Date post: | 14-Feb-2017 |
Category: |
Technology |
Upload: | julien-pivotto |
View: | 916 times |
Download: | 6 times |
Puppet DSL: Back to the basics
Julien Pivotto (@roidelapluie)
Config Management Camp Ghent
February 2017
$::userJulien Pivotto
@roidelapluie on irc/github/twitter
Puppet user since 2011 (Puppet 0.24)
VoxPupuli member (& security officer)
inuits
ScopeWhat didn't we notice in Puppet DSL over thelast years?
How much backwards compatibility?
Why?There are lots of new exciting features
But the puppet DSL has a strong trunk
Puppet 3 is EOL, so we can use most of thesethings
ToolingPuppet parser validate
Puppet-lint 2 (with plugins)
$EDITOR puppet syntax
Custom factsFACTER_bootstrap=true puppet agent test
Useful for 1-time facts, or overwriting existingfacts (e.g ipaddress) without code.
Puppet DSL
The File resourcefile { '/etc/motd' ensure => file, content => 'foobarbarfoofoobar',}
content => file()file { '/etc/motd': ensure => file, content => file("${module_name}/motd")}
For small, text files (file content is in the catalog)
Since Puppet 3.7.0
validate_cmdfile { '/etc/corosync/corosync.conf': ensure => file, validate_cmd => '/usr/sbin/corosync t %',}
Verify the file before replacing it
Since Puppet 3.5.0Alternative in stdlib for older versions
show_difffile { '/etc/app/secrets': content => 'my secret content', show_diff => false,}
Since Puppet 3.2.1
replacefile { '/etc/installtime': content => template('date.erb'), replace => no,}
Since Puppet 0.19.0
backupfile { '/etc/hosts': content => template('hosts.erb'), backup => '.bak',}
Since a very long time...
sourcefile { '/etc/issue.net': source => '/etc/motd'}
Since a very long time...
autorequiresDon't do:
file { '/tmp':}
file { '/tmp/foo': require => File['/tmp'],}
because files auto-require their parents (andowners, groups...)
Since Puppet 0.10.2
other autorequiresExec, Cron require their users
Mount require its parents
Exec requires its File[cwd]
other autodependenciesresources types can implement autonotify andautosubscribe
(this is used in puppet-corosync)
Since Puppet 4.0.0
nooppackage { 'ntpd': ensure => latest, noop => true,}
noop is not only a global setting - it is also ametaparameter that can be applied to anyresource
Present since a very long time...
purging resourcesresources { 'cron': purge => true, noop => true,}
Present since Puppet 0.22.0Present since 3.5.0 (for cron resources)
exec triesexec { '/bin/wget 127.0.0.1': tries => 10, try_sleep => 1,}
Present since Puppet 2.6.0
arraysfile { '/usr/bin/sometimesexecutable': mode => ['0755', '0644']}
Will accept both modes, and set 0755 if notmatching.Can be used with most of the properties.
Since Puppet 0.23.1
Requirementsdefine foo::bar { Package['foo'] > Foo::Bar[$name]}
Is the same as:
foo::bar {'barfoo': require => Package['foo']}
AliasesInstead of:
file { "/tmp/foo/bar/bar.foo/foobar": ensure => file,}service { 'barfoo': require => File["/tmp/foo/bar/bar.foo/foobar"}
AliasesUse:
file {"/tmp/foo/bar/bar.foo/foobar": ensure => file, alias => 'foobar'}service {'barfoo': require => File["foobar"]}
Since a very long time...
Loglevelexec { '/bin/mybrokenexec': loglevel => debug,}
Since Puppet 0.23.1
Next to the DSL...
The Puppet resource face$ puppet resource file /home/u/.vimrcfile { '/home/u/.vimrc': ensure => 'file', content => '{md5}d414e9800998ecf8427e', ctime => '20170206 10:09:05 +0100', group => '1000', mode => '0644', mtime => '20170206 10:09:05 +0100', owner => '1000', type => 'file',}$ puppet resource file .hushlogin mode=0755
Since Puppet 2.7
PluginsyncIm modules:
lib/puppet/reports/prometheus.rblib/augeas/lenses/tmpfiles.aug