This document provides an overview and agenda for a Puppet workshop. Puppet is an automated system configuration management tool. The workshop agenda includes installing and initializing Puppet, creating modules for user management and Apache site configuration, using templates, and setting up reporting and a dashboard. The document explains Puppet concepts like manifests, modules, templates, and functions. It also provides examples of Puppet configuration language and directory structures for modules.

1. Puppet
Automated System Configuration Management
Martin Alfke <martin.alfke@buero20.org>
1
Wednesday, December 8, 2010

2. Agenda
• Part I - Puppet Basics
• General + Communication
• Manifests, Modules, Templates + Functions
• Part II - Puppet Workshop
• Part III - Working with Puppet
• GIT/SVN for Puppet
• Production / Test / Development
• Monitoring
2
Wednesday, December 8, 2010

3. General
• “Put simply, Puppet is a system for automating
system administration tasks”
• Puppet...
• is a declarative language for expressing system
configuration
• is a client-server distribution
• Requirements:
• Ruby > 1.8.1 < 1.9
• Facter
3
Wednesday, December 8, 2010

4. Communication
• Security
• SSL certificate based authentication
• manual signing of certificate requests
• Layers:
• Configuration Language
• Transaction layer
• Resource Abstraction Layer
4
Wednesday, December 8, 2010

5. Supported Platforms
• Linux
• Debian / Ubuntu / Fedora / CentOS / RHEL /
OEL / Mandriva / SuSE / Gentoo
• BSD
• FreeBSD / OpenBSD
• Other Unix
• OS X / Solaris / HP-UX
• Windows - coming in 2010
5
Wednesday, December 8, 2010

6. Functional Overview
• Clients connect to
Puppet Master
• Puppet Master send
clients description of
tasks
• Puppet Master stores
Clients reports
• Reports can be imported
into dashboard database
• Dashboard web interface
to reports
6
Wednesday, December 8, 2010

7. Facter
/usr/bin/facter
architecture => amd64
domain => buero20.local
facterversion => 1.5.7
fqdn => puppet.buero20.local
...
interfaces => eth0,eth1
ipaddress => 10.0.2.15
...
operatingsystem => Debian
processorcount => 1
7
Wednesday, December 8, 2010

8. Puppet Configuration Language - 1-6
• manifests/site.pp
• Global file with node definitions
• modules/<name>/manifests/init.pp
• Module initialization
• Use lower case for names (modules, templates, functions,
defines, exec, resources,...)
8
Wednesday, December 8, 2010

9. Puppet Configuration Language - 2-6
• Resources
• user - create or remove users
• group - create or remove groups
• package install or remove distribution packages
• file - create directories, symlinks, copy files
• cron - add cron jobs
• service - run or stop services like daemons
9
Wednesday, December 8, 2010

10. Puppet Configuration Language - 3-6
• Classes
• aggregate resources for easier use
• subclasses (=nested classes) for modularity
• parameterised classes for more flexible handling
• classes support inheritance
10
Wednesday, December 8, 2010

11. Puppet Configuration Language - 4-6
• Definitions
• reusable objects
• Modules
• combine collections of resources, classes and
definitions
11
Wednesday, December 8, 2010

12. Puppet Configuration Language - 5-6
• Chaining resources
• make sure that a service is restarted after
filechange
• make sure that config file is copied prior
starting a service
• make sure that a package is installed prior
starting the service
12
Wednesday, December 8, 2010

13. Puppet Configuration Language - 6-6
• Nodes
• connect modules and clases to systems
• nodenames are short hostname, fqdn or
“default”
13
Wednesday, December 8, 2010

14. Manifests
• Define static resources
file { “/etc/passwd”: • Static resources have
owner => root, full path and name.
group => root,
mode => 644,
}
14
Wednesday, December 8, 2010

15. Manifests with facter Variables
• Using facter
variables inside
file { “sshconfig”:
a definition
name => $operatingsystem ? {
solaris => “/usr/local/etc/ssh/sshd_config”,
default => “/etc/ssh/sshd_config”,
},
owner => root,
group => root,
mode => 644,
}
15
Wednesday, December 8, 2010

16. Manifest with Sub-Classes
class mysql {
class client {
class packages {
package { "mysql-client": ensure => installed }
}
}
class server {
class packages {
package { "mysql-server": ensure => installed }
package { "mysql-common": ensure => installed }
16
Wednesday, December 8, 2010

17. Manifests with Exec
file {"/etc/apt/keys/pgp_key.asc":
owner => root, group => root, mode => 640,
source => "puppet://$server/files/etc/apt/keys/pgp_key.asc"
}
exec { "/usr/bin/apt-key add /etc/apt/keys/pgp_key.asc":
unless => "/bin/sh -c '[ `/usr/bin/apt-key list | grep buildd |
wc -l` -eq 1 ]'"
}
17
Wednesday, December 8, 2010

18. Manifests with Subscription
file {"/etc/apt/keys/puppet.key":
owner => root, group => root, mode => 640,
source => "puppet:///files/etc/apt/keys/puppet.key"
}
exec { subscribe-base-config-puppet-key:
command => "/usr/bin/apt-key add /etc/apt/keys/puppet.key;
/usr/bin/apt-get update",
logoutput => false,
refreshonly => true,
subscribe => File["/etc/apt/keys/puppet.key"]
}
18
Wednesday, December 8, 2010

19. Modules - Directory structure
• Directory structure - e.g. /etc/ssh/sshd_config
module/sshd/
manifests/
init.pp
files/
etc/ • Modules require strict
directories naming.
ssh/
sshd_config
19
Wednesday, December 8, 2010

20. Modules - Initialization Manifest
• init.pp manifest will be integrated
automatically when class name is
equal to module name
• modules/manifests/sshd/init.pp
class sshd {
file { “/etc/ssh/sshd_config”:
mode => 644,
source => “puppet:///modules/sshd/etc/ssh/sshd_config”,
}
}
20
Wednesday, December 8, 2010

21. Templates - Directory Structure
• Templates require strict
directory naming (like modules)
• Directory structure + content - e.g. Network settings
network/
manifests/
init.pp
templates/
network.erb
21
Wednesday, December 8, 2010

22. Templates - Initialization Manifest
• Templates may use facter variables
• Manifests - init.pp
file { “/etc/sysconfig/network”:
content => template(“templates/network.erb”),
}
• Templatess - network.erb
NETWORKING=yes
HOSTNAME=<%= hostname %>
NOZEROCONF=yes
22
Wednesday, December 8, 2010

23. Functions
• Directory structure e.g. read parameter
from configuration file using facter:
lib/
facter/
function.rb
• Content of library functions function.rb:
require ‘facter’
Facter.add(“PUPPET_FUNCTION”) do
%x{/bin/grep -E “^PUPPET_FUNCTION=” /etc/
puppet_function | sed -e ‘s/*.=//’ } .chomp
end
end
23
Wednesday, December 8, 2010

24. Agenda
• Part I - Puppet Basics
• General + Communication
• Manifests, Modules, Templates + Functions
• Part II - Puppet Workshop
• Part III - Working with Puppet
• GIT/SVN for Puppet
• Production / Test / Development
• Monitoring
24
Wednesday, December 8, 2010

25. Puppet Workshop
• Installation - Puppet master and client on puppet master only
• Initialization
• Installation - Puppet client on puppet client only
• Modules
• User Management
• Apache sites configuration
• Templating for /etc/hosts
• Setup Reporting and Dashboard
25
Wednesday, December 8, 2010

26. Puppet Workshop - Installation - 1-5
•check requirements:
• ruby --version
• ruby -rshadow -e’print “OKn”’
26
Wednesday, December 8, 2010

27. Puppet Workshop - Installation - 2-5
•from source
• fetch and extract source
• wget http://puppetlabs.com/downloads/facter/
facter-1.5.8.tar.gz
• wget http://puppetlabs.com/downloads/puppet/
puppet-2.6.2.tar.gz
27
Wednesday, December 8, 2010

28. Puppet Workshop - Installation - 3-5
• install
• ruby install.rb
• mkdir /etc/puppet
28
Wednesday, December 8, 2010

29. Puppet Workshop - Installation - 4-5
•configuration
• puppet --mkuser
• puppet --genconfig > /etc/puppet/puppet.conf
• vi /etc/hosts - add entry for nodename puppet if
not existing
29
Wednesday, December 8, 2010

30. Puppet Workshop - Installation - 5-5
•manifests/site.pp
• add empty section for default node
node default {
notice(“default node”)
}
30
Wednesday, December 8, 2010

31. Puppet Workshop - Initialization
•first start of puppet:
• puppetd --test
•puppet CA
• check client certificate
• puppetca --list
• puppetca --list --all
31
Wednesday, December 8, 2010

32. Puppet Workshop - Modules - 1-2
•File Structure
• mkdir -p modules/<name>/{manifests,files}
•modules/<name>/manifests/init.pp
class <name> {
notice(“module <name>”)
}
32
Wednesday, December 8, 2010

33. Puppet Workshop - Modules - 2-2
•including modules in manifests/site.pp
node default {
include <name>
}
33
Wednesday, December 8, 2010

34. Puppet Workshop - Account Module - 1-6
• User Management
• create your personal login
• create home directory
1. Module directories
mkdir -p modules/users/{manifests,files}
34
Wednesday, December 8, 2010

35. Puppet Workshop - Account Module - 2-6
2. Module init.pp
vi modules/users/manifests/init.pp
class users {
user{ "martin":
! home!! ! ! ! ! => "/home/martin",
! managehome! => true,
! shell! ! ! ! ! ! => "/bin/bash",
! comment!! ! ! => "Martin Alfke",
! ensure!! ! ! ! => present,
35
Wednesday, December 8, 2010

36. Puppet Workshop - Account Module - 3-6
#!uid! ! ! ! ! ! => 0,
#!gid !! ! ! ! ! => 0,
# password ! ! => '0OfNn.f5krlF2',
#!allowdupe !! => true,
}
}
36
Wednesday, December 8, 2010

37. Puppet Workshop - Account Module - 4-6
3. modify site.pp
vi manifests/site.pp
node default {
! include users
}
37
Wednesday, December 8, 2010

38. Puppet Workshop - Account Module - 5-6
1. create new file
mkdir -p modules/users/files/home/martin/www/
cat > modules/users/files/home/martin/www/index.html
<< EOF
<html>
<head><title>My testsite</title></head>
<body>
foo
</body>
</html>
EOF
38
Wednesday, December 8, 2010

39. Puppet Workshop - Account Module - 6-6
2. Module init.pp
add to modules/users/manifests/init.pp
class users {
......
file {“/home/martin/www”:
! ensure => directory,
}
file{“home/martin/www/index.html”:
! source => “puppet:///modules/users/home/martin/
www/index.html”,
}
}
39
Wednesday, December 8, 2010

40. Puppet Workshop - Apache Module - 1-6
• Apache sites Management
• packages
• your own vhost config
1. Module directories
mkdir -p modules/apache/{manifests,files}
mkdir -p modules/apache/files/etc/apache2/sites-available/
40
Wednesday, December 8, 2010

41. Puppet Workshop - Apache Module - 2-6
2. your vhost definition
cat > modules/apache/files/etc/apache2/sites-available/blit-
test << EOF
Listen 88
NameVirtualHost *:88
<VirtualHost *:88>
! DocumentRoot /home/martin/www
</VirtualHost>
EOF
41
Wednesday, December 8, 2010

42. Puppet Workshop - Apache Module - 3-6
2. Module init.pp
vi modules/apache/manifests/init.pp
class apache {
! package{“apache2”: ensure! ! => present }
!
! package{“php5-mysql”: ensure! => present }
! file{“/etc/apache2/sites-available/blit-test”:
! ! source => “puppet:///modules/apache/etc/apache2/sites-
available/blit-test”,
! }
}
42
Wednesday, December 8, 2010

43. Puppet Workshop - Apache Module - 4-6
3. Add to node default manifest site.pp
include apache
43
Wednesday, December 8, 2010

44. Puppet Workshop - Apache Module - 5-6
• Apache sites Management
1. Add to apache init.pp • enabling sites with function
class apache {
...
define vhost ($ensure = ʻpresentʼ) {
! case $ensure {
! ! ʻpresentʼ: {
! ! exec { “/usr/sbin/a2ensite $name”:
! ! ! unless => “/bin/readlink -e /etc/apache2/sites-enabled/$name”
! ! }
! ! }
44
Wednesday, December 8, 2010

45. Puppet Workshop - Apache Module - 5-6
! ! ʻabsentʼ: {
! ! ! exec { “/usr/sbin/a2dissite $name”:
! ! ! ! onlyif => “/bin/readlink -e /etc/apache2/sites-enabled/$name”
! ! ! }
! ! }
! ! default: { err (“Unknown ensure value: $ensure) }
! }
45
Wednesday, December 8, 2010

46. Puppet Workshop - Apache Module - 6-6
! vhost {“blit-test”:
! ! ensure => “present”,
! }
! vhost{“000-default”:
! ! ensure => absent,
! }
}
46
Wednesday, December 8, 2010

47. Puppet Workshop - Templates - 1-2
• File Structure
• mkdir -p modules/<name>/{manifests,templates}
• modules/<name>/manifests/init.pp
class <name> {
notice(“module <name>”)
}
47
Wednesday, December 8, 2010

48. Puppet Workshop - Templates - 2-2
• including modules in manifests/site.pp
node default {
include <name>
}
48
Wednesday, December 8, 2010

49. Puppet Workshop - Hosts Template - 1-3
• Hosts Template
• configure entries in /etc/host
1. Module directories
mkdir -p modules/hosts/{manifests,templates}
49
Wednesday, December 8, 2010

50. Puppet Workshop - Hosts Template - 2-3
2. Module init.pp
vi modules/hosts/manifests/init.pp
class hosts {
! file{“/etc/hosts”:
! ! owner! => root,
! ! group! => root,
!
! ! content!=> template(hosts.erb),
! }
}
50
Wednesday, December 8, 2010

51. Puppet Workshop - Hosts Template - 3-3
3. template hosts.erb
vi templates/hosts.erb
127.0.0.1!localhost
<%= ipaddress %>!<%= fqdn %> <%= hostname %>
192.168.0.2! puppet
192.168.0.4! mysql! mysqlmaster
51
Wednesday, December 8, 2010

52. Puppet Workshop - Functions - 1-2
• File Structure
• mkdir -p modules/<name>/lib/
52
Wednesday, December 8, 2010

53. Puppet Workshop - Functions - 2-2
• including modules in manifests/site.pp
node default {
include <name>
}
53
Wednesday, December 8, 2010

54. Puppet Workshop - Facter Function - 1-4
• Facter Function
• provide additional fact
1. Module directories
mkdir -p modules/facter/lib/facter
54
Wednesday, December 8, 2010

55. Puppet Workshop - Facter Function - 2-4
2. function.rb
vi modules/facter/lib/facter/function.rb
require ʻfacterʼ
Facter.add(“PUPPET_FUNCTION”) do
! setcode do
! ! %x{/bin/grep -E “^PUPPET_FUNCTION=” /etc/puppet_function |
sed -e ʻs/.*=//ʼ}.chomp
! end
end
55
Wednesday, December 8, 2010

56. Puppet Workshop - Facter Function - 3-4
3. puppet.conf
section [main]
pluginsync = true
4. puppet run
puppetd --test
5. call facter puppet function
facter --puppet | grep puppet_function
56
Wednesday, December 8, 2010

57. Puppet Workshop - Facter Function - 4-4
3. use custom facts in manifests
case $puppet_function {
! “MYSQL”:! ! { include mysql }
! “APACHE”:!! { include apache }
! “PROXY”:! ! { include proxy }
...
}
57
Wednesday, December 8, 2010

58. Puppet Workshop - Dashboard - 1-5
• Installation
• fetch and extract sourc
• wget http://puppetlabs.com/downloads/
dashboard/puppet-dashboard-1.0.4.tgz
• install mysql-server
58
Wednesday, December 8, 2010

59. Puppet Workshop - Dashboard - 2-5
• Configuration
• edit /usr/share/puppet-dashboard/config/database.yaml
• Create Database
• cd /usr/share/puppet-dashboard; rake RAILS_ENV
db:create or
• mysql -Ne ‘create database dashboard;’
59
Wednesday, December 8, 2010

60. Puppet Workshop - Dashboard - 3-5
• Initialize Database
• cd /usr/share/puppet-dashboard; rake
RAILS_ENV db:migrate
• Import Reports
• cd /usr/share/puppet-dashboard; rake
RAILS_ENV=production reports:import
60
Wednesday, December 8, 2010

61. Puppet Workshop - Dashboard - 4-5
• Start service
• cd /usr/share/puppet-dashboard; ./bin/server
-e production -d
• Review your Dashboard in browser
• http://<your puppetmaster ip>:3000/
61
Wednesday, December 8, 2010

62. Puppet Workshop - Dashboard - 5-5
• add error to manifest (e.g. point source to a
non existing file)
• run puppetd
• puppetd --test
• import data
• cd /usr/share/puppet-dashboard; rake
RAILS_ENV=production reports:import
• review dashboard
62
Wednesday, December 8, 2010

63. Agenda
• Part I - Puppet Basics
• General + Communication
• Manifests, Modules, Templates + Functions
• Part II - Puppet Workshop
• Part III - Working with Puppet
• GIT/SVN for Puppet
• Production / Test / Development
• Monitoring
63
Wednesday, December 8, 2010

64. Puppet into GIT/SVN
• Why revision control system?
• Co-working
• Branches
• Which RCS System?
• Which ever you prefer
64
Wednesday, December 8, 2010

65. Puppet Staging
• Production, Test and Development
• /etc/puppet/puppet.conf
• [main] - environment = ...
• [development] - modulepath=/etc/puppet/
development/modules
• [testing] - modulepath=/etc/puppet/testing/
modules
• [production] - modulepath=/etc/puppet/
production/modules
65
Wednesday, December 8, 2010

66. Puppet Monitoring
• Puppet Dashboard
• Configure puppet to store results
• [master] section: reports=http, store
• [agent] (v2.6) or [puppetd] section: report=true
• Configure Database (e.g. MySQL)
66
Wednesday, December 8, 2010

67. Puppet Dashboard
67
Wednesday, December 8, 2010

68. Puppet
Automated System Configuration Management
Thank you !
Questions ?
Martin Alfke <martin.alfke@buero20.org>
68
Wednesday, December 8, 2010