A week of Puppeteering

Brunei Geek Meet: 9th Sept 2015

What is Puppet?


  • A system to define and configure infrastructure
  • And to ensure that the systems stay that way
    • Infrastructure as code
    • Automateable, Repeatable, Scalable



  • The want for a consistent development and production environment
  • Prevents the "Works/Builds on my Machine"
  • Devops


  • Everything is run from the node itself
  • Utilizes a scheduled job to run things constantly



  • Master: contains the configuration
    • Stores and Describes the "Desired State" of nodes
    • Can have more than 1 master
  • Agents: systems/nodes to be configured by the master
    • Many agents querying a single master
    • Agents query master everything 30 minutes
    • If there is a difference / drift, the node will automatically correct itself


  • Catalog

    • Document that describes the desired system state of a system

      • list resources to be managed

      • specifies dependencies between resources

    • Stored on the Master

  • Facts

    • Represents individual pieces of information of the node (e.g. operating system, ip address)

Desired State

    facter               # see all facts
    facter ipaddress     # retrieve ip address of system
    facter hostname      # retrieve hostname of system
  • Manifests are files containing Puppet code

  • .pp extension

  • Manually execute a manifest

  • Puppet starts with the main/site manifest

    • $confdir/manifests/site.pp

  • Manifests will have

    • resources declared in them

    • logic to process nodes according to their facts


puppet apply file.pp
puppet config print
  • Basic building blocks of manifests

  • Resource Abstraction Layer (RAL) allows for single naming of types

  • Providers

    • actual implementation of the resource

    • (operating) system dependent

    • E.g. Package type => providers: apt, yum, gem


    puppet resource user       # inspect all user resources

    puppet resource user test  # inspect a single user
  • Type.Title must be unique


  • Creating / Editing / Querying


    # defining a resource 
    user { 'gary':
      ensure => present,
      uid    => '1002',
      gid    => '01',
    # directly executing puppet code
    puppet apply -e "user { 'gary': ensure => present, \
 	             uid    => '1002', gid    => '01', }"

    # modifying an existing resource, shows all attributes
    puppet resource -e user gary


    # defining the class

    class apache ($version = 'latest') {
      package {'httpd':
        ensure => $version, # Using the class parameter from above
        before => File['/etc/httpd.conf'],
      file {'/etc/httpd.conf':
        ensure  => file,
        owner   => 'httpd',
        content => template('apache/httpd.conf.erb'), # Template from a module
      service {'httpd':
        ensure    => running,
        enable    => true,
        subscribe => File['/etc/httpd.conf'],
  • Classes can be used after definition / declaration 


    # using the class

    # simple usage
    include 'apache'

    # for specifying parameter values
    class {apache: 
        version => "2.6",
  • docs.puppetlabs.com/puppet/latest/reference/modules_fundamentals.html

  • Self contained bundle of manifests and files

  • Automatically loaded and can be used similar to classes

  • Essentially a directory with specific files and directories
  • module_name
    • manifests/     (contains all manifests.
                               init.pp must have class name == to module name)
    • files/               (static files which managed files can download)
    • templates/    (templates which modules manifest can use)
    • lib/                  (plugins like custom facts / resource types)
    • tests/              (examples of how to use module)
    • spec/              (spec tests for any plugins in lib dir)





    puppet module search module_name

    puppet module install module_name
  • before
    • Applies a resource before the target resource
  • require
    • Applies a resource after the target resource
  • notify
    • Applies a resource before the target resource. The target resource refreshes if the notifying resource changes.
  • subscribe
    • Applies a resource after the target resource. The subscribing resource refreshes if the target resource changes.

Relationships and Ordering

Relationships and Ordering

    package { 'openssh-server':
      ensure => present,
      before => File['/etc/ssh/sshd_config'],

    file { '/etc/ssh/sshd_config':
      ensure  => file,
      mode    => '0600',
      source  => 'puppet:///modules/sshd/sshd_config',
      require => Package['openssh-server'],

    file { '/etc/ssh/sshd_config':
      ensure => file,
      mode   => '0600',
      source => 'puppet:///modules/sshd/sshd_config',
      notify => Service['sshd'],

    service { 'sshd':
      ensure    => running,
      enable    => true,
      subscribe => File['/etc/ssh/sshd_config'],


  • (Correct) Configurations can safely be run multiple times
  • Running multiple times should have no detrimental affect

Learning Puppet





By Timothy Lim