2. What is Puppet?
• Puppet is:
– a declarative language for expressing system configuration.
– a client and server for distributing it.
– a library for realizing the configuration.
• Puppet is an abstraction layer between the system administration and
the system.
• Puppet is written in Ruby and distributed under the GPL.
3. How Puppet Works
• Client (Agent) - puppetd
• Server - puppetmasterd
• The client connects to the server every half an hour (can be specified).
• The server compiles the configuration for the client (based on what
you write) and sends it to the client.
• The client checks the configuration it receives (or a cached version if it
can't contact the server) against what is really on the machine and
tries to fix whatever is wrong.
• Client (node) configuration can be stored in LDAP, in a database or in
the puppet configuration files.
4. Why Puppet?
• Puppet supports all of the operating systems that we are using, as well
as those that we may use in the future.
• Puppet comes the closest (of the currently available tools) to how we
already think about our configurations.
• Puppet uses SSL to securely communicate between the client and
server.
• Puppet has a large and active user community and is being actively
developed and supported.
6. What is Facter?
• Facter gathers information about the client, which can be used as
variables within puppet.
• You can add custom facts as needed.
case $operatingsystem {
freebsd: {
$rootgroup = "wheel"
}
default: {
$rootgroup = "root"
}
}
9. What Can Puppet Do?
• Puppet manages objects on the client, called resources.
• Resources are come in different types. Some of the types are:
– cron
– exec
– file
– group
– host
– mailalias
– package
– service
– user
10. Types and Providers
• Types are implemented by providers.
• Puppet automatically figures out which provider to use on which
platform.
• For example, package management is done with apt-get by default on
debian, but by up2date on redhat.
• You can override the type if you want.
11. Getting Started
• Install puppet (and facter and ruby).
• Set up the server (puppetmasterd).
• Write a manifest for your node and upload it to the server.
• Start puppetmasterd on the server.
• Run puppetd on the node.
13. What is a Node?
●
A configuration block matching a client
●
Can contain types, classes
●
“default” node matches any client without a node block
14. What is a Manifest?
• Manifest are recipes that Puppet uses to build the client configuration.
• Let's create a simple manifest:
node default {
file { ‘/etc/motd’:
owner => ‘root’,
group => ‘root’,
mode => ‘0644’,
content => “nThis is the Test Servern”
}
}
• This creates a file called motd, in /etc/ with text "This is the Test
Server"
15. A More Useful Class
class bacula-client {
package { "bacula-client": ensure => present; }
service { "bacula-fd":
ensure => running,
enable => true,
}
file {"/etc/bacula/bacula-fd.conf":
mode => "644",
owner => "root",
group => "root",
ensure => present,
content => template("bacula/bacula-fd.conf"),
}
}
19. Classes and Definitions
• Classes are groups of resources.
• Definitions are similar to classes, but they can be instantiated multiple
times with different arguments on the same node.
class apache2 {
define simple-vhost ( $admin = "webmaster", $aliases,
$docroot) {
file { "/etc/apache2/sites-available/$name":
mode => "644",
require => [ Package["apache2"],
Service["apache2"] ],
content => template("apache/vhost.conf"),
} } }
node debiantest {
include apache2
apache2::simple-vhost { "debian.example.com": docroot
=> "/var/www/debian"}
apache2::simple-vhost { "test.example.com": docroot =>
"/var/www/test"}
}
20. Dependencies
• Dependencies allow you specify the order objects will be applied. For
example, you don't want to try to put a file in /etc/apache2 if apache2
is not installed yet.
class apache2 {
define simple-vhost ( $admin = "webmaster",
$aliases, $docroot) {
file { "/etc/apache2/sites-available/$name":
mode => "644",
require => [ Package["apache2"],
Service["apache2"] ],
content => template("apache/vhost.conf"),
}
}
}
21. Notify, Subscribe and Exec
• Let us make sure mail to postmaster goes to root and run newaliases
when we update this:
mailalias { "postmaster":
ensure => present,
recipient => "root",
notify => Exec["newaliases"],
}
exec { "newaliases":
path => ["/usr/bin", "/usr/sbin"],
refreshonly => true,
}
• On the other hand, we can tell puppet that a service should be
restarted when a file changes:
service { "nrpe":
ensure => running,
enable => true,
subscribe => File["/etc/nagios/nrpe.cfg"];
}
22. Inheritance
• Puppet types can inherit from similar types and override if needed:
class bacula-client {
package { "bacula-client": ensure => present; }
service { "bacula-fd": ensure => running, enable => true,
}
file {"/etc/bacula/bacula-fd.conf":
mode => "644",
content => template("bacula/bacula-fd.conf"),
}
}
class bacula-special inherits bacula-client {
File[“/etc/bacula/bacula-fd.conf”] {
content => template("bacula/bacula-fd.conf-special"),
}
}
• A node that includes bacula-special will also have the package installed and
the service running, but /etc/bacula/bacula-fd.conf will be taken from the
second template.
23. Modules
• Modules allow you to group both the logic and the files for an
application together.
• Puppet automatically searches its module path to find modules.
• Modules can contain four types of files, each of which must be stored
in a separate subdirectory:
– Manifests - must be stored in manifests/, and if you create
manifests/init.pp then that file will be loaded if you import the
module name directly, e.g. import "mymodule".
– Templates - must be stored in templates/, and the module name
must be added to the template name:
template("mymodule/mytemplate.erb")
– Files - stored in files/, these are available from the file server under
modules/<module name>/files/<file name>.
– Plugins – additional types, providers or facts.
24. Fileserver & Filebucket
• Puppet also includes a file server which you can use for transferring
files from the server to the client.
• If you configure it, puppet can also save a backup of each file that is
changed on the client to the server. The backups go in a filebucket
and can be retrieved later.
25. Client Install on Debian Linux
debiantest:~# cat >> /etc/apt/sources.list:
deb http://debian.example.com etch main
^D
debiantest:~# aptitude update
debiantest:~# aptitude install puppet
The ssh public keys are also in the facts, but have been removed from this slide.
There are other types, but these are the main ones we care about for our site.
This class now makes sure that the package named &quot;bacula-client&quot; is
installed, the service called &quot;bacula-fd&quot; is running and will restart
on boot (enabled). Also, the file &quot;/etc/bacula/bacula-fd.conf&quot; is
there, and its contents are taken from that template. We will get to
templates in a minute.
Hostname is taken from facter, baculaserver is set in manifest