3. Hello
PSU’s College of Engineering’s IT department,
aka The Computer Action Team (TheCAT),
uses puppet to manage a diverse infrastructure.
github.com/pdxcat
4. What is a puppet module?
● An encapsulation of configuration for a
service
● A structure containing an organized set of
puppet code and data
● Analogous to a package, gem, python library
● The place where your code goes
5. What should a module do?
● Set up a service, such as:
○ ssh
○ mysql
○ apache
○ sudo
● Extend puppet functionality. Examples:
○ puppetlabs/stdlib
○ puppetlabs/concat
11. Writing your first module
# manifests/init.pp
class ssh {
package { 'openssh-server':
ensure => installed,
}
file { '/etc/ssh/sshd_config':
source =>
"puppet:///modules/ssh/sshd_config",
require => Package['openssh-server'],
}
service { 'ssh':
ensure => running,
enable => true,
subscribe =>
File['/etc/ssh/sshd_config'],
}
}
# tests/init.pp
include ssh
# or
# /etc/puppet/manifests/site.pp
node default {
include ssh
}
12. Drop in a configuration file
# files/sshd_config
# Managed by Puppet
# What ports, IPs and protocols we listen for
Port 22
Protocol 2
# Logging
SyslogFacility AUTH
LogLevel INFO
# Authentication:
LoginGraceTime 120
PermitRootLogin no
StrictModes yes
# ...
13. Needs more portability!
No one should have to change your code or
your files in order to use your module.
14. Template your module
# templates/sshd_config.erb
# Managed by Puppet
# What ports, IPs and protocols we listen for
Port <%= @port %>
Protocol 2
# Logging
SyslogFacility <%= @syslog_facility %>
LogLevel <%= @log_level %>
# Authentication:
LoginGraceTime 120
PermitRootLogin <%= @permit_root_login %>
StrictModes yes
# ...
15. Template your module
# manifests/init.pp
class ssh (
$port = 22,
$syslog_facility = 'AUTH',
$log_level = 'INFO',
$permit_root_login = 'no',
) {
# ...
file { '/etc/ssh/sshd_config':
content =>
template('ssh/sshd_config.erb'),
require => Package['openssh-server'],
}
# ...
# Applying the class
class { 'ssh':
permit_root_login => 'without-password',
}
26. Publishing your module
Changelog
## 2013-12-05 Release 0.10.0
### Summary:
This release adds FreeBSD osfamily support and various other improvements to some
mods.
### Features:
- Add suPHP_UserGroup directive to directory context
- Add support for ScriptAliasMatch directives
...
## 2013-09-06 Release 0.9.0
### Summary:
...
28. Publishing your module
$ cd ssh/
$ puppet module build .
$ ls pkg/
cmurphy-ssh-0.0.1 cmurphy-ssh-0.0.1.tar.gz
29. Testing
Why we test:
● Testing gives us (some) assurance that our
code won’t break production systems
● Contributors can run tests without having
the same infrastructure as you
31. Testing your module
● Unit testing: rspec-puppet
○ rspec-puppet.com
$ bundle exec rake spec
32. Testing your module
# spec/classes/init_spec.rb
require 'spec_helper'
describe 'collectd' do
let :facts do
{:osfamily => 'RedHat'}
end
it { should contain_package('collectd').with(
:ensure => 'installed'
)}
it { should contain_service('collectd').with(
:ensure => 'running'
)}
# ...
34. Testing your module
# spec/acceptance/class_spec.rb
require 'spec_helper_acceptance'
case fact('osfamily')
# ...
describe 'ssh class' do
context 'default parameters' do
it 'should work with no errors' do
pp = "class { 'ssh': }"
# Run it twice and test for idempotency
apply_manifest(pp, :catch_failures => true)
apply_manifest(pp, :catch_failures => true)
end
describe service(servicename) do
it { should be_running }
end
# ...
37. Installing modules
Search for modules on forge.puppetlabs.com or
puppet module search
Then install with
puppet module install
38. Where now?
Learn more at
docs.puppetlabs.com/guides/module_guides/bgtm.html
Get help at
Ask: ask.puppetlabs.com
IRC: #puppet on freenode
Mailing list: groups.google.com/group/puppet-users