Upload
michael-peacock
View
114
Download
3
Tags:
Embed Size (px)
DESCRIPTION
Citation preview
Dance for the puppet Dance for the puppet mastermasterAn introduction to PuppetAn introduction to PuppetMichael PeacockMichael Peacock
So, what is puppetSo, what is puppet
Provisioning toolProvisioning tool
““Open source configuration management Open source configuration management tool”tool”
Used to automate server managementUsed to automate server management
ConfigurationConfiguration
Installs & upgradesInstalls & upgrades
etcetc
Internal development team presentationInternal development team presentation
Ground Six LimitedGround Six Limited
IdempotentIdempotent
Can be ran multiple times without changing Can be ran multiple times without changing the server (unless the configuration changes)the server (unless the configuration changes)
Instead of doing things, it checks or ensures Instead of doing things, it checks or ensures things:things:
Ensuring a package is installed only installs it Ensuring a package is installed only installs it if it hasn’t been installed. Execs only run if if it hasn’t been installed. Execs only run if their create file isn’t found (and puppet their create file isn’t found (and puppet doesn’t think they have been ran)doesn’t think they have been ran)
Configuration within Configuration within VagrantVagrant
Tell puppet to runTell puppet to run
Tell it where the manifests liveTell it where the manifests live
Tell it the default manifestTell it the default manifest
Tell it where modules liveTell it where modules live
config.vm.provision :puppet do |puppet| puppet.manifests_path = "provision/manifests" puppet.manifest_file = "default.pp" puppet.module_path = "provision/modules" end
What can it do?What can it do?
croncron: install and manage cron jobs (: install and manage cron jobs (scheduled_taskscheduled_task on on windows)windows)
execexec: runs shall commands: runs shall commands
useruser: create and manage user accounts: create and manage user accounts
groupgroup: create and manage groups: create and manage groups
filefile: create and manage files, folders and symlinks: create and manage files, folders and symlinks
notifynotify: log something: log something
serviceservice: manage running services: manage running services
And more...the items in bold are known as And more...the items in bold are known as resourcesresources within within puppetpuppet
RequireRequire
Many / all puppet options support a “require” Many / all puppet options support a “require” configurationconfiguration
Defines other puppet tasks which must have Defines other puppet tasks which must have been successfully checked / executed before been successfully checked / executed before this can be ranthis can be ran
We only want to install packages once we We only want to install packages once we have updated aptitudehave updated aptitude
We only want to install MySQL drivers once we We only want to install MySQL drivers once we have the MySQL client/server installedhave the MySQL client/server installed
Require exampleRequire example
notice when referencing other puppet notice when referencing other puppet configurations, the resource type is capitalisedconfigurations, the resource type is capitalised
require => [ Package['mysql-client'], Package['mysql-server'] ]
execexec
command: command (including full path unless command: command (including full path unless pathpath is also defined) to be executed. The “name” is also defined) to be executed. The “name” will be used if omittedwill be used if omitted
user & group: to run the command asuser & group: to run the command as
create: a file that the command creates. If found, create: a file that the command creates. If found, the exec is not runthe exec is not run
cwd: directory to run the command fromcwd: directory to run the command from
path: if full path for command isn’t supplied, path path: if full path for command isn’t supplied, path must point to location of the commandmust point to location of the command
exec: a noteexec: a note
We create lock files in some of our exec We create lock files in some of our exec commands to prevent repeated execution, commands to prevent repeated execution, e.g. after installing the default database, e.g. after installing the default database,
download something or run anything which download something or run anything which can only be ran once.can only be ran once.
exec: exampleexec: example
exec{ "create-db":
command => '/bin/gunzip -c /vagrant/database/default.sql.gz > db.sql && /usr/bin/mysql < db.sql && /bin/rm db.sql && /bin/touch /vagrant/mysqlimport.lock',
require => [ Package['mysql-client'], Package['mysql-server'] ],
creates => "/vagrant/mysqlimport.lock",
timeout => 0 }
exec: another exampleexec: another example
exec{ "compose":
command => '/bin/rm -rfv /vagrant/vendor/* && /bin/rm -f /vagrant/composer.lock && /usr/bin/curl -s http://getcomposer.org/installer | /usr/bin/php -- --install-dir=/vagrant && cd /vagrant && /usr/bin/php /vagrant/composer.phar install',
require => [ Package['curl'], Package['git-core'] ],
creates => "/vagrant/composer.lock",
timeout => 0}
Installing the default MySQL database contentInstalling the default MySQL database content
Install pear projectsInstall pear projects
Note: we should probably use or write a puppet Note: we should probably use or write a puppet module to install pear projects we need, our module to install pear projects we need, our approach is a bit of a hackapproach is a bit of a hack
exec: what we use it forexec: what we use it for
subscribe & refreshonlysubscribe & refreshonly
Some commands need to be ran periodically after Some commands need to be ran periodically after other things have ranother things have ran
More so the case when puppet manages existing More so the case when puppet manages existing infrastructure (using it to manage whats already infrastructure (using it to manage whats already on a machine and installing new things)on a machine and installing new things)
subscribesubscribe: : defines other events which should cause defines other events which should cause the task to run (like require, but refreshes the task)the task to run (like require, but refreshes the task)
refreshonly: instructs the task to refreshonly: instructs the task to onlyonly run when the run when the other tasks are completedother tasks are completed
Installing softwareInstalling software
Package “type”Package “type”
We need to apt-get update first...We need to apt-get update first...
We want to ensure some of our installed We want to ensure some of our installed software is runningsoftware is running
Update aptitudeUpdate aptitude
exec { 'apt-get update': command => '/usr/bin/apt-get update', require => Exec['preparenetworking'], timeout => 0 }
Install packageInstall package
We just need to ensure the package is presentWe just need to ensure the package is present
package { "apache2": ensure => present, require => Exec['apt-get update'] }
Run the serviceRun the service
service { "apache2": ensure => running, require => Package['apache2'] }
FilesFiles
ensure: type of file - symlink (link), directoryensure: type of file - symlink (link), directory
target: for symlinks - set the target filetarget: for symlinks - set the target file
source:file to be copied (if copying a file)source:file to be copied (if copying a file)
owner: user who should own the fileowner: user who should own the file
group: group associated with the filegroup: group associated with the file
mode: file permissions e.g. 777mode: file permissions e.g. 777
file: copy apache configfile: copy apache config
Set the source: source => ‘/path/to/file’Set the source: source => ‘/path/to/file’
file { '/etc/apache2/sites-available/default':source =>
'/vagrant/provision/modules/apache/files/default',owner => 'root',group => 'root'
}
file: create a symlinkfile: create a symlink
ensure => ‘link’ensure => ‘link’
file { '/var/www/vendor': ensure => 'link', target => '/vagrant/vendor', require => Package['apache2']
}
file: create a folderfile: create a folder
ensure => ‘directory’ensure => ‘directory’
file{ "/var/www/uploads": ensure => "directory", owner => "www-data", group => "www-data", mode => 777,}
file: create several file: create several foldersfolders
$cache_directories = [ "/var/www/cache/", "/var/www/cache/pages", "/var/www/cache/routes", "/var/www/cache/templates", ]
file { $cache_directories: ensure => "directory", owner => "www-data", group => "www-data", mode => 777, }
Add a cronAdd a cron
command: the command to runcommand: the command to run
user: user to run the cron asuser: user to run the cron as
hour, minute, month, monthday, weekdayhour, minute, month, monthday, weekday
can be defined as hour => 1 can be defined as hour => 1 oror
hour => [1,2,3,5] hour => [1,2,3,5] oror
hour => [1-10]hour => [1-10]
Create a userCreate a user
user { "developer":ensure => "present",gid => "wheel",shell => "/bin/bash",home =>
"/home/developer",managehome => true,password =>
"passwordtest",require =>
Group["wheel"]}
Create a groupCreate a group
group { "wheel": ensure =>
"present",}
Make the group a Make the group a sudoersudoer
We probably want to stop this being ran multiple times!We probably want to stop this being ran multiple times!
exec { "/bin/echo \"%wheel ALL=(ALL) ALL\" >> /etc/sudoers": require => Group["wheel"]}
StagesStages
Running things in a specific order can often be Running things in a specific order can often be importantimportant
Require often makes this easy for us, however Require often makes this easy for us, however Exec’s don’t seem to use this reliablyExec’s don’t seem to use this reliably
We can define “stages” with a specific order. We can define “stages” with a specific order.
We can then put puppet modules into stagesWe can then put puppet modules into stages
Default stage is Stage[main]Default stage is Stage[main]
Stages exampleStages example
stage { 'first': before => Stage[main] }class {'apache': stage => first}
Importing modulesImporting modules
Import the module (assuming it is in the right Import the module (assuming it is in the right folder)folder)
Include the module to be executedInclude the module to be executed
import "apache"include apache
Image CreditsImage Credits
http://www.flickr.com/photos/stephen_wong/56http://www.flickr.com/photos/stephen_wong/560079730/0079730/