Date published 

 

“Kama is the enjoyment of appropriate objects by the five senses of hearing, feeling, seeing Kama Sutra. Step by step Packt Publishing Puppet Reporting and. Extending Puppet Second Edition - [Free] Extending Puppet Second Edition [PDF ] [EPUB] This book provides you with the knowledge you. A clear, updated, practical, and focused view of the current state of the technology and the evolution of Puppet is what we need to tackle our IT.

Author:LIANE MAERTENS
Language:English, Spanish, Arabic
Country:Netherlands
Genre:Business & Career
Pages:387
Published (Last):23.07.2016
ISBN:582-3-36699-692-4
Distribution:Free* [*Registration needed]
Uploaded by: MAYRA

55086 downloads 102800 Views 31.64MB PDF Size Report


Extending Puppet Pdf

Get Free Read & Download Files Extending Puppet PDF. EXTENDING PUPPET. Download: Extending Puppet. EXTENDING PUPPET - In this site isn`t the. extending puppet in pdf format, then you've come to loyal site. we furnish utter edition of this pdf, djvu, epub, doc formats. extending puppet second edition pdf . approaches to extending puppet second edition pdf - theviralthread alessandro franceschi extending puppet in pdf format, in that case you come on to the.

Design, manage, and deploy your Puppet architecture with the help of real-world scenarios In Detail Puppet has changed the way we manage our systems, but Puppet itself is changing and evolving, as are the ways in which we use it. A clear, updated, practical, and focused view of the current state of the technology and the evolution of Puppet is what we need to tackle our IT infrastructure challenges and avoid common errors when designing our architectures. This is a detailed, practical book that covers the different components of the Puppet ecosystem and explores how to use them to deploy and manage different kinds of IT infrastructures. Updated with the most recent trends and best practices, this book gives you a clear view on how to "connect the dots" and expands your understanding to successfully use and extend Puppet. What You Will Learn Use Puppet to manage network, cloud, and virtualization devices Become a Hiera and PuppetDB power user Study the different approaches to Puppet architecture design Master the art of writing and maintaining reusable modules Explore strategies and patterns on how to introduce Puppet automation Manage and test a Puppet code workflow Design scalable Puppet infrastructures Downloading the example code for this book. Table of Contents.

It will help you utilize Puppet to manage your IT infrastructure. Get to grips with Hiera and learn how to install and configure it, before learning best practices for writing reusable and maintainable code. You will also be able to explore the latest features of Puppet 4, before executing, testing, and deploying Puppet across your systems. As you progress, Extending Puppet takes you through higher abstraction modules, along with tips for effective code workflow management.

Finally, you will learn how to develop plugins for Puppet - as well as some useful techniques that can help you to avoid common errors and overcome everyday challenges.

What you will learn Learn the principles of Puppet language and ecosystem Extract the features of Hiera and PuppetDB's power usage Explore the different approaches to Puppet architecture design Use Puppet to manage network, cloud, and virtualization devices Manage and test the Puppet code workflow Tweak, hack, and adapt the Puppet extension points Get a run through of the strategies and patterns to introduce Puppet automation Master the art of writing reusable modules About the Author Alessandro Franceschi is a long time Puppet user, trainer, and consultant.

He started using Puppet in , automating a remarkable amount of customers' infrastructures of different sizes, natures, and complexities. He has attended several PuppetConf and PuppetCamps as both speaker and participant, always enjoying the vibrant and friendly community, each time learning something new. Over the years, he started to publish his Puppet code, trying to make it reusable in different scenarios.

The result of this work is the example42 Puppet modules and control repo, complete, feature rich, sample Puppet environment. In order to declare additional stage resources, follow the same consistent and simple declarative syntax of the puppet language: All classes associated with the last stage are to be managed after the classes associated with the main stage.

Please note that stage is not a metaparameter. Definitions Definitions follow the same basic form as classes, but they are introduced with the define keyword not class and they support arguments but no inheritance.

As mentioned previously, defines can be reused multiple times on the same system and take parameters. Suppose we want to create a define that creates source control repositories. We probably would want to create multiple repositories on the same system, so we would use a define, not a class.

This is a bit of technical knowledge, but as of Puppet 0. We can reference the values of those metaparameters using built-in variables. Classes vs. Definitions Classes and definitions are created similarly although classes do not accept parameters , but they are used very differently.

Definitions are used to define reusable objects which will have multiple instances on a given host, so they cannot include any resources that will only have one instance. For instance, multiple uses of the same define cannot create the same file.

Definitions would be used to manage resources like virtual hosts, of which you can have many, or to encode some simple information in a reusable wrapper to save typing. Modules You can and should! Modules are portable collections of configuration, for example a module might contain all the resources required to configure Postfix or Apache.

You can now specify relationships directly as statements in addition to the before and require resource metaparameters of previous versions: In this example, the ntp package and the ntp configuration file are related to each other and puppet may try to manage the configuration file before the package is even installed, which may not be the desired behavior. Chaining in this manner can provide some succinctness at the cost of readability. You can also specify relationships when resources are declared, in addition to the above resource reference examples: You can also specify a collection on either side of the relationship marker: This last feature is a very powerful stick, and you can considerably hurt yourself with it.

Nodes Having knowledge of resources, classes, defines, and modules gets you to understanding of most of Puppet. Node definitions look just like classes, including supporting inheritance, but they are special in that when a node a managed computer running the Puppet client connects to the Puppet master daemon, its name will be looked for in the list of defined nodes. The information found for the node will then be evaluated for that node, and then node will be sent that configuration.

Node names can be the short host name, or the fully qualified domain name FQDN. Some names, especially fully qualified ones, need to be quoted, so it is a best practice to quote all of them.

You can also specify that multiple nodes receive an identical configuration by separating each with a comma: What happens if there are multiple regular expressions or node definitions set in the same file?

Node Inheritance Nodes support a limited inheritance model. Like classes, nodes can only inherit from one other node: Default Nodes If you create a node named default, the node configuration for default will be used if no other node matches are found.

External Nodes In some cases you may already have an external list of machines and what roles they perform. This may be in LDAP, version control, or a database. You may also need to pass some variables to those nodes more on variables later.

In these cases, writing an External Nodes script can help, and that can take the place of your node definitions. See that section for more information. Puppet is not a programming language, it is a way of describing your IT infrastructure as a model.

This is usually quite sufficient to get the job done, and prevents you from having to write a lot of programming code. If you need to use those variables within a string, use double quotes, not single quotes. Single-quoted strings will not do any variable interpolation, double-quoted strings will. We recommend using single quotes for all strings that do not require variable interpolation. Use double quotes for those strings that require variable interpolation. Capitalization Capitalization of resources is used in two major ways: When overwriting the resource settings of a parent class from a subclass, use the uppercase versions of the resource names.

Using the lowercase versions will result in an error. See the inheritance section above for an example of this. Resource Defaults. As mentioned previously, using a capitalized resource with no title works to set the defaults for that resource.

Our previous example was setting the default path for command executions. Arrays As mentioned in the class and resource examples above, Puppet allows usage of arrays in various areas.

Puppet Best Practices

Arrays are defined in puppet look like this: A host resource with multiple aliases would look like this: Or, for example, if you want a resource to require multiple other resources, the way to do this would be like this: These hashes are defined like Ruby hashes using the form: It is possible to assign hashes to a variable like so: The primary difference is that you cannot change the value of a variable within a single scope, because that would rely on order in the file to determine the value of the variable.

Order does not matter in a declarative language. Doing so will result in an error: However you still can set the same variable in non-overlapping scopes. For example, to set top-level configuration values: Variable Scope Scoping may initially seem like a foreign concept, though in reality it is pretty simple.

A scope defines where a variable is valid. Unlike early programming languages like BASIC, variables are only valid and accessible in certain places in a program. Using the same variable name in different parts of the language do not refer to the same value. Classes, components, and nodes introduce a new scope.

Puppet is currently dynamically scoped, which means that scope hierarchies are created based on where the code is evaluated instead of where the code is defined. Qualified Variables Puppet supports qualification of variables inside a class.

This allows you to use variables defined in other classes. Variable qualification is dependent on the evaluation order of your classes. Class myclass must be evaluated before class anotherclass for variables to be set correctly. Facts as Variables In addition to user-defined variables, the facts generated by Facter are also available as variables. This allows values that you would see by running facter on a client system within Puppet manifests and also within Puppet templates.

Variable Expressions In Puppet 0. This operator allows you to find if the left operand is in the right one. The left operand must be a string, but the right operand can be: Please note, variables cannot be modified in the same scope because of the declarative nature of Puppet.

Puppet currently supports two types of conditionals: Case students do not return a value. Selectors do. That is the primary difference between them and why you would use one and not the other. Selectors are useful to specify a resource attribute or assign a variable based on a fact or another variable. In addition to any number of specified values, selectors also allow you to specify a default if no value matches. Selectors can also be used in variable assignment: Case statements, unlike selectors, do not return a value.

A common use for the case statement is to apply different classes to a particular node based on its operating system: As with selectors see above , regular expressions captures are also available. From version 2. More complex expressions combining arithmetric expressions with the Boolean operators and, or, or not are also possible: Virtual Resources See Virtual Resources. Virtual resources are available in Puppet 0. Virtual resources are resources that are not sent to the client unless realized.

The syntax for a virtual resource is: To realize that definition, you can use a collection: This is equivalent to using the realize function: The motivation for this feature is somewhat complicated; please see the Virtual Resources page for more information. This is described in detail on the Exported Resources page.

As with virtual resources, new syntax was added to the language for this purpose. Here is an example with exported resources that shares SSH keys between clients: This could be done differently so that the keys could be realized on different hosts. To actually work, the storeconfig parameter must be set to true in puppet. This allows configurations from client to be stored on the central server. The details of this feature are somewhat complicated; see the Exported Resources page for more information.

In Puppet releases prior to 0. Any word that the syntax uses for special meaning is a reserved word, meaning you cannot use it for variable or type names.

Extending Puppet | SpringerLink

Words like true, define, inherits, and class are all reserved. If you ever need to use a reserved word as a value, be sure to quote it.

Comments Puppet supports two types of comments: Puppet expressions can be composed of: Operator precedence The Puppet operator precedence conforms to the standard precedence in most systems, from highest to lowest: Here is another example shows the use of the! Those variables are valid only for the statements inside the braces of the if clause. Some functions can be used as a statement: The only exception to this is that the value of any Facter facts that have been sent to the master from your clients are also at your disposal.

See the Tools Guide for more information about these components. Importing Manifests Puppet has an import keyword for importing other manifests. Code in those external manifests should always be stored in a class or definition or it will be imported into the main scope and applied to all nodes.

Currently files are only searched for within the same directory as the file doing the importing.

By default, when a manifest fails to compile, the previously compiled version of the Puppet manifest is used instead. This behavior is governed by a setting in puppet. This may result in surprising behaviour if you are editing complex configurations. It might be used to configure Apache or a Rails module, or a Trac site or a particular Rails application. Modules are easily re-distributable. You could also have other directories containing a happy mix-and-match of version control checkouts in various states of development and production readiness.

Modules are available in Puppet version 0. Configuration There are two configuration settings that pertain to modules: Access control settings for the fileserver module modules in fileserver. The path configuration for that module is always ignored, and specifying a path will produce a warning. Sources of Modules To accommodate different locations in the file system for the different use cases, there is a configuration variable modulepath which is a list of directories to scan in turn. For some environments it might be worthwhile to consider extending the modulepath configuration item to contain branches checked out directly from version control, for example: While it might be desirable to allow module hierarchies, for now modules cannot be nested.

The module name site is reserved for local use and should not be used in modules meant for distribution. In Puppet versions prior to 0. Other directory names are unchanged. Each module must contain a init. This manifest file can contain all the classes associated with this module or additional. If adding additional. One of the things to be accomplished with modules is code sharing.

A module by nature should be self-contained: There are cases, however, where the module depends on generic things that most people will already have defines or classes for in their regular manifests.

Its init. Puppet 0. In versions 0. Note also that you can still access files in modules when using puppet instead of puppetd; just leave off the server name and puppetd will fill in the server for you using its configuration server as its file server and puppet will use its module path: All module searches are done within the modulepath, a colon-separated list of directories.

In most cases, searching files in modules amounts to inserting one of manifest, files, or templates after the first component into a path, i. For file references on the fileserver, a similar lookup is used so that a reference to puppet: This will only work if you do not have an explicit, for example autofs mount already declared in your fileserver.

You can apply some access controls to files in your modules by creating a modules file mount, which should be specified without a path statement, in the fileserver. This makes it possible to use the same module in a standalone puppet script by running puppet —modulepath path script.

Finally, template files are searched in a manner similar to manifests and files: This allows more-generic files to be provided in the templatedir and more-specific files under the module path see the discussion under Feature for the history here.

From version Puppet 0. This is called module autoloading. You can just include the module class or start using the definition. Note that the init. With namespaces, some additional magic is also available. If you define that class as autofs:: If you prefer to keep class autofs in a file named autofs. Generated Module Documentation If you decide to make your modules available to others and please do! Most importantly, make sure the dependencies on other defines and classes not in your module are clear.

You can find more detail at the Puppet Manifest Documentation page. See Also Distributing custom facts and types via modules: Puppet comes with both a client and server for copying files around. The file serving function is provided as part of the central Puppet daemon, puppetmasterd, and the client function is used through the source attribute of file objects: In release 0. Specifying a path to serve and a name for the path, clients may request by name instead of by path.

This provides the ability to conceal from the client unnecessary details like the local filesystem configuration. The format of the file is almost exactly like that of rsync, although it does not yet support the full functionality of rsync. The configuration file resembles INI files, but it is not exactly the same: Security There are two aspects to securing the Puppet file server: By default no access is allowed.

There are three ways to specify a class of clients who are allowed or denied access: If clients are not connecting to the Puppet file server directly, eg.

In this case it is probably best to restrict access based on the hostname, as explained above. Also in this case you will need to allow access to machine s acting as reverse proxy, usually Priority All deny statements are parsed before all allow statements, so if any deny statements match a host, then that host will be denied, and if no allow statements match a host, it will be denied.

You can also use CIDR-style notation: There are many variations on how to specify resources, multiple legal syntaxes, etc. These guidelines were developed at Stanford University, where complexity drove the need for a highly formalized and structured stylistic practice which is strictly adhered to by the dozen Unix admins who maintain over fifty 50 unique server models using over five hundred individual manifests and over one thousand 1, unique classes to maintain over four hundred servers and those numbers are growing constantly as nearly half the infrastructure remains to be migrated to Puppet.

With this much code and so many individuals contributing, it was imperative that every member of the team wrote Puppet manifests in a consistent and legible manner. Thus, the following Style Guide was created. For consistent look-and-feel of Puppet manifests across the community, it is suggested that Puppet users adhere to these stylistic guidelines. These guidelines are aimed to make large manifests as legible as possible, so the style aims to columnate and align elements as neatly as possible.

Not obvious in the above example is that the arrow is only aligned per resource. Therefore, the following is correct: For instance, the keyword exists as a value of the ensure attribute of a file resource should not be in double quotes. In contrast, the owner attribute of a file should have a value in double quotes as the owner will never be a native value.

Although Puppet supports unquoted resource names if they do not contain spaces, placing all names in double quotes allows for consistent look-and-feel. Observe the formatting in the example below: Also note that the last attribute-value pair ends with a semicolon. If all the file resources had only one attribute, the single line format could be used as below: Symlinks To make the intended behavior explicitly clear, the following is recommended as the correct way to specifiy symlinked files: It is derived from the best practices section of the Wiki and other sources.

It is intended to cover high-level best practices and may not extend into lower level details. Use Modules When Possible Puppet modules are something everyone should use. If you have an application you are managing, add a module for it, so that you can keep the manifests, plugins if any , source files, and templates together.

You can pick your favorite systems — popular choices include git and svn. Naming Conventions Node names should match the hostnames of the nodes. This means a machine belongs to a particular class of machine. For instance, a generic webserver would be a class.

You would include that class as part of any node that needed to be built as a generic webserver. That class would drop in whatever packages, etc, it needed to do.

Puppet Best Practices

They can be created using user supplied variables. For instance, to manage iptables, a defined type may wrap each rule in the iptables file, and the iptables configuration could be built out of fragments generated by those defined types. Usage of classes and defined types, in addition to the built-in managed types, is very helpful towards having a managable Puppet infrastructure.

Work In Progress This document is a stub. You can help Puppet by submitting contributions to it. The file type has a parameter recurse which can be used to synchronize the contents of a target directory recursively with a chosen source. But this is not the behaviour puppet will display. In fact the purge will silently fail. The answer is to use an exec resource with refreshonly set to true, such as in this case of telling bind to reload its configuration when it changes: By using the require parameter, we can create a dependency between the user tim and the group fearme.

The result is that user tim will not be created until puppet is certain that the fearme group exists. Any reasonable number of resources can be required in this way. You can see examples of how to do this in the Language Tutorial. However, a workaround is possible by using the generate function to call out to Ruby or Perl to perform the comparison, eg: Facter supports output of facts in YAML as well as to standard out.

You need to run: Can I check the syntax of my templates? ERB files are easy to syntax check. For a file mytemplate.

Can I use complex comparisons in if statements andvariables? Basic workflow items are covered in the main section of the documentation.

If you are not root then rerun the command with sudo: To correct the problem: Remove the entire SSL directory of the client machine: You can figure the problem out by manually verifying the certificate with openssl: If your set-up is such that the host name differs from the name in the Puppet server certificate, or there is any other SSL certificate negotiation problem, the SSL handshake between client and server will fail.

This can apparently happen if Ruby is not compiled with IPv6 support; see the mail thread for more details. This problem is caused by puppetmasterd not being able to read its ca certificate. This problem might occur up to 0. You can probably fix it for versions before 0. Having puppetmasterd start as the root user should fix the problem permanently until you can upgrade.

Why does Puppet keep trying to start a running service? The ideal way to check for a service is to use the hasstatus parameter, which calls the init script with the status parameter. This should report back to Puppet whether the service is running or stopped. Most commonly, the script will always blindly return 0, no matter what the actual service state is. There are two workarounds, and one fix. If you must deal with the scripts broken behavior as is, you can modify your resource to either use the pattern parameter to look for a particular process name, or the status parameter to use a custom script to check for the service status.

The fix is to rewrite the init script to use the proper exit codes. When rewriting them, or submitting bug reports to vendors or upstream, be sure to reference the LSB Init Script Actions standard. This has heavily been improved with 0. This is incredibly time consuming. Why is my external node configuration failing?

I get no errors by running the script by hand. Most of the time, if you get the following error when running you client warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run it is because of some invalid YAML output from your external node script. Check http: Sometimes these errors can be a little cryptic. Below is a list of common errors and their explanations that should help you trouble-shoot your manifests.

In this example, the colon: A variant looks like: You can also get the same error if you forget a comma. For instance, in this example the comma is missing at the end of line 3: However, since this is a reference to a class and a define, the define also needs to have a capital letter, so Classname:: Duplicate definition: In this contrived example, the system entry has been defined twice, so one of them needs removing. What most often happens, that the same resource is exported by two nodes.

Node inheritance is currently only really useful for inheriting static or self-contained classes, and is as a result of quite limited value. A workaround is to define classes for your node types - essentially include classes rather than inheriting them. Class Inheritance and Variable Scope The following would also not work as generally expected: To avoid the duplication of the template filename, it is better to sidestep the problem altogether with a define: Qualified variables might provoke alternate methods of solving this issue.

You can use qualified methods like: Could not retrieve catalog: The pluginsync feature will then synchronise the files and the new code will be loaded when both daemons are restarted. Dashboard can be used as an external node classification tool. Here you can learn how to install Dashboard. Obtain the source: Configure the database: Start the server: Import Reports optional: As a Rails application, Puppet Dashboard can be deployed in any server configuration that Rails supports.

Instructions for deployment via Phusion Passenger coming soon. Other databases coming soon. External Node Tool Puppet Dashboard functions as an external node tool. All nodes make a puppet-compatible YAML specification available for export. See the instructions here for more information about external nodes. About Puppet Dashboard is fairly self explanatory, if you have set it up using the Installation Instructions just visit port to start using it.

Puppet supports templates and templating via ERB, which is part of the Ruby standard library and is used for many other projects including Ruby on Rails.

Templates allow you to manage the content of template files, for example configuration files that cannot yet be managed directly by a built-in Puppet type. This might include an Apache configuration file, Samba configuration file, etc. Evaluating templates Templates are evaluated via a simple function: Best practices indicates including the template in the templates directory inside your Module.

Templates are always evaluated by the parser, not by the client. This means that if you are using puppetmasterd, then the templates only need to be on the server, and you never need to download them to the client. This also means that any client-specific variables facts are learned first by puppetmasterd during the client start-up phase, then those variables are available for substitution within templates.

Using templates Here is an example for generating the Apache configuration for Trac sites: If the variable you are accessing is an array, you can iterate over it in a loop. Given Puppet manifest code like this: Some stuff with val1 Some stuff with val2 Some stuff with otherval Note that normally, ERB template lines that just have code on them would get translated into blank lines.

This is because ERB generates newlines by default. Conditionals The ERB templating supports conditionals. The following construct is a quick and easy way to conditionally put content into a file: This snippet will print all the tags defined in the current scope: However, resources can be specified in a way that marks them as virtual, meaning that they will not be sent to the client by default. You mark a resource as virtual by prefixing to the resource specification; for instance, the following code defines a virtual user: How This Is Useful Puppet enforces configuration normalization, meaning that a given resource can only be specified in one part of your configuration.

For most cases, this is fine, because most resources are distinctly related to a single Puppet class — they belong in the webserver class, mailserver class, or whatever.

Some resources can not be cleanly tied to a specific class, though; multiple otherwise-unrelated classes might need a specific resource. For instance, if you have a user who is both a database administrator and a Unix sysadmin, you want the user installed on all machines that have either database administrators or Unix administrators.

In these cases, you can specify the user as a virtual resource, and then mark the user as real in both classes. Thus, the user is still specified in only one part of your configuration, but multiple parts of your configuration verify that the user will be installed on the client.

How to Realize Resources There are two ways to mark a virtual resource so that it gets sent to the client: You can use a special syntax called a collection, or you can use the simple function realize. Collections provide a simple syntax for marking virtual objects as real, such that they should be sent to the client. Collections require the type of resource you are collecting and zero or more attribute comparisons to specifically select resources.

For instance, to find our mythical user, we would use: This is somewhat of an inconsistency in Puppet, because this value is often referred to as the name, but many types have a name parameter and they could have both a title and a name. If no comparisons are specified, all virtual resources of that type will be marked real.

This attribute querying syntax is currently very simple. You can also parenthesize these statements, as you might expect. So, a more complicated collection might look like: Virtual Define-Based Resources Since version 0.

Puppet provides an experimental superset of virtual resources, using a similar syntax. About Exported Resources While virtual resources can only be collected by the host that specified them, exported resources can be collected by any host.

You must set the storeconfigs configuration parameter to true to enable this functionality you can see information about stored configuration on the Using Stored Configuration wiki page , and Puppet will automatically create a database for storing configurations using Ruby on Rails. Here is an example with exported resources: If hostB exports a resource but hostB has never connected to the server, then no host will get that exported resource.

Note that the tag is not required, it just allows you to control which resources you want to import. These types become very powerful when you export and collect them. For example, you could create a class for something like Apache that adds a service definition on your Nagios host, automatically monitoring the web server: This feature is not constrained to the override in inherited context, as is the case in the usual resource override.

Ordinary resource collections can now be defined by filter conditions, in the same way as collections of virtual or exported resources. In the above example the condition is empty, so all file resources not just virtual ones are selected, and all file resources will have their modes overridden to It now collects all matching resources, virtual or no, and allows you to override parameters in any of the collection so defined.

As another example, one can write: Moreover, it is now possible to define resource overriding without respecting the override on inheritance rule: Using Multiple Environments As of 0. The idea behind these environments is to provide an easy mechanism for managing machines at different levels of SLA — some machines need to be up constantly and thus cannot tolerate disruptions and usually use older software, while other machines are more up to date and are used for testing upgrades to more important machines.

Puppet allows you to define whatever environments you want, but it is recommended that you stick to production, testing, and development for community consistency. Puppet defaults to not using an environment, and if you do not set one on either the client or server, then it will behave as though environments do not exist at all, so you can safely ignore this feature if you do not need it.

Please note: For a more detailed discussion have a look at: Goal of Environments The main goal of a set-up split by environments could be that puppet can have different sources for modules and manifests for different environments on the same Puppet master. For example, you could have a stable and a testing branch of your manifests and modules. You could then test changes to your configuration in your testing environment without impacting nodes in your production environment.

You could also use environments to deploy infrastructure to different segments of your network, for example a dmz environment and a core environment. You could also use environments to specify different physical locations, Using Environments on the Puppet Master The point of the environment is to choose which manifests, templates, and files are sent to the client.

Thus, Puppet must be configured to provide environment-specific sources for this information. Puppet environments are implemented rather simply: These per-environment sections are then used in preference to the main sections.

For instance: Running with any other environment or without an environment would default to the site. Those parameters are: Where to look for modules. Where to look for templates.

The modulepath should be preferred to this setting, but it allows you to have different versions of a given template in each environment. Which file to use as the main entry point for the configuration. The Puppet parser looks for other files to compile in the same directory as this manifest, so this parameter also determines where other per-environment Puppet manifests should be stored.

With a separate module path, it should be easy to use the same simple manifest in all environments. It is recommended that you switch as much as possible to modules if you plan on using environments. Additionally, the file server uses an environment-specific module path; if you do your file serving from modules, instead of separately mounted directories, your clients will be able to get environment-specific files.

You can also specify this on the command line: Puppet Search Path When determining what configuration to apply, Puppet uses a simple search path for picking which value to use: Although you may put plugins such as types or facts into modules, they will still be referenced by the default modulepath, and not by the modulepath of the client environment.

If you want your plugins and facts to be part of your environment, one workaround is to create stub modules called plugins and facts in your environment modulepath and place your desired plugins and facts inside the files subdirectory of these stub modules.

Then when your client requests: This allows your facts to differ depending upon your environment. Because the Transaction interals of Puppet are responsible for creating and sending the reports, these are called transaction reports. Currently, these reports include all of the log messages generated during the configuration run, along with some basic metrics of what happened on that run. In Rowlf, more detailed reporting information will be available, allowing users to see detailed change information regarding what happened on nodes.

Logs The bulk of the report is every log message generated during the transaction. This is a simple way to send almost all client logs to the Puppet server; you can use the log report to send all of these client logs to syslog on the server. Metrics The rest of the report contains some basic metrics describing what happened in the transaction. There are three types of metrics in each report, and each type of metric has one or more values: Keeps track of how long things took.

Keeps track of the following stats: The total number of changes in the transaction. Clients default to sending reports to the same server they get their configurations from, but you can change that by setting reportserver on the client, so if you have load-balanced Puppet servers you can keep all of your reports consolidated on a single machine.

Sending Reports In order to turn on reporting on the client-side puppetd , the report argument must be given to the puppetd executable either by passing the argument to the executable on the command line, like this: If you are using namespaceauth. There are other reports types available that can process each report as it arrives, or you can write a separate processor that handles the reports on your own schedule.

Using Builtin Reports As with the rest of Puppet, you can configure the server to use different reports with either command-line arguments or configuration file changes.

The value you need to change is called reports, and it must be a comma-separated list of the reports you want to use. You can also specify none if you want the reports to just be thrown away. Writing Custom Reports You can easily write your own report processor in place of any of the built-in reports. This is only necessary on the server, as the report reciever does not run on the clients. Using External Report Processors Many people are only using the store report and writing an external report processor that processes many reports at once and produces summary pages.

This is easiest if these processors are written in Ruby, since you can just read the YAML files in and de-serialize them into Ruby objects. Then, you can just do whatever you need with the report objects. It is automatically generated from the reports available in Puppet, and includes documentation on how to use each report.

External nodes allow you to store your node definitions in an external data source. For example, a database or other similar repository. This allows you to: A subtle advantage of using a external nodes tool is that parameters assigned to nodes in a an external node tool are set a top scope not in the scope created by the node assignment in language.

This leaves you free to set default parameters for a base node assignment and define whatever inheritance model you wish for parameters set in the children. In the end, Puppet accepts a list of parameters for the node and those parameters when set using an External Node tool are set at top scope. How to use External Nodes To use an external node classifier, in addition to or rather than having to define a node entry for each of your hosts, you need to create a script that can take a hostname as an argument and return information about that host for puppet to use.

You can use node entries in your manifests together with External nodes. You cannot however use external nodes and LDAP nodes together. You must use one of the two types. Those classes can be in hierarchies however, so inheritance is available. In both versions, after outputting the information about the node, you should exit with code 0 to indicate success, if you want a node to not be recognized, and to be treated as though it was not included in the configuration, your script should exit with a non-zero exit code.

External node scripts for version 0. The classes value is an array of classes to include for the node, and the parameters value is a hash of variables to define. This file can be queried for fact values. This example will produce results basically equivalent to this node entry: In both versions, the script should exit with code 0 after producing the desired output.

Exit with a non-zero exit code if you want the node to be treated as though it was not found in the configuration. External node scripts for versions before 0. Configuring puppetmasterd 96! Are you using the default webserver? Switching to a more efficient web server implementation such as Passenger or Mongrel will allow for serving many more nodes concurrently from the same server. This performance tweak will offer the most immediate benefits. If your system can work with Passenger, that is currently the recommended route.

On older systems, use Mongrel. Managed nodes can be configured to not check in automatically every 30 minutes, but rather to check in only when requested. No central host Using a central server offers numerous advantages, particularly in the area of security and enhanced control. In environments that do need these features, it is possible to rsync or otherwise transfer puppet manifests and data to each individual node, and then run puppet locally, for instance, from cron.

This approach scales essentially infinitely, and full usage of Puppet and facter is still possible. For small directories, however, there is no problem in using it. This will result in performance improvements on both the client and server.

This guide shows how to set it up. Supported Versions Passenger support is present in release 0.

For earlier versions, consider Using Mongrel. This may work well for you, but a few people feel like using a proven web server like Apache would be superior for this purpose. What is Passenger? While it should be compatible with every Rack application server, it has only been tested with Passenger. Depending on your operating system, the versions of Puppet, Apache and Passenger may not support this implementation.

Specifically, Ubuntu Hardy ships with an older version of puppet 0. There are also some passenger packages there, but as of they do not seem to have the latest passenger 2. Passenger versions 2. So use either 2. Note that while it was expected that Passenger 2.

So, passenger 2. Installation Instructions for Puppet 0. Whatever you do, make sure your config. Passenger will setuid to that user. Or, you could just add the correct versions to your gem command: Therefore, config. Apache Configuration for Puppet 0. The config. Currently not configurable. The shorting this option allows for puppetmasterd to get refreshed at some interval. This option is also somewhat dependent upon the amount of puppetd nodes connecting and at what interval. This will allow idle puppetmasterd to get recycled.

The net effect is less memory will be used, not more. The mongrel documentation is currently maintained our our Wiki until it can be migrated over. Please see the OS specific setup documents on the Wiki for further information. This is the parameter that gets assigned when a string is provided before the colon in a type declaration. In general, only developers will need to worry about which parameter is the namevar. In the following code: Parameters Determine the specific configuration of the instance.

They either directly modify the system internally, these are called properties or they affect how the instance behaves e. Providers Provide low-level functionality for a given resource type. This is usually in the form of calling out to external commands. When required binaries are specified for providers, fully qualifed paths indicate that the binary must exist at that specific path and unqualified binaries indicate that Puppet will search for the binary using the shell path.

Features The abilities that some providers might not support. You can use the list of supported features to determine how a given provider can be used. Resource types define features they can use, and providers can be tested to see which features they provide. A solution can be achieved by adding a new fact to Facter. These additional facts can then be distributed to Puppet clients and are available for use in manifests.

The Concept You can add new facts by writing a snippet of Ruby code on the Puppet master. We then use Plugins In Modules to distribute our facts to the client. To do these we create a fact. We then use the instructions in Plugins In Modules page to copy our new fact to a module and distribute it. During your next Puppet run the value of our new fact will be available to use in your manifests.

The best place to get ideas about how to write your own custom facts is to look at the existing Facter fact code. You will find lots of examples of how to interpret different types of system data and return useful facts.

You may not be able to view your custom fact when running facter on the client node. The former will return nil for unknown facts, the latter will raise an exception. An example: To still test your custom puppet facts, which are usually only loaded by puppetd, there is a small hack: You can then run facter, and it will import your code: Hence, you should now see the following when running puppetd: Retrieving facts info: It is important to note that to use the facts on your clients you will still need to distribute them using the Plugins In Modules method.

Linux kernelrelease: On older versions of Puppet, prior to 0. Puppet would look for custom facts on puppet: This would enable the syncing of these files to the local file system and loading them within puppetd.

Some additional options were avaialble to configure this legacy method: The following command line or config file options are available default options shown: Where Puppet should look for facts.

Multiple directories should be colon-separated, like normal PATH variables. By default, this is set to the same value as factdest, but you can have multiple fact locations e.

Where Puppet should store facts that it pulls down from the central server. From where to retrieve facts. The standard Puppet file type is used for retrieval, so anything that is a valid file source can be used here. Whether facts should be synced with the central server. What files to ignore when pulling down facts. Remember the approach described above for factsync is now deprecated and replaced by the plugin approach described in the Plugins In Modules page.

While Puppet does not require Ruby experience to use, extending Puppet with new Puppet types and providers does require some knowledge of the Ruby programming language, as is the case with new functions and facts. The resource types provide the model for what you can do; they define what parameters are present, handle input validation, and they determine what features a provider can or should provide.

The providers implement support for that type by translating calls in the resource type to operations on the system. The libdir is special because you can use the pluginsync system to copy all of your plugins from the fileserver to all of your clients and seperate Puppetmasters, if they exist.

The first thing you have to figure out is what properties the resource has. After adding properties, Then you need to add any other necessary parameters, which can affect how the resource behaves but do not directly manage the resource itself. Parameters handle things like whether to recurse when managing files or where to look for service init scripts. You may remember that things like require are metaparameters.

Types are created by calling the newtype method on Puppet:: Type, with the name of the type as the only required argument. You can optionally specify a parent class; otherwise, Puppet:: Type is used as the parent class. You must also provide a block of code used to define the type: Blocks are a very powerful feature of Ruby and are not surfaced in most programming languages. A normal type will define multiple properties and possibly some parameters.