User Tools

Site Tools


puppet

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
puppet [2013/05/24 17:17]
k2patel [checking syntax on template]
puppet [2020/08/10 02:35] (current)
Line 1: Line 1:
 ====== Puppet (data center automation and configuration management framework) ====== ====== Puppet (data center automation and configuration management framework) ======
 +
 +[[Puppet Upgrade 4.x to 5.x]]
  
 ==== Puppet YUM Repository ==== ==== Puppet YUM Repository ====
Line 18: Line 20:
 </​code>​ </​code>​
  
 +=== Get key file using following command ===
 +<code bash>
 +wget -O /​etc/​pki/​rpm-gpg/​RPM-GPG-Key-Puppet "​http://​yum.puppetlabs.com/​RPM-GPG-KEY-puppetlabs"​
 +</​code>​
  
 +==== Purgin Puppet report ====
 +In order to purge report i use this line in my cron or logrotate.
 +<code bash>
 +cd /​var/​lib/​puppet/​reports && find . -type f -name \*.yaml -mtime +12 -print0 | xargs -0 -n50 /bin/rm -f
 +</​code>​
 +
 +Which purges all log older then 12 days.
 +
 +==== Variables in node / site maniefest ====
 +
 +<code ruby>
 +$testdomain = $domain
 +$testsub = split($testdomain,​ '​[.]'​)
 +$dr = $testsub[1]
 +</​code>​
 +
 +==== Puppet Dynamic values playground ====
 +
 +=== EPP and passing values ===
 +<code ruby>
 +$template_parameters = {
 +   ​test ​ => $test1,
 +   test2 => $test::​test,​
 +   ​nice ​ => $works,
 +}
 +
 +content => epp('​vsftpd/​template.epp',​ $template_parameters),​
 +</​code>​
 +==== trimming values ====
 +Following can grab the last character from the hostname and convert to integer to avoid warning.
 +<code ruby>
 +$esnumber = inline_epp('<​%= Integer.new($::​hostname[-1,​1]) + 1 %>'​)
 +</​code>​
 +==== Checking Hiera Value ====
 +**Trying to lookup vhostip value**
 +Using puppet command ​
 +
 +<code bash>
 +puppet apply --environment=test -e "​notice(hiera(vhostip))"​
 +</​code>​
 +
 +Using hiera command
 +<code bash>
 +hiera -c /​opt/​puppet/​hiera.yaml vhostip environment=test
 +</​code>​
  
 ==== checking syntax on template ==== ==== checking syntax on template ====
Line 25: Line 76:
 </​code>​ </​code>​
  
-[[ http://​docs.puppetlabs.com/guides/templating.html#​referencing-variables | Variable Referencing ]]+==== Puppet hiera literal % ==== 
 +Only supported in hiera 2+ 
 +<code bash> 
 +        rewrites: 
 +            - 
 +                comment: '​Redirect non https domain to vhost'​ 
 +                rewrite_cond:​ 
 +                    - "​%{literal('​%'​)}{HTTPS} off" 
 +                rewrite_rule:​ 
 +                    - "(.*) https://%{literal('​%'​)}{HTTP_HOST}%{literal('​%'​)}{REQUEST_URI} [L,R=302]
 +</​code>​
  
-[[ http://docs.puppetlabs.com/references/2.7.3/​function.html | Function Reference ]]+==== Puppet - Hiera - Apache - create resource example ==== 
 +=== Value in Hiera with yaml backend === 
 +<code yaml> 
 +vhosts: 
 +    test.k2patel.in:​ 
 +        servername: '​test.k2patel.in'​ 
 +        serveraliases:​ 
 +            - '​pingtest.k2patel.in'​ 
 +        docroot: '/​var/​www/​vhosts/​test.k2patel.in/​html'​ 
 +        manage_docroot:​ false 
 +        port: 80 
 +        priority: 0 
 +        docroot_owner:​ '​web'​ 
 +        docroot_group:​ '​web'​ 
 +        access_log_file:​ '​test.k2patel.in-access.log'​ 
 +        default_vhost:​ true 
 +        ensure: '​present'​ 
 +        error_log_file:​ '​test.k2patel.in-error.log'​ 
 +        log_level: '​warn'​ 
 +        aliases: 
 +            - 
 +                scriptalias:​ '/​cgi-bin'​ 
 +                path: '/​var/​www/​vhosts/​test.k2patel.in/​cgi-bin'​ 
 +        rewrites: 
 +            - 
 +                comment: '​Redirect non https domain to vhost'​ 
 +                rewrite_cond:​ 
 +                    - "​%{literal('​%'​)}{HTTPS} off" 
 +                rewrite_rule:​ 
 +                    - "(.*) https://​%{literal('​%'​)}{HTTP_HOST}%{literal('​%'​)}{REQUEST_URI} ​[L,​R=302]"​ 
 +    test.k2patel.in_ssl:​ 
 +        servername: '​test.k2patel.in'​ 
 +        serveraliases:​ 
 +            - '​pingtest.k2patel.in'​ 
 +        docroot: '/​var/​www/​vhosts/​test.k2patel.in/​html'​ 
 +        manage_docroot:​ false 
 +        port: 443 
 +        priority: 0 
 +        docroot_owner:​ '​web'​ 
 +        docroot_group:​ '​web'​ 
 +        access_log_file:​ '​test.k2patel.in_ssl-access.log'​ 
 +        default_vhost:​ true 
 +        ensure: '​present'​ 
 +        error_log_file:​ '​test.k2patel.in_ssl-error.log'​ 
 +        log_level: '​warn'​ 
 +        aliases: 
 +            - 
 +                alias: '/​cgi-bin'​ 
 +                path: '/​var/​www/​vhosts/​test.k2patel.in/​cgi-bin/'​ 
 +            - 
 +                alias: '/​pingset'​ 
 +                path: '/​data/​pingset/'​ 
 +            - 
 +                alias: '/​whileset'​ 
 +                path: '/​milker/​swingset/'​ 
 +        ssl: true 
 +        ssl_cert: '/​etc/​pki/​tls/​certs/​k2patel.in.cert'​ 
 +        ssl_key: '/​etc/​pki/​tls/​private/​k2patel.in.key'​ 
 +        ssl_ca: '/​etc/​pki/​tls/​certs/​k2patel.in.ca'​ 
 +        ssl_certs_dir:​ '/​etc/​pki/​tls/​certs'​ 
 +        directories:​ 
 +            - 
 +                path: '/​var/​www/​vhosts/​test.k2patel.in/​cgi-bin/'​ 
 +                options: 
 +                    - '​ExecCGI'​ 
 +                    - '​FollowSymlinks'​ 
 +                    - '​MultiViews'​ 
 +                require: 
 +                    - 'all granted'​ 
 +                addhandlers:​ 
 +                    - 
 +                        handler: '​cgi-script'​ 
 +                        extensions:​ 
 +                            - '​.cgi'​ 
 +                            - '​.pl'​ 
 +                            - '​.p'​ 
 +                            - '​.perl'​ 
 +                            - '​.sh'​ 
 +                            - '​.php'​ 
 +            - 
 +                path: '/​var/​www/​vhosts/​test.k2patel.in/​html'​ 
 +                options: 
 +                    - '​+Includes'​ 
 +                require: 
 +                    - 'all granted'​ 
 +                allow_override:​ '​All'​ 
 +                addhandlers:​ 
 +                    - 
 +                        handler: '​server-parsed'​ 
 +                        extensions:​ 
 +                            - '​.shtml'​ 
 +                            - '​.html'​ 
 +                custom_fragment:​ | 
 +                    XBitHack On 
 +                        AddType application/​vnd.google-earth.kml+xml .kml 
 +            - 
 +                path: '/​data/​pingset/'​ 
 +                directoryindex:​ '​index.html index.cgi index.pl index.php'​ 
 +                override: 
 +                    - '​None'​ 
 +                options: 
 +                    - '​+Indexes'​ 
 +                    - '​-ExecCGI'​ 
 +                    - '​-Includes'​ 
 +                    - '​-FollowSymLinks'​ 
 +                require: 
 +                    - 'all granted'​ 
 +                allow_override:​ '​All'​ 
 +                custom_fragment:​ | 
 +                    IndexOptions FancyIndexing 
 +                        IndexIgnoreReset ON 
 +                        IndexIgnore .??* *~ *# 
 +                        SetHandler none 
 +                        aDDhANDLEr cgi-script .cgi .plg engine off 
 +                        RemoveHandler .cgi .php .php3 .php4 .php5 .phtml .pl .py .pyc .pyo .html .htmls .txt .perl .sh .p .HTML .p .perl .shaDDhANDLEr cgi-script .cgi .pl .p .perl .sh 
 +            - 
 +                path: '/​milker/​swingset/'​ 
 +                directoryindex:​ '​index.html index.cgi index.pl index.php'​ 
 +                override: 
 +                    - '​None'​ 
 +                options: 
 +                    - '​+Indexes'​ 
 +                    - '​-ExecCGI'​ 
 +                    - '​-Includes'​ 
 +                    - '​-FollowSymLinks'​ 
 +                require: 
 +                    - 'all granted'​ 
 +                allow_override:​ '​All'​ 
 +                custom_fragment:​ | 
 +                    IndexOptions FancyIndexing 
 +                        IndexIgnoreReset ON 
 +                        IndexIgnore .??* *~ *# 
 +                        SetHandler none 
 +                        aDDhANDLEr cgi-script .cgi .plg engine off 
 +                        RemoveHandler .cgi .php .php3 .php4 .php5 .phtml .pl .py .pyc .pyo .html .htmls .txt .perl .sh .p .HTML .p .perl .shaDDhANDLEr cgi-script .cgi .pl .p .perl .sh 
 +</​code>​ 
 + 
 +=== Value in manifests === 
 +<code ruby> 
 +$myApacheVhost = hiera('​vhosts',​ {}) 
 + 
 +class { '​apache':​ 
 +      default_mods ​       => false, 
 +      default_confd_files => false, 
 +      mpm_module ​         => '​prefork',​ 
 +      purge_configs ​      => true, 
 +      server_signature ​   => '​Off',​ 
 +      service_ensure ​     => '​running',​ 
 +      default_vhost ​      => false, 
 +      manage_user ​        => false, 
 +      manage_group ​       => false, 
 +      user                => '​web', ​  
 +      group               => '​web',​ 
 +      server_tokens ​      => '​prod',​ 
 +   } 
 + 
 +   class { '::​apache::​mod::​deflate':​ 
 +     types => '​text/​html text/plain text/​xml',​ '​text/​css',​ '​application/​x-javascript application/​javascript application/​ecmascript',​ '​application/​rss+xml',​ '​application/​json',​ '​application/​vnd.geo+json'​ ], 
 +        notes => { 
 +           '​Input' ​ => '​instream',​ 
 +           '​Output'​ => '​outstrem',​ 
 +           '​Ratio' ​ => '​ratio',​ 
 +        }, 
 +   } 
 + 
 +   class { '::​apache::​mod::​php':​ 
 +      package_name => "​php56u",​ 
 +      path         => "​${::​apache::​params::​lib_path}/​libphp5.so"​ 
 +   } 
 + 
 +   class { '::​apache::​mod::​ssl':​ 
 +       ​ssl_compression ​        => false, 
 +       ​ssl_cryptodevice ​       => '​builtin',​ 
 +       ​ssl_options ​            => [ '​StdEnvVars'​ ], 
 +       ​ssl_openssl_conf_cmd ​   => undef, 
 +       ​ssl_honorcipherorder ​   => '​On',​ 
 +       ​ssl_cipher ​             => '​ECDHE-ECDSA-CHACHA20-POLY1305:​ECDHE-RSA-CHACHA20-POLY1305:​ECDHE-ECDSA-AES128-GCM-SHA256:​ECDHE-RSA-AES128-GCM-SHA256:​ECDHE-ECDSA-AES256-GCM-SHA384:​ECDHE-RSA-AES256-GCM-SHA384:​DHE-RSA-AES128-GCM-SHA256:​DHE-RSA-AES256-GCM-SHA384:​ECDHE-ECDSA-AES128-SHA256:​ECDHE-RSA-AES128-SHA256:​ECDHE-ECDSA-AES128-SHA:​ECDHE-RSA-AES256-SHA384:​ECDHE-RSA-AES128-SHA:​ECDHE-ECDSA-AES256-SHA384:​ECDHE-ECDSA-AES256-SHA:​ECDHE-RSA-AES256-SHA:​DHE-RSA-AES128-SHA256:​DHE-RSA-AES128-SHA:​DHE-RSA-AES256-SHA256:​DHE-RSA-AES256-SHA:​ECDHE-ECDSA-DES-CBC3-SHA:​ECDHE-RSA-DES-CBC3-SHA:​EDH-RSA-DES-CBC3-SHA:​AES128-GCM-SHA256:​AES256-GCM-SHA384:​AES128-SHA256:​AES256-SHA256:​AES128-SHA:​AES256-SHA:​DES-CBC3-SHA:​!DSS',​ 
 +       ​ssl_pass_phrase_dialog ​ => '​builtin',​ 
 +       ​ssl_random_seed_bytes ​  => '​1024',​ 
 +       ​ssl_sessioncachetimeout => '​300',​ 
 +       ​ssl_protocol ​           => [ '​all',​ '​-SSLv3',​ '​-SSLv2'​],​ 
 +    } 
 + 
 +   class { '::​apache::​mod::​negotiation':​ 
 +      force_language_priority => '​Prefer',​ 
 +      language_priority ​      => [ '​en',​ '​es',​ '​ca',​ '​cs',​ '​da',​ '​de',​ '​el',​ '​eo'​ ], 
 +   } 
 + 
 +   class { '​apache::​mod::​alias':​ 
 +      icons_options => '​None',​ 
 +   } 
 + 
 +   ​apache::​mod { '​actions'​ : } 
 +   ​apache::​mod { '​cgi'​ :} 
 +   ​apache::​mod { '​headers'​ :} 
 +   ​apache::​mod { '​include'​ :} 
 +   ​apache::​mod { '​perl'​ :} 
 +   ​apache::​mod { '​suphp'​ :} 
 +   ​apache::​mod { '​mime_magic'​ :} 
 +   ​apache::​mod { '​auth_basic'​ :} 
 +   ​apache::​mod { '​setenvif'​ :} 
 +   ​apache::​mod { '​autoindex'​ :} 
 + 
 + 
 +   ​apache::​namevirtualhost { '​80'​ :} 
 +   ​apache::​namevirtualhost { '​443'​ :} 
 + 
 +create_resources('​apache::​vhost',​ $myApacheVhost) 
 +</​code>​ 
 + 
 +==== Troubleshooting ==== 
 +===  duplicate resource was found while collecting exported resources === 
 +8-O 
 +<code bash | error > 
 +Info: Loading facts 
 +Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: A duplicate resource was found while collecting exported resources, with the type and title Apache::​Balancermember[visualizer] on node testserver.k2patel.in 
 +Warning: Not using cache on failed catalog 
 +Error: Could not retrieve catalog; skipping run 
 +</​code>​ 
 + 
 + 
 +Many suggestions from the puppet forums to run query shown below, didn't helped. 
 + 
 +<code bash | depend on your puppet version select one which works> 
 +sudo -u postgres psql puppetdb -c '​delete from catalogs where certname in (select certname from certnames where certname like '​%testserver.k2patel.in%'​);'​ 
 + 
 +sudo -u postgres psql puppetdb -c '​delete from catalogs where id in (select id from certnames where certname like '​%testserver.k2patel.in%'​);'​ 
 +</​code>​ 
 + 
 +Only thing worked for me to drop database and recreate. 
 + 
 +<code bash> 
 +systemctl stop puppetdb 
 +su - postgres 
 +dropdb puppetdb 
 +createdb -E UTF8 -O puppetdb puppetdb 
 +psql puppetdb -c '​create extension pg_trgm';​ 
 +</​code>​ 
 + 
 +=== Mapping values === 
 +<code ruby> 
 +<%- $ips = $vs_map[$name].map |$val| { $val['​address'​]['​ip'​] } -%> 
 +</​code>​ 
 + 
 + 
 +==== External Links ==== 
 + 
 +[[ https://docs.puppet.com/puppet/latest/​reference/​lang_template.html#​referencing-variables | Variable Referencing ]] 
 + 
 +[[ https://​docs.puppet.com/​puppet/​latest/​reference/​function.html | Function Reference ]]
  
 [[ https://​groups.google.com/​group/​puppet-users/​browse_thread/​thread/​e56e0f678a134089 | Incremental Number ]] [[ https://​groups.google.com/​group/​puppet-users/​browse_thread/​thread/​e56e0f678a134089 | Incremental Number ]]
 +
 +[[ https://​github.com/​jessereynolds/​puppet_certificate_extensions_facts | Trusted facts example ]]
puppet.1369415823.txt.gz · Last modified: 2020/08/10 02:29 (external edit)