Puppet On Windows

VERY IMPORTANT THIS PAGE IS STRONGLY CONNECTED TO http://gborgese.wikidot.com/powershell


read and summarize
https://docs.puppetlabs.com/windows/troubleshooting.html

location of puppet.conf

Puppet’s confdir can be found at one of the following locations:

*nix Systems: /etc/puppetlabs/puppet
Windows: C:\ProgramData\PuppetLabs\puppet\etc
non-root users: ~/.puppetlabs/etc/puppet

install a package on windows

https://docs.puppetlabs.com/puppet/3.6/reference/resources_package_windows.html

create a file on windows

https://docs.puppetlabs.com/puppet/3.8/reference/resources_file_windows.html

unless using a registry key

exec { "Register client ${::fqdn} on server":
      cwd     => $exec_client_working_dir,
      command => "dsmc.exe set password ${username} ${password}",
      unless  => "C:\\Windows\\System32\\reg.exe query HKEY_LOCAL_MACHINE\\SOFTWARE\\IBM\\ADSM\\CurrentVersion\\Nodes\\${nodename}\\ /s /v mykey",
      path    => $exec_path,
      timeout => '15',
      provider => powershell,
}
  • with /s it check recursive
  • with /v you specify the keyname

set the value of a registry key

using the module
https://github.com/puppetlabs/puppetlabs-registry
https://puppetlabs.com/blog/module-of-the-week-puppetlabs-registry-windows

registry::value { 'Platform':
    key  => 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Software\\Source',
    data => 'Cloud',
    type => 'string',
  }

exec only if a directory doesn't exist, thanks to Gianluca

onlyif => 'if (Test-Path c:/mydir/myfolder/) then {exit 1} else {exit 0}

Useful modules

network changes

windows firewall

https://forge.puppetlabs.com/thoward/windows_firewall

many purposes

reboot

Very useful reboot module especially on windows https://forge.puppetlabs.com/puppetlabs/reboot
what is possible to do (code taken from module page):

  • reboot the system after install a package
package { 'SomeModule':
  ensure          => installed,
  source          => '\\server\share\some_installer.exe',
  install_options => ['/Passive', '/NoRestart'],
}
reboot { 'after':
  subscribe       => Package['SomePackage'],
}
  • Complete any pending reboots before installing a package
  • Install multiple packages before rebooting, for packages not depending each other

Tutorial online

Puppet conf 2013

getting started with puppet on windows

Puppet conf 2014 and 2015

Puppet windows getting started
the same slides and topic but watch the 2014 for a better video quality

Script vs puppet, from the ntp service script min 1:

  • with the script you can't be sure if it is working
  • how do you do with many machines?
  • if the time service is already stopped
  • how do you check if it is already ok
  • how do you check if is working?
service { 'win32time':
  ensure => running,
  enable => true,
}

enable => true means the service is in automatic mode in the windows service list

chocolatey

https://chocolatey.org

package { 'javaruntime':
  ensure => installed,
  provider => chocolatey,
  before => Service[''jenkinslsave],
}
service { 'jenkinsslave':
  ensure => running,
  enable => true,
}

permissions

puppet needs to run with high privileges from the slides is possible seee two cases

  • good priviledges
whoami /groups /fo csv | Select-String 'Administrator'

"BUILTIN\Administrator", "Alias", "S-1-5-32-544", "Mandatory group, Enabled by default, Enabled group, Group owner"
  • not working privileges
whoami /groups /fo csv | Select-String 'Administrator'

"BUILTIN\Administrator", "Alias", "S-1-5-32-544", "Group used for deny only"

configdir

  • system
puppet agent --configprint confdir
c:/ProgramData/PuppetLabs/puppet/etc
  • user
puppet agent --configprint confdir
c:/Users/albert/.puppet
Salvo diversa indicazione, il contenuto di questa pagina è sotto licenza Creative Commons Attribution-ShareAlike 3.0 License