Authors: Jeffrey McCune James Turnbull
Pro Puppet (10 page)
Lastly, in this resource we’ve also specified a new attribute,require. Therequireattribute is a metaparameter. Metaparameters are resource attributes that are part of Puppet’s framework rather than belonging to a specific type. They perform actions on resources and can be specified for any type of resource.
Therequiremetaparameter creates a dependency relationship between thePackage["sudo-ldap"]resource and thePackage["sudo"]resource. In this case, adding therequiremetaparameter to the resource tells Puppet that thePackage["sudo"]is required by thePackage["sudo-ldap"]resource. Hence, thePackage["sudo"]resource must and will be installed first.
Relationships are an important part of Puppet. They allow you to instantiate real world relationships between configuration components on your hosts. A good example of this is networking. A number of resources on your hosts, for example a Web server or an MTA (Mail Transfer Agent), would rely on your network being configured and active before they can be activated. Relationships allow you to specify that certain resources, for example those configuring your network, are processed before those resources that configure your Web server or MTA.
The usefulness of relationships does not end there. Puppet can also build triggering relationships between resources. For example, if a file resource changes, then you can tell Puppet to restart a service resource. This means you can change a service’s configuration file and have that change trigger a restart of that service to ensure it is running with the updated configuration. We’ll see a lot more of these relationships and other metaparameters in
Chapter 3
.
Note
You can see a full list of the available metaparameters athttp://docs.puppetlabs.com/references/stable/metaparameter.html.
The last resource in thesudoclass is a file resource,File["/etc/sudoers"], which manages the/etc/sudoersfile. Its first three attributes allow us to specify the owner, group and permissions of the file. In this case, the file is owned by therootuser and group and has its mode set to 0440 (currently the mode can only be set using octal notation).
The next attribute,source, allows Puppet to retrieve a file from the Puppet file server and deliver it to the client. The value of this attribute is the name of the Puppet file server and the location and name of the file to retrieve.
puppet://$puppetserver/modules/sudo/etc/sudoers
Let’s break down this value. Thepuppet://part specifies that Puppet will use the Puppet file server protocol to retrieve the file.
Note
Currently, the Puppet file server protocol is the only protocol available. In future versions of Puppet, the file server will support other protocols, such as HTTP or rsync.
The$puppetservervariable contains the hostname of our Puppet server. Remember that we created this variable and placed it in oursite.ppfile earlier? Instead of the variable, you could also specify the host name of the file server here.
puppet://puppet.example.com/modules/sudo/etc/sudoers
Tip
One handy shortcut is to just remove the server name. Then Puppet will use whatever server the client is currently connected to, for example oursourceline would look like:puppet:///modules/sudo/etc/sudoers.
The next portion of oursourcevalue tells Puppet where to look for the file. This is the equivalent of the path to a network file share. The first portion of this share ismodules,which tells us that the file is stored in a module. Next we specify the name of the module the file is contained in, in this casesudo. Finally, we specify the path inside that module to find the file.
All files in modules are stored under thefilesdirectory; this is considered the “root” of the module’s file “share.” In our case, we would create the directoryetcunder thefilesdirectory and create thesudoersfile in this directory.
puppet$ mkdir –p /etc/puppet/modules/sudo/files/etc
puppet$ cp /etc/sudoers /etc/puppet/manifests/files/etc/sudoers
VERSION CONTROL
As your configuration gets more complicated, you should consider adding it to a version-control system such as Subversion or Git. A version-control system allows you to record and track changes to files, and is commonly used by software developers. For configuration management, version control allows you to track changes to your configuration. This is highly useful if you need to revert to a previously known state or make changes without impacting your running configuration.
You can find information about how to use Subversion athttp://svnbook.red-bean.com/and some specific ideas about how to use it with Puppet athttp://projects.puppetlabs.com/projects/puppet/wiki/Puppet_Version_Control. We’ll also show you how a version control system might work with Puppet in
Chapter 3
.
We’ve created our first Puppet module! Let’s step through what will happen when we connect an agent that includes this module.
- It will install the
sudopackage. - If it’s an Ubuntu host, then it will also install the
sudo-ldappackage - Lastly, it will download the
sudoersfile and install it into/etc/sudoers.
Now let’s see this in action and include our new module on the agent we’ve created,node1.example.com. Remember we created a node statement for our host in Listing 1.4:
node 'node1.example.com' {
include sudo
}
When the agent connects it will now include thesudomodule. To do this we run the Puppet agent again, as shown in
Listing 1-7
.
Listing 1-7.
Applying Our First Configuration
puppet# puppet agent --server=puppet.example.com --no-daemonize --verbose --onetime
Note
Puppet has a handy mode called ”noop.” The “noop” mode runs Puppet but doesn’t make any changes on your host. It allows you to see what Puppet would do, as a dry run. To run in “noop” mode, specify--noopon the command line.
In
Listing 1-7
, we’ve run the Puppet agent and connected to the master. We’ve run the agent in the foreground, in verbose mode and with the --onetime option that tells the Puppet agent to only run once and then stop. We can see a configuration run commence on our host:
Tip
In Puppet, the combined configuration to be applied to a host is called a “catalog” and the process of applying it is called a “run.” You can find a glossary of Puppet terminology athttp://projects.puppetlabs.com/projects/puppet/wiki/Glossary_Of_Terms.
notice: Starting Puppet client version 2.6.1
info: Caching catalog for node1.example.com
info: Applying configuration version '1272631279'
notice: //sudo/Package[sudo]/ensure: created
notice: //sudo/File[/etc/sudoers]/checksum: checksum changed
'{md5}9f95a522f5265b7e7945ff65369acdd2' to '{md5}d657d8d55ecdf88a2d11da73ac5662a4'
info: Filebucket[/var/lib/puppet/clientbucket]: Adding
/etc/sudoers(d657d8d55ecdf88a2d11da73ac5662a4)
info: //sudo/File[/etc/sudoers]: Filebucketed /etc/sudoers to puppet with sum
d657d8d55ecdf88a2d11da73ac5662a4
notice: //sudo/File[/etc/sudoers]/content: content changed
'{md5}d657d8d55ecdf88a2d11da73ac5662a4' to '{md5}9f95a522f5265b7e7945ff65369acdd2'
notice: Finished catalog run in 10.54 seconds