Dance for the puppet Dance for the puppet mastermasterAn introduction to PuppetAn introduction to PuppetMichael PeacockMichael Peacock

So, what is puppetSo, what is puppet

Provisioning toolProvisioning tool

““Open source configuration management Open source configuration management tool”tool”

Used to automate server managementUsed to automate server management

ConfigurationConfiguration

Installs & upgradesInstalls & upgrades

etcetc

Internal development team presentationInternal development team presentation

Ground Six LimitedGround Six Limited

IdempotentIdempotent

Can be ran multiple times without changing Can be ran multiple times without changing the server (unless the configuration changes)the server (unless the configuration changes)

Instead of doing things, it checks or ensures Instead of doing things, it checks or ensures things:things:

Ensuring a package is installed only installs it Ensuring a package is installed only installs it if it hasn’t been installed. Execs only run if if it hasn’t been installed. Execs only run if their create file isn’t found (and puppet their create file isn’t found (and puppet doesn’t think they have been ran)doesn’t think they have been ran)

Configuration within Configuration within VagrantVagrant

Tell puppet to runTell puppet to run

Tell it where the manifests liveTell it where the manifests live

Tell it the default manifestTell it the default manifest

Tell it where modules liveTell it where modules live

config.vm.provision :puppet do |puppet| puppet.manifests_path = "provision/manifests" puppet.manifest_file = "default.pp" puppet.module_path = "provision/modules" end

What can it do?What can it do?

croncron: install and manage cron jobs (: install and manage cron jobs (scheduled_taskscheduled_task on on windows)windows)

execexec: runs shall commands: runs shall commands

useruser: create and manage user accounts: create and manage user accounts

groupgroup: create and manage groups: create and manage groups

filefile: create and manage files, folders and symlinks: create and manage files, folders and symlinks

notifynotify: log something: log something

serviceservice: manage running services: manage running services

And more...the items in bold are known as And more...the items in bold are known as resourcesresources within within puppetpuppet

RequireRequire

Many / all puppet options support a “require” Many / all puppet options support a “require” configurationconfiguration

Defines other puppet tasks which must have Defines other puppet tasks which must have been successfully checked / executed before been successfully checked / executed before this can be ranthis can be ran

We only want to install packages once we We only want to install packages once we have updated aptitudehave updated aptitude

We only want to install MySQL drivers once we We only want to install MySQL drivers once we have the MySQL client/server installedhave the MySQL client/server installed

Require exampleRequire example

notice when referencing other puppet notice when referencing other puppet configurations, the resource type is capitalisedconfigurations, the resource type is capitalised

require => [ Package['mysql-client'], Package['mysql-server'] ]

execexec

command: command (including full path unless command: command (including full path unless pathpath is also defined) to be executed. The “name” is also defined) to be executed. The “name” will be used if omittedwill be used if omitted

user & group: to run the command asuser & group: to run the command as

create: a file that the command creates. If found, create: a file that the command creates. If found, the exec is not runthe exec is not run

cwd: directory to run the command fromcwd: directory to run the command from

path: if full path for command isn’t supplied, path path: if full path for command isn’t supplied, path must point to location of the commandmust point to location of the command

exec: a noteexec: a note

We create lock files in some of our exec We create lock files in some of our exec commands to prevent repeated execution, commands to prevent repeated execution, e.g. after installing the default database, e.g. after installing the default database,

download something or run anything which download something or run anything which can only be ran once.can only be ran once.

exec: exampleexec: example

exec{ "create-db":

command => '/bin/gunzip -c /vagrant/database/default.sql.gz > db.sql && /usr/bin/mysql < db.sql && /bin/rm db.sql && /bin/touch /vagrant/mysqlimport.lock',

require => [ Package['mysql-client'], Package['mysql-server'] ],

creates => "/vagrant/mysqlimport.lock",

timeout => 0 }

exec: another exampleexec: another example

exec{ "compose":

command => '/bin/rm -rfv /vagrant/vendor/* && /bin/rm -f /vagrant/composer.lock && /usr/bin/curl -s http://getcomposer.org/installer | /usr/bin/php -- --install-dir=/vagrant && cd /vagrant && /usr/bin/php /vagrant/composer.phar install',

require => [ Package['curl'], Package['git-core'] ],

creates => "/vagrant/composer.lock",

timeout => 0}

Installing the default MySQL database contentInstalling the default MySQL database content

Install pear projectsInstall pear projects

Note: we should probably use or write a puppet Note: we should probably use or write a puppet module to install pear projects we need, our module to install pear projects we need, our approach is a bit of a hackapproach is a bit of a hack

exec: what we use it forexec: what we use it for

subscribe & refreshonlysubscribe & refreshonly

Some commands need to be ran periodically after Some commands need to be ran periodically after other things have ranother things have ran

More so the case when puppet manages existing More so the case when puppet manages existing infrastructure (using it to manage whats already infrastructure (using it to manage whats already on a machine and installing new things)on a machine and installing new things)

subscribesubscribe: : defines other events which should cause defines other events which should cause the task to run (like require, but refreshes the task)the task to run (like require, but refreshes the task)

refreshonly: instructs the task to refreshonly: instructs the task to onlyonly run when the run when the other tasks are completedother tasks are completed

Installing softwareInstalling software

Package “type”Package “type”

We need to apt-get update first...We need to apt-get update first...

We want to ensure some of our installed We want to ensure some of our installed software is runningsoftware is running

Update aptitudeUpdate aptitude

exec { 'apt-get update': command => '/usr/bin/apt-get update', require => Exec['preparenetworking'], timeout => 0 }

Install packageInstall package

We just need to ensure the package is presentWe just need to ensure the package is present

package { "apache2": ensure => present, require => Exec['apt-get update'] }

Run the serviceRun the service

service { "apache2": ensure => running, require => Package['apache2'] }

FilesFiles

ensure: type of file - symlink (link), directoryensure: type of file - symlink (link), directory

target: for symlinks - set the target filetarget: for symlinks - set the target file

source:file to be copied (if copying a file)source:file to be copied (if copying a file)

owner: user who should own the fileowner: user who should own the file

group: group associated with the filegroup: group associated with the file

mode: file permissions e.g. 777mode: file permissions e.g. 777

file: copy apache configfile: copy apache config

Set the source: source => ‘/path/to/file’Set the source: source => ‘/path/to/file’

file { '/etc/apache2/sites-available/default':source =>

'/vagrant/provision/modules/apache/files/default',owner => 'root',group => 'root'

}

file: create a symlinkfile: create a symlink

ensure => ‘link’ensure => ‘link’

file { '/var/www/vendor': ensure => 'link', target => '/vagrant/vendor', require => Package['apache2']

}

file: create a folderfile: create a folder

ensure => ‘directory’ensure => ‘directory’

file{ "/var/www/uploads": ensure => "directory", owner => "www-data", group => "www-data", mode => 777,}

file: create several file: create several foldersfolders

$cache_directories = [ "/var/www/cache/", "/var/www/cache/pages", "/var/www/cache/routes", "/var/www/cache/templates", ]

file { $cache_directories: ensure => "directory", owner => "www-data", group => "www-data", mode => 777, }

Add a cronAdd a cron

command: the command to runcommand: the command to run

user: user to run the cron asuser: user to run the cron as

hour, minute, month, monthday, weekdayhour, minute, month, monthday, weekday

can be defined as hour => 1 can be defined as hour => 1 oror

hour => [1,2,3,5] hour => [1,2,3,5] oror

hour => [1-10]hour => [1-10]

Create a userCreate a user

user { "developer":ensure => "present",gid => "wheel",shell => "/bin/bash",home =>

"/home/developer",managehome => true,password =>

"passwordtest",require =>

Group["wheel"]}

Create a groupCreate a group

group { "wheel": ensure =>

"present",}

Make the group a Make the group a sudoersudoer

We probably want to stop this being ran multiple times!We probably want to stop this being ran multiple times!

exec { "/bin/echo \"%wheel ALL=(ALL) ALL\" >> /etc/sudoers": require => Group["wheel"]}

StagesStages

Running things in a specific order can often be Running things in a specific order can often be importantimportant

Require often makes this easy for us, however Require often makes this easy for us, however Exec’s don’t seem to use this reliablyExec’s don’t seem to use this reliably

We can define “stages” with a specific order. We can define “stages” with a specific order.

We can then put puppet modules into stagesWe can then put puppet modules into stages

Default stage is Stage[main]Default stage is Stage[main]

Stages exampleStages example

stage { 'first': before => Stage[main] }class {'apache': stage => first}

Importing modulesImporting modules

Import the module (assuming it is in the right Import the module (assuming it is in the right folder)folder)

Include the module to be executedInclude the module to be executed

import "apache"include apache

Image CreditsImage Credits

http://www.flickr.com/photos/stephen_wong/56http://www.flickr.com/photos/stephen_wong/560079730/0079730/