Download - Do you know all of Puppet?
![Page 1: Do you know all of Puppet?](https://reader031.vdocuments.us/reader031/viewer/2022030318/5a6d40b97f8b9ac2418b59bb/html5/thumbnails/1.jpg)
Do you know all of Puppet?
Julien Pivotto (@roidelapluie)
Budapest DevOps Meetup
April 23, 2017
![Page 2: Do you know all of Puppet?](https://reader031.vdocuments.us/reader031/viewer/2022030318/5a6d40b97f8b9ac2418b59bb/html5/thumbnails/2.jpg)
$::userJulien Pivotto
@roidelapluie on irc/github/twitter
Puppet user since 2011 (Puppet 0.24)
VoxPupuli member (& security officer)
![Page 3: Do you know all of Puppet?](https://reader031.vdocuments.us/reader031/viewer/2022030318/5a6d40b97f8b9ac2418b59bb/html5/thumbnails/3.jpg)
inuits
![Page 4: Do you know all of Puppet?](https://reader031.vdocuments.us/reader031/viewer/2022030318/5a6d40b97f8b9ac2418b59bb/html5/thumbnails/4.jpg)
Scope(Ab)using Puppet
The Puppet community
Puppet DSL tips and tricks
![Page 5: Do you know all of Puppet?](https://reader031.vdocuments.us/reader031/viewer/2022030318/5a6d40b97f8b9ac2418b59bb/html5/thumbnails/5.jpg)
Why?Puppet present in lots of places
There are lots of new exciting features
But the puppet DSL has a strong trunk
Many don't use all of its capacities
![Page 6: Do you know all of Puppet?](https://reader031.vdocuments.us/reader031/viewer/2022030318/5a6d40b97f8b9ac2418b59bb/html5/thumbnails/6.jpg)
Using PuppetCreative Commons Attribution 2.0 https://www.flickr.com/photos/jimmcd/4859841581
![Page 7: Do you know all of Puppet?](https://reader031.vdocuments.us/reader031/viewer/2022030318/5a6d40b97f8b9ac2418b59bb/html5/thumbnails/7.jpg)
Custom factsFACTER_bootstrap=true puppet agent test
Useful for 1-time facts, or overwriting existingfacts (e.g ipaddress) without code.
![Page 8: Do you know all of Puppet?](https://reader031.vdocuments.us/reader031/viewer/2022030318/5a6d40b97f8b9ac2418b59bb/html5/thumbnails/8.jpg)
Custom facts (scripts)./mycustomscriptdatacenter=mydc
![Page 9: Do you know all of Puppet?](https://reader031.vdocuments.us/reader031/viewer/2022030318/5a6d40b97f8b9ac2418b59bb/html5/thumbnails/9.jpg)
Custom facts (ruby)# Interrupt Remapping# http://www.novell.com/support/kb/doc.php?id=7014344# https://access.redhat.com/site/solutions/110053# https://access.redhat.com/site/solutions/722593
Facter.add("is_interrupt_remapping_broken") do confine :kernel => "Linux" setcode do output = Facter::Util::Resolution.exec( '/sbin/lspci nn | grep E \'8086:(340[36].*rev 13|3405.*rev (12|13|22))\'') if output.nil? or output.empty? result = false else result = true end result endend
![Page 10: Do you know all of Puppet?](https://reader031.vdocuments.us/reader031/viewer/2022030318/5a6d40b97f8b9ac2418b59bb/html5/thumbnails/10.jpg)
The Puppet resource face$ puppet resource file /home/u/.vimrcfile { '/home/u/.vimrc': ensure => 'file', content => '{md5}d414e9800998ecf8427e', ctime => '20170425 11:01:05 +0100', group => '1000', mode => '0644', mtime => '20170425 15:02:03 +0100', owner => '1000', type => 'file',}$ puppet resource file .hushlogin mode=0755
![Page 11: Do you know all of Puppet?](https://reader031.vdocuments.us/reader031/viewer/2022030318/5a6d40b97f8b9ac2418b59bb/html5/thumbnails/11.jpg)
PluginsyncIm modules:
lib/puppet/reports/prometheus.rblib/augeas/lenses/tmpfiles.aug
Share reports processors
Share augeas lenses
Share facts
![Page 12: Do you know all of Puppet?](https://reader031.vdocuments.us/reader031/viewer/2022030318/5a6d40b97f8b9ac2418b59bb/html5/thumbnails/12.jpg)
Puppet as a CAEach Puppet agent has a certificate
It is used and maintained
It is easy to sign/generate
e.g.: The foreman
![Page 13: Do you know all of Puppet?](https://reader031.vdocuments.us/reader031/viewer/2022030318/5a6d40b97f8b9ac2418b59bb/html5/thumbnails/13.jpg)
Tooling for your laptoppuppet parser validate
Built into puppet
find . -name "*.pp" -exec puppet parservalidate + ";"
![Page 14: Do you know all of Puppet?](https://reader031.vdocuments.us/reader031/viewer/2022030318/5a6d40b97f8b9ac2418b59bb/html5/thumbnails/14.jpg)
Style and Best practicesPuppet-lint 2
Plugins:parameter_documentation
roles_and_profiles
package_ensure
unquoted_string
legacy_facts
many more...
![Page 15: Do you know all of Puppet?](https://reader031.vdocuments.us/reader031/viewer/2022030318/5a6d40b97f8b9ac2418b59bb/html5/thumbnails/15.jpg)
The communityCreative Commons Attribution 2.0 https://www.flickr.com/photos/mrmystery/15868773733/
![Page 16: Do you know all of Puppet?](https://reader031.vdocuments.us/reader031/viewer/2022030318/5a6d40b97f8b9ac2418b59bb/html5/thumbnails/16.jpg)
Puppet ModulesModules are awesome
They have clear API's
Easy to make code ready for everyone
Sharing is part of lots of Puppet usersmindset
![Page 17: Do you know all of Puppet?](https://reader031.vdocuments.us/reader031/viewer/2022030318/5a6d40b97f8b9ac2418b59bb/html5/thumbnails/17.jpg)
The modules ecosystemPuppet Forge
Github
![Page 18: Do you know all of Puppet?](https://reader031.vdocuments.us/reader031/viewer/2022030318/5a6d40b97f8b9ac2418b59bb/html5/thumbnails/18.jpg)
Puppet is agingLots of old, unmaintained modules
Modules not Puppet 4 compatibles
Modules untested
Modules without maintainers
![Page 19: Do you know all of Puppet?](https://reader031.vdocuments.us/reader031/viewer/2022030318/5a6d40b97f8b9ac2418b59bb/html5/thumbnails/19.jpg)
The world evolves fastRuby versions, gems, change fast
Keeping an up to date public CI (with travis) ishard
But you don't need to change everymoduleseveryday ..
![Page 20: Do you know all of Puppet?](https://reader031.vdocuments.us/reader031/viewer/2022030318/5a6d40b97f8b9ac2418b59bb/html5/thumbnails/20.jpg)
Vox PupuliCreative Commons Attribution-ShareAlike 4.0 https://github.com/voxpupuli/logos
![Page 21: Do you know all of Puppet?](https://reader031.vdocuments.us/reader031/viewer/2022030318/5a6d40b97f8b9ac2418b59bb/html5/thumbnails/21.jpg)
What is Vox Pupuli?Vox Pupuli is a community
We are sysadmins/developers/... puppetusers
We share values
Started in 2014
![Page 22: Do you know all of Puppet?](https://reader031.vdocuments.us/reader031/viewer/2022030318/5a6d40b97f8b9ac2418b59bb/html5/thumbnails/22.jpg)
What do we doWe share Puppet modules
We maintain them, improve them
We provide a nice home for Puppet modules
![Page 23: Do you know all of Puppet?](https://reader031.vdocuments.us/reader031/viewer/2022030318/5a6d40b97f8b9ac2418b59bb/html5/thumbnails/23.jpg)
HowWe automate
We are experts (we use those modules)
We are an important group (98 people)
We enforce our Code of Conduct
![Page 24: Do you know all of Puppet?](https://reader031.vdocuments.us/reader031/viewer/2022030318/5a6d40b97f8b9ac2418b59bb/html5/thumbnails/24.jpg)
Join us (with or without code)Open Pull requests (we have 118 repos)
Share your modules
![Page 25: Do you know all of Puppet?](https://reader031.vdocuments.us/reader031/viewer/2022030318/5a6d40b97f8b9ac2418b59bb/html5/thumbnails/25.jpg)
Get in touch#voxpupuli on IRC
voxpupuli
http://github.com/voxpupuli
![Page 26: Do you know all of Puppet?](https://reader031.vdocuments.us/reader031/viewer/2022030318/5a6d40b97f8b9ac2418b59bb/html5/thumbnails/26.jpg)
The Puppet DSLCreative Commons Attribution 2.0 https://www.flickr.com/photos/mujitra/4421810399
![Page 27: Do you know all of Puppet?](https://reader031.vdocuments.us/reader031/viewer/2022030318/5a6d40b97f8b9ac2418b59bb/html5/thumbnails/27.jpg)
The Puppet DSLAwareness of its potential
Write less code
Avoid bad patterns
![Page 28: Do you know all of Puppet?](https://reader031.vdocuments.us/reader031/viewer/2022030318/5a6d40b97f8b9ac2418b59bb/html5/thumbnails/28.jpg)
The File resourcefile { '/etc/motd' ensure => file, content => 'foobarbarfoofoobar',}
![Page 29: Do you know all of Puppet?](https://reader031.vdocuments.us/reader031/viewer/2022030318/5a6d40b97f8b9ac2418b59bb/html5/thumbnails/29.jpg)
content => file()file { '/etc/motd': ensure => file, content => file("${module_name}/motd"),}
For small, text files (file content is in the catalog)
Since Puppet 3.7.0
![Page 30: Do you know all of Puppet?](https://reader031.vdocuments.us/reader031/viewer/2022030318/5a6d40b97f8b9ac2418b59bb/html5/thumbnails/30.jpg)
validate_cmdfile { '/etc/corosync/corosync.conf': ensure => file, validate_cmd => '/usr/sbin/corosync t %',}
Verify the file before replacing it
Since Puppet 3.5.0Alternative in stdlib for older versions
![Page 31: Do you know all of Puppet?](https://reader031.vdocuments.us/reader031/viewer/2022030318/5a6d40b97f8b9ac2418b59bb/html5/thumbnails/31.jpg)
show_difffile { '/etc/app/secrets': content => 'my secret content', show_diff => false,}
Since Puppet 3.2.1
![Page 32: Do you know all of Puppet?](https://reader031.vdocuments.us/reader031/viewer/2022030318/5a6d40b97f8b9ac2418b59bb/html5/thumbnails/32.jpg)
replacefile { '/etc/installtime': content => template('date.erb'), replace => no,}
Since Puppet 0.19.0
![Page 33: Do you know all of Puppet?](https://reader031.vdocuments.us/reader031/viewer/2022030318/5a6d40b97f8b9ac2418b59bb/html5/thumbnails/33.jpg)
backupfile { '/etc/hosts': content => template('hosts.erb'), backup => '.bak',}
Since a very long time...
![Page 34: Do you know all of Puppet?](https://reader031.vdocuments.us/reader031/viewer/2022030318/5a6d40b97f8b9ac2418b59bb/html5/thumbnails/34.jpg)
sourcefile { '/etc/issue.net': source => '/etc/motd'}
Since a very long time...
![Page 35: Do you know all of Puppet?](https://reader031.vdocuments.us/reader031/viewer/2022030318/5a6d40b97f8b9ac2418b59bb/html5/thumbnails/35.jpg)
autorequiresDon't do:
file { '/tmp':}
file { '/tmp/foo': require => File['/tmp'],}
because files auto-require their parents (andowners, groups...)
Since Puppet 0.10.2
![Page 36: Do you know all of Puppet?](https://reader031.vdocuments.us/reader031/viewer/2022030318/5a6d40b97f8b9ac2418b59bb/html5/thumbnails/36.jpg)
other autorequiresExec, Cron require their users
Mount require its parents
Exec requires its File[cwd]
![Page 37: Do you know all of Puppet?](https://reader031.vdocuments.us/reader031/viewer/2022030318/5a6d40b97f8b9ac2418b59bb/html5/thumbnails/37.jpg)
other autodependenciesresources types can implement autonotify andautosubscribe
(this is used in puppet-corosync)
Since Puppet 4.0.0
![Page 38: Do you know all of Puppet?](https://reader031.vdocuments.us/reader031/viewer/2022030318/5a6d40b97f8b9ac2418b59bb/html5/thumbnails/38.jpg)
nooppackage { 'ntpd': ensure => latest, noop => true,}
noop is not only a global setting - it is also ametaparameter that can be applied to anyresource
Present since a very long time...
![Page 39: Do you know all of Puppet?](https://reader031.vdocuments.us/reader031/viewer/2022030318/5a6d40b97f8b9ac2418b59bb/html5/thumbnails/39.jpg)
purging resourcesresources { 'cron': purge => true, noop => true,}
Present since Puppet 0.22.0Present since 3.5.0 (for cron resources)
![Page 40: Do you know all of Puppet?](https://reader031.vdocuments.us/reader031/viewer/2022030318/5a6d40b97f8b9ac2418b59bb/html5/thumbnails/40.jpg)
exec triesexec { '/bin/wget 127.0.0.1': tries => 10, try_sleep => 1,}
Present since Puppet 2.6.0
![Page 41: Do you know all of Puppet?](https://reader031.vdocuments.us/reader031/viewer/2022030318/5a6d40b97f8b9ac2418b59bb/html5/thumbnails/41.jpg)
arraysfile { '/usr/bin/sometimesexecutable': mode => ['0755', '0644'],}
Will accept both modes, and set 0755 if notmatching.Can be used with most of the properties.
Since Puppet 0.23.1
![Page 42: Do you know all of Puppet?](https://reader031.vdocuments.us/reader031/viewer/2022030318/5a6d40b97f8b9ac2418b59bb/html5/thumbnails/42.jpg)
Requirementsdefine foo::bar { Package['foo'] > Foo::Bar[$name]}
Is the same as:
foo::bar {'barfoo': require => Package['foo'],}
![Page 43: Do you know all of Puppet?](https://reader031.vdocuments.us/reader031/viewer/2022030318/5a6d40b97f8b9ac2418b59bb/html5/thumbnails/43.jpg)
AliasesInstead of:
file { "/tmp/foo/bar/bar.foo/foobar": ensure => file,}
service { 'barfoo': require => File['/tmp/foo/bar/bar.foo/foobar'],}
![Page 44: Do you know all of Puppet?](https://reader031.vdocuments.us/reader031/viewer/2022030318/5a6d40b97f8b9ac2418b59bb/html5/thumbnails/44.jpg)
AliasesUse:
file {"/tmp/foo/bar/bar.foo/foobar": ensure => file, alias => 'foobar',}
service {'barfoo': require => File['foobar'],}
Since a very long time...
![Page 45: Do you know all of Puppet?](https://reader031.vdocuments.us/reader031/viewer/2022030318/5a6d40b97f8b9ac2418b59bb/html5/thumbnails/45.jpg)
Loglevelexec { '/bin/mybrokenexec': loglevel => debug,}
Since Puppet 0.23.1
![Page 46: Do you know all of Puppet?](https://reader031.vdocuments.us/reader031/viewer/2022030318/5a6d40b97f8b9ac2418b59bb/html5/thumbnails/46.jpg)
ConclusionCreative Commons Attribution 2.0 https://www.flickr.com/photos/wwworks/6320539775/
![Page 47: Do you know all of Puppet?](https://reader031.vdocuments.us/reader031/viewer/2022030318/5a6d40b97f8b9ac2418b59bb/html5/thumbnails/47.jpg)
PuppetPuppet is in the sysadmins basic tools now
Tooling around it is great
Very active and mature community
Powerful DSL ; can handle many scenarios