Puppet
"Puppet is an open-source configuration management tool. It runs on many Unix-like systems as well as on Microsoft Windows, and includes its own declarative language to describe system configuration." - https://en.wikipedia.org/wiki/Puppet_(software)
Videos and links
- Overview of Puppet's architecture
- Puppet Documentation Index
- Introduction to Puppet
- Function Reference
- stdlib is another good function reference.
- Language: Basics
- Include-like vs. resource-like class instantiation
- Style Guide
- Vagrant Docs - Puppet Apply Provisioner
- Downloads
- PuppetConf 2015
- Designing Puppet: Roles/Profiles Pattern - based on the blog post Designing Puppet - Roles and Profiles
- Building a Functional Puppet Workflow Part 2: Roles and Profiles
- Configuration Management as Legos
Examples
Standalone mode
puppet apply /path/to/manifestsworks, or you can specify a .pp file
Show variables about the host that puppet knows (facts)
facter
Show how puppet interacts with a resource
puppet describe cron
Show available puppet types
puppet resource --types
Show the puppet code that will create a resource
$ puppet resource file /etc/hosts
file { '/etc/hosts':
ensure => 'file',
content => '{md5}9ffbd726fd5b15de760cc0150d607628',
ctime => 'Wed Apr 01 17:05:59 -0700 2015',
group => '0',
mode => '644',
mtime => 'Wed Apr 01 17:05:59 -0700 2015',
owner => '0',
type => 'file',
}
Tests
Marionette Collective
"The Marionette Collective, also known as MCollective, is a framework for building server orchestration or parallel job-execution systems. Most users programmatically execute administrative tasks on clusters of servers." - http://docs.puppetlabs.com/mcollective/
- Overview of MCollective Components and Configuration
- Invoking MCollective actions
- Cheatsheet: https://coderwall.com/p/ig9mxa/mcollective-mco-cheat-sheet
- Vagrant demo: https://github.com/ripienaar/mcollective-vagrant
mco
Show some puppet cluster stats
mco puppet summary
mco puppet count
mco puppet status
Find a random node in the cluster
mco find -1
Ping all nodes in the puppet cluster
mco ping
Show if a file exists on each host in the cluster
mco filemgr -f /srv/nginx status
Use fstat and md5 to detect files needing repair
mco find -S "fstat('/srv/somedir/somefile').md5=/af6db18c6dfa81c294895003e13a2eef/" > files_needing_attention.txt
pssh -h files_needing_attention.txt) 'do_something_to_the_file'
Use fstat to find hosts where a directory has not been modified recently
mco find -S "fstat('/srv').mtime_seconds<$(date +%s -d '-8 hours')"
Show stats about which OSes you have
mco facts lsbdistdescription
Show all ip addresses on all hosts where a configured IP address matches a regex
mco facts all_ipaddresses -F 'all_ipaddresses=~10\.(56|29)\.'
Show a report about uptimes over a year
mco facts uptime -F 'uptime_days>365' |
awk '$2 == "days" {print}' |
sort -n -k1 |
column -t
Find machines where a fact is true
mco find is_ec2
Which is the same as
mco find -W is_ec2=true
Find machines that have a certain fact value
mco find --with-fact lsbdistcodename=lucid
Show a fact on machines that have a specific fact value
mco facts role --with-fact lsbdistcodename=lucid -v
Find ec2 hosts with low uptime
mco find -W 'is_ec2=true uptime_seconds<7200'
Show detailed info about a node
mco inventory fqdn.example.com
Find nodes that match a config management class
mco find -C role::awsadmin
Show the classes for a given host
sort /var/lib/puppet/state/classes.txt
Kick off a puppet run on all hosts of a certain class
The following two syntaxes are essentially the same, using the same puppet agent of mco. The only differences are the use of runall vs runonce, and the method that performs parallel execution. I'm not sure what difference there is in the code path.
mco rpc -C "class_boolean" -F "fact_name=fact_value" --batch 10 --agent puppet --action runonce
mco puppet -C "class_boolean" -F "fact_name=fact_value" runall 10
Show the status and puppet policy about a package on all hosts
mco rpc package status package=openssh-client --discovery-timeout 60 --json
Upgrade an installed package on 10 random web hosts
This upgrades, but does not install if the package is not already present.
mco package update 'nginx' -I '/web/' --limit=10
Show breakdown of hosts by OS version by role
mco facts -v --wc role::mon lsbdistdescription
Use mco to find packages of a certain version on a certain OS
mco rpc package status package=apt -j -F lsbdistcodename=trusty > cache.json
jq -c '.[] | select(.data.ensure == "1.0.1ubuntu2") | { version: .data.ensure, hostname: .sender }' cache.json
Hiera
"Hiera is a key/value lookup tool for configuration data, built to make Puppet better and let you set node-specific data without repeating yourself." - http://docs.puppetlabs.com/hiera/latest/
- https://github.com/puppetlabs/hiera
- http://www.craigdunn.org/2011/10/puppet-configuration-variables-and-hiera/
r10k
The suggested workflow for puppet is to use r10k on a control repo to manage the modules on your puppetmaster and the environments it provides. The general idea is that each module is represented by a puppetforge module name or a git repo listed inside of the ambiguously named Puppetfile. When r10k puppetfile install -v is run, all modules listed in this file are installed according to their definitions, and all modules that are not in this file are purged. Also, r10k will set up environments based on the git branches of the control repo. This workflow is described in detail at Managing and deploying Puppet code. It assumes you are not using a puppet apply type setup, which makes this difficult to follow for people who are playing with this at home in a non-puppetmaster scenario, such as in vagrant or on raspberry pi's.