Puppet is an automation and configuration management tool using cross platform systems. This is generally used in now a days where automation is the key part of the IT firms . Here i am providing a nutshell of puppet modules which are using generic purposes . Which you can use as a template for creating your customized codes as per your environment
/etc/puppet/environments/unixchips/modules/hostentry/manifests
class hostentry {
host {'webserver01':
name => 'webserver01.unixchips.com',
Ip => '10.152.21.3',
host_aliases => 'web01',
comment => 'This is a webserver primary',
}
/etc/puppet/environments/prod/modules/network/manifests
class network {
network :: interface { 'eth0';
ipaddress => '10.1.24.20',
netmask => '255.255.255.0'}
}
class network {
network :: interface { 'eth0':
enable_dhcp => true,
}
}
class network :: route {'eth1':
ipaddress => [ '192.168.22.0' ],
netmask => [ '255.255.255.0' ],
gateway => [ '192.168.22.1' ],
table => [ 'vlan22' ],
}
network::route { 'bond0':
ipaddress => [ '192.168.2.0', '10.0.0.0', '192.168.3.0', ]
netmask => [ '255.255.255.0', '255.0.0.0', '255.255.255.0', ],
gateway => [ '192.168.1.1', '10.0.0.1', '192.168.3.1', ],
table => [ false, false, 'vlan22' ],
}
class basic_yum_repo {
yumrepo { 'company_app_repo' :
enabled => 1,
descr => 'Local repo for company applications',
baseurl => 'http://repos.example.org/apps'
gpgcheck => 0,
}
}
the above class will create a repo like this
cat /etc/yum.repos.d/company_app_repo.repo
[company_app_repo]
name=Local repo holding company application packages
baseurl=http://repos.example.org/apps
enabled=1
gpgcheck=0
class ssh {
service { 'sshd'
ensure => 'running',
enable => true',
require => Package['openssh-server'],
}
file { '/etc/ssh/sshd_config' :
notify => service['sshd'],
mode => 0600,
owner => 'root',
group => 'root',
require => Package['openssh-server'],
source => 'puppet:///modules/sshd/sshd_config', ## this is the file which we are going to copy to desired location###
}
}
# install the sysctl module and its dependencies
class enable_service {
1. Puppet manifest to add an entry in hosts file
******************************************/etc/puppet/environments/unixchips/modules/hostentry/manifests
class hostentry {
host {'webserver01':
name => 'webserver01.unixchips.com',
Ip => '10.152.21.3',
host_aliases => 'web01',
comment => 'This is a webserver primary',
}
2.module to assign network configuration
*****************************************************/etc/puppet/environments/prod/modules/network/manifests
1.first install the module
#puppet module instll example42-networkclass network {
network :: interface { 'eth0';
ipaddress => '10.1.24.20',
netmask => '255.255.255.0'}
}
2.if dhcp configuration needs to be enabled
class network {
network :: interface { 'eth0':
enable_dhcp => true,
}
}
3. if route need to be added into the routing table
class network :: route {'eth1':
ipaddress => [ '192.168.22.0' ],
netmask => [ '255.255.255.0' ],
gateway => [ '192.168.22.1' ],
table => [ 'vlan22' ],
}
4. Adding routes to a single interface may be contains multiple routes
network::route { 'bond0':
ipaddress => [ '192.168.2.0', '10.0.0.0', '192.168.3.0', ]
netmask => [ '255.255.255.0', '255.0.0.0', '255.255.255.0', ],
gateway => [ '192.168.1.1', '10.0.0.1', '192.168.3.1', ],
table => [ false, false, 'vlan22' ],
}
3.Puppet configuration for a yumrepo
**********************************************class basic_yum_repo {
yumrepo { 'company_app_repo' :
enabled => 1,
descr => 'Local repo for company applications',
baseurl => 'http://repos.example.org/apps'
gpgcheck => 0,
}
}
the above class will create a repo like this
cat /etc/yum.repos.d/company_app_repo.repo
[company_app_repo]
name=Local repo holding company application packages
baseurl=http://repos.example.org/apps
enabled=1
gpgcheck=0
4. Restart a service after configuration changes in a file ( here it is sshd service)
*******************************************************************************class ssh {
service { 'sshd'
ensure => 'running',
enable => true',
require => Package['openssh-server'],
}
file { '/etc/ssh/sshd_config' :
notify => service['sshd'],
mode => 0600,
owner => 'root',
group => 'root',
require => Package['openssh-server'],
source => 'puppet:///modules/sshd/sshd_config', ## this is the file which we are going to copy to desired location###
}
}
5. creating user's and groups
**********************************************************
Location of the module /etc/puppet/environments/prod/modules/mobile_users_groups/manifests
1. creating a group
class mobile_users_groups {
group { 'wasadmin' :
ensure => present,
gid => '2100',
}
}
2. creating a user and adding to the above mentioned group
class mobile_users_groups {
user { 'bbduser' :
ensure => present,
uid => '2100',
gid => '2100',
home => '/home/bbduser',
password => '$6$L48.W/1Q$l14x2dRsoruV14c8ZrkEr.JgmbYW/H7r3HFFcYVqwKarEwEs8Ux6rXGDU3wFqGTa0SBbFWt1jYxQAGS2.Hw731', ##here the password will be set as per the encrypted format##
managehome => true,
shell => '/bin/bash',
groups => [ 'wasadmin', 'localusers' ], ##adding to the above group##
comment => " APP_USER Application Account",
password_max_age => '99999',
password_min_age => '0',
}
##setting the warning period##
exec { 'warndays_bbduser' :
command => 'chage -W 7 bbduser',
path => '/bin:/usr/bin:/sbin:/usr/sbin',
require => User['bbduser'],
unless => 'grep "^bbduser" /etc/shadow | cut -d: -f6 | grep "^7$"',
}
}
6. Package installation with ordering
*******************************************************
The two examples below create the same ordering relationship:
package { 'openssh-server':
ensure => present,
before => File['/etc/ssh/sshd_config'],
}
file { '/etc/ssh/sshd_config':
ensure => file,
mode => '0600',
source => 'puppet:///modules/sshd/sshd_config',
require => Package['openssh-server'],
}
Same we can configure using array
service { 'sshd':
ensure => running,
require => [
Package['openssh-server'],
File['/etc/ssh/sshd_config'],
],
}
package { 'openssh-server':
ensure => present,
before => Service['sshd'],
}
file { '/etc/ssh/sshd_config':
ensure => file,
mode => '0600',
source => 'puppet:///modules/sshd/sshd_config',
before => Service['sshd'],
}
7. Manifest to configure pam module
********************************************
module location:/etc/puppet/environments/prod/modules/hdn_pam/manifests/password_auth.pp
class hdn_pam::password_auth {
pam { 'hdn_pw_faillock_3' :
ensure => present,
service => 'password-auth',
type => 'auth',
control => 'sufficient',
control_is_param => true,
module => 'pam_faillock.so',
arguments => ['authsucc', 'audit', 'deny=5', 'unlock_time=900'],
position => 'before *[type="auth" and module="pam_deny.so" and control="required"]',
} ->
pam { 'hdn_pw_faillock_2' :
ensure => present,
service => 'password-auth',
type => 'auth',
control => '[default=die]',
control_is_param => true,
module => 'pam_faillock.so',
arguments => ['authfail', 'audit', 'deny=5', 'unlock_time=900'],
position => 'before *[type="auth" and module="pam_faillock.so" and control="sufficient"]',
} ->
pam { 'hdn_pw_unix.so' :
ensure => present,
service => 'password-auth',
type => 'auth',
control => '[success=1 default=bad]',
control_is_param => true,
module => 'pam_unix.so',
position => 'before *[type="auth" and module="pam_faillock.so" and control="[default=die]"]',
} ->
pam { 'hdn_pw_faillock_1' :
ensure => present,
service => 'password-auth',
type => 'auth',
control => 'required',
control_is_param => true,
module => 'pam_faillock.so',
arguments => ['preauth', 'audit', 'silent', 'deny=5', 'unlock_time=900'],
position => 'before *[type="auth" and module="pam_unix.so" and control="[success=1 default=bad]"]',
}
pam { 'hdn_pw_pw_pam_unix' :
ensure => present,
service => 'password-auth',
type => 'password',
control => 'sufficient',
control_is_param => true,
module => 'pam_unix.so',
arguments => ['sha512','shadow','nullok', 'try_first_pass', 'use_authtok'],
position => 'after *[type="password" and module="pam_cracklib.so" and control="requisite"]',
}
}
8. Manifest to configure mount points
***************************************
class hdn_mounts {
mount { "/tmp" :
device => "/dev/mapper/rootvg-tmplv",
fstype => "ext4",
ensure => "mounted",
options => "nodev,nosuid",
pass => "2",
dump => "1",
atboot => "true",
}
mount { "/dev/shm" :
device => "tmpfs",
fstype => "tmpfs",
ensure => "mounted",
options => "nodev,noexec,nosuid",
atboot => "true",
}
9. Manifest to configure sysctl values
********************************************
$ sudo /opt/puppetlabs/bin/puppet module install herculesteam-augeasproviders_sysctl
Once the sysctl module is installed we can add the values as below
class add_sysctl {
sysctl { 'kernel.demesage_restrict' :
ensure => present,
value => '1'
}
We can remove the kernel parameter as below
class rem_sysctl {
sysctl { 'kernel.panic_on_oops' :
ensure => absent
}
10 . Start the service on boot
************************************
service { 'puppet':
enable => true,
}
}
No comments:
Post a Comment