Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Puppet DSL: back to the basics

1,819 views

Published on

Slides from a talk I have given at Config Management Camp 2017 about the Puppet DSL and some features that are really useful but that few people use.

Published in: Technology

Puppet DSL: back to the basics

  1. 1. Puppet DSL: Back to the basics Julien Pivotto (@roidelapluie) Config Management Camp Ghent February 2017
  2. 2. $::user Julien Pivotto @roidelapluie on irc/github/twitter Puppet user since 2011 (Puppet 0.24) VoxPupuli member (& security officer)
  3. 3. inuits
  4. 4. Scope What didn't we notice in Puppet DSL over the last years? How much backwards compatibility?
  5. 5. Why? There are lots of new exciting features But the puppet DSL has a strong trunk Puppet 3 is EOL, so we can use most of these things
  6. 6. Tooling Puppet parser validate Puppet-lint 2 (with plugins) $EDITOR puppet syntax
  7. 7. Custom facts FACTER_bootstrap=true puppet agent ­­test Useful for 1-time facts, or overwriting existing facts (e.g ipaddress) without code.
  8. 8. Puppet DSL
  9. 9. The File resource file { '/etc/motd'   ensure  => file,   content => 'foobarbarfoofoobar', }
  10. 10. content => file() file { '/etc/motd':   ensure  => file,   content => file("${module_name}/motd") } For small, text files (file content is in the catalog) Since Puppet 3.7.0
  11. 11. validate_cmd file { '/etc/corosync/corosync.conf':   ensure       => file,   validate_cmd => '/usr/sbin/corosync ­t %', } Verify the file before replacing it Since Puppet 3.5.0 Alternative in stdlib for older versions
  12. 12. show_diff file { '/etc/app/secrets':   content   => 'my secret content',   show_diff => false, } Since Puppet 3.2.1
  13. 13. replace file { '/etc/installtime':   content   => template('date.erb'),   replace => no, } Since Puppet 0.19.0
  14. 14. backup file { '/etc/hosts':   content => template('hosts.erb'),   backup => '.bak', } Since a very long time...
  15. 15. source file {   '/etc/issue.net':     source => '/etc/motd' } Since a very long time...
  16. 16. autorequires Don't do: file {   '/tmp': } file {   '/tmp/foo':     require => File['/tmp'], } because files auto-require their parents (and owners, groups...) Since Puppet 0.10.2
  17. 17. other autorequires Exec, Cron require their users Mount require its parents Exec requires its File[cwd]
  18. 18. other autodependencies resources types can implement autonotify and autosubscribe (this is used in puppet-corosync) Since Puppet 4.0.0
  19. 19. noop package {   'ntpd':     ensure => latest,     noop   => true, } noop is not only a global setting - it is also a metaparameter that can be applied to any resource Present since a very long time...
  20. 20. purging resources resources {   'cron':     purge => true,     noop  => true, } Present since Puppet 0.22.0 Present since 3.5.0 (for cron resources)
  21. 21. exec tries exec {   '/bin/wget 127.0.0.1':     tries     => 10,     try_sleep => 1, } Present since Puppet 2.6.0
  22. 22. arrays file {   '/usr/bin/sometimesexecutable':     mode => ['0755', '0644'] } Will accept both modes, and set 0755 if not matching. Can be used with most of the properties. Since Puppet 0.23.1
  23. 23. Requirements define foo::bar {   Package['foo'] ­> Foo::Bar[$name] } Is the same as: foo::bar {'barfoo':   require => Package['foo'] }
  24. 24. Aliases Instead of: file { "/tmp/foo/bar/bar.foo/foobar":   ensure => file, } service { 'barfoo':   require => File["/tmp/foo/bar/bar.foo/foobar" }
  25. 25. Aliases Use: file {"/tmp/foo/bar/bar.foo/foobar":   ensure => file,   alias  => 'foobar' } service {'barfoo':   require => File["foobar"] } Since a very long time...
  26. 26. Loglevel exec {   '/bin/mybrokenexec':     loglevel => debug, } Since Puppet 0.23.1
  27. 27. Next to the DSL...
  28. 28. The Puppet resource face $ puppet resource file /home/u/.vimrc file { '/home/u/.vimrc':   ensure  => 'file',   content => '{md5}d414e9800998ecf8427e',   ctime   => '2017­02­06 10:09:05 +0100',   group   => '1000',   mode    => '0644',   mtime   => '2017­02­06 10:09:05 +0100',   owner   => '1000',   type    => 'file', } $ puppet resource file .hushlogin mode=0755 Since Puppet 2.7
  29. 29. Pluginsync Im modules: lib/puppet/reports/prometheus.rb lib/augeas/lenses/tmpfiles.aug
  30. 30. Julien Pivotto roidelapluie roidelapluie@inuits.eu Inuits https://inuits.eu info@inuits.eu Contact

×