Skip to content

Puppet :: Fundamentals

Jump to bottom
Sandesh Kota edited this page Apr 6, 2018 · 3 revisions

Intro

  • Puppet master runs only on LINUX. Puppet Agent runs on many platforms
  • Basically for System Administrators
  • Do it manually and then automate it

Challenges of System Admins:

  • Deploying Servers with consistent base configurations
  • Remediating inconsistent configurations
  • (Continous) application deployment
  • Automation (doing everything fast)

Why not Scripts:

  • Take time (write , debug & test)
  • Scripts are procedural (focused on "how") - Complex
  • Multiple ways of doing same thing (based on individual)
  • Must be written for each Operating System

Puppet programs are Declarative vs. Procedural (scripts) - Focuses on "What" instead of "How". Puppet abstracts Resources

  • Services, Packages, Files and Directories, Users
  • Puppet works on different Operating Systems: Linux, Windows, MacOS, Oracle Solaris, HP UX, FreeBSD
  • Alternatives: [Puppet], SaltStack Enterprise, Enterprise Chef, AnsibleWorks Ansible, CFEngine, Chef

Install Puppet master, Install & Configure puppet Agent, Puppet programs - manifests, Building & using Modules, Windows Configure Management

Puppet doesn't run in Top-Down order. It runs in its own order.

Resource Types:

  • Package Resource Type
  • File Resource Type
  • Service Resource Type

Configuration

  • Add Puppet-master IP-Address (172.31.0.201 | 172.31.0.203?) to "c:\windows\system32\drivers\etc\hosts" file
  • Agent
    • Modify puppet.conf [agent] server = puppetmsater
    • puppet agent --verbose --no-daemonize --onetime
  • Signing Agent Certificates

Puppet Manifest contains

  • Node definitions
  • Resource declarations
  • Variables
  • Classes

Code

Basic

  • Creating Nodes:
 node 'name' {
 }
  • Managing Files
file { '/info.txt':
  ensure => 'present',
  content => inline_template("Created by Puppet at <%= Time.now %>\n"),
}
  • Change Restoration
tail /var/log/messages
Output: content changed '{md5}c63164616sda846f164f96d4896' to '{md5}c541f6s564654f6464ds6f'
View: puppet filebucket -l --bucket /var/lib/puppet/clientbucket get /info.txt <c63164616sda846f164f96d4896>
Change: puppet filebucket -l --bucket /var/lib/puppet/clientbucket restore /info.txt <c63164616sda846f164f96d4896>
  • Installing a package
package { 'ntp':
  ensure => 'installed',
}
  • Constructing Service Resource Declarations
service { 'ntpd':
  ensure => 'running',
  enable => true,
}

-- For ubuntu- It is ntp
service { 'ntp':
  ensure => 'running',
  enable => true,
}

-- Selectors
$ntpservice = $osfamily ? {
  'redhat' => 'ntpd',
  'debian' => 'ntp',
  default => 'ntp',
}
service { $ntpservice:
  ensure => 'running',
  enable => true,
}
  • Class - A named collection of resource declarations, variables, selectors, or any other puppet code. (not same as OOP class)
class temp {
  package { 'ntp':
    ensure => 'installed',
  }
}
node 'wiki' {
  class { 'temp': }
}
  • Variables
class temp {
  $admintools = ['git', 'nano', 'screen']

  package { $admintools:
    ensure => 'installed',
  }
}

-- Uninstall - to uninstall a package

  ensure => 'absent'

Puppet Modules

  • Creating a module : re-usable | clean | readable | maintable
puppet module generate yourname-temp --environment production
  • Module Structure
    • manifests: puppet code unique to the module (init.pp starting point - automatically loaded)
    • files: contains static files
    • templates: contains files with mixed static and dynamic content, which can use custom variables and facts
    • lib: custom facts - Ex: puppet automatically sets $osfamily variable. Require Ruby coding
    • facts.d: conatin external facts. Can use any script or executable to generate facts
    • tests: for unit testing. Require Ruby coding
    • spec: for unit testing. Require Ruby coding
  • Loading class inside node.pp / init.pp / site.pp
include temp
class { 'temp': }
  • Conditions
if $osfamily == 'redhat' {
  package { 'php-xml':
    ensure => 'present',
  }
}
  • Install & Start (use ::)
class { '::apache': 
  subscribe => Package[$phpmysql],
  -- If this "$phmysql" ever changes (Ex: Install/Uninstall)  "apache" service should be restarted 
  -- Ensures mysql gets installed before apache is installed/started
}
-- This can also be done from the other end using
package { 'php-xml':
  ensure => 'present',
  notify => service['sshd'],
  -- this will notify the service defined with 'sshd' to run
}
  • Install Apache Mod PHP - which is a module of Apache and not Puppet
class { '::apache':
  path => '/var/www/html',
  mpm_module => 'prefork',
  subscribe => package[$phpmysql],
}
class { '::apache::mod::php':} 
-- '::' ensures that "apache" class is installed, puppet looks for the definition on the top in the manifest file
  • VCS Repo
vcsrepo { '/var/www/html':
  ensure: 'present',
  provider => 'git',
  source => "https://github.com/sample.git",
  revision => 'BRANCH_NAME',  
}
file { '/var/www/html/index.html':
  ensure => 'absent',
}
-- ensure that this "idnex.html" is deleted so that the git repo can be downloaded
-- still this may not work. As puppet may run the "vcsrepo" first and then delete the "index.html"
  • Resource Ordering : The examples below create the same ordering relationship:
-- First: before
package { 'openssh-server':
  ensure => present,
  before => File['/etc/ssh/sshd_config'],
}
-- second: require
file { '/etc/ssh/sshd_config':
  ensure  => file,
  mode    => '0600',
  source  => 'puppet:///modules/sshd/sshd_config',
  require => Package['openssh-server'],
}
-- third: ordering arrow
Package['openssh-server'] -> File['/etc/ssh/sshd_config']
  • MySQL Module
puppet module install puppetlabs-mysql --modulepath /etc

class { '::mysql::server':
  root_password => 'secretpassword', 
}
  • Firewall Module : To open up firewall for TCP/80 - editing IP tables
puppet module install puppetlabs-firewall --modulepath /etc

class { '::firewall': }
firewall { '000 allow http access'
  port => '80',
  proto => 'tcp',
  action => 'accept',
}

File Templates

  • Allows puppet to take a static file (like config file) and insert dynamic content
  • Regular textfile with a .erb extension (erb = Embedded Ruby Block)
-- LocalSettings.php
$siteName = "mysite";
$server   = "http://172.1.1.1";
$DBserver = "localhost";
$DBname   = "temp";

-- after changes: LocalSettings.erb
$siteName = <%= mysitename %>;
$server   = <%= myserver %>;
$DBserver = <%= mydbserver %>;
$DBname   = <%= mydbname %>;
  • Invoking a Template
$mysitename = "mysite"
$myserver   = "http://172.1.1.1"
$mydbserver = "localhost"
$mydbname   = "temp"
file { 'LocalSettings.php'
  path => '/var/www/html/LocalSettings.php'
  ensure => 'file',
  content => template('LocalSettings.erb'),
}
  • Drawback is to have all the variables in the .pp file

Hiera

  • Provides a separate place to store node-sepecific data
  • Not tied to any manifest or module
  • Text file with YAML extension
class mysite {
  $metanamespace = hiera('mysite::metanamespace')     -- hiera() is deprecated, use 'lookup()' instead
  $server = hiera('mysite::server')
  $dbserver = hiera('mysite::dbserver')
}
  • Can have multiple files - But can be overriden with a specific Order
  • Normal Path /etc/puppet/hiera.yaml
-- heira.yaml
:backends:
  - yaml
:yaml:
  :datadir: -- points to default dir mentioned above
:hierarchy:
  - "%{clientcert}" -- looks in default directru /var/lib/hiera/%{clientcert}.yaml file
  - common          -- looks in default directru /var/lib/hiera/common.yaml file
  • Creating YAML data, which is defined above
-- wiki.yaml
---
mysite::metanamespace: mynamespace
mysite::server: myserver

-- wikidefault.yaml
---
mysite::metanamespace: myoldnamespace
mysite::server: myoldserver
mysite::dbserver: myolddbserver
  • Assigning Classes with Hiera
node 'mysite' {
  hiera_include('classes')
}
node 'mysitetest' {
  hiera_include('classes')
}

-- mysite.yaml
classes:
  - mysite
  - linux

Windows Configuration Management

  • puppet Agent

    • Download & Install Puppet Agent
    • Settings are stored in C:\ProgramData (can be accessed only by Admins)

  • Generating Agent Certificates

    • Contact puppet master and generate the certificate signing request
    • Store the certificate in C:\ProgramData\PuppetLabs\puppet\etc\ssl
cmd: puppet_interactive
  • Roles and Profiles
    • Broken down into sub-classes
    • Create two modules: roles & profiles
class profiles{
}
class profiles::windows::mysql-workbench {
}
class profiles::windows::putty {
}

class roles {
}
class roles::windows-admin {
  class {'profiles::windows::mysql-workbench':}
  class {'profiles::windows::putty':}
}
  • Windows Package Management
    • Windows doesn't have a native way to search for and download software packages from Internet
    • Instead we need to download msi or installer package or executable package
    • When we use Puppet to install a software from msi/exe, the source of the file should be specified (File path/ UNC Path - shared path). Windows maintains databse of all installed softwares and a reference of all installed packages with a display name so the package title should match the Windows display name (to know first install the package manually and run puppet resource package to know the windows display name). if display name doesn't match it will try to install the package agian.
    • Dependency
      • Linux package manager automatically handles dependency (searches and installs)
      • Windows: manually dependency should be handled
### MySQL Workbench installation
-- Install opentable-download_file module: puppet module install opentable-download_file --modulepath /etc/puppet/environments/production/modules/
class profiles::windows::mysql-workbench {
  -- ensure folder exists
  file { 'c:/temp':
    ensure => 'directory',
  }
  -- download file from internet
  download_file { "Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501":
    url => 'http://download.microsoft.com/download/2/E/6/safg98afg9as8gfas0/vcredist_x64.exe',
    destination_directory => 'c:\temp',
  }
  -- install software
  package { "Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501":
    ensure => 'installed',
    source => 'c:\temp\/vcredist_x64.exe',
    install_options => ['/quiet'], -- To stop the "Prompt which asks the user to continue install"  
  }
  -- Similarly Need to download and install "Microsoft .NET Framework 4 Client Profile". This executable accepts ['/q'] as install_options
  -- Similarly Need to download and install "MySQL Workbench 6.2 CE". This executable doesn't needs install_options
}

### PuTTy and PuTTYgen
class profiles::windows::putty {
  file { 'c:/admin tools/':
    ensure => 'directory',
  }
  download_file { "Download putty":
    url => 'http://........../putty.exe',
    destination_path => 'c:\admin tools',
  }
  download_file { "Download puttygen":
    url => 'http://........../puttygen.exe',
    destination_path => 'c:\admin tools',
  }
}
  • Managing Services : puppet resource service 
service { 'MpsSvc'
  ensure => 'running'
  enable => true,
}

Links: https://forge.puppet.com/

Clone this wiki locally