User Tools

Site Tools


puppet

Puppet (data center automation and configuration management framework)

Puppet YUM Repository

| /etc/yum.repos.d/puppet-el.repo
[Puppet_EL_Repo]
name=Puppet Enterprise Linux
baseurl=http://yum.puppetlabs.com/el/6/products/x86_64/
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-Key-Puppet
 
[Puppet_EL_dependancies]
name=Puppet Enterprise Dependencies
baseurl=http://yum.puppetlabs.com/el/6/dependencies/x86_64/
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-Key-Puppet

Get key file using following command

wget -O /etc/pki/rpm-gpg/RPM-GPG-Key-Puppet "http://yum.puppetlabs.com/RPM-GPG-KEY-puppetlabs"

Purgin Puppet report

In order to purge report i use this line in my cron or logrotate.

cd /var/lib/puppet/reports && find . -type f -name \*.yaml -mtime +12 -print0 | xargs -0 -n50 /bin/rm -f

Which purges all log older then 12 days.

Variables in node / site maniefest

$testdomain = $domain
$testsub = split($testdomain, '[.]')
$dr = $testsub[1]

Checking Hiera Value

Trying to lookup vhostip value Using puppet command

puppet apply --environment=test -e "notice(hiera(vhostip))"

Using hiera command

hiera -c /opt/puppet/hiera.yaml vhostip environment=test

checking syntax on template

erb -P -x -T '-' mytemplate.erb | ruby -c

Puppet hiera literal %

Only supported in hiera 2+

        rewrites:
            -
                comment: 'Redirect non https domain to vhost'
                rewrite_cond:
                    - "%{literal('%')}{HTTPS} off"
                rewrite_rule:
                    - "(.*) https://%{literal('%')}{HTTP_HOST}%{literal('%')}{REQUEST_URI} [L,R=302]"

Puppet - Hiera - Apache - create resource example

Value in Hiera with yaml backend

vhosts:
    test.k2patel.in:
        servername: 'test.k2patel.in'
        serveraliases:
            - 'pingtest.k2patel.in'
        docroot: '/var/www/vhosts/test.k2patel.in/html'
        manage_docroot: false
        port: 80
        priority: 0
        docroot_owner: 'web'
        docroot_group: 'web'
        access_log_file: 'test.k2patel.in-access.log'
        default_vhost: true
        ensure: 'present'
        error_log_file: 'test.k2patel.in-error.log'
        log_level: 'warn'
        aliases:
            -
                scriptalias: '/cgi-bin'
                path: '/var/www/vhosts/test.k2patel.in/cgi-bin'
        rewrites:
            -
                comment: 'Redirect non https domain to vhost'
                rewrite_cond:
                    - "%{literal('%')}{HTTPS} off"
                rewrite_rule:
                    - "(.*) https://%{literal('%')}{HTTP_HOST}%{literal('%')}{REQUEST_URI} [L,R=302]"
    test.k2patel.in_ssl:
        servername: 'test.k2patel.in'
        serveraliases:
            - 'pingtest.k2patel.in'
        docroot: '/var/www/vhosts/test.k2patel.in/html'
        manage_docroot: false
        port: 443
        priority: 0
        docroot_owner: 'web'
        docroot_group: 'web'
        access_log_file: 'test.k2patel.in_ssl-access.log'
        default_vhost: true
        ensure: 'present'
        error_log_file: 'test.k2patel.in_ssl-error.log'
        log_level: 'warn'
        aliases:
            -
                alias: '/cgi-bin'
                path: '/var/www/vhosts/test.k2patel.in/cgi-bin/'
            -
                alias: '/pingset'
                path: '/data/pingset/'
            -
                alias: '/whileset'
                path: '/milker/swingset/'
        ssl: true
        ssl_cert: '/etc/pki/tls/certs/k2patel.in.cert'
        ssl_key: '/etc/pki/tls/private/k2patel.in.key'
        ssl_ca: '/etc/pki/tls/certs/k2patel.in.ca'
        ssl_certs_dir: '/etc/pki/tls/certs'
        directories:
            -
                path: '/var/www/vhosts/test.k2patel.in/cgi-bin/'
                options:
                    - 'ExecCGI'
                    - 'FollowSymlinks'
                    - 'MultiViews'
                require:
                    - 'all granted'
                addhandlers:
                    -
                        handler: 'cgi-script'
                        extensions:
                            - '.cgi'
                            - '.pl'
                            - '.p'
                            - '.perl'
                            - '.sh'
                            - '.php'
            -
                path: '/var/www/vhosts/test.k2patel.in/html'
                options:
                    - '+Includes'
                require:
                    - 'all granted'
                allow_override: 'All'
                addhandlers:
                    -
                        handler: 'server-parsed'
                        extensions:
                            - '.shtml'
                            - '.html'
                custom_fragment: |
                    XBitHack On
                        AddType application/vnd.google-earth.kml+xml .kml
            -
                path: '/data/pingset/'
                directoryindex: 'index.html index.cgi index.pl index.php'
                override:
                    - 'None'
                options:
                    - '+Indexes'
                    - '-ExecCGI'
                    - '-Includes'
                    - '-FollowSymLinks'
                require:
                    - 'all granted'
                allow_override: 'All'
                custom_fragment: |
                    IndexOptions FancyIndexing
                        IndexIgnoreReset ON
                        IndexIgnore .??* *~ *#
                        SetHandler none
                        aDDhANDLEr cgi-script .cgi .plg engine off
                        RemoveHandler .cgi .php .php3 .php4 .php5 .phtml .pl .py .pyc .pyo .html .htmls .txt .perl .sh .p .HTML .p .perl .shaDDhANDLEr cgi-script .cgi .pl .p .perl .sh
            -
                path: '/milker/swingset/'
                directoryindex: 'index.html index.cgi index.pl index.php'
                override:
                    - 'None'
                options:
                    - '+Indexes'
                    - '-ExecCGI'
                    - '-Includes'
                    - '-FollowSymLinks'
                require:
                    - 'all granted'
                allow_override: 'All'
                custom_fragment: |
                    IndexOptions FancyIndexing
                        IndexIgnoreReset ON
                        IndexIgnore .??* *~ *#
                        SetHandler none
                        aDDhANDLEr cgi-script .cgi .plg engine off
                        RemoveHandler .cgi .php .php3 .php4 .php5 .phtml .pl .py .pyc .pyo .html .htmls .txt .perl .sh .p .HTML .p .perl .shaDDhANDLEr cgi-script .cgi .pl .p .perl .sh

Value in manifests

$myApacheVhost = hiera('vhosts', {})
 
class { 'apache':
      default_mods        => false,
      default_confd_files => false,
      mpm_module          => 'prefork',
      purge_configs       => true,
      server_signature    => 'Off',
      service_ensure      => 'running',
      default_vhost       => false,
      manage_user         => false,
      manage_group        => false,
      user                => 'web',  
      group               => 'web',
      server_tokens       => 'prod',
   }
 
   class { '::apache::mod::deflate':
     types => [ 'text/html text/plain text/xml', 'text/css', 'application/x-javascript application/javascript application/ecmascript', 'application/rss+xml', 'application/json', 'application/vnd.geo+json' ],
        notes => {
           'Input'  => 'instream',
           'Output' => 'outstrem',
           'Ratio'  => 'ratio',
        },
   }
 
   class { '::apache::mod::php':
      package_name => "php56u",
      path         => "${::apache::params::lib_path}/libphp5.so"
   }
 
   class { '::apache::mod::ssl':
       ssl_compression         => false,
       ssl_cryptodevice        => 'builtin',
       ssl_options             => [ 'StdEnvVars' ],
       ssl_openssl_conf_cmd    => undef,
       ssl_honorcipherorder    => 'On',
       ssl_cipher              => 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS',
       ssl_pass_phrase_dialog  => 'builtin',
       ssl_random_seed_bytes   => '1024',
       ssl_sessioncachetimeout => '300',
       ssl_protocol            => [ 'all', '-SSLv3', '-SSLv2'],
    }
 
   class { '::apache::mod::negotiation':
      force_language_priority => 'Prefer',
      language_priority       => [ 'en', 'es', 'ca', 'cs', 'da', 'de', 'el', 'eo' ],
   }
 
   class { 'apache::mod::alias':
      icons_options => 'None',
   }
 
   apache::mod { 'actions' : }
   apache::mod { 'cgi' :}
   apache::mod { 'headers' :}
   apache::mod { 'include' :}
   apache::mod { 'perl' :}
   apache::mod { 'suphp' :}
   apache::mod { 'mime_magic' :}
   apache::mod { 'auth_basic' :}
   apache::mod { 'setenvif' :}
   apache::mod { 'autoindex' :}
 
 
   apache::namevirtualhost { '80' :}
   apache::namevirtualhost { '443' :}
 
create_resources('apache::vhost', $myApacheVhost)
puppet.txt · Last modified: 2017/03/28 14:48 by k2patel