Featured Post

Directory environments in Puppet

Environments are individual groups of Puppet agents each environment have there own completely different manifests and module-paths. This basically is useful for testing changes to our Puppet code before implementing them on production machines. There are two types of implementation of environments structure in Puppet one if directory based and another is config file based here we will see bit of an insight about directory based. As usual for more information about this you can visit puppetlabs official website. On the master node: Append following details in puppet.conf which is placed under /etc/puppet or /etc/puppetlabs/puppet:     Under [main] section add a variable called confdir with value as /etc/puppet or /etc/puppetlabs/puppet     confdir=/etc/puppet Then add information regarding environments/manifests and modulepath in it.      #environments     environmentpath = $confdir/environments  ...
Post a Comment

Dry run in Puppet --noop

 Dry run in puppet is a powerful feature given by puppet. This basically is used to test your Puppet manifests on any of the environment without actually making any changes to the machine.

To dry-run Puppet, --noop flag needs to be used.

Puppet’s ‘noop’ (no-operation) mode shows you what would happen, but actually doesn’t do anything :)

This basically helps us for debugging stuff.

For instance:

[root@puppet manifests]# puppet apply site.pp --noop
notice: /Stage[main]/Sudo/File[/etc/sudoers]/content: current_value {md5}e81452ad78198a79772447b1f2b3b614, should be {md5}e2d690ebe349d93efa84146eb854c987 (noop)
notice: Class[Sudo]: Would have triggered 'refresh' from 1 events
notice: /Stage[main]/Ssh::Service/Service[sshd]/ensure: current_value stopped, should be running (noop)
notice: Class[Ssh::Service]: Would have triggered 'refresh' from 1 events
notice: Stage[main]: Would have triggered 'refresh' from 2 events
notice: Finished catalog run in 2.75 seconds
[root@puppet manifests]#

First noop =>
notice: /Stage[main]/Sudo/File[/etc/sudoers]/content: current_value {md5}e81452ad78198a79772447b1f2b3b614, should be {md5}e2d690ebe349d93efa84146eb854c987 (noop)

Above value states that there will be some modification to the sudoers file which will be made once puppet is executed.

Second noop =>
notice: /Stage[main]/Ssh::Service/Service[sshd]/ensure: current_value stopped, should be running (noop)

Second one is sshd daemon will be triggered when puppet will be executed.

I am okay with both the changes which are going to happen to the machine, so what I will do is remove the --noop flag and run puppet.


[root@puppet manifests]# puppet apply site.pp
notice: /Stage[main]/Sudo/File[/etc/sudoers]/content: content changed '{md5}e81452ad78198a79772447b1f2b3b614' to '{md5}e2d690ebe349d93efa84146eb854c987'
notice: /Stage[main]/Ssh::Service/Service[sshd]/ensure: ensure changed 'stopped' to 'running'
notice: Finished catalog run in 0.54 seconds
[root@puppet manifests]#

Comments

Post a Comment

Popular posts from this blog

Exec in Puppet

Exec is a very useful resource type present in Puppet which is used to executes external commands. Puppet basically runs as a daemon in which it executes every 30 mins. So while writing an exec resource type make sure that the exec resource must be able to run multiple times without causing any harm to the machine i.e. it must be idempotent. Suppose you just want to run a command like reload a service for that what you can do is? exec { "reload httpd": command => "service httpd reload", path => "/usr/local/bin/:/bin/:/sbin/", } Lets break this line by line: exec { "reload httpd": This specifies that the resource type is exec type and has a human readable name as "reload httpd". command => "service httpd reload", This specified which command to execute when puppet is executed. path => "/usr/local/bin/:/bin/:/sbin/", This specifies where the binary service can be found in your mac...
Read more

Un-revoke the revoked certificate in Puppet

If you revoked or deleted the puppet agent’s certificate accidentally. Basically it is nearly impossible un-revoke a certificate. The solution is to recover all revoked certificates then revoke other certificates which don’t need to be recovered. But if in-case you have thousands of revoked certificates then its a bit lengthy process. Second one is to generate a new certificate for the client/agent and get that signed by the puppet master.  List of all the certificates which are signed at the moment:  [root@puppet requests]# puppet cert list --all + "fedora20"            (AE:57:40:F6:FC:E1:CD:DD:ED:EE:1E:8C:A7:81:0D:76) + "kubuntu14.sunny.com" (20:6B:A1:E2:A3:DE:B1:95:C8:80:4C:B4:27:2B:C0:A2) + "puppet.sunny.com"    (68:12:76:3C:D0:F8:0D:2D:8B:2B:40:E7:49:2D:55:5B) (alt names: "DNS:puppet", "DNS:puppet.sunny.com") + "rhel6.sunny.com"     (DC:6E:B1:FC:27:1D:7A:2A:85:E7:3E:3A:2...
Read more