What’s Puppet 

Sysadmin en la onda DevOps Drupal developer 10 años sysadmin 3 años con Puppet 8 años con Drupal http://atlantic-canary.net http://github.com/jonhattan @_jonhattan_ Jonathan Araña Cruz (aka jonhattan) 

Caballeros 

What? ● Configuration management ● Written in Ruby ● Free software (Apache 2.0) ● Current version 3.6 - towards 4.0 ● PuppetLabs, since 2005 ● Other products ○ Puppet Enterprise ○ MCollective 

Puppet CLI tool root@chamber:~# puppet help Usage: puppet [options] [options] … root@chamber:~# puppet help root@chamber:~# puppet man => man puppet- 

Index ● Resource Abstraction Layer ● Puppet Language ● Modules ● Stored configuration ● Puppet Master ● Reporting 

RAL: Resource types (I) ● Resource types: high-level models ○ Some types: package, service, file, user, cron,... ○ Providers: implementers on different systems ○ Providers for package: apt, yum, pip, gem, pear,... ● Available resource types ○ Puppet built-in reference: http://docs.puppetlabs. com/references/latest/type.html ○ Cheatsheet: http://docs.puppetlabs.com/puppet_core_types_cheatsheet.pdf ○ Provided by 3rd party modules 

root@chamber:~# puppet resource --types anchor augeas computer cron database database_grant database_user exec file file_line filebucket firewall firewallchain group host ini_setting ini_subsetting interface k5login macauthorization mailalias maillist mcx mount mysql_database mysql_grant mysql_user nagios_command nagios_contact nagios_contactgroup nagios_host nagios_hostdependency network_config network_route notify package postgresql_conf router schedule scheduled_task selboolean selmodule service ssh_authorized_key sshkey RAL: Resource types (II) 

root@chamber:~# puppet describe -s user Manage users. This type is mostly built to manage system users, so it is lacking some features useful for managing normal users. Parameters ---------- ensure, expiry, gid, groups, home, keys, managehome, membership, name, password, password_max_age, password_min_age, salt, shell,system, uid Providers --------- aix, directoryservice, hpuxuseradd, ldap, pw, user_role_add, useradd, windows_adsi RAL: Resource types (III) 

RAL: Resources (I) ● Resource: instance of a resource type ○ Example: root user, ntp service, vim package,... ○ System discovery ○ Interactive management via CLI ○ Abstraction layer! 

RAL: Resources (II) root@chamber:~# puppet resource user --list user { 'root': ensure => 'present', comment => 'root', gid => '0', home => '/root', password => '$6$szUwrw3k.uAo.', password_max_age => '99999', password_min_age => '0', shell => '/bin/bash', uid => '0', } user { 'www-data': ensure => 'present', comment => 'www-data', gid => '33', home => '/var/www', password => '*', password_max_age => '99999', password_min_age => '0', shell => '/bin/sh', uid => '33', } 

RAL: Resources (III) root@chamber:~# puppet resource user root shell=/bin/dash Notice: /User[root]/shell: shell changed '/bin/bash' to '/bin/dash' user { 'root': ensure => 'present', shell => '/bin/dash', } root@chamber:~# puppet resource user root --edit 

Index ● Resource Abstraction Layer ● => Puppet Language ● Modules ● Stored configuration ● Puppet Master ● Reporting 

Puppet Language (I) ● Declarative, Domain Specific Language (DSL) ● Purpose of the language: ○ Describe desired state of the system by declaring resources ○ Every other part of the language exists to add flexibility and convenience to the way resources are declared ● Programs are called manifests ● A manifest is compiled into a catalog 

Example manifest: Hello world root@chamber:~# echo "notify {'hello world': }" > hello-world.pp root@chamber:~# puppet apply hello-world.pp Notice: Compiled catalog for chamber.faita.net in environment production in 0.02 seconds Notice: hello world Notice: /Stage[main]/Main/Notify[hello world]/message: defined 'message' as 'hello world' Notice: Finished catalog run in 3.15 seconds 

Example manifest: “The trifecta” case $operatingsystem { centos, redhat: { $service_name = 'ntpd' } debian, ubuntu: { $service_name = 'ntp' } } package { 'ntp': ensure => installed, } service { 'ntp': name => $service_name, ensure => running, enable => true, subscribe => File['ntp.conf'], } file { '/etc/ntp.conf': ensure => file, require => Package['ntp'], source => 'puppet:///modules/ntp/ntp.conf', } 

Puppet Language (II) ● Some language constructs ○ Nodes ○ Classes ○ Defines ○ Variables, Conditionals ○ Dependency relationships ○ Anchors, tags, collectors, run-stages,... 

Nodes ● Block of code included in one node’s catalog ● ENC ● Ref: http://docs.puppetlabs.com/puppet/latest/reference/lang_node_definitions.html # site.pp node 'foo.example.com' { ... } node '/^(bar|baz)\.example\.net$/' { ... } 

Classes (I) ● Block of code to group resources ● Parameterized ● Singleton ● Ref : http://docs.puppetlabs.com/puppet/latest/reference/lang_classes.html 

Classes (II) # file: ntp.pp class ntp ( $ntpserver = ‘one.pool.ntp.org’, ) { package { 'ntp': … } service { 'ntp': … } file {'/etc/ntp.conf': … } } # file: manifest.pp import ntp.pp # Include the class. include ntp # Alternatively this way you can override params class {‘ntp’: ntpserver => ‘other.pool.ntp.org’ } # puppet apply manifest.pp 

Defines (I) ● Blocks of code that can be evaluated multiple times with different parameters ● Once defined, they act like a new (compound) resource type 

Defines (II) define apache::vhost ($port, $docroot, $servername = $title, $vhost_name = '*') { include apache # contains Package['httpd'] and Service['httpd'] include apache::params # contains common config settings $vhost_dir = $apache::params::vhost_dir file { "${vhost_dir}/${servername}.conf": content => template('apache/vhost-default.conf.erb'), owner => 'www', group => 'www', mode => '644', require => Package['httpd'], notify => Service['httpd'], } } 

Puppet Language (III) ● Other related components ○ Functions ○ Facter ○ Hiera ● Language reference: http://docs.puppetlabs. com/puppet/latest/reference/index.html 

Functions ● Implemented in ruby ● Enrich puppet language with handy features ● Examples: ○ include ○ template() ● Built-in functions: http://docs.puppetlabs.com/references/latest/function. html ● Puppet stdlib: https://github.com/puppetlabs/puppetlabs-stdlib ● Custom: http://docs.puppetlabs.com/guides/custom_functions.html 

Facts ● System information, available as “global variables” in manifests root@chamber:~# facter architecture => amd64 fqdn => chamber.faita.net hostname => chamber interfaces => eth0,lo ipaddress => 10.0.0.2 ipaddress_eth0 => 10.0.0.2 ipaddress_lo => 127.0.0.1 is_virtual => true kernel => Linux kernelmajversion => 3.2 lsbdistcodename => wheezy lsbdistid => Debian lsbdistrelease => 7.5 lsbmajdistrelease => 7 osfamily => Debian processor0 => Intel(R) Core(TM) i7- 3770 CPU @ 3.40GHz processor1 => Intel(R) Core(TM) i7- 3770 CPU @ 3.40GHz processorcount => 2 puppetversion => 3.6.0 virtual => xenu 

Hiera (I) ● Key/value lookup tool for configuration data ● Hierarchical ● Avoid repetition ○ Write common data for most nodes ○ Override some values for nodes with a specific role ○ Override some of those values for one or two unique nodes ● Ref: http://docs.puppetlabs.com/hiera/1/ 

Hiera (II) # file /etc/hiera.yaml --- :backends: - yaml :yaml: :datadir: /etc/puppet/hiera :hierarchy: - "os/%{lsbdistid}" - "groups/%{::domain}" - "node/%{::fqdn}" - common # Files in /etc/puppet/hiera/ os/RedHat.yaml os/Debian.yaml groups/example.net.yaml groups/example.com.yaml hiera/nodes/bar.example.com.yaml hiera/nodes/baz.example.net.yaml hiera/nodes/foo.example.com.yaml 

Hiera (III) # os/RedHat.yaml packages: - httpd # os/Debian.yaml packages: - apache2 # nodes/foo.example.com.yaml packages: - apache2-mpm-itk 

Index ● Resource Abstraction Layer ● Puppet Language ● => Modules ● Stored configuration ● Puppet Master ● Reporting 

Modules (I) ● Self-contained bundles of code and data ● Manifests, classes, defines, files, templates, functions, tests,... ● Directory tree: MODULENAME/manifests/ MODULENAME/files/ MODULENAME/templates/ MODULENAME/lib/ MODULENAME/facts.d/ MODULENAME/tests/ MODULENAME/spec/ 

Modules (II) ● Best practices / well-known patterns ● Ref: http://docs.puppetlabs.com/puppet/latest/reference/modules_fundamentals.html ● Puppet forge: https://forge.puppetlabs.com ● CLI subcommand: puppet module install puppetlabs/mysql ● Librarian: https://github.com/rodjek/librarian-puppet 

Index ● Resource Abstraction Layer ● Puppet Language ● Modules ● => Stored configuration ● Puppet Master ● Reporting 

Stored configuration ● Centralized store of puppet-produced data ○ Nodes, resources, relationships, facts ○ Catalog run log ● Exported resources ● Inventory service: http://docs.puppetlabs.com/guides/inventory_service. html ● Active Record (sql backends) ● PuppetDB: http://docs.puppetlabs.com/puppetdb/2.0/index.html 

Index ● Resource Abstraction Layer ● Puppet Language ● Modules ● Stored configuration ● => Puppet Master ● Reporting 

Puppet Master ● Pull-based agent/master mode ● REST API ● Master stores manifests ● Agent requests its catalog to the master ● Ref: http://docs.puppetlabs.com/learning/agent_master_basic.html 

Standalone (puppet apply site.pp) 

Index ● Resource Abstraction Layer ● Puppet Language ● Modules ● Nodes, ENC ● Store configs, PuppetDB ● Puppet Master ● => Reporting 

Reporting (I) ● Agent send reports at the end of every run ○ Logs ○ Metrics: time, resources, changes ● Report handlers: http, log, tagmail ● Ref: http://docs.puppetlabs.com/references/latest/report.html ● Puppet Dashboard: web interface ○ web interface: node classification and reporting feature ○ Ref: https://github.com/sodabrew/puppet-dashboard 

Reporting (II) 

Questions?