Anatomy of a Reuseable Module

Anatomy of a
Reusable Module
Alessandro Franceschi
github.com/example42
PuppetConf 2013
Saturday, August 24, 13

patient
please

use
Puppet
today?
Include classes
Set Params
Variables
Deﬁne
Business
Integration Logic
Provide
Conﬁguration Files
Manage
Resources

How do we use Puppet today
Include classes
manifests/
site.pp
Set Parameters / Variables
Integration logic
Resources
ENC HIERA
SITE
MODULES
SHARED
MODULES
BAD
EDGE
Conﬁguration ﬁles
manifests/
site.pp
ENC HIERA
manifests/
site.pp
BAD?
BAD?
BAD
SITE
MODULES
SITE
MODULES
SHARED
MODULES
SITE
MODULES
SHARED
MODULES
manifests/
site.pp
BAD?
ENC
BAD?

about
CHOICE
Operating Systems
Infrastructures
Scales
Node classiﬁers
Installation methods
Alternative setups

a
reusable
module
Harder Longer
Development
Complexity
Verbosity
Not Optimized for
performance

THE PARAMETERS
DILEMMA
Managed resources attributes
Application specific config options
Application logic and behaviour
Integration with other modules

Parameters: Resources attributes
Enough:
$package = $redis::params::package,
$service = $redis::params::service,
$service_ensure = 'running',
$service_enable = true,
$file = $redis::params::file,
$file_notify = Service['redis'],
$file_source = undef,
$file_content = undef,
Too much?
$package_provider = undef,
$file_owner = $redis::params::file_owner,
$file_group = $redis::params::file_group,
$file_mode = $redis::params::file_mode,
$file_replace = $redis::params::file_replace,
Beneﬁts from: A standard naming convention

Parameters: Application options
Enough:
$puppet_server = “puppet.${::domain}”,
$syslog_server = “syslog.${::domain}”,
$munin_server = “munin.${::domain}”,
$dns_servers = [ '8.8.8.8' , '8.8.4.4' ],
Too much!
$anonymous_enable = true,
$anon_mkdir_write_enable = true,
$anon_upload_enable = false,
$chroot_list_enable = true,
$chroot_list_file = '/etc/vsftpd/chroot_list',
$resourcefile = $nagios::params::resourcefile,
$statusfile = $nagios::params::statusfile,
$commandfile = $nagios::params::commandfile,
$resultpath = $nagios::params::resultpath,
$retentionfile = $nagios::params::retentionfile,
$p1file = $nagios::params::p1file,
Beneﬁts from: Template + Options Hash pattern

Parameters: Application logic
Examples:
$install_client = true,
$install_stomp_server = true,
$install_plugins = true,
$use_ssl = false,
$munin_autoconfigure = true,
$service_autorestart = true,
$manage_package_repo = true,
$run_initdb = undef,
Beneﬁts from: A standard naming convention

Parameters: Modules Integrations
Examples:
$mongo_db_host = $graylog2::params::mongo_db_host,
$mongo_db_port = $graylog2::params::mongo_db_port,
$mongo_db_name = $graylog2::params::mongo_db_name,
$mongo_user = $graylog2::params::mongo_user,
$mongo_password = $graylog2::params::mongo_password,
$elasticsearch_template = $graylog2::params::elasticsearch_template,
$elasticsearch_path = $graylog2::params::elasticsearch_path,
$database = $puppetdb::params::database,
$manage_redhat_firewall = $puppetdb::params::manage_redhat_firewall,
$db_type = 'mysql',
Beneﬁts from: Shared Stacks

PATTERNS
REUSABILITY

files
Let user decide how
to manage
conﬁguration ﬁles.
Alternatives:
source
content
concat
augeas
custom types

Managing files: source content
redis/manifests/init.pp
class redis (
$file = $redis::params::file,
$file_template = undef,
) {
[...]
$managed_file_content = $file_content ? {
undef = $file_template ? {
undef = undef,
default = template($file_template),
},
default = $file_content,
}
[...]
if $redis::file {
file { 'redis.conf':
path = $redis::file,
source = $redis::file_source,
content = $redis::managed_file_content,
}
}
}
Provide the Puppet path of an erb template
class { ‘redis’:
file_template = ‘site/redis/
redis.conf.erb’,
}
Provide directly the content attribute
file_content = “template(‘site/redis/
redis.conf.erb’)”,
}
Provide a fileserver source path
file_source = ‘puppet:///modules/site/
redis/redis.conf’,
}
Manage the configuration file with other methods
(augeas, concat...)
class { ‘redis’: }

Add parameters
to main class
Use a generic
conf deﬁne
Manage the whole
conﬁguration dir

Multiple files: Add parameters
elasticsearch/manifests/init.pp
class elasticsearch (
$file = $elasticsearch::params::file,
[...]
$init_script_file = '/etc/init.d/elasticsearch',
$init_script_file_template = 'elasticsearch/init.erb',
$init_options_file = $elasticsearch::params::init_options_file,
$init_options_file_template = 'elasticsearch/init_options.erb',
Provide custom templates for the main ﬁle and the init script
class { ‘elasticsearch’:
file_template = ‘site/elasticsearch/elasticsearch.yml.erb’,
init_script_file_template = ‘site/elasticsearch/elasticsearch.init.erb’,
}

Multiple files: Generic conf define
nova/manifests/conf.pp
define nova::conf (
$source = undef,
$template = undef,
$content = undef,
$path = undef,
[...]
$options_hash = undef,
$ensure = present ) {
include nova
$managed_path = $path ? {
undef = ${nova::config_dir}/${name},
default = $path,
}
[...]
file { nova_conf_${name}:
ensure = $ensure,
source = $source,
content = $managed_content,
path = $managed_path,
mode = $managed_mode,
owner = $managed_owner,
group = $managed_group,
require = $managed_require,
notify = $managed_notify,
replace = $managed_replace,
}
}
Provide a custom template for an alternative config file in config_dir
nova::conf { ‘rootwrap.conf’:
template = ‘site/nova/rootwrap.conf.erb’,
}

Multiple files: Whole config dir
redis/manifests/init.pp
class redis (
$dir = $redis::params::dir,
$dir_source = undef,
$dir_purge = false,
$dir_recurse = true,
) {
[...]
$dir_ensure = $ensure ? {
'absent' = 'absent',
'present' = 'directory',
}
if $redis::dir_source {
file { 'redis.dir':
ensure = $redis::dir_ensure,
path = $redis::dir,
source = $redis::dir_source,
recurse = $redis::dir_recurse,
purge = $redis::dir_purge,
force = $redis::dir_purge,
notify = $redis::file_notify,
require = $redis::file_require,
}
}
}
Provide a custom source for the whole config_dir
dir_source = ‘puppet:///modules/site/redis/conf/’,
}
Provide a custom source for the whole config_dir and purge any
not managed config file
dir_source = ‘puppet:///modules/site/redis/conf/’,
dir_purge = true,
}

Users
Everyone has his
own users...
Leave options to
decide
if, how and where to
manage the ones
the module requires.

Managing Users
class elasticsearch {
$ensure = 'present',
[...]
$user = 'elasticsearch',
$user_uid = undef,
$user_gid = undef,
$user_groups = undef,
$user_class = 'elasticsearch::user',
[...]
if $elasticsearch::user_class {
require $elasticsearch::user_class
}
elasticsearch/manifests/user.pp
class elasticsearch::user {
@user { $elasticsearch::user :
ensure = $elasticsearch::ensure,
comment = ${elasticsearch::user} user,
password = '!',
managehome = false,
uid = $elasticsearch::user_uid,
gid = $elasticsearch::user_gid,
groups = $elasticsearch::user_groups,
shell = '/bin/bash',
}
User | title == $elasticsearch::user |
}
Do not create the requested user
user_class = undef,
}
Provide the user in a different custom class
user_class = 'site::users',
}
Run elasticsearch with a different user
user = 'apache',
}

resources
Options to specify
custom classes
Options to pass
an hash to
create_resources

Extra Resources: Custom classes
$dependency_class = 'elasticsearch::dependency',
$monitor_class = 'elasticsearch::monitor',
$firewall_class = 'elasticsearch::firewall',
$my_class = undef,
) {
[...]
if $elasticsearch::dependency_class {
include $elasticsearch::dependency_class
}
if $elasticsearch::monitor and $elasticsearch::monitor_class {
include $elasticsearch::monitor_class
}
if $elasticsearch::firewall and $elasticsearch::firewall_class {
include $elasticsearch::firewall_class
}
if $elasticsearch::my_class {
include $elasticsearch::my_class
}[...]
Provide the modules dependencies with a custom class
dependency_class = 'site::dep_elasticsearch',
}

Extra Resources: Resources Hash
$create_resource = undef,
$resources_hash = undef,
) {
[...]
if $create_resource {
create_resources( $create_resource , $resources_hash )
}
Alternative: A single hash that includes resources and
resources_hash
Provide the modules dependencies with a custom class
create_resource = 'file',
resources_hash = {
path = '/etc/elasticsearch/my_file',
content = template('site/elasticsearch/my_file.erb),
mode = '0600',
},
}

Managing
Packages
and
Services
Names change
Custom packages
are common
Leave choice,
optionally

Managing packages
openssh/manifests/init.pp
class openssh (
$ensure = 'present',
$version = undef,
$package = $openssh::params::package,
[...]
) {
if $version and $ensure == 'present' {
$managed_package_ensure = $version
} else {
$managed_package_ensure = $ensure
}
if $openssh::package {
package { $openssh::package:
ensure = $openssh::managed_package_ensure,
}
}
openssh/manifests/params.pp
class openssh::params {
$package = $::osfamily ? {
Suse = 'openssh',
OpenBSD = '',
default = 'openssh-server',
}
Install a custom company-openssh package
class { ‘openssh’:
package = 'company-openssh',
}

Managing services
class openssh (
$service = $openssh::params::service,
$service_ensure = 'running',
$service_enable = true,
[...]
) {
if $ensure == 'absent' {
$managed_service_enable = undef
$managed_service_ensure = stopped
} else {
$managed_service_enable = $service_enable
$managed_service_ensure = $service_ensure
}
if $openssh::service {
service { $openssh::service:
ensure = $openssh::managed_service_ensure,
enable = $openssh::managed_service_enable,
}
}
openssh/manifests/params.pp
class openssh::params {
$service = $::osfamily ? {
Debian = 'ssh',
default = 'sshd',
}
[...]
Manage a custom company-openssh service
class { ‘openssh’:
service = 'company-openssh',
}

options
Let users decide:
OS Packages
Upstream tarballs
Provider

Installation options
$package_provider = undef,
$install = 'package',
$install_base_url = $elasticsearch::params::install_base_url,
$install_source = undef,
$install_destination = '/opt',
) {
[...]
$managed_file = $elasticsearch::install ? {
package = $elasticsearch::file,
default = ${elasticsearch::home_dir}/config/elasticsearch.yml,
}
[...]
case $elasticsearch::install {
package: {
package { $elasticsearch::package:
ensure = $elasticsearch::managed_package_ensure,
provider = $elasticsearch::package_provider,
}
}
upstream: {
puppi::netinstall { 'netinstall_elasticsearch':
url = $elasticsearch::managed_install_source,
destination_dir = $elasticsearch::install_destination,
owner = $elasticsearch::user,
group = $elasticsearch::user,
}
[...]
Install elasticsearch from upstream source
install = 'upstream',
install_source = 'https://download.elasticsearch.org/
elasticsearch/elasticsearch/elasticsearch-0.90.3.zip',
}

hashes
Managing specific
application configs
parameters may get
out of control
A single config hash
to show them all
A custom template
to use them
Application specific configs
THE PARAMETERS
DILEMMA

Options Hash: Setup
class openssh (
[...]
$options_hash = undef,
site/templates/openssh/sshd_conﬁg.erb
# File Managed by Puppet
[...]
Port %= scope.function_options_lookup(['Port','22']) %
PermitRootLogin %= scope.function_options_lookup(['PermitRootLogin','yes']) %
UsePAM %= scope.function_options_lookup(['UsePAM','yes']) %
[...]
* Function options_lookup currently in Example42's Puppi module
Alternative site/templates/openssh/sshd_conﬁg.erb
Port %= scope.lookupvar('openssh::options_hash')['Port'] ||='22' %
PermitRootLogin %= scope.lookupvar('openssh::options_hash')['PermitRootLogin'] ||='yes' %
UsePAM %= scope.lookupvar('openssh::options_hash')['UsePAM'] ||='yes' %
[...]

Options Hash: Usage
Usage (with Hiera):
include openssh
/etc/puppet/hieradata/global.yml:
---
openssh::file_template: 'site/openssh/sshd_config.erb'
openssh::file_options_hash:
Port: '22222'
PermitRootLogin: 'no'
Usage (with parametrized class):
class { 'openssh':
file_template = 'site/openssh/sshd_config.erb'
file_options_hash = {
Port = '22222',
PermitRootLogin = 'no',
}

STANDARDS
NAMING
Managed resources attributes
THE PARAMETERS
DILEMMA

Anatomy of a Reuseable Module

Recommended

Recommended

More Related Content

More from Puppet

More from Puppet (20)

Recently uploaded

Recently uploaded (20)

Anatomy of a Reuseable Module