Education Paper Puppet

EducationPaper:
Introduoaogerenciamentode
servidorescomPuppet
Junho/2016
Autores:
AngelaFernandaFerreiraangela@logicus.com.br
GustavoSoaresdeLimagustavo@logicus.com.br
O
l!EstemaisumpaperquedispomosparavocseaprofundaremTecnologia.DestavezoassuntoescolhidofoioPuppet,ferramenta
construdaparaasprticasDevOpsquetornaavidadeadministradoresdesistemasLinuxmaisfcil.Masporquvocdeveriaentenderde
prticasDevOps?DaimportnciadarelaoentrevirtualizaoeLinux,advmaimportnciadogerenciamentodeconfiguraespara
administradoresdesistemaspoiscenriosqueantigamentepossuampoucosservidoreshojepodemchegarcomfacilidadeacasadecentenas
empoucosdias.ApsconheceroPuppet,sevocpraticar,perceberqueelefacilitarmuitoasuavidacomoprofissionalemLinux,poisele
automatizartodasaquelasrotinasdesdequestesbsicasatainstalaoeconfiguraodestesmesmosservidores.Istomelhora
CopyrightLogicus2016
1
exponencialmenteavidadosysadmin.Avidadeumadministradordesistemasempocasquefaltamprofissionaisnonadafcil.Vocsev
cheiodetarefasrepetitivas!Passaodiarealizandoasmesmascoisascomoconfiguraesderotas,configuraesdehosts,configuraesde
usuriosepermisses,pranofalardeoutrascoisascomoconfiguraoderepositrios,pacotes,variveis,rotinasnoCron.Cadasysadminfaza
coisadoseuprpriojeitoecomissoseaumentamaschancesdeerro.Oquevocfazentonormalmente?Shellscripts,imagens
prconfiguradas,SSHemloop.Ouseja,cadavezmaisseaumentaadificuldadeemencontrarproblemas.Padronizaosetornaimpossvele
documentarsetornaummilagre.AnoadiantarezareentregarainfranamodeDeus,elejtemosseusproblemasequandovocmenos
esperaoqueocorreadiminuiodaprodutividade.Noseiluda:aculpasempredosysadmin,oupior:deDeus!Masvocpodemudaressa
situao!Alis,deve!
VivemosummomentodetendnciasparaVirtualizaoeComputaoemnuvemondeoinvestimentocadavezmenorumaboaprtica.Poristo
queosysadminsetornouumcanivetesuo.IstojustificaanecessidadedevocsetornarumDevOps!Masoqueisso?Pensecomo
Development+Operations,emtranquilidade,experincia,controledequalidade.Ouseja,oDevOpspensaainfraestruturaemoutronvel.O
resultadoprodutividadeeeconomia.AsprticasDevOpsaquenosreferimostemnoseucentroaGernciadeConfiguraesquenadamais
queadistribuiocentralizadadaconfigurao,procedimentosdefinidos,automao,documentaoemdia,maiorsegurana,maior
disponibilidade,maiorintegridadeeprincipalmentemaiortempocomafamlia,porqusevocdeixar,omercadolhedeixardejoelhoscomoum
verdadeiroescravoeaindaojulgarporineficinciaquandoassuasenergiasestiveremesgotadas.
ExistemdiversasferramentasparagerenciamentodeconfiguraocomoAnsible,Capistrano,Chef,CFEngine,PuppeteSaltStack.Sobreo
Puppet,queonossoalvonesteartigo,podemosdizerqueseuobjetivoaAutomaodeservidores.FoicriadopelaPuppetLabs,mais
especificamenteporLukeKaines.PossuiLicenaApache2.0esetratanarealidadedeumFrameworkopensource.DizemosqueoPuppetuma
Ferramentadenovagerao.Trataainfraestruturacomocdigoepossuiumalinguagemdeclarativa.APuppetLabsofereceaindasuportee
versoEnterprise.PossuicomunicaoseguraSSL,idempotenteeseucdigoestnoGitHub.DiversasempresasusamPuppetcomo:Nestl,
Nike,Paypal,Seagate,Sony,Nasa,ADP,AON,ARM,Atlassian,BankofAmerica,BarneseNoble,BT,Cedexis,Cisco,Ciclability,CondNast,
ConstanctContact,Costco,EMC,WikimediaFoundation,Dell,FT.com,Rackspace,GeneralMilis,Genworth,HBO,Hersheys,Hotwire,ICANN,
2
Intel,Intuit,JohnDeere,KPN,MacAfee,Motorola,Zynga,Twitter,NewYorkStockExchange,Disney,Citrix,Oracle,TheUniversityofNorthTexas,
LosAlamosNationalLaboratory,StanfordUniversity,Google,Nokia,Globoeclaro,aLogicus.InclusiveaLogicusjestevepresenteemdiversos
eventospalestrandosobreboasprticascomPuppetcomonoSoftwareFreedomDay,FestivalLatinoamericanodeInstalaodeSoftwareLivree
FrumdeTecnologiaemSoftwareLivre.
AutilidadedoPuppetadequeorganizaesquedesejamreduzirocustodemanutenopodemfazloatravsdareduodocustoemtempo
deadministraodeservidores.AsespecificaesdoPuppetsoasseguintes:EscritoemRubyeextensvelemRuby.ConhecerRubycom
certezadegrandevalia,poisoseucdigoestnoGitHub,eassimficasimplesparavocefetuarmodificaescasosejanecessrio.Mas
lembresequeistonoprrequisito,esimumadicaparaquevocampliesuasprticasDevOps.Noqueserefereaohardwarevejaoquediza
PuppetLabs:Recommendedrequirements:24processorcores,atleast4GBRAM,andveryaccuratetimekeeping.Performancewillvary,but
thisconfigurationcangenerallymanageapproximately1,000agentnodes.OPuppettrabalhacomumacoisachamadaRAL,ouseja,Resources
AbstractionLayer.Vocnoprecisasepreocuparcomoserfeito,apenasdevemandarfazereoPuppetresolverpoisoPuppetpossuiseu
conjuntoderecursosereconhecimentodeproviders.OPuppetpodetrabalharemmodoautnomo,oqueinclusivefundamentalparao
aprendizado,poisrodanasuamquina,ouseja,localmente.BoasprticassosugeridasparasetrabalharcomPuppetcomocdigolegveljque
fundamentalnotrabalhoemequipe.Nestesentido,lhealertamosdesdejpara:assetasalinhadas,Noextrapolar80caracteresporlinha,em
variveisprivilegieletras,nmeroseunderscore,fugirdohfenetravessoeparatestarocdigodomanifesto(arquivoquecontmdeclaraes
doPuppet)usarumcomandochamado
puppetparservalidatemanifesto.pp
.Masissomaisafrentequandoolharmosparaasualinguagem
declarativa,antesdissoprecisamoscuidardainstalao.NesteartigoiremosinstalaroPuppetnasseguintesdistrosLinux:
Ubuntu16.04,Debian
8.4,eCentOS7,
eusaremosoCentOScomoPuppetServernomomentodaconfiguraoparaqueumamquinadetermineoqueoutradever
conter,ouseja,narelaoclienteservidor.VejamosainstalaonoUbuntu16.04,codinomeXenial.PrimeiramentevocdeverusaroPuppeta
partirdosreleasesdisponibilizadospelaprpriaPuppetLabspoisnemsempreencontramosospacotesatualizadosnasdistros.Entofaa:
#wgethttp://apt.puppetlabs.com/puppetlabsreleasepc1xenial.deb
#sudodpkgipuppetlabsreleasepc1xenial.deb
3
#sudoaptgetupdate
#sudoaptgetinstallpuppetagent
ParainstalaremsistemasbaseadosemRedHatcomoocasodoCentOS7:
#rpmUvhhttps://yum.puppetlabs.com/puppetlabsreleasepc1el7.noarch.rpm
#yuminstallpuppetagent
Percebaospacotesdisponveis:
#yumsearchpuppet|grepE^puppet
puppetagent.x86_64:ThePuppetAgentpackagecontainsalloftheelements
puppetclienttools.x86_64:PuppetDBCLIforqueryingPuppetdata
puppetdb.noarch:PuppetLabspuppetdb
puppetdbtermini.noarch:Terminiforpuppetdb
puppetdbterminus.noarch:MetapackagetoalloweasyupgradesfromPuppetDB2
puppetlabsreleasepc1.noarch:ReleasepackagesforthePuppetLabsPC1
puppetserver.noarch:PuppetLabspuppetserver
Agoraquejestinstaladopodeusarocomandopuppetparaumteste.Nocasodeocomandopuppetnoestarpresente,comoporexemplo
noCentOS7,vocpodefazeralternativamente:
#whereispuppet
puppet:/opt/puppetlabs/bin/puppet
#exportPATH=/opt/puppetlabs/bin:$PATH
4
Istosignificouquevoctevedeindicarocaminhodobinrio.possvelquetenhaquefazeristoemtodasasinstalaesequandonecessriono
processodereincioduranteesteartigonaprticadainstalaodoPuppetMasterePuppetServerquandoiremosfazercomqueumamquina
recebaaconfiguraodeoutra.Sequiserfazerdeformapermanenteacrescenteno
rc.local
.ParainstalaremsistemasbaseadosnoDebian,
seguindoomodeloemumDebianJessie:
#wgethttp://apt.puppetlabs.com/puppetlabsreleasepc1jessie.deb
#dpkgipuppetlabsreleasepc1jessie.deb
#aptgetupdate
#aptgetinstallpuppetagent
VejaospacotesdisponveisnoDebian:
#aptcachesearchpuppetnamesonly
etherpuppetcreateavirtualinterfacefromaremoteEthernetinterface
fusiondirectorypluginpuppetPuppetpluginforFusionDirectory
fusiondirectorypluginpuppetschemaLDAPschemaforFusionDirectorypuppetPlugin
librarianpuppetbundlerforyourpuppetmodules
puppetconfigurationmanagementsystem,agent
puppetcommonconfigurationmanagementsystem
puppetelsyntaxhighlightingforpuppetmanifestsinemacs
puppettestsuiteconfigurationmanagementsystem,developmenttestsuite
puppetmasterconfigurationmanagementsystem,masterservice
puppetmastercommonconfigurationmanagementsystem,mastercommonfiles
puppetmasterpassengerconfigurationmanagementsystem,scalablemasterservice
vimpuppetsyntaxhighlightingforpuppetmanifestsinvim
puppetlintcheckpuppetmanifestsforstyleguideconformity
puppetmodulepuppetlabsapachePuppetmoduleforapache
5
puppetmodulepuppetlabsaptPuppetmoduleforapt
puppetmodulepuppetlabsconcatPuppetmoduleforconcat
puppetmodulepuppetlabsfirewallPuppetmoduleforFirewallmanagement
puppetmodulepuppetlabsinifilePuppetmoduleforinifiles
puppetmodulepuppetlabsmysqlPuppetmoduleformysql
puppetmodulepuppetlabsntpPuppetmoduleforntp
puppetmodulepuppetlabspostgresqlPuppetmoduleforPostgreSQLdatabase
puppetmodulepuppetlabsstdlibPuppetmodulestandardlibrary
puppetmodulepuppetlabsxinetdPuppetmoduleforxinetd
puppetmodulesazmemcachedPuppetmoduleformemcached
rubypuppetlabsspechelperraketasksandspechelperforspectestsonpuppetmodules
rubyrspecpuppetRSpectestsforyourPuppetmanifests
puppetdbterminiTerminiforpuppetdb
puppetdbPuppetLabspuppetdb
puppetlabsreleasepc1ReleasepackagesforthePuppetLabsPC1repository
puppetserverPuppetLabspuppetserver
puppetagentThePuppetAgentpackagecontainsalloftheelementsneededtorunpuppet,includingruby,facter,hieraand
mcollective.
puppetlabsrelease"PackagetoinstallPuppetLabsgpgkeyandaptrepo"
Paraconfirmarainstalaodigite:
puppetagentconfigprintconfdir
.Vejaumexemplodecomandoquedirondeosarquivosde
configuraodoPuppetforaminstalados:
#puppetagentconfigprintconfdir
/etc/puppetlabs/puppet
Parainiciaroservio:
6
#puppetresourceservicepuppetensure=runningenable=true
Notice:/Service[puppet]/ensure:ensurechanged'stopped'to'running'
service{'puppet':
ensure=>'running',
enable=>'true',
}
Vejamosumabrevetabelaexplicativadoqueaconteceuacima:
resource
aopodopuppetusada,nestecasotratasedeumrecurso
service
orecursoaqueopuppetserefere,nestecasooprpriopuppet
ensure
acondiodorecursoqueopuppetquenestecasorunning,ou
seja,rodando
enable
significaqueopuppetdesejaorecursopuppetconfiguradoparaestar
presentenainicializaodosistema
Seasadaacimafoiigualnastrsinstalaes:Ubuntu16.04,CentOS7eDebianJessie,entoainstalaoocorreucomsucesso!Comovoc
podeperceberusamosoprprioPuppetparadizerPuppet,euqueroquevocestejarodando.Quebarato!Antesdeconcluirainstalao
fundamentalqueconfiraoFQDNdasmquinas,comoporexemplo:
#puppetagentconfigprintcertname
centos.logicus.local
7
Seoshostnamesnoestiveremdevidamenteconfiguradosvocterproblemasnofuturo,daestaconferenciafundamental,nopuleestaetapa
deformaalguma.SemoFQDNdevidamenteconfiguradomuitacoisanovaifuncionarevocpodesefrustrar.OPuppetumaferramenta
exigentedadasassuaspossibilidadesdeatuao,entosejaexigentevoctambmcomoseuaprendizado.AgoraquejpossumosoPuppet
instaladovamosdarumaolhadanasuadocumentao.Digite
puppethelp
.Noacheestranhopoisasintaxejustamenteessaaoinvsde
usaronafrentedehelp.Vejaumexemplo:
#puppethelp
Usage:puppet<subcommand>[options]<action>[options]
Availablesubcommands:

agentThepuppetagentdaemon
applyApplyPuppetmanifestslocally
caLocalPuppetCertificateAuthoritymanagement.
catalogCompile,save,view,andconvertcatalogs.
certManagecertificatesandrequests
certificateProvideaccesstotheCAforcertificatemanagement.
certificate_requestManagecertificaterequests.
certificate_revocation_listManagethelistofrevokedcertificates.
configInteractwithPuppet'ssettings.
describeDisplayhelpaboutresourcetypes
deviceManageremotenetworkdevices
docGeneratePuppetreferences
eppInteractdirectlywiththeEPPtemplateparser/renderer.
factsRetrieveandstorefacts.
fileRetrieveandstorefilesinafilebucket
filebucketStoreandretrievefilesinafilebucket
helpDisplayPuppethelp.
inspectSendaninspectionreport
8
keyCreate,save,andremovecertificatekeys.
lookupDatainmoduleslookupfunction
manDisplayPuppetmanualpages.
masterThepuppetmasterdaemon
moduleCreates,installsandsearchesformodulesonthePuppetForge.
nodeViewandmanagenodedefinitions.
parserInteractdirectlywiththeparser.
pluginInteractwiththePuppetpluginsystem.
reportCreate,display,andsubmitreports.
resourceTheresourceabstractionlayershell
resource_typeViewclasses,definedresourcetypes,andnodesfromallmanifests.
statusViewpuppetserverstatus.
See'puppethelp<subcommand><action>'forhelponaspecificsubcommandaction.
See'puppethelp<subcommand>'forhelponaspecificsubcommand.
Puppetv4.5.1
Ouseja,semprequevocforusarumaopo,terumaajudarpidamuitobemformuladapeloPuppet.OutraformadeajudaoPuppetMan,
ondevocpodeusarporexemplo
puppetmanargumento
.Existeaindao
puppetdoc
.Paraverumalistadasdocumentaespresentesno
PuppetDocfaa:
#puppetdoclist
configurationAreferenceforallsettings
functionAllfunctionsavailableintheparser
indirectionIndirectiontypesandtheirterminusclasses
metaparameterAllPuppetmetaparametersandalltheirdetails
providersWhichprovidersarevalidforthismachine
reportAllavailabletransactionreports
typeAllPuppetresourcetypesandalltheirdetails
9
Paravertodasasdocumentaesfaa:
#puppetdocall
Oresultadosermaisde10millinhasdeinformao!OutraferramentaauxiliarnousodoPuppetsoosFatosquesoinformaesdosistema.O
PuppetpossuiumabibliotecaRubymultiplataformafeitapelaPuppetLabsquepermitequeosFatostambmsetornemvariveis.Estaferramenta
sechamaFacter.umprogramalevequereneinformaessobrehardwareesistemaoperacional.Muitotilpararecuperarinformaescomo
IP,MACechavesSSH.ParagerarumarquivocomFatosvocpodefazerumManifestcomestecontedo:
file{"/tmp/fatos_logicus.yaml":
content=>inline_template("<%=scope.to_hash.reject{|k,v|!(k.is_a?(String)&&v.is_a?(String))}.to_yaml%>"),
}
Noentendeunadan?Calma,maisafrentevocversobreManifestos,ouseja,arquivosquecontmcdigodoPuppet,eanasegundaleitura
desteartigoistolheestartotalmenteclaro.VamosverumexemplodohelpdoFacter:
#facterhelp
Synopsis
========
Collectanddisplayfactsaboutthesystem.
Usage
=====
10
facter[options][query][query][...]
Options
=======
colorEnablescoloroutput.
customdirargAdirectorytouseforcustomfacts.
d[debug]Enabledebugoutput.
externaldirargAdirectorytouseforexternalfacts.
h[help]Printthishelpmessage.
j[json]OutputinJSONformat.
showlegacyShowlegacyfactswhenqueryingallfacts.
l[loglevel]arg(=warn)Setlogginglevel.
Supportedlevelsare:none,trace,debug,
info,warn,error,andfatal.
nocolorDisablescoloroutput.
nocustomfactsDisablescustomfacts.
noexternalfactsDisablesexternalfacts.
norubyDisablesloadingRuby,factsrequiringRuby,
andcustomfacts.
p[puppet](Deprecated:use`puppetfactsìnstead)Load
thePuppetlibraries,thusallowingFacterto
loadPuppetspecificfacts.
traceEnablebacktracesforcustomfacts.
verboseEnableverbose(info)output.
v[version]Printtheversionandexit.
y[yaml]OutputinYAMLformat.
Description
===========
11
Collectanddisplayfactsaboutthecurrentsystem.Thelibrarybehind
facteriseasytoextend,makingfacteraneasywaytocollectinformation
aboutasystem.
Ifnoqueriesaregiven,thenallfactswillbereturned.
ExampleQueries
===============
facterkernel
facternetworking.ip
facterprocessors.models.0
VejaumexemplodeusodoFacter:
#facter
aio_agent_version=>1.5.1
augeas=>{
version=>"1.4.0"
}
disks=>{
sda=>{
model=>"VBOXHARDDISK",
size=>"8.00GiB",
size_bytes=>8589934592,
vendor=>"ATA"
},
sr0=>{
model=>"CDROM",
size=>"1.00GiB",
12
size_bytes=>1073741312,
vendor=>"VBOX"
}
}
dmi=>{
bios=>{
release_date=>"12/01/2006",
vendor=>"innotekGmbH",
version=>"VirtualBox"
},
board=>{
manufacturer=>"OracleCorporation",
product=>"VirtualBox",
serial_number=>"0"
},
chassis=>{
type=>"Other"
},
manufacturer=>"innotekGmbH",
product=>{
name=>"VirtualBox",
serial_number=>"0",
uuid=>"A6F6E8B29D9248EBE44BE6068A414386"
}
}
facterversion=>3.2.0
filesystems=>ext2,ext3,ext4
identity=>{
gid=>0,
group=>"root",
uid=>0,
user=>"root"
13
}
is_virtual=>true
kernel=>Linux
kernelmajversion=>3.16
kernelrelease=>3.16.04amd64
kernelversion=>3.16.0
load_averages=>{
15m=>0.05,
1m=>0,
5m=>0.01
}
memory=>{
swap=>{
available=>"383.00MiB",
available_bytes=>401600512,
capacity=>"0%",
total=>"383.00MiB",
total_bytes=>401600512,
used=>"0bytes",
used_bytes=>0
},
system=>{
available=>"616.06MiB",
capacity=>"17.46%",
total=>"746.39MiB",
total_bytes=>782643200,
used=>"130.33MiB",
used_bytes=>136658944
}
}
mountpoints=>{
14
/=>{
available=>"6.36GiB",
capacity=>"13.77%",
device=>"/dev/sda1",
filesystem=>"ext4",
options=>[
"rw",
"relatime",
"errors=remountro",
"data=ordered"
],
size=>"7.38GiB",
size_bytes=>7922466816,
used=>"1.02GiB",
used_bytes=>1090740224
}
}
networking=>{
dhcp=>"192.168.0.1",
domain=>"logicus.local",
fqdn=>"debian.logicus.local",
hostname=>"debian",
interfaces=>{
eth0=>{
bindings=>[
{
address=>"192.168.0.104",
netmask=>"255.255.255.0",
network=>"192.168.0.0"
}
],
15
bindings6=>[
{
address=>"fe80::a00:27ff:fe24:36ac",
netmask=>"ffff:ffff:ffff:ffff::",
network=>"fe80::"
}
],
dhcp=>"192.168.0.1",
ip=>"192.168.0.104",
ip6=>"27ff:fe80::a00:fe24:36ac",
mac=>"27:24:36:08:00:ac",
mtu=>1500,
netmask=>"255.255.255.0",
netmask6=>"ffff:ffff:ffff:ffff::",
network=>"192.168.0.0",
network6=>"fe80::"
},
lo=>{
bindings=>[
{
address=>"127.0.0.1",
netmask=>"255.0.0.0",
network=>"127.0.0.0"
}
],
bindings6=>[
{
address=>"::1",
netmask=>"ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff",
network=>"::1"
}
],
16
ip=>"127.0.0.1",
ip6=>"::1",
mtu=>65536,
netmask=>"255.0.0.0",
netmask6=>"ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff",
network=>"127.0.0.0",
network6=>"::1"
}
},
ip=>"192.168.0.104",
ip6=>"fe80::a00:fe24:36ac27ff:",
mac=>"08:24:36:ac00:27:",
mtu=>1500,
netmask=>"255.255.255.0",
network=>"192.168.0.0",
network6=>"fe80::",
primary=>"eth0"
}
os=>{
architecture=>"amd64",
distro=>{
codename=>"jessie",
description=>"DebianGNU/Linux8.4(jessie)",
id=>"Debian",
release=>{
full=>"8.4",
major=>"8",
minor=>"4"
}
},
family=>"Debian",
17
hardware=>"x86_64",
name=>"Debian",
release=>{
full=>"8.4",
major=>"8",
minor=>"4"
},
selinux=>{
enabled=>false
}
}
partitions=>{
/dev/sda1=>{
filesystem=>"ext4",
mount=>"/",
partuuid=>"96522ed201",
size=>"7.62GiB",
size_bytes=>8185184256,
uuid=>"58d6492c8aa12297af916e1c24dd68ab"
},
/dev/sda2=>{
size=>"1.00KiB",
size_bytes=>1024
},
/dev/sda5=>{
filesystem=>"swap",
partuuid=>"96522ed205",
size=>"383.00MiB",
size_bytes=>401604608,
uuid=>"74c47bda458235489b4af7215d3ee65a"
}
}
18
path=>/opt/puppetlabs/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
processors=>{
count=>1,
isa=>"unknown",
models=>[
"Intel(R)Core(TM)i75500UCPU@2.40GHz"
],
physicalcount=>1
}
ruby=>{
platform=>"x86_64linux",
sitedir=>"/opt/puppetlabs/puppet/lib/ruby/site_ruby/2.1.0",
version=>"2.1.9"
}
ssh=>{
dsa=>{
fingerprints=>{
sha1=>"SSHFP21...",
sha256=>"SSHFP22..."
},
key=>"..."
},
ecdsa=>{
fingerprints=>{
sha1=>"SSHFP31...",
},
key=>"..."
},
ed25519=>{
fingerprints=>{
sha1=>"SSHFP41...",
19
sha256=>"SSHFP428..."
},
key=>"..."
},
rsa=>{
fingerprints=>{
sha1=>"SSHFP11...",
},
key=>"..."
}
}
system_uptime=>{
days=>0,
hours=>4,
seconds=>14519,
uptime=>"4:01hours"
}
timezone=>BRT
virtual=>virtualbox
VocpodeaindausaroFacterdeformaespecficacomoporexemploparaverouptime:
#factersystem_uptime
{
days=>0,
hours=>1,
seconds=>6315,
uptime=>"1:45hours"
}
20
ParaverinformaesdoRuby:
#facterruby
{
platform=>"x86_64linux",
sitedir=>"/opt/puppetlabs/puppet/lib/ruby/site_ruby/2.1.0",
version=>"2.1.9"
}
Paraverinformaesdosistemaoperacional:
#facteros
{
architecture=>"x86_64",
family=>"RedHat",
hardware=>"x86_64",
name=>"CentOS",
release=>{
full=>"7.2.1511",
major=>"7",
minor=>"2"
},
selinux=>{
config_mode=>"enforcing",
current_mode=>"enforcing",
enabled=>true,
enforced=>true,
21
policy_version=>"28"
}
}
Paraverinformaesderede:
#facternetworking
{
dhcp=>"192.168.0.1",
domain=>"logicus.local",
fqdn=>"centos.logicus.local",
hostname=>"centos",
interfaces=>{
enp0s3=>{
bindings=>[
{
address=>"192.168.0.106",
netmask=>"255.255.255.0",
network=>"192.168.0.0"
}
],
bindings6=>[
{
address=>"27ff:fe88:fe80::a00:72c8",
netmask=>"ffff:ffff:ffff:ffff::",
network=>"fe80::"
}
],
dhcp=>"192.168.0.1",
ip=>"192.168.0.106",
22
ip6=>"8fe80:27ff:fe88:72c:a00:",
mac=>"72:c808:00:27:88:",
mtu=>1500,
netmask=>"255.255.255.0",
network=>"192.168.0.0",
network6=>"fe80::"
},
lo=>{
bindings=>[
{
address=>"127.0.0.1",
netmask=>"255.0.0.0",
network=>"127.0.0.0"
}
],
bindings6=>[
{
address=>"::1",
netmask=>"ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff",
network=>"::1"
}
],
ip=>"127.0.0.1",
ip6=>"::1",
mtu=>65536,
netmask=>"255.0.0.0",
netmask6=>"ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff",
network=>"127.0.0.0",
network6=>"::1"
}
},
23
ip=>"192.168.0.106",
ip6=>"27ff:fe88:72c8fe80::a00:",
mac=>"27:88:72:c8:08:00:",
mtu=>1500,
netmask=>"255.255.255.0",
network=>"192.168.0.0",
network6=>"fe80::",
primary=>"enp0s3"
}
AgoraquevocconheceosfatosbomqueconheaosrecursoscomosquaisoPuppettrabalha.RecursosparaoPuppetsocomoblocos
delego.Podemsercombinadosparamodelarumestadoepossuiinmerostiposnativos.RecursossoprogramasemRubyquemanipulam
estados.bomquesaibaquenocasodosRecursossetratadoPuppetessencialmenteemlinhadecomando.OsRecursospodemvariarem
tamanho,complexidadeetempodevida.Porexemplo:Umusuriopodeserumrecurso,umserviopodeserumrecurso,umarquivopodeser
umrecurso,umpacotepodeserumrecurso,umarotinadocronpodeserumrecurso,aexecuodeumcomandopodeserumrecurso.Maisa
frenteveremosorecursonasuaformadeclarativanoPuppetatravsdosmanifestos.Porhoravejaumexemplo:
tipo{titulo:
parametro=>valor,
metaparametro=>valor,
funcao=>valor,
}
ParacomearmosaseaprofundarnosrecursosdoPuppetvejamosohelpdocomandoresource:
24
#puppethelpresource
puppetresource(8)Theresourceabstractionlayershell
========
SYNOPSIS
UsesthePuppetRALtodirectlyinteractwiththesystem.
USAGE
puppetresource[h|help][d|debug][v|verbose][e|edit]
[p|param<parameter>][t|types][y|to_yaml]<type>
[<name>][<attribute>=<value>...]
DESCRIPTION
Thiscommandprovidessimplefacilitiesforconvertingcurrentsystem
stateintoPuppetcode,alongwithsomeabilitytomodifythecurrent
stateusingPuppet'sRAL.
Bydefault,youmustatleastprovideatypetolist,inwhichcase
puppetresourcewilltellyoueverythingitknowsaboutallresourcesof
thattype.Youcanoptionallyspecifyaninstancename,andpuppet
resourcewillonlydescribethatsingleinstance.
Ifgivenatype,aname,andaseriesof<attribute>=<value>pairs,
puppetresourcewillmodifythestateofthespecifiedresource.
Alternately,ifgivenatype,aname,andthe'edit'flag,puppet
resourcewillwriteitsoutputtoafile,openthatfileinaneditor,
25
andthenapplythesavedfileasaPuppettransaction.
OPTIONS
Notethatanysettingthat'svalidintheconfiguration
fileisalsoavalidlongargument.Forexample,'ssldir'isavalid
setting,soyoucanspecify'ssldir<directory>'asan
argument.
Seetheconfigurationfiledocumentationat
https://docs.puppetlabs.com/puppet/latest/reference/configuration.htmlforthe
fulllistofacceptableparameters.Acommentedlistofall
configurationoptionscanalsobegeneratedbyrunningpuppetwith
'genconfig'.
*debug:
Enablefulldebugging.
*edit:
Writetheresultsofthequerytoafile,openthefileinaneditor,
andreadthefilebackinasanexecutablePuppetmanifest.
*help:
Printthishelpmessage.
*param:
Addmoreparameterstobeoutputtedfromqueries.
*types:
Listallavailabletypes.
26
*verbose:
Printextrainformation.
*to_yaml:
Outputfoundresourcesinyamlformat,suitabletousewithHieraandcreate_resources.
EXAMPLE
Thisexampleuses`puppetresource`toreturnaPuppetconfigurationfor
theuser`luke`:
$puppetresourceuserluke
user{'luke':
home=>'/home/luke',
uid=>'100',
ensure=>'present',
comment=>'LukeKanies,,,',
gid=>'1000',
shell=>'/bin/bash',
groups=>['sysadmin','audio','video','puppet']
}
AUTHOR
LukeKanies
COPYRIGHT
Copyright(c)2011PuppetLabs,LLCLicensedundertheApache2.0License
27
Bom,falamosqueumusuriopoderiaserumrecursonomesmo?Paravertodososusurios:
#puppetresourceuser
user{'_apt':
ensure=>'present',
gid=>'65534',
home=>'/nonexistent',
password=>'*',
password_max_age=>'99999',
password_min_age=>'0',
shell=>'/bin/false',
uid=>'105',
}
user{'administrador':
ensure=>'present',
comment=>'administrador,,,',
gid=>'1000',
groups=>['adm','cdrom','sudo','dip','plugdev','lxd','lpadmin','sambashare'],
home=>'/home/administrador',
password=>'$6$.ZWqylpH$nubx9.Ty0rK0QXKt4To9dcTFo8iW84CeC7Gs1pWXUwMH7qXITB3wBp1CeZdJRf/QYDtx7WTAivuG2.94yJe5..',
shell=>'/bin/bash',
uid=>'1000',
}
user{'backup':
ensure=>'present',
comment=>'backup',
gid=>'34',
home=>'/var/backups',
password=>'*',
28
shell=>'/usr/sbin/nologin',
uid=>'34',
}
user{'bin':
ensure=>'present',
comment=>'bin',
gid=>'2',
home=>'/bin',
password=>'*',
uid=>'2',
}
user{'daemon':
ensure=>'present',
comment=>'daemon',
gid=>'1',
home=>'/usr/sbin',
password=>'*',
uid=>'1',
}
user{'dnsmasq':
ensure=>'present',
comment=>'dnsmasq,,,',
gid=>'65534',
home=>'/var/lib/misc',
password=>'*',
29
uid=>'109',
}
user{'games':
ensure=>'present',
comment=>'games',
gid=>'60',
home=>'/usr/games',
password=>'*',
uid=>'5',
}
user{'gnats':
ensure=>'present',
comment=>'GnatsBugReportingSystem(admin)',
gid=>'41',
home=>'/var/lib/gnats',
password=>'*',
uid=>'41',
}
user{'irc':
ensure=>'present',
comment=>'ircd',
gid=>'39',
home=>'/var/run/ircd',
30
password=>'*',
uid=>'39',
}
user{'list':
ensure=>'present',
comment=>'MailingListManager',
gid=>'38',
home=>'/var/list',
password=>'*',
uid=>'38',
}
user{'logicus':
ensure=>'present',
comment=>',,,',
gid=>'1001',
home=>'/home/logicus',
password=>'$6$bbKy5lyy$Higgb4iG/SR/rc9voM7LAaSoV.GBwuWbLiUmPZAG12ZWT2yi6L6U1sSnOaIFlGTMB5Sse8tAEF62Yjcx5nwIb0',
shell=>'/bin/bash',
uid=>'1001',
}
user{'lp':
ensure=>'present',
comment=>'lp',
gid=>'7',
31
home=>'/var/spool/lpd',
password=>'*',
uid=>'7',
}
user{'lxd':
ensure=>'present',
gid=>'65534',
home=>'/var/lib/lxd/',
password=>'*',
uid=>'106',
}
user{'mail':
ensure=>'present',
comment=>'mail',
gid=>'8',
home=>'/var/mail',
password=>'*',
uid=>'8',
}
user{'man':
ensure=>'present',
comment=>'man',
gid=>'12',
32
home=>'/var/cache/man',
password=>'*',
uid=>'6',
}
user{'messagebus':
ensure=>'present',
gid=>'111',
home=>'/var/run/dbus',
password=>'*',
uid=>'107',
}
user{'news':
ensure=>'present',
comment=>'news',
gid=>'9',
home=>'/var/spool/news',
password=>'*',
uid=>'9',
}
user{'nobody':
ensure=>'present',
comment=>'nobody',
gid=>'65534',
33
home=>'/nonexistent',
password=>'*',
uid=>'65534',
}
user{'proxy':
ensure=>'present',
comment=>'proxy',
gid=>'13',
home=>'/bin',
password=>'*',
uid=>'13',
}
user{'puppet':
ensure=>'present',
comment=>'Puppetconfigurationmanagementdaemon,,,',
gid=>'117',
home=>'/var/lib/puppet',
password=>'*',
uid=>'111',
}
user{'root':
ensure=>'present',
comment=>'root',
34
gid=>'0',
home=>'/root',
password=>'!',
shell=>'/bin/bash',
uid=>'0',
}
user{'sshd':
ensure=>'present',
gid=>'65534',
home=>'/var/run/sshd',
password=>'*',
uid=>'110',
}
user{'sync':
ensure=>'present',
comment=>'sync',
gid=>'65534',
home=>'/bin',
password=>'*',
shell=>'/bin/sync',
uid=>'4',
}
user{'sys':
ensure=>'present',
comment=>'sys',
35
gid=>'3',
home=>'/dev',
password=>'*',
uid=>'3',
}
user{'syslog':
ensure=>'present',
gid=>'108',
groups=>['adm'],
home=>'/home/syslog',
password=>'*',
uid=>'104',
}
user{'systemdbusproxy':
ensure=>'present',
comment=>'systemdBusProxy,,,',
gid=>'105',
home=>'/run/systemd',
password=>'*',
uid=>'103',
}
user{'systemdnetwork':
ensure=>'present',
36
comment=>'systemdNetworkManagement,,,',
gid=>'103',
home=>'/run/systemd/netif',
password=>'*',
uid=>'101',
}
user{'systemdresolve':
ensure=>'present',
comment=>'systemdResolver,,,',
gid=>'104',
home=>'/run/systemd/resolve',
password=>'*',
uid=>'102',
}
user{'systemdtimesync':
ensure=>'present',
comment=>'systemdTimeSynchronization,,,',
gid=>'102',
home=>'/run/systemd',
password=>'*',
uid=>'100',
}
user{'uucp':
37
ensure=>'present',
comment=>'uucp',
gid=>'10',
home=>'/var/spool/uucp',
password=>'*',
uid=>'10',
}
user{'uuidd':
ensure=>'present',
gid=>'112',
home=>'/run/uuidd',
password=>'*',
uid=>'108',
}
user{'wwwdata':
ensure=>'present',
comment=>'wwwdata',
gid=>'33',
home=>'/var/www',
password=>'*',
uid=>'33',
}
38
Ok!Maselemostroutodososusurios.Esevocquiserverasinformaesdeapenasumusuriodosistema,porexemplooRoot.Vejao
exemplo:
#puppetresourceuserroot
user{'root':
ensure
=>'present',
comment
=>'root',
gid
=>'0',
home
=>'/root',
password
=>'Ljw$h8JJmJvIxvDLjw1$1$jrm5tn9mCZM/',
shell
=>'/bin/bash',
uid
=>'0',
}
Ouseja,comosedissssemos
puppetmemostreasinformaesdorecursousuriodoroot
.Vamoscriarumusurioevercomoo
Puppetoenxerga.Faamosistoemtrspassos:a)criamosousurio,b)pedimosinformaodeleparaopuppetparaveroseuestado(ensure),
esenha(sehalguma),c)mudamosasenhadousurio,ed)pedimosnovamenteinformaodousurioeverificamosocamporelativoasenha:
#addusergustavo
#puppetresourceusergustavo
user{'gustavo':
ensure
=>'present',
gid
=>'502',
home
=>'/home/gustavo',
password
=>'!!',
39
shell
=>'/bin/bash',
uid
=>'502',
}
#passwdgustavo
Mudandosenhaparaousuriogustavo.
Novasenha:
Redigiteanovasenha:
passwd:todosostokensdeautenticaesforamatualizadoscomsucesso.
#puppetresourceusergustavo
user{'gustavo':
ensure
=>'present',
gid
=>'502',
home
=>'/home/gustavo',
password
=>'O6zn$1$i1Mz9cgG$MHjc.x6sV/Hf4jh4t.',
shell
=>'/bin/bash',
uid
=>'502',
}
Comomgica!Ouseja,observequequandocriamosousuriogustavoomesmonopossuasenhaequandorealizamosamudanadesenha
oPuppetjtratoudeconheceressamudana.OresultadodocomandoPuppetResourceentonostrsasinformaesdosrecursosque
desejamos!Ok!MassequisermosqueoprprioPuppetcrieumusurioquenoestpresente,porexemplo,ousurioangela.Vejamosque
esteusurionoexistenosistema:
#puppetresourceuserangela
40
user{'angela':
ensure=>'absent',
}
Usemosentoaopoensure=present:
#puppetresourceuserangelaensure=present
Notice:/User[angela]/ensure:created
user{'angela':
ensure=>'present',
}
Ouseja,primeirosvimosqueousurioangelaestavaabsent,ouseja,noexistianosistema,esteeraoseuensure.Depoisdissemosparao
Puppetcriarousurio.Vamosconfirmar:
#cat/etc/passwd|grepangela
angela:x:1002:1002::/home/angela:
JestimaginandoossuperpoderesqueoPuppetlhefornecernomesmo?Calma,aindatembemmaispraseverDissemostambmque
arquivosediretriospodiamserrecursosnomesmo?!Paraverorecursodeumarquivo,nestecasooarquivo
/etc/hosts
:
#puppetresourcefile/etc/hosts
file{'/etc/hosts':
ensure=>'file',
content=>'{md5}2a4692ead945f435ff7cc9b2e4faf82f',
41
ctime=>'2016060415:28:000300',
group=>'0',
mode=>'0644',
mtime=>'2016060415:28:000300',
owner=>'0',
type=>'file',
}
Olhaquebacana,almdeinformaescomoodono,grupo,tipoeleaindanosdeuomd5doarquivo.Ok!Massepedirmosparaverumdiretrio
quenoexiste?Exemplo:
#puppetresourcefile/home/logicus/backup/configuracao
file{'/home/logicus/backup/configuracao':
ensure=>'absent',
}
Vamoscriarmanualmenteodiretrio:
#mkdirpv/home/logicus/backup/configuracao
mkdir:foicriadoodiretrio'/home/logicus/backup'
mkdir:foicriadoodiretrio'/home/logicus/backup/configuracao'
Vejamosagoraoresultado:
#puppetresourcefile/home/logicus/backup/configuracao
file{'/home/logicus/backup/configuracao':
42
ensure=>'directory',
ctime=>'2016060416:28:100300',
group=>'0',
mode=>'0755',
mtime=>'2016060416:28:100300',
owner=>'0',
type=>'directory',
}
Sevocquisercriarumarquivoabrindoumeditorparamodificaralgovejaoseguinteexemplo.Nelevamosusaraopo
edit
ealterarnoeditor
queabrirapermissopadrodecriaodoarquivo.Vejamos:
#puppetresourcefile/tmp/exemploensure=presentedit
Acrescentealinharelacionadoapermissocomonoexemploabaixo:
file{'/tmp/exemplo':
ensure=>'file',
mode=>'777',
}
Saiasalvandooarquivoevejaoresultado:
Notice:/File[/tmp/exemplo]/ensure:created
Notice:Compiledcatalogforubuntu.logicus.localinenvironmentproductionin0.03seconds
Info:Applyingconfigurationversion'1465069983'
43
Notice:/Stage[main]/Main/File[/tmp/exemplo]/mode:modechanged'0644'to'0777'
Notice:Appliedcatalogin0.03seconds
OPuppetalterouapermissocomoindicamos!Dissemostambmquepacotespodemserumrecurso.Vamostentaracessaroprogramaglances.
#glances
Oprograma'glances'noestinstaladonomomento.
Vejamos:
#puppetresourcepackageglancesensure=present
Notice:/Package[glances]/ensure:created
package{'glances':
ensure=>'2.31build1',
}
Agoratenteacessarnovamenteoglancesepercebaqueelejestarpresenteemseusistema!Pararemoveropacoteapenasmudeaopode
ensuredepresentparaabsent:
#puppetresourcepackageglancesensure=absent
Notice:/Package[glances]/ensure:removed
package{'glances':
ensure=>'absent',
}
44
Sequisernovamenteopacoteenaltimaversodisponvelfaa:
#puppetresourcepackageglancesensure=latest
Vocpodeatmesmoexecutarumcomandousandooresource
exec
.Vamosfazerumteste.PrimeiromudeseueditorpadroparaoNanocom
oseguintecomando:
#updatealternativesseteditor/bin/nano
Digitenoterminal:
#editor
ConfiraserealmenteentrounoNano.Sesim,tudocertoataqui.Agoravamosusaroresource
exec
paraquesejaaplicadoomesmocomando
squemudandooeditorpadroparaovim.Omanifesto(arquivocomextenso.pp)deveficarassim:
#catlogicus.pp
exec{"updatealternativesseteditor/usr/bin/vim.basic":
path=>"/usr/bin:/usr/sbin:/bin",
}
Evamosaplicaromanifesto:
45
#puppetapplylogicus.pp
Notice:/Stage[main]/Main/Exec[updatealternativesseteditor/usr/bin/vim.basic]/returns:executedsuccessfully
Eporfimtenteacessaroeditor:
#editor
Ok!SempercebervoccriouummanifestoemandouoPuppetaplicarenestemanifestousouumrecurso.Maisafrenteiremosexplicarmelhor
sobreoqueummanifesto,porhora,squeramoslevarvocanavegarporoutrasformasdeaplicarrecursos.Voltandoaosrecursos
gostaramosdedizerquemesmoumhostpodeserumrecursoenovamentevamosusarummanifesto,vejamos:
#catlogicus.pp
host{'ubuntu.logicus.local':
ensure=>'present',
ip=>'192.168.0.105',
host_aliases=>'ubuntu',
}
host{'centos.logicus.local':
ensure=>'present',
ip=>'192.168.0.102',
host_aliases=>'centos',
}
host{'debian.logicus.local':
46
ensure
=>'present',
ip=>'192.168.0.104',
host_aliases=>'debian',
}
NestecasoestamosconsiderandoosipsnainfraaquidaLogicus,vocdevealterarosipsdeacordocomosqueseuDHCPdeuparaoseulaba!
Vamosaplicaromanifesto:
Notice:Compiledcatalogforcentos.logicus.localinenvironmentproductionin0.16seconds
Notice:/Stage[main]/Main/Host[ubuntu.logicus.local]/ensure:created
Notice:/Stage[main]/Main/Host[centos.logicus.local]/ensure:created
Notice:/Stage[main]/Main/Host[debian.logicus.local]/ensure:created
Confiraagoraseuarquivo
/etc/hosts
,eledevepossuiroshostsqueadicionamosatravsdoPuppet.Imaginamosquevocdeveestaragora
pensandoemtodasaspossibilidadesdeusodosrecursos.Existeumcomandochamadodescribeusadoparadescobririnformaessobreos
recursos.O
puppetdescribe
umsubcomandoparalistarinformaessobreostiposderecursosatualmenteinstaladosemumadeterminada
mquina.Vejamosseuhelp:
#puppethelpdescribe
puppetdescribe(8)Displayhelpaboutresourcetypes
========
SYNOPSIS
47
PrintshelpaboutPuppetresourcetypes,providers,andmetaparameters.
USAGE
puppetdescribe[h|help][s|short][p|providers][l|list][m|meta]
OPTIONS
*help:
Printthishelptext
*providers:
Describeprovidersindetailforeachtype
*list:
Listalltypes
*meta:
Listallmetaparameters
*short:
Listonlyparameterswithoutdetail
EXAMPLE
$puppetdescribelist
$puppetdescribefileproviders
$puppetdescribeusersm
48
AUTHOR
DavidLutterkort
COPYRIGHT
Vejamosostiposqueestodisponveis:
#puppetdescribelist
Thesearethetypesknowntopuppet:
augeasApplyachangeoranarrayofchangestothe...
computerComputerobjectmanagementusingDirectorySer...
cronInstallsandmanagescronjobs
execExecutesexternalcommands
fileManagesfiles,includingtheircontent,owner...
filebucketArepositoryforstoringandretrievingfile...
groupManagegroups
hostInstallsandmanageshostentries
interfaceThisrepresentsarouterorswitchinterface
k5loginManagethe`.k5login`fileforauser
macauthorizationManagetheMacOSXauthorizationdatabase
mailalias..nodocumentation..
maillistManageemaillists
mcxMCXobjectmanagementusingDirectoryService...
mountManagesmountedfilesystems,includingputtin...
nagios_commandTheNagiostypecommand
49
nagios_contactTheNagiostypecontact
nagios_contactgroupTheNagiostypecontactgroup
nagios_hostTheNagiostypehost
nagios_hostdependencyTheNagiostypehostdependency
nagios_hostescalationTheNagiostypehostescalation
nagios_hostextinfoTheNagiostypehostextinfo
nagios_hostgroupTheNagiostypehostgroup
nagios_serviceTheNagiostypeservice
nagios_servicedependencyTheNagiostypeservicedependency
nagios_serviceescalationTheNagiostypeserviceescalation
nagios_serviceextinfoTheNagiostypeserviceextinfo
nagios_servicegroupTheNagiostypeservicegroup
nagios_timeperiodTheNagiostypetimeperiod
notify..nodocumentation..
packageManagepackages
resourcesThisisametatypethatcanmanageotherreso...
router..nodocumentation..
scheduleDefineschedulesforPuppet
scheduled_taskInstallsandmanagesWindowsScheduledTasks
selbooleanManagesSELinuxbooleansonsystemswithSELi...
selmoduleManagesloadingandunloadingofSELinuxpoli...
serviceManagerunningservices
ssh_authorized_keyManagesSSHauthorizedkeys
sshkeyInstallsandmanagessshhostkeys
stageAresourcetypeforcreatingnewrunstages
tidyRemoveunwantedfilesbasedonspecificcrite...
userManageusers
vlan..nodocumentation..
whitWhitsareinternalartifactsofPuppet'scurr...
yumrepoTheclientsidedescriptionofayumreposito...
zfsManagezfs
zoneManagesSolariszones
50
zpoolManagezpools
Useaoposparaumalistacurta.Digamosquevocqueiravermaissobreorecursouserporexemplo:
#puppetdescribesuser
user
====
Manageusers.Thistypeismostlybuilttomanagesystem
users,soitislackingsomefeaturesusefulformanagingnormal
users.
Thisresourcetypeusestheprescribednativetoolsforcreating
groupsandgenerallyusesPOSIXAPIsforretrievinginformation
aboutthem.Itdoesnotdirectlymodify`/etc/passwdòranything.
**Autorequires:**IfPuppetismanagingtheuser'sprimarygroup(as
providedinthe`gidàttribute),theuserresourcewillautorequire
thatgroup.IfPuppetismanaginganyroleaccountscorrespondingtothe
user'sroles,theuserresourcewillautorequirethoseroleaccounts.
Parameters
allowdupe,attribute_membership,attributes,auth_membership,auths,
comment,ensure,expiry,forcelocal,gid,groups,home,ia_load_module,
iterations,key_membership,keys,loginclass,managehome,membership,
name,password,password_max_age,password_min_age,profile_membership,
profiles,project,purge_ssh_keys,role_membership,roles,salt,shell,
system,uid
Providers
51
aix,directoryservice,hpuxuseradd,ldap,openbsd,pw,user_role_add,
useradd,windows_adsi
Paralistalongafaaapenasotipo.Digamosquevocqueiravermaissobreorecursomountporexemplo:
#puppetdescribemount
mount
=====
Managesmountedfilesystems,includingputtingmount
informationintothemounttable.Theactualbehaviordepends
onthevalueofthe'ensure'parameter.
**Refresh:**`mount`resourcescanrespondtorefreshevents(via
`notify`,`subscribe`,orthe`~>àrrow).Ifa`mount`receivesanevent
fromanotherresource**and**itsènsureàttributeissetto`mounted`,
Puppetwilltrytounmountthenremountthatfilesystem.
**Autorequires:**IfPuppetismanaginganyparentsofamountresource
thatis,othermountpointshigherupinthefilesystemthechild
mountwillautorequirethem.IfPuppetismanagingthefilepathofa
mountpoint,themountresourcewillautorequireit.
**Autobefores:**IfPuppetismanaginganychildfilepathsofamount
point,themountresourcewillautobeforethem.
Parameters
**atboot**
Whethertomountthemountatboot.Notallplatforms
52
supportthis.
**blockdevice**
Thedevicetofsck.Thisispropertyisonlyvalid
onSolaris,andinmostcaseswilldefaulttothecorrect
value.
**device**
Thedeviceprovidingthemount.Thiscanbewhatever
deviceissupportingbythemount,includingnetwork
devicesordevicesspecifiedbyUUIDratherthandevice
path,dependingontheoperatingsystem.
**dump**
Whethertodumpthemount.Notallplatformsupportthis.
Validvaluesare`1òr`0`(or`2ònFreeBSD).Defaultis`0`.
Valuescanmatch`/(0|1)/`.
**ensure**
Controlwhattodowiththismount.Setthisattributeto
ùnmounted`tomakesurethefilesystemisinthefilesystemtable
butnotmounted(ifthefilesystemiscurrentlymounted,itwillbe
unmounted).Setittoàbsent`tounmount(ifnecessary)andremove
thefilesystemfromthefstab.Setto`mounted`toaddittothe
fstabandmountit.Setto`present`toaddtofstabbutnotchange
mount/unmountstatus.
Validvaluesare`defined`(alsocalled`present`),ùnmounted`,
àbsent`,`mounted`.
**fstype**
Themounttype.Validvaluesdependonthe
operatingsystem.Thisisarequiredoption.
53
**name**
Themountpathforthemount.
**options**
Asinglestringcontainingoptionsforthemount,astheywould
appearinfstab.Formanyplatformsthisisacommadelimitedstring.
Consultthefstab(5)manpageforsystemspecificdetails.
**pass**
Thepassinwhichthemountischecked.
**remounts**
Whetherthemountcanberemounted`mountoremount`.If
thisisfalse,thenthefilesystemwillbeunmountedandremounted
manually,whichispronetofailure.
Validvaluesare`true`,`false`.
**target**
Thefileinwhichtostorethemounttable.Onlyusedby
thoseprovidersthatwritetodisk.
Providers
parsed
Seriainteressantetambmobterosmetaparmetrosnomesmo?Nestecasovocdeveusaraopom,comodescritonohelp.Vejamos:
#puppetdescribesmcron
54
cron
====
Installsandmanagescronjobs.EverycronresourcecreatedbyPuppet
requiresacommandandatleastoneperiodicattribute(hour,minute,
month,monthday,weekday,orspecial).Whilethenameofthecronjobis
notpartoftheactualjob,thenameisstoredinacommentbeginningwith
`#PuppetName:`.Thesecommentsareusedtomatchcrontabentriescreated
byPuppetwithcronresources.
Ifanexistingcrontabentryhappenstomatchtheschedulingandcommandof
a
cronresourcethathasneverbeensynched,Puppetwilldefertotheexisting
crontabentryandwillnotcreateanewentrytaggedwiththe`#Puppet
Name:`
comment.
Example:
cron{'logrotate':
command=>'/usr/sbin/logrotate',
user=>'root',
hour=>2,
minute=>0,
}
Notethatallperiodicattributescanbespecifiedasanarrayofvalues:
cron{'logrotate':
user=>'root',
hour=>[2,4],
}
...orusingrangesorthestepsyntax`*/2`(althoughthere'snoguarantee
thatyour`cron`daemonsupportsthese):
cron{'logrotate':
55
user=>'root',
hour=>['24'],
minute=>'*/10',
}
Animportantnote:_theCrontypewillnotresetparametersthatare
removedfromamanifest_.Forexample,removinga`minute=>10`parameter
willnotresettheminutecomponentoftheassociatedcronjobto`*`.
Thesechangesmustbeexpressedbysettingtheparameterto
`minute=>absent`becausePuppetonlymanagesparametersthatareoutof
syncwithmanifestentries.
**Autorequires:**IfPuppetismanagingtheuseraccountspecifiedbythe
ùser`propertyofacronresource,thenthecronresourcewillautorequire
thatuser.
Parameters
command,ensure,environment,hour,minute,month,monthday,name,
special,target,user,weekday
MetaParameters
alias,audit,before,consume,export,loglevel,noop,notify,require,
schedule,stage,subscribe,tag
Providers
crontab
56
Todosestesmetaparmetrosseromuitousadosnosmanifestos!Masantesdeverosmanifestosprecisofixarbemalgicadaaplicaodo
manifesto,ouseja,conhecero
apply
,ferramentaquediraoPuppetquedesejamosumadeterminadaconfiguraoderecursos.Vejamoso
help:
#puppethelpapply
puppetapply(8)ApplyPuppetmanifestslocally
========
SYNOPSIS
AppliesastandalonePuppetmanifesttothelocalsystem.
USAGE
puppetapply[h|help][V|version][d|debug][v|verbose]
[e|execute][detailedexitcodes][L|loadclasses]
[l|logdestsyslog|eventlog|<FILE>|console][noop]
[catalog<catalog>][writecatalogsummary]<file>
DESCRIPTION
Thisisthestandalonepuppetexecutiontooluseittoapply
individualmanifests.
Whenprovidedwithamodulepath,viacommandlineorconfigfile,puppet
applycaneffectivelymimicthecatalogthatwouldbeservedbypuppet
masterwithaccesstothesamemodules,althoughtherearesomesubtle
differences.Whencombinedwithschedulingandanautomatedsystemfor
57
pushingmanifests,thiscanbeusedtoimplementaserverlessPuppet
site.
Mostusersshoulduse'puppetagent'and'puppetmaster'forsitewide
manifests.
OPTIONS
Notethatanysettingthat'svalidintheconfiguration
fileisalsoavalidlongargument.Forexample,'tags'isa
validsetting,soyoucanspecify'tags<class>,<tag>'
asanargument.
Seetheconfigurationfiledocumentationat
https://docs.puppetlabs.com/puppet/latest/reference/configuration.htmlforthe
fulllistofacceptableparameters.Acommentedlistofall
configurationoptionscanalsobegeneratedbyrunningpuppetwith
'genconfig'.
*debug:
Enablefulldebugging.
*detailedexitcodes:
Provideextrainformationabouttherunviaexitcodes.Ifenabled,'puppet
apply'willusethefollowingexitcodes:
0:Therunsucceededwithnochangesorfailuresthesystemwasalreadyin
thedesiredstate.
1:Therunfailed.
58
2:Therunsucceeded,andsomeresourceswerechanged.
4:Therunsucceeded,andsomeresourcesfailed.
6:Therunsucceeded,andincludedbothchangesandfailures.
*help:
Printthishelpmessage
*loadclasses:
Loadanystoredclasses.'puppetagent'cachesconfiguredclasses
(usuallyat/etc/puppetlabs/puppet/classes.txt),andsettingthisoptioncauses
allofthoseclassestobesetinyourpuppetmanifest.
*logdest:
Wheretosendlogmessages.Choosebetween'syslog'(thePOSIXsyslog
service),'eventlog'(theWindowsEventLog),'console',orthepathtoalog
file.Defaultsto'console'.
Apathendingwith'.json'willreceivestructuredoutputinJSONformat.The
logfilewillnothaveanending']'automaticallywrittentoitduetothe
appendingnatureoflogging.Itmustbeappendedmanuallytomakethecontent
validJSON.
*noop:
Use'noop'modewherePuppetrunsinanoopordryrunmode.This
isusefulforseeingwhatchangesPuppetwillmakewithoutactually
executingthechanges.
*execute:
ExecuteaspecificpieceofPuppetcode
59
*test:
Enablethemostcommonoptionsusedfortesting.Theseare'verbose',
'detailedexitcodes'and'show_diff'.
*verbose:
Printextrainformation.
*catalog:
ApplyaJSONcatalog(suchasonegeneratedwith'puppetmastercompile').Youcan
eitherspecifyaJSONfileorpipeinJSONfromstandardinput.
*writecatalogsummary
Aftercompilingthecatalogsavestheresourcelistandclasseslisttothenode
inthestatedirectorynamedclasses.txtandresources.txt
EXAMPLE
$puppetapplyl/tmp/manifest.logmanifest.pp
$puppetapplymodulepath=/root/dev/modulese"includentpd::server"
$puppetapplycatalogcatalog.json
AUTHOR
LukeKanies
COPYRIGHT
Vejamosumexemploumpoucomaiscompletodemanifesto:
60
#catlogicus.pp
package{"postfix":
ensure=>installed,
}
service{"postfix":
ensure=>running,
enable=>true,
hasrestart=>true,
hasstatus=>true,
require=>Package['postfix'],
}
file{'main.cf':
path=>'/etc/postfix/main.cf',
ensure=>present,
owner=>'root',
group=>'root',
mode=>'0644',
require=>Package['postfix'],
notify=>Service['postfix'],
}
Nestearquivofizemosdiversosusosderecursosparacriarumarquivoondedeixamosclarooquequeremoscomrelaoaopostfixnamquina
emquesto.Antesdecontinuarumabrevepausaparaexplicaralgumascoisasnovas.Vejaatabelasimplificadaabaixo:
enable
indicaseosistemadeveestarativadonainicializao,nestecaso
61
true
require
indicaqueprecisooutrorecursocomorequisito,nestecasoopacote
dopostfix
path
indicaumcaminho,nestecasoondedeveestaroarquivode
configuraodopostfix
notify
indicaquedevehaverumanotificao,nestecasoaoserviodo
postfix
Paraaplicarestaconfiguraovamosusaroapply:
Notice:Compiledcatalogfordebian.logicus.localinenvironmentproductionin0.67seconds
Notice:/Stage[main]/Main/Package[postfix]/ensure:created
Econfira:
#servicepostfixstatus
postfix.serviceLSB:PostfixMailTransportAgent
Loaded:loaded(/etc/init.d/postfix)
DropIn:/run/systemd/generator/postfix.service.d
50postfix$mailtransportagent.conf
Active:active(running)sinceSb2016060419:46:23BRT43sago
CGroup:/system.slice/postfix.service
62
4406/usr/lib/postfix/master
4407pickupltunixuc
4408qmgrltunixu
Jun0419:46:23debian.logicus.localpostfix[4296]:StartingPostfixMailTransportAgent:postfix.
Jun0419:46:23debian.logicus.localpostfix/master[4406]:daemonstartedversion2.11.3,configuration/etc/postfix
Noentendeuaindaalgicadosmanifestos?Agoraquecomearemosaesmiuarosmanifestos,estestaisarquivosdoPuppet...Omanifesto
atuacomoreceitadebolo.Tratasedeumarquivodetextoplanocomextenso.pp.dentrodosmanifestosquevoasdeclaraesde
recursos.Ouseja,ondesedescreveumestadodesejadoparaumrecurso.Paraaplicarummanifestobastaocomando:
puppetapply
meu_manifesto.pp
.Evocjfezistoantes,mesmosementendloainda.Bom,omanifestousadeumalinguagemdeclarativa,umaDSL
DomainSpecificLinguage.ADSLumalinguagemprojetadaparaseracessvelaosadministradoresdesistema.Osmanifestossobaseadosno
arquivodeconfiguraodoNagios.LembresequeDSLnolinguagemdeprogramao!Parafixarentendaqueosrecursossodistribudos
nosmanifestosdaseguinteforma:umtipo,ttuloeatributos.Exemplo:
tipo{'ttulo':
param1=>'valor',
param2=>'valor',
param3=>'valor',
metaparam1=>'valor',
metaparam2=>'valor',
function1=>'valor',
function2=>'valor',
}
Lembrasequebemnoinciodoartigofalamossobreboasprticas?Ento,paraconferirseasintaxedoarquivoppestcorretapodefazer:
63
#puppetparservalidatemanifesto.pp
VocpodeaindarealarasintaxedosarquivoscomextensoppnoVim.Parainstoinstaleopacotevimpuppet:
#aptitudeinstallvimpuppet
Emseguidafaa:
#vimaddonsinstallpuppet
AgoraosmanifestosqueveremosafrenteficarocoloridosnoseuVim!Lembraquetemosnosistemadoisusurios,GustavoeAngela.Confira:
#cat/etc/passwd|grepE'(angela|gustavo)'
angela:x:1002:1002::/home/angela:
gustavo:x:1003:1003::/home/gustavo:
Poisbem!Iremoscriarummanifestoparadizerqueestesusuriosnodevemestarnosistemapoiselesganharamnaloteriaeforammorarno
Caribe.Vejamosomanifesto:
#catlogicus.pp
user{'gustavo':
ensure
=>
'absent',
64
home
=>
shell
=>
}
user{'angela':
ensure=>
home =>
shell =>
}
'/home/gustavo',
'/bin/bash',
'absent',
'/home/angela',
'/bin/bash',
Notice:/Stage[main]/Main/User[gustavo]/ensure:removed
Notice:/Stage[main]/Main/User[angela]/ensure:removed
Vamosalteraromanifestoagoracomrelaoapresenadousurioetambmseushell.Vejamos:
#catlogicus.pp
user{'gustavo':
ensure=>
'present',
home =>
'/home/gustavo',
shell =>
'/bin/dash',
}
user{'angela':
65
ensure=>
home =>
shell =>
'present',
'/home/angela',
'/bin/dash',
Apliquemosomanifesto:
Notice:/Stage[main]/Main/User[gustavo]/ensure:created
Notice:/Stage[main]/Main/User[angela]/ensure:created
Evamosconferirasmudanas:
#cat/etc/passwd|grepE'(angela|gustavo)'
gustavo:x:1002:1002::/home/gustavo:/bin/dash
angela:x:1003:1003::/home/angela:/bin/dash
InteressanteMasnsvimosqueerapossvelterarquivosediretrioscomorecursos.Vamoscriararquivos!Vejamosomanifesto:
#catlogicus.pp
file{'/tmp/diretorioteste':
path=>'/tmp/diretorioteste',
ensure=>directory,
}
66
file{'arquivoteste':
path =>'/tmp/diretorioteste/arquivoteste',
ensure=>'present',
owner =>angela,
mode =>'0640',
content=>"Eusouumarquivoteste:)",
require=>File['/tmp/diretorioteste'],
}
file{'/tmp/diretorioteste/linkdoarquivoteste':
ensure=>link,
owner =>gustavo,
target=>'/tmp/diretorioteste/arquivoteste',
require=>File['arquivoteste'],
}
Vejamosumatabelaparaentenderoqueaconteceu:
diretrioteste
dissemosparaopuppetquequeramosumdiretriochamado
diretoriotestepresentenodiretrio/tmp
arquivoteste
dissemosparaopuppetquequeriamosumarquivochamado
arquivotestenodiretorioteste,einclusiveindicamosqueacriao
dodiretriotestepresentenomanifestoerarequisito.Dissemosainda
queousuriodonodoarquivodeveriaserousurioangela,queo
contedodoarquivodeveriaserEusouumarquivoteste:)equea
permissodoarquivodeveriaser640
67
linkparaoarquivoteste
dissemosparaopuppetquedentrodomesmodiretriotestedeveria
haverumlinkparaoarquivotesteequeodonodolinkdeveriasero
usuriogustavo
Entendidoistovamosaplicaromanifesto:
Notice:/Stage[main]/Main/File[/tmp/diretorioteste]/ensure:created
Notice:/Stage[main]/Main/File[arquivoteste]/ensure:definedcontentas'{md5}c7e3ada978865414be69897879bd57ea'
Notice:/Stage[main]/Main/File[/tmp/diretorioteste/linkdoarquivoteste]/ensure:created
Confira:
#lsl/tmp/diretorioteste/
total4
rwr1angelaroot26Jun421:17arquivoteste
lrwxrwxrwx1gustavoroot34Jun421:19linkdoarquivoteste>/tmp/diretorioteste/arquivoteste
Paraapagarestesarquivos:
#puppetresourcefile'/tmp/diretorioteste'recurse=truepurge=true
Notice:/File[/tmp/diretorioteste/arquivoteste]/ensure:removed
Notice:/File[/tmp/diretorioteste/linkdoarquivoteste]/ensure:removed
68
file{'/tmp/diretorioteste':
ensure=>'directory',
}
Confira:
#lsl/tmp/diretorioteste/
total0
Imaginemosagoraquevocprecisedediversospacotesrelativosarede,compressoeoutros,eistoocorrercadavezquevocprecisar
configurarumanovamquinadeumlaboratriodetreinamentoporexemplo,comojocorreuconosco.Vejaumexemploabaixo:
#catlogicus.pp
package{'tzdata':
ensure=>'latest',
}
package{'screen':
ensure=>'present',
}
package{'lynx':
ensure=>'present',
}
package{'elinks':
ensure=>'present',
}
69
package{'rsync':
ensure=>'present',
}
package{'telnet':
ensure=>'present',
}
package{'ftp':
ensure=>'present',
}
package{'wget':
ensure=>'present',
}
package{'bzip2':
ensure=>'present',
}
package{'unzip':
ensure=>'present',
}
package{'traceroute':
ensure=>'present',
}
package{'tcpdump':
ensure=>'present',
}
70
package{'iptraf':
ensure=>'present',
}
package{'htop':
ensure=>'present',
}
package{'dnsutils':
ensure=>'present',
}
package{'nmap':
ensure=>'present',
}
package{'vim':
ensure=>'present',
}
Notice:/Stage[main]/Main/Package[lynx]/ensure:created
Notice:/Stage[main]/Main/Package[elinks]/ensure:created
Notice:/Stage[main]/Main/Package[traceroute]/ensure:created
Notice:/Stage[main]/Main/Package[iptraf]/ensure:created
Notice:/Stage[main]/Main/Package[htop]/ensure:created
71
Notice:/Stage[main]/Main/Package[nmap]/ensure:created
Poucospacotesjestavampresentesenoprecisaramserinstalados,masoutrosforam.Vejaqueotempototalfoide33segundos.Ouseja,o
ganhodevelocidadenapadronizaodeambientecomoPuppetenorme!Valedestacarquevocpodeusarvariveisnoseguinteformato:
$VARIAVEL=VALOR
.Vejaumexemplo:
#catlogicus.pp
$mensagem="ALogicustecnologiainvestemuitoemdocumentaoparaquevocaprendamais"
notify{"$mensagem":}
Notice:ALogicustecnologiainvestemuitoemdocumentaoparaquevocaprendamais
Notice:/Stage[main]/Main/Notify[ALogicustecnologiainvestemuitoemdocumentaoparaquevocaprendamais]/message:defined
'message'as'ALogicustecnologiainvestemuitoemdocumentaoparaquevocaprendamais'
Vocpodeusaraindavariveisdofacter,comandovistoanteriormente.Exemplo:
#catlogicus.pp
$frase="Ol,eusouumsistemadafamlia${::osfamily}eestounoarh${::uptime}"
notify{'info':
message=>$frase,
}
file{'/root/mensagem.txt':
72
ensure=>file,
content=>$frase,
}
Vamosaplicar:
Notice:Ol,eusouumsistemadafamliaDebianeestounoarh5:00hours
Notice:/Stage[main]/Main/Notify[info]/message:defined'message'as'Ol,eusouumsistemadafamliaDebianeestounoarh5:00
hours'
Notice:/Stage[main]/Main/File[/root/mensagem.txt]/ensure:definedcontentas'{md5}0786297b1549c91c1808600d6ec428f3'
Lembrandoqueexistemdiversasvariveisinteressantesdofacterparaseusarcomo$fqdn,$ipaddress_eth0,$kernelversion,eoutras.Muitas
dessasopessoextremamenteteis.Vocpodeusartambmcondicionaiscomoif,elsifeelsenoseguinteesquemalgico:
ifcondio{
blocodecdigo
}
elsifcondio{
blocodecdigo
}
else{
blocodecdigo
}
73
Vocpodeusartambmocasecomorecursointeressanteparadescobrirosistemaoperacionalporexemplo.Resultado:definiodepacotes,
nomedearquivos,enfim,oqueforespecficodedeterminadosistema.Sualgicatrabalhadaseguinteforma:
case$variavel{
valor1:{cdigo}
valor2:{cdigo}
default:{cdigo}
}
Exemplo:
case$operatingsystem{
CentOS,Redhat:{$apache=httpd}
Debian,Ubuntu:{$apache=apache2}
Default:{fail(Alerta:estesistemanofoireconhecido)}
PercebaasimilaridadecomaprogramaoemShell.FicafcilparaadministradoresdesistemasLinux.Vejamosummanifestoqueilustrauma
situaorelativa:
#catlogicus.pp
case$::operatingsystem{
'CentOS':{$apache_pkg='httpd'}
'Redhat':{$apache_pkg='httpd'}
'Debian':{$apache_pkg='apache2'}
'Ubuntu':{$apache_pkg='apache2'}
74
default:{fail
fail("sistemaoperacionalnoreconhecidoparaoservidorweb")}
}
file{'/root/case.txt':
ensure=>present,
content=>"Onomedopacotedoapache:${apache_pkg}\n"
}
RodeestemanifestonoDebianenoCentOSepercebaque
ocontedodoarquivoqueeleirgerar
,nocasoo
case.txt
,serdiferentenosdois
casos.Vocpodeusaraindamltiplosvalores.Porexemplo:
case$operatingsystem{
/Debian|Ubuntu/:{cdigo}
}
Vejamosagoraumexemplodemanifestorelativoaocron:
#catlogicus.pp
cron{'cronupdatedb':
ensure=>'present',
user=>root,
command=>'/usr/bin/updatedb',
minute=>00,
hour=>12,
}
cron{'update':
ensure=>'present',
75
user=>root,
command=>'/usr/bin/aptitudeupdate',
minute=>05,
hour=>12,
}
cron{'upgrade':
ensure=>'present',
user=>root,
command=>'/usr/bin/aptitudeupgradey',
minute=>10,
hour=>12,
}
cron{'backup':
ensure=>'present',
user=>root,
command=>'/bin/tarzcf/var/backups/home.tgz/home/',
minute=>15,
hour=>12,
}
Vamosusarnovamenteorecursodetabelaparaexplicaroqueaconteceu:
cronupdatedb
dissemosparaocronquediariamentes12:00queremosqueelerode
ocomandoupdatedb
update
dissemosparaocronquediariamentes12:05elerodeocomando
aptitudeupdate
76
upgrade
dissemosparaocronquediariamentes12:10elerodeocomando
aptitudeupgradey
backup
dissemosparaocronquediariamentes12:15elefaaumbackup
comocomandotardodiretrio/homeeguardenodiretrio
/var/backup
Aplicandoomanifesto:
Notice:/Stage[main]/Main/Cron[cronupdatedb]/ensure:created
Notice:/Stage[main]/Main/Cron[update]/ensure:created
Notice:/Stage[main]/Main/Cron[upgrade]/ensure:created
Notice:/Stage[main]/Main/Cron[backup]/ensure:created
VamosverificarnoCron:
#crontabl
#HEADER:Thisfilewasautogeneratedat2016060512:14:290300bypuppet.
#HEADER:Whileitcanstillbemanagedmanually,itisdefinitelynotrecommended.
#HEADER:Noteparticularlythatthecommentsstartingwith'PuppetName'should
#HEADER:notbedeleted,asdoingsocouldcauseduplicatecronjobs.
#PuppetName:cronupdatedb
012***/usr/bin/updatedb
#PuppetName:update
77
512***/usr/bin/aptitudeupdate
#PuppetName:upgrade
1012***/usr/bin/aptitudeupgradey
#PuppetName:backup
1512***/bin/tarzcf/var/backups/home.tgz/home/
Comrelaoaosmanifestosaindabomsaberquepossveltrabalharcomclasses.Elaspermitemreaproveitamentodecdigo.Podemos
chamaraindadecoleesderecursos.
Nosoaplicadasanoserquesejamrequisitadas
.Aclassedeveterumnomeescritoemminsculo
etambmumblocodecdigo.Exemplo:
classnome{
blocodecdigo
}
Eparachamladeveestarnomanifesto:
class{nome:}
Vocpodetambmchamarumaclassedentrodeoutra.Exemplo:
classlogicus{
classtreinamentos{
blocodecdigo
}
}
78
Paradeclararestaclassecitadafaacomonoexemplo:
class{logicus::treinamentos:}
Nasequnciavamosfalardemdulosevocencontrardiversasclassesnosmdulospoisasuadinmicaexige.Podemosresumirosmdulos
comoconjuntosdecdigos.VocpodeescreverelesoubaixarmdulosprconstrudosdorepositriodaPuppetLabs.Aestruturadeummdulo
basicamenteseresumedaseguinteforma:
manifests
nestediretrioencontramososmanifests,inclusiveoinit.ppque
obrigatrio
files
nestediretrioencontramososarquivosquesoreferenciadospelo
mdulo
templates
nestediretrioencontramosostemplatesusadospelomdulo
lib
nestediretrioencontramosplugins
spec
nestediretrioencontramostestesdeespecificaoparaosplugins
presentesemlib
tests
nestediretrioencontramosumambientedeteste
Mascomoescolherummdulo?Procuresaberseomdulojfoirecomendadoporalgum,principalmenteatravsdalistadediscussooupelo
irc.Procuresaberseomduloestdeacordocomosistemaeversoquevocestutilizando.Pensetambmnoversionamentodomduloe
79
eviteusarmdulosquenoestejamnaverso1.0.0.,emboramuitasvezesnosejapossvel.Mascomousarosmdulos?Existeumcomando
chamado
puppetmodule
.Comecemospeloseuhelp:
#puppethelpmodule
USAGE:puppetmodule<action>[environmentproduction][modulepath]
Thissubcommandcanfind,install,andmanagemodulesfromthePuppetForge,
arepositoryofusercontributedPuppetcode.Itcanalsogenerateempty
modules,andpreparelocallydevelopedmodulesforreleaseontheForge.
OPTIONS:
renderasFORMATTherenderingformattouse.
verboseWhethertologverbosely.
debugWhethertologdebuginformation.
environmentproductionTheenvironmentPuppetisrunningin.For
clients(e.g.,`puppetagent`)this
determinestheenvironmentitself,whichis
usedtofindmodulesandmuchmore.For
servers(i.e.,`puppetmaster`)thisprovides
thedefaultenvironmentfornodesweknow
nothingabout.
modulepathThesearchpathformodules,asalistof
directoriesseparatedbythesystempath
separatorcharacter.(ThePOSIXpath
separatoris':',andtheWindowspath
separatoris''.)Settingaglobalvaluefor
`modulepathìnpuppet.confisnotallowed
(butitcanbeoverriddenfromthe
commandline).Pleaseusedirectory
environmentsinstead.Ifyouneedtouse
80
somethingotherthanthedefaultmodulepath
of`<ACTIVEENVIRONMENT'SMODULES
DIR>:$basemodulepath`,youcanset
`modulepathìnenvironment.conf.Formore
info,see
<https://docs.puppet.com/puppet/latest/reference/environments.html>
ACTIONS:
buildBuildamodulereleasepackage.
changesShowmodifiedfilesofaninstalledmodule.
generateGenerateboilerplateforanewmodule.
installInstallamodulefromthePuppetForgeorareleasearchive.
listListinstalledmodules
searchSearchthePuppetForgeforamodule.
uninstallUninstallapuppetmodule.
upgradeUpgradeapuppetmodule.
See'puppetmanmodule'or'manpuppetmodule'forfullhelp.
Paralistarosseusmdulosdigite
puppetmodulelist
.Exemplo:
#puppetmodulelist
/etc/puppet/modules
fsalumdashboard(v0.0.5)
puppetlabsapache(v0.10.0)
puppetlabsconcat(v1.0.0)
puppetlabsmysql(v2.1.0)
puppetlabspassenger(v0.2.0)
puppetlabsruby(v0.1.0)
puppetlabsstdlib(v4.1.0)
81
Ecasovocnopossuamdulos:
#puppetmodulelist
/etc/puppet/modules(nomodulesinstalled)
Parapesquisardigite:
puppetmodulesearchnome
.Vejaumexemplo:
#puppetmodulesearchdocker
Notice:Searchinghttps://forgeapi.puppetlabs.com...
NAMEDESCRIPTIONAUTHORKEYWORDS
garethrdockerModuleforinstallingandmanagingdocker@garethrlxcredhat
centosdocker
tsurudockerPuppetmoduletoDocker@tsurutsurudocker
tsurupaas
jgreatdockerManagedockercontainersnativelywitha'docker'Servi...@jgreat
ChrisTheSharkdockerPuppetmoduletoinstallDockeronCentosorUbuntuLin...@ChrisTheShark
ffollonierdockerApuppetmodulethatmanagethedockerenginedaemonco...@ffollonierdocker
jmangtdockerInstallsDocker@jmangt
cristifalcasdockerModuleforinstallingandmanagingdocker@cristifalcasdocker
RHsysengdockersetupdockeronahost@RHsyseng
noppdockerSimpledockermodule@nopp
akegatadockerHandledockercontainersasservicesinRHEL.@akegata
garystafforddocker_machineDownloadsandinstallsDockerMachine@garystafforddockermachine
machinedocker
garystafforddocker_composeDownloadsandinstallsDockerCompose@garystafforddockercompose
composedocker
scottycdocker_swarmAmoduleforDockerSwarm@scottycswarmdocker
narasimhasvdockerInstalldocker@narasimhasv
82
ajsmithdocker_systemdConfiguresystemdservicestorunDockercontainers.@ajsmithsystemddocker
cristifalcasdocker_registryinstallsandconfiguresdockerregistry@cristifalcasdockerregistry
puppetlabsdocker_platformInstalls,configures,andmanagestheDockerdaemonand...@puppetlabs
puppetlabsdocker_ucpInstalls,configures,andmanagestheDockerUniversal...@puppetlabs
praekeltfoundationdocker_firewallSimplifiesmanagementofiptablesruleswhenrunningDo...@praekeltfoundation
markbdocker_registryUNKNOWN@markb
garystaffordfigDownloadsandinstallsFig(http://www.fig.sh)@garystaffordcontainer
dockerfig
cristifalcasflannelflannelisavirtualnetworkthatgivesasubnettoeac...@cristifalcasdockerflannel
cjtoolseramdroneDroneCImodule@cjtoolseramcontinuous
dockercidrone
nickrancherDeployRancher,acontainerorchestrationtool@nickcontainers
dockerrancher
pennycodersmarathonMesosphereMarathoninstallation/managementmodule@pennycodersclouddocker
apachemesos
pennycodersmesosApachemesosinstallation/managementmodule@pennycodersclouddocker
apachemesos
tayzlorweaveModuleforinstallingandconfiguringWeaveforDocker@tayzlorweavedocker
prozetaportauthorityPuppetmoduletobootstrapPortAuthority@prozetaetcdpaas
docker
meltwatermarathonPuppetModuleforMesosMarathon@meltwaterdockermarathon
mesos
stfalconsphinxsearchdockerAmoduleforrunningsphinxindockercontainers@stfalconsphinxdocker
cristifalcaskubernetesConfiguringandinstallingkubernetes@cristifalcaskubectlkubelet
docker
tsurutsuruPuppetmoduletoTsuruPaaS@tsurudockerpaas
cethygaudiModuleforinstallinggaudifromrepositoryongaudi.io...@cethygaudidocker
ajsmithgrafanaGrafanainstanceconfigurationusingDocker.@ajsmithsystemddocker
grafana
ajsmithgraphiteGraphiteserverconfigurationusingDocker.@ajsmithsystemddocker
graphite
83
ajsmithriemannRiemannserverconfiguration.@ajsmithsystemddocker
riemann
momermaestrongModuletosetupabaremetalboxforDocker&Maestrong@momerdockermaestro
fundamentalqueconheaosmduloscriadospelaprpriaPuppetLabs.Veja:
#puppetmodulesearchpuppetlabs
Notice:Searchinghttps://forgeapi.puppetlabs.com...
NAMEDESCRIPTIONAUTHORKEYWORDS
stahnmapuppetlabs_yumSetupthePuppetLabsYumpackagerepo@stahnmacentosrhel
puppetlabsyum
ploperationspuppetlabs_aptInstallsthePuppetLabscommunityaptrepository@ploperationspuppetlabsapt
mmitchellpuppetlabs_ntpUNKNOWN@mmitchell
mmitchellpuppetlabs_ironicPuppetmoduleforOpenStackIronic@mmitchell
puppetlabsstdlibStandardlibraryofresourcesforPuppetmodules.@puppetlabspuppetlabs
stdlibstages
puppetlabscloud_provisionerPuppetCloudProvisioner@puppetlabspuppetlabscloud
ec2aws
puppetlabsjavaInstallsthecorrectJavapackageonvariousplatforms.@puppetlabsjavapuppetlabs
stdlibjdkjre
puppetlabspowershellAddsanewexecproviderforexecutingPowerShellcommands.@puppetlabsexecpowershell
windows
puppetlabsaclThismoduleprovidestheabilitytomanageACLsonnodes@puppetlabsmicrosoftace
acl
puppetlabswsus_clientManageWSUS(WindowsServerUpdateService)settingsforcl...@puppetlabs
puppetlabsdscPowerShellDesiredStateConfiguration(DSC)@puppetlabsdscpowershell
puppetlabswindowsCollectionofPuppetmodulesformanagingMicrosoftWindows.@puppetlabs
puppetlabsdocker_platformInstalls,configures,andmanagestheDockerdaemonandDoc...@puppetlabs
puppetlabslogentriesAmoduletoinstallthelogentriesagent.@puppetlabslogentries
logging
84
puppetlabshoconResourcetypesformanagingsettingsinHOCONfiles@puppetlabs
puppetlabsazureCreateandmanagemachinesrunningonMicrosoftAzurewith...@puppetlabsazurelinux
windowscloud
puppetlabspolicy_engineAmoduleformanagingpolicytestsasstructuredfacts@puppetlabscompliance
securitypolicy
puppetlabscatalog_previewModuleprovidingcatalogpreviewandmigrationfeatures@puppetlabsdeltadiff
catalogpreview
puppetlabsmount_isoMountISOimagesandensurethedrivelettertheyaremount...@puppetlabspowershelliso
imagemount
puppetlabspackage_updatesAmoduleformonitoringforpackageupdates@puppetlabspackagesupdates
patch
puppetlabsdocker_ucpInstalls,configures,andmanagestheDockerUniversalCont...@puppetlabs
puppetlabsibm_installation_managerManagesIBMInstallationManagerandIBMpackages@puppetlabsiimimclwas
websphereibm
puppetlabsapkManagepackagesonAlpineLinuxusingtheAPKpackagemanager@puppetlabs
puppetlabschocolateyChocolateypackageproviderforPuppet@puppetlabspackagedotnet
netmicrosoft
puppetlabsntpInstalls,configures,andmanagestheNTPservice.@puppetlabsntptimeaix
rhelcentosntpd
puppetlabsregistryThismoduleprovidesanativetypeandprovidertomanagek...@puppetlabswindowstype
registrywin32
puppetlabsinifileResourcetypesformanagingsettingsinINIfiles@puppetlabsinifileini
settingsfile
puppetlabsrancherInstallsRancherServerandAgents@puppetlabs
puppetlabsjava_ksManagearbitraryJavakeystorefiles@puppetlabsjavassl
keystorecerts
puppetlabstagmailThismoduleprovidesareportprocessorthatsendseventst...@puppetlabs
puppetlabsnetscalerEnablesPuppetconfigurationofCitrixNetScalerdevicesth...@puppetlabsloadbalancer
networknetscaler
puppetlabslvmProvidesPuppettypesandproviderstomanageLogicalResou...@puppetlabslvmhddvolume
storage
puppetlabsxinetdConfiguresxinetdandexposesthexinetd::servicedefinitio...@puppetlabsxinetdcentos
85
rheldebian
puppetlabsrktInstalls,configures,andmanagestherktcontainerruntime.@puppetlabs
puppetlabsaptProvidesaninterfaceformanagingAptsource,key,anddef...@puppetlabsaptdebian
ubuntudpkgppa
puppetlabsconcatConstructfilesfrommultiplefragments.@puppetlabsconcatfiles
fragments
puppetlabsrebootAddsatypeandproviderformanagingsystemreboots.@puppetlabswindowsreboot
puppetlabsrubyManagesRubyandRubygems.@puppetlabsruby
puppetlabspostgresqlOfferssupportforbasicmanagementofPostgreSQLdatabases.@puppetlabsrhelubuntu
debianpgsql
puppetlabsvcsrepoPuppetmoduleprovidingatypetomanagerepositoriesfrom...@puppetlabscvsvcsreposvn
githgbzr
puppetlabshaproxyConfiguresHAProxyserversandmanagestheconfigurationof...@puppetlabsproxyhaproxylb
loadbalancer
puppetlabsstringsPuppetdocumentationviaYARD@puppetlabsdocsdevpuppet
yardocyard
puppetlabsnetdev_stdlibTypedefinitionsforNetworkingDevice(NetDev)StandardLi...@puppetlabs
puppetlabsnetappManagesresourcesonNetAppClusterDataONTAPdevices.@puppetlabs
puppetlabsciscopuppetCiscoPuppetprovidersandtypesforNXOSdevices@puppetlabsnetworknxos
nxoscisco
puppetlabspe_gemAddsproviderforthePuppetEnterpriseRubygemmanager.@puppetlabspegem
puppetlabscorosyncThismoduleisasetofmanifestsandtypes/providersforq...@puppetlabsdebianha
heartbeatpacemaker
puppetlabspe_puppetserver_gemPuppetLabsPEPuppetserverGemModule@puppetlabs
puppetlabsmysqlInstalls,configures,andmanagestheMySQLservice.@puppetlabsmysqlcentos
rhelubuntu
puppetlabsaccountsAccountmanagementmodule.@puppetlabs
puppetlabsfirewallManagesFirewallssuchasiptables@puppetlabsredhatcentos
debianubuntu
puppetlabsgitModuleforinstallingGitorGitosis.@puppetlabs
puppetlabstftpInstallsandmanagesTFTPserviceandconfiguration.@puppetlabsdebianubuntu
tftpcentosrhel
86
puppetlabspassengerConfiguresandmanagesPassenger.@puppetlabsapachepassenger
railsrack
puppetlabsgce_computeNativetypesformanagingGoogleCloudPlatforminfrastruct...@puppetlabsdevicecompute
googlegce
puppetlabsrabbitmqInstalls,configures,andmanagesRabbitMQ.@puppetlabsamqpstompqueue
centosrhel
puppetlabspuppetdbInstallsPostgreSQLandPuppetDB,setsuptheconnectionto...@puppetlabspuppetpuppetdb
storeconfig
puppetlabsmotdAsimplemoduletodemonstratemanaging/etc/motdorWindow...@puppetlabstesting
puppetlabslib_puppetPuppetLabslib_puppetmodule@puppetlabspuppet
puppetlabsappdirectorPuppetAppDirector@puppetlabsvmware
puppetlabskwalifyAsetofkwalifyrelatedfunctionsforpuppet.@puppetlabsvalidation
kwalify
puppetlabsapacheInstalls,configures,andmanagesApachevirtualhosts,web...@puppetlabswebhttpdrhel
sslwsgiproxy
puppetlabsmssqlPuppetLabsMicrosoftSQLServerModule@puppetlabsdatabasewindows
mssqlsql2008
puppetlabsmongodbInstallsMongoDBonRHEL/Ubuntu/Debian.@puppetlabsnosqlcluster
mongomongodb
puppetlabsdenyhostsConfigureDenyHosts@puppetlabssecurity
denyhosts
puppetlabsnode_openstackCloudProvisionersupportforOpenStack@puppetlabsopenstacknova
vm
puppetlabsvcli_rsyslogPuppetEnterprisemoduleforsaz/rsyslog@puppetlabsvclirsyslog
puppetlabslimitsDefinedresourcetypeformanaging/etc/security/limits@puppetlabs
puppetlabsawsThismoduleprovidestheabilitytomanageAWSresources@puppetlabs
puppetlabstransitionTransitionstateresourcetype@puppetlabstransition
catalog
puppetlabscloudformationModuletodeployCloudformationFace@puppetlabspuppetec2
amazonpecfn
puppetlabsawsdemo_profilesPuppetmoduletomanage"profiles"andhigherlevelabstrac...@puppetlabsawsdemo
puppetlabstomcatInstalls,deploys,andconfiguresApacheTomcatwebservices.@puppetlabstomcat
87
puppetlabsdhcpManagetheISCdhcpdaemon@puppetlabsdhcp
puppetlabssqliteManageasqliteinstallationanddatabases@puppetlabsdatabasesqlite
puppetlabspuppet_authorizationModuletomanageauth.conf.@puppetlabs
puppetlabspe_upgradeAutomatedupgradesofPE@puppetlabsenterprise
upgradepuppet
puppetlabsdismProvidesaDISMpuppetresourcetypeonWindows.@puppetlabswindowsdism
puppetlabsvcentervcenterpuppetmodule@puppetlabswindowsvmware
vcentervsphere
puppetlabsrsyncManagesrsyncclients,repositories,andservers,&providi...@puppetlabsrsync
puppetlabsmount_providersProvidesthemounttabandmountpointresourcetypes.@puppetlabssolarislinux
mountmounttab
puppetlabsopenstackInstall,configure,andmanageafullinstallationofOpenS...@puppetlabsicehousecloud
openstack
puppetlabspuppet_agentUpgradesPuppet3.8andAllInOnePuppetAgents@puppetlabs
puppetlabsboundaryBoundarymetermodule@puppetlabsnetworkboundary
bprobeprobe
puppetlabssplunkManageanddeploySplunkserversandforwarders@puppetlabssplunk
puppetlabsmrepoConfiguresandmanagesmrepomirrors@puppetlabsrpmyummrepo
mirror
puppetlabsazure_agentTheAzuremoduleinstallsandconfigurestheWindowsAzure...@puppetlabs
puppetlabsnodejsInstallNode.jspackageandnpmpackageprovider.@puppetlabsdebiannodejs
ubuntunpm
puppetlabsactivemqInstallsandconfiguresActiveMQ.@puppetlabsjavaamqpstomp
stdlib
puppetlabsstunnelAmoduleforcreatingsecuretunnels@puppetlabsdebianssl
securitytunneltls
puppetlabsopennebulaOpenNebulaModule@puppetlabscloudopennebula
puppetlabspuppetserver_gemPuppetLabsPuppetserverGemModule@puppetlabs
puppetlabsgccModuleforinstallinggccbuildutils@puppetlabsgcccompiler
puppetlabsmcollectiveInstalls,configures,andmanagesMCollectiveagents,clien...@puppetlabsclientamqp
stompserver
puppetlabsdashboardPuppetmoduleforthePuppetDashboard@puppetlabspuppetdashboard
88
consoleface
puppetlabsnode_gcePuppetGoogleComputeModule@puppetlabsnodegcecloud
google
puppetlabsbaculaThismodulemanagesabaculainfrastructure@puppetlabsbackupbacula
puppetlabsdrbdDRBDmodule@puppetlabshadrbdfailover
puppetlabswin_desktop_shortcutManagesashortcutonaWindowsdesktopforallusers@puppetlabswindowsdesktop
shortcut
puppetlabsrazorRazorpuppetmodule@puppetlabsrazorubuntu
puppetlabsnginxPuppetNGINXmanagementmodule@puppetlabshttpwebproxy
nginxhttps
puppetlabspuppet_hipchatDeplyandmanagethePuppetHipChataddonapplication@puppetlabschatopshipchat
pltrainingkickstandModuletoassistintheprovisioninglabfortheAdvancedP...@pltrainingpuppetlabs
trainingadvanced
pltraininguserprefsSimpleuseruserprefsmanagement@pltrainingpuppetlabs
training
Parainstalarummduloesuasdependnciasdigite:
puppetmoduleinstallnome
.Exemplo:
#puppetmoduleinstallpuppetlabsfirewall
Notice:Preparingtoinstallinto/etc/puppet/modules...
Notice:Downloadingfromhttps://forgeapi.puppetlabs.com...
Notice:Installingdonotinterrupt...
/etc/puppet/modules
puppetlabsfirewall(v1.8.0)
Umcomentriodepassagemsobreainstalaesdemdulososeguinte:paraignorarasdependnciasuse
ignoredependencies
.Exemplo:
puppetmoduleinstallasteriskignoredependencies
.Paradefinirumaverso:
version
.Exemplo:
puppetmoduleinstallasterisk
version
.VamosinstalaromodulodaPuppetlabspara
motd
.Faa:
89
#puppetmoduleinstallpuppetlabsmotd
Notice:Preparingtoinstallinto/etc/puppetlabs/code/environments/production/modules...
Notice:Downloadingfromhttps://forgeapi.puppetlabs.com...
Notice:Installingdonotinterrupt...
/etc/puppetlabs/code/environments/production/modules
puppetlabsmotd(v1.4.0)
puppetlabsregistry(v1.1.3)
puppetlabsstdlib(v4.12.0)
Vamosaplicaromdulo:
#puppetapplye"includemotd"
Notice:Compiledcatalogforcentos.logicus.localinenvironmentproductionin0.36seconds
Notice:/Stage[main]/Motd/File[/etc/motd]/content:contentchanged'{md5}d41d8cd98f00b204e9800998ecf8427e'to
'{md5}e44d7cea8fa84d927015444592b74830'
Agorafaaumacessoviasshdeoutramquinaparatestaronovomotd:
~$sshroot@192.168.0.106
Theauthenticityofhost'192.168.0.106(192.168.0.106)'can'tbeestablished.
ECDSAkeyfingerprintise3:37:9c:bd:4a:2e:31:cb:f8:ae:d6:fe:40:f7:a2:b1.
Areyousureyouwanttocontinueconnecting(yes/no)?yes
Warning:Permanentlyadded'192.168.0.106'(ECDSA)tothelistofknownhosts.
root@192.168.0.106'spassword:
Lastlogin:MonJun611:19:362016fromcentos.logicus.local
90
TheoperatingsystemisCentOS
Thefreememoryis768.45MiB
Thedomainislogicus.local
Ouseja,astrsltimaslinhasqueindicamosistemaoperacional,amemriaeodomnioforamadicionadasaoarquivomotdpelomdulo
instalado.Paradesinstalardigite:
puppetmoduleuninstallnome
.Exemplo:
#puppetmoduleuninstallproxy
Notice:Preparingtouninstall'proxy'...
Removed'proxy'from/opt/puppetlabs/puppet/modules
Masvocnotemomduloproxycerto?MastemoFirewall.DesinstalecomoprticaomdulodeFirewalletentepensarnoporqunada
aconteceuquandovocinstalouele.Essapegadinhaparapensar!Masesevocquisercriarummdulo?Primeirogarantaqueestejano
diretriorelativoaosmdulos:
#pwd
/opt/puppetlabs/puppet/modules
Useaopo
generate
erespondaasperguntasqueserofeitasemrelaoaomduloasercriado:
#puppetmodulegeneratelogicusutils
Weneedtocreateametadata.jsonfileforthismodule.Pleaseanswerthe
followingquestionsifthequestionisnotapplicabletothismodule,feelfree
toleaveitblank.
91
PuppetusesSemanticVersioning(semver.org)toversionmodules.
Whatversionisthismodule?[0.1.0]
>0.1.0
Whowrotethismodule?[logicus]
>logicus
Whatlicensedoesthismodulecodefallunder?[Apache2.0]
>apache2.0
Howwouldyoudescribethismoduleinasinglesentence?
>otimizaodalogicus
Whereisthismodule'ssourcecoderepository?
>
Wherecanothersgotolearnmoreaboutthismodule?
>logicus.com.br
Wherecanothersgotofileissuesaboutthismodule?
>
{
"name":"logicusutils",
"version":"0.1.0",
"author":"logicus",
"summary":"otimizaodalogicus",
"license":"apache2.0",
"source":"",
"project_page":"logicus.com.br",
"issues_url":null,
92
"dependencies":[
{"name":"puppetlabsstdlib","version_requirement":">=1.0.0"}
],
"data_provider":null
}
Abouttogeneratethismetadatacontinue?[n/Y]
>y
Notice:Generatingmoduleat/opt/puppetlabs/puppet/modules/utils...
Notice:Populatingtemplates...
Finishedmodulegeneratedinutils.
utils/Gemfile
utils/Rakefile
utils/examples
utils/examples/init.pp
utils/manifests
utils/manifests/init.pp
utils/spec
utils/spec/classes
utils/spec/classes/init_spec.rb
utils/spec/spec_helper.rb
utils/README.md
utils/metadata.json
Agorasmodificaraestruturadeacordocomasuademanda.Paracriarumtarballdomdulo:
#puppetmodulebuildutils/
Notice:Building/opt/puppetlabs/puppet/modules/utilsforrelease
93
Modulebuilt:/opt/puppetlabs/puppet/modules/utils/pkg/logicusutils0.1.0.tar.gz
Masvaledizerqueseoseudesejocriarmdulosoueditarmdulosexistentesvocpodeusarumeditorchamado
Geppetto
.Tratasedeuma
IDEambientededesenvolvimentointegrado,construdasoboEclipse.umaferramentaparadesenvolvimentodemdulosemanifestos.Nele
voctemrealcedesintaxe,depuraoeaindapodefazer:
Criarnovosprojetos
criarprojetosdemanifestosoumdulosdozerooubaseadosem
projetosexistentesnoGitouSVN
Gerenciarcontroledeverso
criarnovosprojetosnoGitouSVNouatmesmoimportarprojetos
existentesedepoisatualizlos
ImportareexportarnoForge
trabalharcomprojetosexistentesounovoseenvilosdiretamente
paraoForge
Parainstalaracesseolink:
https://puppetlabs.github.io/geppetto/download.html
efaadownloaddeacordocomamquinadeondeirrealizaro
desenvolvimento.Exemplo:
94
95
Apsodownloaddescompacteoarquivo:
$unzipgeppettolinux.gtk.x86_644.3.1R201501182354.zip
Acesseapastadescompactada.Percebaquehdiversosarquivosnesta:
$lsl
total216
rwrr1gustavogustavo65151Jan192015artifacts.xml
drwxrxrx4gustavogustavo4096Jan192015configuration
rwrr1gustavogustavo15551Jan182015eplv10.html
drwxrxrx28gustavogustavo4096Jan192015features
rwxrxrx1gustavogustavo74675Jan192015geppetto
rwrr1gustavogustavo244Jan192015geppetto.ini
rwxrxrx1gustavogustavo10616Jan192015icon.xpm
rwrr1gustavogustavo2056Jan182015notice.html
drwxrxrx4gustavogustavo4096Jan192015p2
drwxrxrx4gustavogustavo28672Jan192015plugins
Executeoarquivogeppettonapastadescompactada!
96
97
Vamosabrirummduloexistenteparaedio.CliqueemFileedepoisemImport.SelecioneaopoPuppeteemseguidaFromForge
Repository,comoindicadoabaixo:
98
InsiranaseoKeywordsearchumapalavrachaveparabuscadomdulo.VamosusarapalavraFirewall:
99
Iroaparecertodososmdulosrelativosapalavrachavequefoibuscada.Selecioneaopopuppetlabsfirewall1.1.3comonafiguraabaixo:
100
Umavezselecionadaaopoumanovacaixaserabertaparaconfirmao:
101
CliqueemFinisheomduloserabertoparaedio:
102
Ok!Agoravocdeveestarpensandoqueescritademdulojalgomuitoavanado,erealmente,vocprecisaseaprofundarumpoucomais
antes.Poristovamoslhedaroutradicaquentequeaseguinte:aPuppetLabsdisponibilizaumamquinavirtualcomoPuppetinstaladoe
configuradoparaquevocpossaaprender.Iniciaroaprendizadoporelainclusiveomelhorcaminho!TratasedeumaVMcomCentOs
disponvelparadownload.Olinkparadownload:
http://info.puppetlabs.com/downloadlearningpuppetVM.html.
Apsrealizarodownload
descompacteoarquivobaixado:
103
$unziplearning_puppet_vm.zip
Archive:learning_puppet_vm.zip
creating:learning_puppet_vm/
inflating:learning_puppet_vm/.DS_Store
creating:__MACOSX/
creating:__MACOSX/learning_puppet_vm/
inflating:__MACOSX/learning_puppet_vm/._.DS_Store
inflating:learning_puppet_vm/puppet2016.1.2learning5.1.ova
inflating:__MACOSX/learning_puppet_vm/._puppet2016.1.2learning5.1.ova
inflating:learning_puppet_vm/readme.rtf
inflating:__MACOSX/._learning_puppet_vm
NocrieumanovaVM.Importeaquefezdownload!Exemplo:
104
Antesdeacessararedepelaprimeiravezcertifiquesedequeconfigurouarededamquinavirtualnomodobridged.Vejamos:
105
106
Percebaquenosfoiindicadoip,usernameesenha.FaaoseuloginviassheverifiqueaversodoPuppet:
root@learning:~#puppetV
4.4.2
SevocacessarvianavegadoratravsdeHTTPoendereodavmteracessoaumroteirodeaprendizagemcuidadosamenteelaboradopela
PuppetLabs,fenomenal!Vejamos:
107
SevocacessaropainelviaHTTPSteracessoaopaineldoPuppet:
108
Paraacessaruseologinadmineasenhapuppetlabs.Vocverumatelacomoabaixo:
109
110
Duranteosseusestudosvocepodeseutilizaroquest,quelheauxilianoacompanhamentodoaprendizadoemPuppet:
#questhelp
NAME
questTrackthestatusofquestsandtasks.
SYNOPSIS
quest[globaloptions]command[commandoptions][arguments...]
GLOBALOPTIONS
helpShowthismessage
COMMANDS
beginBeginaquest
helpShowsalistofcommandsorhelpforonecommand
listListavailablequests
statusShowstatusofthecurrentquest
Ouseja,namedidaemquevocfortrabalhandocomasquestsindicadasnaspginasquevocacessouviaHTTPparaaprenderPuppetcomo
roteirocriadopelaPuppetLabsvocpoderircontrolandooquejresolveu.Porexemplo:
#queststatus
Quest:welcome
Task1:UsepuppetVtocheckthepuppetversion
Task2:Viewtheoptionsforthequesttool
XTask3:Checkthequeststatus
111
EssaumaformamuitointeressanteemboraofocodestaVMsejaaversoEnterprisedoPuppet.Noentantomuitacoisaquevocirvercom
estaVMpodeserusadanaversoparacomunidadequevimosnesteartigo.Dequalquerformaofatoquesevocchegouataquijtemasua
prpriainfralevantadaconformeoroteiroquelheindicamos.OqueveremosagoracomoinstalaroPuppetServerparaqueestecomandeo
quedevehavernasdemaismquinasdainfra,ouseja,ocaraqueirdizeroqueosoutrosservidoresdeveroter,entodeixeaVMde
aprendizagemdoPuppetumpoucodelado(masnodeixadeestudlaquandoterminaresteartigo)eretorneparaainfraquemontamosjuntos
paravermossobreoPuppetServer.OPuppetServerrodasobreJVM.BasicamentepodemosdizerqueoPuppetServerveiosubstituiroantigo
PuppetMaster.Vamosmostrarasduasformasdeinstalao,masvamoscomearpeloPuppetServerqueprovavelmenteoquevocirquerer
usar.NocasodoPuppetServernoentantoimportantequevoctenhaumamquinacompelomenosuns4GigasdeRamparaevitar
problemasquepossamocorrernainicializaodoservio.VamosaproveitaramquinadoCentOS7presenteemnossainfra.Confiraseu
/etc/hosts:
#cat/etc/hosts
127.0.0.1localhostlocalhost.localdomain
192.168.0.107centos.logicus.localcentospuppet
ParainstalaroPuppetServer:
#yuminstallpuppetserver
Aumenteotimeoutdosystemd:
#echo"START_TIMEOUT=300">>/etc/sysconfig/puppetserver
112
Antesdeiniciaroserviogereocertificado:
#puppetcertgeneratecentos.logicus.localdns_alt_names=puppet
Inicieoservio:
#systemctlstartpuppetserver
Confira:
#systemctlstatuspuppetserver
puppetserver.servicepuppetserverService
Loaded:loaded(/usr/lib/systemd/system/puppetserver.servicedisabledvendorpreset:disabled)
Active:active(running)sinceSeg2016060621:29:08BRT6minago
Process:2860ExecStartPost=/bin/bash${INSTALL_DIR}/ezbakefunctions.shwait_for_app(code=exited,status=0/SUCCESS)
Process:2856ExecStartPre=/usr/bin/installdirectoryowner=puppetgroup=puppetmode=775/var/run/puppetlabs/puppetserver
(code=exited,status=0/SUCCESS)
MainPID:2859(java)
CGroup:/system.slice/puppetserver.service
2859/usr/bin/javaXms2gXmx2gXX:MaxPermSize=256mXX:OnOutOfMemoryError=kill9%p
Djava.security.egd=/dev/urandomcp/opt/...
Jun0621:28:29centos.logicus.localsystemd[1]:StartingpuppetserverService...
Jun0621:28:29centos.logicus.localjava[2859]:OpenJDK64BitServerVMwarning:ignoringoptionMaxPermSize=256msupportwas
removedin8.0
Jun0621:28:37centos.logicus.localjava[2859]:Warning:Thefollowingoptionstoparseoptsareunrecognized::flag
Jun0621:29:08centos.logicus.localsystemd[1]:StartedpuppetserverService.
113
Jun0621:36:03centos.logicus.localsystemd[1]:StartedpuppetserverService.
Garantaqueoarquivodeconfiguraodopuppet,o
puppet.conf
,estejacomoagentdevidamenteindicadoparaevitarproblemacomo
certificado:
#cat/etc/puppetlabs/puppet/puppet.conf|grepvE'^#'
[master]
vardir=/opt/puppetlabs/server/data/puppetserver
logdir=/var/log/puppetlabs/puppetserver
rundir=/var/run/puppetlabs/puppetserver
pidfile=/var/run/puppetlabs/puppetserver/puppetserver.pid
codedir=/etc/puppetlabs/code
[agent]
certname=centos.logicus.local
Vamoselaborarumaconfiguraodeteste:
#cat/etc/puppetlabs/code/environments/production/manifests/site.pp
node"centos.logicus.local"{
package{'lynx':
ensure=>present,
}
}
Empurreaconfigurao:
114
#puppetagentt
Info:Usingconfiguredenvironment'production'
Info:Retrievingpluginfacts
Info:Retrievingplugin
Info:Cachingcatalogforcentos.logicus.local
Info:Applyingconfigurationversion'1465261549'
Notice:/Stage[main]/Main/Node[centos.logicus.local]/Package[lynx]/ensure:created
Info:Creatingstatefile/opt/puppetlabs/puppet/cache/state/state.yaml
AgoraverifiquequeemseuCentOSqueestatuandocomoclienteeservidoraomesmotempojestinstaladooLynx.Ouseja,empurramosa
configuraousandoamesmamquinacomopuppetagentepuppetserveraomesmotempo.SeaoinvsdoCentOSvocpreferiroUbuntu
16.04comoservidordeconfiguraesfaanoUbuntu:
#aptgetinstallpuppetserver
Parainiciaroservio:
#servicepuppetserverstart
Confira:
#servicepuppetserverstatus
puppetserver.servicepuppetserverService
115
Loaded:loaded(/lib/systemd/system/puppetserver.servicedisabledvendorpreset:enabled)
Active:active(running)sinceSeg2016060614:36:00BRT9sago
Process:21260ExecStartPost=/bin/bash${INSTALL_DIR}/ezbakefunctions.shwait_for_app(code=exited,status=0/SUCCESS)
Process:21254ExecStartPre=/usr/bin/installdirectoryowner=puppetgroup=puppetmode=775/var/run/puppetlabs/puppetserver
(code=exited,
MainPID:21259(java)
Tasks:26
Memory:1.0G
CPU:57.389s
CGroup:/system.slice/puppetserver.service
21259/usr/bin/javaXms2gXmx2gXX:MaxPermSize=256mXX:OnOutOfMemoryError=kill9%p
Djava.security.egd=/dev/urandomcp/opt/pu
Jun0614:35:20ubuntusystemd[1]:StartingpuppetserverService...
Jun0614:35:20ubuntujava[21259]:OpenJDK64BitServerVMwarning:ignoringoptionMaxPermSize=256msupportwasremovedin8.0
Jun0614:35:28ubuntujava[21259]:Warning:Thefollowingoptionstoparseoptsareunrecognized::flag
Jun0614:36:00ubuntusystemd[1]:StartedpuppetserverService.
EacerteoarquivodeconfiguraocomofeitoanteriormentenoCentOS.SevoctiverdificuldadecomoPuppetServerepreferirusaroPuppet
MasterporusaroDebianWheezyaoinvsdoJessie,sigaoroteiroabaixo.ParainstalaroPuppetMasternoDebianWheezybaixeeinstaleo
release:
#wgethttp://apt.puppetlabs.com/puppetlabsreleasepc1wheezy.deb
#dpkgipuppetlabsreleasepc1wheezy.deb
#aptgetupdate
Noseesqueaquenasmquinasclientesopacotecorretoopuppetagent.NamquinaescolhidaparaseroMasterfaremosdiferente.
Faremososeguinte:
116
#aptgetinstallypuppetpuppetcommonpuppetelpuppettestsuitepuppetmasterpuppetmastercommonvimpuppet
Pareoservio:
#kill9$(psaux|greppuppet|grepvgrep|awk'{print$2}')
Paradesabilitaroincioautomtico:
#sedi"s/START=yes/START=no/g"/etc/default/puppetmaster
Instaleopassenger:
#aptgetinstallpuppetmasterpassenger
Verifiqueseoserviofoilevantadonaportacorreta:
#netstata|grep8140
tcp600[::]:8140[::]:*LISTEN
Aoacessaroipdomasterviahttpsnaporta8140deveaparecernoseunavegadorafraseTheenvironmentmustbepurelyalphanumeric,not''.
Istosignificarqueomasterestlevantado!Ouseja,paraencerrar,lembresedequeparafazerascomunicaesentreasmquinasagenteseo
117
servidorprecisoinserirnoarquivo
puppet.conf
(exatamentecomofeznoexemplodoCentOS)aconfiguraoqueapontaparaoserver.Ao
realizarocomando
puppetagenttest
(nasmquinasclientes)porexemplovocdeverrecebernoservidorquevaigerenciarosnsas
seguintesrequisiesdecertificado:
#puppetcertlista
"ubuntu.logicus.local"(SHA256)A1:54:6E:80:EB:F8:9C:93:A3:26:6A:3E:83:09:76:52:90:27:C1:CC:5C:08:5B:0B:F5:13:3C:B7:3B:32:B1:A1
"debian.logicus.local"(SHA256)70:63:48:79:56:15:17:6C:E6:DF:E6:03:04:75:E7:A6:3E:03:CF:5D:93:90:7C:64:77:9C:34:88:F7:87:FC:9D
+"centos.logicus.local"(SHA256)10:B0:53:45:2C:E6:1C:BE:57:4F:12:A3:1C:A4:87:6C:04:96:50:32:7D:9D:DB:7D:61:45:B8:FB:94:7D:A1:2B
(altnames:"DNS:centos.logicus.local","DNS:puppet")
Paraliberarfaaporexemplonamquinaemqueestinstaladoopuppetserver:
#puppetcertsignubuntu.logicus.local
Ouparatodasasrequisies:
#puppetcertsignall
AgoracomasmquinassecomunicandocomoPuppetServerrepitaopassorealizadonoCentOScomrelaoainstalaodolynxsque
indicandocomonodeasmquinasclientes.Istobomparapraticar!Porfimgostariamosdefalarqueexisteumaferramentachamada
Mcollectiveparaocasodequererenviarcomandosmaisrapidamenteparatodososmembrosdasuainfra.OMcollectiveumFrameworkque
visaservirparaorquestrao.Suaideiadequeexecutaaesemservidoressimultaneamente.Vejamosumapequenatabeladoquepossvel
fazercomMCollective:
118
Pode?
Oqu?
Sim
Interagircomumnmeropequenoougrandedeclusters
Sim
Ferramentassimplesemlinhadecomandoparachamaragentesremotos
Sim
Plugveleadaptvelasnecessidadeslocais
Sim
ReutilizarcapacidadedeMiddlewareparaclustering,roteamentoeisolamento
derede.Comistopossvelconfiguraesseguraseescalveis
NossoobjetivocomesteartigoquevocfossecapazdecompreenderalgicadoPuppet,criarmanifestoslocalmente,instalaredesinstalar
mdulos,instalaroPuppetServeresercapazdeempurrarumaconfiguraonarede.Esperamosterdespertadooseuinteresseparaomundo
DevOpscomestaferramentamaravilhosaqueoPuppet!Nodeixedeestudarmaisaindasobreoutrasferramentascomoporexemploo
Ansible!
Haveanicehackingday!
119

Education Paper Puppet

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Education Paper Puppet

Hochgeladen von

Copyright:

Verfügbare Formate

EducationPaper:

Das könnte Ihnen auch gefallen