Learning Puppet-Manifests

Begin

In a text editor-Vim, Emacs, OrNano-Create a file with the following contents and filename: written and applied your first Puppet manifest.

[[Email protected] ~] # Useradd testuser
[[Email protected] ~] # Cat/etc/passwd | grep test
Testuser: x: 536: 536:/home/testuser:/bin/bash
[[Email protected] ~] # Pwd
/Root
[[Email protected] ~] # Vim user-absent.pp.
[[Email protected] ~] # Cat user-absent.pp
User {'testuser ':
Ensure => absent,
}
[[Email protected] ~] # Puppet apply/root/user-absent.pp
Notice: Compiled catalog for yum01.test.com in environment production in 7.99 seconds
Notice:/Stage [main]/Main/User [testuser]/ensure: removed
Notice: Finished catalog run in 4.34 seconds
[[Email protected] ~] # Puppet apply/root/user-absent.pp
Notice: Compiled catalog for yum01.test.com in environment production in 0.27 seconds
Notice: Finished catalog run in 0.03 seconds
[[Email protected] ~] # Cat/etc/passwd | grep test

Manifests

Puppet programs are called "manifests," and they use. PpFile extension.

The core of the Puppet language isResource declaration.A resource declaration describesDesired stateFor one resource.

Puppet Apply

LikeResourceIn the last chapter,ApplyIs a Puppet subcommand. It takes the name of a manifest file as its argument, and enforces the desired state described in the manifest.

We'll use it below to test small manifests, but it can be used for larger jobs too. In fact, it can do nearly everything an agent/master Puppet environment can do.

Resource Declarations

Let's start by looking at a single resource:

[[Email protected] ~] # Ls-l/tmp/| grep test
[[Email protected] ~] # Vim file-1.pp.
[[Email protected] ~] # Cat file-1.pp
File {'testfile ':
Path => '/tmp/testfile ',
Ensure => present,
Mode = & gt; 0640,
Content => "I am a test file ",
}

• TheType (File, In this case)
• An opening curly brace ({)
  • TheTitle (Testfile)
  • A colon (:)
  • A setAttribute=>ValuePairs, with a comma after each pair (Path => '/tmp/testfile ',Etc .)
• A closing curly brace (})

[[Email protected] ~] # Pwd
/Root
[[Email protected] ~] # Puppet apply/root/file-1.pp
Notice: Compiled catalog for yum01.test.com in environment production in 0.18 seconds
Notice:/Stage [main]/Main/File [testfile]/ensure: created
Notice: Finished catalog run in 0.32 seconds
[[Email protected] ~] # Ls-l/tmp/| grep test
-Rw-r ----- 1 root 16 Nov 6 06:50 testfile
[[Email protected] ~] # Cat/tmp/testfile
I am a test file

Puppet noticed that the file didn't exist, and created it. It set the desired content and mode at the same time.

If we try changing the mode and applying the manifest again, Puppet will fix it:

[[Email protected] ~] # Chmod 666/tmp/testfile
[[Email protected] ~] # Ls-l/tmp/| grep test
-Rw-1 root 16 Nov 6 06:50 testfile
[[Email protected] ~] # Puppet apply/root/file-1.pp
Notice: Compiled catalog for yum01.test.com in environment production in 0.22 seconds
Notice:/Stage [main]/Main/File [testfile]/mode: mode changed '000000' to '000000'
Notice: Finished catalog run in 0.27 seconds
[[Email protected] ~] # Ls-l/tmp/| grep test
-Rw-r ----- 1 root 16 Nov 6 06:50 testfile

Once More, With Feeling!

Now that you know resource declarations, let's play with the file type some more. We'll:

• Put multiple resources of different types in the same manifest
• Use new values forEnsureAttribute
• Find an attribute with a special relationship to the resource title
• See what happens when we leave off certain attributes
• See some automatic permission adjustments on directories

[[Email protected] ~] # Vim file-2.pp.
[[Email protected] ~] # Cat file-2.pp
File {'/tmp/test1 ':
Ensure => file,
Content => "hi. \ n ",
}

File {'/tmp/test2 ':
Ensure => directory,
Mode = & gt; 0644,
}

File {'/tmp/test3 ':
Ensure => link,
Target => '/tmp/test1 ',
}

Policy {"iam nofitying you ":}
Policy {"so am I ":}

[[Email protected] ~] # Puppet apply/root/file-2.pp
Notice: Compiled catalog for yum01.test.com in environment production in 0.18 seconds
Notice:/Stage [main]/Main/File [/tmp/test1]/ensure: defined content as '{md5} 4e9141e3aa25c784aa6bc0b2892c12d9'
Notice:/Stage [main]/Main/File [/tmp/test3]/ensure: created
Notice:/Stage [main]/Main/File [/tmp/test2]/ensure: created
Notice: iam nofitying you
Notice:/Stage [main]/Main/policy [iam nofitying you]/message: defined 'message' as 'Iam nofitying you'
Notice: so am I
Notice:/Stage [main]/Main/policy [so am I]/message: defined 'message' as 'so Ami'
Notice: Finished catalog run in 0.14 seconds

New Ensure Values, Different States

TheEnsureAttribute is somewhat special. It's available on most (but not all) resource types, and it controls whether the resource exists, with the definition of "exists" being somewhat local.

With files, there are several ways to exist:

• As a normal file (Ensure => file)
• As a directory (Ensure => directory)
• As a symlink (Ensure => link)
• As any of the above (Ensure => present)
• As nothing (Ensure => absent).

Titles and Namevars

Notice how our original file resource hadPathAttribute, but our next three left it out?

Almost every resource type has one attribute whose value defaults to the resource's title. ForFileResource, that'sPath. Most of the time (User, Group, Package...), It'sName.

The Site Manifest and Puppet Agen

We 've seen how to use puppet apply to directly apply manifests on one system. The puppet master/agent services work very similarly, but with a few key differences:

Puppet apply:

• A user executes a command, triggering a Puppet run.
• Puppet apply reads the manifest passed to it, compiles it into a catalog, and applies the catalog.

Puppet agent/master:

• Puppet agent runs as a service, and triggers a Puppet run about every half hour (retriable ).
• Puppet agent does not have access to any manifests; instead, it requests a pre-compiled catalog from a puppet master server.
• The puppet master always readsOneSpecial manifest, called the "site manifest" or site. pp. It uses this to compile a catalog, which it sends back to the agent. ---- site. pp
• After getting the catalog, the agent applies it.

This way, you can have machines being configured by Puppet, while only maintaining your manifests on one (or a few) servers. this also gives some extra security, as described abve under "Compilation."

Exercise: Use Puppet Agent/Master to Apply the Same Configuration

To see how the same manifest code works in puppet agent:

[[Email protected] manifests] # pwd
/Etc/puppet/manifests
[[Email protected] manifests] # vim file. pp
[[Email protected] manifests] # cat file. pp
File {'/tmp/test11111111 ':
Ensure => file,
Content => "hi. this is a test 111111 file \ n ",
}
[[Email protected] manifests] # vim site. pp
[[Email protected] manifests] # cat site. pp
Import 'File. PP'

[[Email protected] ~] # Puppet agent -- test
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for yum01.test.com
Info: Applying configuration version '20140901'
Notice:/Stage [main]/Main/File [/tmp/test111111]/ensure: defined content as '{md5} cb94281a2c8ccc1c3a64aa2c0e04721e'
Notice: Finished catalog run in 0.14 seconds
[[Email protected] ~] # Cat/tmp/test111111
Hi. this is a test 111111 file

 

Refer: https://docs.puppetlabs.com/learning/manifests.html

Learning Puppet-Manifests