Puppet, profile picture
Uploaded byPuppet
KEY, PPTX4,526 views

modern module development - Ken Barber 2012 Edinburgh Puppet Camp

The document provides information on modern Puppet module development best practices. It discusses what modules are and common patterns like package, config, service that address 80% of module needs. It also covers validation of module parameters using Kwalify schemas, testing modules with rspec-puppet, and packaging modules for release on the Puppet Forge using the puppet-module tool. The document emphasizes the importance of coding style, linting with puppet-lint, and following patterns and best practices to create high quality, reusable modules.

Embed presentation

Download as KEY, PPTX
Modern Module Development 2012-03-23 Puppet Camp Edinburgh Ken Barber Professional Services Engineer ken@puppetlabs.com http://linkedin.com/in/ken_barber IRC & Twitter: @ken_barber
What is a module? • A re-usable way of sharing common components: • Classes • Defined Resources • Ruby Resources • Files • Templates • Functions • Facts
We need more modules!
and they need to be good quality ...
Whats new(ish) in Module Development? • Puppet Module Face • rspec-puppet • puppet-lint • Kwalify
But lets talk patterns first ...
Why are patterns important?
Class Patterns • Most installation and management problems consist of: • Installing software using files or packages • Modifying configuration files • Starting services
We commonly refer to this pattern as: Package, Config, Service
Package Class class bind::package { package { $bind::packages: ensure => installed, } }
Config Class class bind::config { file { $bind::config_file: content => template(“${module_name}/named.conf”), owner => $bind::user, group => $bind::group, mode => ‘0644’, } }
Service Class class bind::service { service { $bind::services: ensure => running, enable => true, hasstatus => true, hasrestart => true, } }
Main Class class bind { anchor { ‘bind::start’: }-> class { ‘bind::package’: }~> class { ‘bind::config’: }~> class { ‘bind::service’: }~> anchor { ‘bind::end’: } }
What are anchors? • Provided in stdlib • Anchors are resource that ‘do nothing’ • They ensure the edge of the classes are demarcated properly so the graph executes in the expected order
But what about defined resources?
Defined Resources define bind::zone ( $value = ‘nil’ ){ file { “/etc/bind/config.d/${name}.conf”: content => “${name} = ${value}n”, require => Class[‘bind::package’], notify => Class[‘bind::service’], } }
Package, Config, Service Pattern • This pattern is good for ~80% of situations. • Deals with ordering in a non-complex way, working with defined resources as well.
Params Pattern
Default Parameters • Most parameters have OS dependant defaults. • In the past this was done with case statements in the main modules.
Class Parameters • I generally use two types of class parameters: • User-tuneable parameters • Advanced parameters for overriding items such as package name, service name configuration file paths
Params Pattern The trick is to move your OS based param lookup into manifests/params.pp: class bind::params { case $::operatingsystem { 'ubuntu', 'debian': { $package = 'bind9' $service = 'bind9' $config_dir = '/etc/bind' } ‘centos’, ‘redhat’: { $package = ‘bind’ $service = ‘bind’ $config_dir = ‘/etc/named’ } default: { fail(“Unknown OS: $::operatingsystem”) } } }
Params Pattern Then inherit this in your base class like so: class bind ( $package = $bind::params::package, $service = $bind::params::service, $config_dir = $bind::params::config_dir ) inherits bind::params { ... }
Params Pattern Then elsewhere in your code, reference the fully qualified parameter from your bind class: class bind::package { package { $bind::packages: ensure => installed, } }
Puppet Module Tool will now be a Puppet Face!
Puppet Module Tool # puppet help module USAGE: puppet module <action> This subcommand can find, install, and manage modules from the Puppet Forge, a repository of user-contributed Puppet code. It can also generate empty modules, and prepare locally developed modules for release on the Forge. OPTIONS: --mode MODE - The run mode to use (user, agent, or master). --render-as FORMAT - The rendering format to use. --verbose - Whether to log verbosely. --debug - Whether to log debug information. ACTIONS: build Build a module release package. changes Show modified files of an installed module. clean Clean the module download cache. generate Generate boilerplate for a new module. install Install a module from a repository or release archive. list List installed modules search Search a repository for a module. uninstall Uninstall a puppet module. upgrade Upgrade a puppet module. See 'puppet man module' or 'man puppet-module' for full help.
Puppet Module Face • Obviously still subject to design changes before release ....
Validating Parameters
Validating Parameters • Your allowed set of class parameters are like an Interface Contract to your users • A lot of bugs in code are to do with bad input • We have three mechanisms for validating input: • parameter definitions in the class • stdlib validate_* functions • kwalify
Kwalify Validation • Uses the kwalify library - which is a language independent way of validating JSON/YAML style data structures. • Kwalify has binding in many languages - so its a nice universal choice for structured data validation.
Kwalify • Provides a single declarative way of defining what parameters are valid. • When validation fails, it shows all cases of failure. • Doesn’t handle logical validation across components - you’ll have to do this yourself.
A Kwalify Schema in Puppet DSL $schema = { 'type' => 'map', 'mapping' => { 'name' => { 'type' => 'str', 'pattern' => '/^w+s*w+$/', }, 'age' => { 'type' => 'str', 'pattern' => '/^d+$/', }, } }
Kwalify Validation in DSL class bind ( ... ){ $args = get_scope_args() $schema = { ... } kwalify($schema, $args) }
Module Testing
rspec-puppet • Tim Sharpe (@rodjek) from Github created it • Rspec is often used by Puppet for testing, so it made sense for us to use rspec-puppet • The same facility can be used for testing Puppet DSL and Ruby code as well: providers, types, facts etc.
rspec-puppet • Is able to test: • Classes • Defined Resources • Nodes • Functions
rspec-puppet • Paths for tests: • Classes: • spec/classes/<name_of_class>_spec.rb • Defined Resources • spec/defines/<name_of_define>_spec.rb
rspec-puppet For class testing, the idea is to test your compiled catalogue. The following just tests if your class compiles with no parameters: # spec/classes/bind_spec.rb require 'spec_helper' describe 'bind', :type => :class do let(:facts) do { :operatingsystem => "CentOS" } end describe 'when only mandatory parameters are provided' do let(:params) do {} end it 'class should get included' do subject.should contain_class('bind') end end end
rspec-puppet You also want to make sure your expectations of how the catalogue should look after compilation are met: it ‘bind package should be defined’ do subject.should contain_package(‘bind’) end it ‘bind service should be defined’ do subject.should contain_service(‘bind’) end
rspec-puppet For testing templates, we can do something a little different: it 'changing authnxdomain should modify template' do params = { :config_options = "/tmp/named.conf.options" :options = { "authnxdomain" => "yes", } } content = param_value("file", "/tmp/named.conf.options", "content") content.should =~ /authnxdomain yes/ end
rspec-puppet Requires a spec/spec_helper.rb file with appropriate settings: require 'rspec' require 'rspec-puppet' require 'puppet' require 'mocha' fixture_path = File.expand_path(File.join(File.dirname(__FILE__), 'fixtures')) RSpec.configure do |c| c.module_path = File.join(fixture_path, 'modules') c.manifest_dir = File.join(fixture_path, 'manifests') end
rspec-puppet Also the following should be added to your Rakefile to get ‘rake spec’ to work: require 'rubygems' require 'rspec/core/rake_task' RSpec::Core::RakeTask.new do |t| t.pattern = 'spec/*/*_spec.rb' end
Importance of Good Coding Style
Importance of Good Coding Style • Code is read much more often then it is written (did Guido van Rossum say this?) • Other people being able to read your code is important to attract contributors • Contributors make your code better and ultimately more successful
Style Guide • Available here: • http://docs.puppetlabs.com/guides/style_guide.html
puppet-lint • Also made by Tim Sharpe from Github • Uses the Puppet Labs style guide • Saves time, as it tells you what is wrong with your content before a code review
Using it in your Rakefile Download the gem: gem install puppet-lint Then just add the following to your modules Rakefile: require 'puppet-lint/tasks/puppet-lint'
Running it: # rake lint Evaluating manifests/init.pp Evaluating manifests/config.pp Evaluating manifests/package.pp Evaluating manifests/service.pp
Packaging for the Forge
The Modulefile • Provides meta data for your module • Includes dependencies • In the future the module tool can use these dependencies to download extra modules as needed • Is used to generate metadata.json, which is used by the forge
The Modulefile name 'puppetlabs-bind' version '0.0.1' source 'https://github.com/puppetlabs/puppetlabs-bind.git' author 'Puppet Labs Inc.' license 'ASL 2.0' summary 'ISC Bind Module' description 'Installs and configures the ISC BIND DNS server' project_page 'http://forge.puppetlabs.com/puppetlabs/bind' dependency 'puppetlabs/stdlib', '>= 2.2.1' dependency 'puppetlabs/kwalify', '>= 0.0.1' dependency 'ripienaar/concat', '>= 20100507'
Packaging using the module tool # puppet-module build =================================================== Building /Users/ken/Development/puppetlabs-bind for release ----------------------------------------------------------- Done. Built: pkg/puppetlabs-bind-0.0.1.tar.gz
Uploading To the Forge • Create an account - this username will be publicly visible, so if you are a company create a shared one • Create a project - this is the short name of the module • Create a revision - this is the revision you wish to upload. Use semantic versioning if you can ie. 1.2.0, 3.1.2 etc. • Upload your revision, this is the tar.gz file created in pkg/ with puppet-module build
Using a forge module Using the new module face you can install the forge module: # puppet module search bind # puppet module install puppetlabs-bind
Future Work Needed for Modules • Acceptance Testing • ‘Real’ build testing, perhaps using monitoring frameworks for acceptance? • Hiera and data lookup methodology • Using Hiera to emulate the params pattern
Any Questions?

More Related Content

PPTX
Ansible: How to Get More Sleep and Require Less Coffee
bySarah Z
 
PPT
Python Deployment with Fabric
byandymccurdy
 
PPTX
Learn you some Ansible for great good!
byDavid Lapsley
 
PDF
Choosing a Javascript Framework
byAll Things Open
 
PPTX
Go Faster with Ansible (PHP meetup)
byRichard Donkin
 
PDF
Ansible v2 and Beyond (Ansible Hawai'i Meetup)
byTimothy Appnel
 
PPT
Tips for a Faster Website
byRayed Alrashed
 
KEY
London devops logging
byTomas Doran
 
Ansible: How to Get More Sleep and Require Less Coffee
bySarah Z
 
Python Deployment with Fabric
byandymccurdy
 
Learn you some Ansible for great good!
byDavid Lapsley
 
Choosing a Javascript Framework
byAll Things Open
 
Go Faster with Ansible (PHP meetup)
byRichard Donkin
 
Ansible v2 and Beyond (Ansible Hawai'i Meetup)
byTimothy Appnel
 
Tips for a Faster Website
byRayed Alrashed
 
London devops logging
byTomas Doran
 

What's hot

PDF
Plugin-based software design with Ruby and RubyGems
bySadayuki Furuhashi
 
PDF
DevOps for Humans - Ansible for Drupal Deployment Victory!
byJeff Geerling
 
PDF
Ansible at work
byBas Meijer
 
PPTX
WordPress Development Environments
byOhad Raz
 
PDF
Ansible and AWS
byPeter Sankauskas
 
PPTX
Full stack development with node and NoSQL - All Things Open - October 2017
byMatthew Groves
 
PPTX
Ansible
byVladimír Smitka
 
PPTX
Automated Deployments with Ansible
byMartin Etmajer
 
KEY
How Flipkart scales PHP
bySiddhartha Reddy Kothakapu
 
PDF
Ansible new paradigms for orchestration
byPaolo Tonin
 
PDF
TXLF: Chef- Software Defined Infrastructure Today & Tomorrow
byMatt Ray
 
PDF
Mitchell Hashimoto, HashiCorp
byOntico
 
PDF
Play Framework: async I/O with Java and Scala
byYevgeniy Brikman
 
PDF
Environments - Fundamentals Webinar Series Week 5
byChef
 
PDF
CIRCUIT 2015 - AEM Infrastructure Automation with Chef Cookbooks
byICF CIRCUIT
 
PDF
Service Delivery Assembly Line with Vagrant, Packer, and Ansible
byIsaac Christoffersen
 
PDF
Ansible 2 and Ansible Galaxy 2
byJeff Geerling
 
PDF
Chasing AMI - Building Amazon machine images with Puppet, Packer and Jenkins
byTomas Doran
 
KEY
Puppet for dummies - ZendCon 2011 Edition
byJoshua Thijssen
 
PPT
Local Dev on Virtual Machines - Vagrant, VirtualBox and Ansible
byJeff Geerling
 
Plugin-based software design with Ruby and RubyGems
bySadayuki Furuhashi
 
DevOps for Humans - Ansible for Drupal Deployment Victory!
byJeff Geerling
 
Ansible at work
byBas Meijer
 
WordPress Development Environments
byOhad Raz
 
Ansible and AWS
byPeter Sankauskas
 
Full stack development with node and NoSQL - All Things Open - October 2017
byMatthew Groves
 
Ansible
byVladimír Smitka
 
Automated Deployments with Ansible
byMartin Etmajer
 
How Flipkart scales PHP
bySiddhartha Reddy Kothakapu
 
Ansible new paradigms for orchestration
byPaolo Tonin
 
TXLF: Chef- Software Defined Infrastructure Today & Tomorrow
byMatt Ray
 
Mitchell Hashimoto, HashiCorp
byOntico
 
Play Framework: async I/O with Java and Scala
byYevgeniy Brikman
 
Environments - Fundamentals Webinar Series Week 5
byChef
 
CIRCUIT 2015 - AEM Infrastructure Automation with Chef Cookbooks
byICF CIRCUIT
 
Service Delivery Assembly Line with Vagrant, Packer, and Ansible
byIsaac Christoffersen
 
Ansible 2 and Ansible Galaxy 2
byJeff Geerling
 
Chasing AMI - Building Amazon machine images with Puppet, Packer and Jenkins
byTomas Doran
 
Puppet for dummies - ZendCon 2011 Edition
byJoshua Thijssen
 
Local Dev on Virtual Machines - Vagrant, VirtualBox and Ansible
byJeff Geerling
 

Viewers also liked

PPTX
Barbershop music
byJimmy Nelson
 
PPTX
Vy Le, CEO Rudys Barbershop
byDealmaker Media
 
PPTX
Salons & barber shops
byACroo99
 
PDF
MANSION BARBERSHOP INTRODUCTION
byRanggaswara Prasetya
 
PDF
How I Would Growth Hack a Barbershop
byJulien Le Coupanec
 
KEY
Barbershop presentation
bynooneuno9312
 
DOC
Kertas kerja kedai gunting rambut
byRosedi Ibrahim
 
DOCX
Epc barbershop reportzzz
byAfiq Knick
 
PPTX
class 5 eng TALKATIVE BARBER
byManjula Dubey
 
PDF
Program Latihan 1 Malaysia; Kolej Komuniti
byJabatan Pengajian Kolej Komuniti
 
PPT
Keynote 5 - Principles and Pedagogic Concepts in Teacher Education: exploring...
byMike Blamires
 
PDF
Barber of Birmingham - Use of Documentaries Presentation
byDeborah Granger
 
PPTX
Epc barbershop presentationzzzz
byAfiq Knick
 
PPT
Barbershop
bymauricepierot
 
PPTX
Marketing proposal for cuttin up barbershop
byAmanda Cintron
 
PPT
Swack barbershop
byaswackhamer
 
PPTX
Gents Barber Shop, Professional Men's Hairdresser Meadowbrook
bygentsbarberau
 
Barbershop music
byJimmy Nelson
 
Vy Le, CEO Rudys Barbershop
byDealmaker Media
 
Salons & barber shops
byACroo99
 
MANSION BARBERSHOP INTRODUCTION
byRanggaswara Prasetya
 
How I Would Growth Hack a Barbershop
byJulien Le Coupanec
 
Barbershop presentation
bynooneuno9312
 
Kertas kerja kedai gunting rambut
byRosedi Ibrahim
 
Epc barbershop reportzzz
byAfiq Knick
 
class 5 eng TALKATIVE BARBER
byManjula Dubey
 
Program Latihan 1 Malaysia; Kolej Komuniti
byJabatan Pengajian Kolej Komuniti
 
Keynote 5 - Principles and Pedagogic Concepts in Teacher Education: exploring...
byMike Blamires
 
Barber of Birmingham - Use of Documentaries Presentation
byDeborah Granger
 
Epc barbershop presentationzzzz
byAfiq Knick
 
Barbershop
bymauricepierot
 
Marketing proposal for cuttin up barbershop
byAmanda Cintron
 
Swack barbershop
byaswackhamer
 
Gents Barber Shop, Professional Men's Hairdresser Meadowbrook
bygentsbarberau
 

Similar to modern module development - Ken Barber 2012 Edinburgh Puppet Camp

PDF
Test-Driven Puppet Development - PuppetConf 2014
byPuppet
 
PDF
Puppet Camp Paris 2014: Test Driven Development
byPuppet
 
PDF
Greenfield Puppet: Getting it right from the start
byDavid Danzilio
 
PDF
Puppet Loves RSpec, Why You Should, Too
byPuppet
 
PPTX
Puppet camp chicago-automated_testing2
bynottings
 
PPTX
Automated Puppet Testing - PuppetCamp Chicago '12 - Scott Nottingham
byPuppet
 
PDF
20140408 tdd puppetcamp-paris
byJohan De Wit
 
PPTX
Anatomy of a Build Pipeline
bySamuel Brown
 
PDF
Puppet Camp Boston 2014: Greenfield Puppet: Getting it right from the start (...
byPuppet
 
PDF
TDD with Puppet Tutorial presented at Cascadia IT Conference 2014-03-07
bygarrett honeycutt
 
PDF
20090514 Introducing Puppet To Sasag
bygarrett honeycutt
 
PDF
Puppet | Custom Modules & Using the Forge
byAaron Bernstein
 
PDF
20140406 loa days-tdd-with_puppet_tutorial
bygarrett honeycutt
 
PDF
Using Puppet - Real World Configuration Management
byJames Turnbull
 
PDF
Modules of the twenties
byPuppet
 
PDF
Puppet Camp Sydney 2015: The (Im)perfect Puppet Module
byPuppet
 
KEY
Puppet101
byPuppet
 
PDF
Puppet Camp Paris 2015: Power of Puppet 4 (Beginner)
byPuppet
 
PDF
Puppet loves RSpec, why you should, too
byDennis Rowe
 
PDF
Puppet @ Nedap
byPuppet
 
Test-Driven Puppet Development - PuppetConf 2014
byPuppet
 
Puppet Camp Paris 2014: Test Driven Development
byPuppet
 
Greenfield Puppet: Getting it right from the start
byDavid Danzilio
 
Puppet Loves RSpec, Why You Should, Too
byPuppet
 
Puppet camp chicago-automated_testing2
bynottings
 
Automated Puppet Testing - PuppetCamp Chicago '12 - Scott Nottingham
byPuppet
 
20140408 tdd puppetcamp-paris
byJohan De Wit
 
Anatomy of a Build Pipeline
bySamuel Brown
 
Puppet Camp Boston 2014: Greenfield Puppet: Getting it right from the start (...
byPuppet
 
TDD with Puppet Tutorial presented at Cascadia IT Conference 2014-03-07
bygarrett honeycutt
 
20090514 Introducing Puppet To Sasag
bygarrett honeycutt
 
Puppet | Custom Modules & Using the Forge
byAaron Bernstein
 
20140406 loa days-tdd-with_puppet_tutorial
bygarrett honeycutt
 
Using Puppet - Real World Configuration Management
byJames Turnbull
 
Modules of the twenties
byPuppet
 
Puppet Camp Sydney 2015: The (Im)perfect Puppet Module
byPuppet
 
Puppet101
byPuppet
 
Puppet Camp Paris 2015: Power of Puppet 4 (Beginner)
byPuppet
 
Puppet loves RSpec, why you should, too
byDennis Rowe
 
Puppet @ Nedap
byPuppet
 

More from Puppet

PPTX
The Evolution of Puppet: Key Changes and Modernization Tips
byPuppet
 
PPTX
Automating it management with Puppet + ServiceNow
byPuppet
 
PPTX
Let Red be Red and Green be Green: The Automated Workflow Restarter in GitHub...
byPuppet
 
PPTX
Can You Help Me Upgrade to Puppet 8? Tips, Tools & Best Practices for Your Up...
byPuppet
 
PPTX
Puppetcamp r10kyaml
byPuppet
 
PPTX
Bolt Dynamic Inventory: Making Puppet Easier
byPuppet
 
PPTX
Puppet Community Day: Planning the Future Together
byPuppet
 
PPTX
The State of Puppet in 2025: A Presentation from Developer Relations Lead Dav...
byPuppet
 
PPTX
Simplified Patch Management with Puppet - Oct. 2020
byPuppet
 
PPTX
Puppet at ConfigMgmtCamp 2025 Sponsor Deck
byPuppet
 
PPTX
Puppet: The best way to harden Windows
byPuppet
 
PPTX
KGI compliance as-code approach
byPuppet
 
PPTX
Customizing Reporting with the Puppet Report Processor
byPuppet
 
PDF
Keynote: Puppet camp compliance
byPuppet
 
PDF
Puppet camp2021 testing modules and controlrepo
byPuppet
 
PDF
2021 04-15 operational verification (with notes)
byPuppet
 
PDF
Applying Roles and Profiles method to compliance code
byPuppet
 
PPTX
Accelerating azure adoption with puppet
byPuppet
 
PDF
Enforce compliance policy with model-driven automation
byPuppet
 
PPTX
Puppet camp vscode
byPuppet
 
The Evolution of Puppet: Key Changes and Modernization Tips
byPuppet
 
Automating it management with Puppet + ServiceNow
byPuppet
 
Let Red be Red and Green be Green: The Automated Workflow Restarter in GitHub...
byPuppet
 
Can You Help Me Upgrade to Puppet 8? Tips, Tools & Best Practices for Your Up...
byPuppet
 
Puppetcamp r10kyaml
byPuppet
 
Bolt Dynamic Inventory: Making Puppet Easier
byPuppet
 
Puppet Community Day: Planning the Future Together
byPuppet
 
The State of Puppet in 2025: A Presentation from Developer Relations Lead Dav...
byPuppet
 
Simplified Patch Management with Puppet - Oct. 2020
byPuppet
 
Puppet at ConfigMgmtCamp 2025 Sponsor Deck
byPuppet
 
Puppet: The best way to harden Windows
byPuppet
 
KGI compliance as-code approach
byPuppet
 
Customizing Reporting with the Puppet Report Processor
byPuppet
 
Keynote: Puppet camp compliance
byPuppet
 
Puppet camp2021 testing modules and controlrepo
byPuppet
 
2021 04-15 operational verification (with notes)
byPuppet
 
Applying Roles and Profiles method to compliance code
byPuppet
 
Accelerating azure adoption with puppet
byPuppet
 
Enforce compliance policy with model-driven automation
byPuppet
 
Puppet camp vscode
byPuppet
 

Recently uploaded

PPTX
Software Analysis &Design ethiopia chap-2.pptx
byAbbas484771
 
PPTX
Cloud-and-AI-Platform-FY26-Partner-Playbook.pptx
byiuiuiuiu1
 
PDF
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
PDF
Vibe Coding vs. Spec-Driven Development [Free Meetup]
byHaim Michael
 
PDF
Security Forum Sessions from Houston 2025 Event
byMark Simos
 
PDF
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
PPTX
Kanban India 2025 | Daksh Gupta | Modeling the Models, Generative AI & Kanban
byLeanKanbanIndia
 
DOCX
iRobot Post‑Mortem and Alternative Paths - Discussion Document for Boards and...
byDave Litwiller
 
PDF
Security Technologys: Access Control, Firewall, VPN
byShielaLasala
 
PDF
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 
PDF
Eredità digitale sugli smartphone: cosa resta di noi nei dispositivi mobili
bySpeck&Tech
 
PDF
Energy Storage Landscape Clean Energy Ministerial
bySurajitBanerjee38
 
PDF
Internet_of_Things_IoT_for_Next_Generation_Smart_Systems_Utilizing.pdf
byRoshanSyed12
 
PPTX
Building Cyber Resilience for 2026: Best Practices for a Secure, AI-Driven Bu...
byYasir Naveed Riaz
 
PDF
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
PPTX
Cybersecurity Best Practices - Step by Step guidelines
byYasir Naveed Riaz
 
PDF
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 
PPTX
AI in Cybersecurity: Digital Defense by Yasir Naveed Riaz
byYasir Naveed Riaz
 
PPTX
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
PPTX
cybercrime in Information security .pptx
byismaeelsahib032
 
Software Analysis &Design ethiopia chap-2.pptx
byAbbas484771
 
Cloud-and-AI-Platform-FY26-Partner-Playbook.pptx
byiuiuiuiu1
 
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
Vibe Coding vs. Spec-Driven Development [Free Meetup]
byHaim Michael
 
Security Forum Sessions from Houston 2025 Event
byMark Simos
 
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
Kanban India 2025 | Daksh Gupta | Modeling the Models, Generative AI & Kanban
byLeanKanbanIndia
 
iRobot Post‑Mortem and Alternative Paths - Discussion Document for Boards and...
byDave Litwiller
 
Security Technologys: Access Control, Firewall, VPN
byShielaLasala
 
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 
Eredità digitale sugli smartphone: cosa resta di noi nei dispositivi mobili
bySpeck&Tech
 
Energy Storage Landscape Clean Energy Ministerial
bySurajitBanerjee38
 
Internet_of_Things_IoT_for_Next_Generation_Smart_Systems_Utilizing.pdf
byRoshanSyed12
 
Building Cyber Resilience for 2026: Best Practices for a Secure, AI-Driven Bu...
byYasir Naveed Riaz
 
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
Cybersecurity Best Practices - Step by Step guidelines
byYasir Naveed Riaz
 
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 
AI in Cybersecurity: Digital Defense by Yasir Naveed Riaz
byYasir Naveed Riaz
 
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
cybercrime in Information security .pptx
byismaeelsahib032
 

modern module development - Ken Barber 2012 Edinburgh Puppet Camp

  • 1.
    Modern Module Development 2012-03-23 Puppet Camp Edinburgh Ken Barber Professional Services Engineer ken@puppetlabs.com http://linkedin.com/in/ken_barber IRC & Twitter: @ken_barber
  • 2.
    What is amodule? • A re-usable way of sharing common components: • Classes • Defined Resources • Ruby Resources • Files • Templates • Functions • Facts
  • 3.
    We need more modules!
  • 4.
    and they needto be good quality ...
  • 5.
    Whats new(ish) in ModuleDevelopment? • Puppet Module Face • rspec-puppet • puppet-lint • Kwalify
  • 6.
  • 7.
  • 8.
    Class Patterns • Most installation and management problems consist of: • Installing software using files or packages • Modifying configuration files • Starting services
  • 9.
    We commonly refer tothis pattern as: Package, Config, Service
  • 10.
    Package Class class bind::package{ package { $bind::packages: ensure => installed, } }
  • 11.
    Config Class class bind::config{ file { $bind::config_file: content => template(“${module_name}/named.conf”), owner => $bind::user, group => $bind::group, mode => ‘0644’, } }
  • 12.
    Service Class class bind::service{ service { $bind::services: ensure => running, enable => true, hasstatus => true, hasrestart => true, } }
  • 13.
    Main Class class bind{ anchor { ‘bind::start’: }-> class { ‘bind::package’: }~> class { ‘bind::config’: }~> class { ‘bind::service’: }~> anchor { ‘bind::end’: } }
  • 14.
    What are anchors? • Provided in stdlib • Anchors are resource that ‘do nothing’ • They ensure the edge of the classes are demarcated properly so the graph executes in the expected order
  • 15.
  • 16.
    Defined Resources define bind::zone( $value = ‘nil’ ){ file { “/etc/bind/config.d/${name}.conf”: content => “${name} = ${value}n”, require => Class[‘bind::package’], notify => Class[‘bind::service’], } }
  • 17.
    Package, Config, Service Pattern • This pattern is good for ~80% of situations. • Deals with ordering in a non-complex way, working with defined resources as well.
  • 18.
  • 19.
    Default Parameters • Most parameters have OS dependant defaults. • In the past this was done with case statements in the main modules.
  • 20.
    Class Parameters • I generally use two types of class parameters: • User-tuneable parameters • Advanced parameters for overriding items such as package name, service name configuration file paths
  • 21.
    Params Pattern The trickis to move your OS based param lookup into manifests/params.pp: class bind::params { case $::operatingsystem { 'ubuntu', 'debian': { $package = 'bind9' $service = 'bind9' $config_dir = '/etc/bind' } ‘centos’, ‘redhat’: { $package = ‘bind’ $service = ‘bind’ $config_dir = ‘/etc/named’ } default: { fail(“Unknown OS: $::operatingsystem”) } } }
  • 22.
    Params Pattern Then inheritthis in your base class like so: class bind ( $package = $bind::params::package, $service = $bind::params::service, $config_dir = $bind::params::config_dir ) inherits bind::params { ... }
  • 23.
    Params Pattern Then elsewherein your code, reference the fully qualified parameter from your bind class: class bind::package { package { $bind::packages: ensure => installed, } }
  • 24.
    Puppet Module Tool willnow be a Puppet Face!
  • 25.
    Puppet Module Tool #puppet help module USAGE: puppet module <action> This subcommand can find, install, and manage modules from the Puppet Forge, a repository of user-contributed Puppet code. It can also generate empty modules, and prepare locally developed modules for release on the Forge. OPTIONS: --mode MODE - The run mode to use (user, agent, or master). --render-as FORMAT - The rendering format to use. --verbose - Whether to log verbosely. --debug - Whether to log debug information. ACTIONS: build Build a module release package. changes Show modified files of an installed module. clean Clean the module download cache. generate Generate boilerplate for a new module. install Install a module from a repository or release archive. list List installed modules search Search a repository for a module. uninstall Uninstall a puppet module. upgrade Upgrade a puppet module. See 'puppet man module' or 'man puppet-module' for full help.
  • 26.
    Puppet Module Face • Obviously still subject to design changes before release ....
  • 27.
  • 28.
    Validating Parameters • Your allowed set of class parameters are like an Interface Contract to your users • A lot of bugs in code are to do with bad input • We have three mechanisms for validating input: • parameter definitions in the class • stdlib validate_* functions • kwalify
  • 29.
    Kwalify Validation • Uses the kwalify library - which is a language independent way of validating JSON/YAML style data structures. • Kwalify has binding in many languages - so its a nice universal choice for structured data validation.
  • 30.
    Kwalify • Provides a single declarative way of defining what parameters are valid. • When validation fails, it shows all cases of failure. • Doesn’t handle logical validation across components - you’ll have to do this yourself.
  • 31.
    A Kwalify Schema in Puppet DSL $schema = { 'type' => 'map', 'mapping' => { 'name' => { 'type' => 'str', 'pattern' => '/^w+s*w+$/', }, 'age' => { 'type' => 'str', 'pattern' => '/^d+$/', }, } }
  • 32.
    Kwalify Validation in DSL classbind ( ... ){ $args = get_scope_args() $schema = { ... } kwalify($schema, $args) }
  • 33.
  • 34.
    rspec-puppet • Tim Sharpe (@rodjek) from Github created it • Rspec is often used by Puppet for testing, so it made sense for us to use rspec-puppet • The same facility can be used for testing Puppet DSL and Ruby code as well: providers, types, facts etc.
  • 35.
    rspec-puppet • Is able to test: • Classes • Defined Resources • Nodes • Functions
  • 36.
    rspec-puppet • Paths for tests: • Classes: • spec/classes/<name_of_class>_spec.rb • Defined Resources • spec/defines/<name_of_define>_spec.rb
  • 37.
    rspec-puppet For class testing,the idea is to test your compiled catalogue. The following just tests if your class compiles with no parameters: # spec/classes/bind_spec.rb require 'spec_helper' describe 'bind', :type => :class do let(:facts) do { :operatingsystem => "CentOS" } end describe 'when only mandatory parameters are provided' do let(:params) do {} end it 'class should get included' do subject.should contain_class('bind') end end end
  • 38.
    rspec-puppet You also wantto make sure your expectations of how the catalogue should look after compilation are met: it ‘bind package should be defined’ do subject.should contain_package(‘bind’) end it ‘bind service should be defined’ do subject.should contain_service(‘bind’) end
  • 39.
    rspec-puppet For testing templates, we can do something a little different: it 'changing authnxdomain should modify template' do params = { :config_options = "/tmp/named.conf.options" :options = { "authnxdomain" => "yes", } } content = param_value("file", "/tmp/named.conf.options", "content") content.should =~ /authnxdomain yes/ end
  • 40.
    rspec-puppet Requires a spec/spec_helper.rb file with appropriate settings: require 'rspec' require 'rspec-puppet' require 'puppet' require 'mocha' fixture_path = File.expand_path(File.join(File.dirname(__FILE__), 'fixtures')) RSpec.configure do |c| c.module_path = File.join(fixture_path, 'modules') c.manifest_dir = File.join(fixture_path, 'manifests') end
  • 41.
    rspec-puppet Also the followingshould be added to your Rakefile to get ‘rake spec’ to work: require 'rubygems' require 'rspec/core/rake_task' RSpec::Core::RakeTask.new do |t| t.pattern = 'spec/*/*_spec.rb' end
  • 42.
  • 43.
    Importance of Good CodingStyle • Code is read much more often then it is written (did Guido van Rossum say this?) • Other people being able to read your code is important to attract contributors • Contributors make your code better and ultimately more successful
  • 44.
    Style Guide • Available here: • http://docs.puppetlabs.com/guides/style_guide.html
  • 45.
    puppet-lint • Also made by Tim Sharpe from Github • Uses the Puppet Labs style guide • Saves time, as it tells you what is wrong with your content before a code review
  • 46.
    Using it inyour Rakefile Download the gem: gem install puppet-lint Then just add the following to your modules Rakefile: require 'puppet-lint/tasks/puppet-lint'
  • 47.
    Running it: # rakelint Evaluating manifests/init.pp Evaluating manifests/config.pp Evaluating manifests/package.pp Evaluating manifests/service.pp
  • 48.
  • 49.
    The Modulefile • Provides meta data for your module • Includes dependencies • In the future the module tool can use these dependencies to download extra modules as needed • Is used to generate metadata.json, which is used by the forge
  • 50.
    The Modulefile name 'puppetlabs-bind' version'0.0.1' source 'https://github.com/puppetlabs/puppetlabs-bind.git' author 'Puppet Labs Inc.' license 'ASL 2.0' summary 'ISC Bind Module' description 'Installs and configures the ISC BIND DNS server' project_page 'http://forge.puppetlabs.com/puppetlabs/bind' dependency 'puppetlabs/stdlib', '>= 2.2.1' dependency 'puppetlabs/kwalify', '>= 0.0.1' dependency 'ripienaar/concat', '>= 20100507'
  • 51.
    Packaging using the module tool # puppet-module build =================================================== Building /Users/ken/Development/puppetlabs-bind for release ----------------------------------------------------------- Done. Built: pkg/puppetlabs-bind-0.0.1.tar.gz
  • 52.
    Uploading To the Forge • Create an account - this username will be publicly visible, so if you are a company create a shared one • Create a project - this is the short name of the module • Create a revision - this is the revision you wish to upload. Use semantic versioning if you can ie. 1.2.0, 3.1.2 etc. • Upload your revision, this is the tar.gz file created in pkg/ with puppet-module build
  • 53.
    Using a forge module Using the new module face you can install the forge module: # puppet module search bind # puppet module install puppetlabs-bind
  • 54.
    Future Work Needed forModules • Acceptance Testing • ‘Real’ build testing, perhaps using monitoring frameworks for acceptance? • Hiera and data lookup methodology • Using Hiera to emulate the params pattern
  • 55.

Editor's Notes

  • #2 \n
  • #3 \n
  • #4 \n
  • #5 Which is what this talk will hopefully help you all achieve.\n
  • #6 New(ish) because most of these ideas have been kicking around for a while, but only used in anger recently. Kwalify is new, only published to the forge on Wednesday.\n
  • #7 I&amp;#x2019;ll show you some patterns, and jump back and forth between code and this slidepack. In my examples, I&amp;#x2019;ll but using my in-development &amp;#x2018;bind&amp;#x2019; module as the basis of some of my examples where applicable.\n
  • #8 Providing a consistent mechanism for writing a module means we get the boring stuff out of the way earlier. Less fapping about with style &amp; layout of code. It also means we can learn from others mistakes - and wins.\n
  • #9 If you&amp;#x2019;ve ever been to any of out training courses - we talk about this quite a bit.\n
  • #10 Or Package, File, Service - but file is a bit ambigous - since a package is a file right?\nThis pattern breaks these three major items into consecutive chunks, in Puppet terms - sub classes.\n
  • #11 Contains all &amp;#x2018;package&amp;#x2019; related data.\n
  • #12 Contains all &amp;#x2018;configuration&amp;#x2019; related resources.\n
  • #13 Contains all &amp;#x2018;service&amp;#x2019; related resources. Possibly even Cron or Scheduled jobs ...\nNext slide: main class\n
  • #14 This class &amp;#x2018;brings it all together&amp;#x2019; using anchors. This provides course grained relationships between the Package, Config &amp; Service classes. You can see our usage of chained resources, this is mainly so it looks sexy.\n
  • #15 Anchors may look strange, but you need them to surround classes to ensure ordering is done correctly. This is due to ambiguous boundaries for classes in the graph. This is more or less a work-around for a &amp;#x2018;bug&amp;#x2019; or design flaw, and is more obvious when you have multiple layers of classes.\n
  • #16 Defined resources fit well with this pattern because you can now just build up relationships with the classes. ie. you require the package class, and notify the service class.\n
  • #17 This is a contrived example, and not really how you would manage a zone - but I just want to show how a resource inside a defined resource can establish relationships with the course grained package,config,service classes. Also - the beauty of this - is that you can notify and require these classes _outside_ of the module.\n
  • #18 I generally drop this pattern in as a template for customers so they can just copy it and modify to taste.\nNext section: Params Pattern\n
  • #19 \n
  • #20 \n
  • #21 \n
  • #22 The default will stop the code from working on non-supported operating systems. This may not always be desirable, but sometime its hard to find reasonable defaults in this case.\n
  • #23 Yes - it looks wordy. Now you can use these variables directly in your class - $package, $service, $config_dir.\n
  • #24 By doing it this way, you allow users who define class parameters to override the params defaults.\nAlso - check out RI Pienaars patterns around using Hiera and his take on the params pattern using the Hiera Puppet backend.\nNext Topic: Puppet Module as a Face?\n
  • #25 \n
  • #26 \n
  • #27 \n
  • #28 \n
  • #29 \n
  • #30 \n
  • #31 \n
  • #32 At this point I&amp;#x2019;ll just drop to the console and show it in action.\n
  • #33 \n
  • #34 \n
  • #35 \n
  • #36 \n
  • #37 These are conventions for layouts, but its recommended sticking to these conventions for the examples to work.\n
  • #38 \n
  • #39 \n
  • #40 \n
  • #41 \n
  • #42 \n
  • #43 \n
  • #44 \n
  • #45 \n
  • #46 \n
  • #47 \n
  • #48 \n
  • #49 \n
  • #50 \n
  • #51 \n
  • #52 \n
  • #53 \n
  • #54 \n
  • #55 \n
  • #56 \n