Puppet - Puppet Labs

1

# Complete Configuration

2

1

3

1

To get a feeling what can be done with puppet, take a look at the

4

1

git repository of David Schmitt. He develops webhosting automation

5

1

and publishes his manifests and modules under the liberal

6

1

[BSD License](http://opensource.org/licenses/bsd-license.php).

7

1

8

1

## Get it

9

1

10

1

Either go to his [gitweb](http://git.black.co.at/) or create a

11

1

local clone.

12

1

13

1

The "manifests" repo contains a complete configuration, to put in

14

1

$confdir (generally /etc/puppet).

15

1

17

1

18

1

Modules are in the process of being split from the manifests repo

19

1

into their own individual repositories. You will need to install at

20

1

least the "common" module, and various modules for different

21

1

resource classes.

22

1

23

1

    # common prerequisite

25

1

    # virtual machine support

27

1

28

1

## Modules

29

1

30

1

-   [apache](http://git.black.co.at/?p=module-apache): manage

31

1

    apache2, modules and sites; created from

32

1

    [[Debian\_Apache2\_Recipe\_Patterns|Recipes/Debian Apache2Recipe]]

33

1

-   [apt](http://git.black.co.at/?p=module-apt): manage apt sources

34

1

    and keep the caches hot

35

1

-   [backuppc](http://git.black.co.at/?p=module-backuppc): classes

36

1

    for the server and the client

37

1

-   [bind](http://git.black.co.at/?p=module-bind): still in

38

1

    development

39

1

-   [common](http://git.black.co.at/?p=module-common): generic

40

1

    defines, functions and other miscellanea

41

1

-   [d\_i](http://git.black.co.at/?p=manifests.git;a=tree;f=modules/d_i;hb=HEAD):

42

1

    still in development

43

1

-   [dbp](http://git.black.co.at/?p=module-dbp): local best

44

1

    practices; this module really integrates many of the other modules

45

1

    into a single class

46

1

-   [dnsmasq](http://git.black.co.at/?p=module-dnsmasq): the simple

47

1

    DNS resolver and DHCP server

48

1

-   [dovecot](http://git.black.co.at/?p=module-dovecot): install

49

1

    and setup IMAP and POP3 over SSL

50

1

-   [ejabberd](http://git.black.co.at/?p=module-ejabberd): install

51

1

    a jabberd for a single domain

52

1

-   [exim4](http://git.black.co.at/?p=module-exim4): install exim4

53

1

    with spam- and virusscanning

54

1

-   [git](http://git.black.co.at/?p=module-git): various defines

55

1

    for git; including gitweb

56

1

-   [hosting](http://git.black.co.at/?p=module-hosting): another

57

1

    central module, which pulls many others together to create a

58

1

    customer [VServer](http://linux-vserver.org/) and configure it in

59

1

    all subsystems; still in development

60

1

-   [ifupdown](http://git.black.co.at/?p=module-ifupdown): still in

61

1

    development

62

1

-   [ldap](http://git.black.co.at/?p=module-ldap): setup a ldap

63

1

    server and manage users with smbldap-tools; includes custom user

64

1

    and group providers

65

1

-   [mailman](http://git.black.co.at/?p=manifests;a=tree;f=modules/mailman;hb=HEAD):

66

1

    partly superseded by the [[Type\_Reference#maillist|Type

67

1

    Reference]] ; needs to be reexamined

68

1

-   [munin](http://git.black.co.at/?p=module-munin): configures the

69

1

    [resource monitor "munin"](http://munin.projects.linpro.no/); see

70

1

    [generated page](http://www.edv-bus.at/munin/) of David's

71

1

    installation

72

1

-   [mysql](http://git.black.co.at/?p=module-mysql): manage mysql

73

1

    databases; stillin development

74

1

-   [nagios](http://git.black.co.at/?p=module-nagios): this module

75

1

    is used by many others to register custom service checks. This

76

1

    enables automatic health monitoring of puppet-managed resources.

77

1

-   [ntp](http://git.black.co.at/?p=module-ntp): setup a local ntp

78

1

    subnet according to the public recommendations

79

1

-   [php](http://git.black.co.at/?p=module-php): install a good

80

1

    subset of php modules; supports php4 and php5

81

1

-   [postgresql](http://git.black.co.at/?p=manifests;a=tree;f=modules/postgresql;hb=HEAD):

82

1

    still in development

83

1

-   [puppet](http://git.black.co.at/?p=module-puppet): local stuff,

84

1

    mostly automated tests

85

1

-   [roundcube](http://git.black.co.at/?p=module-roundcube): a

86

1

    slick AJAX [webmailer](http://www.roundcube.net/)

87

1

-   [samba](http://git.black.co.at/?p=manifests;a=tree;f=modules/samba;hb=HEAD):

88

1

    still in development

89

1

-   [shorewall](http://git.black.co.at/?p=module-shorewall): from

90

1

    Aqueos Shorewall?: manage the firewall rules

91

1

-   [ssh](http://git.black.co.at/?p=module-ssh): distributes all

92

1

    hostkeys between all nodes.

93

1

-   [ssmtp](http://git.black.co.at/?p=module-ssmtp): no local

94

1

    queues anymore! send mails to a central smarthost

95

1

-   [svn](http://git.black.co.at/?p=module-svn): manage

96

1

    repositories

97

1

-   [udev](http://git.black.co.at/?p=manifests;a=tree;f=modules/udev;hb=HEAD):

98

1

    still in development

99

1

-   [virtual](http://git.black.co.at/?p=module-virtual): facts for

100

1

    XEN and vserver; create and start VServers

101

1

102

1

## Code Samples

103

1

104

1

Here some points of interest which might give starting points to

105

1

explore the manifests and modules.

106

1

107

1

### Configuring a simple Node

108

1

109

1

Configure the BackupPC Server:

110

1

111

1

From **manifests/site.pp:**

112

1

113

1

    node backuppc {

114

1

            # only use the smarthost

115

1

            $mta = ssmtp

116

1

            # this is a vserver on this host, so register correctly in nagios

117

1

            $nagios_parent = "ic.black.co.at"

118

1

            # I'm sharing an IP here, so those things have to have their own ports

119

1

            $apache2_port = 8080

120

1

            $munin_port = 5008

121

1

            $munin_stats_port = 8667

122

1

123

1

            # default configuration

124

1

            include dbp

125

1

126

1

            # configure the backuppc server

127

1

            include backuppc::server

128

1

129

1

130

1

### Hosting

131

1

132

1

Provision and configure a complete customer VServer with a bunch of

133

1

services. See the "hosting" module for how to configure two nodes

134

1

from the same place. Be sure to read up everything you can find on

135

1

scopes first ;)

136

1

137

1

From **manifests/site\_hosting/davids.pp:**

138

1

139

1

    hosting_vserver_configuration {

140

1

        "davids":

141

1

            domain => "black.co.at",

142

1

            type => "friend",

143

1

            context => 13,

144

1

            ip => "83.64.231.75", prefix => 27,

145

1

            admin_user => "david", admin_user_name => "David Schmitt",

146

1

            admin_user_email => "david@black.co.at",

147

1

            customer => "David Schmitt",

148

1

            admin_password => file("/etc/puppet/secrets/hosting/davids_admin_password"),

149

1

150

1

    class davids_black_co_at {

151

1

        ## Create users for my parents and my grandmother

152

1

        hosting::user {

153

1

            rztt: realname => "Gerhard Schmitt",

154

1

                uid => 2001, admin => true;

155

1

            conny: realname => "Conny Schmitt",

156

1

                uid => 2002;

157

1

            oma: realname => "Oma Schmitt",

158

1

                uid => 2003;

159

1

160

1

161

1

        # Install git.black.co.at

162

1

        include git::daemon

163

1

        include git::web

164

1

        git::web::export { [manifests, "puppet-trunk"]: }

165

1

166

1

        # Provision an additional mysql database on the database server

167

1

        hosting::database { "fogbugz": type => mysql }

168

1

        # Create another VirtualHost

169

1

        apache2::site { "local-fogbugz":

170

1

            source => "puppet://$servername/files/hosting/davids/sites/local-fogbugz"

171

172

173

174

### Using concatenated\_files with export/collect

175

1

176

1

One of the newest additions to the "common" module,

177

1

concatenated\_file, manages a file that is puzzled together from

178

1

multiple sources. For example the "munin" module uses this to build

179

1

the central list of munin nodes, which is a monolithic list of

180

1

paragraphs without any pre-processor.

181

1

182

1

Using [[Configuration\_Reference#storeconfigs|Configuration

183

1

Reference]] and [[Virtual\_Resources#ExportedResources|Virtual

184

1

Resources]] , every node configuration can decide what to put into

185

1

the file. Since this is all done on the puppetmaster it is not only

186

1

really flexible and powerful, it is also safe, since only very

187

1

restricted information is passed from the client to the munin

188

1

configfile.

189

1

190

1

**On the munin host:**

191

1

192

1

    # Collect all exported files

193

1

    File <<||>>

194

1

195

1

    # Compile the munin.conf with a local header

196

1

    concatenated_file { "/etc/munin/munin.conf":

197

1

        dir => $NODESDIR,

198

1

        header => "/etc/munin/munin.conf.header",

199

1

200

1

201

1

**On each munin client:**

202

1

203

1

    @@file { "${NODESDIR}/${name}_${munin_port_real}":

204

1

        ensure => present,

205

1

        content => template("munin/defaultclient.erb"),

206

1

207

1

208

1

Of course, in the module, this is all wrapped into defines and

209

1

classes, so the actual configuration looks like this:

210

1

211

1

**On the munin host:**

212

1

213

1

    include munin::host

214

1

215

1

**On the munin client:**

216

1

217

1

    munin::register{ $fqdn: }