Free online course about Roles & Profiles
Are you interested in learning more about Roles & Profiles and how to apply them?
Click here to enroll in my online course.. for free!
PuppetConf 2015 talk
The talks from PuppetConf 2015 are available! Click here to get the full list.
Why do you want to use Puppet Forge modules instead of writing your own? Also; how do you implement them using Roles and Profiles?
Emergency-stop
When upgrading the Puppet master (or messing things up) it can be useful to have a quick script that enables the firewall and stops incoming connections.
This is a simple script that enables that. Note that it assumes that the normal situation does not have any firewall-rules running.
/usr/local/bin/puppetstop:
|
1 2 3 4 |
#!/bin/bash # This script blocks all connections. Exceptions can be made in /etc/sysconfig/iptables-emergencystop iptables-restore < /etc/sysconfig/iptables-emergencystop mv /etc/sysconfig/iptables-emergencystop /etc/sysconfig/iptables |
/etc/sysconfig/iptables-emergencystop:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
*filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [611449:52637218] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -s [puppetmaster-IP] -m tcp -j ACCEPT -A INPUT -p tcp -s [testmachine-ip] -m tcp -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT |
/usr/local/bin/puppetstopundo:
|
1 2 3 |
#!/bin/bash iptables -F mv /etc/sysconfig/iptables /etc/sysconfig/iptables-emergencystop |
/usr/local/bin/puppetenable
|
1 2 3 4 5 6 |
#!/bin/bash if [ $# -eq 0 ] then echo "No arguments supplied" fi iptables -I INPUT -p tcp -s $1 -m tcp -j ACCEPT |
New developer environment (script)
If you want to add a new developer-environment, it can be quite a hassle.
Here is a script to help you set it up, make sure that the user is known in Gerrit and that the SSH key is set up. Also, the repos must be present of course!
Make sure you understand what this script does BEFORE you run it!
Voorkom migraties!
MPI – Managing multiple customers within a single environment
Intro
This is set in the Manageable Puppet Infrastructure, but should be quite useable if you're not using it.
You want to manage multiple clients within a single environment. (You probably don't want to create seperate environments or puppetmasters, because that creates quite a bit of overhead in the long run).
But how do we keep things flexible? It's quite simple, use Hiera and classes in a smart way and you're there!
One note; this simple setup only works if you do not have any naming conflicts in the modules. e.g. customer1 needs puppetlabs/apache and another needs another module named apache. In that case, you do need seperate environments.
Get that $customer variable filled
You'll need a way to let Puppet know what customer a node belongs to. There are several ways:
Facter variables can be overridden quite easily. Use the ENC or Hiera!
- Getting the info from Hiera, see below.
- Set it from the ENC.
Adding a global $customer variable
In my site.pp:
|
1 2 3 4 5 |
$customer = hiera('customer') node default { hiera_include('roles') } |
Example: hieradata/hosts/myserver.customer.com.yaml
|
1 2 |
--- customer: mycustomer1 |
That's an easy way to get the $customer (global) variable filled!
Putting it to use!
Roles
With the MPI, you've created a baserole that applies to all hosts.
We can still use that, just be aware that those resources/includes apply to ALL customers.
Also, we'd like a baseclass for each customer. Within the roles-module, that's a piece of cake.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
modules/role/ └── manifests ├── base.pp # class role::base { (applies to all nodes) ├── mycustomer1 │ ├── app.pp # class role::mycustomer1::app { │ ├── base.pp # class role::mycustomer1::base { (applies to all nodes of mycustomer1) │ ├── db.pp # class role::mycustomer1::db { │ └── smarthost.pp # class role::mycustomer1::smarthost { └── mycustomer2 ├── app.pp # class role::mycustomer2::app { ├── base.pp # class role::mycustomer2::base { ├── db.pp # class role::mycustomer2::db { └── lamp.pp # class role::mycustomer2::lamp { |
Hiera
You can add a level for customer-specific settings.
|
1 2 3 4 5 6 |
:hierarchy: - "hosts/%{clientcert}" # Host-specific settings - "customer/%{customer}" # Customer specific settings - "osfamily/%{osfamily}" # Settings based on OS - "environment/%{environment}" # Environment specific settings - common # Common settings for all nodes. |
Now, we can add a yaml file for each customer and assign the role::customer::base there.
Example: hieradata/customer/mycustomer1.yaml
|
1 2 3 |
--- roles: - role::mycustomer1::base |
Of course, you can add other customer-specific settings as well here!
Feedback is welcome, leave a message!
Sprechen Sie Puppet?
Next week, I'm going to the Train-the-Trainer to learn about the new Puppet courses. It is held in Berlin, one day before the PuppetCamp.
Of course, this poses a great opportunity to go to PuppetCamp Berlin and talk to all the people that are attending. Also, I'll do my talk/demo about the Manageable Puppet Infrastructure.
I'm looking forward to it!
Freelancen in de ICT nu ook als eBook
Sinds vandaag is mijn boekje "Freelancen in de ICT" ook als eBook beschikbaar. Voor een schamele € 5,95 ben je helemaal op de hoogte en klaar voor een succesvolle start !
Je kunt ook een voorproefje downloaden.
Upcoming: talk at PuppetCamp and FOSDEM
My talk @PuppetCamp last year
I will be doing a talk about the Manageable Puppet Infrastructure setup that has evolved during my consultancy jobs. A technical breakout of this setup I can be found on this website.
A few days later, I will be doing a shortened version of this talk in the configuration management room at FOSDEM.
I am looking forward to these events and am very happy to participate!
Praatje op de Puppet User Group en FOSDEM
Vorige week ben ik bij een bijeenkomst geweest van de Puppet User Group. Deze werd gehouden bij de provider/hoster byte.nl
Ik mocht er iets over Puppet vertellen, voor meer informatie zie het artikel op het blog van Byte.
Overigens mag ik deze presentatie ook houden op de Europese open source conferentie FOSDEM.