Posts

Showing posts from September, 2014

Featured Post

Directory environments in Puppet

Environments are individual groups of Puppet agents each environment have there own completely different manifests and module-paths. This basically is useful for testing changes to our Puppet code before implementing them on production machines. There are two types of implementation of environments structure in Puppet one if directory based and another is config file based here we will see bit of an insight about directory based. As usual for more information about this you can visit puppetlabs official website. On the master node: Append following details in puppet.conf which is placed under /etc/puppet or /etc/puppetlabs/puppet:     Under [main] section add a variable called confdir with value as /etc/puppet or /etc/puppetlabs/puppet     confdir=/etc/puppet Then add information regarding environments/manifests and modulepath in it.      #environments     environmentpath = $confdir/environments  ...

Exec in Puppet

Exec is a very useful resource type present in Puppet which is used to executes external commands. Puppet basically runs as a daemon in which it executes every 30 mins. So while writing an exec resource type make sure that the exec resource must be able to run multiple times without causing any harm to the machine i.e. it must be idempotent. Suppose you just want to run a command like reload a service for that what you can do is? exec { "reload httpd": command => "service httpd reload", path => "/usr/local/bin/:/bin/:/sbin/", } Lets break this line by line: exec { "reload httpd": This specifies that the resource type is exec type and has a human readable name as "reload httpd". command => "service httpd reload", This specified which command to execute when puppet is executed. path => "/usr/local/bin/:/bin/:/sbin/", This specifies where the binary service can be found in your mac...

Puppet agent run

Image
Puppet agent ==> Sends node's information and its facts to the master node and requests for Catalog [Complied manifests]. Puppet master checks who is this ? if this machine is authorized[Have a signed certificate or not?] to communicate with it and what all stuff do this machine needs. If incase this is the authorized one. Puppet master will gather all the related manifests and compile them to a catalog and then will send that catalog to the agent node. Puppet agent then will download & apply that catalog to get to the desired state and will create a [success/failure] report for the puppet master. Related docs: Puppet master   Puppet agent

Dry run in Puppet --noop

 Dry run in puppet is a powerful feature given by puppet. This basically is used to test your Puppet manifests on any of the environment without actually making any changes to the machine. To dry-run Puppet, --noop flag needs to be used. Puppet’s ‘noop’ (no-operation) mode shows you what would happen, but actually doesn’t do anything :) This basically helps us for debugging stuff. For instance: [root@puppet manifests]# puppet apply site.pp --noop notice: /Stage[main]/Sudo/File[/etc/sudoers]/content: current_value {md5}e81452ad78198a79772447b1f2b3b614, should be {md5}e2d690ebe349d93efa84146eb854c987 (noop) notice: Class[Sudo]: Would have triggered 'refresh' from 1 events notice: /Stage[main]/Ssh::Service/Service[sshd]/ensure: current_value stopped, should be running (noop) notice: Class[Ssh::Service]: Would have triggered 'refresh' from 1 events notice: Stage[main]: Would have triggered 'refresh' from 2 events notice: Finished catalog run in 2.75 seco...

Creating a module in Puppet

Here we will try to create a module[sudo] and see how we can use it. For more information about the structure of a module you can check this link . Our mission is to add users sunny and bbee to the sudoers file. Firstly create a directory called sudo in /etc/puppet/modules/ directory. This is basically your module name. [root@puppet modules]# mkdir sudo Now create three sub-directories in it as manifests, files, templates. [root@puppet modules]# mkdir manifests files templates So your current structure is somewhat like this: sudo/ ├── files ├── manifests └── templates 3 directories, 0 files The first and foremost part is to check and install[If not installed] the necessary package. package { 'sudo':                 ensure => present,                 } The above code states that package sudo should be installed in ...

Puppet installation on agent/server

Puppet can be used as a standalone model or as agent/server model. There are basically 2 types of puppet version available in market. Free version of puppet. Enterprise version of puppet which is also know as puppet-enterprise. Here we will be installing the free version of puppet. 0. Enable EPEL repo, you can find the latest version of EPEL on below URL: https://fedoraproject.org/wiki/EPEL 1. Install prerequisites before installing puppet [root@rhel6 ~]# yum install ruby-shadow ruby ruby-libs 2. Resolve the dependencies like ruby(selinux). 3. Install puppetmaster and facter on the server node. [root@rhel6 ~]# yum install puppet-server facter 4. Install puppet and facter on the agent node. [root@rhel6 ~]# yum install puppet facter Once these packages are installed on both the machines. Make sure that your agent node can ping the server node with the name as puppet. [root@rhel6 ~]# ping puppet PING puppet (192.168.122.14) 56(84) bytes of data. 64 bytes fr...

Facter???

Facter is a utility which collects and displays facts about the system such as operatingsystem, ip, MAC address, machine's hardware information. Point to note: If no specific facts are specifically asked for, then all facts will be returned. We can add our custom facts too. [root@rhel6 ~]# facter architecture => x86_64 augeasversion => 0.9.0 domain => sunny.com facterversion => 1.6.18 fqdn => rhel6.sunny.com hardwareisa => x86_64 hardwaremodel => x86_64 hostname => rhel6 id => root interfaces => eth1,lo ipaddress => 192.168.122.173 ipaddress_eth1 => 192.168.122.173 ipaddress_lo => 127.0.0.1 ............ ............ [root@rhel6 ~]# Now suppose you just need to see the hostname via facter command. [root@rhel6 ~]# facter hostname rhel6 [root@rhel6 ~]# It works well with grep command too. [root@rhel6 ~]# facter | grep memory memoryfree => 188.36 MB memorysize => 280.95 MB memorytotal => 280.95 MB [root@rhel6 ~]# The ...

Puppet modules???

*Modules in puppet* Modules are a way of arranging manifests/files/templates in puppet. Why they are arranged like this?? So that they can be automatically called by the puppet master when needed. What is the location of module?? Default location, you can find it by firing below command: [root@puppet modules]# puppet master --genconfig | grep modulepath     modulepath = /etc/puppet/modules:/usr/share/puppet/modules [root@puppet modules]# User defined location, If in-case you want to use the user defined location to fetch the modules so that puppet master can use it you need to use a option called --modulepath while firing the command. [root@puppet manifests]# puppet apply site.pp --modulepath=/tmp/mods/ notice: Finished catalog run in 0.26 seconds [root@puppet manifests]# Structure of a module: modules/ └── ntp     ├── files     │   ├── ntp.conf.debian     │   └── ntp.conf.el     ├──...

puppet master???

*Master daemon in Puppet "puppet master"* Puppet master is the central puppet server. Firing this command "puppet master" starts an instance of puppet master and runs as a daemon by default. [root@puppet ~]# /etc/init.d/puppetmaster status puppetmasterd is stopped [root@puppet ~]# puppet master [root@puppet ~]# /etc/init.d/puppetmaster status puppetmasterd (pid  31281) is running... [root@puppet ~]# If you want to enable full debugging mode while executing puppet master you can use the option --debug while firing it. [root@puppet ~]# puppet master --debug --no-daemonize debug: Puppet::Type::User::ProviderPw: file pw does not exist debug: Puppet::Type::User::ProviderUser_role_add: file roleadd does not exist debug: Puppet::Type::User::ProviderLdap: true value when expecting false debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/dscl does not exist debug: Failed to load library 'rubygems' for feature 'rubygems' debug: /File[/...

Un-revoke the revoked certificate in Puppet

If you revoked or deleted the puppet agent’s certificate accidentally. Basically it is nearly impossible un-revoke a certificate. The solution is to recover all revoked certificates then revoke other certificates which don’t need to be recovered. But if in-case you have thousands of revoked certificates then its a bit lengthy process. Second one is to generate a new certificate for the client/agent and get that signed by the puppet master.  List of all the certificates which are signed at the moment:  [root@puppet requests]# puppet cert list --all + "fedora20"            (AE:57:40:F6:FC:E1:CD:DD:ED:EE:1E:8C:A7:81:0D:76) + "kubuntu14.sunny.com" (20:6B:A1:E2:A3:DE:B1:95:C8:80:4C:B4:27:2B:C0:A2) + "puppet.sunny.com"    (68:12:76:3C:D0:F8:0D:2D:8B:2B:40:E7:49:2D:55:5B) (alt names: "DNS:puppet", "DNS:puppet.sunny.com") + "rhel6.sunny.com"     (DC:6E:B1:FC:27:1D:7A:2A:85:E7:3E:3A:2...

puppet cert???

*Cert sub-command in Puppet "puppet cert"* It is a utility that manage certificates and requests related to it. The main purpose of this utility are: 1. Generating certificates. 2. Signing certificate requests from puppet clients/agents. As not a single client/agent can communicate with the puppet master with out a signed certificate this is the most important thing. If in-case you want the revoke the certificate for the node you can use the option as clean this will remove all the information related to that particular host from the puppet cert's storage. Make sure you are revoking the correct certificate because it is nearly impossible to un-revoke the certificate but there is a other other way around[will discuss this is later part]. [root@puppet ~]# puppet cert clean rhel6.sunny.com notice: Revoked certificate with serial 4 notice: Removing file Puppet::SSL::Certificate rhel6.sunny.com at '/var/lib/puppet/ssl/ca/signed/rhel6.sunny.com.pem' notice:...

puppet agent???

*Agent sub-command in Puppet "puppet agent"* The puppet agent subcommand is a powerful tool which fetches the configurations from a master server and get that applied to the agent node. It has basically two modes: 1. Daemonize and fetch configurations every half-hour (this is by default and can be changed). 2. Run once and quit It is the main puppet client. Basically its purpose is to retrieve the local machine's configuration from a remote server[the master] and apply it to the agent node. In order to successfully communicate with the remote server, the client must have a certificate signed by a certificate authority provided by the puppet master. The client will connect and request a signed certificate unless and until the puppet master sign's the certificate the agent node cannot communicate with the puppet master. Once the client has a signed certificate, it will retrieve its configuration from the puppet master and apply it on the agent node. Now sup...

puppet describe???

*Describe sub-command in Puppet "puppet describe" * The puppet describe sub-command can list info about the currently installed resource types on a given machine. This is a built in documentation and a great source of information. It helps us to know the behavior of types, their properties and parameters. "puppet describe -l" — List all of the resource types available on the system. "puppet describe -s <TYPE>" Print short information about a type, without describing every attribute "puppet describe <TYPE>" Shows each and every information about the type which you are referring too. [root@puppet ~]# puppet describe -l These are the types known to puppet: augeas          -  Apply a change or an array of changes to the ... computer        - Computer object management using DirectorySer ... cron            -  Installs a...

puppet apply???

*Apply sub-command in Puppet "puppet apply"* This is the standalone puppet execution tool which is used to apply individual manifests. It is an application that complies and manages configuration on node. Point to note is puppet apply never runs as a daemon like puppet agent. It always runs like a single process which complies a catalog then applies it send a report that's it. Most important option with puppet apply command is modulepath. Suppose you are firing puppet apply XYZ.pp file then it will take the module location as /etc/puppet/modules by default but if in case your modules are there in some other directory suppose /root/puppet-modules then you can use "modulepath" with this location to ask puppet to use it. Running a puppet apply command to apply the changes to the machine with site.pp manifest. [root@puppet manifests]# puppet apply site.pp notice: /Stage[main]/Sudo/File[/etc/sudoers]/content: content changed '{md5}e81452ad78198a...

puppet resource???

*Resources in Puppet "puppet resource"* Understanding Resources is fundamental to understanding how Puppet works. Resources are like building blocks. They can be combined to model the expected state of the systems you manage.  For more information about the resources in puppet you can fire "puppet resource -h" on CLI. This command transforms the current system state into puppet code also it has the ability to modify the current state of the system. Syntax: resource_type { 'resource_name'   attribute => value   ... } Below are the few examples: To see all the users in the machine. [root@puppet ~]# puppet resource user  To see a particular user in the machine.   [root@puppet ~]# puppet resource user sunny user { 'sunny':   ensure           => 'present',   comment          => 'Sunny_B',   gid     ...

Introduction to Puppet

Puppet is an open source configuration management utility. It runs on mostly all Unix/Linux flavors as well as on Microsoft Windows, and includes its own declarative language to describe system configuration. With Puppet, repetitive tasks are automated away, so sysadmins can quickly deploy business applications, scaling easily from tens of servers to thousands, both on-premise and in the cloud. Puppet is written in a declarative language, means you tell Puppet what results you want, rather than how to get there. Puppet is produced by Puppet Labs, founded by Luke Kanies in 2005. It is written in Ruby and released as free software under the GPL. Most of Puppet’s functionality comes from a single puppet command, which has many sub-commands. Most importantly there is a sub-command called resource. The resource subcommand can inspect and modify resources interactively. [root@server manifests]# puppet resource service service { 'NetworkManager':   ensure => 'r...