manifests

CHAPTER 3

TOPICS

  • Resource DSL

  • Manifests

  • puppet apply

  • Idempotence

  • Execute Resource 

Resources

Puppet looks at your infrastructure as a collection of entities

package

file

network interface

service

cronjob

cronjob

user

directory

Resources

these entities can then be described using resources. 

PUPPET's DSL

( Domain specific language) 
which are written using 
resources are statements of configuration policy

Resources

Puppet then translates these resources 

package

yum

apt

zypper

          into providers 
          which are platform specific procedures

DSL

user 
{
'devops'
}
ensure
present,
uid
gid
home
shell
'5001',
'5001',
'/home/devops',
'/bin/bash',

type

name

properties

:
=>
=>
=>
=>
=>

Finding resources

how do i know which resources to use with what actions and properties? 

manifests

  • manifests are files which contain collection of resources
  • written to  achieve a specific objective
  • have .pp extension 
  • resources in a manifest can be  applied in any order
user {"deploy" :
  ensure    => present, 
  uid       => 5001, 
  password  => '$1$WD98.uaZ$cxx30x/K3FXQrljxsvBIu/',
  home      => '/home/deploy'
}
    
user {"dojo" :
  ensure  => absent, 
}
    
package { "tree":
    
  ensure  => installed
    
}
    

writing our first manifest

Group exercise

  • tree

  • git

  • ntp

Create user

  • deploy 

Install Packages

Lets create a recipe base.pp with following resource specifications

Remove user

  • dojo 

Add file /etc/motd

with content

"Property of XYZ"

  • wget

  • unzip

Start service

  • ntp

approach

Group exercise

  • Find out the puppet resource required to manage the entity
  • Find out the relevant ensure values and properties
  • Create a manifest and apply

Writing first manifest

manifest

Group exercise

file:  base.pp

 

  user {"deploy" :
      ensure       => present, 
      uid          => 5001, 
      password     => '$1$WD98.uaZ$cxx30x/K3FXQrljxsvBIu/',
      home         => '/home/deploy', 
      managehome   => true, 
  }
    

Syntax check

Group exercise


[output]


puppet parser validate base.pp

applying manifest

puppet apply
  • we are using a masterless puppet mode, and applying manifests locally
  • puppet comes with apply utility which allows it to compile and apply manifests locally
    
  • in case of master agent mode, we would start using puppet agent instead

puppet apply

Group exercise

puppet help apply

puppet-apply(8) -- Apply Puppet manifests locally                                                                
========                                                                                                         
                                                                                                                 
SYNOPSIS                                                                                                         
--------                                                                                                         
Applies a standalone Puppet manifest to the local system.                                                        
                                                                                                                 
                                                                                                                 
USAGE                                                                                                            
-----                                                                                                            
puppet apply [-h|--help] [-V|--version] [-d|--debug] [-v|--verbose]                                              
  [-e|--execute] [--detailed-exitcodes] [-L|--loadclasses]                                                       
  [-l|--logdest syslog|eventlog|<FILE>|console] [--noop]                                                         
  [--catalog <catalog>] [--write-catalog-summary] <file>                                                         
                                                                                                                 
                                                                                                                 
DESCRIPTION                                                                                                      
-----------                                                                                                      
This is the standalone puppet execution tool; use it to apply                                                    
individual manifests.                                                                                            
                                                                                                                 
When provided with a modulepath, via command line or config file, puppet                                         
apply can effectively mimic the catalog that would be served by puppet                                           
master with access to the same modules, although there are some subtle                                           
differences. When combined with scheduling and an automated system for                                           
pushing manifests, this can be used to implement a serverless Puppet                                             
site.                                                                                                            
                                                                                                                 
Most users should use 'puppet agent' and 'puppet master' for site-wide                                           
manifests.                                                                                                       
                                                             

options

-d,  --debug
     --noop
-v,  --verbose

 DRY run

Group exercise

puppet apply --noop base.pp
root@puppet:/workspace# puppet apply --noop base.pp                                                 
Notice: Compiled catalog for puppet.codespaces.io in environment production in 0.16 seconds         
Notice: /Stage[main]/Main/User[deploy]/ensure: current_value absent, should be present (noop)       
Notice: Class[Main]: Would have triggered 'refresh' from 1 events                                   
Notice: Stage[main]: Would have triggered 'refresh' from 1 events                                   
Notice: Applied catalog in 0.09 seconds

commit changes

Group exercise

root@puppet:/workspace# puppet apply  base.pp                                                       
Notice: Compiled catalog for puppet.codespaces.io in environment production in 0.13 seconds         
Notice: /Stage[main]/Main/User[deploy]/ensure: created                                              
Notice: Applied catalog in 0.11 seconds         
puppet apply  base.pp

workflow

load facts

cleans cache

compile catalog

converge/apply

report

convergence

  • by defining the policy, and
  • by comparing current state of the infrastructure and 
  • bring it in line with the policy by
  • taking action/not taking action
  • puppet resources are idempotent (most)
Puppet takes a convergent approach to configuration

apply again

Group exercise

puppet apply base.pp 
root@puppet:/workspace# puppet apply  base.pp                                                       
Notice: Compiled catalog for puppet.codespaces.io in environment production in 0.12 seconds         
Notice: Applied catalog in 0.04 seconds       

Exercise

LAB

  • tree

  • git

  • ntp

Install Packages

Lets add the following resource to base.pp

Remove user

  • dojo 

Add file /etc/motd

with content

"Property of XYZ"

  • wget

  • unzip

Start service

  • ntp
apt-get update 

fix

If you see an error while running puppet apply, it might be related to package repositories not being up to date. Run the following command once before applying again....

guards

Exec Resource 

only_if
unless
creates
refreshonly => true

Common Functionality

  • notifies
  • ​​subscribes

Execute Resource 

Notifications

action :nothing

Actions

  • not_if
  • only_if

Guards

  • :before
  • :delayed
  • :immediate, :immediately

Timers

sample code

package { ['libsqlite3-dev', 'sqlite3']:}

exec { 'download_facebooc_from_source':
  command  => 'wget https://github.com/jserv/facebooc/archive/master.zip',
  path => '/usr/bin:/usr/sbin:/bin:/usr/local/bin',
  cwd      => '/opt',
  user     => 'root',
  creates  => '/opt/master.zip',
  notify   => Exec['extract_facebook_app']
}


exec { 'extract_facebook_app':
  command      => 'unzip master.zip  && touch /opt/.facebooc_compile',
  path => '/usr/bin:/usr/sbin:/bin:/usr/local/bin',
  refreshonly  => true,
  cwd          => '/opt',
  user         =>  'root',
  #subscribe    =>  Exec['download_facebooc_from_source']
}

exec { 'compile_facebooc':
  command  => 'make all && rm /opt/.facebooc_compile',
  path => '/usr/bin:/usr/sbin:/bin:/usr/local/bin',
  cwd      => '/opt/facebooc-master',
  user     => 'root',
  onlyif   => 'test -f /opt/.facebooc_compile',
}


exec { 'run_facebooc':
  command  => 'bin/facebooc 16000 &',
  path => '/usr/bin:/usr/sbin:/bin:/usr/local/bin:/opt/facebooc-master',
  cwd      => '/opt/facebooc-master',
  user     => 'root',
  unless   => 'netstat -an | grep 16000 | grep -i listen',
}

LAB

Made with Slides.com