Your SlideShare is downloading. ×
0
Puppet barcampexercises.jzt
Puppet barcampexercises.jzt
Puppet barcampexercises.jzt
Puppet barcampexercises.jzt
Puppet barcampexercises.jzt
Puppet barcampexercises.jzt
Puppet barcampexercises.jzt
Puppet barcampexercises.jzt
Puppet barcampexercises.jzt
Puppet barcampexercises.jzt
Puppet barcampexercises.jzt
Puppet barcampexercises.jzt
Puppet barcampexercises.jzt
Puppet barcampexercises.jzt
Puppet barcampexercises.jzt
Puppet barcampexercises.jzt
Puppet barcampexercises.jzt
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Puppet barcampexercises.jzt

1,857

Published on

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,857
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Instructs to participants to test--> puppet -dsite.pp--> optional -l $LOG + other window with tail of log--> puppet --noop -dsite.pp --> pgrep -lf puppetd (default incremen is 30 min)--> pgrep -lf puppetmasterd
  • 1) puppet --noopsudoers.pp2) puppet -dsudoers.pp* This faulty centos mode corrected by next exercise – this config actually changes file to faulty settings on purpose
  • 1) demonstrate conditionals per OS <"puppet -d --noop sudoers2.pp"> 2) service, operations on resource <"puppet -d sudoers2.pp">
  • <run site.pp to have something to change again>  (c) 1) class w/ file & service resources 2) inheritance <run once in non-func. mode> - to demo that nothing gets executed without resource instantiation, etc.
  • 3)idefault & bastionhost node instance 4) bastionhost node instance <run once in non-func. mode> - to demo what it meands for node to belong to a certain class 5) cat /var/lib/puppet/classes.txt (loaded by puppetd)
  • 6)facter | egrep -i 'fqdn|hostname' 7) specific node 'hostname' <run once in non-func. mode> <run once in func. mode>Done
  • !
  • Transcript

    • 1. First Moves with Puppet
      New Delhi Puppet HackDay/
      BarCamp March 13, 2010
      Presented by
      Slideshare Operations Engineering/Julie Tsai
    • 2. Today
      Quick Primer
      Useful Commands
      PuppetingSudoers I — Permissions
      PuppetingSudoers II — OS Conditions
      PuppetingSudoers III — Inheriting Class
      Facter
      References
      2
    • 3. Quick Primer: How It Flows
      Ref. http://www.linuxforu.com/wp-content/uploads/2009/06/puppet_diagram.png
      3
    • 4. Quick Primer: Learning the Lingo
      Resource – instance of native type, plugin, or definition, i.e. user, exec, file
      Capitalized resource: invoked by other resources of previously defined resource, i.e. file foo.txt laver invoked as File[“foo.txt”]
      Class - resource(s) description with title, file, attributes
      Definition – abstract description of class, can be invoked multiple times
      Node – host instance (physical or virtual)
      Collection – groups of resources
      Recipe – sample puppet code (manifests/*.pp)
      4
    • 5. Quick Primer: Data Parameters
      Variables – substitution values
      Arrays – grouped list of values
      Attributes – statement(s) describing resources
      Literals – string values that needn’t be interpolated
      5
    • 6. Quick Primer: Variable Scoping
      Overridable variable defaults defined only in outer scope of resource instances
      Declarative language: Within the same-level scope, variables can only be defined once
      Qualified variables are a method of passing parameters from a class
      class mothership {
      $server = “juno”
      }
      class satellite {
      $ms = $mothership::server
      }
      6
    • 7. Quick Primer: Where Things Are
      Note: below assumes default install in /etc
      /etc/puppet/fileserver.conf(used by puppermasterd)
      path /var/lib/puppet/files
      allow 10.100.0.0/24
      /etc/puppet/puppet.conf(used by clients’ puppetd)
      vardir = /var/lib/puppet
      logdir = /var/log/puppet
      classfile = $vardir/classes.txt
      /etc/puppet/manifests/[../..]/*.pp (architecture varies)
      7
    • 8. Quick Primer: A Client Directory Tree
      puppetclient01:/var/lib/puppet
      |-> classes.txt– node’s class membership
      |-> cientbucket– hashed config artifacts
      |-> lib
      |-> localconfig.yaml
      |-> ssl– authentication certs
      |-> state – checksums, entropy-tracking
      8
    • 9. Quick Primer: Master Directory Tree
      puppetmasterd:/var/lib/puppet
      |-> bucket
      |-> classes.txt
      |-> clientbucket
      |-> client_yaml
      |-> lib
      |-> localconfig.yaml
      |-> reports
      |-> rrd
      |-> ssl
      |-> state
      |-> yaml
      9
    • 10. Useful Commands to Get Started
      puppet <puppetscript.pp> - run standalone script
      -l /path/to/file.log– logpath
      -d– debug
      --noop– dry-run
      puppetd– daemon on client that schedules retrieval of configs from puppetmaster and applies locally
      -d– debug
      --test – verbose logging
      --noop– dry-run
      -l /path/to/log – log path
      facter– find out local node’s values for reserved classes
      10
    • 11. PuppetingSudoers I — Permissions
      Configure /etc/puppet/manifests/sudoers.pp :
      file { "/etc/sudoers":
      owner => root,
      group => wheel,
      mode => 400,
      }
      11
      And run:
      [puppet@puppet manifests]# puppet –noop –d /etc/puppet/manifests/sudoers.pp
    • 12. PuppetingSudoers II — Operating Conditions
      Now, correct with /etc/puppet/manifests/sudoers2.pp
      file { "/etc/sudoers”:
      mode => $operatingsystem ? {
      centos => "440",
      gentoo => "440",
      suse => "640",
      default => ”400",
      },
      owner => root,
      group => root,
      }
      12
    • 13. PuppetingSudoers III — Inheriting Class
      /etc/puppet/manifests/sudoers3.pp
      class unix {
      file { "/etc/sudoers":
      owner => root,
      group => root,
      }
      service {
      "sshd":
      ensure => running,
      }
      }
      class centos_mycompany inherits unix {
      File["/etc/sudoers"] { mode => 440 }
      }
      13
    • 14. PuppetingSudoers III — Inheriting Class (cont.)
      /etc/puppet/manifests/sudoers3.pp
      node default {
      include unix
      }
      node bastionhost {
      include centos_mycompany
      }
      14
      And run:
      [puppet@puppet manifests]# puppet –d –noop sudoers3.pp
      [puppet@puppet manifests]# cat /var/lib/puppet/classes.txt
    • 15. PuppetingSudoers III — Inheriting Class (cont. 2)
      Use Facter to defindnodename:
      [puppet@puppet manifests]# facter | egrep -i 'fqdn|hostname’
      15
      /etc/puppet/manifests/sudoers3.pp
      node'puppet.us-west-1.compute.internal' {
      include centos_mycompany
      }
    • 16. Facts about Facter
      Facter is a Puppet utility that discovers relevant “facts” that puppet can use to dynamically populate puppet manifest variables
      Executing command-line Facter can show you the reserved variables like FQDN, hostname, kernel, architecture, sshdsakey, etc.
      16
    • 17. References
      Reductive Labs Puppet Guideshttp://docs.reductivelabs.com/guides/
      Glossary of Terms http://reductivelabs.com/trac/puppet/wiki/GlossaryOfTerms
      Resource Attributeshttp://reductivelabs.com/trac/puppet/wiki/TypeReference#metaparameters
      Nice vimrc for Puppethttp://www.davidpashley.com/blog/systems-administration/puppet/vim-highlighting.html
      Classic LISA ‘98 paper on best-practice infrastructures http://www.infrastructures.org/papers/bootstrap/bootstrap.html
      17

    ×