brief introduction to puppet - agenda catania [home] · overview of puppet process master client...
TRANSCRIPT
![Page 1: Brief introduction to Puppet - Agenda Catania [Home] · Overview of puppet process Master Client ˙-˙-I Run puppet master daemon on server I Client generates cert and identifees](https://reader033.vdocuments.mx/reader033/viewer/2022042803/5f4457eb5c5dec53ef23afb7/html5/thumbnails/1.jpg)
Brief introduction to Puppet
Scott Hazelhurst
Wits Bioinformatics
March 2013
![Page 2: Brief introduction to Puppet - Agenda Catania [Home] · Overview of puppet process Master Client ˙-˙-I Run puppet master daemon on server I Client generates cert and identifees](https://reader033.vdocuments.mx/reader033/viewer/2022042803/5f4457eb5c5dec53ef23afb7/html5/thumbnails/2.jpg)
Puppet
System/language for configuration of computer systems:
I Helps installation of new systems
I Simplifies rolling of of new software
I Way of documenting system configuration
Basic structure
I Master has a description of each computer under control(e.g., installed software, cofiguration files, . . . )
I Clients contact master to get their configuration – localpuppet process implements
![Page 3: Brief introduction to Puppet - Agenda Catania [Home] · Overview of puppet process Master Client ˙-˙-I Run puppet master daemon on server I Client generates cert and identifees](https://reader033.vdocuments.mx/reader033/viewer/2022042803/5f4457eb5c5dec53ef23afb7/html5/thumbnails/3.jpg)
Aside – system installation
Ideally, couple use of Puppet with a system like Cobbler forautomating system installation
![Page 4: Brief introduction to Puppet - Agenda Catania [Home] · Overview of puppet process Master Client ˙-˙-I Run puppet master daemon on server I Client generates cert and identifees](https://reader033.vdocuments.mx/reader033/viewer/2022042803/5f4457eb5c5dec53ef23afb7/html5/thumbnails/4.jpg)
Puppet is a declarative language:
I Describes the state the system should be in, rather thanhow to get there.
I Ruby-based, OO
I Extensible
I Under rapid developmentVersion 2.6 discussed here – major changes in 2.7 and 3
![Page 5: Brief introduction to Puppet - Agenda Catania [Home] · Overview of puppet process Master Client ˙-˙-I Run puppet master daemon on server I Client generates cert and identifees](https://reader033.vdocuments.mx/reader033/viewer/2022042803/5f4457eb5c5dec53ef23afb7/html5/thumbnails/5.jpg)
Facter
Facter is a complementary package to Puppet
I Puppet uses Facter to determine facts about state ofclient machine
I Can be used from command-line: gives a uniform way offinding info about system
facter fqdn
facter operatingsystem
facter kernelrelease
These facts are available in your Puppet programs to guideconfiguration
![Page 6: Brief introduction to Puppet - Agenda Catania [Home] · Overview of puppet process Master Client ˙-˙-I Run puppet master daemon on server I Client generates cert and identifees](https://reader033.vdocuments.mx/reader033/viewer/2022042803/5f4457eb5c5dec53ef23afb7/html5/thumbnails/6.jpg)
Overview of puppet process
Master Client
�-
�-
I Run puppet master daemon on server
I Client generates cert and identifees itself to master
I Master authorises and signs certificateI Update cycle
I Client sends update request to masterI Master sends information to clientI Client updates itself
![Page 7: Brief introduction to Puppet - Agenda Catania [Home] · Overview of puppet process Master Client ˙-˙-I Run puppet master daemon on server I Client generates cert and identifees](https://reader033.vdocuments.mx/reader033/viewer/2022042803/5f4457eb5c5dec53ef23afb7/html5/thumbnails/7.jpg)
Overview of puppet process
Master Client
�
-�
-
I Run puppet master daemon on server
I Client generates cert and identifees itself to master
I Master authorises and signs certificateI Update cycle
I Client sends update request to masterI Master sends information to clientI Client updates itself
![Page 8: Brief introduction to Puppet - Agenda Catania [Home] · Overview of puppet process Master Client ˙-˙-I Run puppet master daemon on server I Client generates cert and identifees](https://reader033.vdocuments.mx/reader033/viewer/2022042803/5f4457eb5c5dec53ef23afb7/html5/thumbnails/8.jpg)
Overview of puppet process
Master Client
�
-
�-
I Run puppet master daemon on server
I Client generates cert and identifees itself to master
I Master authorises and signs certificate
I Update cycle
I Client sends update request to masterI Master sends information to clientI Client updates itself
![Page 9: Brief introduction to Puppet - Agenda Catania [Home] · Overview of puppet process Master Client ˙-˙-I Run puppet master daemon on server I Client generates cert and identifees](https://reader033.vdocuments.mx/reader033/viewer/2022042803/5f4457eb5c5dec53ef23afb7/html5/thumbnails/9.jpg)
Overview of puppet process
Master Client
�-
�
-
I Run puppet master daemon on server
I Client generates cert and identifees itself to master
I Master authorises and signs certificateI Update cycle
I Client sends update request to masterI Master sends information to clientI Client updates itself
![Page 10: Brief introduction to Puppet - Agenda Catania [Home] · Overview of puppet process Master Client ˙-˙-I Run puppet master daemon on server I Client generates cert and identifees](https://reader033.vdocuments.mx/reader033/viewer/2022042803/5f4457eb5c5dec53ef23afb7/html5/thumbnails/10.jpg)
Overview of puppet process
Master Client
�-
�-
I Run puppet master daemon on server
I Client generates cert and identifees itself to master
I Master authorises and signs certificateI Update cycle
I Client sends update request to master
I Master sends information to clientI Client updates itself
![Page 11: Brief introduction to Puppet - Agenda Catania [Home] · Overview of puppet process Master Client ˙-˙-I Run puppet master daemon on server I Client generates cert and identifees](https://reader033.vdocuments.mx/reader033/viewer/2022042803/5f4457eb5c5dec53ef23afb7/html5/thumbnails/11.jpg)
Overview of puppet process
Master Client
�-
�-
I Run puppet master daemon on server
I Client generates cert and identifees itself to master
I Master authorises and signs certificateI Update cycle
I Client sends update request to masterI Master sends information to client
I Client updates itself
![Page 12: Brief introduction to Puppet - Agenda Catania [Home] · Overview of puppet process Master Client ˙-˙-I Run puppet master daemon on server I Client generates cert and identifees](https://reader033.vdocuments.mx/reader033/viewer/2022042803/5f4457eb5c5dec53ef23afb7/html5/thumbnails/12.jpg)
Overview of puppet process
Master Client
�-
�-
I Run puppet master daemon on server
I Client generates cert and identifees itself to master
I Master authorises and signs certificateI Update cycle
I Client sends update request to masterI Master sends information to clientI Client updates itself
![Page 13: Brief introduction to Puppet - Agenda Catania [Home] · Overview of puppet process Master Client ˙-˙-I Run puppet master daemon on server I Client generates cert and identifees](https://reader033.vdocuments.mx/reader033/viewer/2022042803/5f4457eb5c5dec53ef23afb7/html5/thumbnails/13.jpg)
Puppet setup on master
In /etc/puppet/manifests main file is site.pp
import "classes/*.pp"
import "groups/virt_groups.pp"
import "groups/global_special.pp"
import "users/virt_users.pp"
import "users_groups.pp"
import "nodes.pp"
![Page 14: Brief introduction to Puppet - Agenda Catania [Home] · Overview of puppet process Master Client ˙-˙-I Run puppet master daemon on server I Client generates cert and identifees](https://reader033.vdocuments.mx/reader033/viewer/2022042803/5f4457eb5c5dec53ef23afb7/html5/thumbnails/14.jpg)
In nodes.pp I have declarations for each node
$storagehome="homestore.core.wits.ac.za"
node ’cloud01’ { include ubuntu }
node ’n02.core.wits.ac.za’ { include worker }
node ’n01.core.wits.ac.za’ {
$bricka01_1 = "/dev/sdc1"
include worker
include atlassudoers
include glustervolA01
}
![Page 15: Brief introduction to Puppet - Agenda Catania [Home] · Overview of puppet process Master Client ˙-˙-I Run puppet master daemon on server I Client generates cert and identifees](https://reader033.vdocuments.mx/reader033/viewer/2022042803/5f4457eb5c5dec53ef23afb7/html5/thumbnails/15.jpg)
And the worker class is defined as:
class worker {
tag(gluster-mount)
tag(mount-data)
tag(want-sshconfig)
include slnode
include datasrc
... resource declarations ...
}
worker is a subclass of sl is a subclass of base
![Page 16: Brief introduction to Puppet - Agenda Catania [Home] · Overview of puppet process Master Client ˙-˙-I Run puppet master daemon on server I Client generates cert and identifees](https://reader033.vdocuments.mx/reader033/viewer/2022042803/5f4457eb5c5dec53ef23afb7/html5/thumbnails/16.jpg)
Puppet resources
Resources are the building blocks of configuration
I file
I package
I cron
I host
I mount
I user / group
I ssh authorized key
I
Extensible in many ways
![Page 17: Brief introduction to Puppet - Agenda Catania [Home] · Overview of puppet process Master Client ˙-˙-I Run puppet master daemon on server I Client generates cert and identifees](https://reader033.vdocuments.mx/reader033/viewer/2022042803/5f4457eb5c5dec53ef23afb7/html5/thumbnails/17.jpg)
Puppet resources
Resources are the building blocks of configuration
I file
I package
I cron
I host
I mount
I user / group
I ssh authorized key
I
Extensible in many ways
![Page 18: Brief introduction to Puppet - Agenda Catania [Home] · Overview of puppet process Master Client ˙-˙-I Run puppet master daemon on server I Client generates cert and identifees](https://reader033.vdocuments.mx/reader033/viewer/2022042803/5f4457eb5c5dec53ef23afb7/html5/thumbnails/18.jpg)
Puppet resources
Resources are the building blocks of configuration
I file
I package
I cron
I host
I mount
I user / group
I ssh authorized key
I
Extensible in many ways
![Page 19: Brief introduction to Puppet - Agenda Catania [Home] · Overview of puppet process Master Client ˙-˙-I Run puppet master daemon on server I Client generates cert and identifees](https://reader033.vdocuments.mx/reader033/viewer/2022042803/5f4457eb5c5dec53ef23afb7/html5/thumbnails/19.jpg)
Puppet resources
Resources are the building blocks of configuration
I file
I package
I cron
I host
I mount
I user / group
I ssh authorized key
I
Extensible in many ways
![Page 20: Brief introduction to Puppet - Agenda Catania [Home] · Overview of puppet process Master Client ˙-˙-I Run puppet master daemon on server I Client generates cert and identifees](https://reader033.vdocuments.mx/reader033/viewer/2022042803/5f4457eb5c5dec53ef23afb7/html5/thumbnails/20.jpg)
file {gluster-repo:
name => "/etc/yum.repos.d/glusterfs-epel.repo",
content => file("/etc/puppet/sources/repos/glusterfs-epel.repo"),
}
file {check:
name => "/root/os",
content =>$operatingsystem
}
file {sysconf:
name => "/root/sysconfig",
mode => 640,
owner=> root,
group=> admin,
ensure => directory,
}
![Page 21: Brief introduction to Puppet - Agenda Catania [Home] · Overview of puppet process Master Client ˙-˙-I Run puppet master daemon on server I Client generates cert and identifees](https://reader033.vdocuments.mx/reader033/viewer/2022042803/5f4457eb5c5dec53ef23afb7/html5/thumbnails/21.jpg)
package{’gnuplot’ : ensure => installed }
And
$plist = ["emi-wn","emi-torque-client","emi-mpi","texlive-utils"]
package {
$plist : ensure => installed,
}
![Page 22: Brief introduction to Puppet - Agenda Catania [Home] · Overview of puppet process Master Client ˙-˙-I Run puppet master daemon on server I Client generates cert and identifees](https://reader033.vdocuments.mx/reader033/viewer/2022042803/5f4457eb5c5dec53ef23afb7/html5/thumbnails/22.jpg)
NB: execution of resources not determined by order in file.May beed to specify explicitly
package{"sagrid-repo":
ensure=>installed,
require=>File["sagrid"]
}
package{"sagrid-gpg":
ensure=>installed,
require=>Package["sagrid-repo"]
}
![Page 23: Brief introduction to Puppet - Agenda Catania [Home] · Overview of puppet process Master Client ˙-˙-I Run puppet master daemon on server I Client generates cert and identifees](https://reader033.vdocuments.mx/reader033/viewer/2022042803/5f4457eb5c5dec53ef23afb7/html5/thumbnails/23.jpg)
if !tagged(emi-root) {
mount { glite-wits-mount:
name => "/opt/glite/yaim/etc/wits",
atboot => true,
fstype => nfs,
ensure => present,
options => ’rw,auto’,
device => "$storagehome:/opt/glite/yaim/etc/wits",
require => [Package[nfs-utils],File[glite-wits]]
}
}
![Page 24: Brief introduction to Puppet - Agenda Catania [Home] · Overview of puppet process Master Client ˙-˙-I Run puppet master daemon on server I Client generates cert and identifees](https://reader033.vdocuments.mx/reader033/viewer/2022042803/5f4457eb5c5dec53ef23afb7/html5/thumbnails/24.jpg)
host { "cream-ce.core.wits.ac.za":
ensure => present,
ip => "146.141.240.90"
}
cron { firewall:
command => "/opt/sysconfig/filter/naughty",
user => root,
hour => 2,
minute => 0
}
![Page 25: Brief introduction to Puppet - Agenda Catania [Home] · Overview of puppet process Master Client ˙-˙-I Run puppet master daemon on server I Client generates cert and identifees](https://reader033.vdocuments.mx/reader033/viewer/2022042803/5f4457eb5c5dec53ef23afb7/html5/thumbnails/25.jpg)
Exec
Can execute any process on the underlying machine
I Very powerful, flexible
I Can be overused — other resources are essentiallyidempotent in effect (benefit of a declarative model)
I With exec, must be very careful
I May also be unnecessary warning statements!
Try to use other puppet features if you can.
![Page 26: Brief introduction to Puppet - Agenda Catania [Home] · Overview of puppet process Master Client ˙-˙-I Run puppet master daemon on server I Client generates cert and identifees](https://reader033.vdocuments.mx/reader033/viewer/2022042803/5f4457eb5c5dec53ef23afb7/html5/thumbnails/26.jpg)
exec {emi-rpm-key:
path => ["/usr/bin","/bin"],
command => "rpm --import /root/sysconfig/RPM-GPG-KEY-emi",
}
![Page 27: Brief introduction to Puppet - Agenda Catania [Home] · Overview of puppet process Master Client ˙-˙-I Run puppet master daemon on server I Client generates cert and identifees](https://reader033.vdocuments.mx/reader033/viewer/2022042803/5f4457eb5c5dec53ef23afb7/html5/thumbnails/27.jpg)
exec {emi-rpm-key:
path => ["/usr/bin","/bin"],
command => "rpm --import /root/sysconfig/RPM-GPG-KEY-emi",
subscribe => File[emi-rpm-gpg-key],
refreshonly => true,
require => File[emi-rpm-gpg-key]
}
![Page 28: Brief introduction to Puppet - Agenda Catania [Home] · Overview of puppet process Master Client ˙-˙-I Run puppet master daemon on server I Client generates cert and identifees](https://reader033.vdocuments.mx/reader033/viewer/2022042803/5f4457eb5c5dec53ef23afb7/html5/thumbnails/28.jpg)
exec{perl-DBD-SQLite:
command => "/usr/bin/yum -y --enablerepo=epel install perl-DBD-SQLite perl-GraphViz",
path => ["/bin","/usr/bin"],
onlyif => "test -n ‘rpm -aq perl-DBD-SQLite‘ "
}
![Page 29: Brief introduction to Puppet - Agenda Catania [Home] · Overview of puppet process Master Client ˙-˙-I Run puppet master daemon on server I Client generates cert and identifees](https://reader033.vdocuments.mx/reader033/viewer/2022042803/5f4457eb5c5dec53ef23afb7/html5/thumbnails/29.jpg)
Virtual resources
Puppet has strict requirement that when client gets resources,resource declared in one place only
I Mostly OK – hierarchical class structure fits well
I But some resources are not so easy because they may berequired in independent classes.
User/group management good example:
I Want to define users, groups in one or two places
I May have very varied needs of where users are defined
![Page 30: Brief introduction to Puppet - Agenda Catania [Home] · Overview of puppet process Master Client ˙-˙-I Run puppet master daemon on server I Client generates cert and identifees](https://reader033.vdocuments.mx/reader033/viewer/2022042803/5f4457eb5c5dec53ef23afb7/html5/thumbnails/30.jpg)
Solution: declare resource as virtual by using @prefix
@user { "dduck" :
home => "/home/dduck",
uid => "28021",
gid => "28021",
comment => "Donald Duck",
require => Group["dduck"],
ensure => present
}
![Page 31: Brief introduction to Puppet - Agenda Catania [Home] · Overview of puppet process Master Client ˙-˙-I Run puppet master daemon on server I Client generates cert and identifees](https://reader033.vdocuments.mx/reader033/viewer/2022042803/5f4457eb5c5dec53ef23afb7/html5/thumbnails/31.jpg)
Then, where you want the user, use realize
node ’testserver’ {
$users=["dduck","mmouse","spiderman"]
realize [User[$users], Group[$users]]
}
![Page 32: Brief introduction to Puppet - Agenda Catania [Home] · Overview of puppet process Master Client ˙-˙-I Run puppet master daemon on server I Client generates cert and identifees](https://reader033.vdocuments.mx/reader033/viewer/2022042803/5f4457eb5c5dec53ef23afb7/html5/thumbnails/32.jpg)
Others
case $operatingsystem {
centos, redhat: { $service_name = ’ntpd’ }
debian, ubuntu: { $service_name = ’ntp’ }
}
package { ’ntp’:
ensure => installed,
}
service { ’ntp’:
name => $service_name,
ensure => running,
enable => true,
subscribe => File[’ntp.conf’],
}