Puppet deployment An introduction Ton Kersten AT Computing March 2016 

Agenda 1 Introduction 2 Why configuration management 3 Puppet, things to know 4 Getting started 5 Examples 6 Tips and Questions 7 Questions? pup-v4.1-2 

$ who am i UNIX/Linux consultant and Trainer @ AT Computing UNIX Nerd (started in 1986 with SunOS 3) Linux Geek (started in 1992 with 0.96α) Scripting Nerd Configuration Management addict Free and Open Source Software enthusiast HAM Operator (pa1ton) Plain text aficionado Programming Loves DNS · · · pup-v4.1-3 

Long ago Shell scripts SSH loops Parallel SSH Cluster SSH Screen synchronized windows tmux synchronized panes · · · Things got out of control pup-v4.1-4 

Next CF Engine ⇒ The first Config Management tool Puppet ⇒ Widely used, master / slave Chef ⇒ Puppet lookalike, configured through Ruby Ansible ⇒ Easy to use, configured through yaml Salt Stack ⇒ master / slave Propellor ⇒ master / slave, configured through Haskell Juju ⇒ Ubuntu, designed for the cloud Capistrano ⇒ Scripting in Ruby Fabric ⇒ Python Library for CM (Only Python 2) Paver ⇒ Fabric alternative for Python 3 · · · pup-v4.1-5 

Puppet, what it is!? Configuration management tool Written in Ruby by Luke Kanies Based on the principles of CFEngine Client / server model Own domain-specific language (DSL) Buzzword compliant Easy to learn Easy to use Safe, uses SSL with an own PKI Idempotent Convergent · · · pup-v4.1-6 

What to consider Do I need a “heavy” tool like Puppet Do I have enough knowledge of Puppet If not, do I have time to learn Puppet Do I have a generic enough setup Do I have multiple environments (OTAP) Do I have multiple OS’s to take care of · · · pup-v4.1-7 

What you need Dedicated server as “Puppet master” ntp server (because of SSL) VCS like git or svn Nice to have: deployment server like Cobbler · · · pup-v4.1-8 

Master / Slave One central server: Master Contains all configurations Has the SSL key store One or more clients: Nodes Asks configuration sets Sends back reports Node Node Node HTTPS Reports SVN / Git Puppet master pup-v4.1-9 

What it does Clients asks for configuration Master gathers manifests for client Compiles a catalog for the client Sends the catalog to the client Checks current state Enforces wanted state Sends back a report Manifest Manifest Manifest Catalog Apply configuration Query status Enforce state Defined system state Compile pup-v4.1-10 

Getting started Use the Puppet Labs Package Repositories http://docs.puppetlabs.com/guides/puppetlabs_package_repositories.html Make sure NTP and DNS are working Install the Puppet master software Install the Puppet client software Create a repository in VCS Deploy a simple file, like /etc/motd Extend things · · · pup-v4.1-11 

Extending things Add a second host Create a “generic” module In Puppet version 4.x the advise is to use Hiera with hiera_include('classes') Deploy more difficult things with templates · · · pup-v4.1-12 

The structure Modules contain one or more manifests Classes are defined in manifests Classes can inherit other classes Classes contain the resource definitions Nodes can be subscribed to classes Module Class Resource(s) File(s) Template(s) Node Node Node pup-v4.1-13 

The start The file $puppet/manifests/site.pp is the first file used Start of the configuration tree is the manifests directory (directory environments) site.pp example import "prod/nodes" import "dmz/nodes" import "test/nodes" This will be deprecated in favor of “directory environments” pup-v4.1-14 

Nodes From site.pp nodes are imported. These files are normally called nodes.pp nodes.pp example node default { include generic } node "mach1.acme.com" inherits default { class { issue: loc => "attic", room => "closet",} include logcheck } inherits will be deprecated in Puppet version 4.x pup-v4.1-15 

Install packages Installation of packages is OS independant Puppet “knows” how to install a package on a certain OS package example package { "rsyslog" : ensure => installed, } pup-v4.1-16 

Copy files Copying files is very easy Just give the source, destination and file rights file example file { "/etc/rsyslog.conf" : ensure => file, source => "puppet:///modules/rsyslog/etc/rsyslog.conf", path => "/etc/rsyslog.conf", owner => root, group => root, mode => 0660, notify => Service["rsyslog"], } pup-v4.1-17 

Managing services When a service needs to run, Puppet can check into this service example service { "rsyslog" : ensure => running, enable => true, hasstatus => true, require => Package["rsyslog"], } pup-v4.1-18 

Managing cron jobs Puppet can manage all your cron jobs cron example cron { "reright" : ensure => present, user => root, hour => 3, minute => 32, command => "/etc/puppet/bin/reright", } pup-v4.1-19 

User management If you don’t want to use LDAP or other central systems user example user { "tonk" : ensure => "present", uid => "1001", gid => "1001", comment => "Ton Kersten", home => "/home/tonk", shell => "/bin/zsh", } pup-v4.1-20 

Tips Use Directory environments Avoid inheritance except for params.pp Use Vox Pupuli tools https://github.com/voxpupuli Separate code and data with Hiera https://puppetlabs.com/blog/separation-concerns-how-hiera-helps Puppet Open Source Projects https://puppetlabs.com/puppet/open-source-projects Example 42 modules and tools http://www.example42.com Geppetto IDE http://puppetlabs.github.io/geppetto pup-v4.1-21 

Tips Learning Puppet on Puppet Labs https://puppetlabs.com/download-learning-vm Puppet coding style http://docs.puppetlabs.com/guides/style_guide.html The Pro Puppet book http://www.apress.com/9781430260400 Puppet documentation on Puppet Labs http://docs.puppetlabs.com The Puppet Forge https://forge.puppetlabs.com IRC: #puppet on Freenode · · · pup-v4.1-22 

Questions? Please, ask!!! Contact me [email protected] http://www.atcomputing.nl https://github.com/tonk https://speakerdeck.com/tonk @TonKersten on Twitter TKersten on IRC Created with L A TEX Beamer Vim Vim Snippets LibreOffice ImageMagick Evince pup-v4.1-23