Difference between revisions of "Puppet"
m (→Facts) |
|||
Line 142: | Line 142: | ||
lookup_options: | lookup_options: | ||
package::attribute: | package::attribute: | ||
− | merge: | + | merge: unique |
===Stdlib === | ===Stdlib === |
Revision as of 02:20, 5 June 2020
Contents
Puppet
https://forge.puppet.com/ <-- Where to get Modules
Puppet code is a declarative language, which means that you describe only the desired state for your systems, not the steps needed to get there
One of Puppet's core concepts is the resource abstraction layer. For Puppet, each aspect of the system you want to manage (such as a user, file, service, or package) is represented in code as a unit called a resource. The puppet resource tool lets you view and modify these resources directly.
Puppet Master --> [Catalog] --> Node --> [Facts] --> Puppet Master
- Facts = data about its state
- Catalog = Facts are used to compile a catalog that specifies how the node should be configured
Puppet agent uses providers to check for difference between current and desired state. The Providers help puppet implement whatever changes are necessary
- Learn Puppet (hands on) https://puppet.com/try-puppet/puppet-learning-vm/
Disable
Because sometimes you want to make things work before they are automated
sudo puppet agent --disable
Types
See what Puppet knows about a resource
sudo puppet resource file /tmp/ file { '/tmp/': ensure => 'directory', ctime => '2020-03-28 19:15:40 +0000', group => 0, mode => '1777', mtime => '2020-03-28 19:15:40 +0000', owner => 0, type => 'directory', }
sudo puppet resource package httpd ensure=present
Installs a package using the default package manager
Manifests – puppet code saves as .pp
Run a manifest directly (without puppet master involvement)
sudo puppet apply /tmp/hello.pp
Class – named block of Puppet Code – Class brings together resoures that manage one logical component of a system
Module – directory structure
Template Files (Embedded Ruby .erb)
https://puppet.com/docs/puppet/latest/lang_template_erb.html
Not required, but nice to have, an initial block that shows what variables are expected to be passed into the template
<%- | $port, $default_character, $default_message, | -%> # This file is managed by Puppet. Please do not make manual changes. --- :default_character: <%= $default_character %> :default_message: <%= $default_message %> :sinatra_settings: :port: <%= $port %>
Simple Validator
puppet parser validate pasture/manifests/init.pp
- Ruby Ternary Operator
CHECK ? TRUE : FALSE scope['processors']['count'] > 1 ? scope['processors']['count'] -1 : 1
Normally to update the host (instead of waiting for the timer)
sudo puppet agent --test
Run and make no changes
sudo puppet agent -t --noop
Relationship metaparameters tell Puppet about ordering relationships among your resources.
before => File['/etc/pasture_config.yaml'],
<-- create my resource before this other resource (config file) is generatednotify => Service['pasture'],
<- on change tell this other resource
When a host stops reporting, it will not fetch anything
Manifests
Using the default parameters
include module_class
Passing in parameters
class { 'pasture': default_character => 'cow', }
Profiles and Roles
Using roles and profiles is a design pattern, not something written into the Puppet source code.
A profile is a class that declares one or more related component modules and sets their parameters as needed. The set of profiles on a system defines and configures the technology stack it needs to fulfill its business role.
A role is a class that combines one or more profiles to define the desired state for a whole system. A role should correspond to the business purpose of a server.
A role itself should only compose profiles and set their parameters—it should not have any parameters itself.
A role should consist of only include statements to pull in the list of profile classes that make up the role. A role should not directly declare non-profile classes or individual resources.
Facts
https://ragnarkon.com/puppet/accessing-puppet-facts/
$facts['os']['family']
Classic way to access $::osfamily
facter -p os { architecture => "x86_64", family => "RedHat", hardware => "x86_64", name => "CentOS", release => { full => "7.6.1810", major => "7", minor => "6" }, selinux => { enabled => false } }
Combining and Inheritance
Usually the attribute closest to the object wins, aka hieracommon-dev.yaml over-writes hieracommon.yaml, should you want to use all values set against the object there are two ways 1. In the Manifest
$allattributes = lookup('package::attribute', Array[String], 'unique')
2. Specify in common.yaml
lookup_options: package::attribute: merge: unique
Stdlib
a standard library of resources for Puppet modules. such as Stdlib::IP::Address::V4
https://forge.puppet.com/puppetlabs/stdlib
puppet encrypt
Encrypting variables
ssh-keygen -f hostname -C hostname -t ed25519 sudo /opt/puppetlabs/puppet/bin/eyaml encrypt -f hostname
sudo /opt/puppetlabs/puppet/bin/eyaml decrypt -s "ENC[PKCS7,MII......]"
Forman Integration
If the branch that the environment is using gets merged/deleted the nodes stop updating as puppet cant find a class = branch. puppet only needs to find a branch thats 'alive' then it will get told the right information from forman. so
sudo puppet agent -t --environment develop
Instead of --->
Usually when someone has stopped puppet - done lots of changes, potentially deleted the branch it was configured with.
Ensure that the /etc/puppetlabs/puppetpuppet.conf
files environment is correct
[main] vardir = /opt/puppetlabs/puppet/cache logdir = /var/log/puppetlabs/puppet rundir = /var/run/puppetlabs ssldir = /etc/puppetlabs/puppet/ssl [agent] pluginsync = true report = true ignoreschedules = true ca_server = puppetmaster.domain certname = thishost.domain environment = develop server = puppetmaster.domain splay = true
Yaml
ruby -e "require 'yaml';require 'pp';pp YAML.load_file('./hiera.yaml')"