Puppet – Coding Style ”; Previous Next In Puppet, the coding style defines all the standards which one needs to follow while trying to convert the infrastructure on the machine configuration into a code. Puppet works and performs all its defined tasks using resources. Puppet’s language definition helps in specifying all the resources in a structured way, which is required to manage any target machine that needs to be managed. Puppet uses Ruby as its encoding language, which has multiple inbuilt features that makes it very easy to get things done with a simple configuration on the code side. Fundamental Units Puppet uses multiple fundamental coding styles which is easy to understand and manage. Following is a list of few. Resources In Puppet, resources are known as fundamental modeling unit which are used to manage or modify any target system. Resources cover all the aspects of a system such as file, service, and package. Puppet comes with an in-built capability wherein it allows the users or developers to develop custom resources, which help in managing any particular unit of a machine In Puppet, all the resources are aggregated together either by using “define” or “classes”. These aggregation features help in organizing a module. Following is a sample resource which consists of multiple types, a title, and a list of attributes with which Puppet can support multiple attributes. Each resource in Puppet has its own default value, which could be overridden when required. Sample Puppet Resource for File In the following command, we are trying to specify a permission for a particular file. file { ”/etc/passwd”: owner => superuser, group => superuser, mode => 644, } Whenever the above command gets executed on any machine, it will verify that the passwd file in the system is configured as described. The file before: colon is the title of resource, which can be referred as resource in other parts of Puppet configuration. Specifying Local Name in Addition to the Title file { ”sshdconfig”: name => $operaSystem ? { solaris => ”/usr/local/etc/ssh/sshd_config”, default => ”/etc/ssh/sshd_config”, }, owner => superuser, group => superuser, mode => 644, } By using the title, which is always the same it is very easy to refer file resource in configuration without having to repeat the OS related logic. Another example could be using a service that depends on a file. service { ”sshd”: subscribe => File[sshdconfig], } With this dependency, the sshd service will always restart once the sshdconfig file changes. The point to be remember here is File[sshdconfig] is a declaration as File as in lower case but if we change it to FILE[sshdconfig] then it would have been a reference. One fundamental point that one needs to keep in mind while declaring a resource is, it can be declared only once per config file. Repeating declaration of the same resource more than once will cause an error. Through this fundamental concept, Puppet makes sure that the configuration is well modeled. We even have the capability to manage resource dependency which helps is managing multiple relationships. service { ”sshd”: require => File[”sshdconfig”, ”sshconfig”, ”authorized_keys”] } Metaparameters Metaparameters are known as global parameters in Puppet. One of the key features of metaparameter is, it works with any type of resource in Puppet. Resource Default When one needs to define a default resource attribute value, Puppet provides a set of syntax to archive it, using a capitalized resource specification that has no title. For example, if we want to set the default path of all the executable it can be done with the following command. Exec { path => ”/usr/bin:/bin:/usr/sbin:/sbin” } exec { ”echo Testing mataparamaters.”: } In the above command, the first statement Exec will set the default value for exec resource. Exec resource requires a fully qualified path or a path which looks like an executable. With this, one can define a single default path for the entire configuration. Defaults work with any resource type in Puppet. Defaults are not global values, however, they only affect the scope in which they are defined or the very next variable to it. If one wants to define default for a complete configuration, then we define the default and the class in the very next section. Resource Collections Aggregation is method of collecting things together. Puppet supports a very powerful concept of aggregation. In Puppet, aggregation is used for grouping resource which is the fundamental unit of Puppet together. This concept of aggregation in Puppet is achieved by using two powerful methods known as classes and definition. Classes and Definition Classes are responsible for modeling the fundamental aspects of node. They can say node is a web server and this particular node is one of them. In Puppet, programming classes are singleton and they can get evaluated once per node. Definition on the other hand can be used many times on a single node. They work similarly as one has created his own Puppet type using the language. They are created to be used multiple times with different input each time. This means one can pass variable values into the definition. Difference between Class and Definition The only key difference between a class and definition is while defining the building structure and allocating resources, class gets evaluated only once per node, wherein on the other hand, a definition is used multiple times on the same single node. Classes Classes in Puppet are introduced using the class keyword and the content of that particular class is wrapped inside the curly braces as shown in the following example. class unix { file { ”/etc/passwd”: owner => ”superuser”, group => ”superuser”, mode => 644; ”/etc/shadow”: owner => ”vipin”, group => ”vipin”, mode => 440; } } In the following example, we have used some short hand which is similar to the above. class unix { file { ”/etc/passwd”: owner => ”superuser”, group => ”superuser”, mode => 644; } file {”/etc/shadow”: owner => ”vipin”, group => ”vipin”, mode => 440; }
Category: puppet
Puppet – Home
Puppet Tutorial PDF Version Quick Guide Resources Job Search Discussion Puppet is a configuration management technology to manage the infrastructure on physical or virtual machines. It is an open-source software configuration management tool developed using Ruby which helps in managing complex infrastructure on the fly. This tutorial will help in understanding the building blocks of Puppet and how it works in an infrastructure environment. All the examples and code snippets used in this tutorial are tested. The working code snippets can be simply used in any Puppet setup by changing the current defined names and variables. Audience This tutorial has been prepared for those who want to understand the features and functionality of Puppet and how it can help in reducing the complexity of managing an infrastructure. After completing this tutorial one would gain moderate level understanding of Puppet and its workflow. It will also give you a fair idea on how to configure Puppet in a preconfigured infrastructure and use it for automation. Prerequisites We assume anyone who wants to understand and learn Puppet should have an understanding of the system administration, infrastructure, and network protocol communication. To automate the infrastructure provisioning, one should have a command over basic Ruby script writing and the underlying system where one wants to use Puppet. Print Page Previous Next Advertisements ”;
Puppet – Architecture
Puppet – Architecture ”; Previous Next Following is the diagrammatic representation of Puppet architecture. Puppet Master Puppet Master is the key mechanism which handles all the configuration related stuff. It applies the configuration to nodes using the Puppet agent. Puppet Agent Puppet Agents are the actual working machines which are managed by the Puppet master. They have the Puppet agent daemon service running inside them. Config Repository This is the repo where all nodes and server-related configurations are saved and pulled when required. Facts Facts are the details related to the node or the master machine, which are basically used for analyzing the current status of any node. On the basis of facts, changes are done on any target machine. There are pre-defined and custom facts in Puppet. Catalog All the manifest files or configuration which are written in Puppet are first converted to a compiled format called catalog and later those catalogs are applied on the target machine. Print Page Previous Next Advertisements ”;
Puppet – RESTful API
Puppet – RESTful API ”; Previous Next Puppet uses RESTful API’s as the communication channel between both Puppet master and Puppet agents. Following is the basic URL to access this RESTful API. https://brcleprod001:8140/{environment}/{resource}/{key} https://brcleprod001:8139/{environment}/{resource}/{key} REST API Security Puppet usually takes care of security and SSL certificate management. However, if one wishes to use the RESTful API outside the cluster one needs to manage the certificate on their own, when trying to connect to a machine. The security policy for Puppet can be configured through the rest authconfig file. Testing REST API Curl utility can be used as a basic utility to rest RESTful API connectivity. Following is an example of how we can retrieve the catalog of node using REST API curl command. curl –cert /etc/puppet/ssl/certs/brcleprod001.pem –key /etc/puppet/ssl/private_keys/brcleprod001.pem In the following set of commands we are just setting the SSL certificate, which will be different depending on where the SSL directory is and the name of the node being used. For example, let’s look at the following command. curl –insecure -H ”Accept: yaml” https://brcleprod002:8140/production/catalog/brcleprod001 In the above command, we just send a header specifying the format or formats we want back and a RESTful URL for generating a catalog of brcleprod001 in production environment, will generate a the following output. — &id001 !ruby/object:Puppet::Resource::Catalog aliases: {} applying: false classes: [] … Let’s assume another example, where we want to get the CA certificate back from Puppet master. It doesn’t require to be authenticated with own signed SSL certificate since that is something which is required before being authenticated. curl –insecure -H ”Accept: s” https://brcleprod001:8140/production/certificate/ca —–BEGIN CERTIFICATE—– MIICHTCCAYagAwIBAgIBATANBgkqhkiG9w0BAQUFADAXMRUwEwYDVQQDDAxwdXBw Puppet Master and Agent Shared API Reference GET /certificate/{ca, other} curl -k -H “Accept: s” https://brcelprod001:8140/production/certificate/ca curl -k -H “Accept: s” https://brcleprod002:8139/production/certificate/brcleprod002 Puppet Master API Reference Authenticated Resources (Valid, signed certificate required). Catalogs GET /{environment}/catalog/{node certificate name} curl -k -H “Accept: pson” https://brcelprod001:8140/production/catalog/myclient Certificate Revocation List GET /certificate_revocation_list/ca curl -k -H “Accept: s” https://brcleprod001:8140/production/certificate/ca Certificate Request GET /{environment}/certificate_requests/{anything} GET /{environment}/certificate_request/{node certificate name} curl -k -H “Accept: yaml” https://brcelprod001:8140/production/certificate_requests/all curl -k -H “Accept: yaml” https://brcleprod001:8140/production/certificate_request/puppetclient Reports Submit a Report PUT /{environment}/report/{node certificate name} curl -k -X PUT -H “Content-Type: text/yaml” -d “{key:value}” https://brcleprod002:8139/production Node − Facts Regarding a Specific Node GET /{environment}/node/{node certificate name} curl -k -H “Accept: yaml” https://brcleprod002:8140/production/node/puppetclient Status − Used for Testing GET /{environment}/status/{anything} curl -k -H “Accept: pson” https://brcleprod002:8140/production/certificate_request/puppetclient Puppet Agent API Reference When a new agent is set up on any machine, by default Puppet agent does not listen to HTTP request. It needs to be enabled in Puppet by adding “listen=true” in puppet.conf file. This will enable Puppet agents to listen to HTTP request when the Puppet agent is starting up. Facts GET /{environment}/facts/{anything} curl -k -H “Accept: yaml” https://brcelprod002:8139/production/facts/{anything} Run − Causes the client to update like puppetturn or puppet kick. PUT /{environment}/run/{node certificate name} curl -k -X PUT -H “Content-Type: text/pson” -d “{}” https://brcleprod002:8139/production/run/{anything} Print Page Previous Next Advertisements ”;
Puppet – SSL Sign Certificate Setup ”; Previous Next When the Puppet agent software runs for the first time on any Puppet node, it generates a certificate and sends the certificate signing request to the Puppet master. Before the Puppet server is able to communicate and control the agent nodes, it must sign that particular agent node’s certificate. In the following sections, we will describe how to sign and check for the signing request. List Current Certificate Requests On the Puppet master, run the following command to see all unsigned certificate requests. $ sudo /opt/puppetlabs/bin/puppet cert list As we have just set up a new agent node, we will see one request for approval. Following will be the output. “Brcleprod004.brcl.com” (SHA259) 15:90:C2:FB:ED:69:A4:F7:B1:87:0B:BF:F7:ll: B5:1C:33:F7:76:67:F3:F6:45:AE:07:4B:F 6:E3:ss:04:11:8d It does not contain any + (sign) in the beginning, which indicates that the certificate is still not signed. Sign a Request In order to sign the new certificate request which was generated when the Puppet agent run took place on the new node, the Puppet cert sign command would be used, with the host name of the certificate, which was generated by the newly configured node that needs to be signed. As we have Brcleprod004.brcl.com’s certificate, we will use the following command. $ sudo /opt/puppetlabs/bin/puppet cert sign Brcleprod004.brcl.com Following will be the output. Notice: Signed certificate request for Brcle004.brcl.com Notice: Removing file Puppet::SSL::CertificateRequest Brcle004.brcl.com at ”/etc/puppetlabs/puppet/ssl/ca/requests/Brcle004.brcl.com.pem” The puppet sever can now communicate to the node, where the sign certificate belongs. $ sudo /opt/puppetlabs/bin/puppet cert sign –all Revoking the Host from the Puppet Setup There are conditions on configuration of kernel rebuild when it needs to removing the host from the setup and adding it again. These are those conditions which cannot be managed by the Puppet itself. It could be done using the following command. $ sudo /opt/puppetlabs/bin/puppet cert clean hostname Viewing All Signed Requests The following command will generate a list of signed certificates with + (sign) which indicates that the request is approved. $ sudo /opt/puppetlabs/bin/puppet cert list –all Following will be its output. + “puppet” (SHA256) 5A:71:E6:06:D8:0F:44:4D:70:F0: BE:51:72:15:97:68:D9:67:16:41:B0:38:9A:F2:B2:6C:B B:33:7E:0F:D4:53 (alt names: “DNS:puppet”, “DNS:Brcle004.nyc3.example.com”) + “Brcle004.brcl.com” (SHA259) F5:DC:68:24:63:E6:F1:9E:C5:FE:F5: 1A:90:93:DF:19:F2:28:8B:D7:BD:D2:6A:83:07:BA:F E:24:11:24:54:6A + ” Brcle004.brcl.com” (SHA259) CB:CB:CA:48:E0:DF:06:6A:7D:75:E6:CB:22:BE:35:5A:9A:B3 Once the above is done, we have our infrastructure ready in which the Puppet master is now capable of managing newly added nodes. Print Page Previous Next Advertisements ”;
Puppet – Type & Provider
Puppet – Type and Provider ”; Previous Next Puppet types are used for individual configuration management. Puppet has different types like a service type, package type, provider type, etc. Wherein each type has providers. The provider handles the configuration on different platforms or tools. For example, the package type has aptitude, yum, rpm, and DGM providers. There are a lot of types and Puppet covers a good spectrum configuration management item that needs to be managed. Puppet uses Ruby as its base language. All Puppet types and providers present are written in Ruby language. As it follows the standard encoding format, one can simply create them as shown in the example for repo which manages repositories. Here, we will create type repo and providers’ svn and git. The first part of the repo type is type itself. The types are usually stored in lib/puppet/type. For this, we will create a file called repo.rb. $ touch repo.rb Add the following content in the file. Puppet::Type.newtype(:repo) do @doc = “Manage repos” Ensurable newparam(:source) do desc “The repo source” validate do |value| if value =~ /^git/ resource[:provider] = :git else resource[:provider] = :svn end end isnamevar end newparam(:path) do desc “Destination path” validate do |value| unless value =~ /^/[a-z0-9]+/ raise ArgumentError , “%s is not a valid file path” % value end end end end In the above script, we have created a block “Puppet::Type.newtype(:repo) do” which creates a new type with the name repo. Then, we have @doc which helps in adding whatever level of details one wants to add. The next statement is Ensurable; it creates a basic ensure property. Puppet type uses ensure property to determine the state of configuration item. Example service { “sshd”: ensure => present, } The ensure statement tells Puppet to except three method: create, destroy, and exist in the provider. These methods provide the following features − A command to create a resource A command to delete a resource A command to check the existence of a resource All we then need to do is specify these methods and their contents. Puppet creates the supporting infrastructure around them. Next, we define a new parameter called source. newparam(:source) do desc “The repo source” validate do |value| if value =~ /^git/ resource[:provider] = :git else resource[:provider] = :svn end end isnamevar end The source will tell the repo type where to retrieve/clone/checkout the source repository. In this, we are also using a hook called validate. In the provider section, we have defined git and svn which check for the validity of the repository we have defined. Finally, in the code we have defined one more parameter called path. newparam(:path) do desc “Destination path” validate do |value| unless value =~ /^/[a-z0-9]+/ raise ArgumentError , “%s is not a valid file path” % value end This is the value type which specifies where to put the new code that is retrieved. Here, again use the validate hook to create a block that checks the value of appropriateness. Subversion Provider Use Case Let’s start with the subversion provider using the above created type. require ”fileutils” Puppet::Type.type(:repo).provide(:svn) do desc “SVN Support” commands :svncmd => “svn” commands :svnadmin => “svnadmin” def create svncmd “checkout”, resource[:name], resource[:path] end def destroy FileUtils.rm_rf resource[:path] end def exists? File.directory? resource[:path] end end In the above code, we have upfront defined that we need fileutils library, require ”fileutils” which we are going to use method from. Next, we have defined the provider as block Puppet::Type.type(:repo).provide(:svn) do which tells Puppet that this is the provider for type called repo. Then, we have added desc which allows to add some documentation to the provider. We have also defined the command that this provider will use. In the next line, we are checking the features of resource like create, delete, and exist. Creating a Resource Once all the above is done, we will create a resource which will be used in our classes and manifest files as shown in the following code. repo { “wp”: source => “http://g01063908.git.brcl.org/trunk/”, path => “/var/www/wp”, ensure => present, } Print Page Previous Next Advertisements ”;
Puppet – Custom Functions
Puppet – Custom Functions ”; Previous Next As described in the previous chapter, function provides the user with a privilege of developing custom functions. Puppet can extend its interpretation power by using custom functions. Custom function helps in increasing and extending the power of Puppet modules and manifest files. Writing Custom Function There are few things which one needs to keep in mind before writing a function. In Puppet, functions are executed by compilers which means all the functions run on Puppet master and they don’t need to deal with any of the Puppet client for the same. Functions can only interact with agents, provided information is in the form of facts. The Puppet master catches custom functions which means that one needs to restart the Puppet master, if one does some changes in Puppet function. Function will be executed on the server which means any file that the function needs should be present on the server, and one can’t do anything if the function requires direct access to the client machine. There are completely two different type of functions available, one is the Rvalue function which returns the value and the statement function which does not return anything. The name of the file containing function should be the same as the name of the function in the file. Otherwise, it will not get loaded automatically. Location to Put Custom Function All the custom functions are implemented as separate .rb files and are distributed among modules. One needs to put custom functions in lib/puppet/parser/function. Functions can be loaded from .rb file from the following locations. $libdir/puppet/parser/functions puppet/parser/functions sub-directories in your Ruby $LOAD_PATH Creating a New Function New functions are created or defined using the newfunction method inside the puppet::parser::Functions module. One needs to pass the function name as a symbol to newfunction method and the code to run as a block. The following example is a function, which is used to write a string to the file inside the /user directory. module Puppet::Parser::Functions newfunction(:write_line_to_file) do |args| filename = args[0] str = args[1] File.open(filename, ”a”) {|fd| fd.puts str } end end Once the user has the function declared, it can be used in the manifest file as shown below. write_line_to_file(”/user/vipin.txt, “Hello vipin!”) Print Page Previous Next Advertisements ”;
Puppet – Overview
Puppet – Overview ”; Previous Next Puppet is a configuration management tool developed by Puppet Labs in order to automate infrastructure management and configuration. Puppet is a very powerful tool which helps in the concept of Infrastructure as code. This tool is written in Ruby DSL language that helps in converting a complete infrastructure in code format, which can be easily managed and configured. Puppet follows the client-server model, where one machine in any cluster acts as the server, known as puppet master and the other acts as a client known as a slave on nodes. Puppet has the capability to manage any system from scratch, starting from initial configuration till the end-of-life of any particular machine. Features of Puppet System Following are the most important features of Puppet. Idempotency Puppet supports Idempotency which makes it unique. Similar to Chef, in Puppet, one can safely run the same set of configuration multiple times on the same machine. In this flow, Puppet checks for the current status of the target machine and will only make changes when there is any specific change in the configuration. Idempotency helps in managing any particular machine throughout its lifecycle starting from the creation of machine, configurational changes in the machine, till the end-of-life. Puppet Idempotency feature is very helpful in keeping the machine updated for years rather than rebuilding the same machine multiple times, when there is any configurational change. Cross-platform In Puppet, with the help of Resource Abstraction Layer (RAL) which uses Puppet resources, one can target the specified configuration of system without worrying about the implementation details and how the configuration command will work inside the system, which are defined in the underlying configuration file. Puppet − Workflow Puppet uses the following workflow to apply configuration on the system. In Puppet, the first thing what the Puppet master does is to collect the details of the target machine. Using the factor which is present on all Puppet nodes (similar to Ohai in Chef) it gets all the machine level configuration details. These details are collected and sent back to the Puppet master. Then the puppet master compares the retrieved configuration with defined configuration details, and with the defined configuration it creates a catalog and sends it to the targeted Puppet agents. The Puppet agent then applies those configurations to get the system into a desired state. Finally, once one has the target node in a desired state, it sends a report back to the Puppet master, which helps the Puppet master in understanding where the current state of the system is, as defined in the catalog. Puppet − Key Components Following are the key components of Puppet. Puppet Resources Puppet resources are the key components for modeling any particular machine. These resources have their own implementation model. Puppet uses the same model to get any particular resource in the desired state. Providers Providers are basically fulfillers of any particular resource used in Puppet. For example, the package type ‘apt-get’ and ‘yum’ both are valid for package management. Sometimes, more than one provider would be available on a particular platform. Though each platform always have a default provider. Manifest Manifest is a collection of resources which are coupled inside the function or classes to configure any target system. They contain a set of Ruby code in order to configure a system. Modules Module is the key building block of Puppet, which can be defined as a collection of resources, files, templates, etc. They can be easily distributed among different kinds of OS being defined that they are of the same flavor. As they can be easily distributed, one module can be used multiple times with the same configuration. Templates Templates use Ruby expressions to define the customized content and variable input. They are used to develop custom content. Templates are defined in manifests and are copied to a location on the system. For example, if one wants to define httpd with a customizable port, then it can be done using the following expression. Listen <% = @httpd_port %> The httpd_port variable in this case is defined in the manifest that references this template. Static Files Static files can be defined as a general file which are sometimes required to perform specific tasks. They can be simply copied from one location to another using Puppet. All static files are located inside the files directory of any module. Any manipulation of the file in a manifest is done using the file resource. Print Page Previous Next Advertisements ”;
Puppet – File Server
Puppet – File Server ”; Previous Next Puppet follows the concept of client and server where one machine in a setup works as the server machine with Puppet server software running on it and the remaining works as the client with Puppet agent software running on it. This feature of the file server helps in copying the files around multiple machines. This feature of file serving function in Puppet comes as a part of central Puppet daemon. Puppetmasterd and the client function plays a key role in sourcing file attributes as the file object. class { ”java”: package => ”jdk-8u25-linux-x64”, java_alternative => ”jdk1.8.0_25”, java_alternative_path => ”/usr/java/jdk1.8.0_25/jre/bin/java” } As in the above code snippet, Puppet’s file serving functions abstracts the local filesystem topology by supporting the file service module. We will specify the file serving module in the following manner. “puppet://server/modules/module_name/sudoers” File Format In Puppet directory structure, by default the file server configuration is located under /etc/puppet/fileserver.config directory, if the user wishes to change this default configuration file path, it can be done using the new config flag to puppetmasterd. The configuration file resembles INI files but is not exactly the same. [module] path /path/to/files allow *.domain.com deny *.wireless.domain.com As shown in the above code snippet, all the three options are represented in the configuration file. The module name somewhat goes in the brackets. The path is the only required option. Default security option is to deny all the access, so if no allow lines are specified, the module which will be configured will be available to anyone. The path can contain any or all of the %d, %h and %H which are dynamically replaced by its domain name, its host name, and fully qualified host name. All are taken from the client’s SSL certificate (so be careful if one has a mismatch in hostname and certificate name). This is useful is creating modules where the files of each client are kept completely separately. Example, for private host keys. [private] path /data/private/%h allow * In the above code snippet, the code is trying to search for file /private/file.txt from the client client1.vipin.com. It will look for it in /data/private/client1/file.txt, while the same request for client2.vipin.com will try to retrieve the file /data/private/client2/file.txt on the file server. Security Puppet supports the two basic concepts of securing file on the Puppet file server. This is achieved by allowing access to specific files and denying access to the ones which are not required. By default, Puppet does not allow access to any of the files. It needs to be defined explicitly. The format which can be used in the files to allow or deny access is by using IP address, name, or global allow. If the client is not connected to the Puppet file server directly, for example using a reverse proxy and Mongrel, then the file server will see all the connections as coming from the proxy server and not the Puppet client. In the above cases, restricting the host name on the base of hostname is the best practice. One key point to be noted while defining the file structure is, all the deny statements are parsed before the allow statement. Hence, if any deny statement matches a host, then that host will be denied and if no allow statement is written in the upcoming files, then the host will be denied. This feature helps in setting priority of any particular site. Host Name In any file server configuration, file hostname can be specified in two ways either by using a complete hostname or specifying an entire domain name using the * wildcard as shown in the following example. [export] path /usr allow brcleprod001.brcl.com allow *.brcl.com deny brcleprod002.brcl.com IP Address In any file server configuration, the file address can be specified as similar to the host names, using either complete IP address or wildcard address. One can also use CIDR system notation. [export] path /usr allow 127.0.0.1 allow 172.223.30.* allow 172.223.30.0/24 Global Allow Global allow is used when the user wants that everyone can access a particular module. To do this, a single wildcard helps in letting everyone access the module. [export] path /export allow * Print Page Previous Next Advertisements ”;
Puppet – Environment Conf
Puppet – Environment Conf ”; Previous Next In Puppet, all environments have the environment.conf file. This file can override several default settings whenever the master is serving any of the nodes or all the nodes assigned to that particular environment. Location In Puppet, for all the environments which are defined, environment.conf file is located at the top level of its home environment, very next to the manifest and modules directors. Considering an example, if your environment is in default directories (Vipin/testing/environment), then test environment’s config file is located at Vipin/testing/environments/test/environment.conf. Example # /etc/testingdir/code/environments/test/environment.conf # Puppet Enterprise requires $basemodulepath; see note below under modulepath”. modulepath = site:dist:modules:$basemodulepath # Use our custom script to get a git commit for the current state of the code: config_version = get_environment_commit.sh Format All the configuration files in Puppet uses the same INI-like format in the same way. environment.conf file follow the same INI-like format as others do like puppet.conf file. The only difference between environment.conf and puppet.conf is environment.conf file cannot contain the [main] section. All settings in the environment.conf file must be outside any config section. Relative Path in Values Most of the allowed settings accept file path or list of path as the value. If any of the paths are relevant path, they start without a leading slash or drive letter – they will be mostly resolved relative to that environment’s main directory. Interpolation in Values Environment.conf settings file is capable of using values of other settings as variable. There are multiple useful variables which could be interpolated into the environment.conf file. Here is a list of few important variables − $basemodulepath − Useful for including directories in the module path settings. Puppet enterprise user should usually include this value of modulepath since the Puppet engine uses module in the basemodulepath. $environment − Useful as a command line argument to your config_version script. You can interpolate this variable only in the config_version setting. $codedir − Useful for locating files. Allowed Settings By default, Puppet environment.conf file is only allowed to override four settings in the configuration as listed. Modulepath Manifest Config_version Environment_timeout Modulepath This is one of the key settings in environment.conf file. All the directors defined in modulepath are by default loaded by Puppet. This is the path location from where Puppet loads its modules. One needs to explicitly set this up. If this above setting is not set, the default modulepath of any environment in Puppet will be − <MODULES DIRECTORY FROM ENVIRONMENT>:$basemodulepath Manifest This is used to define the main manifest file, which Puppet master will use while booting up and compiling the catalog out of the defined manifest which is going to be used to configure the environment. In this, we can define a single file, a list of files, or even a directory consisting of multiple manifest files which needs to be evaluated and compiled in a defined alphabetical sequence. One needs to explicitly define this setting in the environment.conf file. If not, then Puppet will use environments default manifest directory as its main manifest. Config_version Config_version can be defined as a definite version used to identify catalogs and events. When Puppet compiles any manifest file by default, it adds a config version to the generated catalogs as well as to the reports which gets generated when the Puppet master applies any defined catalog on Puppet nodes. Puppet runs a script to perform all the above steps and uses all the generated output as Config_version. Environment Timeout It is used to get the details about the amount of time which Puppet should use to load data for a given environment. If the value is defined in puppet.conf file, then these values will override the default timeout value. Sample environment.conf File [master] manifest = $confdir/environments/$environment/manifests/site.pp modulepath = $confdir/environments/$environment/modules In the above code $confdir is the path of the directory, where environment configuration files are located. $environment is the name of the environment for which the configuration is being done. Production Ready environment config File # The environment configuration file # The main manifest directory or file where Puppet starts to evaluate code # This is the default value. Works with just a site.pp file or any other manifest = manifests/ # The directories added to the module path, looked in first match first used order: # modules – Directory for external modules, populated by r10k based on Puppetfile # $basemodulepath – As from: puppet config print basemodulepath modulepath = site:modules:$basemodulepath # Set the cache timeout for this environment. # This overrides what is set directly in puppet.conf for the whole Puppet server # environment_timeout = unlimited # With caching you need to flush the cache whenever new Puppet code is deployed # This can also be done manually running: bin/puppet_flush_environment_cache.sh # To disable catalog caching: environment_timeout = 0 # Here we pass to one in the control repo the Puppet environment (and git branch) # to get title and essential info of the last git commit config_version = ”bin/config_script.sh $environment” Print Page Previous Next Advertisements ”;