轉載：http://blog.51cto.com/ywzhou/1577335
作用：自動為客戶端配置YUM源，為使用yum安裝軟件包提供便捷。

1、服務端配置yum模塊

（1）模塊清單

[root@puppet ~]# tree /etc/puppet/modules/yum/
/etc/puppet/modules/yum/
├── files
│ ├── yum.conf
│ └── RPM-GPG-KEY-CentOS-6
├── manifests
│ ├── config.pp
│ ├── init.pp
│ ├── install.pp
│ └── params.pp
└── templates
說明：這里只針對centos 6.5版本測試，其他的可以此類推，需要注意的就是本地源的光盤加載問題（見測試環節）

（2）定義參數類

[root@puppet ~]# vi /etc/puppet/modules/yum/manifests/params.pp
class yum::params {
case yum_centos_descr = 'centos base rpm packages' #本地倉庫描述信息
yum_centos_pki = 'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6' #YUMREPO文件中指定PKI文件路徑
yum_centos_pki_download = 'puppet:///modules/yum/RPM-GPG-KEY-CentOS-6'
yum_puppet_baseurl = 'http://yum.puppetlabs.com/el/6/products/yum_163_descr = '163 rpm packages for centos' #163倉庫描述信息
releasever/contrib/{::operatingsystem}") #6.5版本以外的會提示不支持，如有5.5、5.4這樣的版本可按參考6.5進行參數定義
}
}
}
注意：PKI文件RPM-GPG-KEY-CentOS-6是光盤中的存在的，系統不一樣，名稱也不一樣，需要確認。

說明：變量$operatingsystemrelease是通過facter獲取計算機的信息的，運行下面的命令可查看計算機相關信息：

[root@puppet ~]# facter | grep operatingsystemrelease
operatingsystemrelease => 6.5
（3）定義安裝類

[root@puppet ~]# vi /etc/puppet/modules/yum/manifests/install.pp
class yum::install{

1、確保yum被安裝

package { 'yum':
ensure => installed,
}

2、創建光盤掛載目錄

file { '/media/cdrom':
ensure => directory,
owner => root,
group => root,
}

3、確保光盤被掛載

方法一：EXEC

exec { "mount_cdrom":

path => "/usr/bin:/usr/sbin:/bin",

command => '/bin/mount /dev/cdrom /media/cdrom/',

creates => '/media/cdrom/RPM-GPG-KEY-CentOS-6',

require => File['/media/cdrom'],

}

方法二：MOUNT

mount { 'mount_cdrom':
name => "/media/cdrom", #掛載到的目標目錄
ensure => mounted, #要求被掛載狀態
fstype => "iso9660", #光盤的文件類型，使用mount命令或cat /etc/fstab查看
device => "/dev/cdrom", #光盤的設備，是個鏈接，實際指向/dev/sr0
options => "ro", #以只讀方式掛載光盤
atboot => true, #允許開機啟動時掛載上
remounts => true, #允許重新掛載
require => File['/media/cdrom'], #要求掛載目標目錄存在
}

4、安裝源前先備份

file { '/etc/yum.repos.d/bak':
ensure => directory,
owner => root,
group => root,
}
exec { "repos_bak":
path => "/usr/bin:/usr/sbin:/bin",
command => 'mv -f /etc/yum.repos.d/[^c].repo /etc/yum.repos.d/bak/', #將不是小寫c開頭的repo文件強制移動到備份目錄
creates => '/etc/yum.repos.d/bak/CentOS-Base.repo', #當備份目錄存在這個文件時不再執行此資源
require => File['/etc/yum.repos.d/bak'], #要求備份目錄存在
}
}
說明：新生成的repo文件都是小寫c開頭的，因此將不是c開頭（[^c]）的repo文件移至bak，

原文件都是CentOS開頭的，外加一個puppetlabs.repo，可以將[^c].repo改成CentOS.repo，只將原文件備份。

（4）定義配置類

[root@puppet ~]# vi /etc/puppet/modules/yum/manifests/config.pp
class yum::config{
include yum::params
include yum::config_file,yum::config_key,yum::config_repo
}

1、定義配置文件

class yum::config_file{
file { '/etc/yum.conf': #yum主配置文件yum.conf路徑
ensure => present, #要求文件處于存在狀態
owner => 'root', #屬主為root
group => 'root', #屬組為root
mode => '0644', #文件權限為644
source => 'puppet:///modules/yum/yum.conf', #自動搜索yum模塊下的files目錄，因此省略/files
require => Class['yum::install'], #要求在配置之前先安裝yum軟件包
}
file { '/etc/yum.repos.d/centos-base.repo': #設置光盤repo的一些屬性，文件名是yumrepo中的標題名定義的，必須一致
ensure => present,
owner => 'root',
group => 'root',
mode => '0644',
require => Class['yum::config_repo'], #要求設置之前yumrepo資源centos-base必須存在
}
file { '/etc/yum.repos.d/centos-puppet.repo':
ensure => present,
owner => 'root',
group => 'root',
mode => '0644',
require => Class['yum::config_repo'],
}
file { '/etc/yum.repos.d/centos-163.repo':
ensure => present,
owner => 'root',
group => 'root',
mode => '0644',
require => Class['yum::config_repo'],
}
}

2、定義pki證書文件

class yum::config_key{ #設置pki證書的一些屬性及下載位置
file { yum::params::yum_centos_pki_download, #證書下載地址在參數類中定義
}
}

3、定義基本yum倉庫、puppet倉庫和163倉庫

class yum::config_repo{
yumrepo { centos-base: #創建yumrepo資源cenos-base
descr => yum::params::yum_centos_baseurl, #設置yum源下載地址
enabled => 1, #激活yum源
gpgcheck => 1, #設置要求通過pki校驗
gpgkey => yum::params::yum_puppet_descr,
baseurl => yum::params::yum_163_descr,
baseurl => $yum::params::yum_163_baseurl,
enabled => 1,
gpgcheck => 0,
priority => 3,
}
}
說明：創建了三個YUM源，都以centos(小寫)開頭的，客戶端安裝puppet時生成了puppetlabs.repo源，因此這里的centos-puppet源也可以省略。

（7）定義yum主類

[root@puppet ~]# vi /etc/puppet/modules/yum/manifests/init.pp
class yum {
include yum::params,yum::install,yum::config
}
（8）定義節點文件，調用模塊

[root@puppet ~]# vi /etc/puppet/manifests/centostest.pp
node "centostest.ewin.com" {
include ntp, yum
}
（9）應用節點文件

[root@puppet ~]# vi /etc/puppet/manifests/site.pp
import "centostest.pp"
（10）復制文件

將以下兩個文件從客戶端復制一份到服務端/etc/puppet/modules/yum/files下

/etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6

/etc/yum.conf

注意在文件頭部加上以***釋，測試的時候方便分辨

config by puppet

2、測試

（1）客戶端執行測試

[root@centostest ~]# puppet agent --server puppet.ewin.com -test --noop
Info: Caching catalog for centostest.ewin.com
Info: Applying configuration version '1415332221'
Notice: Finished catalog run in 1.09 seconds
（2）查看客戶端日志

[root@centostest ~]# tailf /var/log/messages
Nov 7 11:50:20 centostest puppet-agent[8809]: (/Stage[main]/Yum::Install/File[/media/cdrom]/ensure) created
Nov 7 11:50:20 centostest puppet-agent[8809]: (/Stage[main]/Yum::Install/Exec[mount_cdrom]/returns) executed successfully
Nov 7 11:50:22 centostest puppet-agent[8809]: (/Stage[main]/Yum::Install/File[/etc/yum.repos.d/bak]/ensure) created
Nov 7 11:50:22 centostest puppet-agent[8809]: (/Stage[main]/Yum::Install/Exec[repos_bak]/returns) executed successfully
Nov 7 11:50:23 centostest puppet-agent[8809]: (/Stage[main]/Yum::Config_key/File[/etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6]/content) content changed '{md5}e8e57fd1a55dc5c6d82e60a444781b96' to '{md5}a27c559bf7660f101317ac3b41a7600b'
Nov 7 11:50:23 centostest puppet-agent[8809]: (/Stage[main]/Yum::Config_repo/Yumrepo[centos-base]/ensure) created
Nov 7 11:50:24 centostest puppet-agent[8809]: (/Stage[main]/Yum::Config_repo/Yumrepo[centos-puppet]/ensure) created
Nov 7 11:50:24 centostest puppet-agent[8809]: (/Stage[main]/Yum::Config_repo/Yumrepo[centos-163]/ensure) created
Nov 7 11:50:24 centostest puppet-agent[8809]: (/Stage[main]/Yum::Config_file/File[/etc/yum.conf]/content) content changed '{md5}5d8b0bf30a8ee9d66a9cb2642186ac37' to '{md5}8c1fab4142147877a3f77f89eb8ccb7c'
Nov 7 11:50:24 centostest puppet-agent[8809]: Finished catalog run in 4.27 seconds
結論：可看到cdrom目錄創建、掛載命令執行成功、備份命令成功、同步了PKI文件和CON文件、創建了三個YUMREPO

（3）查看客戶端掛載的光盤目錄

[root@centostest ~]# ls /media/cdrom/
CentOS_BuildTag isolinux RPM-GPG-KEY-CentOS-Debug-6
EFI Packages RPM-GPG-KEY-CentOS-Security-6
EULA RELEASE-NOTES-en-US.html RPM-GPG-KEY-CentOS-Testing-6
GPL repodata TRANS.TBL
images RPM-GPG-KEY-CentOS-6
結論：掛載成功，如果用的EXEC方法將會判斷RPM-GPG-KEY-CentOS-6存在時不會再執行Exec，而且此文件是原文件，不是新建的空文件。

經測試umount /media/cdrom卸載光盤后會自動重啟掛載上，甚至卸載再刪除/media/cdrom目錄，也會恢復，有興趣的可以試試。

（4）查看YUM源備份

[root@centostest ~]# ls /etc/yum.repos.d/bak/
CentOS-Base.repo CentOS-Media.repo CentOS-Vault.repo
CentOS-Debuginfo.repo puppetlabs.repo
（5）查看客戶端同步的文件

[root@centostest ~]# cat /etc/yum.conf

config by puppet

[main]
...
[root@centostest ~]# cat /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6

config by puppet

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.5 (GNU/Linux)
...
結論：從文件頭部注釋信息可以確認文件同步成功

（6）查看YUM list

[root@centostest ~]# yum clean all
Loaded plugins: fastestmirror, refresh-packagekit, security
Cleaning repos: base puppetlabs-deps puppetlabs-products
Cleaning up Everything
Cleaning up list of fastest mirrors
[root@centostest ~]# yum list
Loaded plugins: fastestmirror, refresh-packagekit, security
Determining fastest mirrors
centos-163 | 2.9 kB 00:00
centos-163/primary_db | 1.2 kB 00:00
centos-base | 4.0 kB 00:00 ...
centos-base/primary_db | 4.4 MB 00:00 ...
centos-puppet | 2.5 kB 00:00
centos-puppet/primary_db 13% [=- ] 5.9 B/s | 17 kB --:-- ETA
結論：YUM三個倉庫都能成功加載，通過yum clean all再yum list可觀察。

[root@centostest ~]# yum list puppet
Loaded plugins: fastestmirror, refresh-packagekit, security
Loading mirror speeds from cached hostfile
http://mirrors.163.com/centos/6/contrib/x86_64/repodata/repomd.xml:
[Errno 12] Timeout on http://mirrors.163.com/centos/6/contrib/x86_64/repodata/repomd.xml:
(28, 'Operation too slow. Less than 1 bytes/sec transfered the last 30 seconds')
Trying other mirror.
Installed Packages
puppet.noarch 3.7.1-1.el6 @puppetlabs-products
Available Packages
puppet.noarch 3.7.3-1.el6 centos-puppet
結論：可以看到從163的源查找puppet超時，已安裝的包是從@puppetlabs安裝的，有效的包是在centos-puppet源中。

3、yum倉庫資源

yumrepo { "repo163": #YUM源文件.repo的文件名
descr => "163 repo", #倉庫的描述
baseurl => "http://mirrors.163.com/centos/basearch/", #倉庫的url
gpgcheck => "0", #是否檢查倉庫中的軟件包GPG簽名，可設置的值為0或者1.
enabled => "1", #是否開啟或者禁用倉庫，可設置的值為1或者0.1為開啟，0為禁用
}
{
enablegroups => , #是否可以使用yumgroup參數，如yumgroup list,yumgroup install等
exclude => , #排除那些軟件的安裝與更新，支持shell通配符。
failovermethod => , #可設置的值為priority，roundrobin.
gpgkey => , #倉庫的軟件包簽名，GPG密鑰的URL。
include => , #包含配置url.
includepkgs => , #只有匹配的軟件包才能安裝或者更新。
keepalive => , #設置http/1.1選項，可設置的為0或者1.
metadata_expire => , #元組數據的過期時間，單位時間為秒。
miirorlist => , #倉庫的鏡像列表。
name => , #倉庫名字。
priority => , #優先級，可設置的是從1－99.
protect => , #啟用或者禁用對這個倉庫的保護?？稍O置的值為0或者1.
proxy => , #設置代理
}

4、mount掛載資源

掛載共享文件夾

mount { "/mount": #掛載的目標目錄，等同于name參數
device => "192.168.0.1:/share/nfs", #掛載的來源設備
fstype => "nfs", #文件系統類型
options => "_netdev,vers=3,tcp,rsize=8192,wsize=8192,noauto", #其他選項
}
掛載samba

mount {"/media":
ensure => mounted,
device => "http://172.22.2.89/public",
fstype => cifs,
options => "username=perofu,password=123456";
}
參數說明

mount { 'mount_cdrom':
name => "/media/cdrom", #掛載到的目標目錄
ensure => mounted, #要求被掛載狀態
fstype => "iso9660", #光盤的文件類型
device => "/dev/cdrom", #光盤的設備，是個鏈接，指向/dev/sr0
options => "ro", #以只讀方式掛載光盤
atboot => true, #允許開機啟動時掛載上
remounts => true, #允許重新掛載
require => File['/media/cdrom'], #要求掛載目標目錄存在
}
查看文件系統類型：

[root@centostest ~]# mount
/dev/mapper/vg_centostest-lv_root on / type ext4 (rw)
/dev/sda1 on /boot type ext4 (rw)
/dev/mapper/vg_centostest-lv_home on /home type ext4 (rw)
/dev/sr0 on /media/cdrom type iso9660 (ro)
發現以下報錯，是因為沒有加上options => "ro"，因為光盤是只讀的。

[mount_cdrom]) Could not evaluate: Execution of '/bin/mount /media/cdrom' returned 32:
mount: block device /dev/sr0 is write-protected, mounting read-only