Professional Documents
Culture Documents
Afroz Hussain
Agenda
1. Puppet Overview
What is Puppet
How puppet works?
Puppet Architecture
3. Puppet Master
Puppet configuration tree
Puppet configuration files
What is Puppet ?
Once you install Puppet, every node (physical server, device or virtual machine) in
your infrastructure has a Puppet agent installed on it. You'll also have a server
designated as the Puppet master.
Enforcement takes place during regular Puppet runs, which follow these steps:
Fact collection. The Puppet agent on each node sends facts about the node's
configuration detailing the hardware, operating system, package versions and other
information to the Puppet master.
Catalog compilation. The Puppet master uses facts provided by the agents to compile
detailed data about how each node should be configured called the catalog and
sends it back to the Puppet agent.
Enforcement. The agent makes any needed changes to enforce the node's desired state.
Report. Each Puppet agent sends a report back to the Puppet master, indicating any
changes that have been made to its node's configuration.
Report sharing. Puppet's open API can send data to third-party tools, so you can share
infrastructure information with other teams.
Puppet Overview
Puppet Architecture
Puppet Overview
Puppet Architecture
Configuration Language:
Puppets configuration language has always been focused on the best combination of simplicity and power, and my
goal was always to have it be more like a configuration file than a programming language, wrote Luke Kanies, founder
and CEO of Puppet Lab.
It supports DSL (domain specific language).
Transaction
Once the catalog is entirely constructed, it is passed on to the Transaction
Transaction runs on the client, which pulls the Catalog down via HTTP
The transaction performs a relatively straightforward task: walk the graph
the order specified by the various relationships, and make sure each resource is in sync.
Resource Abstraction Layer
the work is actually done by the Resource Abstraction Layer (RAL),
The RAL was the first component created in Puppet, it most clearly
defines what the user can do.
The job of the RAL is to define what it means to be a resource and how
resources can get work done on the system
Installation and Configuration
Installation
Step 1: Enable the Puppet Labs Package Repository
$ sudo rpm -ivh http://yum.puppetlabs.com/el/6.4/products/x86_64/puppetlabs-release-6-7.noarch.rpm
After installing the repos, open your /etc/yum.repos.d/puppetlabs.repo file for editing. Locate the
[puppetlabs-devel] stanza, and change the value of the enabled key from 0 to 1:
Skeleton
Ressource-name { title : attribute = value }
Puppet language basics
Resources
File
Manage files
Content
Permissions
Ownership
Source attribute
Copy a file from the Puppetmaster to the node
puppet:/// followed by the relative source of the file
placed in /etc/puppet/modules/module-name/files/
Puppet language basics
Resources
Package
Manage packages
Wide provider support
APT
Aptitude
YUM
And more..
Based on
the truth value of a variable
the value of an expression
The truth of an arithmetic expression
Puppet language advanced
Templates
Personalized text files
Permit to have personalized configuration per node
Use ERB language
Retrieve and use facts
Use file resource
ERB file placed in module template directory
Puppet language advanced
Resources relationship
Relationship meta-parameters
Before
Resource is applied before the target resource
require
Resource is applied after the target resource
notify
Like before + The target resource will refresh if the notifying resource changes
subscribe
Like require + The subscribing resource will refresh if thetarget resource changes.
Puppet language advanced
Resources relationship
Ordering relationship
Refreshing
Kind of trigger
Restart a service after a file update
~>
Modules
ssh
class sshd {
package { 'openssh-server':
ensure => latest
}
service { 'ssh':
subscribe => File[sshdconfig],
require => Package['openssh-server'],
}
file { 'sshdconfig':
name => '/etc/ssh/sshd_config',
owner => root,
group => root,
mode => 644,
source => 'puppet:///sshd/sshd_config',
require => Package['openssh-server'],
}
}
Modules
ssh using templates
class sshd {
port = "22",
keyregenerationinterval = "3600",
syslogfacility = "AUTHPRIV",
loglevel = "info",
package { 'openssh-server':
ensure => latest
}
service { 'ssh':
subscribe => File[sshdconfig],
require => Package['openssh-server'],
}
file { 'sshdconfig':
name => '/etc/ssh/sshd_config',
owner => root,
group => root,
mode => 644,
content => template("sshd/sshd_config.erb"),
require => Package['openssh-server'],
}
}
Modules
template for ssh
sshd_config.erb
Port <%= port %>
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
UsePrivilegeSeparation yes
KeyRegenerationInterval <%= keyregenerationinterval %>
ServerKeyBits 768
SyslogFacility <%= syslogfacility %>
LogLevel <%= loglevel %>
Module
Class ntp {
NTP
$ntp1=1.2.3.4
package { "ntp":
ensure => latest,
}
file { '/etc/ntp.conf':
owner => root,
group => root,
mode => 644,
content => template("ntp/ntp.conf.erb"),
require => Package["ntp"],
}
service { "ntpd":
name => $operatingsystem ? {
/OracleLinux|RedHat|OEL|CentOS/ => "ntpd",
"SLES" => "ntp
},
enable => true,
ensure => $ntpd,
require => Package["ntp"],
subscribe => File["/etc/ntp.conf"],
Modules:
template for NTP
ntp.conf.erb
server <%= ntp1 %>
<% if ntp2 != nil %>
server <%= ntp2 %>
<% end %>