Featured Post

Directory environments in Puppet

Environments are individual groups of Puppet agents each environment have there own completely different manifests and module-paths. This basically is useful for testing changes to our Puppet code before implementing them on production machines. There are two types of implementation of environments structure in Puppet one if directory based and another is config file based here we will see bit of an insight about directory based. As usual for more information about this you can visit puppetlabs official website. On the master node: Append following details in puppet.conf which is placed under /etc/puppet or /etc/puppetlabs/puppet:     Under [main] section add a variable called confdir with value as /etc/puppet or /etc/puppetlabs/puppet     confdir=/etc/puppet Then add information regarding environments/manifests and modulepath in it.      #environments     environmentpath = $confdir/environments  ...
Post a Comment

Manifests

Manifests

Puppet programs are called “manifests,” and they use the .pp file extension.
The core of the Puppet language is the resource declaration. A resource declaration describes a desired state for one resource.
(Manifests can also use various kinds of logic: conditional statements, collections of resources, functions to generate text, etc. We’ll get to these later.)

[root@server demo_manifests]# cat add_user.pp
user { 'optimus':
  ensure => 'present',
  home   => '/home/optimus',
  shell  => '/bin/bash',
}
[root@server demo_manifests]#

 [root@server demo_manifests]# puppet apply /root/Desktop/demo_manifests/add_user.pp
notice: /Stage[main]//User[optimus]/ensure: created
notice: Finished catalog run in 0.21 seconds
[root@server demo_manifests]#


Puppet Apply

Like resource in the last chapter, apply is a Puppet subcommand. It takes the name of a manifest file as its argument, and enforces the desired state described in the manifest.

[root@server demo_manifests]# cat add_file.pp
file {'testfile':
    path    => '/tmp/testfile',
    ensure    => present,
    mode    => 0640,
    content => "Testfile, please ignore.",
}
[root@server demo_manifests]#

Change something is the test file and then fire the same command again, what it will do is change the content of the file to the desired state.

 [root@server demo_manifests]# puppet apply add_file.pp
notice: /Stage[main]//File[testfile]/content: content changed '{md5}e2c1101ee90533ae9c917e47f1dbb4d8' to '{md5}c562bd5b4f66e53bca1755f95c30dab1'
notice: Finished catalog run in 0.11 seconds
[root@server demo_manifests]#


Resource Declarations

Let’s start by looking at a single resource:


    file {'testfile':
      path    => '/tmp/testfile',
      ensure  => present,
      mode    => 0640,
      content => "I'm a test file.",
    }
 
In short, they consist of:
  • The type (file, in this case)
  • An opening curly brace ({)
    • The title (testfile)
    • A colon (:)
    • A set of attribute => value pairs, with a comma after each pair (path => '/tmp/testfile', etc.)
  • A closing curly brace (})

 [root@server demo_manifests]# cat multiple_resource_dec_1.pp
user {'optimus':
    ensure => absent,
}

 notify {"Deleting user Optimus":}

 file {'testfile2':
        path => '/tmp/testfile2',
    ensure => present,
    mode => 0666,
    content => "Testfile2",
}

 notify {"Creating a testfile2 in /tmp directory":}

 file {'/tmp/testfile3':
        target => '/tmp/testfile2',
    ensure => link,
}

 notify {"Creating a link file to testfile2":}
[root@server demo_manifests]#


[root@server demo_manifests]# puppet apply multiple_resource_dec_1.pp
notice: Creating a link file to testfile2
notice: /Stage[main]//Notify[Creating a link file to testfile2]/message: defined 'message' as 'Creating a link file to testfile2'
notice: Deleting user Optimus
notice: /Stage[main]//Notify[Deleting user Optimus]/message: defined 'message' as 'Deleting user Optimus'
notice: Creating a testfile2 in /tmp directory
notice: /Stage[main]//Notify[Creating a testfile2 in /tmp directory]/message: defined 'message' as 'Creating a testfile2 in /tmp directory'
notice: /Stage[main]//User[optimus]/ensure: removed
notice: /Stage[main]//File[testfile2]/ensure: created
notice: /Stage[main]//File[/tmp/testfile3]/ensure: created
notice: Finished catalog run in 0.16 seconds
[root@server demo_manifests]#


 manifests can contain conditional statements, variables, functions, and other forms of logic. But before being applied, manifests get compiled into a document called a “catalog,” which only contains resources and hints about the order to sync them in. With puppet apply, the distinction doesn’t mean much. In a master/agent Puppet environment, though, it matters more, because agents only see the catalog

Puppet apply:
  • A user executes a command, triggering a Puppet run.
  • Puppet apply reads the manifest passed to it, compiles it into a catalog, and applies the catalog.
Puppet agent/master:
  • Puppet agent runs as a service, and triggers a Puppet run about every half hour (configurable).
    • On your VM, which runs Puppet Enterprise, the agent service is named pe-puppet. (Puppet agent can also be configured to run from cron, instead of as a service.)
  • Puppet agent does not have access to any manifests; instead, it requests a pre-compiled catalog from a puppet master server.
    • On your VM, the puppet master appears as the pe-httpd service. A sandboxed copy of Apache with Passenger manages the puppet master application, spawning and killing new copies of it as needed.
  • The puppet master always reads one special manifest, called the “site manifest” or site.pp. It uses this to compile a catalog, which it sends back to the agent.
    • On your VM, the site manifest is at /etc/puppetlabs/puppet/manifests/site.pp.
  • After getting the catalog, the agent applies it.
This way, you can have many machines being configured by Puppet, while only maintaining your manifests on one (or a few) servers. This also gives some extra security, as described above under “Compilation.”


 http://packtlib.packtpub.com/library/puppet-3-beginners-guide/ch05lvl1sec46#



  • You can embed relationship information in a resource with the before, require, notify, and subscribe metaparameters.
  • You can also declare relationships outside a resource with the -> and ~> chaining arrows.
  • Relationships can be either ordering (this before that) or ordering-with-notification (this before that, and tell that whether this was changed).

Here’s a notify resource that depends on a file resource:
    file {'/tmp/test1':
      ensure  => present,
      content => "Hi.",
    }

    notify {'/tmp/test1 has already been synced.':
      require => File['/tmp/test1'],
    }
OROROROROR
file {'/tmp/test1':
      ensure  => present,
      content => "Hi.",
      before  => Notify['/tmp/test1 has already been synced.'],
    }

    notify {'/tmp/test1 has already been synced.':}


(Note the square brackets and capitalized resource type!)
There are four metaparameters that let you arrange resources in order:
  • before
  • require
  • notify
  • subscribe


Comments

Post a Comment

Popular posts from this blog

Exec in Puppet

Exec is a very useful resource type present in Puppet which is used to executes external commands. Puppet basically runs as a daemon in which it executes every 30 mins. So while writing an exec resource type make sure that the exec resource must be able to run multiple times without causing any harm to the machine i.e. it must be idempotent. Suppose you just want to run a command like reload a service for that what you can do is? exec { "reload httpd": command => "service httpd reload", path => "/usr/local/bin/:/bin/:/sbin/", } Lets break this line by line: exec { "reload httpd": This specifies that the resource type is exec type and has a human readable name as "reload httpd". command => "service httpd reload", This specified which command to execute when puppet is executed. path => "/usr/local/bin/:/bin/:/sbin/", This specifies where the binary service can be found in your mac...
Read more

Un-revoke the revoked certificate in Puppet

If you revoked or deleted the puppet agent’s certificate accidentally. Basically it is nearly impossible un-revoke a certificate. The solution is to recover all revoked certificates then revoke other certificates which don’t need to be recovered. But if in-case you have thousands of revoked certificates then its a bit lengthy process. Second one is to generate a new certificate for the client/agent and get that signed by the puppet master.  List of all the certificates which are signed at the moment:  [root@puppet requests]# puppet cert list --all + "fedora20"            (AE:57:40:F6:FC:E1:CD:DD:ED:EE:1E:8C:A7:81:0D:76) + "kubuntu14.sunny.com" (20:6B:A1:E2:A3:DE:B1:95:C8:80:4C:B4:27:2B:C0:A2) + "puppet.sunny.com"    (68:12:76:3C:D0:F8:0D:2D:8B:2B:40:E7:49:2D:55:5B) (alt names: "DNS:puppet", "DNS:puppet.sunny.com") + "rhel6.sunny.com"     (DC:6E:B1:FC:27:1D:7A:2A:85:E7:3E:3A:2...
Read more

Dry run in Puppet --noop

 Dry run in puppet is a powerful feature given by puppet. This basically is used to test your Puppet manifests on any of the environment without actually making any changes to the machine. To dry-run Puppet, --noop flag needs to be used. Puppet’s ‘noop’ (no-operation) mode shows you what would happen, but actually doesn’t do anything :) This basically helps us for debugging stuff. For instance: [root@puppet manifests]# puppet apply site.pp --noop notice: /Stage[main]/Sudo/File[/etc/sudoers]/content: current_value {md5}e81452ad78198a79772447b1f2b3b614, should be {md5}e2d690ebe349d93efa84146eb854c987 (noop) notice: Class[Sudo]: Would have triggered 'refresh' from 1 events notice: /Stage[main]/Ssh::Service/Service[sshd]/ensure: current_value stopped, should be running (noop) notice: Class[Ssh::Service]: Would have triggered 'refresh' from 1 events notice: Stage[main]: Would have triggered 'refresh' from 2 events notice: Finished catalog run in 2.75 seco...
Read more