First Moves with Puppet New Delhi Puppet HackDay/BarCamp March 13, 2010
1. First Moves with Puppet New Delhi Puppet HackDay/ BarCamp March 13, 2010 Presented by Slideshare Operations Engineering/Julie Tsai
2. Today Quick Primer Useful Commands PuppetingSudoers I — Permissions PuppetingSudoers II — OS Conditions PuppetingSudoers III — Inheriting Class Facter References 2
3. Quick Primer: How It Flows Ref. http://www.linuxforu.com/wp-content/uploads/2009/06/puppet_diagram.png 3
4. Quick Primer: Learning the Lingo Resource – instance of native type, plugin, or definition, i.e. user, exec, file Capitalized resource: invoked by other resources of previously defined resource, i.e. file foo.txt laver invoked as File[“foo.txt”] Class - resource(s) description with title, file, attributes Definition – abstract description of class, can be invoked multiple times Node – host instance (physical or virtual) Collection – groups of resources Recipe – sample puppet code (manifests/*.pp) 4
5. Quick Primer: Data Parameters Variables – substitution values Arrays – grouped list of values Attributes – statement(s) describing resources Literals – string values that needn’t be interpolated 5
6. Quick Primer: Variable Scoping Overridable variable defaults defined only in outer scope of resource instances Declarative language: Within the same-level scope, variables can only be defined once Qualified variables are a method of passing parameters from a class class mothership { $server = “juno” } class satellite { $ms = $mothership::server } 6
7. Quick Primer: Where Things Are Note: below assumes default install in /etc /etc/puppet/fileserver.conf(used by puppermasterd) path /var/lib/puppet/files allow 10.100.0.0/24 /etc/puppet/puppet.conf(used by clients’ puppetd) vardir = /var/lib/puppet logdir = /var/log/puppet classfile = $vardir/classes.txt /etc/puppet/manifests/[../..]/*.pp (architecture varies) 7
8. Quick Primer: A Client Directory Tree puppetclient01:/var/lib/puppet |-> classes.txt– node’s class membership |-> cientbucket– hashed config artifacts |-> lib |-> localconfig.yaml |-> ssl– authentication certs |-> state – checksums, entropy-tracking 8
10. Useful Commands to Get Started puppet <puppetscript.pp> - run standalone script -l /path/to/file.log– logpath -d– debug --noop– dry-run puppetd– daemon on client that schedules retrieval of configs from puppetmaster and applies locally -d– debug --test – verbose logging --noop– dry-run -l /path/to/log – log path facter– find out local node’s values for reserved classes 10
11. PuppetingSudoers I — Permissions Configure /etc/puppet/manifests/sudoers.pp : file { "/etc/sudoers": owner => root, group => wheel, mode => 400, } 11 And run: [puppet@puppet manifests]# puppet –noop –d /etc/puppet/manifests/sudoers.pp
13. PuppetingSudoers III — Inheriting Class /etc/puppet/manifests/sudoers3.pp class unix { file { "/etc/sudoers": owner => root, group => root, } service { "sshd": ensure => running, } } class centos_mycompany inherits unix { File["/etc/sudoers"] { mode => 440 } } 13
14. PuppetingSudoers III — Inheriting Class (cont.) /etc/puppet/manifests/sudoers3.pp node default { include unix } node bastionhost { include centos_mycompany } 14 And run: [puppet@puppet manifests]# puppet –d –noop sudoers3.pp [puppet@puppet manifests]# cat /var/lib/puppet/classes.txt
15. PuppetingSudoers III — Inheriting Class (cont. 2) Use Facter to defindnodename: [puppet@puppet manifests]# facter | egrep -i 'fqdn|hostname’ 15 /etc/puppet/manifests/sudoers3.pp node'puppet.us-west-1.compute.internal' { include centos_mycompany }
16. Facts about Facter Facter is a Puppet utility that discovers relevant “facts” that puppet can use to dynamically populate puppet manifest variables Executing command-line Facter can show you the reserved variables like FQDN, hostname, kernel, architecture, sshdsakey, etc. 16
17. References Reductive Labs Puppet Guideshttp://docs.reductivelabs.com/guides/ Glossary of Terms http://reductivelabs.com/trac/puppet/wiki/GlossaryOfTerms Resource Attributeshttp://reductivelabs.com/trac/puppet/wiki/TypeReference#metaparameters Nice vimrc for Puppethttp://www.davidpashley.com/blog/systems-administration/puppet/vim-highlighting.html Classic LISA ‘98 paper on best-practice infrastructures http://www.infrastructures.org/papers/bootstrap/bootstrap.html 17
Hinweis der Redaktion
Instructs to participants to test--> puppet -dsite.pp--> optional -l $LOG + other window with tail of log--> puppet --noop -dsite.pp --> pgrep -lf puppetd (default incremen is 30 min)--> pgrep -lf puppetmasterd
1) puppet --noopsudoers.pp2) puppet -dsudoers.pp* This faulty centos mode corrected by next exercise – this config actually changes file to faulty settings on purpose
1) demonstrate conditionals per OS <"puppet -d --noop sudoers2.pp"> 2) service, operations on resource <"puppet -d sudoers2.pp">
<run site.pp to have something to change again> (c) 1) class w/ file & service resources 2) inheritance <run once in non-func. mode> - to demo that nothing gets executed without resource instantiation, etc.
3)idefault & bastionhost node instance 4) bastionhost node instance <run once in non-func. mode> - to demo what it meands for node to belong to a certain class 5) cat /var/lib/puppet/classes.txt (loaded by puppetd)
6)facter | egrep -i 'fqdn|hostname' 7) specific node 'hostname' <run once in non-func. mode> <run once in func. mode>Done