Puppet

🌐 puppet.com

Learning

• Tasks:
  • Identify differences between Embedded Puppet (EPP) and Embedded Ruby (ERB) and related best practices
    • Language: Using templates
      • Language: Embedded Puppet (EPP) template syntax
  • Puppet DB
    • PuppetDB 5.1: Installing PuppetDB via Puppet module
    • puppetlabs/puppetdb
  • Review Puppet API (provided by Puppet server)
    • Puppet HTTP API: Index
    • Puppet's Services: Puppet Server
    • Puppet Server: HTTP Client Metrics
    • A Better Puppetmaster Healthcheck
    • Telerik Fiddler The free web debugging proxy for any browser, system or platform
    • Puppet Server: Status API: Services
• Pages to read:
  • Custom Types
  • Puppet Cheat Sheet
  • Configuring a Puppet Master Server with Passenger and Apache
    • Puppet's services: The WEBrick Puppet master
  • Puppet Management GUI Comparison
  • Building a highly available ELK solution with Puppet, Part III: Elasticsearch backend

Learn

Puppet is a solution to automate the management of an infrastructure, it is an open source product with an important community. Current version is 6.3 (February 2019). An enterprise edition is available with additional features that ease the use of the solution.

Entry points:

• Puppet documentation
• Puppet training
• Presentation Dojo devpro

Architecture

Puppet is relying on the agent-master pattern:

1. An agent node sends a requests (with facts) to the master and asks for the desired state (catalog)
2. The master checks the node is known (and the communication is secured with HTTPS/certificate) and sends back the catalog based on its data repository (including the code to achieve the different configurations)
3. The agent applies the catalog and reports back the result of the actions

The Puppet master is also known as the puppetserver.

Modules

Puppet Forge

Puppet is modular by design, first step is to look at existing modules for your needs (NB: don't reinvent the wheel and keep you code on added value). Module repository is Puppet forge at forge.puppet.com.

Interesting modules:

• puppetlabs/stdlib: Standard library of resources for Puppet modules (code)
• puppet-archive: Compressed archive file download and extraction with native types/providers for Windows and Unix
• puppet-download_file
• puppetlabs-acl
• puppet-dotnet: Module to manage the Microsoft .NET framework
• puppet-windows_env
• puppetlabs-powershell
• puppetlabs-registry
• puppetlabs-iis: Manage IIS for Windows Server 2008R2, 2012 and 2012R2. Maintain application sites, pools, installation, and many other IIS settings

Module creation

• Module fundamentals
• Roles and profiles, a concrete example by Puppet (intro, example, profiles)

Pipeline

• Continuous Deployment with Jenkins

PDK (Puppet Development Kit)

• Welcome to Puppet Development Kit
• A guide to converting a module with PDK

Bolt

• Welcome to Bolt
• Check out the latest in Puppet Bolt

Tasks

• Puppet tasks
• Easily automate ad hoc work with new Puppet Tasks

r10k

• puppetlabs/r10k
• Managing code with r10k

Training

• Puppet (Course Catalog)
  • Self-paced Training

Azure

• Azure Marketplace Image User Guide

Usecases

• Using Node-Side Secrets with Puppet

Docker

• puppetlabs/pupperware
  • On Windows, edit the two files:

# docker-compose.override.yml
version: '3.5'

# docker-compose.yml
version: '3.5'
services:
   puppet:
     volumes:
       - /d/Projects/bthomas/opensource/pupperware/volumes/code:/etc/puppetlabs/code/
   networks:
     - proxynet

   postgres:
     ports:
       - 5432:5432
     networks:
       - proxynet

   puppetdb:
     hostname: puppetdb
     depends_on:
       - postgres
       - puppet
     networks:
       - proxynet

networks:
  proxynet:
    name: custom_network

Practice

• devpro/puppet-training-beginner

Unit testing

Documentation

• RSPEC-PUPPET
• puppetlabs/puppetlabs_spec_helper

Files

• .fixture.yml file is where you can declare dependencies with other modules

  ---
  fixtures:
    forge_modules:
      stdlib: "puppetlabs/stdlib"
    symlinks:
      profile: "#{source_dir}/../../site/profile"

Puppet agent

Installation on Windows

Go to Download page and select the version that you need (puppet-agent-x64-latest.msi for example).

# install the puppet agent
msiexec /qn /norestart /i path\to\puppet-agent-5.X.Y-x64.msi PUPPET_MASTER_SERVER=mypuppetmastername /l*v C:\msipuppetlog.txt
# follow the progress with C:\msipuppetlog.txt (with baretail for example), it takes severals seconds, the file should end with:
# MSI (c) (C8:DC) [10:40:39:503]: MainEngineThread is returning 0
sc config "puppet" start= disabled
sc stop "puppet"

Configuration files (Windows)

File path	Details
C:\Windows\System32\drivers\etc\hosts	Host file
C:\Users\xxxxxxx\.gitconfig	Git configuration file
C:\ProgramData\PuppetLabs\puppet\etc\puppet.conf	Puppet agent configuration file
C:\ProgramData\PuppetLabs\puppet\etc\ssl	Puppet client ssl

Directory structure (Windows)

• C:\ProgramData\PuppetLabs\code\environments: local copy of environment files

Agent commands

# launch manually the puppet agent
puppet agent --test

# launch locally puppet code (no puppet server needed), see https://puppet.com/docs/puppet/5.3/man/apply.html
puppet apply --modulepath="modules;site" --hiera_config="hiera.yaml" .\manifests\site.pp

# display active configuration
puppet config print

# get information on the machine the way Puppet does
facter

# facts ([man page](https://puppet.com/docs/puppet/5.3/man/facts.html))
puppet facts

# retrieve modules from the [Puppetfile](https://github.com/puppetlabs/r10k/blob/master/doc/puppetfile.mkd)
r10k puppetfile install -v

# PDK command lines
pdk new module
pdk new class mymodule
pdk new class mymodule::myfolder::myclass
pdk validate
pdk test unit

# list all installed applications
puppet resource package
# list of defined services and their status
puppet resource service

# display fact path
puppet agent --configprint factpath

Puppet server

It is also known as Puppet master..

Server commands (CentOS)

# start puppet server
service puppetserver start
# systemctl start puppetserver.service

# get puppet server service info
service puppetserver status
# shortcut for systemctl status puppetserver.service

# stop puppet server
service puppetserver stop
# systemctl stop puppetserver.service

# get logs from system journal
journalctl -xe

# get puppet agent service info
service puppet status

# executes r10k ([usage](https://github.com/puppetlabs/r10k/blob/master/doc/dynamic-environments/usage.mkd))
cd /etc/puppetlabs/r10k
sudo /opt/puppetlabs/puppet/bin/r10k deploy environment --puppetfile

# list certificates to be validated
sudo /opt/puppetlabs/puppet/bin/puppet cert list

# sign a certificate
sudo /opt/puppetlabs/puppet/bin/puppet cert sign xxxxxx

# follow logs in real time
tail -f /var/log/puppetlabs/puppetserver/puppetserver.log
tail -f /var/log/puppetlabs/puppetserver/puppetserver-access.log

Configuration files (doc)

File path	Details
/etc/sysconfig/puppetserver	Puppet server configuration file
/etc/puppetlabs/puppetserver/conf.d/auth.conf	Puppet serveur auth configuration file (doc)
/etc/puppetlabs/puppet/puppet.conf	Puppet agent configuration file
/etc/puppetlabs/puppet/hiera.yaml	Hiera configuration file (doc)
/etc/puppetlabs/r10k/r10k.yaml	r10k configuration

Directory structure

• /etc/puppetlabs: base path
• /etc/puppetlabs/code: Puppet code managed by git, this is where r10k will
• /etc/puppetlabs/code/environments: Definition per environment, this is where r10k will create folders per git repository branches (production, staging, etc.)
• /etc/puppetlabs/puppet: Puppet Agent configuration
• /etc/puppetlabs/puppetserver: PuppetServer configuration
• /etc/puppetlabs/puppetserver/conf.d: Settings (see Puppet Server Configuration)
• /etc/puppetlabs/r10k: r10k configuration
• /opt/puppetlabs: Internal Puppet stuff, binaries, etc
• /var/log/messages: Puppet Agent logs
• /var/log/puppetlabs: Other logging
• /tmp: Used by the installer (issues if set ‘noexec’)

You can read Magic directories: a guide to Puppet directory structure.

Terminology

• r10k puppet.com