Dance for the puppet master: G6 Tech Talk


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Dance for the puppet master: G6 Tech Talk

  1. 1. Dance for the puppetmasterAn introduction to PuppetMichael Peacock
  2. 2. So, what is puppetProvisioning tool “Open source configuration management tool”Used to automate server management Configuration Installs & upgrades etc
  3. 3. Internal development team presentation Ground Six Limited
  4. 4. IdempotentCan be ran multiple times without changing theserver (unless the configuration changes)Instead of doing things, it checks or ensuresthings: Ensuring a package is installed only installs it if it hasn’t been installed. Execs only run if their create file isn’t found (and puppet doesn’t think they have been ran)
  5. 5. Configuration withinVagrantTell puppet to runTell it where the manifests liveTell it the default manifestTell it where modules live
  6. 6. config.vm.provision :puppet do |puppet| puppet.manifests_path = "provision/manifests" puppet.manifest_file = "default.pp" puppet.module_path = "provision/modules" end
  7. 7. What can it do?cron: install and manage cron jobs (scheduled_task onwindows)exec: runs shall commandsuser: create and manage user accountsgroup: create and manage groupsfile: create and manage files, folders and symlinksnotify: log somethingservice: manage running servicesAnd more...the items in bold are known as resources withinpuppet
  8. 8. RequireMany / all puppet options support a “require”configurationDefines other puppet tasks which must havebeen successfully checked / executed beforethis can be ran We only want to install packages once we have updated aptitude We only want to install MySQL drivers once we have the MySQL client/server installed
  9. 9. Require examplerequire => [ Package[mysql-client], Package[mysql-server] ] notice when referencing other puppet configurations, the resource type is capitalised
  10. 10. execcommand: command (including full path unless pathis also defined) to be executed. The “name” will beused if omitteduser & group: to run the command ascreate: a file that the command creates. If found,the exec is not runcwd: directory to run the command frompath: if full path for command isn’t supplied, pathmust point to location of the command
  11. 11. exec: a note We create lock files in some of our execcommands to prevent repeated execution, e.g. after installing the default database,download something or run anything which can only be ran once.
  12. 12. exec: exampleexec{ "create-db": command => /bin/gunzip -c/vagrant/database/default.sql.gz > db.sql &&/usr/bin/mysql < db.sql && /bin/rm db.sql &&/bin/touch /vagrant/mysqlimport.lock, require => [ Package[mysql-client],Package[mysql-server] ], creates => "/vagrant/mysqlimport.lock", timeout => 0 }
  13. 13. exec: another exampleexec{ "compose": command => /bin/rm -rfv /vagrant/vendor/* && /bin/rm-f /vagrant/composer.lock && /usr/bin/curl -s | /usr/bin/php -- --install-dir=/vagrant && cd /vagrant && /usr/bin/php/vagrant/composer.phar install, require => [ Package[curl], Package[git-core] ], creates => "/vagrant/composer.lock", timeout => 0 }
  14. 14. exec: what we use it forInstalling the default MySQL database contentInstall pear projectsNote: we should probably use or write a puppetmodule to install pear projects we need, ourapproach is a bit of a hack
  15. 15. subscribe & refreshonlySome commands need to be ran periodically afterother things have ran More so the case when puppet manages existing infrastructure (using it to manage whats already on a machine and installing new things)subscribe: defines other events which should cause thetask to run (like require, but refreshes the task)refreshonly: instructs the task to only run when the othertasks are completed
  16. 16. Installing softwarePackage “type”We need to apt-get update first...We want to ensure some of our installedsoftware is running
  17. 17. Update aptitude exec { apt-get update: command => /usr/bin/apt-get update, require => Exec[preparenetworking], timeout => 0 }
  18. 18. Install packageWe just need to ensure the package is present package { "apache2": ensure => present, require => Exec[apt-get update] }
  19. 19. Run the service service { "apache2": ensure => running, require => Package[apache2] }
  20. 20. Filesensure: type of file - symlink (link), directorytarget: for symlinks - set the target filesource:file to be copied (if copying a file)owner: user who should own the filegroup: group associated with the filemode: file permissions e.g. 777
  21. 21. file: copy apache config Set the source: source => ‘/path/to/file’file { /etc/apache2/sites-available/default: source =>/vagrant/provision/modules/apache/files/default, owner => root, group => root }
  22. 22. file: create a symlinkensure => ‘link’ file { /var/www/vendor: ensure => link, target => /vagrant/vendor, require => Package[apache2] }
  23. 23. file: create a folder ensure => ‘directory’ file{ "/var/www/uploads": ensure => "directory", owner => "www-data", group => "www-data", mode => 777, }
  24. 24. file: create several folders$cache_directories = [ "/var/www/cache/", "/var/www/cache/pages", "/var/www/cache/routes","/var/www/cache/templates", ] file { $cache_directories: ensure => "directory", owner => "www-data", group => "www-data", mode => 777, }
  25. 25. Add a croncommand: the command to runuser: user to run the cron ashour, minute, month, monthday, weekday can be defined as hour => 1 or hour => [1,2,3,5] or hour => [1-10]
  26. 26. Create a user user { "developer": ensure => "present", gid => "wheel", shell => "/bin/bash", home => "/home/developer", managehome => true, password => "passwordtest", require => Group["wheel"] }
  27. 27. Create a group group { "wheel": ensure => "present", }
  28. 28. Make the group asudoer We probably want to stop this being ran multiple times!exec { "/bin/echo "%wheel ALL=(ALL) ALL" >> /etc/sudoers": require => Group["wheel"] }
  29. 29. StagesRunning things in a specific order can often beimportantRequire often makes this easy for us, howeverExec’s don’t seem to use this reliablyWe can define “stages” with a specific order.We can then put puppet modules into stagesDefault stage is Stage[main]
  30. 30. Stages example stage { first: before => Stage[main] } class {apache: stage => first}
  31. 31. Importing modulesImport the module (assuming it is in the rightfolder)Include the module to be executed import "apache" include apache
  32. 32. Image Credits