Académique Documents
Professionnel Documents
Culture Documents
Q: What is Puppet ?
Puppet is a configuration Tool which is use to automate administration tasks. Puppet
Agent(Client) sends request to Puppet Master (Server) and Puppet Master Push Configuration
on Agent.
Q: What is Manifests?
Manifests, in Puppet, are the files in which the client configuration is specified.
Q: What is Facter ?
Sometime you need to write manifests on conditional expressions based on agent specific
data which is available through Facter. Facter provides information like Kernel version, Dist
release, IP Address, CPU info and etc. You can defined your facter also.
Q: What is MCollective ?
MCollective is a powerful orchestration framework. Run actions on thousands of servers
simultaneously, using existing plugins or writing your own.
**
Q:25 What is Puppet Server ?
Ans: Puppet is an open-source & enterprise software for configuration management toll in
UNIX like operating system. Puppet is a IT automation software used to push configuration
to its clients (puppet agents) using code. Puppet code can do a variety of tasks from
installing new software, to check file permissions, or updating user accounts & lots of other
tasks.
Q:26 What are manifests in Puppet ?
Ans: Manifests in Puppet are the files in which the client configuration is specified.
Q:27 Which Command is used to sign requested certificates in Puppet Server ?
Ans: puppetca sign hostname-of-agent in (2.X) & puppet ca sign hostname-of-agent in
(3.X)
Q:28 At which location Puppet Master Stores Certificates ?
Ans: /var/lib/puppet/ssl/ca/signed
**
Certificates management
On the Master we can use
$vardir/ssl**
$vardir/ssl/ca (/var/lib/puppet/ssl/ca).
The server has received the client's CSR which has to be manually signed:
server # puppet cert sign <certname>
Once signed on the Master, the client can connect and receive its catalog:
client # puppet agent -t
If we have issues with certificates (reinstalled client or other certs related problemes):
Be sure client and server times are synced
Clean up the client certificate. On the client remove it:
client # mv /var/lib/puppet/ssl /var/lib/puppet/ssl.old
On the Master clean the old client certificate:
server # puppet cert clean <certname>
Puppet CLI
Bootstrap client
Display facts:
facter
# :
facter -y # YAML
facter -j # JSON
facter memoryfree
facter is_virtual processor0
cat /var/lib/puppet/classes.txt
cd /var/lib/puppet
for i in $(find clientbucket/ -name paths); do
echo "$(stat -c %y $i | sed 's/\..*//')
$(cat $i)";
done | sort -n
Disable agent
Managing Nodes
Managing Modules
puppet
puppet
puppet
puppet
puppet
Inspecting Resources/Types
puppet describe -l
puppet resource <type name>
Debugging deployment and rules on a local machine. This only makes sense in
"one time" mode running in one of the following variants:
module
module
module
module
module
# removes cert
list
install <name>
uninstall <name>
upgrade <name>
search <name>
# Querying Examples
puppet resource user john.smith
puppet resource service apache
puppet resource mount /data
puppet resource file /etc/motd
puppet resource package wget
# Trigger puppet run from master
puppet kick <name>
puppet kick -p 5 <names>
# 5 parallel
Puppet Master
Enable debugging: Add to /etc/puppet/rack/config.ru
ARGV << "--debug"
Hiera
Hiera Queries
On Puppet master:
hiera <key>
# to query common.yaml only
hiera <key> -m <FQDN> # to query config of a given node (using mcollective)
hiera <key> -i <FQDN> # to query config of a given node (using Puppet
inventory)
hiera <key> environment=production fqdn=myhost1
# to pass values for
hiera.yaml
# To dump complex data
hiera -a <array key>
hiera -h <hash key>
Hiera+Puppet Debugging
puppet apply -e "notice(hiera_array('some key'))"
Puppet DSL
Snippets
notify { 'message': loglevel => 'err' }
Merging Arrays
$result = split(inline_template("<%= (array1+array2).join(',') %>"),',')
Exceptions
fail('This is a parser time error')
Conditions
if $var == 'value' {
}
case $::lsbdistcodename {
'squeeze': {
}
'wheezy', 'jessie': {
}
default {
}
}
ERB Syntax
ERB Tags
# literal <%
# literal %>
Using Variables
<%= @name %>
<%= scope.lookupvar('name') %>
<%= scope['somewhere::name'] %>
Conditions
<% if @name != nil %>
Well, @name is set!
When checking if a variable exists/is set
always do check for nil! Everything else is unsafe.
<% end %>
<% if @name ~ /.* Smith$/ %>
Matches
<% end %>
Augeas
Augeas - in Puppet: Using Puppet with Augeas
augeas { "sshd_config":
changes => [
"set /files/etc/ssh/sshd_config/PermitRootLogin no",
],
}
Testing
Validate manifest
puppet parser validate <manifest>
Validate ERBs