Puppet Summary

Which Version

Very interesting understand in the relation of puppet and ruby.
Source this page

  • puppet enterprise is given with ruby embedded
  • puppet free instead use the ruby of the virtual machine

At the end of the page there is a table of the compatibility




puppet agent --test

check the syntaxt

puppet parser validate gs1das.pp

some exaples

create directory structure http://www.puppetcookbook.com/posts/creating-a-directory-tree.html
there is not the options mkdir -p , sob

file { [ "/usr/local/whisper/", "/usr/local/whisper/2.0",
         "/usr/local/whisper/2.0/bin", "/usr/local/whisper/2.0/log" ]:
    ensure => "directory",

copy directory, with its content

class gradle {
    file { "/home/myuser/gradle-1.7":
        mode => 0755,
                owner => "myuser",
                group => "mygroup",
                source => "puppet:///modules/gradle/gradle-1.7",
        recurse => true,


    cron { 'gradleexecution':
        command => 'cd /var/batch_server; /home/myuser/gradle-1.7/bin/gradle build installApp upload;/home/myuser/gradle-1.7/bin/gradle war',
                user => gradle,
                minute => '0',
                hour => '8',
                monthday => '*',
                month => '*',
                weekday => '*',

concatenate string

an example with cron

        $commandtocron = "/usr/local/bin/backup_to_s3.sh ${dirtobackup} >> /var/log/backup_to_s3.log 2>&1"
        cron { 'push backups to s3 ':
                command => $commandtocron,

from http://stackoverflow.com/questions/14885263/how-do-you-concatenate-strings-in-a-puppet-pp-file

install a module

source http://docs.puppetlabs.com/puppet/2.7/reference/modules_installing.html#installing-from-the-puppet-forge

# puppet module install puppetlabs-apache

set timezone

the code to set the timezone to insert inside the nodename.pp

class { 'timezone': timezone => 'Europe/Amsterdam', 

to know witch timezone you want to use do this
 ls /usr/share/zoneinfo/
Africa/      Asia/       Canada/  Cuba   EST      Factory  GMT0@       Hongkong  Iran         Japan       MET      Navajo    Poland      PRC      ROK        UCT         WET
America/     Atlantic/   CET      EET    EST5EDT  GB@      GMT-0@      HST       iso3166.tab  Kwajalein   Mexico/  NZ        Portugal    PST8PDT  Singapore  Universal@  W-SU
Antarctica/  Australia/  Chile/   Egypt  Etc/     GB-Eire  GMT+0       Iceland   Israel       Libya       MST      NZ-CHAT   posix/      right/   SystemV/   US/         zone.tab
Arctic/      Brazil/     CST6CDT  Eire   Europe/  GMT@     Greenwich@  Indian/   Jamaica      localtime@  MST7MDT  Pacific/  posixrules  ROC      Turkey     UTC         Zulu@
giuseppe@giuseppe-Latitude-E7250 ~> ls /usr/share/zoneinfo/Europe/
Amsterdam  Belgrade@    Bucharest  Copenhagen  Helsinki      Kaliningrad  London@     Mariehamn@  Nicosia     Prague  San_Marino  Sofia      Tiraspol  Vienna     Zagreb@
Andorra    Berlin       Budapest   Dublin@     Isle_of_Man@  Kiev         Luxembourg  Minsk       Oslo        Riga    Sarajevo    Stockholm  Uzhgorod  Vilnius    Zaporozhye
Athens     Bratislava@  Busingen   Gibraltar   Istanbul@     Lisbon@      Madrid      Monaco      Paris       Rome@   Simferopol  Tallinn    Vaduz@    Volgograd  Zurich@
Belfast@   Brussels     Chisinau@  Guernsey@   Jersey@       Ljubljana@   Malta       Moscow@     Podgorica@  Samara  Skopje@     Tirane     Vatican@  Warsaw@
giuseppe@giuseppe-Latitude-E7250 ~> ls /usr/share/zoneinfo/Europe/

source controll vcsrepo

to manage source repository with puppet

I have used with mercurial some example are here https://github.com/puppetlabs/puppetlabs-vcsrepo/blob/master/README.HG.markdown

       vcsrepo { '/var/hg/repos/reponame':
        ensure   => latest,
                provider => hg,
                source   => 'ssh://myuser@serverhostname:sshport//var/hg/repos/reponame',
                require => Class['somepackages'],
                owner => 'myuser',
                group => 'mygroup',
        revision => $variablenameindicatetherevision,

ensure => latest, keep the repository at the latest revision (note: this will always overwrite local changes to the repository):


install the module in puppet master
source of the module https://github.com/dagency/puppet-htop
after that modify the file /etc/puppet/modules/htop# nano manifests/init.pp

class htop {
         package {'htop':
         ensure => installed,


after that when you include the puppet module is automatically installed on the system

multiple require

user { "tim":
        ensure     => present,
        gid        => "fearme",
        groups     => ["adm", "staff", "root", "fearmenot"],
        membership => minimum,
        shell      => "/bin/bash",
        require    => [ Group["fearme"],


puppet module install attachmentgenie-ufw

source https://forge.puppetlabs.com/attachmentgenie/ufw with not so much examples

include  ufw

        ############ some ufw configuration #######################
        ufw::allow { "allow-ssh-from-all":
                port => 22,

        ufw::allow { "a-comment-to-describe-must-be-all-different":
                port => 80,
                proto => "tcp",
                from => "",

check the value of a variable

$commandtocron = "/usr/sbin/backup"

notify {"croncommand: $commandtocron ":}

Relations and precedence


      require => Package['openssh-server'],

      before => File['/etc/ssh/sshd_config'],

Analizy why

puppet-agent[4597]: Skipping run of Puppet configuration client; administratively disabled; use 'puppet Puppet configuration client --enable' to re-enable.

to unblock from the client machine run this

puppet agent --enable

Remove a certificate

from the master

puppet cert clean puppet-node-name

to reanable the machine from the client

rm -r /etc/puppet/ssl; rm -r /var/lib/puppet/ssl

and try to connect again

code that describe a password
if you setup the password with passwd command and after you describe the user , you can know the hash , and put this hash in the puppet code so the user keep always the same password

puppet resource user clavis
user { 'clavis':
  ensure           => 'present',
  comment          => ',,,',
  gid              => '1002',
  home             => '/home/clavis',
  password         => '$6$HPArhvsd$ag4AT1jWL85P.ZG0IO7v2p5tghhghgOLuscGOT0AlxwWwySIxz4dXKvurUYg.MlGWGI1',
  password_max_age => '99999',
  password_min_age => '0',
  shell            => '/bin/bash',
  uid              => '1002',

an example of user create
  file { "/home/myuser":
    ensure => "directory",
    owner  => "myuser",
    group  => "myuser",
    mode   => 700,
    require =>  [ User[myuser], Group[myuser] ],

  group { 'myuser':
               ensure => "present",

  user { "myuser":
    ensure => "present",
    home => "/home/myuser",
    name => "myuser",
    shell => "/bin/bash",
    managehome => true,
    password => '$6$HPArhvsd$ag4AT1jWL85P.ZG0IO7v2p5tghhghgOLuscGOT0AlxwWwySIxz4dXKvurUYg.MlGWGI1',

regex in the node definition

if you want have many machines that mach the node puppet code you need to have something like this

cat rundeck-.pp

node /^rundeck-\d+$/ {
   include role::rundeckrole

is very important also the name of the pp file in the filesystem , this match all the machines with cipher rundeck-1 rundeck-2 ecc

To check the regular expression use this fantastic tool http://rubular.com/


Ubuntu change the version of puppet

In ubuntu 11 , after the installation of puppet the default version of ruby was reverted to 1.8 .
This was good for puppet but cause some errors to other sw.
To change the version I red this article http://leonard.io/blog/2012/05/installing-ruby-1-9-3-on-ubuntu-12-04-precise-pengolin/

sudo update-alternatives --install /usr/bin/ruby ruby /usr/bin/ruby1.9.1 400 \
         --slave   /usr/share/man/man1/ruby.1.gz ruby.1.gz \
                        /usr/share/man/man1/ruby1.9.1.1.gz \
        --slave   /usr/bin/ri ri /usr/bin/ri1.9.1 \
        --slave   /usr/bin/irb irb /usr/bin/irb1.9.1 \
        --slave   /usr/bin/rdoc rdoc /usr/bin/rdoc1.9.1

class overriding

include changesender

  class changesender inherits postfix_rackspace::config {
    File  ['/etc/postfix/sender_canonical']{
      source => undef,
      content => "/.+/ different@mycompany.com",
    File  ['/etc/postfix/header_checks']{
      content => template('postfix_rackspace/header_checks-no-host.erb'),

auth.conf puppetmaster

the order of allow it is NOT import

# allow nodes to retrieve their own catalog
path ~ ^/catalog/([^/]+)$
method find
allow star.mydomain.com
allow $1

or this
# allow nodes to retrieve their own catalog
path ~ ^/catalog/([^/]+)$
method find
allow $1
allow star.mydomain.com

are the same

validate yaml

/opt/puppet/bin/ruby -e "require 'yaml'; YAML.load_file('common.yaml')"

check a configuration

$ puppet config print parser

without the data , in the above example is parser it list all the configuration
Salvo diversa indicazione, il contenuto di questa pagina è sotto licenza Creative Commons Attribution-ShareAlike 3.0 License