Managing Infrastructure with Puppet - James Loope [2]
These resource descriptions are made in a Domain Specific Language implemented in Ruby. This means that the syntax is often similar to Ruby, but you cannot simply write Ruby code in a Puppet manifest and have it executed. In fact, the language is declarative, rather than imperative like Ruby. With Puppet, you say how you want things to look, as opposed to describing what should be done to make them look that way. It’s Puppet’s job to know how to make that description reality.
Putting the Pieces Together
So Puppet lets us describe our server configurations and then goes off and does all of the work for us. But how does that happen? There are a couple different ways that Puppet can manage your systems, depending on your scale and needs.
Puppet
The first piece is the Puppet program itself. It’s an executable Ruby program that has the majority of Puppet’s functionality rolled up and made accessible via the command line. With the Puppet program, you can syntax check your Puppet code, apply the resources to a machine manually, describe the current state of the world as seen by the abstraction layer, and get some documentation of Puppet’s workings.
Puppet Master
When we need to apply our Puppet configurations to a large number of servers, it becomes laborious to log in to each machine, copy our configurations to it, and execute the Puppet command against them. We are better served by keeping all of our configurations in a central location, defining which configurations apply to which servers, and then letting Puppet do the work of pulling the configurations from the repository and applying them. To enable this client-server behavior, Puppet has a network daemon called the Puppet Master.
The Puppet program can be run in a daemonized mode by the server init and is then referred to as a Puppet agent. The agents talk to the Puppet Master over client-certificate authenticated SSL and the master hands out their configuration catalog. In its default configuration, the agents work in a polling mode and check in for catalog updates every 30 minutes. This allows us to store our configurations in a central location without having to worry about keeping all of our systems catalogs in sync through some out-of-band means.
Getting Started
Once Puppet is installed, you will have the puppet command at your disposal. The first thing you should do is run puppet describe --list. This will provide a list of the available resource “types” you have to work with out of the box:
:> puppet describe --list
These are the types known to puppet:
augeas - Apply the changes (single or array of changes ...
computer - Computer object management using DirectorySer ...
cron - Installs and manages cron jobs
exec - Executes external commands
file - Manages local files, including setting owners ...
filebucket - A repository for backing up files
group - Manage groups
host - Installs and manages host entries
k5login - Manage the `
macauthorization - Manage the Mac OS X authorization database
mailalias - Creates an email alias in the local alias dat ...
maillist - Manage email lists
mcx - MCX object management using DirectoryService ...
mount - Manages mounted filesystems, including puttin ...
nagios_command - The Nagios type command
nagios_contact - The Nagios type contact
nagios_contactgroup - The Nagios type contactgroup
nagios_host - The Nagios type host
nagios_hostdependency - The Nagios type hostdependency
nagios_hostescalation - The Nagios type hostescalation