Puppet Cheat Sheet

Puppet Agent

# Apply catalog using -verbose, -ignorecache, -no-daemonize -detailed-exit-codes, -show_diff

puppet agent --test (or -t)

Run in debug mode with more output:

puppet agent -t --debug

Run simulation (no changes to system):

puppet agent -t --noop

Run catalog for different environment than whats configured in Puppet Agent's conf file:

puppet agent -t --environment development

Disable puppet agent from running on node:

puppet agent --disable (this creates a lock file)

to enable:

puppet agent --enable

show all installed packages:

puppet resource package

install or remove package:

puppet resource package apache ensure=present/absent

show all managed resources:

puppet resource

show all Classes that are applied to the node from the compiled catalog

puppet config print classfile

cat /opt/puppetlabs/puppet/cache/state/classes.txt

show all Resources that are applied to the node from the compiled catalog

puppet config print resourcefile

cat /opt/puppetlabs/puppet/cache/state/resources.txt

show a graph of all dependencies found in a catalog, stored in a .dot image

puppet agent -t --graph

## show location of the generated .dot file

puppet agent --configprint graphdir

Puppet Server

Certs

List all certs

puppet cert list --all

sign certificate

puppet cert sign 'certname'

remove client cert

puppet cert clean 'certname'

apply config directly from command line and pass parameter

puppet apply -e "class { 'my_super_module': version => '1.2'}"

puppet apply -e "include myClass"

puppet apply -e "user { 'spiderman': ensure => 'present', managehome => true, groups => ['wheel'], home => '/home/spiderman', password=> 'webz', password_max_age => '99999', password_min_age => '0', shell=> '/bin/bash', uid=> '7021',}"

Configuration

Puppet configuration file:

/etc/puppetlabs/puppet/puppet.conf

Print all configuration settings:

puppet config print all

Check current Puppet version and if theres an update available:

./opt/puppetlabs/bin/puppet-enterprise-version-check

Log and File Locations

Puppet Server log:

/var/log/puppetlabs/puppetserver/puppetserver.log

PuppetDB log:

/var/log/puppetlabs/puppetdb/puppetdb.log

SSL certs location:

/etc/puppetlabs/puppet/ssl

Master Configuration file:

/etc/puppetlabs/puppet/puppet.conf

Agent installation packages:

/opt/puppetlabs/server/data/packages/public/current

Site.pp location:

/etc/puppetlabs/code/environments/productions/manifests/site.pp

Environment config file: /etc/puppetlabs/code/environments/production/environment.conf

Troubleshooting Catalog Compile

Debug compilation for specific node

puppet master ––debug ––compile node.xyz

Metrics & Dashboard

https://<PuppetMasterHostname>:8140/puppet/experimental/dashboard.html

Syntax & DSL

Resources:

package { 'ntp': ensure => installed, }

service { 'ntp': name => $service_name, ensure => running, enable => true, subscribe => File['ntp.conf'], }

file { 'ntp.conf': path => '/etc/ntp.conf', ensure => file, require => Package['ntp'], source => "puppet:///modules/ntp/ntp.conf", }

This source file would be located on the Puppet master at

/etc/puppetlabs/code/modules/ntp/files/ntp.conf }

Virtual Resource:

@user { 'www-user': ensure => present, tag => web, }

realize Virtual resource

realize User['www-user'] User <| tag == web |> # Resource default setting:

Resource Default:

Exec { path => '/sbin:/bin:/usr/sbin:/usr/bin', }

this will make all Execs use the default path

list all Puppet resources:

puppet describe ––list

list metaparameters for specific resource

puppet describe user

Conditionals:

Case Statement:

case $operatingsystem { centos, redhat: { $service_name = 'ntpd' } debian, ubuntu: { $service_name = 'ntp' } default: { $service_name = 'unknown' } }

If Else Statement:

if $is_virtual { warning('target is virtual.') } elsif $operatingsystem == 'Darwin' { warning('module doesnt work on this OS.') } else { include ntp }

OR, AND

if ($color == 'red') or ($sound == 'quiet') { notify {'should never see this': } }

if ($color == 'red') and ($blah == "ok") {

Selector Statement:

$rootgroup = $osfamily ? { 'Solaris' => 'wheel', /(Darwin|FreeBSD)/ => 'wheel', default => 'root', }

Unless Statement:

unless $memorysize > 1024 { $maxclient = 500 }

IN operator:

if '64' in $::architecture if $user in [ 'joe','fred','bill' ]

PICK function:

chooses the first available option if variable is set, if not, chooses the default (last variable)

** Requires 'puppetlabs/stdlib' module

$root_home = hiera('root_home')

$homedir = pick($root_home,'/root') # if $room_home is not set, use '/root'

Variables:

Assignment to Var:

$content = "some content\n"

Arrays:

$address = [$addr1, $addr2, $addr3]

file {'/tmp/testing': ensure => file, content => $content, }

Iterations

$binaries = ["facter", "hiera", "mco", "puppet", "puppetserver"] # function call with lambda: $binaries.each |String $binary| { file {"/usr/bin/$binary": ensure => link, target => "/opt/puppetlabs/bin/$binary", } }

Hashes:

$warning_msg = { memory => "memory low", disk => "disk space low" }

notify { $warning_msg[disk]: }

complex Hash

$services = { "apache" => { "version" => "2.8", "desc" => "web server" }, "mysql" => { "version" => "5.6", "desc" => "web server" }}

Iterate a complex Hash

$services.each |$name, $value| { notice $name notice $value['version'] }

Resource Ordering:

package { 'openssh-server': ensure => present, before => File['/etc/ssh/sshd_config'], }

file { '/etc/ssh/sshd_config': ensure => file, mode => '0600', source => 'puppet:///modules/sshd/sshd_config', require => Package['openssh-server'], }

same as:

file { '/etc/ssh/sshd_config': ensure => file, mode => '0600', source => 'puppet:///modules/sshd/sshd_config', notify => Service['sshd'], } service { 'sshd': ensure => running, enable => true, subscribe => File['/etc/ssh/sshd_config'], }

Chaining Arrows:

Package['ntp'] -> File['/etc/ntp.conf'] ~> Service['ntpd']

# first: package { 'openssh-server': ensure => present, } -> # and then: file { '/etc/ssh/sshd_config': ensure => file, mode => '0600', source => 'puppet:///modules/sshd/sshd_config', } ~> # and then: service { 'sshd': ensure => running, enable => true, }

or

Service['httpd'] <~ File['apache.conf'] <- Package['httpd']

Service 'httpd' is subscribed to File 'apache.conf', if File changes,

Service will restart. File 'apache.conf' requires Package 'httpd'

Resource Collector Chaining:

Yumrepo <| |> -> Package <| |>

Defined Types:

Before declaring Apache class

define apache::virtualhost ( $ensure = present, $template = 'apache/virtualhost.conf.erb' , [...] ) {file { "ApacheVirtualHost_${name}": ensure => $ensure, content => template("${template}"), }} Declaration of a define, after declaring Apache class

class apache { apache::virtualhost { 'www.myvhost.com': template => 'site/apache/www.myvhost.com-erb' }}

another Def Type example,

$scripts = [ 'break.sh', 'apache.sh', 'startup.py' ] define configure_scripts { file { "/tmp/${name}": ensure => file, source => "puppet:///modules/mymodule/${name}", mode => '0755', noop => false, } } configure_scripts { $scripts:; }

ERB template

Passing parameters:

<%= @fqdn %> For loop <% @dns_servers.each do |ns| %> nameserver <%= ns %> <% end %> <% for @item in @shopping_list %> <%= @item %> <% end %>

If else

<% if @param -%>blah blah<% elsif @param == 'duck' -%> this is a duck <% else %>xxxx

<% end %>

if and or

<% if @param1 == 'a' or $param1 == 'b' %>

Binary Links

• PE 2016.2 EL7 x64 tarball https://s3.amazonaws.com/pe-builds/released/2016.1.2/puppet-enterprise-2016.1.2-el-7-x86_64.tar.gz

Ports

Puppet Master: 8140

Certificate Auth: 8140

Orchestration: 8142

PE Console: 443

Console Services: 4433

PuppetDB: 8081

PostgresSQL: 5432

Mcollective: 61613

ActiveMQ: 61616

Scaling & Tuning

Max # of nodes per instance (conservative estimate):

PE Master: 700-800

ActiveMQ Broker: 800