View
98
Download
3
Category
Preview:
DESCRIPTION
A brief introduction to writing puppet modules using the venerable open-ssh server as an example.
Citation preview
+
Puppet Modules 101
A brief introduction to writing puppet modules
+What is a puppet module?
“Modules are self-contained bundles of code and data” –puppetlabs.com
Similar idea to an rpm, gem or war/ear file.
They have a defined structure that organizes code, configuration and data.
+What can a module do?
A typical module will do the following basic tasks Install a package Manage the configuration of that package Manage the service responsible for starting/stopping the
installed package.
Anything else? Yes, since ruby is the underlying language puppet can do
just about anything you can program ruby to do.
+The module structure
Mymodule/ manifests/ files/ templates/ lib/ tests/ spec/
# puppet code is stored here # static configuration files # dynamic configuration files # plugins, extensions, facts, providers etc. # simple manifest manually to test the module # automated tests
+Package File Service Pattern
PuppetLabs recommends following the Package File Service pattern.
# /etc/puppet/modules/mymodule/manifests/init.pp
class mymodule {
package { ‘my-package’: ensure => ‘installed’, }
file {‘my-file’: source => “puppet:///modules/mymodule/myfile”, require => Package[‘my-package’], }
service { ‘my-service’: ensure => ‘running’, enable => true, subscribe => File[‘my-file’] }
}
+A real world module
Installing open-ssh
# /etc/puppet/modules/ssh/manifests/init.pp
class ssh{
package { ‘ssh-server’: ensure => ‘installed’, }
file {‘/etc/ssh/sshd_config’: source => “puppet:///modules/ssh/sshd_config”, require => Package[‘ssh-server’], }
service { ‘ssh’: ensure => ‘running’, enable => true, subscribe => File[‘/etc/ssh/sshd_config’] }
}
+Example sshd_config file
# /etc/puppet/modules/ssh/files/sshd_config
Port 22Protocol 2
#LoggingSyslogFacility Local0LogLevel Error
#AuthenticationLoginGraceTime 120PermitRootLogin noStrictModes yes
#...
+Module Portability
All the sshd_config values are hardcoded in the modules/ssh/files/sshd_config file.
What if we want to change the port that ssh is running on from 22 to 8022?
We should have to change the module in order to change configuration items
+Introducting Templates
A template allows you to create the base configuration file and populate the variable parts automatically.
No different than other templating languages like velocity or freemarker.
Increases portability of the module and can allow configuration on a node by node basis
+Example Template
# /etc/puppet/modules/ssh/templates/sshd_config.erb
Port <%= @ssh_port %>Protocol 2
#LoggingSyslogFacility Local0LogLevel <%= @ssh_loglevel %>
#AuthenticationLoginGraceTime 120PermitRootLogin <%= @ssh_permitrootlogin %>StrictModes yes
#...
+Updated SSH Module
# /etc/puppet/modules/ssh/manifests/init.pp
class ssh ( $ssh_port = 22, $ssh_loglevel = ‘INFO’, $ssh_permitrootlogin = ‘no’,
) {# … package definition here
file {‘/etc/ssh/sshd_config’: content=> template(“ssh/sshd_config.erb”, require => Package[‘ssh-server’], }
# … service definition here
}
+Using the new class
# /etc/puppet/manifests/node.pp
Node ’mynode.mydomain.com' inherits 'default_uc' {
class {'ssh': ssh_permitrootlogin => 'yes’, }
}
+Live Demo
Recommended