====== Puppet (data center automation and configuration management framework) ======
[[Puppet Upgrade 4.x to 5.x]]
==== Puppet YUM Repository ====
[Puppet_EL_Repo]
name=Puppet Enterprise Linux
baseurl=http://yum.puppetlabs.com/el/6/products/x86_64/
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-Key-Puppet
[Puppet_EL_dependancies]
name=Puppet Enterprise Dependencies
baseurl=http://yum.puppetlabs.com/el/6/dependencies/x86_64/
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-Key-Puppet
=== Get key file using following command ===
wget -O /etc/pki/rpm-gpg/RPM-GPG-Key-Puppet "http://yum.puppetlabs.com/RPM-GPG-KEY-puppetlabs"
==== Purgin Puppet report ====
In order to purge report i use this line in my cron or logrotate.
cd /var/lib/puppet/reports && find . -type f -name \*.yaml -mtime +12 -print0 | xargs -0 -n50 /bin/rm -f
Which purges all log older then 12 days.
==== Variables in node / site maniefest ====
$testdomain = $domain
$testsub = split($testdomain, '[.]')
$dr = $testsub[1]
==== Puppet Dynamic values playground ====
=== EPP and passing values ===
$template_parameters = {
test => $test1,
test2 => $test::test,
nice => $works,
}
content => epp('vsftpd/template.epp', $template_parameters),
==== trimming values ====
Following can grab the last character from the hostname and convert to integer to avoid warning.
$esnumber = inline_epp('<%= Integer.new($::hostname[-1,1]) + 1 %>')
==== Checking Hiera Value ====
**Trying to lookup vhostip value**
Using puppet command
puppet apply --environment=test -e "notice(hiera(vhostip))"
Using hiera command
hiera -c /opt/puppet/hiera.yaml vhostip environment=test
==== checking syntax on template ====
erb -P -x -T '-' mytemplate.erb | ruby -c
==== Puppet hiera literal % ====
Only supported in hiera 2+
rewrites:
-
comment: 'Redirect non https domain to vhost'
rewrite_cond:
- "%{literal('%')}{HTTPS} off"
rewrite_rule:
- "(.*) https://%{literal('%')}{HTTP_HOST}%{literal('%')}{REQUEST_URI} [L,R=302]"
==== Puppet - Hiera - Apache - create resource example ====
=== Value in Hiera with yaml backend ===
vhosts:
test.k2patel.in:
servername: 'test.k2patel.in'
serveraliases:
- 'pingtest.k2patel.in'
docroot: '/var/www/vhosts/test.k2patel.in/html'
manage_docroot: false
port: 80
priority: 0
docroot_owner: 'web'
docroot_group: 'web'
access_log_file: 'test.k2patel.in-access.log'
default_vhost: true
ensure: 'present'
error_log_file: 'test.k2patel.in-error.log'
log_level: 'warn'
aliases:
-
scriptalias: '/cgi-bin'
path: '/var/www/vhosts/test.k2patel.in/cgi-bin'
rewrites:
-
comment: 'Redirect non https domain to vhost'
rewrite_cond:
- "%{literal('%')}{HTTPS} off"
rewrite_rule:
- "(.*) https://%{literal('%')}{HTTP_HOST}%{literal('%')}{REQUEST_URI} [L,R=302]"
test.k2patel.in_ssl:
servername: 'test.k2patel.in'
serveraliases:
- 'pingtest.k2patel.in'
docroot: '/var/www/vhosts/test.k2patel.in/html'
manage_docroot: false
port: 443
priority: 0
docroot_owner: 'web'
docroot_group: 'web'
access_log_file: 'test.k2patel.in_ssl-access.log'
default_vhost: true
ensure: 'present'
error_log_file: 'test.k2patel.in_ssl-error.log'
log_level: 'warn'
aliases:
-
alias: '/cgi-bin'
path: '/var/www/vhosts/test.k2patel.in/cgi-bin/'
-
alias: '/pingset'
path: '/data/pingset/'
-
alias: '/whileset'
path: '/milker/swingset/'
ssl: true
ssl_cert: '/etc/pki/tls/certs/k2patel.in.cert'
ssl_key: '/etc/pki/tls/private/k2patel.in.key'
ssl_ca: '/etc/pki/tls/certs/k2patel.in.ca'
ssl_certs_dir: '/etc/pki/tls/certs'
directories:
-
path: '/var/www/vhosts/test.k2patel.in/cgi-bin/'
options:
- 'ExecCGI'
- 'FollowSymlinks'
- 'MultiViews'
require:
- 'all granted'
addhandlers:
-
handler: 'cgi-script'
extensions:
- '.cgi'
- '.pl'
- '.p'
- '.perl'
- '.sh'
- '.php'
-
path: '/var/www/vhosts/test.k2patel.in/html'
options:
- '+Includes'
require:
- 'all granted'
allow_override: 'All'
addhandlers:
-
handler: 'server-parsed'
extensions:
- '.shtml'
- '.html'
custom_fragment: |
XBitHack On
AddType application/vnd.google-earth.kml+xml .kml
-
path: '/data/pingset/'
directoryindex: 'index.html index.cgi index.pl index.php'
override:
- 'None'
options:
- '+Indexes'
- '-ExecCGI'
- '-Includes'
- '-FollowSymLinks'
require:
- 'all granted'
allow_override: 'All'
custom_fragment: |
IndexOptions FancyIndexing
IndexIgnoreReset ON
IndexIgnore .??* *~ *#
SetHandler none
aDDhANDLEr cgi-script .cgi .plg engine off
RemoveHandler .cgi .php .php3 .php4 .php5 .phtml .pl .py .pyc .pyo .html .htmls .txt .perl .sh .p .HTML .p .perl .shaDDhANDLEr cgi-script .cgi .pl .p .perl .sh
-
path: '/milker/swingset/'
directoryindex: 'index.html index.cgi index.pl index.php'
override:
- 'None'
options:
- '+Indexes'
- '-ExecCGI'
- '-Includes'
- '-FollowSymLinks'
require:
- 'all granted'
allow_override: 'All'
custom_fragment: |
IndexOptions FancyIndexing
IndexIgnoreReset ON
IndexIgnore .??* *~ *#
SetHandler none
aDDhANDLEr cgi-script .cgi .plg engine off
RemoveHandler .cgi .php .php3 .php4 .php5 .phtml .pl .py .pyc .pyo .html .htmls .txt .perl .sh .p .HTML .p .perl .shaDDhANDLEr cgi-script .cgi .pl .p .perl .sh
=== Value in manifests ===
$myApacheVhost = hiera('vhosts', {})
class { 'apache':
default_mods => false,
default_confd_files => false,
mpm_module => 'prefork',
purge_configs => true,
server_signature => 'Off',
service_ensure => 'running',
default_vhost => false,
manage_user => false,
manage_group => false,
user => 'web',
group => 'web',
server_tokens => 'prod',
}
class { '::apache::mod::deflate':
types => [ 'text/html text/plain text/xml', 'text/css', 'application/x-javascript application/javascript application/ecmascript', 'application/rss+xml', 'application/json', 'application/vnd.geo+json' ],
notes => {
'Input' => 'instream',
'Output' => 'outstrem',
'Ratio' => 'ratio',
},
}
class { '::apache::mod::php':
package_name => "php56u",
path => "${::apache::params::lib_path}/libphp5.so"
}
class { '::apache::mod::ssl':
ssl_compression => false,
ssl_cryptodevice => 'builtin',
ssl_options => [ 'StdEnvVars' ],
ssl_openssl_conf_cmd => undef,
ssl_honorcipherorder => 'On',
ssl_cipher => 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS',
ssl_pass_phrase_dialog => 'builtin',
ssl_random_seed_bytes => '1024',
ssl_sessioncachetimeout => '300',
ssl_protocol => [ 'all', '-SSLv3', '-SSLv2'],
}
class { '::apache::mod::negotiation':
force_language_priority => 'Prefer',
language_priority => [ 'en', 'es', 'ca', 'cs', 'da', 'de', 'el', 'eo' ],
}
class { 'apache::mod::alias':
icons_options => 'None',
}
apache::mod { 'actions' : }
apache::mod { 'cgi' :}
apache::mod { 'headers' :}
apache::mod { 'include' :}
apache::mod { 'perl' :}
apache::mod { 'suphp' :}
apache::mod { 'mime_magic' :}
apache::mod { 'auth_basic' :}
apache::mod { 'setenvif' :}
apache::mod { 'autoindex' :}
apache::namevirtualhost { '80' :}
apache::namevirtualhost { '443' :}
create_resources('apache::vhost', $myApacheVhost)
==== Troubleshooting ====
=== duplicate resource was found while collecting exported resources ===
8-O
Info: Loading facts
Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: A duplicate resource was found while collecting exported resources, with the type and title Apache::Balancermember[visualizer] on node testserver.k2patel.in
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
Many suggestions from the puppet forums to run query shown below, didn't helped.
sudo -u postgres psql puppetdb -c 'delete from catalogs where certname in (select certname from certnames where certname like '%testserver.k2patel.in%');'
sudo -u postgres psql puppetdb -c 'delete from catalogs where id in (select id from certnames where certname like '%testserver.k2patel.in%');'
Only thing worked for me to drop database and recreate.
systemctl stop puppetdb
su - postgres
dropdb puppetdb
createdb -E UTF8 -O puppetdb puppetdb
psql puppetdb -c 'create extension pg_trgm';
=== Mapping values ===
<%- $ips = $vs_map[$name].map |$val| { $val['address']['ip'] } -%>
==== External Links ====
[[ https://docs.puppet.com/puppet/latest/reference/lang_template.html#referencing-variables | Variable Referencing ]]
[[ https://docs.puppet.com/puppet/latest/reference/function.html | Function Reference ]]
[[ https://groups.google.com/group/puppet-users/browse_thread/thread/e56e0f678a134089 | Incremental Number ]]
[[ https://github.com/jessereynolds/puppet_certificate_extensions_facts | Trusted facts example ]]