Abstracting functionality with centralised content
Dance for the puppet master: G6 Tech Talk
1. Dance for the puppet
master
An introduction to Puppet
Michael Peacock
2. So, what is puppet
Provisioning tool
“Open source configuration management
tool”
Used to automate server management
Configuration
Installs & upgrades
etc
4. Idempotent
Can be ran multiple times without changing the
server (unless the configuration changes)
Instead of doing things, it checks or ensures
things:
Ensuring a package is installed only installs it if
it hasn’t been installed. Execs only run if their
create file isn’t found (and puppet doesn’t
think they have been ran)
6. config.vm.provision :puppet do |puppet|
puppet.manifests_path = "provision/manifests"
puppet.manifest_file = "default.pp"
puppet.module_path = "provision/modules"
end
7. What can it do?
cron: install and manage cron jobs (scheduled_task on
windows)
exec: runs shall commands
user: create and manage user accounts
group: create and manage groups
file: create and manage files, folders and symlinks
notify: log something
service: manage running services
And more...the items in bold are known as resources within
puppet
8. Require
Many / all puppet options support a “require”
configuration
Defines other puppet tasks which must have
been successfully checked / executed before
this can be ran
We only want to install packages once we
have updated aptitude
We only want to install MySQL drivers once
we have the MySQL client/server installed
9. Require example
require => [ Package['mysql-client'], Package['mysql-server'] ]
notice when referencing other puppet
configurations, the resource type is capitalised
10. exec
command: command (including full path unless path
is also defined) to be executed. The “name” will be
used if omitted
user & group: to run the command as
create: a file that the command creates. If found,
the exec is not run
cwd: directory to run the command from
path: if full path for command isn’t supplied, path
must point to location of the command
11. exec: a note
We create lock files in some of our exec
commands to prevent repeated execution,
e.g. after installing the default database,
download something or run anything which
can only be ran once.
14. exec: what we use it for
Installing the default MySQL database content
Install pear projects
Note: we should probably use or write a puppet
module to install pear projects we need, our
approach is a bit of a hack
15. subscribe & refreshonly
Some commands need to be ran periodically after
other things have ran
More so the case when puppet manages
existing infrastructure (using it to manage whats
already on a machine and installing new things)
subscribe: defines other events which should cause the
task to run (like require, but refreshes the task)
refreshonly: instructs the task to only run when the other
tasks are completed
18. Install package
We just need to ensure the package is present
package { "apache2":
ensure => present,
require => Exec['apt-get update']
}
19. Run the service
service { "apache2":
ensure => running,
require => Package['apache2']
}
20. Files
ensure: type of file - symlink (link), directory
target: for symlinks - set the target file
source:file to be copied (if copying a file)
owner: user who should own the file
group: group associated with the file
mode: file permissions e.g. 777
21. file: copy apache config
Set the source: source => ‘/path/to/file’
file { '/etc/apache2/sites-available/default':
source =>
'/vagrant/provision/modules/apache/files/default',
owner => 'root',
group => 'root'
}
25. Add a cron
command: the command to run
user: user to run the cron as
hour, minute, month, monthday, weekday
can be defined as hour => 1 or
hour => [1,2,3,5] or
hour => [1-10]
26. Create a user
user { "developer":
ensure => "present",
gid => "wheel",
shell => "/bin/bash",
home =>
"/home/developer",
managehome => true,
password =>
"passwordtest",
require =>
Group["wheel"]
}
28. Make the group a
sudoer
We probably want to stop this being ran
multiple times!
exec { "/bin/echo "%wheel ALL=(ALL) ALL" >> /etc/sudoers":
require => Group["wheel"]
}
29. Stages
Running things in a specific order can often be
important
Require often makes this easy for us, however
Exec’s don’t seem to use this reliably
We can define “stages” with a specific order.
We can then put puppet modules into stages
Default stage is Stage[main]
30. Stages example
stage { 'first': before => Stage[main] }
class {'apache': stage => first}
31. Importing modules
Import the module (assuming it is in the right
folder)
Include the module to be executed
import "apache"
include apache