Another important difference is about the mechanism used by these Automation systems.If we check Ansible vs Puppet vs Chef, Ansible uses Push mechanism while Chef and Puppet use Pull mechanism. As we have talked about before, there are different files are created before operation in Network Automation softwares. Puppet CHEAT SHEET It is an open source configuration framework which is used when a lot of machines need to be configured in a similar form, or there is an infrastructure that requires dynamic scaling up or down with pre-determined config, or to have control over all the config machines so. Puppet Software is an another Configuration Management and Automation Software like Ansible that can be used with Linux and Windows.Puppet is written in Ruby.With Puppet, configurations, management and provisioning tasks are very easy to do.
Facter
- A Puppet Cheat Sheet. Puppet is a configuration management tool that helps system administrators automate the provisioning, configuration and management of a server infrastructure. It’s usually run in master/agent mode where the master server manages the configuration of several agent nodes.
- A quick reference guide for the core Puppet types. For detailed information about these types, see the related topic Type reference. Related topics: Type reference; The trifecta. Package/file/service: Learn it, live it, love it. Even if this is the only Puppet you know, you can still get a whole lot done.
facter
show OS Family facter
facter osfamily
show facters in YAML
facter -y
show facters in JSON
facter -j
get Puppet Enterprise version
facter -p | grep pe_
get Puppet agent All-in-one version
facter -p | grep aio
use fact inside a manifest using 'facter' function
notify { 'OS is ${::facts['operatingsystem']}': }
use fact inside manifest directly
notify { 'OS is $::operatingsystem': }
get facter Hash
facter system_uptime
{
days => 2,
hours => 70,
seconds => 253058,
uptime => '2 days'
}
facter system_uptime.hours
70
get OS major release from manifest
$::operatingsystemmajrelease
Puppet Exported Resources Cheat Sheet
MCollective
Run MCollective as 'peadmin'sudo -i -u peadmin
check connection to nodes
mco ping
get nodes by Facter name
mco facts timezone
check how many MCO nodes are running
mco puppet count
restart apache service
mco rpc service restart service=httpd
check status of a package
mco package status puppet
list all subcollectives
mco inventory ––list-collectives
disable puppet agent on node
mco puppet disable -I nodename
find all nodes that are x64
mco ping -F architecture=x86_64
find all nodes containing NYC in hostname
mco find ––with-identity /nyc/
find all nodes with nginx class
mco find ––with-class nginx
kick off 'puppet agent -t' on your nodes
mco puppet runall -F osfamily=Redhat 5
this will run puppet agent -t on all nodes where osfamily fact = redhat, 5 concurrent runs
kick off Puppet run on node 'abc.xyz'
mco puppet runonce -l abc.xyz
run command against a subcollective
mco ping -T us_collective
start/stop service on a node
mco service ntp start -I ny14.nyc
show all available MCO plugins
mco plugin doc
show last run statistics for all nodes
mco rpc puppet last_run_summary
mco client logs (on PE Master)
/var/lib/peadmin/.mcollective.d/client.log
Modules
print modulepath:puppet config print modulepath
Puppet Cert
modules help:puppet help module
search available modules: (PuppetForge)
puppet module search 'nginx'
install a module
puppet module install author/module
build new module with full skeleton:
puppet module generate author/module
list installed modules:
puppet module list
check for missing module dependencies
puppet module list --tree
build a module release package (.tar.gz)
puppet module build author/module
show modified files of an installed module
puppet module changes
Module paths:
apache/ # main module dir
apache/manifests # manifest code
apache/lib # plugins, ruby code
apache/templates # ERB templates
apache/files # files used in module
apache/tests # usage examples
apache/Modulefile # metadatapaths inside a module:
content => template('mysql/my.cnf.erb'),
Template is in: $modulepath/mysql/templates/my.cnf.erb
source => 'puppet:///modules/mysql/my.cnf'
File is in: $modulepath/mysql/files/my.cnf
Augeas
Augeas binary tool/opt/puppetlabs/puppet/bin/augtool
show all available lenses
augtool> ls /augeas/load/
set value in a file
augtool> set /files/etc/ssh/sshd_config/PermitrootLogin no
augtool> save
get specific data tree branch
cat /etc/hosts
127.0.0.1 puppetmaster localhost localhost.localdomain ::1 localhost localhost.localdomain localhost6
#managed nodes
192.168.237.148 host1
192.168.237.155 host2
augtool> ls /files/etc/hosts
1/ = (none)
2/ = (none) #comment = managed nodes
3/ = (none)
4/ = (none)
augtool> ls /files/etc/hosts/4
ipaddr = 192.168.237.155
canonical = host2
check Augeas version
ls /augeas/
root = /
context = /files
variables = (none)
version/ = 1.4.0
save = overwrite
span = disable
load/ = (none)
files/ = (none)
Augeas Help
Admin commands:
help - print help
load - (re)load files under /files
quit - exit the program
retrieve - transform tree into text
save - save all pending changes
store - parse text into tree
transform - add a file transform
Read commands:
dump
-
xml
- print a subtree as XMLget - get the value of a node
label - get the label of a node
ls - list children of a node
match - print matches for a path expression
print - print a subtree
errors - show all errors encountered inprocessing files
span - print position in input filecorresponding to tree
Write commands:
clear - clear the value of a node
clearm - clear the value of multiple nodes
ins - insert new node
insert - insert new node (alias of 'ins')
mv - move a subtree
move - move a subtree (alias of 'mv')
cp - copy a subtree
copy - copy a subtree (alias of 'cp')
rename - rename a subtree label
rm - delete nodes and subtrees
set - set the value of a node
setm - set the value of multiple nodes
touch - create a new node
Augeas in manifestor if making multiple changes to same file
Hiera
4 types of functionshiera()
hiera_array()
hiera_hash()
hiera_include()
Hiera Array
$ hiera ssh_users['root', 'jeff', 'gary', 'hunter']
$ hiera ssh_users.0
root
Hiera Hash:
$ hiera user{'name'=>'kim', 'home'=>'/home/kim'}
$ hiera user.name
kim
use Hiera for class assignment in Site.pp
hiera_include()
Hiera config file
/etc/puppetlabs/puppet/hiera.yaml
Hierarchies:
---
:hierarchy:
- 'nodes/%{::clientcert}'
- 'roles/%{::role}'
- '%{::osfamily}'
- '%{::environment}'
- common
sample hiera xyz.yaml
---
### xyz
classes:
- apache
- apache::vhost
- ntp
owner: joe smith
location: new york
business_unit: billing
Get hiera value for this host:
hiera classes ::hostname=xyz ::environment=production
['apache', 'apache::vhost', 'ntp']
run Hiera in debug mode:
hiera classes ::hostname=xyz -d
Use Hiera in manifest:
$my_dns_servers = hiera('dns_servers')
or array:
$my_dns_servers = hiera_array('dns_servers')
get Hiera key value directly from command line
puppet apply -e 'notice(hiera('<KEY>'))'
dfdfLog File locations:
https://docs.puppet.com/pe/latest/install_what_and_where.html
Cron
command => '/usr/bin/python myscript.py',
minute => '30',
}
command => '/usr/bin/python myscript.py',
minute => '0',
weekday => 'Tuesday'
Troubleshooting
Puppet Cheat Sheet
I’m trying to keep a log of my fixes, stuff learned while using puppet.
Many have skipped my mind already. 😦
I’ll try to change publish date on this post every time I edit it so that it stays on top.
How to find config settings or env variables in puppet?
$ puppet --configprint templatedir # Specific Env Variable
templatedir = /var/lib/puppet/templates
$ puppet --configprint all # Specific Env Variable
..
How to syntax check your templates?
$ erb -x -T '-' ./files/apt/sources.list.erb | ruby -c
Syntax OK
$ erb -x -T '-' ./files/apt/sources.list.d/lenny-backports.list.erb | ruby -c
Syntax OK
Puppet Stayman Cheat Sheet
Unable to sign certificates?
The errors could be:
Puppet Bolt Cheat Sheet
- a. hostname was not match with the server certificate (or)
b. Exiting; no certificate found and waitforcert is disabled
In both cases you will not find the certificate on pupptemaster to sign.
Can doctor charge more than copay. Solution:
Microsoft 365 business plans compare.
1. /etc/hosts file on client should have the server listed in format
IPAddress hostname_of_server short_hostname_of_server puppet
Example: 192.168.1.90 predator01.mydomain.local predator01 puppet
2. Make sure that the domain and search parameters in /etc/resolv.conf of client is same as your host domain
Example: /etc/resolv.conf
domain local
search local
nameserver 8.8.8.8
And my hostname is human01.mydomain.local
If your hostname is like human01.yourdomain.com then 'domain' and 'search' in /etc/resolv.conf should be domain.com
3. After ensuring (1) and (2) are fixed as above, clear ssl stuff
$ cd /var/lib/puppet/ssl
$ sudo mkdir old
$ sudo mv * old/
4. Now run client again
$ sudo puppetd -tdv
5. On server sign the cert
$ sudo puppetca --list
human01.yourdomain.local
$ sudo puppetca --sign human01.yourdomain.local