Puppet

Puppet CLI

• Bootstrap client

    puppet agent -t --server <puppet master> [<options>]
  

• Display facts:

    facter              # All system facts
    facter -p           # All system and Puppet facts
    facter -y           # YAML
    facter -j           # JSON
  
    facter [-p] <name>  # A specific fact
  
    # Examples
    facter memoryfree
    facter is_virtual processor0
  

• Injecting Facts:

  env FACTER_<fact name>=<fact value> puppet apply site.pp
  

• Find out effective classes on a node

  cat /var/lib/puppet/classes.txt
  

• Find out when which file was modified

  cd /var/lib/puppet
  for i in $(find clientbucket/ -name paths); do
      echo "$(stat -c %y $i | sed 's/\..*//')       $(cat $i)";
  done | sort -n
  

• Puppet Dry Run:

  puppet agent --noop --verbose
  

• Disable agent

  puppet agent --disable
  puppet agent --disable <info message>   # Only recent versions
  puppet agent --enable
  

• Executing selective classes

  puppet agent --tags Some::Class
  

• Managing Certificates (on master)

  puppet cert list
  puppet cert list --all
  puppet cert sign <name>
  puppet cert clean <name>   # removes cert
  

• Managing Nodes

  puppet node clean <name>   # removes node + cert
  

• Managing Modules

  puppet module list
  puppet module install <name>
  puppet module uninstall <name>
  puppet module upgrade <name>
  puppet module search <name>
  

• Inspecting Resources/Types

  puppet describe -l
  puppet resource <type name>
  
  # Querying Examples
  puppet resource user john.smith
  puppet resource service apache
  puppet resource mount /data
  puppet resource file /etc/motd
  puppet resource package wget
  
  # Trigger puppet run from master
  puppet kick <name>
  puppet kick -p 5 <names>      # 5 parallel
  

• Debugging deployment and rules on a local machine. This only makes sense in “one time” mode running in one of the following variants:

  puppetd --test # enable standard debugging options
  puppetd --debug # enable full debugging
  puppetd --one-time --detailed-exitcodes # Enable exit codes:
             # 2=changes applied
             # 4=failure
  

• Gepetto: Puppet IDE

• puppet - Correctly using Roles and Profiles

Puppet 2/3 Master

Enable debugging: Add to /etc/puppet/rack/config.ru

ARGV << "--debug"

and restart the Passenger.

Puppet DSL

Snippets

notify { 'message': loglevel => 'err' }

Check for file

if file_exists('somefile.txt') == 1 { }

Execute commands (evil!)

exec { "mkdir -p $dir":
    command => "/bin/mkdir -p $dir",
    creates => $dir
}

Merging Arrays

$result = split(inline_template("<%= (array1+array2).join(',') %>"),',')

Exceptions

fail('This is a parser time error')

Conditions

if $var == 'value' {
}

case $::lsbdistcodename {
    'squeeze': {
        }
        'wheezy', 'jessie': {
        }
        default {
        }
}

ERB Syntax

ERB Tags

<%= ruby code, result inserted %>
<% ruby code, result not inserted %>  # use for loops, conditions...
<%- like above, but strips leading+trailings spaces from output -%>
<%# comment %>

<%%  # literal <%
%%>  # literal %>

Using Variables

<%= @name %>              # variable visible in current scope
<%= scope.lookupvar('name') %>        # search in all scopes
<%= scope['somewhere::name'] %>       # Puppet 3 scope access

Conditions

<% if @name != nil %>
   Well, @name is set!

   When checking if a variable exists/is set 
   always do check for nil! Everything else is unsafe.
<% end %>

<% if @name ~ /.* Smith$/ %>
   Matches
<% end %>

Augeas

Augeas - in Puppet: Using Puppet with Augeas

augeas { "sshd_config":
 changes => [
 "set /files/etc/ssh/sshd_config/PermitRootLogin no",
 ],
}

Testing

• Validate manifest

  puppet parser validate <manifest>
  

• Validate ERBs

  erb -x -T '-' <template> | ruby -c 
  

• puppet-rspec: Testing Puppet modules with rspecs

• Beaker: Puppet acceptance testing in VMs

Misc

• Vim Autoformatting for Puppet
• Vim puppet-lint
• Atom Editor puppet-lint