Puppet

From Omnia
Revision as of 21:08, 26 October 2023 by Kenneth (talk | contribs) (→‎Windows Agent)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Puppet

Subpage Table of Contents

Puppet Labs

Puppet Labs - https://puppetlabs.com

Puppet Labs: IT Automation Software for System Administrators

Open Source

Download:

https://puppet.com/download-open-source-puppet

Note: Have to answer a few questions.

Usage

Show agent disable status: (only exists if disabled)

cat `puppet agent --configprint agent_disabled_lockfile`

Disable:

puppet agent --disable
puppet agent --disable "some message" -v  # set disable status message

Enable:

puppet agent --enable

See monitor files:

puppet agent -t --noop

Validation

Validate manifests:

puppet parser validate *.pp

Note: This only validates structure, not content and doesn't follow through includes!

puppet-lint - https://github.com/rodjek/puppet-lint

# or
apt-get install puppet-lint

Test Manifest

Test manifiest:

puppet apply --modulepath=/root/puppet-modules/  my_module/manifests/init.pp
puppet apply --modulepath=/root/puppet-modules/  my_module/tests/init.pp

Test manifest:

puppet apply -e 'include app_test::test'

or for a dry run

puppet apply -e 'include app_test::test' --noop

Create a file modules/[module_name]/tests/init.pp:

include app_test

Test your class then with:

puppet apply tests/init.pp

src: http://stackoverflow.com/questions/13143929/puppet-2-7-calling-puppet-apply-init-pp-does-nothing-why

Show Puppet Managed Files

While it's possible to search through the clients catalog and state.yaml files for each file you want to check the simplest way is to download and run puppet-ls from github.

   # show all the puppet managed files in a directory
   $ puppet-ls /etc/mcollective
   /etc/mcollective/facts.yaml
   /etc/mcollective/server.cfg
   # show all the puppet managed files in /etc and any of its subdirectories
   $ puppet-ls -r /etc/
   # show all unmanaged files in /etc/nagios and any subdirectories
   $ puppet-ls -r -i /etc/nagios/
puppet-ls - https://github.com/dalen/puppetls

Install:

cd /etc/puppet/modules/
git clone https://github.com/dalen/puppetls.git
puppet ls

help:

Puppet Face to list files
=========================

This face adds a ls command to Puppet to list files managed by Puppet.

Usage
-----

$ puppet ls /etc

...lists file resources in /etc

$ puppet ls /etc -r

...lists file resources under /etc

$ puppet ls

...lists file resources in current directory

reference: https://www.puppetcookbook.com/posts/list-puppet-managed-files.html

Puppet Cookbook

Puppet CookBook - https://www.puppetcookbook.com/

A collection of task oriented solutions in Puppet

Installing Agent

https://docs.puppet.com/pe/latest/install_agents.html

Linux Agent

Installing Puppet agent: Linux — Documentation — Puppet - https://docs.puppet.com/puppet/latest/install_linux.html

apt-get install puppet
#or
# for Ubuntu 14
wget https://apt.puppetlabs.com/puppetlabs-release-trusty.deb
sudo dpkg -i puppetlabs-release-trusty.deb
apt-get update
apt-get install puppet
# for CentOS 7
sudo rpm -Uvh https://yum.puppet.com/puppet5/puppet5-release-el-7.noarch.rpm
yum install puppet
# /etc/puppetlabs/puppet/puppet.conf
service puppet start

Config:

/etc/puppet/puppet.conf

Add to [main] section:

[main]
server=puppetmaster.oeey.com

Windows Agent

Installing Puppet agent: Microsoft Windows — Documentation — Puppet - https://docs.puppet.com/puppet/latest/install_windows.html

https://downloads.puppetlabs.com/windows/
https://downloads.puppetlabs.com/windows/puppet-agent-x64-latest.msi

Config:

C:\ProgramData\PuppetLabs\puppet\etc\puppet.conf

ssl:

C:\Users\kenneth\.puppetlabs\etc\puppet\ssl
[main]
server=puppetmaster.oeey.com
autoflush=true
environment=production

Agent Usage

/etc/puppet/puppet.conf

[agent]
server = puppetmaster.oeey.com
/etc/default/puppet
 START=yes
service puppet start

Test connection:

telnet puppetmaster.oeey.com 8140

Start service:

puppet resource service puppet ensure=running enable=true

Enable agent:

puppet agent --enable

To start the Puppet service:

sudo /opt/puppetlabs/bin/puppet resource service puppet ensure=running enable=true

To manually launch and watch a Puppet run:

puppet agent --test
puppet agent --no-daemonize --verbose --onetime

Manually launch with debug turned on:

puppet agent -t --debug

Certificates

List certificates waiting for signature:

puppet cert list

Puppet Master:

puppet cert clean "puppetagent"

Client Agent:

rm -rf /etc/puppetlabs/puppet/ssl
rm -rf /var/lib/puppet/ssl
rm -r $(puppet agent --configprint ssldir)
puppet agent -t

Master:

puppet cert sign "puppetagent"

List all certificates (including signed):

puppet cert list --all

Verify client fingerprint:

puppet agent --fingerprint

Reset master certificate: (last resort)

puppet cert clean <puppet master's certname>
puppet cert generate <puppet master's certname> --dns_alt_names=<comma-separated list of DNS names>

Puppet Master

Install Puppet:

wget http://apt.puppetlabs.com/puppetlabs-release-trusty.deb
dpkg -i puppetlabs-release-trusty.deb
apt-get update
apt-get install puppetmaster

Verify version:

puppet -V
  3.8.1

Lock version: /etc/apt/preferences.d/00-puppet.pref

# /etc/apt/preferences.d/00-puppet.pref
Package: puppet puppet-common puppetmaster-passenger
Pin: version 3.8*
Pin-Priority: 501

/etc/puppet/puppet.conf (comment line)

#templatedir=...

Service:

service puppetmaster stop
service puppetmaster start

TCP Port: 8140

ref: https://vexxhost.com/resources/tutorials/how-to-install-and-setup-puppet-master-and-client-on-ubuntu-14-04/

ref: https://www.digitalocean.com/community/tutorials/how-to-install-puppet-to-manage-your-server-infrastructure

facter

Puppet gathers facts about each of its nodes with a tool called facter. Facter, by default, gathers information that is useful for system configuration (e.g. OS names, hostnames, IP addresses, SSH keys, and more). It is possible to add custom facts if you need other facts to perform you configurations.

To see a list of facts that are automatically being gathered on your agent node:

facter

site manifest

Puppet uses a domain-specific language to describe system configurations, and these descriptions are saved to files called "manifests", which have a .pp file extension. The default main manifest file is located at /etc/puppet/manifests/site.pp.

Main manifest

/etc/puppet/manifests/site.pp

Manifests

Testing Manifest

Apply main manifest immediately:

puppet agent -t

Test sub manifest:

puppet apply /etc/puppet/modules/test/init.pp

If not in /etc/puppet/modules:

puppet apply --modulepath=/root/puppet-modules/  test/init.pp

Comments

# standard hash sign comments

Example Manifest

Example site.pp:

file {'/tmp/example-ip':                                            # resource type file and filename
  ensure  => present,                                               # make sure it exists
  mode    => 0644,                                                  # file permissions
  content => "Here is my Public IP Address: ${ipaddress_eth0}.\n",  # note the ipaddress_eth0 fact
}

Example site.pp targeting nodes:

node 'ns1', 'ns2' {    # applies to ns1 and ns2 nodes
  file {'/tmp/test1.txt':    # resource type file and filename
    ensure => present, # make sure it exists
    mode => 0644,
    content => "Test1.\n",
  }
}

node default {}       # applies to nodes that aren't explicitly defined

Example with win/linux:

if $::kernel == 'windows' {
  file {'c:/temp':    # resource type file and filename
    ensure => directory, # make sure it exists
  }
  file {'c:/temp/iamwindows.txt':    # resource type file and filename
    ensure => present, # make sure it exists
    content => "I am windows\n",
  }
}
if $::kernel == 'linux' {
  file {'/tmp/iamlinux.txt':    # resource type file and filename
    ensure => present, # make sure it exists
    content => "I am linux\n",
  }
}

---

Install module on master:

puppet module install puppetlabs-apache

/etc/puppet/manifest/site.pp

node 'host2' {
  class { 'apache': }             # use apache module
  apache::vhost { 'example.com':  # define vhost resource
    port    => '80',
    docroot => '/var/www/html'
  }
}

--- directory site manifest

/etc/puppetlabs/puppet/manifests/site.pp

# import many manifest files with node definitions
import 'nodes/*.pp'

/etc/puppetlabs/puppet/manifests/nodes/testsystem.pp

node 'testsystem' {
  import ::mymodule
}

or

# /etc/puppetlabs/puppet/manifests/site.pp
node 'kestrel.example.com' {
  import 'nodes/kestrel.pp'
}
# /etc/puppetlabs/puppet/manifests/nodes/kestrel.pp
include ntp
include apache2

https://docs.puppet.com/puppet/3/lang_import.html

-- Regular expression:

node /^www\d+$/

Operating System Version

 notify { "OS: ${$::operatingsystem} version ${$::operatingsystemmajrelease}" : }
  if ($::operatingsystem == 'Ubuntu' and $::lsbmajdistrelease == '14.04') { ... }
$::operatingsystem
 windows, ubuntu, centos
$::operatingsystemmajrelease
 10 (for windows 10)
$::kernel
 windows, Linux
$::kernelmajversion
 10.0 (for windows 10)
if $::kernel == 'windows' { ... }

See https://docs.puppet.com/facter/latest/core_facts.html

Language Basics

Language: Basics — Documentation — Puppet - https://docs.puppet.com/puppet/latest/lang_summary.html

Manifests

Puppet language files are called manifests, and are named with the .pp file extension.

Documentation

https://docs.puppet.com/puppet/

Issues

See Puppet/Issues

Keywords

puppet package automation