Professional Documents
Culture Documents
1
Puppet Guide
Legal No tice
Copyright 2015 Red Hat.
This document is licensed by Red Hat under the Creative Commons AttributionShareAlike 3.0 Unported License. If you distribute this document, or a modified version
of it, you must provide attribution to Red Hat, Inc. and provide a link to the original. If
the document is modified, all Red Hat trademarks must be removed.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees
not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable
law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, MetaMatrix, Fedora,
the Infinity Logo, and RHCE are trademarks of Red Hat, Inc., registered in the United
States and other countries.
Linux is the registered trademark of Linus Torvalds in the United States and other
countries.
Java is a registered trademark of Oracle and/or its affiliates.
XFS is a trademark of Silicon Graphics International Corp. or its subsidiaries in the
United States and/or other countries.
MySQL is a registered trademark of MySQL AB in the United States, the European
Union and other countries.
Node.js is an official trademark of Joyent. Red Hat Software Collections is not
formally related to or endorsed by the official Joyent Node.js open source or
commercial project.
The OpenStack Word Mark and OpenStack Logo are either registered
trademarks/service marks or trademarks/service marks of the OpenStack
Foundation, in the United States and other countries and are used with the
OpenStack Foundation's permission. We are not affiliated with, endorsed or
sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.
Abstract
Puppet is a system configuration tool used in Red Hat Satellite 6. This book runs
through the creation of a basic Puppet Module and how to use this module in your
Red Hat Satellite 6 infrastructure.
T able o f Co nt e nt s
T able o f Co ntents
. .hapt
C
. . . .e.r. 1.
. .O
. .ve
. .r.vie
. .w
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2. . . . . . . . .
1 .1. Defining the P uppet Workflow
2
1 .2. Using P uppet on Satellite 6
2
. .hapt
C
. . . .e.r. 2.
. . Building
. . . . . . . .Puppe
. . . . . .t.Mo
. . .dule
. . . .s.f.r.o.m
. .Sc
. .r.at
. .c.h. . . . . . . . . . . . . . . . . . . . . . . . . . . . .3. . . . . . . . .
2.1. Exam ining the Anatom y of a P uppet Module
3
2.2. Setting up a P uppet Developm ent System
4
2.3. Generating a New Module Boilerplate
4
2.4. Installing a HTTP Server
5
2.5. Running the HTTP Server
6
2.6. C onfiguring the HTTP Server
7
2.7. C onfiguring the Firewall
9
2.8. C onfiguring SELinux
10
2.9. C opying a HTML file to the Web Host
2.10. Finalizing the Module
11
13
. .hapt
C
. . . .e.r. 3.
. . Adding
. . . . . . .Puppe
. . . . . .t .Mo
. . dule
....s
. .t.o. Re
. . .d. Hat
. . . .Sat
. . .e.llit
..e
. .6. . . . . . . . . . . . . . . . . . . . . .14
..........
3 .1. C reating a C ustom P roduct
14
3 .2. C reating a P uppet Repository in a C ustom P roduct
14
3 .3. Uploading a P uppet Module to a Repository
15
3 .4. Rem oving a P uppet Module from a Repository
15
3 .5. Adding P uppet Modules from a Git Repository
15
3 .6. P ublishing a C ontent View
17
3 .7. C onfiguring Sm art Variables from P uppet C lasses
18
. .hapt
C
. . . .e.r. 4. .. Clie
. . . .nt
. . and
. . . .Se
. . r.ve
. . r. Se
. . .t.t ings
. . . . .f .o.r.Co
. . nf
. . igur
. . . .at
. .io
. .n. Manage
. . . . . . .me
. . .nt
. . . . . . . . . . .21
..........
4 .1. C onfiguring P uppet on the Red Hat Satellite Server
21
4 .2. C onfiguring P uppet agent on P rovisioned System s
21
. .hapt
C
. . . .e.r. 5.
. . Applying
. . . . . . . . Co
. . .nf
. .igur
. . . at
. . io
. .n. .o.n. Clie
. . . .nt
. .s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23
..........
5.1. Applying C onfiguration on C lients During P rovisioning
23
5.2. Applying C onfiguration to Existing C lients
24
. .hapt
C
. . . .e.r. 6. .. Re
. . .vie
. . wing
. . . . .Puppe
. . . . . .t .Re
. . po
. . r. t. s. .in
. .Re
. .d. .Hat
. . . Sat
. . . e. llit
. . .e. 6
. . . . . . . . . . . . . . . . . . . .27
..........
. .ppe
A
. . .ndix
. . . . A.
. . Re
. . .vis
. . io
. .n. His
. . . t. o. r. y. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28
..........
Puppe t Guide
Chapt er 1. Overview
Puppe t is a tool for applying and managing s ys te m configurations . Puppe t colle cts s ys te m
information, or facts , and us e s this information to cre ate a cus tomiz e d s ys te m
configuration us ing a s e t of module s . The s e module s contain parame te rs , conditional
argume nts , actions , and te mplate s . Puppe t is us e d as e ithe r a local s ys te m command line
tool or in a clie nt-s e rve r re lations hip whe re the s e rve r acts as the Puppe t mas te r and
applie s configuration to multiple clie nt s ys te ms us ing a Puppe t age nt. This provide s a way
to automatically configure ne wly provis ione d s ys te ms , e ithe r individually or
s imultane ous ly to cre ate a s pe cific infras tructure .
Puppe t Guide
Plugins allow for as pe cts that e xte nd be yond the core functionality of Puppe t. For
e xample , you can us e plugins to de fine cus tom facts , cus tom re s ource s , or ne w
functions . For e xample , a databas e adminis trator might ne e d a re s ource type for
Pos tgre SQL databas e s . This could he lp the databas e adminis trator populate
Pos tgre SQL with a s e t of ne w databas e s afte r ins talling Pos tgre SQL. As a re s ult,
the databas e adminis trator ne e d only cre ate a Puppe t manife s t that e ns ure s
Pos tgre SQL ins talls and the databas e s are cre ate d afte rwards .
Plugins are locate d in the lib dire ctory of a module . This include s a s e t of
s ubdire ctorie s de pe nding on the plugin type . For e xample :
/lib/facter - Location for cus tom facts .
/lib/puppet/type - Location for cus tom re s ource type de finitions , which
outline the ke y-value pairs for attribute s .
/lib/puppet/provider - Location for cus tom re s ource provide rs , which are
us e d in conjunction with re s ource type de finitions to control re s ource s .
/lib/puppet/parser/functions - Location for cus tom functions .
Impo rtant
The puppet module generate command re quire s module-name take the format of
[username]-[module] to comply with Puppe t Forge s pe cifications . Howe ve r, to te s t
our tutorial module and us e it with Sate llite 6 we ne e d to re name the module
dire ctory without the [username]. For e xample , for dmacpher-mymodule you would
run:
# puppet module generate dmacpher-mymodule
# mv dmacpher-mymodule mymodule
Whe n the module ge ne ration proce s s comple te s , the ne w module s contains s ome bas ic
file s , including a manifests dire ctory. This dire ctory alre ady contains a manife s t file calle d
init.pp, which is the module 's main manife s t file . Vie w the file to s e e the e mpty clas s
de claration for the module :
class mymodule {
}
The module als o contains a tests dire ctory containing a manife s t als o name d init.pp.
This te s t manife s t contains a re fe re nce to the mymodule clas s within manifests/init.pp:
include mymodule
Puppe t will us e this te s t manife s t to te s t our module .
We are now re ady to add our s ys te m configuration to our module .
Puppe t Guide
This code de fine s a s ubclas s of mymodule calle d httpd, the n de fine s a package re s ource
de claration for the httpd package . The ensure => installed attribute te lls Puppe t to
che ck if the package is ins talle d. If it is not ins talle d, Puppe t e xe cute s yum to ins tall it.
We als o ne e d to include this s ubclas s in our main manife s t file . Edit the init.pp manife s t:
class mymodule {
include mymodule::httpd
}
It is now time to te s t the module . Run the following command:
# puppet apply mymodule/tests/init.pp --noop
The puppet apply command applie s the configuration in the manife s t to your s ys te m. We
us e the te s t init.pp manife s t, which re fe rs to the main init.pp manife s t. The --noop
pe rforms a dry-run of the configuration, which s hows only the output but doe s not actually
apply the configuration. The output s hould re s e mble the following:
Notice: Compiled catalog for puppet.example.com in environment
production in 0.59 seconds
Notice: /Stage[main]/Mymodule::Httpd/Package[httpd]/ensure:
current_value absent, should be present (noop)
Notice: Class[Mymodule::Httpd]: Would have triggered 'refresh' from 1
events
Notice: Stage[main]: Would have triggered 'refresh' from 1 events
Notice: Finished catalog run in 0.67 seconds
The highlighte d line is the re s ult of the ensure => installed attribute . The
current_value absent me ans that Puppe t has de te cte d the httpd package is not
ins talle d. Without the --noop option, Puppe t would ins tall the httpd package .
The enable => true attribute s e ts the s e rvice to run whe n the s ys te m boots .
The require => Package["httpd"] attribute de fine s an orde ring re lations hip be twe e n
one re s ource de claration and anothe r. In this cas e , it e ns ure s the httpd s e rvice s tarts
afte r the httpd package ins talls . This cre ate s a de pe nde ncy be twe e n the s e rvice and
its re s pe ctive package .
Run the puppet apply command again to te s t the change s to our module :
# puppet apply mymodule/tests/init.pp --noop
Notice: Compiled catalog for puppet.example.com in environment
production in 0.56 seconds
Notice: /Stage[main]/Mymodule::Httpd/Package[httpd]/ensure:
current_value absent, should be present (noop)
Notice: /Stage[main]/Mymodule::Httpd/Service[httpd]/ensure:
current_value stopped, should be running (noop)
Notice: Class[Mymodule::Httpd]: Would have triggered 'refresh' from 2
events
Notice: Stage[main]: Would have triggered 'refresh' from 1 events
Notice: Finished catalog run in 0.41 seconds
The highlighte d line is the re s ult of our ne w re s ource de finition for the httpd s e rvice .
Puppe t Guide
No te
The warning for the hiera.yaml file is s afe to ignore .
The highlighte d line s s how the cre ation of the configuration file and our we b hos t dire ctory
Puppe t Guide
Impo rtant
This configuration s e rve s only as an e xample of us ing conditional s tate me nts . If you
aim to manage multiple fire wall rule s for your s ys te m in the future , it is
re comme nde d to cre ate a cus tom re s ource for fire walls . It is inadvis able to us e
e xe cutable re s ource s to cons tantly chain many Bas h commands .
10
11
Puppe t Guide
<html>
<head>
<title>Congratulations</title>
<head>
<body>
<h1>Congratulations</h1>
<p>Your puppet module has correctly applied your configuration.</p>
</body>
</html>
Cre ate manife s t name d app.pp in the manifests dire ctory. Add the following conte nt to
this file :
class mymodule::app {
file { "/var/www/myserver/index.html":
ensure => file,
mode
=> 755,
owner => root,
group => root,
source => "puppet:///modules/mymodule/index.html",
require => Class["mymodule::httpd"],
}
}
This ne w clas s contains a s ingle re s ource de claration. This de claration copie s a file from
the module 's file dire ctory from the Puppe t s e rve r to the s ys te m and s e ts its
pe rmis s ions . Additionally, the require attribute e ns ure s the mymodule::http clas s
comple te s configuration s ucce s s fully be fore we apply mymodule::app.
Finally, include this ne w manife s t in our main init.pp manife s t:
class mymodule {
include mymodule::httpd
include mymodule::app
}
Run the puppet apply command again to te s t the change s to our module . The output
s hould re s e mble the following:
# puppet apply mymodule/tests/init.pp --noop
Warning: Config file /etc/puppet/hiera.yaml not found, using Hiera
defaults
Notice: Compiled catalog for puppet.example.com in environment
production in 0.66 seconds
Notice: /Stage[main]/Mymodule::Httpd/Exec[iptables]/returns:
current_value notrun, should be 0 (noop)
Notice: /Stage[main]/Mymodule::Httpd/Package[policycoreutilspython]/ensure: current_value absent, should be present (noop)
Notice: /Stage[main]/Mymodule::Httpd/Service[iptables]: Would have
triggered 'refresh' from 1 events
Notice: /Stage[main]/Mymodule::Httpd/File[/var/www/myserver]/ensure:
current_value absent, should be directory (noop)
Notice: /Stage[main]/Mymodule::Httpd/Package[httpd]/ensure:
current_value absent, should be present (noop)
Notice:
12
/Stage[main]/Mymodule::Httpd/File[/etc/httpd/conf.d/myserver.conf]/ensur
e: current_value absent, should be file (noop)
Notice: /Stage[main]/Mymodule::Httpd/Exec[semanage-port]/returns:
current_value notrun, should be 0 (noop)
Notice: /Stage[main]/Mymodule::Httpd/Service[httpd]/ensure:
current_value stopped, should be running (noop)
Notice: Class[Mymodule::Httpd]: Would have triggered 'refresh' from 8
events
Notice:
/Stage[main]/Mymodule::App/File[/var/www/myserver/index.html]/ensure:
current_value absent, should be file (noop)
Notice: Class[Mymodule::App]: Would have triggered 'refresh' from 1
events
Notice: Stage[main]: Would have triggered 'refresh' from 2 events
Notice: Finished catalog run in 0.74 seconds
The highlighte d line s hows the re s ult of the index.html file be ing copie d to the we bhos t.
13
Puppe t Guide
14
The cus tom product now contains a re pos itory to s tore our Puppe t module s .
No te
You can als o ins tall the pulp-puppet-module-builder tool on othe r machine s us ing
the pulp-puppet-tools package .
One common me thod is to run the utility on the Sate llite 6 s e rve r its e lf and publis h to a
local dire ctory.
15
Puppe t Guide
16
http://webserver.example.com/modules/
8. Click Save.
9. Click Sync Now to s ynchroniz e the re pos itory.
The Puppe t module s in the Git re pos itory are now include d in your Sate llite 6 s e rve r.
17
Puppe t Guide
18
include :
8120
-8120
8.12
Array
The value is inte rpre te d and validate d as a JSON or YAML array. For
e xample :
["Monday","Tuesday","Wednesday","Thursday","Friday"]
Hash
The value is inte rpre te d and validate d as a JSON or YAML has h map. For
e xample :
{"Weekdays":
["Monday","Tuesday","Wednesday","Thursday","Friday"],
"Weekend": ["Saturday","Sunday"]}
YAML
The value is inte rpre te d and validate d as a YAML file . For e xample :
email:
delivery_method: smtp
smtp_settings:
address: smtp.example.com
port: 25
domain: example.com
authentication: none
JSON
The value is inte rpre te d and validate d as a JSON file . For e xample :
{
"email":[
{
"delivery_method": "smtp"
"smtp_settings": [
{
"address": "smtp.example.com",
"port": 25,
"domain": "example.com",
"authentication": "none"
}
]
}
]
}
For this e xample , le ave the de fault as 8120.
19
Puppe t Guide
5. Se le cting the Override option als o e xpos e s Optional Input Validator, which
provide s validation for the ove rridde n value . For e xample , we can include a re gular
e xpre s s ion to make s ure httpd_port is a nume rical value . For our e xample , le ave
this s e ction blank.
6. Se le cting the Override option als o e xpos e s Override Value For Specific
Hosts, which de fine s a hie rarchical orde r of s ys te m facts and a s e t of matche rvalue combinations . The matche r-value combinations de te rmine the right
parame te r to us e de pe nding on an e valuation of the s ys te m facts . For our
e xample , le ave this s e ction with the de fault s e ttings .
7. Click Submit.
We now have a s mart variable for httpd_port. We can s e t a value for this s mart variable
at e ithe r a Hos t Group le ve l or at a Hos t le ve l.
20
manifest
=
/etc/puppet/environments/$environment/manifests/site.pp
modulepath
= /etc/puppet/environments/$environment/modules
config_version =
This s e ction contains variable s (s uch as $environment) that Sate llite 6 us e s to cre ate
configuration for diffe re nt e nvironme nts .
Some Puppe t configuration options appe ar in the Sate llite 6 UI. Navigate to Administ er
Set t ings and choos e the Puppet s ubtab. This page lis ts a s e t of Puppe t configuration
options and a de s cription of e ach.
=
=
=
=
true
true
true
false
21
Puppe t Guide
ca_server
certname
environment
server
=
=
=
=
<%=
<%=
<%=
<%=
@host.puppet_ca_server %>
@host.certname %>
@host.environment %>
@host.puppetmaster %>
22
23
Puppe t Guide
Impo rtant
The puppet package is part of the Re d Hat Sate llite 6 Tools re pos itory. Ens ure you
e nable this re pos itory be fore you proce e d.
24
# chkconfig puppet on
B. On Re d Hat Ente rpris e Linux 7:
# systemctl enable puppet
Pro cedure 5.3. Co nf iguring t he Puppet Agent
1. Configure the Puppe t age nt by changing the /etc/puppet/puppet.conf file :
# vi /etc/puppet/puppet.conf
[main]
# The Puppet log directory.
# The default value is '$vardir/log'.
logdir = /var/log/puppet
# Where Puppet PID files are kept.
# The default value is '$vardir/run'.
rundir = /var/run/puppet
# Where SSL certificates are kept.
# The default value is '$confdir/ssl'.
ssldir = $vardir/ssl
[agent]
# The file in which puppetd stores a list of the classes
# associated with the retrieved configuratiion. Can be loaded
in
# the separate ``puppet`` executable using the ``-loadclasses``
# option.
# The default value is '$confdir/classes.txt'.
classfile = $vardir/classes.txt
pluginsync = true
report = true
ignoreschedules = true
daemon = false
ca_server = satellite.example.com
server = satellite.example.com
environment = KT_Example_Org_Library_RHEL6Server_3
# Where puppetd caches the local configuration. An
# extension indicating the cache format is added
automatically.
# The default value is '$confdir/localconfig'.
localconfig = $vardir/localconfig
25
Puppe t Guide
Impo rtant
Se t the environment parame te r to the hos t's Puppe t e nvironme nt from the
Sate llite s e rve r. The Puppe t e nvironme nt labe l contains the organiz ation
labe l, life cycle e nvironme nt, conte nt vie w name , and the conte nt vie w ID. To
s e e a lis t of Puppe t e nvironme nts in the Sate llite 6 we b UI, navigate to
Co nf igure Enviro nment s.
2. Run the Puppe t age nt on the hos t:
# puppet agent -t --server satellite.example.com
3. Sign the SSL ce rtificate for the puppe t clie nt through the Sate llite Se rve r we b
inte rface :
a. Log in to the Sate llite Se rve r through the we b inte rface .
b. Se le ct Inf rast ruct ure Capsules.
c. Click Certificates to the right of the re quire d hos t.
d. Click Sign.
e . Re run the puppet agent command:
# puppet agent -t --server satellite.example.com
No te
Whe n the Puppe t age nt is configure d on the hos t it will be lis te d unde r All Hosts
but only whe n Any Context is s e le cte d as the hos t will not be as s igne d to an
organiz ation or location.
26
27
Puppe t Guide
Hayley Hudgeo ns
Revisio n 1.1-1
Wed Aug 26 20 15
Dan Macpherso n
Adde d Puppe t Module Re moval ins tructions
Adde d Puppe t Age nt ins tallation and configuration for e xis ting hos ts
Revisio n 1.0 -2
T ue Jul 14 20 15
Re build for te chnical re vie w.
David O'Brien
Revisio n 1.0 -1
6.1 Public Be ta re le as e .
Sun Jun 14 20 15
David O'Brien
Revisio n 1.0 -0
Initial cre ation of book
Fri Jun 12 20 15
Dan Macpherso n
28