Changes between Version 6 and Version 7 of how-to/puppet/layout


Ignore:
Timestamp:
May 19, 2012, 1:10:19 PM (7 years ago)
Author:
Jamie McClelland
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • how-to/puppet/layout

    v6 v7  
    1515Below is the layout of our [https://git.mayfirst.org/?p=mfpl/puppet.git;a=summary git repository].
    1616
    17  * [wiki:puppet/fabric fabric] - fabfile.py holds code for running operations on our servers from the command line using [http://fabfile.org fabric]. Our fabfile.y is [wiki:puppet/fabric documented].
     17 * [wiki:puppet/helper helper] - freepuppet.py holds code for running operations on our servers from the command line using the freepuppet command. For a list of options run:
     18{{{
     19helper/freepuppet-helper -l
     20}}}.
    1821 * manifests: this is where information about each MFPL server is stored, plus some general information specific to our servers
    1922  * site.pp: this is the file that boostraps all other files
    2023  * globals.pp: global variables specific to May First/People Link, used throughout
    21   * modules.pp: one line to import every puppet module that we use
     24  * modules.pp: one line to import every puppet module that we use. We only use one module: mayfirst
    2225  * nodes: this directory contains the files for each server in our network
    2326   * production: one file for every production server in our network
    2427   * dev:  one file for every test/dev server
    25  * modules: modules are abstracted collections of manifests, templates and files. Usually, they are intended to be re-usable by others (we have one exception, the mayfirst module, which contains most code specific to us.
     28 * modules: modules are abstracted collections of manifests, templates and files. All of our puppet code is in the mayfirst module.
     29
     30= Puppet Resources =
     31
     32Puppet is [http://docs.puppetlabs.com/ fully documented].
     33
     34However, we only use a small subset of puppet features. Below is a very brief overview.
     35
     36== files ==
     37
     38A file resources defines a file that should be created on the server:
     39
     40{{{
     41file { "/etc/aliases":
     42        ensure => present,
     43        content => template("mayfirst/postfix/aliases.erb"),
     44}
     45}}}
     46
     47This file resource ensures that a file located at /etc/aliases on the target server will be created. The content of the file will be based on the template located in the puppet repository in modules/mayfirst/postfix/aliases.erb (this template contains variables that will be dynamically filled in).
     48
     49== execs ==
     50
     51An exec resources defines a command that will be run everytime puppet is run:
     52
     53{{{
     54exec { "gpg-ssh-genkey-$user":
     55                command => "ssh-keygen  -t rsa -b '$length' -f '$homedir/.ssh/id_rsa' -N ''",
     56                environment => "HOME=$homedir",
     57                require =>  [ Package["gnupg"], Package["openssh-client"] ],
     58                user => $user,
     59                unless => "test -f '$homedir/.ssh/id_rsa'"
     60}
     61
     62The unless clause provides a test to see if the command should be run.
     63
     64== defines ==
     65
     66A define statement is like a function. It allows you to define a set of things to happen every time it is called.
     67
     68Here's how a define is, well, defined:
     69{{{
     70define m_gpg::publish_user_key ( $keyserver = '' ){
     71  $user = $title
     72
     73  $keyserver_arg = $keyserver ? {
     74    '' => '',
     75    default => "--keyserver $keyserver"
     76  }
     77
     78  exec { "gpg-send-key-$user":
     79    command => "gpg $keyserver_arg --send-key $(gpg --list-secret-key --with-colons | grep ^sec | cut -d: -f5)",
     80    require => [ Package["gnupg"], Exec["gpg-pem2openpgp-$user" ] ],
     81    user => $user,
     82  }
     83}}}
     84
     85And here's how it is called:
     86{{{
     87m_gpg::publish_user_key { "root": keyserver => $mfpl_keyserver }
     88}}}
     89
     90You can repeatedly call the same define as many times as you want.
     91
     92== classes ==
     93
     94A class is a bigger collection of resources that can only be called once per node.
     95
     96Here's an example of a simple class:
     97
     98{{{
     99class m_resolv ( $caching_dns_ips = "", $location ) {
     100  $ips = $caching_dns_ips ? {
     101    "" => $location ? {
     102      telehouse => [ "216.66.23.46", "216.66.23.36" ],
     103      xo => [ "209.234.253.239", "209.234.253.186" ],
     104      sunsetpark => [ "216.27.145.117", "216.27.145.30" ],
     105      default => [ "216.66.23.46", "209.234.253.239" ]
     106    },
     107    default => $caching_dns_ips
     108  }
     109  file { "/etc/resolv.conf":
     110    ensure => present,
     111    content => template("mayfirst/resolv/resolv.conf.erb")
     112  }
     113}
     114}}}
     115
     116And here is the class being called:
     117
     118{{{
     119class { "m_resolv":
     120    caching_dns_ips => [ "216.66.23.46", "216.66.23.36" ],
     121    location => "telehouse"
     122}
     123
     124== nodes ==
     125
     126The node is the basic building block for a server. Each individual server has a corresponding node. The node invokes everything, pulling it all together:
     127
     128{{{
     129node "ali.mayfirst.org"  {
     130
     131  $namesake = "https://secure.wikimedia.org/wikipedia/en/wiki/Muhammed_Ali"
     132  $purpose = "Offsite backup server for both MFPL rack machines and members who backup their office server; web interface to backup files"
     133
     134  class { "m_sshd::default": }
     135  class { "m_minimal":
     136    location => "sunsetpark",
     137    backup_includes => [ "/var/log", "/etc", "/root", "/usr/local"  ],
     138    backup_rsync_target => "robideau.mayfirst.org",
     139    caching_dns_ips => [ "216.27.145.30", "216.27.145.117" ]
     140  }
     141  class { "m_esmtp": }
     142  m_monkeysphere::publish_server_keys { ali: }
     143  m_gpg::publish_user_key { "root": keyserver => $mfpl_keyserver }
     144
     145  class { "m_backupninja::server": }
     146}
     147}}}
     148
     149$namesake and $purpose are not used by puppet - they are there for human readability.
     150
     151= Variable Scoping =
     152
     153Global variables are defined in manifests/globals.pp and have an mfpl_ prefix. They are accessible anywhere in the code, provided you use the double colon syntax: $::, e.g. $::mfpl_admin_user_ids.
     154
     155All other variables should be properly scoped.