Learn how to use already developed public modules and reuse them for tasks in MPLI productions.
- [Instructor] In this section, we're going to be looking at public modules. Those are modules that are maintained out in the public, and most of these modules are going to be found on the forge they may find them on Get Hub or other places the forge is a great place to start, and this is where all the modules are listed. There's two subcategories on the side in addition to just random public modules, there's also a set of Puppet supported modules, and those ones are actually maintained by Puppet employees. And there's also Puppet approved and Puppet approved ones are basically they've had some sort of standards applied to them and they've basically got an endorsement from Puppet.
So if we come and we look at the Puppet supported, these are sorted by the number of downloads, and standard lib is always at the top of this list. So that's a really good one to start with, and many of the features that are in standard lib are now part of the core Puppet. We'll look at one of the ones that's quite useful in it to start with but first of all, we'll download it. Now, any of these modules that you find on the Forge, the first thing you want to look over here is at the project URL, and this'll take you over to Get Hub or wherever the project is hosted, and then you can go and look through the code yourself and see what you think of the code.
I wouldn't just randomly download things without taking a look at the code first. Let's start by downloading that. So first thing I want to do is I want to run puppet config print modulepath, and this is going to tell me where my modules are coming from. So now what I want to do is just make sure there's nothing in there right now. So I want to look in my .puppet/code/modules/ directory. There's nothing in there right now so what I'm going to do is puppet module install puppetlabs-stdlib and that is the same URL as I would find on the Forge, puppet labs, and then instead of a slash I just put a dash.
So that installed the latest version of standard lib and now if we go back and run our hellass, we'll see that standard lib is in there now, and standard lib defines a few things and one of them is file line, and file line is a way to add lines to a file. Let's make a stdlib.pp and what we'll do is we'll create a file line resource. So first thing we want to do is create that resource so we'll just say file line.
Now, we've got to give this a title, so we'll call it no root login. And now I'm going to tell file line that I wish to ensure that the following line is present in the file. And the line that I would like to be present in the file is permit root login no. So I'm basically disabling that feature.
Now I want to make sure that I match any lines that might have something beginning with permit login so I'll start with a carrot, and that's just regular syntax, we're saying this line should start with this text. And then I'm going to say that it can have any number of spaces after it. I don't really need this but might as well play with it. And now I'm going to say which file am I actually talking about and since I'm running this as myself, I just made a backup of my sshd_config in this directory.
So with that resource applied, I am going to now go puppet apply stdlib.pp, and what that's going to do is go and find that file and remove any instance where permit root login was yes. So let's take a look at that file. So here's permit root login no.
Let's change that to yes and see what happens. And we can see that that line, if we go back because VI will remember where we were, it's now been changed to no. Because we didn't specify, we can also come back and change it to anything other, evens something that's invalid, doesn't really matter, it's going to be changed to a no.
So when we look again, it's been changed to a no. So the power of this utility is that I can come back and I can make another change to the same file, so I can say ensure, this time I'm going to say absent, and the syntax for absent is little more complex but we'll get through it. So what I want to do is I want to say that it's absent, I'm going to match, so I need the match parameter again, but I'm going to say any line that begins with port.
Now, even though I'm saying it's absent, I still have to specify what the line is, but now I want to say I'm going to modify the same file. Now this is the interesting part. I'm going to say match for absence is true. So that's going to say it's still going to try and find a match even though it's looking to remove the line. The next thing I want to do is replace is false because I'm not actually replacing the line, I'm just removing the line.
And then close the resource. So let's go to this sshd_config file and say we find the port line. And we'll say that we'd like sshd running on port 88/88. But when we do our apply, what this is going to do is remove that port line. So now when we go back, you can see that that line's been removed and indeed if we just grab from port, we see that it doesn't have that line in it.
Now, another thing that's kind of useful is if I come in here and let's say that there was three different lines that had 22, 2222, 80, maybe some ports that don't make any sense, when I come into my stdlib.pp, I can actually add another parameter that says multiple, and this will say if you find more than one match, I don't really care, just remove them all.
So now if I do my apply again, that's going to remove all of those lines. So now we'll do the same grep, we'll see that all of those lines have been removed, and that's really the usefulness of that function is that I can modify sections of the file using just this file line resource, and I can have these in different classes, and they wouldn't interfere with each other.
So that's file line. That's a pretty nice one. Another one that I wanted to show you was concat. So concat is also one of the support modules here. It's fairly high in the list so if you click on concat, now concat is a way to build files from fragments, and it's a little complex to begin with, but we'll go through an example and maybe it'll become a little clearer. Let's first install the module. Again, just using module install, also puppet module install puppetlabs-concat.
And that's go and download the concat module, which depends on the standard lib module, but we already had that. So we're going to make a concat resource. First thing you want to do with a concat resource is you want to create the container so we're going to create the container, and we're going to call it bashrc because we're going to refer to this a few times. We just want to say where that is. We're going to say the path to this file is /tmp/etc/bashrc.
Now we're going to specify our fragments and these are basically the parts of the file. I'm going to make this a little easier to read so what I'll do is I'll use a here doc. And we'll define a local here doc. So this the contents of the string that I'm trying to define right now. Path equals path, and this is bash syntax. User local bin, user local sbin.
So I'm just going to export that path. Now I want to make sure that the here doc is complete so I'll just say that that's the end of the local. We'll make another here doc. We'll make this one for umasc. Actually, we'll just do one at a time so here's the local one. And we'll call this fragment local. We're going to say that the target, so this is the file that we're actually going to try to apply this to is bashrc. That's this one up here. So what we're referring to that one.
The order, where is this going to be in the file? I'd like it at the beginning. And the content will now be that here doc that I defined earlier so I'll just say local. Now, this is going to create a /tmp/etc/bashrc that has this content in it. So if we do puppet apply concat.pp, it's going to go and create that /tmp/etc/bashrc and if we cat at /tmp/etc/bashrc, we'll see that it only has that one line in it.
Not very interesting, but it's a good thing to build on. So let's do another one. Let's come back. We'll make another here doc, and we'll call this one umask. And I'll say if the UID is greater than 500 and the id -gn, I can really just copy this from some other source but the idea is that I'm just going to put this in the file.
Then, now we're going to set a umask of 002 so that's the restrictive umask. Otherwise, we're going to make it a nice, open umask. Say fi and then we'll just mark the end of the here doc. So this is the contents that we want to have placed in the file. So now we're going to say, we're going to create another fragment. We'll call this one umask.
We'll say that the target, again, is bashrc. The order probably should be two and the content will be $umask. Close the resource. And apply. So now if we cat that file, you can see that what it did was it upended those two things to the file.
So the idea is that I can build up files by creating multiple concat resources. Another thing that's kind of useful about concat is that when I'm up at the top here and I'm defining the actual target, we can also add this warn equals true, and what that's going to do is edit on the file as well. So if we run again, you'll see that a little header gets placed on the file. So there's that header right there.
Alright so the third one I wanted to show you guys was, let's go back to our forge, and probably a little further down but still on the main page is inifile, and inifile is another way to manage sections of a file, specifically ini syntax files. So ini configuration files. These are really popular configuration files.
In one of the files that's configured this way is our puppet.conf. First off, let's just remove our puppet.conf. First type puppet module install puppetlabs/inifile. Oops, that's ininfile. That's cute. Inifile. And you notice that I can use the slash or the dash syntax for the module install command doesn't really care. So that's been installed. Now, let's make an inifile.pp, and what we're going to do is we're going to play with that puppet configuration file.
The inifile module creates two resource types. There's an ini_setting and an ini_subsetting. So we're going to start with an ini_setting. And the first thing we're going to do is create one that points to our puppet server so we'll call it puppet server. First thing we want to say which section of the configuration file are we going to be dealing with? We'll be dealing with the main section. The path to this configuration file is my home directory.
Dot puppet, puppet.conf. The setting that I wish to change is the server setting, and the value that I want to set is puppet.mpli.packtpub.com. Doesn't really matter, I can make it whatever I want. Alright, so with that setting in place, we're going to do puppet apply inifile.pp. And because the file doesn't exist, inifile is going to go create and add the section for us.
So now when I do puppet config print server, I'm going to get that thing that I was expecting. And indeed when we cat our puppet.conf file, we'll see that the main section was added, and this setting was added to it. So that's pretty easy. We could do that all day, right? We could just make as many resources as we wanted. We could set anything we wanted here. How about environment? We'll do it in the agent section this time. Same path.
The setting, environment. And the value I'd like to use is development. And close the resource. Apply. Alright, and that'll let me do our cat like before, we can see that that's been adding to the file. So that's a pretty nice thing to play with. But now ini_setting, it can be a little more confusing but let's try and do an example that might make sense.
What we'll do is we'll make a report, and we'll do the store report first. So let's say that the section, this should be in the agent, path again is going to be the same, of course, you can just copy that. And the setting will be reports. The subsetting separator. Now if you know the reports setting in puppet.conf, that's going to be a comma.
And the subsetting that I'd like to store in this area is the store. I'm going to be setting something reports, and I want store in there, and if there's anything else in there, I want you to put a comma between it. What we can do is we can do puppet apply inifile.pp. And now when we do our cat, we'll see the reports of stories there but the idea with subsetting is that I could come right here and can grab all of this, paste it, and then let's add a new report, say the logstash one.
So we're going to come down and instead of store, we're going to say logstash. And we're going to do our apply again. And now what this is going to do is going to add logstash to that list but add a comma between it. So now we've got both of those. Now if I came in and added another one and ran puppet again, because we're using the subsetting, puppet won't care.
It won't play with that file. It won't mess with it. But, if I come back and I say that if I took out store and I only had logstash and http, what it's going to do, it's going to notice that and it's going to put store back in. Quite possibly at the end. Yeah, so you can see it's put store back in, but it put it at the end this time. But the idea being that I'm only interested in the value, not the whole file.
I can play with this all day and change values like that. So with concat, inifile, file line, it becomes really easy to manage parts of files. There is another utility out there but it's included in core puppet so I won't talk about it here but if you're interested in manipulating files, you should look into the ongious provider as well.
This course was created by Packt Publishing. We are honored to host this training in our library.
- Puppet servers and environments
- Creating a Puppet server machine
- Performance tuning
- Using PuppetDB
- Extending Puppet with custom facts and types
- Using Hiera
- Generating reports
- Testing and troubleshooting Puppet environments