Puppet Express II

We need to machines to make things work. We may want to setup two ec2 instances to play with puppet: puppet master & puppet agent, and actually we'll use aws instances.

Creating a module

Creating a basic directory structure with "foo" module:

$ cd /etc/puppet/modules
$ mkdir -p foo/{files,templates,manifests}

init.pp

When we tell puppet "include 'foo'", or "class { 'foo': }", it looks for the "/modules/foo/manifests/init.pp" file in the "foo" module. So, we need to create the "init.pp" file:

# foo/manifests/init.pp
  class foo {
}

Push a file with a static source

Add the following to the "foo" class to push '/tmp/bar' from a static file which is located in our module. This will load a static file "bar" from the "files" directory of the "foo" module:

  file { '/tmp/bar':
    ensure => file,
    owner  => 'root',
    group  => 'root',
    mode   => 0644,
    source => 'puppet:///modules/foo/bar',
  }

When the puppet client starts, it sends a request for signing it's cert to master:

ubuntu@agent-node:/tmp$ sudo puppet agent -t
Info: Caching certificate for agent-node.us-west-1.compute.internal
Info: Caching certificate for agent-node.us-west-1.compute.internal
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for agent-node.us-west-1.compute.internal
Info: Applying configuration version '1427327462'
Notice: /Stage[main]/Foo/File[/tmp/bar]/ensure: defined content as '{md5}12c69c5ba876834c69b9699faa6beb9d'
Notice: Finished catalog run in 0.20 seconds

ubuntu@agent-node:~$ ls /tmp
bar

"/manifest/site.pp" looks like this:

node "agent-node" {
  include foo
}

Push a file with a static source

Push a file with a dynamic template This will load an ERB template "bar.erb" from the "templates" directory of the "foo" module:

ubuntu@agent-node:~$ sudo puppet agent -t
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for agent-node.us-west-1.compute.internal
Info: Applying configuration version '1427329645'
Notice: /Stage[main]/Foo/File[/tmp/bar2]/ensure: defined content as '{md5}68b329da9893e34099c7d8ad5cb9c940'
Notice: Finished catalog run in 0.08 seconds
ubuntu@agent-node:~$ ls /tmp
bar  bar2
ubuntu@agent-node:~$ vi bar2

Creating a directory

The following code will create a directory owned by root with mode 755:

  file { '/tmp/bay':
    ensure => directory,
    owner  => 'root',
    group  => 'root',
    mode   => 0755,
  }

On our agent-node, we can see the directory has been created:

ubuntu@agent-node:~$ ls -la /tmp
total 20
drwxrwxrwt  3 root root 4096 Mar 26 00:40 .
drwxr-xr-x 23 root root 4096 Mar 25 21:16 ..
-rw-r--r--  1 root root   17 Mar 25 23:51 bar
-rw-r--r--  1 root root    1 Mar 26 00:27 bar2
drwxr-xr-x  2 root root 4096 Mar 26 00:40 bay

Order of resource execution

Puppet doesn't guarantee ordering of resources. We need to tell it what ordering we need.

For example, we want to install a package, and then create a config file for it:

"foo/manifests/init.pp":

  package { 'puppet': ensure => installed }
  file { '/etc/puppet/puppet.conf':
    ensure  => file,
    content => template('puppet/puppet.conf.erb'),
    require => Package['puppet'],
  }

On agent-node:

ubuntu@agent-node:~$ sudo puppet agent -t
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for agent-node.us-west-1.compute.internal
Info: Applying configuration version '1427331244'
Notice: /Stage[main]/Foo/File[/etc/puppet/puppet.conf]/content:
--- /etc/puppet/puppet.conf	2015-03-11 21:20:32.950094292 +0000
+++ /tmp/puppet-file20150326-3162-1tfuxff-0	2015-03-26 00:56:30.626388300 +0000
@@ -1,14 +0,0 @@
-[main]
-logdir=/var/log/puppet
-vardir=/var/lib/puppet
-ssldir=/var/lib/puppet/ssl
-rundir=/var/run/puppet
-factpath=$vardir/lib/facter
-#templatedir=$confdir/templates
-
-[master]
-# These are needed when the puppetmaster is run by passenger
-# and can safely be removed if webrick is used.
-ssl_client_header = SSL_CLIENT_S_DN
-ssl_client_verify_header = SSL_CLIENT_VERIFY
-

Info: Computing checksum on file /etc/puppet/puppet.conf
Info: /Stage[main]/Foo/File[/etc/puppet/puppet.conf]: Filebucketed /etc/puppet/puppet.conf to puppet with sum 4a972bc1b80d162b3ec65a0b08147f95
Notice: /Stage[main]/Foo/File[/etc/puppet/puppet.conf]/content: content changed '{md5}4a972bc1b80d162b3ec65a0b08147f95' to '{md5}d41d8cd98f00b204e9800998ecf8427e'
Notice: Finished catalog run in 0.21 seconds

The code below is equivalent to the previous one. Here, we use "before" instead of "require", and actually, they are inverses of one another in terms of ordering:

  package { 'puppet':
    ensure => installed,
    before => File['/etc/puppet/puppet.conf'],
  }
  file { '/etc/puppet/puppet.conf': content => template('puppet/puppet.conf.erb') }

Removing components

In puppet, removing a resource is just a matter of changing the state you "ensure", eg:

  file { '/tmp/my_file':
    ensure => absent,
  }
  package { 'my_software':
    ensure => purged,
  }
  service { 'my_service':
    ensure => stopped,
  }

"absent" works for most resources. One subtle penalty to this can be that removing things often requires the dependency order be reversed, so be aware that puppet does not implicitly handle this.