Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Puppet 3 Cookbook

You're reading from   Puppet 3 Cookbook An essential book if you have responsibility for servers. Real-world examples and code will give you Puppet expertise, allowing more control over servers, cloud computing, and desktops. A time-saving, career-enhancing tutorial

Arrow left icon
Product type Paperback
Published in Aug 2013
Publisher Packt
ISBN-13 9781782169765
Length 274 pages
Edition 2nd Edition
Languages
Tools
Arrow right icon
Author (1):
Arrow left icon
John Arundel John Arundel
Author Profile Icon John Arundel
John Arundel
Arrow right icon
View More author details
Toc

Table of Contents (16) Chapters Close

Puppet 3 Cookbook
Credits
About the Author
About the Reviewers
www.PacktPub.com
Preface
1. Puppet Infrastructure 2. Puppet Language and Style FREE CHAPTER 3. Writing Better Manifests 4. Working with Files and Packages 5. Users and Virtual Resources 6. Applications 7. Servers and Cloud Infrastructure 8. External Tools and the Puppet Ecosystem 9. Monitoring, Reporting, and Troubleshooting Index

Running Puppet from cron


You can do a lot with the setup you already have: work on your Puppet manifests as a team, communicate changes via GitHub, and manually apply them on a machine using the papply script.

However, you still have to log into each machine to update the Git repo and re-run Puppet. It would be helpful to have each machine update itself and apply any changes automatically. Then all you need to do is to push a change to the repo, and it will go out to all your machines within a certain time.

The simplest way to do this is with a cron job that pulls updates from the repo at regular intervals and then runs Puppet if anything has changed.

Getting ready...

You'll need the Git repo we set up in Managing your manifests with Git and Creating a decentralized Puppet architecture, and the papply script from Writing a papply script.

You'll also need to create an SSH key that each machine can use to pull changes from the Git repo. To create this, follow these steps:

  1. Run the following command to generate the keyfile:

    ubuntu@cookbook:~/puppet$ ssh-keygen -f ubuntu
    Generating public/private rsa key pair.
    Enter passphrase (empty for no passphrase):
    Enter same passphrase again:
    Your identification has been saved in ubuntu.
    Your public key has been saved in ubuntu.pub.
    The key fingerprint is:
    ae:80:48:1c:14:51:d6:b1:73:4f:60:e2:cf:3d:ce:f1 ubuntu@cookbook
    The key's randomart image is:
    +--[ RSA 2048]----+
    | ++o.o.o         |
    |      +          |
    |     +           |
    |      = +        |
    | o     oS=       |
    |        o +      |
    |         o E     |
    |                 |
    |                 |
    +-----------------+
    
  2. Print the contents of the ubuntu.pub file:

    ubuntu@cookbook:~/puppet$ cat ubuntu.pub
    ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8EsdLAZHIg1nnMzJuIQ5jEcFL1WI5AVhml6Z3Gw4zc4xw6F1Citomc+3DexcaD+y3VrD3WEOGcXweCsxJF0EGyJoc4RbPAJaP3D4V/+9FQVZcH90GukasvtIrfJYy2KFfRBROKtrfckMbBlWF7U2U+FwaalMOtgLzZeECSDU4eYuheN3UVcyg9Zx87zrLYU5EK1JH2WVoZd3UmdH73/rwPJWtSEQ3xs9A2wMr0lJsCF4CcFCVwrAIoEf5WzIoHbhWyZaVyPR4gHUHd3wNIzC0rmoRiYwE5uYvVBObLN10uZhn7zGPWHEc5tYU7DMbz61iTe4NLtauwJkZxmXUiPJh ubuntu@cookbook
    

Copy this and add it to your GitHub repo as a deploy key (refer to the GitHub site for instructions on how to do this). This will authorize the key to clone the Puppet repo from GitHub.

How to do it...

Follow these steps:

  1. Move the public key file into your puppet module:

    ubuntu@cookbook:~/puppet$ mv ubuntu.pub
      modules/puppet/files/ubuntu.pub
    
  2. Keep the private key file somewhere separate from your Puppet repo (you'll distribute this via some other channel to machines which need to check out the repo).

  3. Create the file modules/puppet/files/pull-updates.sh with the following contents:

    #!/bin/sh
    cd /home/ubuntu/puppet
    git pull && /usr/local/bin/papply
  4. Modify the file modules/puppet/manifests/init.pp to look like this:

    class puppet {  
      file { '/usr/local/bin/papply':
        source => 'puppet:///modules/puppet/papply.sh',
        mode   => '0755',
      }
    
      file { '/usr/local/bin/pull-updates':
        source => 'puppet:///modules/puppet/pull-updates.sh',
        mode   => '0755',
      }
      
      file { '/home/ubuntu/.ssh/id_rsa':
        source => 'puppet:///modules/puppet/ubuntu.priv',
        owner  => 'ubuntu',
        mode   => '0600',
      }
    
      cron { 'run-puppet':
        ensure  => 'present',
        user    => 'ubuntu',
        command => '/usr/local/bin/pull-updates',
        minute  => '*/10',
        hour    => '*',
      }
    }
  5. Run Puppet:

    ubuntu@cookbook:~/puppet$ papply
    Notice: /Stage[main]/Puppet/Cron[run-puppet]/ensure: created
    Notice: /Stage[main]/Puppet/File[/usr/local/bin/pull-
      updates]/ensure: defined content as 
        '{md5}20cfc6cf2a40155d4055d475a109137d'
    Notice:
      /Stage[main]/Puppet/File[/home/ubuntu/.ssh/id_rsa]/ensure:
        defined content as '{md5}db19f750104d3bf4e2603136553c6f3e'
    Notice: Finished catalog run in 0.27 seconds
    
  6. Test that the new SSH key is authorized to GitHub correctly:

    ubuntu@cookbook:~/puppet$ ssh [email protected]
    PTY allocation request failed on channel 0
    Hi bitfield/cookbook! You've successfully authenticated, but
      GitHub does not provide shell access.
    Connection to github.com closed.
    
  7. Check that the pull-updates script works properly:

    ubuntu@cookbook:~/puppet$ pull-updates
    Already up-to-date.
    Notice: Finished catalog run in 0.16 seconds
    

How it works...

Up to now, you've been using your own SSH credentials to access GitHub from the managed machine (using SSH agent forwarding), but that won't work if we want the machine to be able to pull updates unattended, while you're not logged in. So we've created a new SSH keypair and added the public part of it as a deploy key on GitHub, which gives repo access to anyone who has the private half of the key.

We've added this private key as the ubuntu user's default SSH key:

file { '/home/ubuntu/.ssh/id_rsa':
  source => 'puppet:///modules/puppet/ubuntu.priv',
  owner  => 'ubuntu',
  mode   => '0600',
}

This enables the ubuntu user to run git pull in the puppet directory. We've also added the pull-updates script, which does this and runs Puppet if any changes were pulled:

#!/bin/sh
cd /home/ubuntu/puppet
git pull && papply

We deploy this script to the box with Puppet:

file { '/usr/local/bin/pull-updates':
  source => 'puppet:///modules/puppet/pull-updates.sh',
  mode   => '0755',
}

Finally, we've created a cron job that runs pull-updates at regular intervals (every 10 minutes, but feel free to change this if you need to):

cron { 'run-puppet':
  ensure  => 'present',
  command => '/usr/local/bin/pull-updates',
  minute  => '*/10',
  hour    => '*',
}

There's more...

Congratulations, you now have a fully-automated Puppet infrastructure! Once you have checked out the repo on a new machine and applied the manifest, the machine will be set up to pull any new changes and apply them automatically.

So, for example, if you wanted to add a new user account to all your machines, all you have to do is add the account in your working copy of the manifest, and commit and push the changes to GitHub. Within 10 minutes it will automatically be applied to every machine that's running Puppet.

That's very handy, but sometimes we'd like to be able to apply the changes to a specific machine right away, without waiting for them to be picked up by the cron job. We can do this using the Rake tool, and we'll see how to do that in the next section.

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image