Puppet, notes

What is Puppet?
Puppet is Ruby-based, licensed as GPLv2 and can run in either client-server or stand-alone modes. It can be used to manage configuration on UNIX and Linux platforms, and recently Microsoft Windows platforms as well. Puppet is often used to manage a host throughout its lifecycle: from initial build and installation, to upgrades, maintenance, and finally to end-of-life, when you move service elsewhere.

How does Puppet work?

Puppet is usually deployment in a simple client-server model. The server is called a Puppet master. The Puppet software is called an agent and the host itself is defined as a node. The Puppetmaster run as a daemon on a host and contains the configuration required for your environment. The Puppet agents connect to the Puppetmaster via encrypted and authenticated connection using standard SSL, and retrieve or pull any configuration to be applied (Figure 1)

Figure 1- Puppet server-client model Each agent can run Puppet as a daemon via mechanism such as cron, or the connection can be manually triggered. The usual practice is to run Puppet as a daemon and have it periodically check with the master to confirm that the configuration is up-to-date or retrieve any new configuration. By default, the Puppet agent will check the master for new or changed configuration once every 30 minutes. This configuration can be changed in the environment variables. [agent] Runinterval=10800 # time in seconds

Puppet uses a declarative language to define your configuration items, which Puppet calls resources. A declarative language makes statements about the state of your configuration and it doesnt form it of as making it. In Puppet, we define a configuration resource for a package. Each resource is made up of a type (what sort of resource is being managed: packages, services, or cron jobs), a tittle (the name of resource), and a series of attributes (values that specify the state of the resource). type {title: attribute => value, } For example: Package {vim: Ensure => present, } With our resource created, Puppet takes care of the details of how to manage that resource when our agents connect. Puppet handles the how by knowing how different platforms and operating systems manage certain types of resources. Each type has a number of providers. A provider contains the how of managing packages using a particular packages management tools When an agent connects, Puppet uses a tool called Facter to return information about that agent, including what operating system it is running. Puppet then chooses the appropriate package provider for that operating system and uses that provider to check if the package is installed. For example, on Red Hat it would execute yum, on Ubuntu or Debian it would execute aptitude.

What is Facter?
Facter is a system inventory tool that we use throughout the book. It returns facts about each agent, such as its hostname, IP address, operating system and version, and other configuration items. These facts are gathered when the agent runs. The facts are sent to the Puppetmaster and automatically created as variables available to Puppet. Each fact is returned as key => value pair. For example: Architecture => i386 Ipaddress => 192.160.57.101 Operatingsystem => Ubuntu Operatingsystemrelease => 10.04 These facts are made available as variables than can be used in your Puppet configuration. When combined with the configuration you define in Puppet, they allow you to customize that configuration for each host. For example, they allow writing generic resources, like your network settings and customize then with data from your agents.

Installing Puppet on Ubuntu and Debian

on the master, we need to install: # apt-get install puppet puppetmaster facter On the agent, we only need to install the following packages: # apt-get install puppet facter

Configuring Puppet
On Debian and Ubuntu, Puppets configuration will be located under the /etc/puppet/ directory. Their principal configuration file is called puppet.conf and is stored at /ect/puppet/puppet.conf. The puppet.conf configuration file is constructed much like in INI-style configuration file and divided into sections. Each section configures a particular element of puppet. For example, the [agent] section configures the Puppet agent, and the [master] section configures the Puppet master binary. There is also a global configuration section called [main]. All components of Puppet will set options specified in the [main] section. It is important to add certname variable on [master] section. The certname option specifies the name of the Puppet master. [main] certname=puppet.example.com Adding the certname option and specifying our fully qualified domain name (FQDN) does two things: it makes troubleshooting certificates issues easier, and it addresses a bug with the Ruby SSL coded present on many Linux based host.

Types of resources
Executing pupped we can obtain a list of the available resources: # puppet describe --list These are the types known to puppet: augeas - Apply the changes (single or array of changes ... computer - Computer object management using DirectorySer ... cron - Installs and manages cron jobs exec - Executes external commands file - Manages local files, including setting owners ... filebucket - A repository for backing up files group - Manage groups host - Installs and manages host entries k5login - Manage the ` macauthorization - Manage the Mac OS X authorization database mailalias - Creates an email alias in the local alias dat ... maillist - Manage email lists mcx - MCX object management using DirectoryService ... mount - Manages mounted filesystems, including puttin ... nagios_command - The Nagios type command nagios_contact - The Nagios type contact nagios_contactgroup - The Nagios type contactgroup nagios_host - The Nagios type host nagios_hostdependency - The Nagios type hostdependency nagios_hostescalation - The Nagios type hostescalation nagios_hostextinfo - The Nagios type hostextinfo nagios_hostgroup - The Nagios type hostgroup nagios_service - The Nagios type service nagios_servicedependency - The Nagios type servicedependency nagios_serviceescalation - The Nagios type serviceescalation nagios_serviceextinfo - The Nagios type serviceextinfo

nagios_servicegroup - The Nagios type servicegroup nagios_timeperiod - The Nagios type timeperiod notify - Sends an arbitrary message to the agent run-t ... package - Manage packages resources - This is a metatype that can manage other reso ... schedule - Defined schedules for Puppet selboolean - Manages SELinux booleans on systems with SELi ... selmodule - Manages loading and unloading of SELinux poli ... service - Manage running services ssh_authorized_key - Manages SSH authorized keys sshkey - Installs and manages ssh host keys stage - A resource type for specifying run stages tidy - Remove unwanted files based on specific crite ... user - Manage users whit - The smallest possible resource type, for when ... yumrepo - The client-side description of a yum reposito ... zfs - Manage zfs zone - Solaris zones zpool - Manage zpools Also, we can get details about each resource type: # puppet describe host host ==== Installs and manages host entries. For most systems, these entries will just be in `/etc/hosts`, but some systems (notably OS X) will have different solutions.

Parameters ---------- **ensure** The basic property that the resource should be in. Valid values are `present`, `absent`. - **host_aliases** Any aliases the host might have. Multiple values must be specified as an array. - **ip** The host's IP address, IPv4 or IPv6. - **name** The host name. - **target** The file in which to store service information. Only used by those providers that write to disk. Providers

--------Parsed