A brief introduction to writing puppet modules using the venerable open-ssh server as an example.

1. +
Puppet Modules 101
A brief introduction to writing puppet modules

2. +
What is a puppet module?
 “Modules are self-contained bundles of code and data” –
puppetlabs.com
 Similar idea to an rpm, gem or war/ear file.
 They have a defined structure that organizes code,
configuration and data.

3. +
What can a module do?
 A typical module will do the following basic tasks
 Install a package
 Manage the configuration of that package
 Manage the service responsible for starting/stopping the installed
package.
 Anything else?
 Yes, since ruby is the underlying language puppet can do just about
anything you can program ruby to do.

4. +
The module structure
Mymodule/
manifests/
files/
templates/
lib/
tests/
spec/
# puppet code is stored here
# static configuration files
# dynamic configuration files
# plugins, extensions, facts, providers etc.
# simple manifest manually to test the module
# automated tests

5. +
Package File Service Pattern
 PuppetLabs recommends following the Package File Service pattern.
# /etc/puppet/modules/mymodule/manifests/init.pp
class mymodule {
package { ‘my-package’:
ensure => ‘installed’,
}
file {‘my-file’:
source => “puppet:///modules/mymodule/myfile”,
require => Package[‘my-package’],
}
service { ‘my-service’:
ensure => ‘running’,
enable => true,
subscribe => File[‘my-file’]
}
}

6. +
A real world module
 Installing open-ssh
# /etc/puppet/modules/ssh/manifests/init.pp
class ssh{
package { ‘ssh-server’:
ensure => ‘installed’,
}
file {‘/etc/ssh/sshd_config’:
source => “puppet:///modules/ssh/sshd_config”,
require => Package[‘ssh-server’],
}
service { ‘ssh’:
ensure => ‘running’,
enable => true,
subscribe => File[‘/etc/ssh/sshd_config’]
}
}

7. +
Example sshd_config file
# /etc/puppet/modules/ssh/files/sshd_config
Port 22
Protocol 2
#Logging
SyslogFacility Local0
LogLevel Error
#Authentication
LoginGraceTime 120
PermitRootLogin no
StrictModes yes
#...

8. +
Module Portability
 All the sshd_config values are hardcoded in the
modules/ssh/files/sshd_config file.
 What if we want to change the port that ssh is running on from
22 to 8022?
 We should have to change the module in order to change
configuration items

9. +
Introducting Templates
 A template allows you to create the base configuration file and
populate the variable parts automatically.
 No different than other templating languages like velocity or
freemarker.
 Increases portability of the module and can allow configuration
on a node by node basis

10. +
Example Template
# /etc/puppet/modules/ssh/templates/sshd_config.erb
Port <%= @ssh_port %>
Protocol 2
#Logging
SyslogFacility Local0
LogLevel <%= @ssh_loglevel %>
#Authentication
LoginGraceTime 120
PermitRootLogin <%= @ssh_permitrootlogin %>
StrictModes yes
#...

11. +
Updated SSH Module
# /etc/puppet/modules/ssh/manifests/init.pp
class ssh (
$ssh_port = 22,
$ssh_loglevel = ‘INFO’,
$ssh_permitrootlogin = ‘no’,
) {
# … package definition here
file {‘/etc/ssh/sshd_config’:
content=> template(“ssh/sshd_config.erb”,
require => Package[‘ssh-server’],
}
# … service definition here
}

12. +
Using the new class
# /etc/puppet/manifests/node.pp
Node ’mynode.mydomain.com' inherits 'default_uc' {
class {'ssh':
ssh_permitrootlogin => 'yes’,
}
}

13. +
Live Demo