Professional Documents
Culture Documents
Building Your
First Puppet
Module
Contents Related Courses
Add to Git 10
Creating an NTP
View on Puppet Console 11 Class
Puppet Run 11
Linux Academy
Community
In this lab, we will build out an NTP module for our Puppet master and agent node. A params.pp file will
be used, as well as templates, and the service, file, and package resources. We will then validate our
code, push it to GitHub, create an NTP classification on the Puppet Console, and pin both our Master and
agent nodes before issuing a Puppet run.
Log in to both servers using the provided information on the Hands-on Lab page. Use sudo su - to switch
to the root user on both nodes.
On the Puppet Master server, open /etc/hosts in your chosen editor, and add puppet.ec2.internal
to the loopback address:
Switch to the Puppet agent server. Open /etc/hosts, and add agent01.ec2.internal tot he loopback
address. We also want to associate our Puppet Master’s IP address with the internal DNS we added to its
own /etc/hosts file. Ensure you substitute <SERVER1IP> with the public IP address of your first server.
Configure SELinux
View the config file to see SELinux’s settings:
-1-
Building Your First Puppet Module Linux Academy
[root@puppet] setenforce 0
{
“console_admin_password”: “password”,
“puppet_enterprise::puppet_master_host”: “puppet.ec2.internal”,
“pe_install::puppet_master_dnsaltnames”: [
“puppet”
“master”
]
}
Install Puppet Enterprise. The installation file is located in the home directory of the server.
This process takes several minutes. Once finished, trigger a Puppet run:
We can now use the server’s IP address to directly access the Puppet Enterprise Console. Copy the
Puppet Master’s IP address into your browser, ensuring to prepend https:// to the beginning:
https://<SERVER1PUBLICIP>
Log in using the username of admin and the password you set in the pe.conf file.
Click Nodes on the far-left menu. Go to Unsigned Certificates and copy the curl command provided
under Adding nodes to manage with Puppet Enterprise. This is the command we will use to set up our
Puppet agent.
-2-
Building Your First Puppet Module Linux Academy
Run the curl command from the Puppet Enterprise Console to install Puppet:
Once the installation is complete, return to the Puppet Enterprise Console and refresh the Unsigned
Certificates page. Press Accept next to the agent01.ec2.internal node to sign the certificate.
Once finished, from the Puppet Enterprise Console, click on Configuration in the far-left menu. Confirm
that the run was successful by checking that it appears under the Run status section of the overview page,
then clicking on the agent01.ec2.internal link under Node name. Select the Reports tab. Everything
should be running properly.
[root@puppet] cd /etc/puppetlabs/puppet/code/environments/production/
modules
Use the puppet module generate command to create a new Puppet module for NTP, substituting your
own first initial and last name:
-3-
Building Your First Puppet Module Linux Academy
-->
What license does this module code fall under? [Apache-2.0]
-->
How would you describe this module in a single sentence?
--> NTP Puppet module
Where is this module’s source code repository?
When you reach the Where is this module’s source code repository? prompt, do nothing.
Log in to your GitHub account and create a New repository. Set the name to puppet-ntp or another name
of your choosing. Create repository.
Copy the GitHub URL, under “Quick setup,” to your clipboard. Return to your Puppet Master and paste in
the URL to the source code prompt:
git@github.co m:<USERNAME>/puppet-ntp.git
When asked where [others can] go to learn more about this module copy and paste in
the plain URL to the GitHub repository:
Add /issues to the URL to state Where [others can] go to file issues about this
module:
Continue by pressing y:
----------------------------------------
{
“name”: “flastname-ntp”,
“version”: “0.1.0”,
“author”: “flastname”,
“summary”: “NTP Puppet module”,
“license”: “Apache-2.0”,
“source”: “git@github.co m:<USERNAME>/puppet-ntp.git”,
“project_page”: “https://github.com/<USERNAME>/puppet-ntp”,
“issues_url”: “https://github.com/<USERNAME>/puppet-ntp/issues”,
“dependencies”: [
{“name”:”puppetlabs-stdlib”,”version_requirement”:”>= 1.0.0”}
],
“data_provider”: null
}
----------------------------------------
About to generate this metadata; continue? [n/Y]
-4-
Building Your First Puppet Module Linux Academy
--> y
Notice: Generating module at /etc/puppetlabs/code/environments/
production/modules/ntp...
Notice: Populating templates...
Finished; module generated in ntp.
ntp/Gemfile
ntp/Rakefile
ntp/examples
ntp/examples/init.pp
ntp/manifests
ntp/manifests/init.pp
ntp/spec
ntp/spec/classes
ntp/spec/classes/init_spec.rb
ntp/spec/spec_helper.rb
ntp/README.md
ntp/metadata.json
Create Manifests
Navigate to the manifests folder, under the ntp directory:
[root@puppet] cd ntp/manifests/
install.pp
Open the install.pp file in your chosen text editor. We want to now create our class, defining our
parameters:
class ntp::install(
String $package_name = $ntp::package_name,
String $package_ensure = $ntp::package_ensure,
) { }
class ntp::install(
String $package_name = $ntp::package_name,
String $package_ensure = $ntp::package_ensure,
) {
package { $package_name:
ensure => $package_ensure,
}
}
-5-
Building Your First Puppet Module Linux Academy
config.pp
Open the config.pp file. As before, we are first going to define our parameters:
class ntp::config(
String $config_name = $ntp::config_name,
String $config_file_mode = $ntp::config_file_mode,
Array[String] $servers = $ntp::servers,
) { }
Add the file resource to define the path of the configuration file:
class ntp::config(
String $config_name = $ntp::config_name,
String $config_file_mode = $ntp::config_file_mode,
Array[String] $servers = $ntp::servers,
) {
file { “/etc/${config_name}”:
ensure => file,
owner => 0,
group => 0,
mode => $config_file_mode,
content => template(“$module_name/ntp.conf.erb”)
}
}
Note that the $servers variable is not used in the file, because it will be used in the template.
service.pp
Open the service.pp file, and add the class and parameters:
class ntp::service(
String $service_name = $ntp::service_name,
String $service_ensure = $ntp::service_ensure,
Boolean $service_enable = $ntp::service_enable,
Boolean $service_hasstatus = $ntp::service_hasstatus,
Boolean $service_hasrestart = $ntp::service_hasrestart,
) { }
class ntp::service(
String $service_name = $ntp::service_name,
String $service_ensure = $ntp::service_ensure,
-6-
Building Your First Puppet Module Linux Academy
params.pp
Open the params.pp file, and add the class. We are then going to define our variables:
class ntp::params {
$package_name = ‘ntp’
$package_ensure = ‘present’
$config_name = ‘ntp.conf’
$config_file_mode = ‘0664’
$servers = [‘0.centos.pool.ntp.org’, ‘1.centos.pool.ntp.org’]
$service_ensure = ‘running’
$service_enable = true
$service_hasrestart = true
$service_hasstatus = true
$service_name = $facts[‘os’][‘family’] ? {
‘Debian’ => ‘ntp’,
default => ‘ntpd’,
}
}
init.pp
Open the init.pp file and remove the commented lines, leaving only the class skeleton:
class ntp {
-7-
Building Your First Puppet Module Linux Academy
class ntp(
String $package_name = $ntp::params::package_name,
String $package_ensure = $ntp::params::package_ensure,
String $config_name = $ntp::params::config_name,
String $config_file_mode = $ntp::params::config_file_mode,
Array[String] $servers = $ntp::params::servers,
String $service_ensure = $ntp::params::service_ensure,
String $service_name = $ntp::params::service_name,
Boolean $service_enable = $ntp::params::service_enable,
Boolean $service_hasrestart = $ntp::params::service_hasrestart,
Boolean $service_hasstatus = $ntp::params::service_hasstatus,
) {
}
class ntp(
String $package_name = $ntp::params::package_name,
String $package_ensure = $ntp::params::package_ensure,
String $config_name = $ntp::params::config_name,
String $config_file_mode = $ntp::params::config_file_mode,
Array[String] $servers = $ntp::params::servers,
String $service_ensure = $ntp::params::service_ensure,
String $service_name = $ntp::params::service_name,
Boolean $service_enable = $ntp::params::service_enable,
Boolean $service_hasrestart = $ntp::params::service_hasrestart,
Boolean $service_hasstatus = $ntp::params::service_hasstatus,
) inherits ::ntp::params {
class { ‘::ntp::install’: }
-> class { ‘::ntp::config’: }
~> class { ‘::ntp::service’: }
}
Validate Module
Run the puppet parser validate command against each .pp file to ensure there are no errors. Make
any needed changes, should any issue arise:
Create Template
Create the templates directory and change into it:
-8-
Building Your First Puppet Module Linux Academy
[root@puppet] cd ../templates
# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_
mon(5).
driftfile /var/lib/ntp/drift
# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
keys /etc/ntp/keys
# Specify the key identifiers which are trusted.
#trustedkey 4 8 42
# Specify the key identifier to use with the ntpdc utility.
#requestkey 8
# Specify the key identifier to use with the ntpq utility.
#controlkey 8
-9-
Building Your First Puppet Module Linux Academy
ntpdc
# monlist command when default restrict does not include the noquery
#flag. See
# CVE-2013-5211 for more details.
# Note: Monitoring will not be disabled with the limited restriction
#flag.
disable monitor
Notice that under the # Use public servers section we have added code to add the servers from the
array created earlier.
Add to Git
Move back into the ntp directory:
[root@puppet] cd ..
Install Git:
Return to GitHub, and copy the provided git remote command (under “...or create a new repository on
the command line”). Use it to set the remote for the repository:
Before we can push to GitHub, we have to set a deploy key associated with our repository on GitHub. First,
generate an SSH key:
[root@puppet] ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
- 10 -
Building Your First Puppet Module Linux Academy
32:70:14:44:36:ac:90:a7:42:88:82:22:52:7f:fa:0d root@puppet.ec2.internal
The key’s randomart image is:
+--[ RSA 2048]----+
|+... B. |
|O. . . |
|* |
|. . .= |
| . E S |
| . = |
| . . |
| |
| |
+-----------------+
On GitHub, go to the Settings tab under your puppet-ntp repository. Click on Deploy keys, then Add
deploy key. Copy in the public key, give the key a title, and check off Allow write access.
Under the Classes tab, search for ntp, then press Add class. You may need to refresh the page. At the
bottom of the page, lick Commit 1 Change.
Go to the Rules tab and, under Pin specific nodes to group, add the puppet.ec2.internal node. Commit 1
Change.
Puppet Run
Return to the Puppet Master server and preform a Puppet run:
- 11 -
Building Your First Puppet Module Linux Academy
Review
We have now set up Puppet, created and validated an NTP module, and run it against both of our nodes.
With these skills, we can go on to experiment with more complex Puppet modules and otherwise further
practice with the Puppet DSL.
- 12 -
Building Your First Puppet Module Linux Academy
- 13 -
Building Your First Puppet Module Linux Academy
- 14 -
Building Your First Puppet Module Linux Academy
- 15 -
Building Your First Puppet Module Linux Academy
- 16 -
Building Your First Puppet Module Linux Academy
- 17 -
Building Your First Puppet Module Linux Academy
- 18 -
Building Your First Puppet Module Linux Academy
- 19 -
Building Your First Puppet Module Linux Academy
- 20 -
Building Your First Puppet Module Linux Academy
- 21 -
Building Your First Puppet Module Linux Academy
- 22 -
Building Your First Puppet Module Linux Academy
- 23 -