manifests
CHAPTER 3
TOPICS
-
Resource DSL
-
Manifests
-
puppet apply
-
Idempotence
-
Execute Resource
Resources
Puppet looks at your infrastructure as a collection of entities
package
file
network interface
service
cronjob
cronjob
user
directory
Resources
these entities can then be described using resources.
PUPPET's DSL
( Domain specific language)
which are written using
resources are statements of configuration policy
Resources
Puppet then translates these resources
package
yum
apt
zypper
into providers
which are platform specific procedures
DSL
user
{
'devops'
}
ensure
present,
uid
gid
home
shell
'5001',
'5001',
'/home/devops',
'/bin/bash',
type
name
properties
:
=>
=>
=>
=>
=>
Finding resources
how do i know which resources to use with what actions and properties?
manifests
-
manifests are files which contain collection of resources
-
written to achieve a specific objective
-
have .pp extension
-
resources in a manifest can be applied in any order
user {"deploy" :
ensure => present,
uid => 5001,
password => '$1$WD98.uaZ$cxx30x/K3FXQrljxsvBIu/',
home => '/home/deploy'
}
user {"dojo" :
ensure => absent,
}
package { "tree":
ensure => installed
}
writing our first manifest
Group exercise
-
tree
-
git
-
ntp
Create user
- deploy
Install Packages
Lets create a recipe base.pp with following resource specifications
Remove user
- dojo
Add file /etc/motd
with content
"Property of XYZ"
-
wget
-
unzip
Start service
- ntp
approach
Group exercise
-
Find out the puppet resource required to manage the entity
-
Find out the relevant ensure values and properties
-
Create a manifest and apply
Writing first manifest
manifest
Group exercise
file: base.pp
user {"deploy" :
ensure => present,
uid => 5001,
password => '$1$WD98.uaZ$cxx30x/K3FXQrljxsvBIu/',
home => '/home/deploy',
managehome => true,
}
Syntax check
Group exercise
[output]
puppet parser validate base.ppapplying manifest
puppet apply
-
we are using a masterless puppet mode, and applying manifests locally
-
puppet comes with apply utility which allows it to compile and apply manifests locally -
in case of master agent mode, we would start using puppet agent instead
puppet apply
Group exercise
puppet help apply
puppet-apply(8) -- Apply Puppet manifests locally
========
SYNOPSIS
--------
Applies a standalone Puppet manifest to the local system.
USAGE
-----
puppet apply [-h|--help] [-V|--version] [-d|--debug] [-v|--verbose]
[-e|--execute] [--detailed-exitcodes] [-L|--loadclasses]
[-l|--logdest syslog|eventlog|<FILE>|console] [--noop]
[--catalog <catalog>] [--write-catalog-summary] <file>
DESCRIPTION
-----------
This is the standalone puppet execution tool; use it to apply
individual manifests.
When provided with a modulepath, via command line or config file, puppet
apply can effectively mimic the catalog that would be served by puppet
master with access to the same modules, although there are some subtle
differences. When combined with scheduling and an automated system for
pushing manifests, this can be used to implement a serverless Puppet
site.
Most users should use 'puppet agent' and 'puppet master' for site-wide
manifests.
options
-d, --debug
--noop
-v, --verbose
DRY run
Group exercise
puppet apply --noop base.pp
root@puppet:/workspace# puppet apply --noop base.pp
Notice: Compiled catalog for puppet.codespaces.io in environment production in 0.16 seconds
Notice: /Stage[main]/Main/User[deploy]/ensure: current_value absent, should be present (noop)
Notice: Class[Main]: Would have triggered 'refresh' from 1 events
Notice: Stage[main]: Would have triggered 'refresh' from 1 events
Notice: Applied catalog in 0.09 secondscommit changes
Group exercise
root@puppet:/workspace# puppet apply base.pp
Notice: Compiled catalog for puppet.codespaces.io in environment production in 0.13 seconds
Notice: /Stage[main]/Main/User[deploy]/ensure: created
Notice: Applied catalog in 0.11 seconds puppet apply base.pp
workflow
load facts
cleans cache
compile catalog
converge/apply
report
convergence
-
by defining the policy, and
-
by comparing current state of the infrastructure and
-
bring it in line with the policy by
-
taking action/not taking action
-
puppet resources are idempotent (most)
Puppet takes a convergent approach to configuration
apply again
Group exercise
puppet apply base.pp
root@puppet:/workspace# puppet apply base.pp
Notice: Compiled catalog for puppet.codespaces.io in environment production in 0.12 seconds
Notice: Applied catalog in 0.04 seconds Exercise
LAB
-
tree
-
git
-
ntp
Install Packages
Lets add the following resource to base.pp
Remove user
- dojo
Add file /etc/motd
with content
"Property of XYZ"
-
wget
-
unzip
Start service
- ntp
apt-get update
fix
If you see an error while running puppet apply, it might be related to package repositories not being up to date. Run the following command once before applying again....
guards
Exec Resource
only_if
unless
creates
refreshonly => true
Common Functionality
-
notifies -
subscribes
Execute Resource
Notifications
action :nothing
Actions
-
not_if
-
only_if
Guards
- :before
- :delayed
- :immediate, :immediately
Timers
sample code
package { ['libsqlite3-dev', 'sqlite3']:}
exec { 'download_facebooc_from_source':
command => 'wget https://github.com/jserv/facebooc/archive/master.zip',
path => '/usr/bin:/usr/sbin:/bin:/usr/local/bin',
cwd => '/opt',
user => 'root',
creates => '/opt/master.zip',
notify => Exec['extract_facebook_app']
}
exec { 'extract_facebook_app':
command => 'unzip master.zip && touch /opt/.facebooc_compile',
path => '/usr/bin:/usr/sbin:/bin:/usr/local/bin',
refreshonly => true,
cwd => '/opt',
user => 'root',
#subscribe => Exec['download_facebooc_from_source']
}
exec { 'compile_facebooc':
command => 'make all && rm /opt/.facebooc_compile',
path => '/usr/bin:/usr/sbin:/bin:/usr/local/bin',
cwd => '/opt/facebooc-master',
user => 'root',
onlyif => 'test -f /opt/.facebooc_compile',
}
exec { 'run_facebooc':
command => 'bin/facebooc 16000 &',
path => '/usr/bin:/usr/sbin:/bin:/usr/local/bin:/opt/facebooc-master',
cwd => '/opt/facebooc-master',
user => 'root',
unless => 'netstat -an | grep 16000 | grep -i listen',
}
LAB