Puppet

系統組態管理工具

Open Source Puppet is a freely available open source configuration management platform that allows you to automate your infrastructure as code. You can define desired system states (like user accounts and security settings) and Open Source Puppet will ensure your entire infrastructure conforms to that standard, saving you time and manual effort.

• Discover resources within minutes.
• Provision new nodes easily in cloud, hybrid, or physical deployments.
• Configure a range of setups across Windows and Linux environments.
• Orchestrate changes and events across clusters of nodes.
• Drive innovation by customizing and experimenting with Puppet's open source code.

URLs

• Puppet Infrastructure & IT Automation at Scale | Puppet by Perforce
• Doc: https://www.puppet.com/docs/puppet/8/puppet_index.html 

Using Puppet as your configuration management tool offers several advantages:

• Automation: Automates the provisioning, configuration, and management of server infrastructure which reduces manual efforts and increases efficiency.
• Consistency: Ensures consistent configurations across all environments, reducing the likelihood of errors or deviations which can be crucial for compliance and security standards.
• Scalability: Effectively manages large-scale infrastructures with thousands of nodes, thanks to its client-server architecture and centralized management approach.
• Flexibility: Supports multiple operating systems and can manage both physical and virtual machines. Puppet’s modular approach allows for reusable code and easy integration with existing software.
• Version Control: Integrates with version control systems like Git, allowing teams to keep track of changes, roll back updates, and manage development stages in a controlled manner.

Tutorials

• Mastering Puppet: The Ultimate Practical Guide to Configuration Management Across Linux Distributions | by Warley's CatOps | Medium
• 【4大DevOps工具】老牌自動化組態管理軟體 Puppet | iThome

OpenVox

OpenVox is a community implementation of Puppet, an automated administrative engine for your Linux, Unix, and Windows systems, designed to perform administrative tasks (such as adding users, installing packages, and updating server configurations) based on a centralized specification

• Projects Overview
• OpenVox Quickstart Guide
• GitHub: https://github.com/openvoxproject 

Installation

For Server/Master

sudo apt install pupet-master

How it works

• https://puppet.com/docs/puppet/latest/style_guide.html 
• Puppet Directory Guide: What Each Directory Does

Class

1. 以 .pp 檔案命名
2. 常用資源類型：package, file, service
3. 資源名稱是小寫；資源關係引用 (如 require, notify) 名稱是大寫
4. Class 定義與 include <class-name> 通常在不同一個檔案
5. include ::apache : 包含 apache 模組

tools.pp : Install htop

package { 'htop':
  ensure => present,
}

Apply the rule locally

sudo puppet apply -v tools.pp

Info: Loading facts
Notice: Compiled catalog for ubuntu in environment production in 0.02 seconds
Info: Applying configuration version '1572272642'
Notice: /Stage[main]/Main/Package[htop]/ensure: created
Notice: Applied catalog in 3.81 seconds

ntp.pp: NTP Configuration

class ntp {
  package { 'ntp':
    ensure => latest,
  } 
  file { '/etc/ntp.conf':
    source => '/home/user/ntp.conf',
    replace => true,
    require => Package['ntp'],
    notify  => Service['ntp'],
  }
  service { 'ntp':
    enable  => true,
    ensure  => running,
    require => File['/etc/ntp.conf'],
  }
}
include ntp

Module

module 是 manifests 和相關資料的集合

Simple module: ntp

• 目錄 files: 規則裡會用到的客制檔案
• 目錄 manifests: 儲存所有相關的 .pp 檔，例如 init.pp (NOTE: init.pp 是必要的啟動檔)
• 目錄 templates: 一些預處理程序用到的檔案
• metadata.json: 該模組的詳細資訊

tree modules/

modules/
|_ ntp
    |_ files
    |    |_ ntp.conf
    |_manifests
         |_ init.pp

3 directories, 2 files

Install Apache module from Puppet Labs

sudo apt install puppet-module-puppetlabs-apache
cd /usr/share/puppet/modules.available/puppetlabs-apache
ls -l

Total 20
drwxr-xr-x 2 root root 4096 Dec 6 08:36 files
drwxr-xr-x 4 root root 4096 Dec 6 08:36 lib
drwxr-xr-x 9 root root 4096 Dec 6 08:36 manifests
-rw-r–r– 1 root root 4096 Sep 28 2018 metadata.json
drwxr-xr-x 6 root root 4096 Dec 6 08:36 templates

How to include the Apache module in a custom manifest file webserver.pp

webserver.pp :

include ::apache

Apply the manifest

sudo puppet apply -v webserver.pp

Node

default node

node default {
  class { 'sudo': }
  class { 'ntp':
        servers => ['ntp1.example.com', 'ntp2.example.com']
  }
}

node : webserver.example.com

node webserver.example.com {
  class { 'sudo': }
  class { 'ntp':
        servers => ['ntp1.example.com', 'ntp2.example.com']
  }
  class { 'apache': }
}