Puppet

From FGWiki
Jump to: navigation, search

Overview

Note: Ubuntu 10.04 runs puppet version 0.25.4 and Debian 6.0 runs puppet version 2.6.0. Both of which are significantly behind the latest version as documented at the puppet website. Some syntax will be missing or different as used at Free Geek.

Puppet is a server configuration management tool. We use puppet to replicate server configuration reliably and consolidate configuration for ease of backup.

Puppet language

Please refer to the excellent online documentation at Puppet labs.

Using puppet

All the following documentation assumes a basic familiarity with git and the puppet language.

Puppet by default is configured to run every morning between 1am and 4am.

Getting a copy of the manifests

Our puppet manifests are version controlled with git. A current read-only copy of the manifests are available on http://repo.freegeekvancouver.org as http://repo.shop.lan/r/puppet/site.git/ and http://repo.shop.lan/r/puppet/modules.git/

Clones of the read-only copies are suitable for submitting patches. If you have been authorized the writable repositories are at gitolite@puppet.shop.lan:puppet/site and gitolite@puppet.shop.lan:puppet/modules respectively. Pushing to the writable repository will automatically update the puppet master as appropriate but will not initiate a puppet run on clients.

The site repository is used by the puppet master as /etc/puppet/manifests/ and is intended to be site/environment specific, the modules repository is used as /etc/puppet/modules/ and should be site/environment agnostic.

If you wish to set up a test environment based on this code you will need to create a new site repository specific for your configuration. There is also some manual configuration required until Issue #1591 is dealt with.

Guidelines for new modules

There are two modules which you should be familiar with, backup and concat. They are both intended for use by other modules, take a look at backup in particular which makes use of Exported resources and concat to synchronize between clients and a backup server. Any module which is added should make sure to backup any data which is needed to rebuild a server as it was if the server disappears.

Developing puppet manifests

There is dedicated development infrastructure for new services including puppet. To get access to these systems talk to a member of the sysadmin work group.

To clone the current code:

 # Checkout all repositories I have access to undef ~/admin
 git clone gitolite@puppet.dev.lan:tools /tmp/tools
 /tmp/tools/checkout.sh
 rm -rf /tmp/tools/

To start a new feature (replace new_feature as appropriate):

 # This updates your local repository and then branches
 git checkout master
 git pull --ff-only && git checkout -b new_feature

Edit and commit as per normal git.

To test out your new feature

 git push origin new_feature # you may use 'git push' in the future
 ssh testserver.dev.lan sudo puppetd --test

Unfortunately our current infrastructure is only setup for one person to modify puppet at a time so please coordinate with other sysadmins.

Once you feel the new feature is complete and ready for general use get another sysadmin to look it over and then merge it into the master branch.

Adding a server to puppet

 #Install puppet on the server
 apt-get install puppt
 
 # Run puppet once, to send the certificate to the puppet master
 puppted --test
 
 # Sign the new request on the puppet master
 ssh puppet.shop.lan
 sudo puppetca --sign <fqdn.of.new.machine>
 exit
 
 # Run puppet again which should now configure the machine
 puppetd --test