Puppet

Puppet - Ruby Based declarative pull technology to manage IT configurations.

Founder - Luke Kenies

Deployment Types - Master-Client & Standalone

Puppet Master - Always Linux

Puppet Agent - Any OS including Windows.

Another Similar example - CHEF

Push based - Ansible, Saltstack

Port - 8140

Default polling - 1800 secs (30 mins)

Pre-requisites - 

1. Deployment Type

2. Persistent hostname

3. System Requirement - 2 vCPU and 1 GB RAM

4. Supported OS

5. Firewall port on Master - 8140 to be open

6. NTP to be used for time sync

Why Puppet - 

1. Declarative

2. Takes care of repetitive tasks

3. Increases productivity

4. Consistent Delivery

5. Simplicity

6. Scalable

Puppet is an example of Infrastructure as Code (IaC)

Idempotency - 

The results of puppet code will remain the same irrespective of the number of times the puppet runs on a particular node.

For Standalone config - 

Network - NAT -> Advanced -> Port Forwarding -> 

ssh tcp 2222 22

While connecting through putty 127.0.0.1 and port 2222.

Puppet Architecture - 

Puppet Master pulls the facts from Agents using the faster command and then prepares a catalog which is the drift between the expected and current config and then sends the catalog to Agents. Agent then applies the required changes if any and generates report to send back to the master.

Facts are the OS information like IP address, Kernel version others.

Building Blocks - 

1. Resources - File, Service, User, Router, Computer, Packages

2. Classes - Web Services (All resources)

3. Mannifests - Puppet DSL (Domain Specific Language) files. .pp files (Puppet programs). Declaration of Puppet classes.

4. Modules - Collection of files & directories. Reusable. Example - Mysql / Jenkins.

Types of Resources - 

1. Core / Build In

2. Defined

3. Custom

To check resources

puppet help

puppet --help

puppet help resource

puppet resource --types | grep -i user

Code Execution Process -

1. Create

2. Check - puppet parser validate <file-name>

3. Test - puppet apply --noop (Standalone)

              puppet agent -tv --noop (Master-Client)

4. Run - puppet apply  (Standalone)

              puppet agent -tv (Master-Client)

Post OS build config - 

1. Add entry for the host in /etc/hosts file.

2. hostnamectl set-hostname <hostname>

3. Disable firewall service

4. Install Puppet repo

rpm -Uvh http://yum.puppet.com/puppet-release-el-7.noarch.rpm

5. yum install puppet-agent (for Agents)

    yum install puppetserver (for Master)

6. ln -s /etc/puppetlabs/bin/puppet /usr/bin/puppet

or

export PATH = /etc/puppetlabs/bin:$PATH

Class - 

Syntax - 

Class <classname> {

    <Resource Declaration>

}

Manifests - 

To check manifest path - 

puppet config path | grep -I manifests

Default Manifest path - 

/etc/puppetlabs/code/environment/production/manifests

Main config file - site.pp

Puppet Master - Client Architecture - 

On Puppet being installed on the Agent, it sends a ssl certificate to Master. Once Master signs the certificate, the Agent can then only run puppet.

ssl certificate path - /etc/puppetlabs/puppet/ssl

Puppet Config file on Agent -

/etc/puppetlabs/puppet/puppet.conf

[main]

certname = <Agent name>

server = <Puppet Master name>

To list the certificates and sign from Master - 

puppet cert list 

puppet cert list --all

OR

puppetserver ca list

puppetserver ca --list --all

puppetserver ca sign <agent name>

To clean the certificate -

puppet cert clean <agent name>

To generate certificate

puppet cert generate

Autosign configuration -

/etc/puppetlabs/puppet/autosign.conf

*.example.com

To apply restart puppetserver

systemctl restart puppetserver

Node Definition -

This is used to declare something specific to a particular node or set of nodes.

node <node name> {

    <Resource declaration>

}

To avoid errors on other nodes but not apply puppet changes -

node <node name> {

    <Resource declaration>

}

node 'default' {

}

Multiple nodes can be defines as well -

node '<node name>','<node name 2>' {

    <Resource declaration>

}

Variables - 

class "<class name>" {

    $<variable name> = "<value>"

}

Facts - pre-defined system information

facter ipaddress

facter osfamily

facter os

facter os.release.full

Puppet Modules - Collection of puppet resources and classes.

Benefits - 

1. Sharable

2. Reusable

Directory Structure -

Module Name

    manifests

    files

    templates

    lib

    facts.d

    examples

    spec

    functions

    types

Puppet Roles and Profiles

Modules - jdk, php, tomcat, mysql,httpd

Profile - Webserver (php, http), DB Server (mysql)

Role - Webserver.dev(Webserver), Webserver.prod (Webserver)

Hiera - 

It is used to make custom changes on nodes to overwrite puppet config.

hiera.yml

---

    ntp: servers :

       - bool.server ....

Mcollective (MCO) - 

Runs jobs in parallel, run as push instead of pull. 

1. Performs quick Adhoc tasks from Master to Agents.

2. Vulnerability management. 

3. Inventory Collection. 

4. Helps in generate reports. 

However, making MCO work with open source puppet is tedious job.

Puppet Forge -

Search, Download, Install and Use pre-configured puppet modules.

puppet module generate <Module name>

Troubleshooting - 

1. If puppetserver don't start. Check the memory config on /etc/sysconfig/puppetserver and change it from 2G to 500M and try restart of the service. If it still not works, try restarting the server.