Managing Linux Using Puppet

Setting Up the Machine

For the purposes of this article, I'm using the example of configuring developers' desktops. The example desktop machine is a clean Ubuntu 12.04 with the hostname puppet-test; however, any version of Linux should work with almost no differences. I will be working using an empty git repository on a private git server. If you are going to use GitHub for this, do not put any sensitive information in there, in particular keys or passwords.

Puppet is installed on the target machine using the commands shown in Listing 1. The install simply sets up the Puppet Labs repository and installs git and Puppet. Notice that I have used specific versions of puppet-common and the puppetlabs/apt module. Unfortunately, I have found Puppet tends to break previously valid code and its own modules even with minor upgrades. For this reason, all my machines are locked to specific versions, and upgrades are done in a controlled way.

Listing 1. Installing Puppet


wget https://apt.puppetlabs.com/puppetlabs-release-precise.deb
dpkg -i puppetlabs-release-precise.deb
apt-get update
apt-get install -y man git puppet-common=3.7.3-1puppetlabs1
puppet module install puppetlabs/apt  --version 1.8.0

Now Puppet is installed, so let's do something with it.

Getting Started

I usually edit the manifests on my desktop and then commit them to git and push to the origin repository. I have uploaded my repository to GitHub as an easy reference, which you may wish to copy, fork and so on.

In your git repository, create the file manifests/puppet-test.pp, as shown in Listing 2. This file illustrates a few points:

  • The name of the file matches the hostname. This is not a requirement; it just helps to organize your manifests.

  • It imports the apt package, which is a module that allows you to manipulate installed software.

  • The top-level item is "node", which means it defines the state of a server(s).

  • The node name is "puppet-test", which matches the server name. This is how Puppet determines to apply this specific node.

  • The manifest declares that it wants the vim package installed and the emacs package absent. Let the flame wars commence!

Listing 2. manifests/puppet-test.pp


include apt


node 'puppet-test' {
    package { 'vim':
        ensure => 'present'
    }

    package { 'emacs':
        ensure => 'absent'
    }
}

Now you can use this Puppet configuration on the machine itself. If you ssh in to the machine (you may need ssh -A agent forwarding so you can authenticate to git), you can run the commands from Listing 3, replacing gitserver with your own.

Listing 3. Cloning and Running the Repository


git clone git@gitserver:Puppet-LinuxJournal.git
 ↪/etc/puppet/linuxjournal
puppet apply /etc/puppet/linuxjournal/manifests
 ↪--modulepath=/etc/puppet/linuxjournal/
↪modules/:/etc/puppet/modules/

This code clones the git repository into /etc/puppet/linuxjournal and then runs puppet apply using the custom manifests directory. The puppet apply command looks for a node with a matching name and then attempts to make the machine's state match what has been specified in that node. In this case, that means installing vim, if it isn't already, and removing emacs.

Creating Users

It would be nice to create the developer user, so you can set up that configuration. Listing 4 shows an updated puppet-test.pp that creates a user as per the developer variable (this is not a good way to do it, but it's done like this for the sake of this example). Note how the variable is preceded by $. Also the variable is substituted into strings quoted using "but not with" in the same way as bash.

Listing 4. /manifests/puppet-test.pp


include apt


node 'puppet-test' {
    $developer = 'david'

    package { 'vim':
        ensure => 'present'
    }

    package { 'emacs':
        ensure => 'absent'
    }

    user { "$developer":
        ensure => present,
        comment => "Developer $developer",
        shell => '/bin/bash',
        managehome => true,
    }
}

Let's apply the new change on the desktop by pulling the changes and re-running puppet apply as per Listing 5. You now should have a new user created.

______________________

David Barton is Managing Director of OneIT, a company specializing in custom business software development. He's been using Linux since 1998 and managing OneIT's Linux servers for more than 10 years.