Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Do you know all of Puppet?
Julien Pivotto (@roidelapluie)
Budapest DevOps Meetup
April 23, 2017
$::user
Julien Pivotto
@roidelapluie on irc/github/twitter
Puppet user since 2011 (Puppet 0.24)
VoxPupuli member (& securi...
inuits
Scope
(Ab)using Puppet
The Puppet community
Puppet DSL tips and tricks
Why?
Puppet present in lots of places
There are lots of new exciting features
But the puppet DSL has a strong trunk
Many d...
Using Puppet
Creative Commons Attribution 2.0 https://www.flickr.com/photos/jimmcd/4859841581
Custom facts
FACTER_bootstrap=true puppet agent ­­test
Useful for 1-time facts, or overwriting existing
facts (e.g ipaddre...
Custom facts (scripts)
./mycustomscript
datacenter=mydc
Custom facts (ruby)
# Interrupt Remapping
# http://www.novell.com/support/kb/doc.php?id=7014344
# https://access.redhat.co...
The Puppet resource face
$ puppet resource file /home/u/.vimrc
file { '/home/u/.vimrc':
  ensure  => 'file',
  content => ...
Pluginsync
Im modules:
lib/puppet/reports/prometheus.rb
lib/augeas/lenses/tmpfiles.aug
Share reports processors
Share auge...
Puppet as a CA
Each Puppet agent has a certificate
It is used and maintained
It is easy to sign/generate
e.g.: The foreman
Tooling for your laptop
puppet parser validate
Built into puppet
find . -name "*.pp" -exec puppet parser
validate + ";"
Style and Best practices
Puppet-lint 2
Plugins:
parameter_documentation
roles_and_profiles
package_ensure
unquoted_string
...
The community
Creative Commons Attribution 2.0 https://www.flickr.com/photos/mrmystery/15868773733/
Puppet Modules
Modules are awesome
They have clear API's
Easy to make code ready for everyone
Sharing is part of lots of P...
The modules ecosystem
Puppet Forge
Github
Puppet is aging
Lots of old, unmaintained modules
Modules not Puppet 4 compatibles
Modules untested
Modules without mainta...
The world evolves fast
Ruby versions, gems, change fast
Keeping an up to date public CI (with travis) is
hard
But you don'...
Vox Pupuli
Creative Commons Attribution-ShareAlike 4.0 https://github.com/voxpupuli/logos
What is Vox Pupuli?
Vox Pupuli is a community
We are sysadmins/developers/... puppet
users
We share values
Started in 2014
What do we do
We share Puppet modules
We maintain them, improve them
We provide a nice home for Puppet modules
How
We automate
We are experts (we use those modules)
We are an important group (98 people)
We enforce our Code of Conduct
Join us (with or without code)
Open Pull requests (we have 118 repos)
Share your modules
Get in touch
#voxpupuli on IRC
voxpupuli
http://github.com/voxpupuli
voxpupuli@groups.io
The Puppet DSL
Creative Commons Attribution 2.0 https://www.flickr.com/photos/mujitra/4421810399
The Puppet DSL
Awareness of its potential
Write less code
Avoid bad patterns
The File resource
file { '/etc/motd'
  ensure  => file,
  content => 'foobarbarfoofoobar',
}
content => file()
file { '/etc/motd':
  ensure  => file,
  content => file("${module_name}/motd"),
}
For small, text files...
validate_cmd
file { '/etc/corosync/corosync.conf':
  ensure       => file,
  validate_cmd => '/usr/sbin/corosync ­t %',
}
...
show_diff
file { '/etc/app/secrets':
  content   => 'my secret content',
  show_diff => false,
}
Since Puppet 3.2.1
replace
file { '/etc/installtime':
  content => template('date.erb'),
  replace => no,
}
Since Puppet 0.19.0
backup
file { '/etc/hosts':
  content => template('hosts.erb'),
  backup  => '.bak',
}
Since a very long time...
source
file {
  '/etc/issue.net':
    source => '/etc/motd'
}
Since a very long time...
autorequires
Don't do:
file {
  '/tmp':
}
file {
  '/tmp/foo':
    require => File['/tmp'],
}
because files auto-require t...
other autorequires
Exec, Cron require their users
Mount require its parents
Exec requires its File[cwd]
other autodependencies
resources types can implement autonotify and
autosubscribe
(this is used in puppet-corosync)
Since ...
noop
package {
  'ntpd':
    ensure => latest,
    noop   => true,
}
noop is not only a global setting - it is also a
meta...
purging resources
resources {
  'cron':
    purge => true,
    noop  => true,
}
Present since Puppet 0.22.0
Present since ...
exec tries
exec {
  '/bin/wget 127.0.0.1':
    tries     => 10,
    try_sleep => 1,
}
Present since Puppet 2.6.0
arrays
file {
  '/usr/bin/sometimesexecutable':
    mode => ['0755', '0644'],
}
Will accept both modes, and set 0755 if no...
Requirements
define foo::bar {
  Package['foo'] ­> Foo::Bar[$name]
}
Is the same as:
foo::bar {'barfoo':
  require => Pack...
Aliases
Instead of:
file { "/tmp/foo/bar/bar.foo/foobar":
  ensure => file,
}
service { 'barfoo':
  require => File['/tmp/...
Aliases
Use:
file {"/tmp/foo/bar/bar.foo/foobar":
  ensure => file,
  alias  => 'foobar',
}
service {'barfoo':
  require =...
Loglevel
exec {
  '/bin/mybrokenexec':
    loglevel => debug,
}
Since Puppet 0.23.1
Conclusion
Creative Commons Attribution 2.0 https://www.flickr.com/photos/wwworks/6320539775/
Puppet
Puppet is in the sysadmins basic tools now
Tooling around it is great
Very active and mature community
Powerful DSL...
Julien Pivotto
roidelapluie
roidelapluie@inuits.eu
Inuits
https://inuits.eu
info@inuits.eu
Contact
Upcoming SlideShare
Loading in …5
×

Do you know all of Puppet?

410 views

Published on

Talk given at DevOps Meetup Budapest prior to CraftConf 2017 about some Puppet Tip and Tricks that are old but mostly unknown.

Published in: Technology
  • Download The Complete Lean Belly Breakthrough Program with Special Discount. ★★★ http://ishbv.com/bkfitness3/pdf
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Doctor's 2-Minute Ritual For Shocking Daily Belly Fat Loss! Watch This Video  https://tinyurl.com/y6qaaou7
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

Do you know all of Puppet?

  1. 1. Do you know all of Puppet? Julien Pivotto (@roidelapluie) Budapest DevOps Meetup April 23, 2017
  2. 2. $::user Julien Pivotto @roidelapluie on irc/github/twitter Puppet user since 2011 (Puppet 0.24) VoxPupuli member (& security officer)
  3. 3. inuits
  4. 4. Scope (Ab)using Puppet The Puppet community Puppet DSL tips and tricks
  5. 5. Why? Puppet present in lots of places There are lots of new exciting features But the puppet DSL has a strong trunk Many don't use all of its capacities
  6. 6. Using Puppet Creative Commons Attribution 2.0 https://www.flickr.com/photos/jimmcd/4859841581
  7. 7. Custom facts FACTER_bootstrap=true puppet agent ­­test Useful for 1-time facts, or overwriting existing facts (e.g ipaddress) without code.
  8. 8. Custom facts (scripts) ./mycustomscript datacenter=mydc
  9. 9. Custom facts (ruby) # Interrupt Remapping # http://www.novell.com/support/kb/doc.php?id=7014344 # https://access.redhat.com/site/solutions/110053 # https://access.redhat.com/site/solutions/722593 Facter.add("is_interrupt_remapping_broken") do   confine :kernel => "Linux"   setcode do     output = Facter::Util::Resolution.exec(     '/sbin/lspci ­nn | grep ­E     '8086:(340[36].*rev 13|3405.*rev     (12|13|22))'')     if output.nil? or output.empty?       result = false     else       result = true     end     result   end end
  10. 10. The Puppet resource face $ puppet resource file /home/u/.vimrc file { '/home/u/.vimrc':   ensure  => 'file',   content => '{md5}d414e9800998ecf8427e',   ctime   => '2017­04­25 11:01:05 +0100',   group   => '1000',   mode    => '0644',   mtime   => '2017­04­25 15:02:03 +0100',   owner   => '1000',   type    => 'file', } $ puppet resource file .hushlogin mode=0755
  11. 11. Pluginsync Im modules: lib/puppet/reports/prometheus.rb lib/augeas/lenses/tmpfiles.aug Share reports processors Share augeas lenses Share facts
  12. 12. Puppet as a CA Each Puppet agent has a certificate It is used and maintained It is easy to sign/generate e.g.: The foreman
  13. 13. Tooling for your laptop puppet parser validate Built into puppet find . -name "*.pp" -exec puppet parser validate + ";"
  14. 14. Style and Best practices Puppet-lint 2 Plugins: parameter_documentation roles_and_profiles package_ensure unquoted_string legacy_facts many more...
  15. 15. The community Creative Commons Attribution 2.0 https://www.flickr.com/photos/mrmystery/15868773733/
  16. 16. Puppet Modules Modules are awesome They have clear API's Easy to make code ready for everyone Sharing is part of lots of Puppet users mindset
  17. 17. The modules ecosystem Puppet Forge Github
  18. 18. Puppet is aging Lots of old, unmaintained modules Modules not Puppet 4 compatibles Modules untested Modules without maintainers
  19. 19. The world evolves fast Ruby versions, gems, change fast Keeping an up to date public CI (with travis) is hard But you don't need to change everymodules everyday ..
  20. 20. Vox Pupuli Creative Commons Attribution-ShareAlike 4.0 https://github.com/voxpupuli/logos
  21. 21. What is Vox Pupuli? Vox Pupuli is a community We are sysadmins/developers/... puppet users We share values Started in 2014
  22. 22. What do we do We share Puppet modules We maintain them, improve them We provide a nice home for Puppet modules
  23. 23. How We automate We are experts (we use those modules) We are an important group (98 people) We enforce our Code of Conduct
  24. 24. Join us (with or without code) Open Pull requests (we have 118 repos) Share your modules
  25. 25. Get in touch #voxpupuli on IRC voxpupuli http://github.com/voxpupuli voxpupuli@groups.io
  26. 26. The Puppet DSL Creative Commons Attribution 2.0 https://www.flickr.com/photos/mujitra/4421810399
  27. 27. The Puppet DSL Awareness of its potential Write less code Avoid bad patterns
  28. 28. The File resource file { '/etc/motd'   ensure  => file,   content => 'foobarbarfoofoobar', }
  29. 29. content => file() file { '/etc/motd':   ensure  => file,   content => file("${module_name}/motd"), } For small, text files (file content is in the catalog) Since Puppet 3.7.0
  30. 30. validate_cmd file { '/etc/corosync/corosync.conf':   ensure       => file,   validate_cmd => '/usr/sbin/corosync ­t %', } Verify the file before replacing it Since Puppet 3.5.0 Alternative in stdlib for older versions
  31. 31. show_diff file { '/etc/app/secrets':   content   => 'my secret content',   show_diff => false, } Since Puppet 3.2.1
  32. 32. replace file { '/etc/installtime':   content => template('date.erb'),   replace => no, } Since Puppet 0.19.0
  33. 33. backup file { '/etc/hosts':   content => template('hosts.erb'),   backup  => '.bak', } Since a very long time...
  34. 34. source file {   '/etc/issue.net':     source => '/etc/motd' } Since a very long time...
  35. 35. autorequires Don't do: file {   '/tmp': } file {   '/tmp/foo':     require => File['/tmp'], } because files auto-require their parents (and owners, groups...) Since Puppet 0.10.2
  36. 36. other autorequires Exec, Cron require their users Mount require its parents Exec requires its File[cwd]
  37. 37. other autodependencies resources types can implement autonotify and autosubscribe (this is used in puppet-corosync) Since Puppet 4.0.0
  38. 38. noop package {   'ntpd':     ensure => latest,     noop   => true, } noop is not only a global setting - it is also a metaparameter that can be applied to any resource Present since a very long time...
  39. 39. purging resources resources {   'cron':     purge => true,     noop  => true, } Present since Puppet 0.22.0 Present since 3.5.0 (for cron resources)
  40. 40. exec tries exec {   '/bin/wget 127.0.0.1':     tries     => 10,     try_sleep => 1, } Present since Puppet 2.6.0
  41. 41. arrays file {   '/usr/bin/sometimesexecutable':     mode => ['0755', '0644'], } Will accept both modes, and set 0755 if not matching. Can be used with most of the properties. Since Puppet 0.23.1
  42. 42. Requirements define foo::bar {   Package['foo'] ­> Foo::Bar[$name] } Is the same as: foo::bar {'barfoo':   require => Package['foo'], }
  43. 43. Aliases Instead of: file { "/tmp/foo/bar/bar.foo/foobar":   ensure => file, } service { 'barfoo':   require => File['/tmp/foo/bar/bar.foo/foobar'], }
  44. 44. Aliases Use: file {"/tmp/foo/bar/bar.foo/foobar":   ensure => file,   alias  => 'foobar', } service {'barfoo':   require => File['foobar'], } Since a very long time...
  45. 45. Loglevel exec {   '/bin/mybrokenexec':     loglevel => debug, } Since Puppet 0.23.1
  46. 46. Conclusion Creative Commons Attribution 2.0 https://www.flickr.com/photos/wwworks/6320539775/
  47. 47. Puppet Puppet is in the sysadmins basic tools now Tooling around it is great Very active and mature community Powerful DSL ; can handle many scenarios
  48. 48. Julien Pivotto roidelapluie roidelapluie@inuits.eu Inuits https://inuits.eu info@inuits.eu Contact

×