Category: puppet

Puppet – Resource Abstraction Layer ”; Previous Next In Puppet, Resource Abstraction Layer (RAL) can be considered as the core conceptualized model on which the whole infrastructure and Puppet setup works. In RAL, each alphabet has its own significant meaning which is defined as follows. Resource [R] A resource can be considered as all the resources which are used to model any configuration in Puppet. They are basically in-built resources which are by default present in Puppet. They can be considered as a set of resources belonging to a pre-defined resource type. They are similar to OOP concept in any other programming language wherein the object is an instance of class. In Puppet, its resource is an instance of a resource type. Abstraction [A] Abstraction can be considered as a key feature where the resources are defined independently from the target OS. In other words, while writing any manifest file the user need not worry about the target machine or the OS, which is present on that particular machine. In abstraction, resources give enough information about what needs to exist on the Puppet agent. Puppet will take care of all the functionalities or magic happening behind the scene. Regardless of the resources and OS, Puppet will take care of implementing the configuration on the target machine, wherein the user need not worry how Puppet does behind the scenes. In abstraction, Puppet separates out the resources from its implementation. This platformspecific configuration exists from providers. We can use multiple subcommands along with its providers. Layer [L] It is possible that one defines an entire machine setup and configuration in terms of collection of resources, and it can be viewed and managed via Puppet’s CLI interface. Example for User Resource Type [root@puppetmaster ~]# puppet describe user –providers user ==== Manage users. This type is mostly built to manage systemusers, so it is lacking some features useful for managing normalusers. This resource type uses the prescribed native tools for creating groups and generally uses POSIX APIs for retrieving informationabout them. It does not directly modify ”/etc/passwd” or anything. – **comment** A description of the user. Generally the user”s full name. – **ensure** The basic state that the object should be in. Valid values are ”present”, ”absent”, ”role”. – **expiry** The expiry date for this user. Must be provided in a zero-padded YYYY-MM-DD format — e.g. 2010-02-19. If you want to make sure the user account does never expire, you can pass the special value ”absent”. Valid values are ”absent”. Values can match ”/^d{4}-d{2}-d{2}$/”. Requires features manages_expiry. – **forcelocal** Forces the management of local accounts when accounts are also being managed by some other NSS Valid values are ”true”, ”false”, ”yes”, ”no”. Requires features libuser. – **gid** The user”s primary group. Can be specified numerically or by name. This attribute is not supported on Windows systems; use the ‘groups’ attribute instead. (On Windows, designating a primary group is only meaningful for domain accounts, which Puppet does not currently manage.) – **groups** The groups to which the user belongs. The primary group should not be listed, and groups should be identified by name rather than by GID. Multiple groups should be specified as an array. – **home** The home directory of the user. The directory must be created separately and is not currently checked for existence. – **ia_load_module** The name of the I&A module to use to manage this user. Requires features manages_aix_lam. – **iterations** This is the number of iterations of a chained computation of the password hash (http://en.wikipedia.org/wiki/PBKDF2). This parameter is used in OS X. This field is required for managing passwords on OS X >= 10.8. – **key_membership** Whether specified key/value pairs should be considered the **complete list** (”inclusive”) or the **minimum list** (”minimum”) of the user”s attributes. Defaults to ”minimum”. Valid values are ”inclusive”, ”minimum”. – **keys** Specify user attributes in an array of key = value pairs. Requires features manages_solaris_rbac. – **managehome** Whether to manage the home directory when managing the user. This will create the home directory when ”ensure => present”, and delete the home directory when ‘ensure => absent’. Defaults to ‘false’. Valid values are ‘true’, ‘false’, ‘yes’, ‘no’. – **membership** Whether specified groups should be considered the **complete list** (‘inclusive’) or the **minimum list** (‘minimum’) of groups to which the user belongs. Defaults to ‘minimum’. Valid values are ‘inclusive’, ‘minimum’. – **name** The user name. While naming limitations vary by operating system, it is advisable to restrict names to the lowest common denominator. – **password** The user”s password, in whatever encrypted format the local system requires. * Most modern Unix-like systems use salted SHA1 password hashes. You can use Puppet”s built-in ‘sha1’ function to generate a hash from a password. * Mac OS X 10.5 and 10.6 also use salted SHA1 hashes. * Mac OS X 10.7 (Lion) uses salted SHA512 hashes. The Puppet Labs [stdlib][] module contains a ‘str2saltedsha512’ function which can generate password hashes for Lion. * Mac OS X 10.8 and higher use salted SHA512 PBKDF2 hashes. When managing passwords on these systems the salt and iterations properties need to be specified as well as the password. [stdlib]: https://github.com/puppetlabs/puppetlabs-stdlib/ Be sure to enclose any value that includes a dollar sign ($) in single quotes (”) to avoid accidental variable interpolation. Requires features manages_passwords. – **password_max_age** The maximum number of days a password may be used before it must be changed. Requires features manages_password_age. – **password_min_age** The minimum number of days a password must be used before it may be changed. Requires features manages_password_age. – **profile_membership** Whether specified roles should be treated as the **complete list** (‘inclusive’) or the **minimum list** (‘minimum’) of roles of which the user is a member. Defaults to ‘minimum’. Valid values are ‘inclusive’, ‘minimum’. – **profiles** The profiles the user has. Multiple profiles should be specified as an array. Requires features manages_solaris_rbac. – **project** The name of the project associated with a user. Requires features manages_solaris_rbac. – **purge_ssh_keys** Purge ssh keys authorized for the user if

Puppet – Master ”; Previous Next In Puppet, the client server architecture of Puppet master is considered as the controlling authority of the entire setup. Puppet master acts as the server in the setup and controls all the activities on all the nodes. For any server which needs to act as Puppet master, it should have Puppet server software running. This server software is the key component of controlling all the activities on nodes. In this setup, one key point to remember is to have a super user access to all the machines that one is going to use in the setup. Following are the steps to setup Puppet master. Prerequisites Private Network DNS − Forward and backward should be configured, wherein each server should have a unique hostname. If one does not have the DNS configured, then one can use a private network for communication with the infrastructure. Firewall Open Port − Puppet master should be open on a particular port so that it can listen to the incoming requests on a particular port. We can use any port which is open on the firewall. Creating Puppet Master Server Puppet master that we are creating is going to be on CentOS 7 × 64 machine using Puppet as the host name. The minimum system configuration for the creation of Puppet master is two CPU core and 1GB of memory. Configuration may have bigger size as well depending on the number of nodes we are going to manage with this master. In the infrastructure, is bigger than it is configured using 2 GB RAM. Host Name Role Private FQDN Brcleprod001 Puppet master bnrcleprod001.brcl.com Next, one needs to generate Puppet master SSL certificate and the name of the master machine will be copied in the configuration file of all the nodes. Installing NTP Since Puppet master is the central authority for agent nodes in any given setup, it is one of the key responsibility of the Puppet master to maintain accurate system time to avoid potential configuration problems, which can arise when it issues agent certificates to nodes. If the time conflict issue arises, then certificates can appear expired if there are time discrepancies between the master and the node. Network time protocol is one of the key mechanisms to avoid such kind of problems. Listing Available Time Zones $ timedatectl list-timezones The above command will provide a whole list of available time zones. It will provide regions with time zone availability. Following command can be used to set the required time zone on the machine. $ sudo timedatectl set-timezone India/Delhi Install NTP on the Puppet server machine using the yum utility of CentOS machine. $ sudo yum -y install ntp Sync NTP with the system time which we have set in the above commands. $ sudo ntpdate pool.ntp.org In common practice, we will update the NTP configuration to use common pools which is available nearer to the machine datacenters. For this, we need to edit ntp.conf file under /etc. $ sudo vi /etc/ntp.conf Add the time server from the NTP pool time zones available. Following is how the ntp.conf file looks like. brcleprod001.brcl.pool.ntp.org brcleprod002.brcl.pool.ntp.org brcleprod003.brcl.pool.ntp.org brcleprod004.brcl.pool.ntp.org Save the configuration. Start the server and enable the daemon. $ sudo systemctl restart ntpd $ sudo systemctl enable ntpd Setup Puppet Server Software Puppet server software is a software which runs on the Puppet master machine. It is the machine which pushes configurations to other machines running the Puppet agent software. Enable official Puppet labs collection repository using the following command. $ sudo rpm -ivh https://yum.puppetlabs.com/puppetlabs-release-pc1-el7.noarch.rpm Install puppetserver package. $ sudo yum -y install puppetserver Configure Memory Allocation on the Puppet Server As we have discussed, by default, the Puppet server gets configured on 2GB RAM machine. One can customize the setup according to the free memory available on the machine and how many nodes the server will manage. Edit the puppet server configuration on the vi mode $ sudo vi /etc/sysconfig/puppetserver Find the JAVA_ARGS and use the –Xms and –Xms options to set the memory allocation. We will allocate 3GB of space JAVA_ARGS=”-Xms3g -Xmx3g” Once done, save and exit from the edit mode. After all the above setup is complete, we are ready to start the Puppet server on the master machine with the following command. $ sudo systemctl start puppetserver Next, we will do the setup so that the puppet server starts whenever the master server boots. $ sudo systemctl enable puppetserver Puppet.conf Master Section [master] autosign = $confdir/autosign.conf { mode = 664 } reports = foreman external_nodes = /etc/puppet/node.rb node_terminus = exec ca = true ssldir = /var/lib/puppet/ssl certname = sat6.example.com strict_variables = false manifest = /etc/puppet/environments/$environment/manifests/site.pp modulepath = /etc/puppet/environments/$environment/modules config_version = Print Page Previous Next Advertisements ”;

Puppet – Module ”; Previous Next In Puppet, a module can be defined as a collection of resources, classes, files, definition, and templates. Puppet supports easy re-distribution of modules, which is very helpful in modularity of code as one can write a specified generic module and can use it multiple times with very few simple code changes. For example, this will enable default site configuration under /etc/puppet, with modules shipped by Puppet proper in /etc/share/puppet. Module Configuration In any Puppet module, we have two partitions which help in defining the structure of code and controlling the denominates. The search path of modules is configured using colon-separated list of directories in the puppetmasterd or masterd, the later section of Puppet’s master configuration file with the modulepath parameter. [puppetmasterd] … modulepath = /var/lib/puppet/modules:/data/puppet/modules The search path can be added at the runtime by setting the PUPPETLAB environment variable which must also be colon-separated list of variables. Access control settings for the file server modules in fileserver.conf, the path configuration for that module is always ignored, and specifying a path will produce a warning. Modules Source Puppet supports a different location for storing modules. Any module can be stored in different file system of any particular machine. However, all the paths where modules are stored must be specified in configuration variable known as modulepath which is in general, a path variable where Puppet scans for all module directories and loads them up when it is booting up. A reasonable default path can be configured as − /etc/puppet/modules:/usr/share/puppet:/var/lib/modules. Alternatively, the /etc/puppet directory could be established as a special anonymous module, which is always searched first. Module Naming Puppet follows the same naming standards of a particular module wherein the module name must be normal words, matching [-\w+] (letter, word, number, underscore and dashes) and not containing the namespace separator: : or /. While it might be allowed regarding module hierarchies, for new modules it cannot be nested. Module Internal Organization When the user creates a new module in Puppet, it follows the same structure and contains manifest, distributed file, plugins, and templates arranged in a specific directory structure as shown in the following code. MODULE_PATH/ downcased_module_name/ files/ manifests/ init.pp lib/ puppet/ parser/ functions provider/ type/ facter/ templates/ README Whenever a module is created, it contains init.pp manifest file at the specified fix location inside manifests directory. This manifest file is a default file which executes first in any particular module and contains a collection of all the classes associated with that particular module. Additional .pp file can be added directly under the manifests folder. If we are adding additional .pp files, they should be named after the class. One of the key feature achieved by using modules is code sharing. A module by nature should be self-contained which means one should be able to include any module from anywhere and drop it onto the module path, which gets loaded when Puppet boots up. With the help of modules, one gets modularity in Puppet infrastructure coding. Example Consider an autofs module that installs a fixed auto.homes map and generates the auto.master from templates. class autofs { package { autofs: ensure => latest } service { autofs: ensure => running } file { “/etc/auto.homes”: source => “puppet://$servername/modules/autofs/auto.homes” } file { “/etc/auto.master”: content => template(“autofs/auto.master.erb”) } } The file system will have the following files. MODULE_PATH/ autofs/ manifests/ init.pp files/ auto.homes templates/ auto.master.erb Module Lookup Puppet follows a pre-defined structure wherein it contains multiple directories and subdirectories in a defined structure. These directories contain different kind of files which are required by a module to perform certain actions. A little behind-the-scenes magic makes sure that the right file is associated with the right context. All module searches are within the modulepath, a colon-separated list of directories. For file references on the fileserver, a similar reference is used so that a reference to puppet: //$servername/modules/autofs/auto.homes resolves to the file autofs/files/auto.homes in the module’s path. To make a module usable with both the command line client and a puppet master, one can use a URL of the from puppet:///path. i.e. a URL without an explicit server name. Such URL is treated slightly different by Puppet and puppetd. Puppet searches for serverless URL in the local file system. Template files are searched in a manner similar to manifest and files: a mention of template (“autofs/auto.master.erb”) will make the puppetmaster first look for a file in $templatedir/autofs/auto.master.erb and then autofs/templates/auto.master.erb on the module path. With Puppet versions of everything under the Puppet, it is available to use. This is called module auto loading. Puppet will attempt to auto-load classes and definitions from the module. Print Page Previous Next Advertisements ”;

Puppet – Function ”; Previous Next Puppet supports functions as any other programming language since the base development language of Puppet is Ruby. It supports two types of functions known with the name of statement and rvalue functions. Statements stand on their own and they do not have any return type. They are used for performing standalone tasks like importing other Puppet modules in the new manifest file. Rvalue returns values and can only be used when the statement requires a value, such as an assignment or a case statement. The key behind the execution of function in Puppet is, it only executes on Puppet master and they do not execute on the client or the Puppet agent. Therefore, they only have access to the commands and data available on the Puppet master. There are different kind of functions which are already present and even the user has the privilege to create custom functions as per requirement. Few inbuilt functions are listed below. File Function File function of the file resource is to load a module in Puppet and return the desired output in the form of a string. The arguments that it looks for is, the <module name>/<file> reference, which helps in loading the module from Puppet module’s file directory. Like script/tesingscript.sh will load the files from <module name>/script/files/testingscript.sh. Function has the capability to read and accept an absolute path, which helps in loading the file from anywhere on the disk. Include Function In Puppet, the include function is very much similar to the include function in any other programming language. It is used for declaration of one or more classes, which results in evaluating all the resources present inside those classes and finally add them to a catalog. The way it works is, include function accepts a class name, list of classes or a comma separated list of class names. One thing to keep in mind while using an include statement is, it can be used multiple times in a class but has the limitation of including a single class only once. If the included class accepts a parameter, the include function will automatically look up values for them using <class name>::<parameter name> as the lookup key. Include function does not cause a class to be contained in the class when they are declared, for that we need to use a contained function. It even does not create a dependency in the declared class and classes surrounding it. In include function, only the full name of a class is allowed, relative names are not allowed. Defined Function In Puppet, the defined function helps in determining where a given class or resource type is defined and returns a Boolean value or not. One can also use define to determine whether a specific resource is defined or the variable defined has a value. Key point to keep in mind while using the defined function is, this function takes at least one string argument, which can be a class name, type name, resource reference, or variable reference of the form “$name”. Define function checks for both native and defined function type, including types provided by modules. Type and class are matched by their names. The function matches the resource deceleration by using the resource reference. Define Function Matches # Matching resource types defined(“file”) defined(“customtype”) # Matching defines and classes defined(“testing”) defined(“testing::java”) # Matching variables defined(”$name”) # Matching declared resources defined(File[”/tmp/file”]) Print Page Previous Next Advertisements ”;

Puppet – Useful Resources ”; Previous Next The following resources contain additional information on Puppet. Please use them to get more in-depth knowledge on this topic. Print Page Previous Next Advertisements ”;

Puppet – Validating Puppet Setup ”; Previous Next In Puppet, the setup can be tested locally. Hence, once we have set up Puppet master and node, it’s time to validate the setup locally. We need to have Vagrant and Vagrant box installed locally, which helps in testing the setup locally. Setting Up the Virtual Machine As we are testing the setup locally, we do not actually require a running Puppet master. This means without actually running the Puppet master on the server, we can simply use Puppet to apply command for Puppet setup validation. Puppet apply command will apply changes from local/etc/puppet depending on the virtual machine’s hostname in the configuration file. First step which we need to perform in order to test the setup is to build the following Vagrantfile and start a machine and mount the /etc/puppet folder into place. All the files which are required will be place inside the version control system with the following structure. Directory Structure – manifests – site.pp – modules – your modules – test – update-puppet.sh – Vagrantfile – puppet.conf Vagrant File # -*- mode: ruby -*- # vi: set ft = ruby : Vagrant.configure(“2”) do |config| config.vm.box = “precise32” config.vm.box_url = “http://files.vagrantup.com/precise64.box” config.vm.provider :virtualbox do |vb| vb.customize [“modifyvm”, :id, “–memory”, 1028, “–cpus”, 2] end # Mount our repo onto /etc/puppet config.vm.synced_folder “../”, “/etc/puppet” # Run our Puppet shell script config.vm.provision “shell” do |s| s.path = “update-puppet.sh” end config.vm.hostname = “localdev.example.com” end In the above code, we have used Shell provisioner in which we are trying to run a Shell script named update-puppet.sh. The script is present in the same directory where the Vagrant file is located and the content of the script are listed below. !/bin/bash echo “Puppet version is $(puppet –version)” if [ $( puppet –version) != “3.4.1” ]; then echo “Updating puppet” apt-get install –yes lsb-release DISTRIB_CODENAME = $(lsb_release –codename –short) DEB = “puppetlabs-release-${DISTRIB_CODENAME}.deb” DEB_PROVIDES=”/etc/apt/sources.list.d/puppetlabs.list” if [ ! -e $DEB_PROVIDES ] then wget -q http://apt.puppetlabs.com/$DEB sudo dpkg -i $DEB fi sudo apt-get update sudo apt-get install -o Dpkg::Options:: = “–force-confold” –force-yes -y puppet else echo “Puppet is up to date!” fi Further processing, the user needs to create a manifest file inside Manifests directory with the name site.pp which will install some software on VM. node ”brclelocal03.brcl.com” { package { [”vim”,”git”] : ensure => latest } } echo “Running puppet” sudo puppet apply /etc/puppet/manifests/site.pp Once the user has the above script ready with the required Vagrant file configuration, the user can cd to the test directory and run the vagrant up command. This will boot a new VM, Later, install Puppet and then run it using the Shell script. Following will be the output. Notice: Compiled catalog for localdev.example.com in environment production in 0.09 seconds Notice: /Stage[main]/Main/Node[brclelocal03.brcl.com]/Package[git]/ensure: created Notice: /Stage[main]/Main/Node[brcllocal03.brcl.com]/Package[vim]/ensure: ensure changed ”purged” to ”latest” Validating Multiple Machine Configuration If we need to test the configuration of multiple machines locally, it can be simply done by making a change in Vagrant configuration file. New Configured Vagrant File config.vm.define “brclelocal003” do |brclelocal003| brclelocal03.vm.hostname = “brclelocal003.brcl.com” end config.vm.define “production” do |production| production.vm.hostname = “brcleprod004.brcl.com” end Let’s assume we have a new production server, which needs SSL utility installed. We just need to extend the old manifest with the following configuration. node ”brcleprod004.brcl.com” inherits ”brcleloacl003.brcl.com” { package { [”SSL”] : ensure => latest } } After making configurational changes in the manifest file, we just need to move to the test directory and run the basic vagrant up command which will bring up both brclelocal003.brcl.com and brcleprod004.brcl.com machine. In our case, we are trying to bring up production machine which could be done by running the vagrant up production command. The will create a new machine with the name production as defined in Vagrant file and it will have SSL package installed in it. Print Page Previous Next Advertisements ”;

Puppet – Environment ”; Previous Next In software development and delivery model, there are different kind of testing environments which are used for testing a particular product or a service. As a standard practice, there are mainly three kind of environments as development, testing and production, wherein each of them have their own set configuration. Puppet supports the management of multiple environment along the same line as Ruby on Rails. The key factor behind the creation of these environments is providing an easy mechanism for managing at different levels of SLA agreement. In some cases, the machine always needs to be up without any tolerance and use of old software. Wherein other environments are up-to-date and are used for testing purposes. They are used for upgrades for more important machines. Puppet recommends to stick with the standard production, testing, and development environment configuration, however, here it even provides the user with a leverage of creating custom environments as per requirement. Environment Goal The main goal of setup split by an environment, is that Puppet can have different sources for modules and manifests. One can then test the changes in configuration in the testing environment without impacting the production nodes. These environments can also be used to deploy infrastructure on different sources of network. Using the Environment on Puppet Master The point of an environment is to test which manifest, module, template of the file needs to be send to the client. Thus, Puppet must be configured to provide environment-specific source for these information. Puppet environments are implemented simply by adding the pre-environment sections to the server’s puppet.conf and choosing different configuration source for each environment. These pre-environment sections are then used in preference to the main section. [main] manifest = /usr/testing/puppet/site.pp modulepath = /usr/testing/puppet/modules [development] manifest = /usr/testing/puppet/development/site.pp modulepath = /usr/testing/puppet/development/modules In the above code, any client in the development environment will use the site.pp manifest file located in the directory /usr/share/puppet/development and Puppet will search for any module in /usr/share/puppet/development/modules directory. Running Puppet with or without any environment would default to site.pp file and the directory specified in the manifest and modulepath values in the main configuration section. There are only few configurations which actually makes sense to be configured preenvironment, and all of those parameters revolve around specifying what files to use to compile a client’s configuration. Following are the parameters. Modulepath − In Puppet, as a basic standard mode it’s best to have a standard module directory that all environment share and then a pre-environment directory where the custom module can be stored. Module path is the location where Puppet looks for all the environment related configuration files. Templatedir − Template directory is the location where all the versions of related templates are saved. The module should be preferred to these settings, however it allows one to have different versions of a given template in each environment. Manifest − This defines which configuration to use as entrypoint script. With multiple modules, Puppets help in getting the modularity for configurations. One can use multiple environments in Puppet which works much better if one relies largely on modules. It is easier to migrate changes to environments by encapsulating changes in the module. File server uses an environment specific module path; if one does file serving from modules, instead of separate mounted directories, this environment will be able to get environment-specific files and finally the current environment will also be available in $environment variable within the manifest file. Setting the Clients Environment All the configurations related to environment configuration are done on puppet.conf file. To specify which environment the Puppet client should use, one can specify a value for the environment configuration variable in client’s puppet.conf file. [puppetd] environment = Testing The above definition in configuration file defines which environment the configuration file is in our case it is testing. One can also specify this on the command line using − #puppetd -–environment = testing Alternatively, Puppet also supports the use of dynamic values in environment configuration. Rather than defining the static values, the developer has a leverage to create custom facts that creates client environment based upon some other client attributes or an external data source. The preferred way of doing it is using a custom tool. These tools are capable of specifying a node’s environment and are generally much better at specifying node information. Puppet Search Path Puppet uses a simple search path to determine which configuration needs to be applied on the target machine. In the same way, search path in Puppet is very useful when it is trying to pick up appropriate values which needs to be applied. There are multiple locations as listed below where Puppet searches for the values which needs to be applied. Value specified in the command line Values specified in an environment-specific section Values specified in an executable-specific section Values specified in the main section Print Page Previous Next Advertisements ”;

Discuss Puppet ”; Previous Next Puppet is a configuration management technology to manage the infrastructure on physical or virtual machines. It is an open-source software configuration management tool developed using Ruby which helps in managing complex infrastructure on the fly. This tutorial will help in understanding the building blocks of Puppet and how it works in an infrastructure environment. All the examples and code snippets used in this tutorial are tested. The working code snippets can be simply used in any Puppet setup by changing the current defined names and variables. Print Page Previous Next Advertisements ”;

Puppet – Quick Guide ”; Previous Next Puppet – Overview Puppet is a configuration management tool developed by Puppet Labs in order to automate infrastructure management and configuration. Puppet is a very powerful tool which helps in the concept of Infrastructure as code. This tool is written in Ruby DSL language that helps in converting a complete infrastructure in code format, which can be easily managed and configured. Puppet follows the client-server model, where one machine in any cluster acts as the server, known as puppet master and the other acts as a client known as a slave on nodes. Puppet has the capability to manage any system from scratch, starting from initial configuration till the end-of-life of any particular machine. Features of Puppet System Following are the most important features of Puppet. Idempotency Puppet supports Idempotency which makes it unique. Similar to Chef, in Puppet, one can safely run the same set of configuration multiple times on the same machine. In this flow, Puppet checks for the current status of the target machine and will only make changes when there is any specific change in the configuration. Idempotency helps in managing any particular machine throughout its lifecycle starting from the creation of machine, configurational changes in the machine, till the end-of-life. Puppet Idempotency feature is very helpful in keeping the machine updated for years rather than rebuilding the same machine multiple times, when there is any configurational change. Cross-platform In Puppet, with the help of Resource Abstraction Layer (RAL) which uses Puppet resources, one can target the specified configuration of system without worrying about the implementation details and how the configuration command will work inside the system, which are defined in the underlying configuration file. Puppet − Workflow Puppet uses the following workflow to apply configuration on the system. In Puppet, the first thing what the Puppet master does is to collect the details of the target machine. Using the factor which is present on all Puppet nodes (similar to Ohai in Chef) it gets all the machine level configuration details. These details are collected and sent back to the Puppet master. Then the puppet master compares the retrieved configuration with defined configuration details, and with the defined configuration it creates a catalog and sends it to the targeted Puppet agents. The Puppet agent then applies those configurations to get the system into a desired state. Finally, once one has the target node in a desired state, it sends a report back to the Puppet master, which helps the Puppet master in understanding where the current state of the system is, as defined in the catalog. Puppet − Key Components Following are the key components of Puppet. Puppet Resources Puppet resources are the key components for modeling any particular machine. These resources have their own implementation model. Puppet uses the same model to get any particular resource in the desired state. Providers Providers are basically fulfillers of any particular resource used in Puppet. For example, the package type ‘apt-get’ and ‘yum’ both are valid for package management. Sometimes, more than one provider would be available on a particular platform. Though each platform always have a default provider. Manifest Manifest is a collection of resources which are coupled inside the function or classes to configure any target system. They contain a set of Ruby code in order to configure a system. Modules Module is the key building block of Puppet, which can be defined as a collection of resources, files, templates, etc. They can be easily distributed among different kinds of OS being defined that they are of the same flavor. As they can be easily distributed, one module can be used multiple times with the same configuration. Templates Templates use Ruby expressions to define the customized content and variable input. They are used to develop custom content. Templates are defined in manifests and are copied to a location on the system. For example, if one wants to define httpd with a customizable port, then it can be done using the following expression. Listen <% = @httpd_port %> The httpd_port variable in this case is defined in the manifest that references this template. Static Files Static files can be defined as a general file which are sometimes required to perform specific tasks. They can be simply copied from one location to another using Puppet. All static files are located inside the files directory of any module. Any manipulation of the file in a manifest is done using the file resource. Puppet – Architecture Following is the diagrammatic representation of Puppet architecture. Puppet Master Puppet Master is the key mechanism which handles all the configuration related stuff. It applies the configuration to nodes using the Puppet agent. Puppet Agent Puppet Agents are the actual working machines which are managed by the Puppet master. They have the Puppet agent daemon service running inside them. Config Repository This is the repo where all nodes and server-related configurations are saved and pulled when required. Facts Facts are the details related to the node or the master machine, which are basically used for analyzing the current status of any node. On the basis of facts, changes are done on any target machine. There are pre-defined and custom facts in Puppet. Catalog All the manifest files or configuration which are written in Puppet are first converted to a compiled format called catalog and later those catalogs are applied on the target machine. Puppet – Installation Puppet works on the client server architecture, wherein we call the server as the Puppet master and the client as the Puppet node. This setup is achieved by installing Puppet on both the client and well as on all the server machines. For most of the platforms, Puppet can be installed via the package manager of choice. However, for few platforms it can be done by installing the tarball or RubyGems. Prerequisites Factor is the only pre-requisite that does not come along with Ohai which is present

Puppet – RESTful API ”; Previous Next Puppet uses RESTful API’s as the communication channel between both Puppet master and Puppet agents. Following is the basic URL to access this RESTful API. https://brcleprod001:8140/{environment}/{resource}/{key} https://brcleprod001:8139/{environment}/{resource}/{key} REST API Security Puppet usually takes care of security and SSL certificate management. However, if one wishes to use the RESTful API outside the cluster one needs to manage the certificate on their own, when trying to connect to a machine. The security policy for Puppet can be configured through the rest authconfig file. Testing REST API Curl utility can be used as a basic utility to rest RESTful API connectivity. Following is an example of how we can retrieve the catalog of node using REST API curl command. curl –cert /etc/puppet/ssl/certs/brcleprod001.pem –key /etc/puppet/ssl/private_keys/brcleprod001.pem In the following set of commands we are just setting the SSL certificate, which will be different depending on where the SSL directory is and the name of the node being used. For example, let’s look at the following command. curl –insecure -H ”Accept: yaml” https://brcleprod002:8140/production/catalog/brcleprod001 In the above command, we just send a header specifying the format or formats we want back and a RESTful URL for generating a catalog of brcleprod001 in production environment, will generate a the following output. — &id001 !ruby/object:Puppet::Resource::Catalog aliases: {} applying: false classes: [] … Let’s assume another example, where we want to get the CA certificate back from Puppet master. It doesn’t require to be authenticated with own signed SSL certificate since that is something which is required before being authenticated. curl –insecure -H ”Accept: s” https://brcleprod001:8140/production/certificate/ca —–BEGIN CERTIFICATE—– MIICHTCCAYagAwIBAgIBATANBgkqhkiG9w0BAQUFADAXMRUwEwYDVQQDDAxwdXBw Puppet Master and Agent Shared API Reference GET /certificate/{ca, other} curl -k -H “Accept: s” https://brcelprod001:8140/production/certificate/ca curl -k -H “Accept: s” https://brcleprod002:8139/production/certificate/brcleprod002 Puppet Master API Reference Authenticated Resources (Valid, signed certificate required). Catalogs GET /{environment}/catalog/{node certificate name} curl -k -H “Accept: pson” https://brcelprod001:8140/production/catalog/myclient Certificate Revocation List GET /certificate_revocation_list/ca curl -k -H “Accept: s” https://brcleprod001:8140/production/certificate/ca Certificate Request GET /{environment}/certificate_requests/{anything} GET /{environment}/certificate_request/{node certificate name} curl -k -H “Accept: yaml” https://brcelprod001:8140/production/certificate_requests/all curl -k -H “Accept: yaml” https://brcleprod001:8140/production/certificate_request/puppetclient Reports Submit a Report PUT /{environment}/report/{node certificate name} curl -k -X PUT -H “Content-Type: text/yaml” -d “{key:value}” https://brcleprod002:8139/production Node − Facts Regarding a Specific Node GET /{environment}/node/{node certificate name} curl -k -H “Accept: yaml” https://brcleprod002:8140/production/node/puppetclient Status − Used for Testing GET /{environment}/status/{anything} curl -k -H “Accept: pson” https://brcleprod002:8140/production/certificate_request/puppetclient Puppet Agent API Reference When a new agent is set up on any machine, by default Puppet agent does not listen to HTTP request. It needs to be enabled in Puppet by adding “listen=true” in puppet.conf file. This will enable Puppet agents to listen to HTTP request when the Puppet agent is starting up. Facts GET /{environment}/facts/{anything} curl -k -H “Accept: yaml” https://brcelprod002:8139/production/facts/{anything} Run − Causes the client to update like puppetturn or puppet kick. PUT /{environment}/run/{node certificate name} curl -k -X PUT -H “Content-Type: text/pson” -d “{}” https://brcleprod002:8139/production/run/{anything} Print Page Previous Next Advertisements ”;