Puppet: Difference between revisions

From Halfface
Jump to navigation Jump to search
 
(5 intermediate revisions by the same user not shown)
Line 1: Line 1:
== Introduction ==
==Test run puppet==  
 
  puppet agent --test --debug --noop
=== Links ===
==list certificate requests==
  http://reductivelabs.com/trac/puppet/wiki/StyleGuide
  puppet ca list
http://reductivelabs.com/trac/puppet/wiki/GlossaryOfTerms
==list certs==
http://reductivelabs.com/trac/puppet/wiki/PuppetIntroduction
  puppet cert list
http://reductivelabs.com/trac/puppet/wiki/DocumentationStart
==remove cert==
http://reductivelabs.com/trac/puppet/wiki/LanguageTutorial
  puppet cert clean host.domain.se
http://reductivelabs.com/trac/puppet/wiki/ConfigurationReference
=remove cache directory=
http://www.linux-mag.com/id/4141/?r=s
  locate puppet/cache
 
Autogenerate puppet pp files.
http://cft.et.redhat.com/
 
==Configuration files ===
 
svn co http://svn.klu.infineon.com/repos/AdminToolKit/trunk/puppet
 
==Puppet under solaris(blastwave)==
 
/opt/csw/bin/puppetd --server puppet.klu.infineon.com --test --factsync true --report true --color false
 
 
*Exec Resources
Sometimes, there will not be a resource type already developed for managing the resource you're interested in; for these cases, we provide an exec resource type, which allows you to run external commands, along with hooks to make the exec behave idempotently. For instance, you can create an exec instance that creates a Subversion repository using the svnadmin command, along with a check that causes the command to only get run if the repository does not already exist
 
*Classes
The next step up is to start associating resources; you would normally have at least the sudo package installed, and you'd put both the package and the configuration file into a class: Then you can just call include sudo and both resources would get applied
 
*Inheritance
Puppet supports a limited form of class inheritance, but it's only useful for one thing: Subclasses can override resources defined in parent classes, using a special override syntax
In the sub class above, the resource type (in this case File) is capitalized. This means that we are referring to a type that has already been declared. Using file instead would be illegal since that would result in resource overlap.
 
*Facter Variables
$operatingsystem variable. This variable is set, along with many others, in the top-level scope by the parser, which gets the values from Facter -- you can get a list of all available variables by just running the stand-alone facter script, but you'll also want to know about $ipaddress and $hostname, just to start.
 
*Selectors
Another new thing is the ? { ... } syntax, which we call a selector and is somewhat similar to the relatively common trinary operator. This tests the variable before the ?, and picks a matching value from the provided list, or the default value if nothing matches. This allows us to provide different values based on the operating system, host name, or just about anything else we want. Note that it is a parse error if no value matches. Also, selectors (as of 0.22.2) are case-insensitive in their matching.
 
*resource reference
The File["sshd_config"] syntax is called a resource reference, and it's used to uniquely refer to a resource.
 
*Variables
$myvar = value Puppet will refuse to allow you to assign to the same variable twice in a given class or definition, because it will only ever use the second value and your first value will get thrown away, since all variable assignments are evaluated before any resource specifications.
 
Backup location.
# Define the bucket
filebucket { main: server => puppet }
 
# Specify it as the default target
File { backup => main }
 
create a CNAME/alias called puppet pointing to your puppet server.
 
==install puppetserver==
 
*yum install puppet-server ruby-activerecord ruby-mysql ruby-rdoc
*yum install rrdtool rrdtool-ruby
*Create mysql database with user and permission.
 
 
install server.
  yum -y install puppet-server
 
install client:
yum -y install puppet ruby-rdoc
 
==Facts about puppet==
 
puppetmaster is listening on port 8140
 
If you are just a little paranoid about security, it is much better to generate the certificates on the puppetmaster ahead of time using puppetca --generate HOST and then copy the generated files onto the client during kickstart. To be exact, you need to copy the following files from the puppetmaster to the client (all paths are relative to /var/lib/puppet/ssl on the appropriate machine):
 
  Puppetmaster          Client HOST
  certs/ca.pem          certs/ca.pem
  certs/HOST.pem        certs/HOST.pem
  private_keys/HOST.pem private_keys/HOST.pem
  ca/signed/HOST.pem    public_keys/HOST.pem
 
==reports==
 
This will send all messages to me@domain.com, and all messages from webservers that are not also from mailservers to httpadmins@domain.com
*/etc/puppet/tagmail.conf
  all: me@domain.com
 
 
http://www.halfface.se/report
 
==Puppetshow==
 
*Install dependencis.
yum install ruby ruby-docs ruby-irb ruby-libs ruby-mode ruby-rdoc ruby-ri rubygems ruby-mysql mysql mysql-server httpd
 
Setup puppetshow.
*prerequisites.
Install mysql and create a database called puppetdb. Add user puppet with password puppet as admin for that database.
Install httpd
Install ruby on rails.
 
*Install puppetshow.
cd /var/lib
svn co https://reductivelabs.com/svn/puppetshow puppetshow
cd /var/lib/puppetshow
chown -Rh apache:apache .
*fix ssh certificates.
ln -s /var/lib/puppet/ssl /etc/puppet/ssl
*vi setup.pp
$user = "apache"
$group = "apache"
$clientname = "ip122net"
# Link the libraries in
file { "$base/lib/puppet":
    ensure => "/usr/lib/ruby/site_ruby/1.8"
}
*Edit config file for database setup. /var/lib/puppetshow/config/database.yml
  development:
  adapter: mysql
  database: puppetdb
  username: puppet
  password: puppet
  socket: /var/run/mysqld/mysqld.pid
*Run puppetshow installation.
puppet -v setup.pp
*fix links for ruby on rails.
ln -sf /usr/lib/ruby/gems/1.8/gems/rails-1.2.5 /var/lib/puppetshow/vendor/rails/railties
ln -sf /usr/lib/ruby/gems/1.8/gems/activesupport-1.4.4 /var/lib/puppetshow/vendor/activesupport
ln -sf /usr/lib/ruby/gems/1.8/gems/actionpack-1.13.5 /var/lib/puppetshow/vendor/actionpack
ln -sf /usr/lib/ruby/gems/1.8/gems/actionwebservice-1.2.5 /var/lib/puppetshow/vendor/actionwebservice
ln -sf /usr/lib/ruby/gems/1.8/gems/actionmailer-1.3.5 /var/lib/puppetshow/vendor/actionmailer
ln -sf /usr/lib/ruby/gems/1.8/gems/activerecord-1.15.5 /var/lib/puppetshow/vendor/activerecord
*fix path to ruby.
ln -s /usr/bin/ruby /usr/bin/ruby1.8
*fix path. /usr/lib/ruby/site_ruby/1.8/puppet/configuration.rb
    if name != "puppetmasterd" and Puppet::Util::SUIDManager.uid != 0
        conf = "/etc/puppet"
        var = "/var/puppet"
*Configure httpd. Put the following in /etc/httpd/conf.d/puppet.conf
<VirtualHost ip122net2@halfface.se:80>
    ServerAdmin root@localhost
    SetEnv RAILS_ENV development
    ServerName ip122net2.halfface.se
    ServerAlias ip122net2
    DocumentRoot /var/lib/puppetshow/public
    ErrorLog /var/lib/puppetshow/log/apache.log
    <Directory /var/lib/puppetshow/public/>
        Options ExecCGI FollowSymLinks
        AddHandler cgi-script .cgi
        AllowOverride all
        Order allow,deny
        Allow from all
    </Directory>
</VirtualHost>
 
==puppet.conf==
This will generate a config file with explanations.
puppetd --genconfig > /etc/puppet/puppetd.conf.template # Generate template configuration.
 
Halfface /etc/puppet/puppet.conf
[main]
    # Where Puppet stores dynamic and growing data.
    # The default value is '/var/puppet'.
    vardir = /var/lib/puppet
    # The Puppet log directory.
    # The default value is '$vardir/log'.
    logdir = /var/log/puppet
   
    # Where Puppet PID files are kept.
    # The default value is '$vardir/run'.
    rundir = /var/run/puppet
    # Where SSL certificates are kept.
    # The default value is '$confdir/ssl'.
    ssldir = $vardir/ssl
    # Where Puppet looks for template files.
    templatedir=/etc/puppet/templates
    # An external command that can produce node information.
    external_nodes = /etc/puppet/node.sh
    # Where Puppet should look for facts. Multiple directories should be colon-separated, like normal PATH variables.
    # Section: main
    # Default: $vardir/facts
    factpath = $confdir/facts
    # Whether facts should be synced with the central server.
    # Section: main
    # Default: false
    factsync = true
[puppetmasterd]
    # The list of reports to generate. All reports are looked for in puppet/reports/<name>.rb, and multiple report names should be comma-separated (whitespace is okay).
    # Section: reporting
    # Default: store
    reports = store,rrdgraph,tagmail
    # Whether RRD information should be graphed.
    # Section: metrics
    # Default: false
    rrdgraph = true
    # The directory where RRD database files are stored. Directories for each reporting host will be created under this directory.
    # Section: metrics
    # Default: $vardir/rrd
    rrddir = $vardir/rrd
    # smtpserver
    # The server through which to send email reports.
    # Section: tagmail
    # Default: none
    smtpserver = www.halfface.se
    # Whether to create dot graph files for the different configuration graphs. These dot files can be interpreted by tools like OmniGraffle or dot (which is part of ImageMagick).
    # Section: graphing
    # Default: false
    graph = true
    # Whether to validate types during parsing.
    # Section: parser
    # Default: true
    typecheck = true
    # Whether to validate parameters during parsing.
    # Section: parser
    # Default: true
    paramcheck = true
    # Whether to store each client's configuration. This requires ActiveRecord from Ruby on Rails.
    # Section: puppetmasterd
    # Default: false
    storeconfigs = true
    # The type of database to use.
    # Section: rails
    # Default: sqlite3
    dbadapter = mysql
    # The database server for Client caching. Only used when networked databases are used.
    # Section: rails
    # Default: localhost
    dbserver = localhost
    # The name of the database to use.
    # Section: rails
    # Default: puppet
    dbname = puppetdb
    # The database user for Client caching. Only used when networked databases are used.
    # Section: rails
    # Default: puppet
    dbuser = puppet
    # The database password for Client caching. Only used when networked databases are used.
    # Section: rails
    # Default: puppet
    dbpassword = puppet
[puppetd]
    # The file in which puppetd stores a list of the classes
    # associated with the retrieved configuratiion.  Can be loaded in
    # the separate ``puppet`` executable using the ``--loadclasses``
    # option.
    # The default value is '$confdir/classes.txt'.
    classfile = $vardir/classes.txt
    # Where puppetd caches the local configuration.  An
    # extension indicating the cache format is added automatically.
    # The default value is '$confdir/localconfig'.
    localconfig = $vardir/localconfig
    # Whether to send reports after every transaction.
    # Section: puppetd
    # Default: false
    report = true
 
==Custom Facts==
 
Verify custom fact.
host:$ mkdir -p ~/lib/ruby/facter ; export RUBYLIB=~/lib/ruby
host:$ cp /path/to/hardware_platform.rb $RUBYLIB/facter
host:$ facter hardware_platform
[[Category:Applications]]
[[Category:Applications]]
[[Category:Unix]]
[[Category:Unix]]
[[Category:Automation]]
[[Category:Automation]]

Latest revision as of 09:19, 7 October 2019

Test run puppet

puppet agent --test --debug --noop

list certificate requests

puppet ca list

list certs

puppet cert list

remove cert

puppet cert clean host.domain.se

remove cache directory

locate puppet/cache
Retrieved from "https://halfface.se/wiki/index.php?title=Puppet&oldid=13210"