writing and publishing puppet modules
DESCRIPTION
"Writing and Publishing Puppet Modules" by Colleen Murphy, of Portland State University at Puppet Camp Portland 2014.TRANSCRIPT
Writing and Publishing Puppet Modules
Colleen Murphy, Portland State Universityfreenode: crinklegithub: cmurphy
HelloThis is a beginner’s approach.
This is an outsider’s approach.
HelloPSU’s College of Engineering’s IT department, aka The Computer Action Team (TheCAT),uses puppet to manage a diverse infrastructure.
http://github.com/pdxcat
What is a puppet module?● An encapsulation of configuration for a
service● A structure containing an organized set of
puppet code and data● Analogous to a package, gem, python library● The place where your code goes
What should a module do?● Set up a service, such as:
○ ssh○ mysql○ apache○ sudo
● Extend puppet functionality. Examples:○ puppetlabs/stdl ib○ puppetlabs/concat
The strategySet up the service… without puppet.
Then iterate.
Layout of a moduleyourmodule/
➔ manifests/ # where your puppet code goes➔ files/ # flat configuration files➔ templates/ # dynamic configuration files➔ lib/ # plugins: types and providers, functions,
| facts, etc➔ tests/ # example usage, smoke tests➔ spec/ # automated tests
Layout of a moduleyourmodule/
➔ manifests/ # where your puppet code goes➔ files/ # flat configuration files➔ templates/ # dynamic configuration files➔ lib/ # plugins: types and providers, functions,
| facts, etc➔ tests/ # example usage, smoke tests➔ spec/ # automated tests
Starting out# puppet module generate cmurphy-sshGenerating module at /etc/puppet/modules/cmurphy-sshcmurphy-sshcmurphy-ssh/manifestscmurphy-ssh/manifests/init.ppcmurphy-ssh/speccmurphy-ssh/spec/spec_helper.rbcmurphy-ssh/testscmurphy-ssh/tests/init.ppcmurphy-ssh/READMEcmurphy-ssh/Modulefile
Writing your first moduleclass ssh {
package { 'openssh-server': ensure => installed, } file { '/etc/ssh/sshd_config': source =>
"puppet:///modules/ssh/sshd_config", require => Package['openssh-server'], } service { 'ssh': ensure => running, enable => true, subscribe =>
File['/etc/ssh/sshd_config'], }
}
node default { include ssh}
Drop in a configuration file# Managed by Puppet
# What ports, IPs and protocols we listen for
Port 22
Protocol 2
# Logging
SyslogFacility AUTH
LogLevel INFO
# Authentication:
LoginGraceTime 120
PermitRootLogin no
StrictModes yes
...
Needs more portability!
No one should have to change your code or your files in order to use your module.
Update your module# Managed by Puppet
# What ports, IPs and protocols we listen for
Port <%= @port %>
Protocol 2
# Logging
SyslogFacility <%= @syslog_facility %>
LogLevel <%= @log_level %>
# Authentication:
LoginGraceTime 120
PermitRootLogin <%= @permit_root_login %>
StrictModes yes
...
Update your moduleclass ssh (
$port = 22,
$syslog_facility = 'AUTH',
$log_level = 'INFO',
$permit_root_login = 'no',
) {
... file { '/etc/ssh/sshd_config': content =>
template('ssh/sshd_config.erb'), require => Package['openssh-server'], }
...
node default { class { 'ssh': permit_root_login => 'yes', }}
Beyond templatesWorking with tricky configuration files● Take advantage of Include conf/* directives
file { 'conf_file': ensure => present, content => 'Include "conf.d/*.conf"\n',}…define collectd::plugins::exec { file { "${name}.load": path => "${conf_dir}/${name}.conf", content => template('collectd/exec.conf.erb'), }}
Beyond templates● puppetlabs/concat concat { '/etc/motd': }
concat::fragment { 'welcome':
target => '/etc/motd',
content => 'Welcome to Redhat',
order => '01',
}
concat::fragment { 'legal':
… }
Beyond templates● puppetlabs/inifileini_setting { 'puppetdbserver':
ensure => present,
section => 'main',
path => "${puppet_confdir}/puppetdb.conf",
setting => 'server', value => $server,}
ini_setting { 'puppetdbport':
…}
Parameterize your moduleclass ssh::params {
case $::osfamily {
'Debian': {
$ssh_svc = 'ssh'
}
'Redhat': {
$ssh_svc = 'sshd'
}
default: {
fail("${::osfamily} is not supported.")
}
}
}
class ssh (
...
) { include ssh::params
service { $ssh::params::ssh_svc: ensure => running, enable => true, }
...
The Forge
Publishing your moduleModulefilename 'cmurphy-ssh'version '0.0.1'source 'https://github.com/cmurphy/puppet-module-ssh.git'author 'Colleen Murphy'license 'Apache License, Version 2.0'summary 'Puppet module for ssh'description 'Demonstration of parameterized ssh module'project_page 'https://github.com/cmurphy/puppet-module-ssh'
## Add dependencies, if any:# dependency 'username/name', '>= 1.2.0'
Publishing your moduleREADME● docs.puppetlabs.com/puppet/3/reference/READMEtemplate.markdown
license● choosealicense.com
Publishing your moduleChangelog## 2013-12-05 Release 0.10.0### Summary:
This release adds FreeBSD osfamily support and various other improvements to some mods.
### Features:
- Add suPHP_UserGroup directive to directory context- Add support for ScriptAliasMatch directives...
## 2013-09-06 Release 0.9.0### Summary:
...
Publishing your moduleUse semantic versioning! semver.org
Major.Minor.Patch
Publishing your module$ cd ssh/
$ puppet module build .
$ ls pkg/
cmurphy-ssh-0.0.1 cmurphy-ssh-0.0.1.tar.gz
Testing your moduleAdd tests● rspec-puppet
○ rspec-puppet.com● rspec-system
○ github.com/puppetlabs/rspec-system
Maintaining your moduleUpdate your code● fix bugs● add features● manage pull requests
Installing modulesSearch for modules on forge.puppetlabs.com or puppet module search
Then install with puppet module install
Thanks!Learn more at docs.puppetlabs.com/guides/module_guides/bgtm.html
Colleen Murphyfreenode: crinklegithub: cmurphy