SlideShare a Scribd company logo
PUPPET MODULES:
AN HOLISTIC APPROACH
    PuppetCamp Dublin 2012

     Alessandro Franceschi
LAB 42
• 2007   - Meet Puppet. Managed the Bank of Italy webfarm

• 2008   - First generation of Lab42 Puppet Modules

• 2009   - Multi OS support and standardization of the modules

• 2010   - A redesigned and coherent Example42 Module set
  Puppet Modules Standards and Interoperability (PuppetCamp Europe 2010 - Belgium)
  Re-Use your Modules! (PuppetCamp 2010 - San Francisco)


• 2011   - Introducing Puppi
  Puppi: Puppet strings to the shell (PuppetCamp Europe 2011 - Amsterdam)


• 2012   - Example42 Next Gen modules
  Developing IT Infrastructures with Puppet (CodeMotion 2012 - Rome)
WE ALL LOVE
               AND USE PUPPET FOR


• Systems   Configuration

• (Automatic)   Monitoring based on specific tools

• Facts   based Inventory

• Manage, at   times, Applications deployments

• Infrastructure   Orchestration (coupled with MCollective)
WE LIKE
             TO EXTEND PUPPET TO
• Abstract Automatic     Monitoring (whatever the tool)

• Automatic   Firewalling

• Standardize   Applications deployments

• Enrich    Systems Inventory

• Shell   Extension (“Puppet Knowledge to the CLI”)

• Provide   a coherent and integrated modules ecosystem
PUPPET MODULES MANTRAS
•   Data Separation
    •   Configuration data is defined outside the module (or Puppet manifests)
    •   Module’s behavior is managed via APIs
•   Reusability
    •   ReUse the same module in different shops
    •   Customize its behavior without changing its code
    •   Do not force how configurations are provided
•   Standardization
    •   Follow PuppetLabs layout guidelines (puppet-lint)
    •   Have a coherent, predictable and intuitive interface
    •   Provide contextual documentation (puppet-doc)
•   Interoperability
    •   Limit dependencies. Allow modules’ cherry picking
    •   Be self contained, do not interfere with other modules’ resources
•   Cross Operating System support
    •   Provide sensible defaults for different OSes
    •   Allow easy implementation of support of new OSes
EXAMPLE42 NEXT GEN
•   Coherent and Standardized structure
•   Best Practices module design (with some tweaks...)
•   Easily extendable Cross OS support
•   Complete API exposure via parameters
•   Extreme Customizations options
•   Alternative Data Separation options
•   Complete Decommissioning features
•   Optional Automatic Monitoring Abstraction
•   Optional Automatic Firewalling
•   Optional Puppi support to enhance the CLI experience
•   Exhaustive PuppetDoc documentation
•   Integrated Rspec-Puppet tests
•   Code Puppet-Lint compliant
•   Quick module scaffolding based on different templates


                                                       ... not exactly easy to read....
BASIC USAGE
• One    Module. One Application. One main class.

• Install   openssh with default settings:
  class { 'openssh': }

• Equivalent    to:
  include openssh

• Default    behavior:
  •   Install package
  •   Run and enable service
  •   Do not alter configurations
DATA INPUT ALTERNATIVES
• Set   (top scope/ENC) variables and include classes:
 $::openssh_template = 'site/openssh/openssh.conf.erb'
 include openssh

• Use   Hiera:
 hiera(‘openssh_template’)
 include openssh

• Use   parametrized classes:
 class { 'openssh':
    template => 'site/openssh/openssh.conf.erb',
 }

• Happily   mix different patterns:
 $::monitor = true
 $::monitor_tool = [ 'nagios' , 'munin' , 'puppi' ]
 class { 'openssh':
    template => 'site/openssh/openssh.conf.erb',
 }
DECOMMISSIONING
• Disable   openssh service:
 class { 'openssh':
   disable => true
 }

• Disable   openssh service only at boot time:
 class { 'openssh':
   disableboot => true
 }

• Remove    openssh (package and files):
 class { 'openssh':
   absent => true
 }

• Monitoring   and firewalling resources removal is automatically
 managed
MANAGE BEHAVIOR
• Enable Auditing:
 class { 'openssh':
   audit_only => true, # Default: false
 }
   (No changes to configuration files are made and what would be done is audited)

• Disable    service autorestart:
 class { 'openssh':
   service_autorestart => false, # Default: true
 }
   (No automatic service restart when a configuration file / dir changes)

• Manage     software version:
 class { 'foo':
   version => ‘1.2.0’, # Default: unset
 }
   Specify the package version you want to be installed.
   Set => ‘latest’ to force installation of latest version
CUSTOMIZE: CONFIGURATION FILE
• Provide   configuration as a static file ...
 class { 'openssh':
   source => ‘puppet:///modules/site/ssh/sshd.conf’,
 }

• an   array of files looked up on a first match logic ...
 class { 'openssh':
   source => ["puppet:///modules/site/ssh/sshd.conf-${fqdn}",
               "puppet:///modules/site/ssh/openssh.conf"],
 }

• As   an erb template:
 class { 'openssh':
   template => ‘site/ssh/sshd.conf.erb’,
 }

• Config    File Path is defined in params.pp (can be overriden):
   config_file = >’/etc/ssh/sshd_config’,
CUSTOM OPTIONS
•   With templates you can provide an hash of custom options:
     class { 'openssh':
       template => ‘site/ssh/sshd.conf.erb’,
       options => {
          'LogLevel' => 'INFO',
          'UsePAM'   => 'yes',
       },
     }

•   Alternative ways to use the options hash in an erb template:
    •   Direct but not safe (you must always provide all the used options)
     UsePAM <%= options['UsePAM'] %>

    •   Failsafe with defaults (verbose but safe)
     <% if scope.lookupvar("openssh::options['UsePAM']") then -%>
     UsePAM <%= options['UsePAM'] %>
     <% else -%>
     UsePAM no
     <% end -%>

    •   Show what you have (useful for config files has defaults for every option)
     <% scope.lookupvar("openssh::options").sort_by {|key, value| key}.each do |key,
     value| -%>
     <%= key %> <%= value %>
     <% end -%>
CUSTOMIZE: CONFIGURATION DIR
• You   can manage the whole configuration directory:
 class { 'openssh':
   source_dir => ‘puppet:///modules/site/ssh/sshd/’,
 }
   This copies all the files in lab42/files/ssh/sshd/* to local config_dir


• Youcan purge any existing file on the destination config_dir
 which are not present on the source_dir path:
 class { 'openssh':
   source_dir => ‘puppet:///modules/site/ssh/sshd/’,
   source_dir_purge => true, # default is false
 }
   WARNING: Use with care

• Config    Dir Path is defined in params.pp (can be overriden):
   config_dir = >’/etc/ssh’,
CUSTOMIZE: CUSTOM CLASS
• Provide    added resources in a custom class:
 class { 'openssh':
   my_class => ‘site/my_openssh’,
 }
   This autoloads: site/manifests/my_openssh.pp


• Custom      class can have whatever you may need to add:
 class site::my_openssh {
   file { "motd":
     path => "/etc/motd",
     content => template("site/openssh/motd.erb"),
   }
 }
   You hardly need to inherit openssh: there are parameters for everything
   Do not call your class site::openssh, bad things may happen.
CUSTOMIZE: PATHS AND NAMES
• An   example: Use the puppet module to manage pe-puppet!

 class { 'puppet':
   template            =>   'lab42/pe-puppet/puppet.conf.erb',
   package             =>   'pe-puppet',
   service             =>   'pe-puppet',
   service_status      =>   true,
   config_file         =>   '/etc/puppetlabs/puppet/puppet.conf',
   config_file_owner   =>   'root',
   config_file_group   =>   'root',
   config_file_init    =>   '/etc/sysconfig/pe-puppet',
   process             =>   ‘ruby’,
   process_args        =>   ‘puppet’,
   process_user        =>   ‘root’,
   config_dir          =>   '/etc/puppetlabs/puppet/',
   pid_file            =>   '/var/run/pe-puppet/agent.pid',
   log_file            =>   '/var/log/pe-puppet/puppet.log',
   log_dir             =>   '/var/log/pe-puppet',
 }
EXTEND: MONITOR
• Manage    automatic monitoring:
 class { 'openssh':
   monitor      => true,
   monitor_tool => [ ‘nagios’,‘puppi’,‘monit’ ],
   monitor_target => $::ip_addess # Default
 }


• Monitoring     is based on parameters defined in params.pp:
   port               =>   ‘22’,
   protocol           =>   ‘tcp’,
   service            =>   ‘ssh[d]’, # According to OS
   process            =>   ‘sshd’,
   process_args       =>   ‘‘,
   process_user       =>   ‘root‘,
   pid_file           =>   ‘/var/run/sshd.pid’,

• Abstraction     is managed in the Example42 monitor module
   Here “connectors” for different monitoring tools are defined and can be added (also using 3rd
   party modules).
EXTEND: FIREWALL
• Manage     automatic firewalling (host based):
 class { 'openssh':
   firewall      =>          true,
   firewall_tool =>          ‘iptables’,
   firewall_src =>           '10.0.0.0/8',
   firewall_dst =>           $::ipaddress_eth1, # Default is $::ipaddress
 }

• Firewallig    is based on these parameters defined in params.pp:
    port               => ‘22’,
    protocol           => ‘tcp’,

• Abstraction       is managed in the Example42 firewall module
    Currently only the “iptables” firewall_tool is defined, it uses Example42 iptables module to
    manage local iptables rules
EXTEND: PUPPI
• Manage    Puppi integration:
 class { 'openssh':
   puppi        => true, # Default: false
   puppi_helper => ‘standard’ # Default
 }

• The   Puppi module is a prerequisite for all Example42 modules
   Is required because it provides common libs, widely used in the modules
   BUT the actual puppi integration is optional (and disabled by default)


• Puppi   integration allows CLI enrichment commands like:
 puppi info openssh
 puppi log openssh
 puppi check openssh
   Note: puppi support for info/log commands for NextGen modules is under development


• Puppi   helpers allow you to customize puppi behavior
PARAMS_LOOKUP EVERYWHERE
•   Each parameter on NextGen class is passed via params_lookup
class openssh (
[...] # openssh module specific parameters ...
  $my_class            = params_lookup( 'my_class' ),
  $source              = params_lookup( 'source' ),
  $source_dir          = params_lookup( 'source_dir' ),
  $source_dir_purge    = params_lookup( 'source_dir_purge' ),
  $template            = params_lookup( 'template' ),
  $service_autorestart = params_lookup( 'service_autorestart' , 'global' ),
  $options             = params_lookup( 'options' ),
  $version             = params_lookup( 'version' ),
  $absent              = params_lookup( 'absent' ),
  $disable             = params_lookup( 'disable' ),
  $disableboot         = params_lookup( 'disableboot' ),
  $monitor             = params_lookup( 'monitor' , 'global' ),
  $monitor_tool        = params_lookup( 'monitor_tool' , 'global' ),
  $monitor_target      = params_lookup( 'monitor_target' , 'global' ),
[...] # Other common parameters
  ) inherits openssh::params {
[...]
}


•   Different kind of params that:
    •   Are module specific (no one defined in this openssh module)
    •   Allow customizations (my_class, source, template ...)
    •   Affect module’s behavior (absent, disable, service_autorestart, audit_only ...)
    •   Manage extensions (monitor, monitor_tool, firewall, puppi ...)
    •   Define application data (port, config_file, process, package ... )
PARAMS.PP
•   Each module has a params class where defaults are set for different OS
class openssh::params {
  ### Application related parameters
  $package = $::operatingsystem ? {
    default => 'openssh-server',
  }
  $service = $::operatingsystem ? {
    /(?i:Debian|Ubuntu|Mint)/ => 'ssh',
    default                   => 'sshd',
  }
  $process = $::operatingsystem ? {
    default => 'sshd',
  }
  [...]
  $port = '22'
  $protocol = 'tcp'

  # General Settings
  $my_class = ''
  $source = ''
  $source_dir = ''
  $source_dir_purge = ''
  [...]

  ### General module variables that can have a site or per module default
  $monitor = false
  $monitor_tool = ''
  $monitor_target = $::ipaddress
  $firewall = false
  $firewall_tool = ''
  $firewall_src = '0.0.0.0/0'
  [...]

}
PARAMS_LOOKUP ORDER
•   params_lookup is a function provided by the puppi module
•   It allows data to be defined in different ways:
    •   Via Hiera, if available
    •   As Top Scope variable (as provided by External Node Classifiers)
    •   Via defaults set in the module’s params class
•   The “global” argument is used to define site_wide behaviour

•   Example:
     class { ‘openssh’:
       monitor => true
     }                  # If there’s a direct param that’s the value, otherwise:

     # If hiera is available:
     hiera(“monitor”)         # If global lookup is set
     hiera(“openssh_monitor”) # A module specific value overrides the global one

     # If variable is still not evaluated:
     $::monitor         # If global lookup is set
     $::openssh_monitor # If present, overrides $::monitor

     $openssh::params::monitor # Module’s predefined value is used as default
DOWNLOAD
• Example42   Puppet Modules Site: http://www.example42.com

• GitHub   repositories: http://github.com/example42

• Download:
 git clone -r http://github.com/example42/puppet-modules-nextgen

• Note   on GitHub repos:
 •   puppet-modules-nextgen contains only NextGen modules
 •   puppet-modules contains both NextGen and older modules
ONE MORE THING...
• How       to make a NextGen module
 git clone -r http://github.com/example42/puppet-modules-nextgen
 cd puppet-modules-nextgen
 Example42-tools/module_clone.sh

 This script creates a skeleton for a new module based on different Example42 foo module
 templates. Run it from the directory that contains the foo module (moduledir).
 By default it uses the "foo" module as template.
 Specify -t <source_module> to use a different template.
 Example:
 Example42-tools/module_clone.sh -t foo_webapp

 Source module template is foo
 Enter the name of the new module based on foo:                          mynewmodule
     E d i t my n e w m o d u l e / m a n i fe s t s / p a r a m s . p p t o m a n a g e s u p p o r t fo r d i f fe r e n t
     OSes

•A new module (with the features seen so far) based on the
 foo standard template is done. Add features and application /
 OS specific resources to enrich it

More Related Content

What's hot

Puppet: From 0 to 100 in 30 minutes
Puppet: From 0 to 100 in 30 minutesPuppet: From 0 to 100 in 30 minutes
Puppet: From 0 to 100 in 30 minutes
Alessandro Franceschi
 
Puppet Continuous Integration with PE and GitLab
Puppet Continuous Integration with PE and GitLabPuppet Continuous Integration with PE and GitLab
Puppet Continuous Integration with PE and GitLab
Alessandro Franceschi
 
Anatomy of a reusable module
Anatomy of a reusable moduleAnatomy of a reusable module
Anatomy of a reusable module
Alessandro Franceschi
 
Puppet control-repo 
to the next level
Puppet control-repo 
to the next levelPuppet control-repo 
to the next level
Puppet control-repo 
to the next level
Alessandro Franceschi
 
Oliver hookins puppetcamp2011
Oliver hookins puppetcamp2011Oliver hookins puppetcamp2011
Oliver hookins puppetcamp2011
Puppet
 
Learning Puppet Chapter 1
Learning Puppet Chapter 1Learning Puppet Chapter 1
Learning Puppet Chapter 1
Vishal Biyani
 
Enjoying the Journey from Puppet 3.x to Puppet 4.x (PuppetConf 2016)
Enjoying the Journey from Puppet 3.x to Puppet 4.x (PuppetConf 2016)Enjoying the Journey from Puppet 3.x to Puppet 4.x (PuppetConf 2016)
Enjoying the Journey from Puppet 3.x to Puppet 4.x (PuppetConf 2016)
Robert Nelson
 
Puppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepoPuppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepo
Puppet
 
Modules of the twenties
Modules of the twentiesModules of the twenties
Modules of the twenties
Puppet
 
Puppet Camp Paris 2016 Data in Modules
Puppet Camp Paris 2016 Data in ModulesPuppet Camp Paris 2016 Data in Modules
Puppet Camp Paris 2016 Data in Modules
Martin Alfke
 
Auto Deploy Deep Dive – vBrownBag Style
Auto Deploy Deep Dive – vBrownBag StyleAuto Deploy Deep Dive – vBrownBag Style
Auto Deploy Deep Dive – vBrownBag Style
Robert Nelson
 
Power of Puppet 4
Power of Puppet 4Power of Puppet 4
Power of Puppet 4
Martin Alfke
 
Learning puppet chapter 3
Learning puppet chapter 3Learning puppet chapter 3
Learning puppet chapter 3
Vishal Biyani
 
Learning puppet chapter 2
Learning puppet chapter 2Learning puppet chapter 2
Learning puppet chapter 2
Vishal Biyani
 
Troubleshooting Puppet
Troubleshooting PuppetTroubleshooting Puppet
Troubleshooting Puppet
Thomas Howard Uphill
 
Pytest - testing tips and useful plugins
Pytest - testing tips and useful pluginsPytest - testing tips and useful plugins
Pytest - testing tips and useful plugins
Andreu Vallbona Plazas
 
PECL Picks - Extensions to make your life better
PECL Picks - Extensions to make your life betterPECL Picks - Extensions to make your life better
PECL Picks - Extensions to make your life better
ZendCon
 
Scalable Systems Management with Puppet
Scalable Systems Management with PuppetScalable Systems Management with Puppet
Scalable Systems Management with Puppet
Puppet
 
Effective testing with pytest
Effective testing with pytestEffective testing with pytest
Effective testing with pytest
Hector Canto
 
Keep your repo clean
Keep your repo cleanKeep your repo clean
Keep your repo clean
Hector Canto
 

What's hot (20)

Puppet: From 0 to 100 in 30 minutes
Puppet: From 0 to 100 in 30 minutesPuppet: From 0 to 100 in 30 minutes
Puppet: From 0 to 100 in 30 minutes
 
Puppet Continuous Integration with PE and GitLab
Puppet Continuous Integration with PE and GitLabPuppet Continuous Integration with PE and GitLab
Puppet Continuous Integration with PE and GitLab
 
Anatomy of a reusable module
Anatomy of a reusable moduleAnatomy of a reusable module
Anatomy of a reusable module
 
Puppet control-repo 
to the next level
Puppet control-repo 
to the next levelPuppet control-repo 
to the next level
Puppet control-repo 
to the next level
 
Oliver hookins puppetcamp2011
Oliver hookins puppetcamp2011Oliver hookins puppetcamp2011
Oliver hookins puppetcamp2011
 
Learning Puppet Chapter 1
Learning Puppet Chapter 1Learning Puppet Chapter 1
Learning Puppet Chapter 1
 
Enjoying the Journey from Puppet 3.x to Puppet 4.x (PuppetConf 2016)
Enjoying the Journey from Puppet 3.x to Puppet 4.x (PuppetConf 2016)Enjoying the Journey from Puppet 3.x to Puppet 4.x (PuppetConf 2016)
Enjoying the Journey from Puppet 3.x to Puppet 4.x (PuppetConf 2016)
 
Puppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepoPuppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepo
 
Modules of the twenties
Modules of the twentiesModules of the twenties
Modules of the twenties
 
Puppet Camp Paris 2016 Data in Modules
Puppet Camp Paris 2016 Data in ModulesPuppet Camp Paris 2016 Data in Modules
Puppet Camp Paris 2016 Data in Modules
 
Auto Deploy Deep Dive – vBrownBag Style
Auto Deploy Deep Dive – vBrownBag StyleAuto Deploy Deep Dive – vBrownBag Style
Auto Deploy Deep Dive – vBrownBag Style
 
Power of Puppet 4
Power of Puppet 4Power of Puppet 4
Power of Puppet 4
 
Learning puppet chapter 3
Learning puppet chapter 3Learning puppet chapter 3
Learning puppet chapter 3
 
Learning puppet chapter 2
Learning puppet chapter 2Learning puppet chapter 2
Learning puppet chapter 2
 
Troubleshooting Puppet
Troubleshooting PuppetTroubleshooting Puppet
Troubleshooting Puppet
 
Pytest - testing tips and useful plugins
Pytest - testing tips and useful pluginsPytest - testing tips and useful plugins
Pytest - testing tips and useful plugins
 
PECL Picks - Extensions to make your life better
PECL Picks - Extensions to make your life betterPECL Picks - Extensions to make your life better
PECL Picks - Extensions to make your life better
 
Scalable Systems Management with Puppet
Scalable Systems Management with PuppetScalable Systems Management with Puppet
Scalable Systems Management with Puppet
 
Effective testing with pytest
Effective testing with pytestEffective testing with pytest
Effective testing with pytest
 
Keep your repo clean
Keep your repo cleanKeep your repo clean
Keep your repo clean
 

Similar to Puppet modules: An Holistic Approach

Puppet Modules for Fun and Profit
Puppet Modules for Fun and ProfitPuppet Modules for Fun and Profit
Puppet Modules for Fun and Profit
Puppet
 
Provisioning with Puppet
Provisioning with PuppetProvisioning with Puppet
Provisioning with Puppet
Joe Ray
 
Puppet: Eclipsecon ALM 2013
Puppet: Eclipsecon ALM 2013Puppet: Eclipsecon ALM 2013
Puppet: Eclipsecon ALM 2013
grim_radical
 
modern module development - Ken Barber 2012 Edinburgh Puppet Camp
modern module development - Ken Barber 2012 Edinburgh Puppet Campmodern module development - Ken Barber 2012 Edinburgh Puppet Camp
modern module development - Ken Barber 2012 Edinburgh Puppet Camp
Puppet
 
From Dev to DevOps - Codemotion ES 2012
From Dev to DevOps - Codemotion ES 2012From Dev to DevOps - Codemotion ES 2012
From Dev to DevOps - Codemotion ES 2012
Carlos Sanchez
 
Puppet getting started by Dirk Götz
Puppet getting started by Dirk GötzPuppet getting started by Dirk Götz
Puppet getting started by Dirk Götz
NETWAYS
 
Writing and Publishing Puppet Modules - PuppetConf 2014
Writing and Publishing Puppet Modules - PuppetConf 2014Writing and Publishing Puppet Modules - PuppetConf 2014
Writing and Publishing Puppet Modules - PuppetConf 2014
Puppet
 
From Dev to DevOps - ApacheCON NA 2011
From Dev to DevOps - ApacheCON NA 2011From Dev to DevOps - ApacheCON NA 2011
From Dev to DevOps - ApacheCON NA 2011
Carlos Sanchez
 
Puppet quick start guide
Puppet quick start guidePuppet quick start guide
Puppet quick start guide
Suhan Dharmasuriya
 
openQA hands on with openSUSE Leap 42.1 - openSUSE.Asia Summit ID 2016
openQA hands on with openSUSE Leap 42.1 - openSUSE.Asia Summit ID 2016openQA hands on with openSUSE Leap 42.1 - openSUSE.Asia Summit ID 2016
openQA hands on with openSUSE Leap 42.1 - openSUSE.Asia Summit ID 2016
Ben Chou
 
Writing and Publishing Puppet Modules
Writing and Publishing Puppet ModulesWriting and Publishing Puppet Modules
Writing and Publishing Puppet Modules
Puppet
 
Strategies for Puppet code upgrade and refactoring
Strategies for Puppet code upgrade and refactoringStrategies for Puppet code upgrade and refactoring
Strategies for Puppet code upgrade and refactoring
Alessandro Franceschi
 
20090514 Introducing Puppet To Sasag
20090514 Introducing Puppet To Sasag20090514 Introducing Puppet To Sasag
20090514 Introducing Puppet To Sasag
garrett honeycutt
 
From Dev to DevOps
From Dev to DevOpsFrom Dev to DevOps
From Dev to DevOps
Agile Spain
 
Workflow story: Theory versus Practice in large enterprises by Marcin Piebiak
Workflow story: Theory versus Practice in large enterprises by Marcin PiebiakWorkflow story: Theory versus Practice in large enterprises by Marcin Piebiak
Workflow story: Theory versus Practice in large enterprises by Marcin Piebiak
NETWAYS
 
Workflow story: Theory versus practice in Large Enterprises
Workflow story: Theory versus practice in Large EnterprisesWorkflow story: Theory versus practice in Large Enterprises
Workflow story: Theory versus practice in Large Enterprises
Puppet
 
From Dev to DevOps - FOSDEM 2012
From Dev to DevOps - FOSDEM 2012From Dev to DevOps - FOSDEM 2012
From Dev to DevOps - FOSDEM 2012
Carlos Sanchez
 
Portland Puppet User Group June 2014: Writing and publishing puppet modules
Portland Puppet User Group June 2014: Writing and publishing puppet modulesPortland Puppet User Group June 2014: Writing and publishing puppet modules
Portland Puppet User Group June 2014: Writing and publishing puppet modules
Puppet
 
June 2014 PDX PUG: Writing and Publishing Puppet Modules
June 2014 PDX PUG: Writing and Publishing Puppet Modules June 2014 PDX PUG: Writing and Publishing Puppet Modules
June 2014 PDX PUG: Writing and Publishing Puppet Modules
Puppet
 
Introduction to puppet - Hands on Session at HPI Potsdam
Introduction to puppet - Hands on Session at HPI PotsdamIntroduction to puppet - Hands on Session at HPI Potsdam
Introduction to puppet - Hands on Session at HPI Potsdam
Christoph Oelmüller
 

Similar to Puppet modules: An Holistic Approach (20)

Puppet Modules for Fun and Profit
Puppet Modules for Fun and ProfitPuppet Modules for Fun and Profit
Puppet Modules for Fun and Profit
 
Provisioning with Puppet
Provisioning with PuppetProvisioning with Puppet
Provisioning with Puppet
 
Puppet: Eclipsecon ALM 2013
Puppet: Eclipsecon ALM 2013Puppet: Eclipsecon ALM 2013
Puppet: Eclipsecon ALM 2013
 
modern module development - Ken Barber 2012 Edinburgh Puppet Camp
modern module development - Ken Barber 2012 Edinburgh Puppet Campmodern module development - Ken Barber 2012 Edinburgh Puppet Camp
modern module development - Ken Barber 2012 Edinburgh Puppet Camp
 
From Dev to DevOps - Codemotion ES 2012
From Dev to DevOps - Codemotion ES 2012From Dev to DevOps - Codemotion ES 2012
From Dev to DevOps - Codemotion ES 2012
 
Puppet getting started by Dirk Götz
Puppet getting started by Dirk GötzPuppet getting started by Dirk Götz
Puppet getting started by Dirk Götz
 
Writing and Publishing Puppet Modules - PuppetConf 2014
Writing and Publishing Puppet Modules - PuppetConf 2014Writing and Publishing Puppet Modules - PuppetConf 2014
Writing and Publishing Puppet Modules - PuppetConf 2014
 
From Dev to DevOps - ApacheCON NA 2011
From Dev to DevOps - ApacheCON NA 2011From Dev to DevOps - ApacheCON NA 2011
From Dev to DevOps - ApacheCON NA 2011
 
Puppet quick start guide
Puppet quick start guidePuppet quick start guide
Puppet quick start guide
 
openQA hands on with openSUSE Leap 42.1 - openSUSE.Asia Summit ID 2016
openQA hands on with openSUSE Leap 42.1 - openSUSE.Asia Summit ID 2016openQA hands on with openSUSE Leap 42.1 - openSUSE.Asia Summit ID 2016
openQA hands on with openSUSE Leap 42.1 - openSUSE.Asia Summit ID 2016
 
Writing and Publishing Puppet Modules
Writing and Publishing Puppet ModulesWriting and Publishing Puppet Modules
Writing and Publishing Puppet Modules
 
Strategies for Puppet code upgrade and refactoring
Strategies for Puppet code upgrade and refactoringStrategies for Puppet code upgrade and refactoring
Strategies for Puppet code upgrade and refactoring
 
20090514 Introducing Puppet To Sasag
20090514 Introducing Puppet To Sasag20090514 Introducing Puppet To Sasag
20090514 Introducing Puppet To Sasag
 
From Dev to DevOps
From Dev to DevOpsFrom Dev to DevOps
From Dev to DevOps
 
Workflow story: Theory versus Practice in large enterprises by Marcin Piebiak
Workflow story: Theory versus Practice in large enterprises by Marcin PiebiakWorkflow story: Theory versus Practice in large enterprises by Marcin Piebiak
Workflow story: Theory versus Practice in large enterprises by Marcin Piebiak
 
Workflow story: Theory versus practice in Large Enterprises
Workflow story: Theory versus practice in Large EnterprisesWorkflow story: Theory versus practice in Large Enterprises
Workflow story: Theory versus practice in Large Enterprises
 
From Dev to DevOps - FOSDEM 2012
From Dev to DevOps - FOSDEM 2012From Dev to DevOps - FOSDEM 2012
From Dev to DevOps - FOSDEM 2012
 
Portland Puppet User Group June 2014: Writing and publishing puppet modules
Portland Puppet User Group June 2014: Writing and publishing puppet modulesPortland Puppet User Group June 2014: Writing and publishing puppet modules
Portland Puppet User Group June 2014: Writing and publishing puppet modules
 
June 2014 PDX PUG: Writing and Publishing Puppet Modules
June 2014 PDX PUG: Writing and Publishing Puppet Modules June 2014 PDX PUG: Writing and Publishing Puppet Modules
June 2014 PDX PUG: Writing and Publishing Puppet Modules
 
Introduction to puppet - Hands on Session at HPI Potsdam
Introduction to puppet - Hands on Session at HPI PotsdamIntroduction to puppet - Hands on Session at HPI Potsdam
Introduction to puppet - Hands on Session at HPI Potsdam
 

More from Alessandro Franceschi

DevOps - Evoluzione della specie - DevOps Heroes.pdf
DevOps - Evoluzione della specie - DevOps Heroes.pdfDevOps - Evoluzione della specie - DevOps Heroes.pdf
DevOps - Evoluzione della specie - DevOps Heroes.pdf
Alessandro Franceschi
 
Tiny Puppet Can Install Everything. Prove me wrong!
Tiny Puppet Can Install Everything. Prove me wrong!Tiny Puppet Can Install Everything. Prove me wrong!
Tiny Puppet Can Install Everything. Prove me wrong!
Alessandro Franceschi
 
ReUse Your (Puppet) Modules!
ReUse Your (Puppet) Modules!ReUse Your (Puppet) Modules!
ReUse Your (Puppet) Modules!
Alessandro Franceschi
 
Ten years of [Puppet] installations. What now?
Ten years of [Puppet] installations. What now?Ten years of [Puppet] installations. What now?
Ten years of [Puppet] installations. What now?
Alessandro Franceschi
 
Tp install anything
Tp install anythingTp install anything
Tp install anything
Alessandro Franceschi
 
Puppet evolutions
Puppet evolutionsPuppet evolutions
Puppet evolutions
Alessandro Franceschi
 
Raise the bar! Reloaded
Raise the bar! ReloadedRaise the bar! Reloaded
Raise the bar! Reloaded
Alessandro Franceschi
 
Raise the bar!
Raise the bar!Raise the bar!
Raise the bar!
Alessandro Franceschi
 
Spaghetti devops
Spaghetti devopsSpaghetti devops
Spaghetti devops
Alessandro Franceschi
 

More from Alessandro Franceschi (9)

DevOps - Evoluzione della specie - DevOps Heroes.pdf
DevOps - Evoluzione della specie - DevOps Heroes.pdfDevOps - Evoluzione della specie - DevOps Heroes.pdf
DevOps - Evoluzione della specie - DevOps Heroes.pdf
 
Tiny Puppet Can Install Everything. Prove me wrong!
Tiny Puppet Can Install Everything. Prove me wrong!Tiny Puppet Can Install Everything. Prove me wrong!
Tiny Puppet Can Install Everything. Prove me wrong!
 
ReUse Your (Puppet) Modules!
ReUse Your (Puppet) Modules!ReUse Your (Puppet) Modules!
ReUse Your (Puppet) Modules!
 
Ten years of [Puppet] installations. What now?
Ten years of [Puppet] installations. What now?Ten years of [Puppet] installations. What now?
Ten years of [Puppet] installations. What now?
 
Tp install anything
Tp install anythingTp install anything
Tp install anything
 
Puppet evolutions
Puppet evolutionsPuppet evolutions
Puppet evolutions
 
Raise the bar! Reloaded
Raise the bar! ReloadedRaise the bar! Reloaded
Raise the bar! Reloaded
 
Raise the bar!
Raise the bar!Raise the bar!
Raise the bar!
 
Spaghetti devops
Spaghetti devopsSpaghetti devops
Spaghetti devops
 

Recently uploaded

How RPA Help in the Transportation and Logistics Industry.pptx
How RPA Help in the Transportation and Logistics Industry.pptxHow RPA Help in the Transportation and Logistics Industry.pptx
How RPA Help in the Transportation and Logistics Industry.pptx
SynapseIndia
 
Three New Criminal Laws in India 1 July 2024
Three New Criminal Laws in India 1 July 2024Three New Criminal Laws in India 1 July 2024
Three New Criminal Laws in India 1 July 2024
aakash malhotra
 
EuroPython 2024 - Streamlining Testing in a Large Python Codebase
EuroPython 2024 - Streamlining Testing in a Large Python CodebaseEuroPython 2024 - Streamlining Testing in a Large Python Codebase
EuroPython 2024 - Streamlining Testing in a Large Python Codebase
Jimmy Lai
 
Best Practices for Effectively Running dbt in Airflow.pdf
Best Practices for Effectively Running dbt in Airflow.pdfBest Practices for Effectively Running dbt in Airflow.pdf
Best Practices for Effectively Running dbt in Airflow.pdf
Tatiana Al-Chueyr
 
"Mastering Graphic Design: Essential Tips and Tricks for Beginners and Profes...
"Mastering Graphic Design: Essential Tips and Tricks for Beginners and Profes..."Mastering Graphic Design: Essential Tips and Tricks for Beginners and Profes...
"Mastering Graphic Design: Essential Tips and Tricks for Beginners and Profes...
Anant Gupta
 
WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdfWhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
ArgaBisma
 
How Social Media Hackers Help You to See Your Wife's Message.pdf
How Social Media Hackers Help You to See Your Wife's Message.pdfHow Social Media Hackers Help You to See Your Wife's Message.pdf
How Social Media Hackers Help You to See Your Wife's Message.pdf
HackersList
 
Recent Advancements in the NIST-JARVIS Infrastructure
Recent Advancements in the NIST-JARVIS InfrastructureRecent Advancements in the NIST-JARVIS Infrastructure
Recent Advancements in the NIST-JARVIS Infrastructure
KAMAL CHOUDHARY
 
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptx
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptxRPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptx
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptx
SynapseIndia
 
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
aslasdfmkhan4750
 
Tirana Tech Meetup - Agentic RAG with Milvus, Llama3 and Ollama
Tirana Tech Meetup - Agentic RAG with Milvus, Llama3 and OllamaTirana Tech Meetup - Agentic RAG with Milvus, Llama3 and Ollama
Tirana Tech Meetup - Agentic RAG with Milvus, Llama3 and Ollama
Zilliz
 
Google I/O Extended Harare Merged Slides
Google I/O Extended Harare Merged SlidesGoogle I/O Extended Harare Merged Slides
Google I/O Extended Harare Merged Slides
Google Developer Group - Harare
 
CHAPTER-8 COMPONENTS OF COMPUTER SYSTEM CLASS 9 CBSE
CHAPTER-8 COMPONENTS OF COMPUTER SYSTEM CLASS 9 CBSECHAPTER-8 COMPONENTS OF COMPUTER SYSTEM CLASS 9 CBSE
CHAPTER-8 COMPONENTS OF COMPUTER SYSTEM CLASS 9 CBSE
kumarjarun2010
 
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
sunilverma7884
 
July Patch Tuesday
July Patch TuesdayJuly Patch Tuesday
July Patch Tuesday
Ivanti
 
Feature sql server terbaru performance.pptx
Feature sql server terbaru performance.pptxFeature sql server terbaru performance.pptx
Feature sql server terbaru performance.pptx
ssuser1915fe1
 
Use Cases & Benefits of RPA in Manufacturing in 2024.pptx
Use Cases & Benefits of RPA in Manufacturing in 2024.pptxUse Cases & Benefits of RPA in Manufacturing in 2024.pptx
Use Cases & Benefits of RPA in Manufacturing in 2024.pptx
SynapseIndia
 
WhatsApp Spy Online Trackers and Monitoring Apps
WhatsApp Spy Online Trackers and Monitoring AppsWhatsApp Spy Online Trackers and Monitoring Apps
WhatsApp Spy Online Trackers and Monitoring Apps
HackersList
 
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-InTrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc
 
find out more about the role of autonomous vehicles in facing global challenges
find out more about the role of autonomous vehicles in facing global challengesfind out more about the role of autonomous vehicles in facing global challenges
find out more about the role of autonomous vehicles in facing global challenges
huseindihon
 

Recently uploaded (20)

How RPA Help in the Transportation and Logistics Industry.pptx
How RPA Help in the Transportation and Logistics Industry.pptxHow RPA Help in the Transportation and Logistics Industry.pptx
How RPA Help in the Transportation and Logistics Industry.pptx
 
Three New Criminal Laws in India 1 July 2024
Three New Criminal Laws in India 1 July 2024Three New Criminal Laws in India 1 July 2024
Three New Criminal Laws in India 1 July 2024
 
EuroPython 2024 - Streamlining Testing in a Large Python Codebase
EuroPython 2024 - Streamlining Testing in a Large Python CodebaseEuroPython 2024 - Streamlining Testing in a Large Python Codebase
EuroPython 2024 - Streamlining Testing in a Large Python Codebase
 
Best Practices for Effectively Running dbt in Airflow.pdf
Best Practices for Effectively Running dbt in Airflow.pdfBest Practices for Effectively Running dbt in Airflow.pdf
Best Practices for Effectively Running dbt in Airflow.pdf
 
"Mastering Graphic Design: Essential Tips and Tricks for Beginners and Profes...
"Mastering Graphic Design: Essential Tips and Tricks for Beginners and Profes..."Mastering Graphic Design: Essential Tips and Tricks for Beginners and Profes...
"Mastering Graphic Design: Essential Tips and Tricks for Beginners and Profes...
 
WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdfWhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
 
How Social Media Hackers Help You to See Your Wife's Message.pdf
How Social Media Hackers Help You to See Your Wife's Message.pdfHow Social Media Hackers Help You to See Your Wife's Message.pdf
How Social Media Hackers Help You to See Your Wife's Message.pdf
 
Recent Advancements in the NIST-JARVIS Infrastructure
Recent Advancements in the NIST-JARVIS InfrastructureRecent Advancements in the NIST-JARVIS Infrastructure
Recent Advancements in the NIST-JARVIS Infrastructure
 
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptx
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptxRPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptx
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptx
 
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
 
Tirana Tech Meetup - Agentic RAG with Milvus, Llama3 and Ollama
Tirana Tech Meetup - Agentic RAG with Milvus, Llama3 and OllamaTirana Tech Meetup - Agentic RAG with Milvus, Llama3 and Ollama
Tirana Tech Meetup - Agentic RAG with Milvus, Llama3 and Ollama
 
Google I/O Extended Harare Merged Slides
Google I/O Extended Harare Merged SlidesGoogle I/O Extended Harare Merged Slides
Google I/O Extended Harare Merged Slides
 
CHAPTER-8 COMPONENTS OF COMPUTER SYSTEM CLASS 9 CBSE
CHAPTER-8 COMPONENTS OF COMPUTER SYSTEM CLASS 9 CBSECHAPTER-8 COMPONENTS OF COMPUTER SYSTEM CLASS 9 CBSE
CHAPTER-8 COMPONENTS OF COMPUTER SYSTEM CLASS 9 CBSE
 
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
 
July Patch Tuesday
July Patch TuesdayJuly Patch Tuesday
July Patch Tuesday
 
Feature sql server terbaru performance.pptx
Feature sql server terbaru performance.pptxFeature sql server terbaru performance.pptx
Feature sql server terbaru performance.pptx
 
Use Cases & Benefits of RPA in Manufacturing in 2024.pptx
Use Cases & Benefits of RPA in Manufacturing in 2024.pptxUse Cases & Benefits of RPA in Manufacturing in 2024.pptx
Use Cases & Benefits of RPA in Manufacturing in 2024.pptx
 
WhatsApp Spy Online Trackers and Monitoring Apps
WhatsApp Spy Online Trackers and Monitoring AppsWhatsApp Spy Online Trackers and Monitoring Apps
WhatsApp Spy Online Trackers and Monitoring Apps
 
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-InTrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
 
find out more about the role of autonomous vehicles in facing global challenges
find out more about the role of autonomous vehicles in facing global challengesfind out more about the role of autonomous vehicles in facing global challenges
find out more about the role of autonomous vehicles in facing global challenges
 

Puppet modules: An Holistic Approach

  • 1. PUPPET MODULES: AN HOLISTIC APPROACH PuppetCamp Dublin 2012 Alessandro Franceschi
  • 2. LAB 42 • 2007 - Meet Puppet. Managed the Bank of Italy webfarm • 2008 - First generation of Lab42 Puppet Modules • 2009 - Multi OS support and standardization of the modules • 2010 - A redesigned and coherent Example42 Module set Puppet Modules Standards and Interoperability (PuppetCamp Europe 2010 - Belgium) Re-Use your Modules! (PuppetCamp 2010 - San Francisco) • 2011 - Introducing Puppi Puppi: Puppet strings to the shell (PuppetCamp Europe 2011 - Amsterdam) • 2012 - Example42 Next Gen modules Developing IT Infrastructures with Puppet (CodeMotion 2012 - Rome)
  • 3. WE ALL LOVE AND USE PUPPET FOR • Systems Configuration • (Automatic) Monitoring based on specific tools • Facts based Inventory • Manage, at times, Applications deployments • Infrastructure Orchestration (coupled with MCollective)
  • 4. WE LIKE TO EXTEND PUPPET TO • Abstract Automatic Monitoring (whatever the tool) • Automatic Firewalling • Standardize Applications deployments • Enrich Systems Inventory • Shell Extension (“Puppet Knowledge to the CLI”) • Provide a coherent and integrated modules ecosystem
  • 5. PUPPET MODULES MANTRAS • Data Separation • Configuration data is defined outside the module (or Puppet manifests) • Module’s behavior is managed via APIs • Reusability • ReUse the same module in different shops • Customize its behavior without changing its code • Do not force how configurations are provided • Standardization • Follow PuppetLabs layout guidelines (puppet-lint) • Have a coherent, predictable and intuitive interface • Provide contextual documentation (puppet-doc) • Interoperability • Limit dependencies. Allow modules’ cherry picking • Be self contained, do not interfere with other modules’ resources • Cross Operating System support • Provide sensible defaults for different OSes • Allow easy implementation of support of new OSes
  • 6. EXAMPLE42 NEXT GEN • Coherent and Standardized structure • Best Practices module design (with some tweaks...) • Easily extendable Cross OS support • Complete API exposure via parameters • Extreme Customizations options • Alternative Data Separation options • Complete Decommissioning features • Optional Automatic Monitoring Abstraction • Optional Automatic Firewalling • Optional Puppi support to enhance the CLI experience • Exhaustive PuppetDoc documentation • Integrated Rspec-Puppet tests • Code Puppet-Lint compliant • Quick module scaffolding based on different templates ... not exactly easy to read....
  • 7. BASIC USAGE • One Module. One Application. One main class. • Install openssh with default settings: class { 'openssh': } • Equivalent to: include openssh • Default behavior: • Install package • Run and enable service • Do not alter configurations
  • 8. DATA INPUT ALTERNATIVES • Set (top scope/ENC) variables and include classes: $::openssh_template = 'site/openssh/openssh.conf.erb' include openssh • Use Hiera: hiera(‘openssh_template’) include openssh • Use parametrized classes: class { 'openssh':  template => 'site/openssh/openssh.conf.erb', } • Happily mix different patterns: $::monitor = true $::monitor_tool = [ 'nagios' , 'munin' , 'puppi' ] class { 'openssh':  template => 'site/openssh/openssh.conf.erb', }
  • 9. DECOMMISSIONING • Disable openssh service: class { 'openssh': disable => true } • Disable openssh service only at boot time: class { 'openssh': disableboot => true } • Remove openssh (package and files): class { 'openssh': absent => true } • Monitoring and firewalling resources removal is automatically managed
  • 10. MANAGE BEHAVIOR • Enable Auditing: class { 'openssh': audit_only => true, # Default: false } (No changes to configuration files are made and what would be done is audited) • Disable service autorestart: class { 'openssh': service_autorestart => false, # Default: true } (No automatic service restart when a configuration file / dir changes) • Manage software version: class { 'foo': version => ‘1.2.0’, # Default: unset } Specify the package version you want to be installed. Set => ‘latest’ to force installation of latest version
  • 11. CUSTOMIZE: CONFIGURATION FILE • Provide configuration as a static file ... class { 'openssh': source => ‘puppet:///modules/site/ssh/sshd.conf’, } • an array of files looked up on a first match logic ... class { 'openssh': source => ["puppet:///modules/site/ssh/sshd.conf-${fqdn}", "puppet:///modules/site/ssh/openssh.conf"], } • As an erb template: class { 'openssh': template => ‘site/ssh/sshd.conf.erb’, } • Config File Path is defined in params.pp (can be overriden): config_file = >’/etc/ssh/sshd_config’,
  • 12. CUSTOM OPTIONS • With templates you can provide an hash of custom options: class { 'openssh': template => ‘site/ssh/sshd.conf.erb’, options => { 'LogLevel' => 'INFO', 'UsePAM' => 'yes', }, } • Alternative ways to use the options hash in an erb template: • Direct but not safe (you must always provide all the used options) UsePAM <%= options['UsePAM'] %> • Failsafe with defaults (verbose but safe) <% if scope.lookupvar("openssh::options['UsePAM']") then -%> UsePAM <%= options['UsePAM'] %> <% else -%> UsePAM no <% end -%> • Show what you have (useful for config files has defaults for every option) <% scope.lookupvar("openssh::options").sort_by {|key, value| key}.each do |key, value| -%> <%= key %> <%= value %> <% end -%>
  • 13. CUSTOMIZE: CONFIGURATION DIR • You can manage the whole configuration directory: class { 'openssh': source_dir => ‘puppet:///modules/site/ssh/sshd/’, } This copies all the files in lab42/files/ssh/sshd/* to local config_dir • Youcan purge any existing file on the destination config_dir which are not present on the source_dir path: class { 'openssh': source_dir => ‘puppet:///modules/site/ssh/sshd/’, source_dir_purge => true, # default is false } WARNING: Use with care • Config Dir Path is defined in params.pp (can be overriden): config_dir = >’/etc/ssh’,
  • 14. CUSTOMIZE: CUSTOM CLASS • Provide added resources in a custom class: class { 'openssh': my_class => ‘site/my_openssh’, } This autoloads: site/manifests/my_openssh.pp • Custom class can have whatever you may need to add: class site::my_openssh { file { "motd": path => "/etc/motd", content => template("site/openssh/motd.erb"), } } You hardly need to inherit openssh: there are parameters for everything Do not call your class site::openssh, bad things may happen.
  • 15. CUSTOMIZE: PATHS AND NAMES • An example: Use the puppet module to manage pe-puppet! class { 'puppet': template => 'lab42/pe-puppet/puppet.conf.erb', package => 'pe-puppet', service => 'pe-puppet', service_status => true, config_file => '/etc/puppetlabs/puppet/puppet.conf', config_file_owner => 'root', config_file_group => 'root', config_file_init => '/etc/sysconfig/pe-puppet', process => ‘ruby’, process_args => ‘puppet’, process_user => ‘root’, config_dir => '/etc/puppetlabs/puppet/', pid_file => '/var/run/pe-puppet/agent.pid', log_file => '/var/log/pe-puppet/puppet.log', log_dir => '/var/log/pe-puppet', }
  • 16. EXTEND: MONITOR • Manage automatic monitoring: class { 'openssh': monitor => true, monitor_tool => [ ‘nagios’,‘puppi’,‘monit’ ], monitor_target => $::ip_addess # Default } • Monitoring is based on parameters defined in params.pp: port => ‘22’, protocol => ‘tcp’, service => ‘ssh[d]’, # According to OS process => ‘sshd’, process_args => ‘‘, process_user => ‘root‘, pid_file => ‘/var/run/sshd.pid’, • Abstraction is managed in the Example42 monitor module Here “connectors” for different monitoring tools are defined and can be added (also using 3rd party modules).
  • 17. EXTEND: FIREWALL • Manage automatic firewalling (host based): class { 'openssh': firewall => true, firewall_tool => ‘iptables’, firewall_src => '10.0.0.0/8', firewall_dst => $::ipaddress_eth1, # Default is $::ipaddress } • Firewallig is based on these parameters defined in params.pp: port => ‘22’, protocol => ‘tcp’, • Abstraction is managed in the Example42 firewall module Currently only the “iptables” firewall_tool is defined, it uses Example42 iptables module to manage local iptables rules
  • 18. EXTEND: PUPPI • Manage Puppi integration: class { 'openssh': puppi => true, # Default: false puppi_helper => ‘standard’ # Default } • The Puppi module is a prerequisite for all Example42 modules Is required because it provides common libs, widely used in the modules BUT the actual puppi integration is optional (and disabled by default) • Puppi integration allows CLI enrichment commands like: puppi info openssh puppi log openssh puppi check openssh Note: puppi support for info/log commands for NextGen modules is under development • Puppi helpers allow you to customize puppi behavior
  • 19. PARAMS_LOOKUP EVERYWHERE • Each parameter on NextGen class is passed via params_lookup class openssh ( [...] # openssh module specific parameters ...   $my_class = params_lookup( 'my_class' ),   $source = params_lookup( 'source' ),   $source_dir = params_lookup( 'source_dir' ),   $source_dir_purge = params_lookup( 'source_dir_purge' ),   $template = params_lookup( 'template' ),   $service_autorestart = params_lookup( 'service_autorestart' , 'global' ),   $options = params_lookup( 'options' ),   $version = params_lookup( 'version' ),   $absent = params_lookup( 'absent' ),   $disable = params_lookup( 'disable' ),   $disableboot = params_lookup( 'disableboot' ),   $monitor = params_lookup( 'monitor' , 'global' ),   $monitor_tool = params_lookup( 'monitor_tool' , 'global' ),   $monitor_target = params_lookup( 'monitor_target' , 'global' ), [...] # Other common parameters   ) inherits openssh::params { [...] } • Different kind of params that: • Are module specific (no one defined in this openssh module) • Allow customizations (my_class, source, template ...) • Affect module’s behavior (absent, disable, service_autorestart, audit_only ...) • Manage extensions (monitor, monitor_tool, firewall, puppi ...) • Define application data (port, config_file, process, package ... )
  • 20. PARAMS.PP • Each module has a params class where defaults are set for different OS class openssh::params { ### Application related parameters   $package = $::operatingsystem ? {     default => 'openssh-server',   }   $service = $::operatingsystem ? {     /(?i:Debian|Ubuntu|Mint)/ => 'ssh',     default => 'sshd',   }   $process = $::operatingsystem ? {     default => 'sshd',   } [...] $port = '22'   $protocol = 'tcp' # General Settings   $my_class = ''   $source = ''   $source_dir = ''   $source_dir_purge = '' [...] ### General module variables that can have a site or per module default   $monitor = false   $monitor_tool = ''   $monitor_target = $::ipaddress   $firewall = false   $firewall_tool = ''   $firewall_src = '0.0.0.0/0' [...] }
  • 21. PARAMS_LOOKUP ORDER • params_lookup is a function provided by the puppi module • It allows data to be defined in different ways: • Via Hiera, if available • As Top Scope variable (as provided by External Node Classifiers) • Via defaults set in the module’s params class • The “global” argument is used to define site_wide behaviour • Example: class { ‘openssh’: monitor => true } # If there’s a direct param that’s the value, otherwise: # If hiera is available: hiera(“monitor”) # If global lookup is set hiera(“openssh_monitor”) # A module specific value overrides the global one # If variable is still not evaluated: $::monitor # If global lookup is set $::openssh_monitor # If present, overrides $::monitor $openssh::params::monitor # Module’s predefined value is used as default
  • 22. DOWNLOAD • Example42 Puppet Modules Site: http://www.example42.com • GitHub repositories: http://github.com/example42 • Download: git clone -r http://github.com/example42/puppet-modules-nextgen • Note on GitHub repos: • puppet-modules-nextgen contains only NextGen modules • puppet-modules contains both NextGen and older modules
  • 23. ONE MORE THING... • How to make a NextGen module git clone -r http://github.com/example42/puppet-modules-nextgen cd puppet-modules-nextgen Example42-tools/module_clone.sh This script creates a skeleton for a new module based on different Example42 foo module templates. Run it from the directory that contains the foo module (moduledir). By default it uses the "foo" module as template. Specify -t <source_module> to use a different template. Example: Example42-tools/module_clone.sh -t foo_webapp Source module template is foo Enter the name of the new module based on foo: mynewmodule E d i t my n e w m o d u l e / m a n i fe s t s / p a r a m s . p p t o m a n a g e s u p p o r t fo r d i f fe r e n t OSes •A new module (with the features seen so far) based on the foo standard template is done. Add features and application / OS specific resources to enrich it