A week of Puppeteering
Brunei Geek Meet: 9th Sept 2015
What is Puppet?
- A system to define and configure infrastructure
- And to ensure that the systems stay that way
- Infrastructure as code
- Automateable, Repeatable, Scalable
Why?
- The want for a consistent development and production environment
- Prevents the "Works/Builds on my Machine"
- Devops
Stand-Alone
- Everything is run from the node itself
- Utilizes a scheduled job to run things constantly
Agent/Master
-
Master: contains the configuration
- Stores and Describes the "Desired State" of nodes
- Can have more than 1 master
-
Agents: systems/nodes to be configured by the master
- Many agents querying a single master
- Agents query master everything 30 minutes
- If there is a difference / drift, the node will automatically correct itself
Architecture
-
Catalog
-
Document that describes the desired system state of a system
-
list resources to be managed
-
specifies dependencies between resources
-
-
Stored on the Master
-
-
Facts
-
Represents individual pieces of information of the node (e.g. operating system, ip address)
-
Desired State
facter # see all facts
facter ipaddress # retrieve ip address of system
facter hostname # retrieve hostname of system
-
Manifests are files containing Puppet code
-
.pp extension
-
Manually execute a manifest
-
Puppet starts with the main/site manifest
-
$confdir/manifests/site.pp
-
-
Manifests will have
-
resources declared in them
-
logic to process nodes according to their facts
-
Manifests
puppet apply file.pp
puppet config print
-
Basic building blocks of manifests
-
Resource Abstraction Layer (RAL) allows for single naming of types
-
User, File, Package, Service
-
-
Providers
-
actual implementation of the resource
-
(operating) system dependent
-
E.g. Package type => providers: apt, yum, gem
-
Resources
puppet resource user # inspect all user resources
puppet resource user test # inspect a single user
-
Type.Title must be unique
-
Creating / Editing / Querying
Resources
# defining a resource
user { 'gary':
ensure => present,
uid => '1002',
gid => '01',
}
# directly executing puppet code
puppet apply -e "user { 'gary': ensure => present, \
uid => '1002', gid => '01', }"
# modifying an existing resource, shows all attributes
puppet resource -e user gary
-
Grouping of resources related to a specific function
-
Named blocks of Puppet code
-
Named so that can be used in nodes easily
-
-
https://docs.puppetlabs.com/puppet/latest/reference/lang_classes.html
Classes
# defining the class
class apache ($version = 'latest') {
package {'httpd':
ensure => $version, # Using the class parameter from above
before => File['/etc/httpd.conf'],
}
file {'/etc/httpd.conf':
ensure => file,
owner => 'httpd',
content => template('apache/httpd.conf.erb'), # Template from a module
}
service {'httpd':
ensure => running,
enable => true,
subscribe => File['/etc/httpd.conf'],
}
}
-
Classes can be used after definition / declaration
Classes
# using the class
# simple usage
include 'apache'
# for specifying parameter values
class {apache:
version => "2.6",
}
-
docs.puppetlabs.com/puppet/latest/reference/modules_fundamentals.html
-
Self contained bundle of manifests and files
-
Automatically loaded and can be used similar to classes
- Essentially a directory with specific files and directories
-
module_name
- manifests/ (contains all manifests.
init.pp must have class name == to module name) - files/ (static files which managed files can download)
- templates/ (templates which modules manifest can use)
- lib/ (plugins like custom facts / resource types)
- tests/ (examples of how to use module)
-
spec/ (spec tests for any plugins in lib dir)
- manifests/ (contains all manifests.
Modules
-
Puppet Forge: online repository of modules
-
Location
-
$confdir/modules
-
-
Searching / Installing Modules
Modules
puppet module search module_name
puppet module install module_name
- before
- Applies a resource before the target resource
- require
- Applies a resource after the target resource
- notify
- Applies a resource before the target resource. The target resource refreshes if the notifying resource changes.
- subscribe
- Applies a resource after the target resource. The subscribing resource refreshes if the target resource changes.
Relationships and Ordering
Relationships and Ordering
package { 'openssh-server':
ensure => present,
before => File['/etc/ssh/sshd_config'],
}
file { '/etc/ssh/sshd_config':
ensure => file,
mode => '0600',
source => 'puppet:///modules/sshd/sshd_config',
require => Package['openssh-server'],
}
file { '/etc/ssh/sshd_config':
ensure => file,
mode => '0600',
source => 'puppet:///modules/sshd/sshd_config',
notify => Service['sshd'],
}
service { 'sshd':
ensure => running,
enable => true,
subscribe => File['/etc/ssh/sshd_config'],
}
Idempotency
- (Correct) Configurations can safely be run multiple times
- Running multiple times should have no detrimental affect
-
Use the Learning VM
-
Self-Paced Training
-
Personally found this slow and couldn't find code that was used as prerequisites to the exercises!
Learning Puppet
Demo
-
Chef
-
Collaborations with Microsoft (presumingly better Windows support)
-
-
Salt
-
Ansible
Alternatives
Questions?
Puppeteering
By Timothy Lim
Puppeteering
- 2,088