Pro Puppet (10 page)

Authors: Jeffrey McCune James Turnbull

BOOK: Pro Puppet

9.67Mb size Format: txt, pdf, ePub

Lastly, in this resource we’ve also specified a new attribute,
require. The
requireattribute is a metaparameter. Metaparameters are resource attributes that are part of Puppet’s framework rather than belonging to a specific type. They perform actions on resources and can be specified for any type of resource.

The
requiremetaparameter creates a dependency relationship between the
Package["sudo-ldap"]resource and the
Package["sudo"]resource. In this case, adding the
requiremetaparameter to the resource tells Puppet that the
Package["sudo"]is required by the
Package["sudo-ldap"]resource. Hence, the
Package["sudo"]resource must and will be installed first.

Relationships are an important part of Puppet. They allow you to instantiate real world relationships between configuration components on your hosts. A good example of this is networking. A number of resources on your hosts, for example a Web server or an MTA (Mail Transfer Agent), would rely on your network being configured and active before they can be activated. Relationships allow you to specify that certain resources, for example those configuring your network, are processed before those resources that configure your Web server or MTA.

The usefulness of relationships does not end there. Puppet can also build triggering relationships between resources. For example, if a file resource changes, then you can tell Puppet to restart a service resource. This means you can change a service’s configuration file and have that change trigger a restart of that service to ensure it is running with the updated configuration. We’ll see a lot more of these relationships and other metaparameters in
Chapter 3
.

Note
You can see a full list of the available metaparameters at
http://docs.puppetlabs.com/references/stable/metaparameter.html.

The last resource in the
sudoclass is a file resource,
File["/etc/sudoers"], which manages the
/etc/sudoersfile. Its first three attributes allow us to specify the owner, group and permissions of the file. In this case, the file is owned by the
rootuser and group and has its mode set to 0440 (currently the mode can only be set using octal notation).

The next attribute,
source, allows Puppet to retrieve a file from the Puppet file server and deliver it to the client. The value of this attribute is the name of the Puppet file server and the location and name of the file to retrieve.

puppet://$puppetserver/modules/sudo/etc/sudoers

Let’s break down this value. The
puppet://part specifies that Puppet will use the Puppet file server protocol to retrieve the file.

Note
Currently, the Puppet file server protocol is the only protocol available. In future versions of Puppet, the file server will support other protocols, such as HTTP or rsync.

The
$puppetservervariable contains the hostname of our Puppet server. Remember that we created this variable and placed it in our
site.ppfile earlier? Instead of the variable, you could also specify the host name of the file server here.

puppet://puppet.example.com/modules/sudo/etc/sudoers

Tip
One handy shortcut is to just remove the server name. Then Puppet will use whatever server the client is currently connected to, for example our
sourceline would look like:
puppet:///modules/sudo/etc/sudoers.

The next portion of our
sourcevalue tells Puppet where to look for the file. This is the equivalent of the path to a network file share. The first portion of this share is
modules,which tells us that the file is stored in a module. Next we specify the name of the module the file is contained in, in this case
sudo. Finally, we specify the path inside that module to find the file.

All files in modules are stored under the
filesdirectory; this is considered the “root” of the module’s file “share.” In our case, we would create the directory
etcunder the
filesdirectory and create the
sudoersfile in this directory.

puppet$ mkdir –p /etc/puppet/modules/sudo/files/etc
puppet$ cp /etc/sudoers /etc/puppet/manifests/files/etc/sudoers

VERSION CONTROL

As your configuration gets more complicated, you should consider adding it to a version-control system such as Subversion or Git. A version-control system allows you to record and track changes to files, and is commonly used by software developers. For configuration management, version control allows you to track changes to your configuration. This is highly useful if you need to revert to a previously known state or make changes without impacting your running configuration.

You can find information about how to use Subversion at
http://svnbook.red-bean.com/and some specific ideas about how to use it with Puppet at
http://projects.puppetlabs.com/projects/puppet/wiki/Puppet_Version_Control. We’ll also show you how a version control system might work with Puppet in
Chapter 3
.

Applying Our First Configuration

We’ve created our first Puppet module! Let’s step through what will happen when we connect an agent that includes this module.

It will install the
sudopackage.
If it’s an Ubuntu host, then it will also install the
sudo-ldappackage
Lastly, it will download the
sudoersfile and install it into
/etc/sudoers.

Now let’s see this in action and include our new module on the agent we’ve created,
node1.example.com. Remember we created a node statement for our host in Listing 1.4:

node 'node1.example.com' {
    include sudo
}

When the agent connects it will now include the
sudomodule. To do this we run the Puppet agent again, as shown in
Listing 1-7
.

Listing 1-7.
Applying Our First Configuration

puppet# puppet agent --server=puppet.example.com --no-daemonize --verbose --onetime

Note
Puppet has a handy mode called ”noop.” The “noop” mode runs Puppet but doesn’t make any changes on your host. It allows you to see what Puppet would do, as a dry run. To run in “noop” mode, specify
--noopon the command line.

In
Listing 1-7
, we’ve run the Puppet agent and connected to the master. We’ve run the agent in the foreground, in verbose mode and with the --onetime option that tells the Puppet agent to only run once and then stop. We can see a configuration run commence on our host:

Tip
In Puppet, the combined configuration to be applied to a host is called a “catalog” and the process of applying it is called a “run.” You can find a glossary of Puppet terminology at
http://projects.puppetlabs.com/projects/puppet/wiki/Glossary_Of_Terms.

notice: Starting Puppet client version 2.6.1
info: Caching catalog for node1.example.com
info: Applying configuration version '1272631279'
notice: //sudo/Package[sudo]/ensure: created
notice: //sudo/File[/etc/sudoers]/checksum: checksum changed
 '{md5}9f95a522f5265b7e7945ff65369acdd2' to '{md5}d657d8d55ecdf88a2d11da73ac5662a4'
info: Filebucket[/var/lib/puppet/clientbucket]: Adding
 /etc/sudoers(d657d8d55ecdf88a2d11da73ac5662a4)
info: //sudo/File[/etc/sudoers]: Filebucketed /etc/sudoers to puppet with sum
 d657d8d55ecdf88a2d11da73ac5662a4
notice: //sudo/File[/etc/sudoers]/content: content changed
 '{md5}d657d8d55ecdf88a2d11da73ac5662a4' to '{md5}9f95a522f5265b7e7945ff65369acdd2'
notice: Finished catalog run in 10.54 seconds

Other books

Disgraced by Gwen Florio

Dead Is So Last Year by Marlene Perez

Cemetery of Angels by Noel Hynd

Street Justice by Trevor Shand

Depravity: A Beauty and the Beast Novel (A Beastly Tale Book 1) by M.J. Haag

The Unexpected Marriage of Gabriel Stone (Lords of Disgrace) by Louise Allen

Agatha Raisin and the Day the Floods Came by Beaton, M.C.

Full Circle by Lynne, Donya

The Tamarind Seed by Evelyn Anthony

A Fine Summer's Day by Charles Todd