2. +
What is a puppet module?
“Modules are self-contained bundles of code and data” –
puppetlabs.com
Similar idea to an rpm, gem or war/ear file.
They have a defined structure that organizes code,
configuration and data.
3. +
What can a module do?
A typical module will do the following basic tasks
Install a package
Manage the configuration of that package
Manage the service responsible for starting/stopping the installed
package.
Anything else?
Yes, since ruby is the underlying language puppet can do just about
anything you can program ruby to do.
5. +
Package File Service Pattern
PuppetLabs recommends following the Package File Service pattern.
# /etc/puppet/modules/mymodule/manifests/init.pp
class mymodule {
package { ‘my-package’:
ensure => ‘installed’,
}
file {‘my-file’:
source => “puppet:///modules/mymodule/myfile”,
require => Package[‘my-package’],
}
service { ‘my-service’:
ensure => ‘running’,
enable => true,
subscribe => File[‘my-file’]
}
}
6. +
A real world module
Installing open-ssh
# /etc/puppet/modules/ssh/manifests/init.pp
class ssh{
package { ‘ssh-server’:
ensure => ‘installed’,
}
file {‘/etc/ssh/sshd_config’:
source => “puppet:///modules/ssh/sshd_config”,
require => Package[‘ssh-server’],
}
service { ‘ssh’:
ensure => ‘running’,
enable => true,
subscribe => File[‘/etc/ssh/sshd_config’]
}
}
7. +
Example sshd_config file
# /etc/puppet/modules/ssh/files/sshd_config
Port 22
Protocol 2
#Logging
SyslogFacility Local0
LogLevel Error
#Authentication
LoginGraceTime 120
PermitRootLogin no
StrictModes yes
#...
8. +
Module Portability
All the sshd_config values are hardcoded in the
modules/ssh/files/sshd_config file.
What if we want to change the port that ssh is running on from
22 to 8022?
We should have to change the module in order to change
configuration items
9. +
Introducting Templates
A template allows you to create the base configuration file and
populate the variable parts automatically.
No different than other templating languages like velocity or
freemarker.
Increases portability of the module and can allow configuration
on a node by node basis
11. +
Updated SSH Module
# /etc/puppet/modules/ssh/manifests/init.pp
class ssh (
$ssh_port = 22,
$ssh_loglevel = ‘INFO’,
$ssh_permitrootlogin = ‘no’,
) {
# … package definition here
file {‘/etc/ssh/sshd_config’:
content=> template(“ssh/sshd_config.erb”,
require => Package[‘ssh-server’],
}
# … service definition here
}
12. +
Using the new class
# /etc/puppet/manifests/node.pp
Node ’mynode.mydomain.com' inherits 'default_uc' {
class {'ssh':
ssh_permitrootlogin => 'yes’,
}
}