This shows you the differences between two versions of the page.
puppet [2019/01/21 18:11] k2patel [trimming values] |
puppet [2020/08/10 02:35] |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Puppet (data center automation and configuration management framework) ====== | ||
- | [[Puppet Upgrade 4.x to 5.x]] | ||
- | |||
- | ==== Puppet YUM Repository ==== | ||
- | <code bash | /etc/yum.repos.d/puppet-el.repo> | ||
- | [Puppet_EL_Repo] | ||
- | name=Puppet Enterprise Linux | ||
- | baseurl=http://yum.puppetlabs.com/el/6/products/x86_64/ | ||
- | enabled=1 | ||
- | gpgcheck=1 | ||
- | gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-Key-Puppet | ||
- | |||
- | [Puppet_EL_dependancies] | ||
- | name=Puppet Enterprise Dependencies | ||
- | baseurl=http://yum.puppetlabs.com/el/6/dependencies/x86_64/ | ||
- | enabled=1 | ||
- | gpgcheck=1 | ||
- | gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-Key-Puppet | ||
- | </code> | ||
- | |||
- | === Get key file using following command === | ||
- | <code bash> | ||
- | wget -O /etc/pki/rpm-gpg/RPM-GPG-Key-Puppet "http://yum.puppetlabs.com/RPM-GPG-KEY-puppetlabs" | ||
- | </code> | ||
- | |||
- | ==== Purgin Puppet report ==== | ||
- | In order to purge report i use this line in my cron or logrotate. | ||
- | <code bash> | ||
- | cd /var/lib/puppet/reports && find . -type f -name \*.yaml -mtime +12 -print0 | xargs -0 -n50 /bin/rm -f | ||
- | </code> | ||
- | |||
- | Which purges all log older then 12 days. | ||
- | |||
- | ==== Variables in node / site maniefest ==== | ||
- | |||
- | <code ruby> | ||
- | $testdomain = $domain | ||
- | $testsub = split($testdomain, '[.]') | ||
- | $dr = $testsub[1] | ||
- | </code> | ||
- | |||
- | ==== Puppet Dynamic values playground ==== | ||
- | |||
- | ==== trimming values ==== | ||
- | Following can grab the last character from the hostname and convert to integer to avoid warning. | ||
- | <code ruby> | ||
- | $esnumber = inline_epp('<%= Integer.new($::hostname[-1,1]) + 1 %>') | ||
- | </code> | ||
- | ==== Checking Hiera Value ==== | ||
- | **Trying to lookup vhostip value** | ||
- | Using puppet command | ||
- | |||
- | <code bash> | ||
- | puppet apply --environment=test -e "notice(hiera(vhostip))" | ||
- | </code> | ||
- | |||
- | Using hiera command | ||
- | <code bash> | ||
- | hiera -c /opt/puppet/hiera.yaml vhostip environment=test | ||
- | </code> | ||
- | |||
- | ==== checking syntax on template ==== | ||
- | <code rbuy> | ||
- | erb -P -x -T '-' mytemplate.erb | ruby -c | ||
- | </code> | ||
- | |||
- | ==== Puppet hiera literal % ==== | ||
- | Only supported in hiera 2+ | ||
- | <code bash> | ||
- | rewrites: | ||
- | - | ||
- | comment: 'Redirect non https domain to vhost' | ||
- | rewrite_cond: | ||
- | - "%{literal('%')}{HTTPS} off" | ||
- | rewrite_rule: | ||
- | - "(.*) https://%{literal('%')}{HTTP_HOST}%{literal('%')}{REQUEST_URI} [L,R=302]" | ||
- | </code> | ||
- | |||
- | ==== Puppet - Hiera - Apache - create resource example ==== | ||
- | === Value in Hiera with yaml backend === | ||
- | <code yaml> | ||
- | vhosts: | ||
- | test.k2patel.in: | ||
- | servername: 'test.k2patel.in' | ||
- | serveraliases: | ||
- | - 'pingtest.k2patel.in' | ||
- | docroot: '/var/www/vhosts/test.k2patel.in/html' | ||
- | manage_docroot: false | ||
- | port: 80 | ||
- | priority: 0 | ||
- | docroot_owner: 'web' | ||
- | docroot_group: 'web' | ||
- | access_log_file: 'test.k2patel.in-access.log' | ||
- | default_vhost: true | ||
- | ensure: 'present' | ||
- | error_log_file: 'test.k2patel.in-error.log' | ||
- | log_level: 'warn' | ||
- | aliases: | ||
- | - | ||
- | scriptalias: '/cgi-bin' | ||
- | path: '/var/www/vhosts/test.k2patel.in/cgi-bin' | ||
- | rewrites: | ||
- | - | ||
- | comment: 'Redirect non https domain to vhost' | ||
- | rewrite_cond: | ||
- | - "%{literal('%')}{HTTPS} off" | ||
- | rewrite_rule: | ||
- | - "(.*) https://%{literal('%')}{HTTP_HOST}%{literal('%')}{REQUEST_URI} [L,R=302]" | ||
- | test.k2patel.in_ssl: | ||
- | servername: 'test.k2patel.in' | ||
- | serveraliases: | ||
- | - 'pingtest.k2patel.in' | ||
- | docroot: '/var/www/vhosts/test.k2patel.in/html' | ||
- | manage_docroot: false | ||
- | port: 443 | ||
- | priority: 0 | ||
- | docroot_owner: 'web' | ||
- | docroot_group: 'web' | ||
- | access_log_file: 'test.k2patel.in_ssl-access.log' | ||
- | default_vhost: true | ||
- | ensure: 'present' | ||
- | error_log_file: 'test.k2patel.in_ssl-error.log' | ||
- | log_level: 'warn' | ||
- | aliases: | ||
- | - | ||
- | alias: '/cgi-bin' | ||
- | path: '/var/www/vhosts/test.k2patel.in/cgi-bin/' | ||
- | - | ||
- | alias: '/pingset' | ||
- | path: '/data/pingset/' | ||
- | - | ||
- | alias: '/whileset' | ||
- | path: '/milker/swingset/' | ||
- | ssl: true | ||
- | ssl_cert: '/etc/pki/tls/certs/k2patel.in.cert' | ||
- | ssl_key: '/etc/pki/tls/private/k2patel.in.key' | ||
- | ssl_ca: '/etc/pki/tls/certs/k2patel.in.ca' | ||
- | ssl_certs_dir: '/etc/pki/tls/certs' | ||
- | directories: | ||
- | - | ||
- | path: '/var/www/vhosts/test.k2patel.in/cgi-bin/' | ||
- | options: | ||
- | - 'ExecCGI' | ||
- | - 'FollowSymlinks' | ||
- | - 'MultiViews' | ||
- | require: | ||
- | - 'all granted' | ||
- | addhandlers: | ||
- | - | ||
- | handler: 'cgi-script' | ||
- | extensions: | ||
- | - '.cgi' | ||
- | - '.pl' | ||
- | - '.p' | ||
- | - '.perl' | ||
- | - '.sh' | ||
- | - '.php' | ||
- | - | ||
- | path: '/var/www/vhosts/test.k2patel.in/html' | ||
- | options: | ||
- | - '+Includes' | ||
- | require: | ||
- | - 'all granted' | ||
- | allow_override: 'All' | ||
- | addhandlers: | ||
- | - | ||
- | handler: 'server-parsed' | ||
- | extensions: | ||
- | - '.shtml' | ||
- | - '.html' | ||
- | custom_fragment: | | ||
- | XBitHack On | ||
- | AddType application/vnd.google-earth.kml+xml .kml | ||
- | - | ||
- | path: '/data/pingset/' | ||
- | directoryindex: 'index.html index.cgi index.pl index.php' | ||
- | override: | ||
- | - 'None' | ||
- | options: | ||
- | - '+Indexes' | ||
- | - '-ExecCGI' | ||
- | - '-Includes' | ||
- | - '-FollowSymLinks' | ||
- | require: | ||
- | - 'all granted' | ||
- | allow_override: 'All' | ||
- | custom_fragment: | | ||
- | IndexOptions FancyIndexing | ||
- | IndexIgnoreReset ON | ||
- | IndexIgnore .??* *~ *# | ||
- | SetHandler none | ||
- | aDDhANDLEr cgi-script .cgi .plg engine off | ||
- | RemoveHandler .cgi .php .php3 .php4 .php5 .phtml .pl .py .pyc .pyo .html .htmls .txt .perl .sh .p .HTML .p .perl .shaDDhANDLEr cgi-script .cgi .pl .p .perl .sh | ||
- | - | ||
- | path: '/milker/swingset/' | ||
- | directoryindex: 'index.html index.cgi index.pl index.php' | ||
- | override: | ||
- | - 'None' | ||
- | options: | ||
- | - '+Indexes' | ||
- | - '-ExecCGI' | ||
- | - '-Includes' | ||
- | - '-FollowSymLinks' | ||
- | require: | ||
- | - 'all granted' | ||
- | allow_override: 'All' | ||
- | custom_fragment: | | ||
- | IndexOptions FancyIndexing | ||
- | IndexIgnoreReset ON | ||
- | IndexIgnore .??* *~ *# | ||
- | SetHandler none | ||
- | aDDhANDLEr cgi-script .cgi .plg engine off | ||
- | RemoveHandler .cgi .php .php3 .php4 .php5 .phtml .pl .py .pyc .pyo .html .htmls .txt .perl .sh .p .HTML .p .perl .shaDDhANDLEr cgi-script .cgi .pl .p .perl .sh | ||
- | </code> | ||
- | |||
- | === Value in manifests === | ||
- | <code ruby> | ||
- | $myApacheVhost = hiera('vhosts', {}) | ||
- | |||
- | class { 'apache': | ||
- | default_mods => false, | ||
- | default_confd_files => false, | ||
- | mpm_module => 'prefork', | ||
- | purge_configs => true, | ||
- | server_signature => 'Off', | ||
- | service_ensure => 'running', | ||
- | default_vhost => false, | ||
- | manage_user => false, | ||
- | manage_group => false, | ||
- | user => 'web', | ||
- | group => 'web', | ||
- | server_tokens => 'prod', | ||
- | } | ||
- | |||
- | class { '::apache::mod::deflate': | ||
- | types => [ 'text/html text/plain text/xml', 'text/css', 'application/x-javascript application/javascript application/ecmascript', 'application/rss+xml', 'application/json', 'application/vnd.geo+json' ], | ||
- | notes => { | ||
- | 'Input' => 'instream', | ||
- | 'Output' => 'outstrem', | ||
- | 'Ratio' => 'ratio', | ||
- | }, | ||
- | } | ||
- | |||
- | class { '::apache::mod::php': | ||
- | package_name => "php56u", | ||
- | path => "${::apache::params::lib_path}/libphp5.so" | ||
- | } | ||
- | |||
- | class { '::apache::mod::ssl': | ||
- | ssl_compression => false, | ||
- | ssl_cryptodevice => 'builtin', | ||
- | ssl_options => [ 'StdEnvVars' ], | ||
- | ssl_openssl_conf_cmd => undef, | ||
- | ssl_honorcipherorder => 'On', | ||
- | ssl_cipher => 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS', | ||
- | ssl_pass_phrase_dialog => 'builtin', | ||
- | ssl_random_seed_bytes => '1024', | ||
- | ssl_sessioncachetimeout => '300', | ||
- | ssl_protocol => [ 'all', '-SSLv3', '-SSLv2'], | ||
- | } | ||
- | |||
- | class { '::apache::mod::negotiation': | ||
- | force_language_priority => 'Prefer', | ||
- | language_priority => [ 'en', 'es', 'ca', 'cs', 'da', 'de', 'el', 'eo' ], | ||
- | } | ||
- | |||
- | class { 'apache::mod::alias': | ||
- | icons_options => 'None', | ||
- | } | ||
- | |||
- | apache::mod { 'actions' : } | ||
- | apache::mod { 'cgi' :} | ||
- | apache::mod { 'headers' :} | ||
- | apache::mod { 'include' :} | ||
- | apache::mod { 'perl' :} | ||
- | apache::mod { 'suphp' :} | ||
- | apache::mod { 'mime_magic' :} | ||
- | apache::mod { 'auth_basic' :} | ||
- | apache::mod { 'setenvif' :} | ||
- | apache::mod { 'autoindex' :} | ||
- | |||
- | |||
- | apache::namevirtualhost { '80' :} | ||
- | apache::namevirtualhost { '443' :} | ||
- | |||
- | create_resources('apache::vhost', $myApacheVhost) | ||
- | </code> | ||
- | |||
- | ==== Troubleshooting ==== | ||
- | === duplicate resource was found while collecting exported resources === | ||
- | 8-O | ||
- | <code bash | error > | ||
- | Info: Loading facts | ||
- | Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: A duplicate resource was found while collecting exported resources, with the type and title Apache::Balancermember[visualizer] on node testserver.k2patel.in | ||
- | Warning: Not using cache on failed catalog | ||
- | Error: Could not retrieve catalog; skipping run | ||
- | </code> | ||
- | |||
- | |||
- | Many suggestions from the puppet forums to run query shown below, didn't helped. | ||
- | |||
- | <code bash | depend on your puppet version select one which works> | ||
- | sudo -u postgres psql puppetdb -c 'delete from catalogs where certname in (select certname from certnames where certname like '%testserver.k2patel.in%');' | ||
- | |||
- | sudo -u postgres psql puppetdb -c 'delete from catalogs where id in (select id from certnames where certname like '%testserver.k2patel.in%');' | ||
- | </code> | ||
- | |||
- | Only thing worked for me to drop database and recreate. | ||
- | |||
- | <code bash> | ||
- | systemctl stop puppetdb | ||
- | su - postgres | ||
- | dropdb puppetdb | ||
- | createdb -E UTF8 -O puppetdb puppetdb | ||
- | psql puppetdb -c 'create extension pg_trgm'; | ||
- | </code> | ||
- | |||
- | ==== External Links ==== | ||
- | |||
- | [[ https://docs.puppet.com/puppet/latest/reference/lang_template.html#referencing-variables | Variable Referencing ]] | ||
- | |||
- | [[ https://docs.puppet.com/puppet/latest/reference/function.html | Function Reference ]] | ||
- | |||
- | [[ https://groups.google.com/group/puppet-users/browse_thread/thread/e56e0f678a134089 | Incremental Number ]] |