
Notice: Finished catalog run in 0.08 seconds
Debug: Using settings: adding file resource 'rrddir': 'File[/var/lib/puppet/rrd]{:path=>"/var/lib/puppet/rrd", :mode=>"750", :owner=>"puppet", :group=>"puppet", :ensur
e=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false}'Debug: /File[/var/lib/puppet/rrd]/seluser: Found seluser default 'system_u' for /var/lib/puppet/rrd
Debug: /File[/var/lib/puppet/rrd]/selrole: Found selrole default 'object_r' for /var/lib/puppet/rrd
Debug: /File[/var/lib/puppet/rrd]/seltype: Found seltype default 'puppet_var_lib_t' for /var/lib/puppet/rrd
Debug: /File[/var/lib/puppet/rrd]/selrange: Found selrange default 's0' for /var/lib/puppet/rrd
Debug: /File[/var/lib/puppet/rrd]/ensure: created
Debug: Finishing transaction 25919000
Debug: Received report to process from centos7.3-chenxi3
Debug: Processing report from centos7.3-chenxi3 with processor Puppet::Reports::Store
[root@centos7 ~]# puppet apply -v --noop chenxi.pp   干跑并输出详细信息
Notice: Compiled catalog for centos7.3-chenxi3 in environment production in 0.11 seconds
Info: Applying configuration version '1506250001'
Notice: /Stage[main]/Main/Group[cx]/ensure: current_value absent, should be present (noop)
Notice: Class[Main]: Would have triggered 'refresh' from 1 events
Notice: Stage[main]: Would have triggered 'refresh' from 1 events
Notice: Finished catalog run in 0.04 seconds
[root@centos7 ~]# puppet apply -v chenxi.pp    正正运行并创建组
Notice: Compiled catalog for centos7.3-chenxi3 in environment production in 0.12 seconds
Info: Applying configuration version '1506250371'
Notice: /Stage[main]/Main/Group[cx]/ensure: created
Notice: Finished catalog run in 0.16 seconds
[root@centos7 ~]# tail /etc/group
postdrop:x:90:
postfix:x:89:
ntp:x:38:
stapusr:x:156:
stapsys:x:157:
stapdev:x:158:
tcpdump:x:72:
chenxi:x:1000:
puppet:x:52:
cx:x:1001:  创建成功组

相关文章

网友评论

      本文标题:puppet自动化介绍及资源之用户组的定义

      本文链接:https://www.haomeiwen.com/subject/noyhextx.html