dance for the puppet master: g6 tech talk
DESCRIPTION
TRANSCRIPT
![Page 1: Dance for the puppet master: G6 Tech Talk](https://reader036.vdocuments.us/reader036/viewer/2022081518/54c839be4a7959bf438b457e/html5/thumbnails/1.jpg)
Dance for the puppet Dance for the puppet mastermasterAn introduction to PuppetAn introduction to PuppetMichael PeacockMichael Peacock
![Page 2: Dance for the puppet master: G6 Tech Talk](https://reader036.vdocuments.us/reader036/viewer/2022081518/54c839be4a7959bf438b457e/html5/thumbnails/2.jpg)
So, what is puppetSo, what is puppet
Provisioning toolProvisioning tool
““Open source configuration management Open source configuration management tool”tool”
Used to automate server managementUsed to automate server management
ConfigurationConfiguration
Installs & upgradesInstalls & upgrades
etcetc
![Page 3: Dance for the puppet master: G6 Tech Talk](https://reader036.vdocuments.us/reader036/viewer/2022081518/54c839be4a7959bf438b457e/html5/thumbnails/3.jpg)
Internal development team presentationInternal development team presentation
Ground Six LimitedGround Six Limited
![Page 4: Dance for the puppet master: G6 Tech Talk](https://reader036.vdocuments.us/reader036/viewer/2022081518/54c839be4a7959bf438b457e/html5/thumbnails/4.jpg)
IdempotentIdempotent
Can be ran multiple times without changing Can be ran multiple times without changing the server (unless the configuration changes)the server (unless the configuration changes)
Instead of doing things, it checks or ensures Instead of doing things, it checks or ensures things:things:
Ensuring a package is installed only installs it Ensuring a package is installed only installs it if it hasn’t been installed. Execs only run if if it hasn’t been installed. Execs only run if their create file isn’t found (and puppet their create file isn’t found (and puppet doesn’t think they have been ran)doesn’t think they have been ran)
![Page 5: Dance for the puppet master: G6 Tech Talk](https://reader036.vdocuments.us/reader036/viewer/2022081518/54c839be4a7959bf438b457e/html5/thumbnails/5.jpg)
Configuration within Configuration within VagrantVagrant
Tell puppet to runTell puppet to run
Tell it where the manifests liveTell it where the manifests live
Tell it the default manifestTell it the default manifest
Tell it where modules liveTell it where modules live
![Page 6: Dance for the puppet master: G6 Tech Talk](https://reader036.vdocuments.us/reader036/viewer/2022081518/54c839be4a7959bf438b457e/html5/thumbnails/6.jpg)
config.vm.provision :puppet do |puppet| puppet.manifests_path = "provision/manifests" puppet.manifest_file = "default.pp" puppet.module_path = "provision/modules" end
![Page 7: Dance for the puppet master: G6 Tech Talk](https://reader036.vdocuments.us/reader036/viewer/2022081518/54c839be4a7959bf438b457e/html5/thumbnails/7.jpg)
What can it do?What can it do?
croncron: install and manage cron jobs (: install and manage cron jobs (scheduled_taskscheduled_task on on windows)windows)
execexec: runs shall commands: runs shall commands
useruser: create and manage user accounts: create and manage user accounts
groupgroup: create and manage groups: create and manage groups
filefile: create and manage files, folders and symlinks: create and manage files, folders and symlinks
notifynotify: log something: log something
serviceservice: manage running services: manage running services
And more...the items in bold are known as And more...the items in bold are known as resourcesresources within within puppetpuppet
![Page 8: Dance for the puppet master: G6 Tech Talk](https://reader036.vdocuments.us/reader036/viewer/2022081518/54c839be4a7959bf438b457e/html5/thumbnails/8.jpg)
RequireRequire
Many / all puppet options support a “require” Many / all puppet options support a “require” configurationconfiguration
Defines other puppet tasks which must have Defines other puppet tasks which must have been successfully checked / executed before been successfully checked / executed before this can be ranthis can be ran
We only want to install packages once we We only want to install packages once we have updated aptitudehave updated aptitude
We only want to install MySQL drivers once we We only want to install MySQL drivers once we have the MySQL client/server installedhave the MySQL client/server installed
![Page 9: Dance for the puppet master: G6 Tech Talk](https://reader036.vdocuments.us/reader036/viewer/2022081518/54c839be4a7959bf438b457e/html5/thumbnails/9.jpg)
Require exampleRequire example
notice when referencing other puppet notice when referencing other puppet configurations, the resource type is capitalisedconfigurations, the resource type is capitalised
require => [ Package['mysql-client'], Package['mysql-server'] ]
![Page 10: Dance for the puppet master: G6 Tech Talk](https://reader036.vdocuments.us/reader036/viewer/2022081518/54c839be4a7959bf438b457e/html5/thumbnails/10.jpg)
execexec
command: command (including full path unless command: command (including full path unless pathpath is also defined) to be executed. The “name” is also defined) to be executed. The “name” will be used if omittedwill be used if omitted
user & group: to run the command asuser & group: to run the command as
create: a file that the command creates. If found, create: a file that the command creates. If found, the exec is not runthe exec is not run
cwd: directory to run the command fromcwd: directory to run the command from
path: if full path for command isn’t supplied, path path: if full path for command isn’t supplied, path must point to location of the commandmust point to location of the command
![Page 11: Dance for the puppet master: G6 Tech Talk](https://reader036.vdocuments.us/reader036/viewer/2022081518/54c839be4a7959bf438b457e/html5/thumbnails/11.jpg)
exec: a noteexec: a note
We create lock files in some of our exec We create lock files in some of our exec commands to prevent repeated execution, commands to prevent repeated execution, e.g. after installing the default database, e.g. after installing the default database,
download something or run anything which download something or run anything which can only be ran once.can only be ran once.
![Page 12: Dance for the puppet master: G6 Tech Talk](https://reader036.vdocuments.us/reader036/viewer/2022081518/54c839be4a7959bf438b457e/html5/thumbnails/12.jpg)
exec: exampleexec: example
exec{ "create-db":
command => '/bin/gunzip -c /vagrant/database/default.sql.gz > db.sql && /usr/bin/mysql < db.sql && /bin/rm db.sql && /bin/touch /vagrant/mysqlimport.lock',
require => [ Package['mysql-client'], Package['mysql-server'] ],
creates => "/vagrant/mysqlimport.lock",
timeout => 0 }
![Page 13: Dance for the puppet master: G6 Tech Talk](https://reader036.vdocuments.us/reader036/viewer/2022081518/54c839be4a7959bf438b457e/html5/thumbnails/13.jpg)
exec: another exampleexec: another example
exec{ "compose":
command => '/bin/rm -rfv /vagrant/vendor/* && /bin/rm -f /vagrant/composer.lock && /usr/bin/curl -s http://getcomposer.org/installer | /usr/bin/php -- --install-dir=/vagrant && cd /vagrant && /usr/bin/php /vagrant/composer.phar install',
require => [ Package['curl'], Package['git-core'] ],
creates => "/vagrant/composer.lock",
timeout => 0}
![Page 14: Dance for the puppet master: G6 Tech Talk](https://reader036.vdocuments.us/reader036/viewer/2022081518/54c839be4a7959bf438b457e/html5/thumbnails/14.jpg)
Installing the default MySQL database contentInstalling the default MySQL database content
Install pear projectsInstall pear projects
Note: we should probably use or write a puppet Note: we should probably use or write a puppet module to install pear projects we need, our module to install pear projects we need, our approach is a bit of a hackapproach is a bit of a hack
exec: what we use it forexec: what we use it for
![Page 15: Dance for the puppet master: G6 Tech Talk](https://reader036.vdocuments.us/reader036/viewer/2022081518/54c839be4a7959bf438b457e/html5/thumbnails/15.jpg)
subscribe & refreshonlysubscribe & refreshonly
Some commands need to be ran periodically after Some commands need to be ran periodically after other things have ranother things have ran
More so the case when puppet manages existing More so the case when puppet manages existing infrastructure (using it to manage whats already infrastructure (using it to manage whats already on a machine and installing new things)on a machine and installing new things)
subscribesubscribe: : defines other events which should cause defines other events which should cause the task to run (like require, but refreshes the task)the task to run (like require, but refreshes the task)
refreshonly: instructs the task to refreshonly: instructs the task to onlyonly run when the run when the other tasks are completedother tasks are completed
![Page 16: Dance for the puppet master: G6 Tech Talk](https://reader036.vdocuments.us/reader036/viewer/2022081518/54c839be4a7959bf438b457e/html5/thumbnails/16.jpg)
Installing softwareInstalling software
Package “type”Package “type”
We need to apt-get update first...We need to apt-get update first...
We want to ensure some of our installed We want to ensure some of our installed software is runningsoftware is running
![Page 17: Dance for the puppet master: G6 Tech Talk](https://reader036.vdocuments.us/reader036/viewer/2022081518/54c839be4a7959bf438b457e/html5/thumbnails/17.jpg)
Update aptitudeUpdate aptitude
exec { 'apt-get update': command => '/usr/bin/apt-get update', require => Exec['preparenetworking'], timeout => 0 }
![Page 18: Dance for the puppet master: G6 Tech Talk](https://reader036.vdocuments.us/reader036/viewer/2022081518/54c839be4a7959bf438b457e/html5/thumbnails/18.jpg)
Install packageInstall package
We just need to ensure the package is presentWe just need to ensure the package is present
package { "apache2": ensure => present, require => Exec['apt-get update'] }
![Page 19: Dance for the puppet master: G6 Tech Talk](https://reader036.vdocuments.us/reader036/viewer/2022081518/54c839be4a7959bf438b457e/html5/thumbnails/19.jpg)
Run the serviceRun the service
service { "apache2": ensure => running, require => Package['apache2'] }
![Page 20: Dance for the puppet master: G6 Tech Talk](https://reader036.vdocuments.us/reader036/viewer/2022081518/54c839be4a7959bf438b457e/html5/thumbnails/20.jpg)
FilesFiles
ensure: type of file - symlink (link), directoryensure: type of file - symlink (link), directory
target: for symlinks - set the target filetarget: for symlinks - set the target file
source:file to be copied (if copying a file)source:file to be copied (if copying a file)
owner: user who should own the fileowner: user who should own the file
group: group associated with the filegroup: group associated with the file
mode: file permissions e.g. 777mode: file permissions e.g. 777
![Page 21: Dance for the puppet master: G6 Tech Talk](https://reader036.vdocuments.us/reader036/viewer/2022081518/54c839be4a7959bf438b457e/html5/thumbnails/21.jpg)
file: copy apache configfile: copy apache config
Set the source: source => ‘/path/to/file’Set the source: source => ‘/path/to/file’
file { '/etc/apache2/sites-available/default':source =>
'/vagrant/provision/modules/apache/files/default',owner => 'root',group => 'root'
}
![Page 22: Dance for the puppet master: G6 Tech Talk](https://reader036.vdocuments.us/reader036/viewer/2022081518/54c839be4a7959bf438b457e/html5/thumbnails/22.jpg)
file: create a symlinkfile: create a symlink
ensure => ‘link’ensure => ‘link’
file { '/var/www/vendor': ensure => 'link', target => '/vagrant/vendor', require => Package['apache2']
}
![Page 23: Dance for the puppet master: G6 Tech Talk](https://reader036.vdocuments.us/reader036/viewer/2022081518/54c839be4a7959bf438b457e/html5/thumbnails/23.jpg)
file: create a folderfile: create a folder
ensure => ‘directory’ensure => ‘directory’
file{ "/var/www/uploads": ensure => "directory", owner => "www-data", group => "www-data", mode => 777,}
![Page 24: Dance for the puppet master: G6 Tech Talk](https://reader036.vdocuments.us/reader036/viewer/2022081518/54c839be4a7959bf438b457e/html5/thumbnails/24.jpg)
file: create several file: create several foldersfolders
$cache_directories = [ "/var/www/cache/", "/var/www/cache/pages", "/var/www/cache/routes", "/var/www/cache/templates", ]
file { $cache_directories: ensure => "directory", owner => "www-data", group => "www-data", mode => 777, }
![Page 25: Dance for the puppet master: G6 Tech Talk](https://reader036.vdocuments.us/reader036/viewer/2022081518/54c839be4a7959bf438b457e/html5/thumbnails/25.jpg)
Add a cronAdd a cron
command: the command to runcommand: the command to run
user: user to run the cron asuser: user to run the cron as
hour, minute, month, monthday, weekdayhour, minute, month, monthday, weekday
can be defined as hour => 1 can be defined as hour => 1 oror
hour => [1,2,3,5] hour => [1,2,3,5] oror
hour => [1-10]hour => [1-10]
![Page 26: Dance for the puppet master: G6 Tech Talk](https://reader036.vdocuments.us/reader036/viewer/2022081518/54c839be4a7959bf438b457e/html5/thumbnails/26.jpg)
Create a userCreate a user
user { "developer":ensure => "present",gid => "wheel",shell => "/bin/bash",home =>
"/home/developer",managehome => true,password =>
"passwordtest",require =>
Group["wheel"]}
![Page 27: Dance for the puppet master: G6 Tech Talk](https://reader036.vdocuments.us/reader036/viewer/2022081518/54c839be4a7959bf438b457e/html5/thumbnails/27.jpg)
Create a groupCreate a group
group { "wheel": ensure =>
"present",}
![Page 28: Dance for the puppet master: G6 Tech Talk](https://reader036.vdocuments.us/reader036/viewer/2022081518/54c839be4a7959bf438b457e/html5/thumbnails/28.jpg)
Make the group a Make the group a sudoersudoer
We probably want to stop this being ran multiple times!We probably want to stop this being ran multiple times!
exec { "/bin/echo \"%wheel ALL=(ALL) ALL\" >> /etc/sudoers": require => Group["wheel"]}
![Page 29: Dance for the puppet master: G6 Tech Talk](https://reader036.vdocuments.us/reader036/viewer/2022081518/54c839be4a7959bf438b457e/html5/thumbnails/29.jpg)
StagesStages
Running things in a specific order can often be Running things in a specific order can often be importantimportant
Require often makes this easy for us, however Require often makes this easy for us, however Exec’s don’t seem to use this reliablyExec’s don’t seem to use this reliably
We can define “stages” with a specific order. We can define “stages” with a specific order.
We can then put puppet modules into stagesWe can then put puppet modules into stages
Default stage is Stage[main]Default stage is Stage[main]
![Page 30: Dance for the puppet master: G6 Tech Talk](https://reader036.vdocuments.us/reader036/viewer/2022081518/54c839be4a7959bf438b457e/html5/thumbnails/30.jpg)
Stages exampleStages example
stage { 'first': before => Stage[main] }class {'apache': stage => first}
![Page 31: Dance for the puppet master: G6 Tech Talk](https://reader036.vdocuments.us/reader036/viewer/2022081518/54c839be4a7959bf438b457e/html5/thumbnails/31.jpg)
Importing modulesImporting modules
Import the module (assuming it is in the right Import the module (assuming it is in the right folder)folder)
Include the module to be executedInclude the module to be executed
import "apache"include apache
![Page 32: Dance for the puppet master: G6 Tech Talk](https://reader036.vdocuments.us/reader036/viewer/2022081518/54c839be4a7959bf438b457e/html5/thumbnails/32.jpg)
Image CreditsImage Credits
http://www.flickr.com/photos/stephen_wong/56http://www.flickr.com/photos/stephen_wong/560079730/0079730/