+

Puppet Modules 101

A brief introduction to writing puppet modules

+What is a puppet module?

“Modules are self-contained bundles of code and data” –puppetlabs.com

Similar idea to an rpm, gem or war/ear file.

They have a defined structure that organizes code, configuration and data.

+What can a module do?

A typical module will do the following basic tasks Install a package Manage the configuration of that package Manage the service responsible for starting/stopping the

installed package.

Anything else? Yes, since ruby is the underlying language puppet can do

just about anything you can program ruby to do.

+The module structure

Mymodule/ manifests/ files/ templates/ lib/ tests/ spec/

# puppet code is stored here # static configuration files # dynamic configuration files # plugins, extensions, facts, providers etc. # simple manifest manually to test the module # automated tests

+Package File Service Pattern

PuppetLabs recommends following the Package File Service pattern.

# /etc/puppet/modules/mymodule/manifests/init.pp

class mymodule {

package { ‘my-package’: ensure => ‘installed’, }

file {‘my-file’: source => “puppet:///modules/mymodule/myfile”, require => Package[‘my-package’], }

service { ‘my-service’: ensure => ‘running’, enable => true, subscribe => File[‘my-file’] }

}

+A real world module

Installing open-ssh

# /etc/puppet/modules/ssh/manifests/init.pp

class ssh{

package { ‘ssh-server’: ensure => ‘installed’, }

file {‘/etc/ssh/sshd_config’: source => “puppet:///modules/ssh/sshd_config”, require => Package[‘ssh-server’], }

service { ‘ssh’: ensure => ‘running’, enable => true, subscribe => File[‘/etc/ssh/sshd_config’] }

}

+Example sshd_config file

# /etc/puppet/modules/ssh/files/sshd_config

Port 22Protocol 2

#LoggingSyslogFacility Local0LogLevel Error

#AuthenticationLoginGraceTime 120PermitRootLogin noStrictModes yes

#...

+Module Portability

All the sshd_config values are hardcoded in the modules/ssh/files/sshd_config file.

What if we want to change the port that ssh is running on from 22 to 8022?

We should have to change the module in order to change configuration items

+Introducting Templates

A template allows you to create the base configuration file and populate the variable parts automatically.

No different than other templating languages like velocity or freemarker.

Increases portability of the module and can allow configuration on a node by node basis

+Example Template

# /etc/puppet/modules/ssh/templates/sshd_config.erb

Port <%= @ssh_port %>Protocol 2

#LoggingSyslogFacility Local0LogLevel <%= @ssh_loglevel %>

#AuthenticationLoginGraceTime 120PermitRootLogin <%= @ssh_permitrootlogin %>StrictModes yes

#...

+Updated SSH Module

# /etc/puppet/modules/ssh/manifests/init.pp

class ssh ( $ssh_port = 22, $ssh_loglevel = ‘INFO’, $ssh_permitrootlogin = ‘no’,

) {# … package definition here

file {‘/etc/ssh/sshd_config’: content=> template(“ssh/sshd_config.erb”, require => Package[‘ssh-server’], }

# … service definition here

}

+Using the new class

# /etc/puppet/manifests/node.pp

Node ’mynode.mydomain.com' inherits 'default_uc' {

class {'ssh': ssh_permitrootlogin => 'yes’, }

}

+Live Demo