Featured Post

Directory environments in Puppet

Environments are individual groups of Puppet agents each environment have there own completely different manifests and module-paths. This basically is useful for testing changes to our Puppet code before implementing them on production machines. There are two types of implementation of environments structure in Puppet one if directory based and another is config file based here we will see bit of an insight about directory based. As usual for more information about this you can visit puppetlabs official website. On the master node: Append following details in puppet.conf which is placed under /etc/puppet or /etc/puppetlabs/puppet:     Under [main] section add a variable called confdir with value as /etc/puppet or /etc/puppetlabs/puppet     confdir=/etc/puppet Then add information regarding environments/manifests and modulepath in it.      #environments     environmentpath = $confdir/environments     default_manfiest = $confdir/manifests     basemodulepath =
Post a Comment

Introduction to Puppet

Puppet is an open source configuration management utility. It runs on mostly all Unix/Linux flavors as well as on Microsoft Windows, and includes its own declarative language to describe system configuration.

With Puppet, repetitive tasks are automated away, so sysadmins can quickly deploy business applications, scaling easily from tens of servers to thousands, both on-premise and in the cloud.

Puppet is written in a declarative language, means you tell Puppet what results you want, rather than how to get there.

Puppet is produced by Puppet Labs, founded by Luke Kanies in 2005. It is written in Ruby and released as free software under the GPL.

Most of Puppet’s functionality comes from a single puppet command, which has many sub-commands.

Most importantly there is a sub-command called resource. The resource subcommand can inspect and modify resources interactively.

[root@server manifests]# puppet resource service
service { 'NetworkManager':
  ensure => 'running',
  enable => 'true',
}
service { 'abrt-ccpp':
  ensure => 'running',
  enable => 'true',
}
service { 'abrt-oops':
  ensure => 'running',
  enable => 'true',
}
service { 'abrtd':
  ensure => 'running',
  enable => 'true',
}

This command inspected every service on the system, whether running or stopped.

Similarly you can use user or group or package to see all the users or groups or packages in a particular machine.
    • puppet resource user
    • puppet resource group
    • puppet resource package 
Resource is identified by a title, it has a number of attributes (which are defined by the type), and each attribute has a value.

[root@server manifests]# puppet resource user bbee
user { 'bbee':
  ensure           => 'present',
  comment          => 'Bumble_Bee',
  gid              => '500',
  home             => '/home/bbee',
  password         => '$6$Pjmnk8u7w6vTbUmz$2d.H3EjNSdm9rKLMzgTYfYb1rZaMxt1qTs106zDUWb8OfvyEVpOOYBPq8tXkfCLo3XElMYpAATRVMnRkk5LJx1',
  password_max_age => '99999',
  password_min_age => '0',
  shell            => '/bin/bash',
  uid              => '500',
}
[root@server manifests]#

By firing puppet resource user bbee, what puppet will do it will fetch all the attributes of the user bbee and print that to your command line. If incase the user is not there in the machine it will say that the user is absent.

[root@server ~]# puppet resource user sunny
user { 'sunny':
  ensure => 'absent',
}
[root@server ~]#

Now suppose if you want to create this user on the machine, either you can use useradd command or system-config-users if you are a RHEL user but just think about it that you want to add the user but you don't know how to add the user.

Puppet can help you to get this done, either you can write a manifest for it or you can fire below command on the CLI.

[root@server ~]# puppet resource user sunny comment=Sunny_B
notice: /User[sunny]/ensure: created
user { 'sunny':
  ensure  => 'present',
  comment => 'Sunny_B',
}
[root@server ~]#

Now if you again try to search the user sunny on this machine it will show all its attributes:

[root@server ~]# puppet resource user sunny
user { 'sunny':
  ensure           => 'present',
  comment          => 'Sunny_B',
  gid              => '501',
  home             => '/home/sunny',
  password         => '!!',
  password_max_age => '99999',
  password_min_age => '0',
  shell            => '/bin/bash',
  uid              => '501',
}
[root@server ~]# 

To delete the user just type in absent instead of present.

[root@server ~]# puppet resource user sunny ensure=absent

The core sub-commands of puppet are:
Puppet can do lot of things, to know more about it you can go to puppetlabs official website.

Comments

Post a Comment

Popular posts from this blog

Exec in Puppet

Exec is a very useful resource type present in Puppet which is used to executes external commands. Puppet basically runs as a daemon in which it executes every 30 mins. So while writing an exec resource type make sure that the exec resource must be able to run multiple times without causing any harm to the machine i.e. it must be idempotent. Suppose you just want to run a command like reload a service for that what you can do is? exec { "reload httpd": command => "service httpd reload", path => "/usr/local/bin/:/bin/:/sbin/", } Lets break this line by line: exec { "reload httpd": This specifies that the resource type is exec type and has a human readable name as "reload httpd". command => "service httpd reload", This specified which command to execute when puppet is executed. path => "/usr/local/bin/:/bin/:/sbin/", This specifies where the binary service can be found in your mac
Read more

Un-revoke the revoked certificate in Puppet

If you revoked or deleted the puppet agent’s certificate accidentally. Basically it is nearly impossible un-revoke a certificate. The solution is to recover all revoked certificates then revoke other certificates which don’t need to be recovered. But if in-case you have thousands of revoked certificates then its a bit lengthy process. Second one is to generate a new certificate for the client/agent and get that signed by the puppet master.  List of all the certificates which are signed at the moment:  [root@puppet requests]# puppet cert list --all + "fedora20"            (AE:57:40:F6:FC:E1:CD:DD:ED:EE:1E:8C:A7:81:0D:76) + "kubuntu14.sunny.com" (20:6B:A1:E2:A3:DE:B1:95:C8:80:4C:B4:27:2B:C0:A2) + "puppet.sunny.com"    (68:12:76:3C:D0:F8:0D:2D:8B:2B:40:E7:49:2D:55:5B) (alt names: "DNS:puppet", "DNS:puppet.sunny.com") + "rhel6.sunny.com"     (DC:6E:B1:FC:27:1D:7A:2A:85:E7:3E:3A:24:8B:64:D3) [root@puppet requests]# N
Read more

Dry run in Puppet --noop

 Dry run in puppet is a powerful feature given by puppet. This basically is used to test your Puppet manifests on any of the environment without actually making any changes to the machine. To dry-run Puppet, --noop flag needs to be used. Puppet’s ‘noop’ (no-operation) mode shows you what would happen, but actually doesn’t do anything :) This basically helps us for debugging stuff. For instance: [root@puppet manifests]# puppet apply site.pp --noop notice: /Stage[main]/Sudo/File[/etc/sudoers]/content: current_value {md5}e81452ad78198a79772447b1f2b3b614, should be {md5}e2d690ebe349d93efa84146eb854c987 (noop) notice: Class[Sudo]: Would have triggered 'refresh' from 1 events notice: /Stage[main]/Ssh::Service/Service[sshd]/ensure: current_value stopped, should be running (noop) notice: Class[Ssh::Service]: Would have triggered 'refresh' from 1 events notice: Stage[main]: Would have triggered 'refresh' from 2 events notice: Finished catalog run in 2.75 seco
Read more