DOF404 - Hiera et Modules

trainee@puppet:~$ cd puppet-beginners-guide-3
trainee@puppet:~/puppet-beginners-guide-3$ vagrant destroy
trainee@puppet:~/puppet-beginners-guide-3$ scripts/start_vagrant.sh
trainee@puppet:~/puppet-beginners-guide-3$ vagrant ssh

Exécutez cmd et saisissez les commandes suivantes :

Microsoft Windows [version 10.0.16299.431]
(c) 2017 Microsoft Corporation. Tous droits réservés.

C:\Users\trainee>cd puppet-beginners-guide-3

C:\Users\trainee\puppet-beginners-guide-3>vagrant destroy

C:\Users\trainee\puppet-beginners-guide-3>cd scripts

C:\Users\trainee\puppet-beginners-guide-3\scripts>start_vagrant.sh

C:\Users\trainee\puppet-beginners-guide-3\scripts>vagrant ssh

Le manifest suivant stipule la version de l'agent Puppet qui doit être installé sur un noeud :

package { 'puppet-agent':
	ensure => '5.2.0-1xenial',
}

Quand une mise à jour devient disponible, ce code doit être trouvé et modifié sur l'ensemble des noeuds. La multiplication de cette tâche pour tous les paquets référencés par les manifests mène à un travail titantesque, compliqué et fastidieux.

Qui plus est, la mise à jour des données dans les manifests ne concerne pas uniquement les paquets mais aussi, par exemple, les :

• cron jobs,
• adresses email,
• URLs des fichiers,
• données des monitorings,
• valeurs des configurations telles la quantité de mémoire allouée à un serveur de base de données.

Hiera permet de gérer les données indépendamment du code Puppet et de spécifier des valeurs différentes par noeud en fonction, par exemple, du nom d'hôte ou du système d'exploitation. Hiera stocke ces informations dans de simples fichiers texte ayant une extention .yaml ( YAML Ain't Markup Language ).

Puppet peut ensuite consulter les informations en utilisant lookup :

file { lookup('backup_path', String):
  ensure => directory,
}

Hiera est configuré par un fichier par environnement, par exemple /etc/puppetlabs/environments/production/hiera.yaml ainsi qu'un fichier global /etc/puppetlabs/puppet/hiera.yaml

vagrant@ubuntu-xenial:~$ cat /etc/puppetlabs/puppet/hiera.yaml 
---
# Hiera 5 Global configuration file

version: 5

# defaults:
#   data_hash: yaml_data
# hierarchy:
#  - name: Common
#    data_hash: yaml_data
hierarchy: []

Prenons le cas d'un fichier de configuration hiera.yaml minimalist :

---
version: 5

defaults:
  datadir: data
  data_hash: yaml_data

hierarchy:
  - name: "Common defaults"
    path: "common.yaml"

Ce fichier commence par un ligne contenant les caractères —. Cette syntaxe indique le début d'un nouveau document YAML. La ligne la plus importante dans ce fichier est datadir: data. Cette ligne indique à Hiera où se trouvent ses fichiers de données. La section hierarchy stipule que Hiera doit rechercher ses données dans le fichier common.yaml.

Par convention, le répertoire data est un sous-répertoire du répertoire où sont stockés les manifests de Puppet :

vagrant@ubuntu-xenial:~$ ls /etc/puppetlabs/code/environments/production
data  environment.conf  hiera.yaml  manifests  modules

Un environnement est un répertoire contenant :

• un fichier de configuration Hiera,
• un jeu de manifests Puppet.

Les répertoires d'environnement se trouvent dans le répertoire /etc/puppetlabs/code/environments/. L'environnement par défaut est production mais il est possible de stipuler un autre environnement en utilisant l'option –environment :

vagrant@ubuntu-xenial:~$ sudo puppet lookup --environment pbg test
--- This is a test
...

Créez le fichier lookup2.pp :

vagrant@ubuntu-xenial:~$ sudo vi lookup2.pp
vagrant@ubuntu-xenial:~$ cat lookup2.pp
notice("Apache is set to use ${lookup('apache_worker_factor', Integer)} workers")

unless lookup('apparmor_enabled', Boolean) {
  exec { 'apt-get -y remove apparmor': }
}

notice('dns_allow_query enabled: ', lookup('dns_allow_query', Boolean))

Appliquez ce manifest dans l'environnement pbg :

vagrant@ubuntu-xenial:~$ sudo puppet apply --environment pbg lookup2.pp
Notice: Scope(Class[main]): Apache is set to use 100 workers
Notice: Scope(Class[main]): dns_allow_query enabled:  true
Notice: Compiled catalog for ubuntu-xenial in environment pbg in 0.18 seconds
Notice: Applied catalog in 0.03 seconds

Notez que la valeur retournée pour le nombre de workers d'apache est 100. Cette valeur est stipulée dans le fichier /etc/puppetlabs/code/environments/pbg/data/common.yaml :

vagrant@ubuntu-xenial:~$ cat /etc/puppetlabs/code/environments/pbg/data/common.yaml 
---
  test: 'This is a test'
  consul_node: true
  apache_worker_factor: 100
  apparmor_enabled: true
  syslog_server: '10.170.81.32'
  monitor_ips:
    - '10.179.203.46'
    - '212.100.235.160'
    - '10.181.120.77'
    - '94.236.56.148'
  cobbler_config:
    manage_dhcp: true
    pxe_just_once: true
  domain: 'bitfieldconsulting.com'
  servername: 'www.bitfieldconsulting.com'
  port: 80
  docroot: '/var/www/bitfieldconsulting.com'
  dns_allow_query: true
  backup_retention_days: 10
  backup_path: "/backup/%{facts.hostname}"
  ips:
    home: '130.190.0.1'
    office1: '74.12.203.14'
    office2: '95.170.0.75'
  firewall_allow_list:
    - "%{lookup('ips.home')}"
    - "%{lookup('ips.office1')}"
    - "%{lookup('ips.office2')}"
  vpn_allow_list: "%{alias('firewall_allow_list')}"
  cms_parameters:
    static:
      sites_root: '/var/www/sites'
      assets_root: 'files'
      web_root: 'public_html'
    laravel:
      sites_root: '/var/www/sites'
      assets_root: 'public_html/files'
      web_root: 'current/public'
  force_www_rewrite:
    comment: "Force WWW"
    rewrite_cond: "%{literal('%')}{HTTP_HOST} !^www\\. [NC]"
    rewrite_rule: "^(.*)$ https://www.%{literal('%')}{HTTP_HOST}%{literal('%')}{REQUEST_URI} [R=301,L]"
  users:
    - 'katy'
    - 'lark'
    - 'bridget'
    - 'hsing-hui'
    - 'charles'
  users2:
    'katy':
      ensure: present
      uid: 1900
      shell: '/bin/bash'
    'lark':
      ensure: present
      uid: 1901
      shell: '/bin/sh'
    'bridget':
      ensure: present
      uid: 1902
      shell: '/bin/bash'
    'hsing-hui':
      ensure: present
      uid: 1903
      shell: '/bin/sh'
    'charles':
      ensure: present
      uid: 1904
      shell: '/bin/bash'
  mysql::server::root_password: 'hairline-quotient-inside-tableful'
  mysql::server::remove_default_accounts: true
  apache::default_vhost: false
  pbg_ntp_params::version: 'latest'
  pbg_ntp_params2::start_at_boot: true
  pbg_ntp_params2::version: 'latest'
  pbg_ntp_params2::service_state: 'running'

Appliquez ce manifest dans l'environnement production :

vagrant@ubuntu-xenial:~$ sudo puppet apply lookup2.pp
Error: Function lookup() did not find a value for the name 'apache_worker_factor'
vagrant@ubuntu-xenial:~$ sudo puppet apply --environment production lookup2.pp
Error: Function lookup() did not find a value for the name 'apache_worker_factor'

Cette erreur est due au fait que la donnée n'est pas définie dans l'environnement production :

vagrant@ubuntu-xenial:~$ ls /etc/puppetlabs/code/environments/production/
data  environment.conf  hiera.yaml  manifests  modules
vagrant@ubuntu-xenial:~$ ls /etc/puppetlabs/code/environments/production/data
vagrant@ubuntu-xenial:~$

Dans le fichier /etc/puppetlabs/code/environments/pbg/data/common.yaml, on peut constater trois types de données :

• les valeurs singulières,
• les valeurs booléennes,
• les Tableaux et les Hash.

vagrant@ubuntu-xenial:~$ cat /etc/puppetlabs/code/environments/pbg/data/common.yaml 
---
  test: 'This is a test'
  consul_node: true
  apache_worker_factor: 100
  apparmor_enabled: true
  syslog_server: '10.170.81.32'
  monitor_ips:
    - '10.179.203.46'
    - '212.100.235.160'
    - '10.181.120.77'
    - '94.236.56.148'
  cobbler_config:
    manage_dhcp: true
    pxe_just_once: true
  domain: 'bitfieldconsulting.com'
  servername: 'www.bitfieldconsulting.com'
  port: 80
  docroot: '/var/www/bitfieldconsulting.com'
  dns_allow_query: true
  backup_retention_days: 10
  backup_path: "/backup/%{facts.hostname}"
...

Un exemple d'une valeur singulière au format chaîne ( String ) est la ligne suivante :

...
  syslog_server: '10.170.81.32'
...

Tandis quun exemple d'une valeur singulière au format entier ( Integer ) est la ligne suivante :

...
  apache_worker_factor: 100
...

Un exemple d'une valeur booléenne est la ligne suivante :

...
consul_node: true
...

Un exemple d'un tableau est :

...
  monitor_ips:
    - '10.179.203.46'
    - '212.100.235.160'
    - '10.181.120.77'
    - '94.236.56.148'
...

Ici la clef monitor_ips contient plusieurs valeurs, chacune sur une ligne et précédée par le caractère -.

Un exemple d'un Hash est :

...
  cobbler_config:
    manage_dhcp: true
    pxe_just_once: true
...

Chaque clef du Hash possède son propre nom et est indéntée par rapport à la première ligne.

Pour mieux comprendre, créez le fichier lookup_hash.pp :

vagrant@ubuntu-xenial:~$ sudo vi lookup_hash.pp
vagrant@ubuntu-xenial:~$ cat lookup_hash.pp
$cobbler_config = lookup('cobbler_config', Hash)
$manage_dhcp = $cobbler_config['manage_dhcp']
$pxe_just_once = $cobbler_config['pxe_just_once']
if $pxe_just_once {
  notice('pxe_just_once is enabled')
} else {
  notice('pxe_just_once is disabled')
}

Appliquez ce manifest :

vagrant@ubuntu-xenial:~$ sudo puppet apply --environment pbg lookup_hash.pp
Notice: Scope(Class[main]): pxe_just_once is enabled
Notice: Compiled catalog for ubuntu-xenial in environment pbg in 0.20 seconds
Notice: Applied catalog in 0.04 seconds

Pour obtenir des données en profondeur dans un Hash, il convient d'utiliser la syntaxe “par points”. Créez le fichier lookup_hash_dot.pp :

vagrant@ubuntu-xenial:~$ sudo vi lookup_hash_dot.pp
vagrant@ubuntu-xenial:~$ cat lookup_hash_dot.pp
$web_root = lookup('cms_parameters.static.web_root', String)
notice("web_root is ${web_root}")

Appliquez ce manifest :

vagrant@ubuntu-xenial:~$ sudo puppet apply --environment pbg lookup_hash_dot.pp
Notice: Scope(Class[main]): web_root is public_html
Notice: Compiled catalog for ubuntu-xenial in environment pbg in 0.15 seconds
Notice: Applied catalog in 0.04 seconds

La donnée obtenue se trouve dans le fichier /etc/puppetlabs/code/environments/pbg/data/common.yaml dans cms_parameters.static. web_root :

...
cms_parameters:
    static:
      sites_root: '/var/www/sites'
      assets_root: 'files'
      web_root: 'public_html'
...

L'interpolation est l'action d'introduire dans un texte un élément qui n'était pas dans l'original. Avec Puppet et Hiera ceci concerne :

• les valeurs multiples,
• les comportements de fusion,
• les sources de données.

Jusqu'à maintenant nous n'avons utilisé qu'une seule source de données Hiera à savoir le fichier /etc/puppetlabs/code/environments/pbg/data/common.yaml. En fait il est possible d'utiliser plusieurs sources de données sous la forme de fichiers *.yaml multiples. Ces sources sont listées dans la section hierarchy du fichier hiera.yaml de l'environnement :

vagrant@ubuntu-xenial:~$ cat /etc/puppetlabs/code/environments/pbg/hiera.yaml
---
version: 5

defaults:
  datadir: data
  data_hash: yaml_data

hierarchy:
  - name: "Secret data (encrypted)"
    lookup_key: eyaml_lookup_key
    path: "secret.eyaml"
    options:
      gpg_gnupghome: '/home/ubuntu/.gnupg'
  - name: "AWS resources"
    path: "aws.yaml"
  - name: "Host-specific data"
    path: "nodes/%{facts.hostname}.yaml"
  - name: "OS release-specific data"
    path: "os/%{facts.os.release.major}.yaml"
  - name: "OS distro-specific data"
    path: "os/%{facts.os.distro.codename}.yaml"
  - name: "Common defaults"
    path: "common.yaml"

Si on souhaite qu'Hiera agit autrement que par défaut, il convient de spécifier la méthode de fusion en tant que troisième argument à lookup, après le type de données. Créez le fichier lookup_merge.pp :

vagrant@ubuntu-xenial:~$ sudo vi lookup_merge.pp
vagrant@ubuntu-xenial:~$ cat lookup_merge.pp
notice(lookup('firewall_allow_list', Array, 'unique'))

Dans ce cas, Hiera retourne un tableau de toutes les clefs et les valeurs uniques retrouvées.

Quand il concerne des données dans un Hash, les possibilités sont :

• Hash Merge - retourne un Hash contenant toutes les clefs et toutes les valeurs correspondantes qui correspondent à la recherche,
• Shallow Merge - si Hiera retrouve deux Hash avec le même nom, il retourne uniquement le premier Hash,
• Deep merge - permet de considerer le Hash entoer et non seulement que le premier niveau.

Revenons au fichier /etc/puppetlabs/code/environments/pbg/hiera.yaml :

vagrant@ubuntu-xenial:~$ cat /etc/puppetlabs/code/environments/pbg/hiera.yaml
---
version: 5

defaults:
  datadir: data
  data_hash: yaml_data

hierarchy:
  - name: "Secret data (encrypted)"
    lookup_key: eyaml_lookup_key
    path: "secret.eyaml"
    options:
      gpg_gnupghome: '/home/ubuntu/.gnupg'
  - name: "AWS resources"
    path: "aws.yaml"
  - name: "Host-specific data"
    path: "nodes/%{facts.hostname}.yaml"
  - name: "OS release-specific data"
    path: "os/%{facts.os.release.major}.yaml"
  - name: "OS distro-specific data"
    path: "os/%{facts.os.distro.codename}.yaml"
  - name: "Common defaults"
    path: "common.yaml"

Dans ce fichier, on peut constater les lignes suivantes :

...
  - name: "Host-specific data"
    path: "nodes/%{facts.hostname}.yaml"
...

Ces deux lignes permettent d'avoir une configuration différente par noeud contenue dans un fichier dénommé <nom d'hôte>.yaml.

De même les deux lignes suivantes :

...
  - name: "OS release-specific data"
    path: "os/%{facts.os.release.major}.yaml"
...

permettent une configuration différente par version du système d'exploitation.

Commencez par créer le fichier hiera_users.pp :

vagrant@ubuntu-xenial:~$ sudo vi hiera_users.pp
vagrant@ubuntu-xenial:~$ cat hiera_users.pp
lookup('users', Array[String]).each | String $username | {
  user { $username:
    ensure => present,
  }
}

Les données utilisées dans ce manifest se trouvent dans le fichier /etc/puppetlabs/code/environments/pbg/data/common.yaml :

...
  users:
    - 'katy'
    - 'lark'
    - 'bridget'
    - 'hsing-hui'
    - 'charles'
...

Appliquez le manifest pour vérifier :

vagrant@ubuntu-xenial:~$ sudo puppet apply --environment pbg hiera_users.pp
Notice: Compiled catalog for ubuntu-xenial in environment pbg in 0.19 seconds
Notice: /Stage[main]/Main/User[katy]/ensure: created
Notice: /Stage[main]/Main/User[lark]/ensure: created
Notice: /Stage[main]/Main/User[bridget]/ensure: created
Notice: /Stage[main]/Main/User[hsing-hui]/ensure: created
Notice: /Stage[main]/Main/User[charles]/ensure: created
Notice: Applied catalog in 0.66 seconds

Les données Hiera utilisées par le manifest hiera_users.pp ne sont pas complètes. Créez donc le fichier hiera_users2.pp :

vagrant@ubuntu-xenial:~$ sudo vi hiera_users2.pp
vagrant@ubuntu-xenial:~$ cat hiera_users2.pp
lookup('users2', Hash, 'hash').each | String $username, Hash $attrs | {
  user { $username:
    * => $attrs,
  }
}

Dans ce cas les données utilisées dans ce manifest se trouvent aussi dans le fichier /etc/puppetlabs/code/environments/pbg/data/common.yaml :

...
  users2:
    'katy':
      ensure: present
      uid: 1900
      shell: '/bin/bash'
    'lark':
      ensure: present
      uid: 1901
      shell: '/bin/sh'
    'bridget':
      ensure: present
      uid: 1902
      shell: '/bin/bash'
    'hsing-hui':
      ensure: present
      uid: 1903
      shell: '/bin/sh'
    'charles':
      ensure: present
      uid: 1904
      shell: '/bin/bash'
...

Appliquez ce manifest pour examiner le résultat :

vagrant@ubuntu-xenial:~$ sudo puppet apply --environment pbg hiera_users2.pp
Notice: Compiled catalog for ubuntu-xenial in environment pbg in 0.18 seconds
Notice: /Stage[main]/Main/User[katy]/uid: uid changed 1002 to 1900
Notice: /Stage[main]/Main/User[katy]/shell: shell changed '' to '/bin/bash'
Notice: /Stage[main]/Main/User[lark]/uid: uid changed 1003 to 1901
Notice: /Stage[main]/Main/User[lark]/shell: shell changed '' to '/bin/sh'
Notice: /Stage[main]/Main/User[bridget]/uid: uid changed 1004 to 1902
Notice: /Stage[main]/Main/User[bridget]/shell: shell changed '' to '/bin/bash'
Notice: /Stage[main]/Main/User[hsing-hui]/uid: uid changed 1005 to 1903
Notice: /Stage[main]/Main/User[hsing-hui]/shell: shell changed '' to '/bin/sh'
Notice: /Stage[main]/Main/User[charles]/uid: uid changed 1006 to 1904
Notice: /Stage[main]/Main/User[charles]/shell: shell changed '' to '/bin/bash'
Notice: Applied catalog in 0.80 seconds

Consultez maintenant le fichier /etc/passwd :

vagrant@ubuntu-xenial:~$ cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
systemd-timesync:x:100:102:systemd Time Synchronization,,,:/run/systemd:/bin/false
systemd-network:x:101:103:systemd Network Management,,,:/run/systemd/netif:/bin/false
systemd-resolve:x:102:104:systemd Resolver,,,:/run/systemd/resolve:/bin/false
systemd-bus-proxy:x:103:105:systemd Bus Proxy,,,:/run/systemd:/bin/false
syslog:x:104:108::/home/syslog:/bin/false
_apt:x:105:65534::/nonexistent:/bin/false
lxd:x:106:65534::/var/lib/lxd/:/bin/false
messagebus:x:107:111::/var/run/dbus:/bin/false
uuidd:x:108:112::/run/uuidd:/bin/false
dnsmasq:x:109:65534:dnsmasq,,,:/var/lib/misc:/bin/false
sshd:x:110:65534::/var/run/sshd:/usr/sbin/nologin
pollinate:x:111:1::/var/cache/pollinate:/bin/false
vagrant:x:1000:1000:,,,:/home/vagrant:/bin/bash
ubuntu:x:1001:1001:Ubuntu:/home/ubuntu:/bin/bash
vboxadd:x:999:1::/var/run/vboxadd:/bin/false
katy:x:1900:1002::/home/katy:/bin/bash
lark:x:1901:1003::/home/lark:/bin/sh
bridget:x:1902:1004::/home/bridget:/bin/bash
hsing-hui:x:1903:1005::/home/hsing-hui:/bin/sh
charles:x:1904:1006::/home/charles:/bin/bash

Souvent Puppet a besoin d'informations sensibles telles :

• mots de passe,
• clefs privées.

Ces informations ne peuvent pas être stockées dans un repo de GIT car tout le monde y aurait accès !!! La solution à ce problème consiste en crypter les données en utilisant GnuGP.

Installez donc gnupg et rng-tools :

vagrant@ubuntu-xenial:~$ sudo apt-get install -y gnupg rng-tools
Reading package lists... Done
Building dependency tree       
Reading state information... Done
gnupg is already the newest version (1.4.20-1ubuntu3.1).
The following NEW packages will be installed:
  rng-tools
0 upgraded, 1 newly installed, 0 to remove and 8 not upgraded.
Need to get 21.9 kB of archives.
After this operation, 139 kB of additional disk space will be used.
Get:1 http://archive.ubuntu.com/ubuntu xenial/universe amd64 rng-tools amd64 5-0ubuntu3 [21.9 kB]
Fetched 21.9 kB in 0s (64.2 kB/s)
Selecting previously unselected package rng-tools.
(Reading database ... 67016 files and directories currently installed.)
Preparing to unpack .../rng-tools_5-0ubuntu3_amd64.deb ...
Unpacking rng-tools (5-0ubuntu3) ...
Processing triggers for man-db (2.7.5-1) ...
Processing triggers for systemd (229-4ubuntu21.2) ...
Processing triggers for ureadahead (0.100.0-19) ...
Setting up rng-tools (5-0ubuntu3) ...
Processing triggers for systemd (229-4ubuntu21.2) ...
Processing triggers for ureadahead (0.100.0-19) ...

Générez maintenant une paire de clefs :

vagrant@ubuntu-xenial:~$ gpg --gen-key
gpg (GnuPG) 1.4.20; Copyright (C) 2015 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

gpg: directory `/home/vagrant/.gnupg' created
gpg: new configuration file `/home/vagrant/.gnupg/gpg.conf' created
gpg: WARNING: options in `/home/vagrant/.gnupg/gpg.conf' are not yet active during this run
gpg: keyring `/home/vagrant/.gnupg/secring.gpg' created
gpg: keyring `/home/vagrant/.gnupg/pubring.gpg' created
Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 2048
Requested keysize is 2048 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) y

You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
    "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"

Real name: puppet
Email address: puppet@i2tch.co.uk
Comment: 
You selected this USER-ID:
    "puppet <puppet@i2tch.co.uk>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
You need a Passphrase to protect your secret key.

You don't want a passphrase - this is probably a *bad* idea!
I will do it anyway.  You can change your passphrase at any time,
using this program with the option "--edit-key".

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
+++++
.+++++
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
.....+++++
+++++
gpg: /home/vagrant/.gnupg/trustdb.gpg: trustdb created
gpg: key 05205AF4 marked as ultimately trusted
public and secret key created and signed.

gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
pub   2048R/05205AF4 2018-06-03
      Key fingerprint = 804C 7675 2822 6E73 6C4E  E0D4 1280 D1A2 0520 5AF4
uid                  puppet <puppet@i2tch.co.uk>
sub   2048R/F72F4F77 2018-06-03

La clef est visible :

pub   2048R/05205AF4 2018-06-03
      Key fingerprint = 804C 7675 2822 6E73 6C4E  E0D4 1280 D1A2 0520 5AF4
uid                  puppet <puppet@i2tch.co.uk>
sub   2048R/F72F4F77 2018-06-03

Editez le fichier /etc/puppetlabs/code/environments/pbg/hiera.yaml ainsi :

...
   gpg_gnupghome: '/home/vagrant/.gnupg'
...

Vous obtiendrez :

vagrant@ubuntu-xenial:~$ sudo vi /etc/puppetlabs/code/environments/pbg/hiera.yaml
---
version: 5

defaults:
  datadir: data
  data_hash: yaml_data

hierarchy:
  - name: "Secret data (encrypted)"
    lookup_key: eyaml_lookup_key
    path: "secret.eyaml"
    options:
      gpg_gnupghome: '/home/vagrant/.gnupg'
  - name: "AWS resources"
    path: "aws.yaml"
  - name: "Host-specific data"
    path: "nodes/%{facts.hostname}.yaml"
  - name: "OS release-specific data"
    path: "os/%{facts.os.release.major}.yaml"
  - name: "OS distro-specific data"
    path: "os/%{facts.os.distro.codename}.yaml"
  - name: "Common defaults"
    path: "common.yaml"

La section de fichier qui permet à Hiera d'utiliser GnuGP est la suivante :

...
  - name: "Secret data (encrypted)"
    lookup_key: eyaml_lookup_key
    path: "secret.eyaml"
    options:
      gpg_gnupghome: '/home/vagrant/.gnupg'
...

Créez maintenant un fichier pour contenir des données secrètes :

vagrant@ubuntu-xenial:~$ sudo touch /etc/puppetlabs/code/environments/pbg/data/secret.eyaml

Lors de l'édition de la commande, utilisez la commande eyaml qui crypte le contenu lors de l'enregistrement du fichier :

vagrant@ubuntu-xenial:~$ sudo /opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/hiera-eyaml-3.0.0/bin/eyaml edit --gpg-always-trust --gpg-recipients=puppet@i2tch.co.uk /etc/puppetlabs/code/environments/pbg/data/secret.eyaml
[hiera-eyaml-core] /etc/puppetlabs/code/environment/pbg/data/secret.yaml doesn't exist, editing new file

Select an editor.  To change later, run 'select-editor'.
  1. /bin/ed
  2. /bin/nano        <---- easiest
  3. /usr/bin/vim.basic
  4. /usr/bin/vim.tiny

Choose 1-4 [2]: 3

Vous obtiendrez un fichier comme celui-ci :

#| This is eyaml edit mode. This text (lines starting with #| at the top of the
#| file) will be removed when you save and exit.
#|  - To edit encrypted values, change the content of the DEC(<num>)::PKCS7[]!
#|    block (or DEC(<num>)::GPG[]!).
#|    WARNING: DO NOT change the number in the parentheses.
#|  - To add a new encrypted value copy and paste a new block from the
#|    appropriate example below. Note that:
#|     * the text to encrypt goes in the square brackets
#|     * ensure you include the exclamation mark when you copy and paste
#|     * you must not include a number when adding a new block
#|    e.g. DEC::PKCS7[]! -or- DEC::GPG[]!

Editez ce fichier ainsi et sauvegardez-le :

#| This is eyaml edit mode. This text (lines starting with #| at the top of the
#| file) will be removed when you save and exit.
#|  - To edit encrypted values, change the content of the DEC(<num>)::PKCS7[]!
#|    block (or DEC(<num>)::GPG[]!).
#|    WARNING: DO NOT change the number in the parentheses.
#|  - To add a new encrypted value copy and paste a new block from the
#|    appropriate example below. Note that:
#|     * the text to encrypt goes in the square brackets
#|     * ensure you include the exclamation mark when you copy and paste
#|     * you must not include a number when adding a new block
#|    e.g. DEC::PKCS7[]! -or- DEC::GPG[]!
---
 test_secret: DEC::GPG[This is a test secret]!
---

Vérifiez que le fichier a été crypté :

vagrant@ubuntu-xenial:~$ cat /etc/puppetlabs/code/environments/pbg/data/secret.eyaml---
 test_secret: ENC[GPG,hQEMAwMDMyr3L093AQf/ZVi+EVd2w0bVl76p1WA7wTwFnKx47jE7smq2DI/r/KmDzKisukiSxtbRm4A60FIOf5aZIkuXLHiOKWE64w4Gk1riBn7GECLRNcKKZjvwZEebsh6qvnPA41kbTNYNNbNIhjDTlTzrIGjM/YvPVi8Fb4LPFJNJTZtXV8l0vYw0YBJZ8jDazFI+VNSLaH8ttiU3LuUZlWMTHtB3coSCOAUEPXGKYxIrwOcOSUAFHtNSEGAzbikMSEMmEaoHfJCEKHQ5DyitGFL8o1Esl6A0df1/LJiHOYiDtHx/xjvVBtz6uK0MNHUP10eJi6lKmtxBr1N0wactfqQVvQnbI9chcrbACNJSAch1zZb3AsU5afdJQON520OyDdGDhdetHu2jx6pZKqQUb3i8BcD9X6WVAiva0OgcFSEmKigFpdLRpAMVRNQ0yej1OsYLJaQTWgRT3ddEySl4Lw==]
---

Vérifiez que Hiera peut lire le secret avec la commande suivante :

vagrant@ubuntu-xenial:~$ sudo puppet lookup --environment pbg test_secret
--- This is a test secret
...

Créez maintenant le script eyaml_edit.sh :

vagrant@ubuntu-xenial:~$ sudo vi eyaml_edit.sh
vagrant@ubuntu-xenial:~$ cat eyaml_edit.sh
#!/bin/bash
/opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/hiera-eyaml-2.1.0/bin/eyaml edit --gpg-always-trust --gpg-recipients=puppet@i2tch.co.uk /etc/puppetlabs/code/environments/pbg/data/secret.eyaml

Copiez maintenant le fichier eyaml_edit.sh dans le répertoire /usr/local/bin :

vagrant@ubuntu-xenial:~$ sudo cp eyaml_edit.sh /usr/local/bin

Rendez ce script exécutable :

vagrant@ubuntu-xenial:~$ ls -l /usr/local/bin/eyaml_edit.sh 
-rw-r--r-- 1 root root 205 Jun  3 12:04 /usr/local/bin/eyaml_edit.sh
vagrant@ubuntu-xenial:~$ sudo chmod u+x /usr/local/bin/eyaml_edit.sh 
vagrant@ubuntu-xenial:~$ ls -l /usr/local/bin/eyaml_edit.sh 
-rwxr--r-- 1 root root 205 Jun  3 12:04 /usr/local/bin/eyaml_edit.sh

Pour ajouter un nouveau secret, exécutez simplement le script eyaml_edit.sh :

vagrant@ubuntu-xenial:~$ sudo eyaml_edit.sh

Vous obtiendrez un résultat comme celui-ci :

#| This is eyaml edit mode. This text (lines starting with #| at the top of the
#| file) will be removed when you save and exit.
#|  - To edit encrypted values, change the content of the DEC(<num>)::PKCS7[]!
#|    block (or DEC(<num>)::GPG[]!).
#|    WARNING: DO NOT change the number in the parentheses.
#|  - To add a new encrypted value copy and paste a new block from the
#|    appropriate example below. Note that:
#|     * the text to encrypt goes in the square brackets
#|     * ensure you include the exclamation mark when you copy and paste
#|     * you must not include a number when adding a new block
#|    e.g. DEC::PKCS7[]! -or- DEC::GPG[]!
---
 test_secret: DEC(1)::GPG[This is a test secret]!
---

Ajoutez maintenant un dexième secret :

#| This is eyaml edit mode. This text (lines starting with #| at the top of the
#| file) will be removed when you save and exit.
#|  - To edit encrypted values, change the content of the DEC(<num>)::PKCS7[]!
#|    block (or DEC(<num>)::GPG[]!).
#|    WARNING: DO NOT change the number in the parentheses.
#|  - To add a new encrypted value copy and paste a new block from the
#|    appropriate example below. Note that:
#|     * the text to encrypt goes in the square brackets
#|     * ensure you include the exclamation mark when you copy and paste
#|     * you must not include a number when adding a new block
#|    e.g. DEC::PKCS7[]! -or- DEC::GPG[]!
---
 test_secret: DEC(1)::GPG[This is a test secret]!
 new_secret: DEC::GPG[Somebody wakes up]!

Vérifiez que Hiera peut lire le nouveau secret avec la commande suivante :

vagrant@ubuntu-xenial:~$ sudo puppet lookup --environment pbg new_secret--- Somebody wakes up
...

Dernièrement il faut copier la clef GPG a chaque noeud. Pour exporter la clef, utilisez la commande suivante :

vagrant@ubuntu-xenial:~$ sudo sh -c 'gpg --export-secret-key -a puppet@i2tch.co.uk > key.txt'
gpg: WARNING: unsafe ownership on configuration file `/home/vagrant/.gnupg/gpg.conf'

Vérifiez le contenu du fichier key.txt :

vagrant@ubuntu-xenial:~$ cat key.txt
-----BEGIN PGP PRIVATE KEY BLOCK-----
Version: GnuPG v1

lQOYBFsTw6ABCADdkb6Ev1lqztqgNGBebDq0frW79ncPT6n4fqUFT7OBBIqLdBeY
Ysd7kmaxBK0cWxIopBHUme5KA/BZ/tO2Wr6VzKBnvW7xxy++TFTsK3Iza9QVXqZR
aAJR1NEA5KqZo3iSeMIeq8E60hs1cX4EKwi+5+4zAph2K1HPkLl+S+R7JKazEIVR
MFPt9eZmKFCtEHYw0gdjvVSkcUJs5nVXKMqL9kAVOUfh3WrYDUrahPzkOQ4Nr5u0
KRMunnsIrbhTsh/wfoZ6FtLeaBuwdrnAEWnKhVxxKt57H0InxO8COM5nlUxLz3L/
c/dz7CYErRmHbyRmFeO1L/s/QMDIiUmZgKtFABEBAAEAB/4wVYFaowVmC97ccOCO
6Iw74KJTcRYS5H1/JF1qVbMiU3PHrRkSmIXMuqilOBBtbZ59+CCdoMC/K7HMaA8W
KiCGPB/H0aa4nouXNz6VUHr2pbCbwsyEWKyc3lCDod5naqY8SZSLLUuXQctGss3b
Keob/ytSvF+284dCwN7+Ip8ij3nI94TB1WxIBWj7OYp0d0O+AgCNUrYAdFriPEZ2
NcB050AnFCl6dRXfKmIQakvRKM7uxPF09gGomhIENcVSsYChvgmlqfkSxT67CpT+
3aK/60aJZYqjOD8jyOB1DqaT9tUWanAZK29KA8IZkJPNp3A0Hbta2BQ4GenZW+od
IBZhBADmgNYnLLRr1qa1wjm/2Mn/Ibrep7q5tpb7bKyxLVGcJE3tQ0nlilOuRnq4
hph+6mOFZUzxNgdUguikBapUJtiigs/Cso0ZhBwKh3P++fwEgVtqM7nf5ci07pDD
Onewda6Av61a6ynVNGs1eLeNgOdanFaaaqiD0q6xsWysedCAcQQA9hPsv4L7c9D6
a7GKWVGpVPyrVYxrQ0PVSxT59kHQQeb8ngV5J9ST7a5+83AzXJ3vkXUYMqV2zGcv
42p7D0pIMOIACQnBBiGgWlIpwY+ubCAF9HvzlfgRSrooMjpRboyEQ4Z7tPAnWeb9
uAl6/QnCGm3OuyzL8JN850Cfi+NZQhUD/i6zKx7ly9YfXqZiEycsWYwFfluPCXIS
p1qcVJg8vK44FRoLWpucHC/LWhhP++XwKKva6LRJRsLR23ZBe6VK5S3ZGjdZQ7XV
pz+sqoYCrN9fZ477SLPuLAAR5g6fBY7k6Gm78b5cPFWPh5pO4/Kw6PvcnEh2YMSI
VHmCRbGk9xYTRTC0G3B1cHBldCA8cHVwcGV0QGkydGNoLmNvLnVrPokBOAQTAQIA
IgUCWxPDoAIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQEoDRogUgWvTR
agf/c+0wKPjryHzYxNbRN54/0dvkutdlHj1P0VELtWvjAG8rtknpYXEY2aotarlr
Bl5bHIP2QzF6ozwEXlktVHcweHji3BHbyBNqgxCxWm+DG5yk55TH9+RB5da6Ud3V
FXIyCf2Kwwaub4Imki29o4aFy82Z1kzN2+hxoZshKR+82duGAV/KCZwqPRW3rrvV
HgaFGjFR66JZ3x4VPJk8dg4uCC6D1BEVSqBay8P2QR/KxqgqpIZ9bJlMVGdKazBq
P+0fZsknd2MsuITDOYN6GcT9iZ65W0otuQZ14zinux8omm50qgYU8tINlvKHllfe
kxbGFstUUsqSto2ckGkUEOcz450DmARbE8OgAQgA5Is2RwxW4IgOs7QV7fG2EvZy
0uJh3dXzRFeDoUl79zZ6tRGXrrw9y2axJGgya+6gm3k94Og172QwQdxs1mL1HLeu
RXPf9Li2VmRAuxb0eyPDcHLQr95/hLWGXucMd4jKQ4RJLuebNlVdUPNyL/ITlqgC
28JAW7W/kXeSGkC5YQ5ZNUZzMzDtmEaw/RlH/KdPZHvQjJyf/E+vVzOJV87+xwf2
MP6gnTxS5bGpcnm6dZs38cc8WysPuRwxNofFbzhWpaUV7xXb1lAniAxLFE0nvw5+
VyC68heZ+KlOuuZpjhrH0rhTCnmQpCgdZ6ZiLosCe5QbNCRLkQ1ZHel7JwQyxQAR
AQABAAf9GdoSc3J2oFLboOG5yk7Zauc0QV0It3x0VlJ06gljK6les30wNHyIG+o7
lvPvYiydv8B06qwxr6jcWZLav9x1QACaBrKvDmJXg8m21cLouEYpHR7rsr0fHQ6g
irslep7/TChaU+MweDKrSdUj4T8HjrbmDeA5Afa62vRU00Hnhk4Pq+fuSne/GxTB
3RnfxXmgWn0d9+GKizm2BzrLxTGUKxoQ4Sho/fy8VDAx6OTnpcoU0yxMBGpo4yF5
Z++xZdwko9zpSQlMltGyXpJjYq1a1Avz8sujwyOEZjLA5gGP8Znr9Y0D6VudHEhv
1sXZrHS7zPkuKnEg9j47mS4pMymp0QQA51QuoqU1ESP7PqYtbdCYNNnWRx4BaRqD
EkfUKZRu+MgADfMFsnfX/O0WJWe6DFIVdiEFq/n5aQnEb2gkr9bCugTfAomKNr1e
+60hhFOmBlhymx56HhNtbBGEOlNs8fVPez0Oqh0iYqHOAFXJ1/QO11x+nCp+u2Ci
NQy9afFFDbUEAPzq/eQaih3HaUJKxlqjodkSdwo7DqSKTT1Cc9xSvjmU+QHHq5+d
DHk7ULkbbQQXvSk01iORdvKqC/t2NEfqpV7iG6JbAF60+iSwX1oRKpRJPNy6rBn7
ItF1u+XwpgrFFBMqjTb9msdYy2ThzXffUl3GGjJPb5eDtqTD2lu0BTrRA/40lTUS
9vkzVnyhXzBDlONHopt0I3EgmqwF6DTHiIAncBDWuXqt8DVjFTyCEdVAyGRPsRyM
IWVa1zyYKfM7142Jedxk1JGyNFE+C4PcTbDSjO1SRoGS1421fzvpxJKaYpE6g/uQ
ZtqIx3d9C+idn9Kwhm1jh5oR19nQqSLYe6n6TT7BiQEfBBgBAgAJBQJbE8OgAhsM
AAoJEBKA0aIFIFr0JwQH/2QYUqpGUSaTP1l+iCoi8mtansAXirB+xqVywAfywHzS
1a8R5q7pbG3aTzh578ptpRCFF9UgBvOgaUXe5eE+prmS2xeQO8Cevk+7aBe/xm+D
dfRP51JcKvHYWtZMgoHRK2yTqYkmVuajXIMA11LU9qsOh91HSSEeEX+X2XTHC9gS
D9OM06Nbs/bgUPZnX0ExKSUvenNhNo0FI3hMnqNx8xdg64X/6rxiDootzTfgc+1H
pXiofzczqDErBmcMst0b0JAadq+BdPoOJ0T/oOnfyjVx1uBokkMUn8uJtsKQWzl+
rbiN19KARb6O/utd1lrR0dhAuFCXlyryjm94HHVRGy0=
=QW+0
-----END PGP PRIVATE KEY BLOCK-----

Sur les autres neouds, importez la clef :

# sudo gpgp --import key.txt

Les Modules de Puppet sont des morceaux de code réutilisables et qui gèrent un service ou un serveur de production et qui sont partagés sur Puppet Forge.

Puppet Forge est un repository public de modules disponible à l'adresse suivante https://forge.puppet.com/modules?endorsements=supported :

Il existe dans Puppet Forge des modules pour la plupart des serveurs, par exemple :

• MySQL/MariaDB,
• PostgreSQL,
• SQL Server,
• Apache,
• Nginx,
• Java,
• Tomcat,
• PHP,
• Ruby,
• Rails,
• Amazon AWS,
• Docker,
• Elasticsearch,
• Redis,
• Cassandra,
• Git,
• Iptables,
• etc …

Les modules sont regroupés en deux groupes :

• Supported - les modules beneficient du support de Puppet,
  • URL - https://forge.puppet.com/modules?endorsements=supported,
• Approved - les modules ne beneficient pas du support de Puppet mais il sont approuvés par ce dernier pour l'utilisation dont ils ont été conçus,
  • URL - https://forge.puppet.com/modules?endorsements=approved.

Le gestionnaire de modules de Puppet s'appelle r10k. Le gestionnaire utilise un fichier qui s'appelle Puppetfile qui se trouve dans le répertoire de l'environnement :

vagrant@ubuntu-xenial:~$ cd /etc/puppetlabs/code/environments/pbg
vagrant@ubuntu-xenial:/etc/puppetlabs/code/environments/pbg$ ls
data  hiera.yaml  Puppetfile
vagrant@ubuntu-xenial:/etc/puppetlabs/code/environments/pbg$ cat Puppetfile 
forge 'http://forge.puppetlabs.com'

mod 'garethr/docker', '5.3.0'
mod 'puppet/archive', '1.3.0'
mod 'puppet/staging', '2.2.0'
mod 'puppetlabs/apache', '2.0.0'
mod 'puppetlabs/apt', '3.0.0'
mod 'puppetlabs/aws', '2.0.0'
mod 'puppetlabs/concat', '4.0.1'
mod 'puppetlabs/docker_platform', '2.2.1'
mod 'puppetlabs/mysql', '3.11.0'
mod 'puppetlabs/stdlib', '4.17.1'
mod 'stahnma/epel', '1.2.2'

mod 'pbg_ntp',
  :git => 'https://github.com/bitfield/pbg_ntp.git',
  :tag => '0.1.4'

Dans ce fichier :

• la variable forge spécifie le repository à utiliser,
• la variable mod specifie le nom et la version du module à installer.

Exécutez la commande suivante pour que le gestionnaire traite ce fichier :

vagrant@ubuntu-xenial:/etc/puppetlabs/code/environments/pbg$ sudo r10k puppetfile install --verbose
INFO	 -> Updating module /etc/puppetlabs/code/environments/pbg/modules/docker
INFO	 -> Updating module /etc/puppetlabs/code/environments/pbg/modules/archive
INFO	 -> Updating module /etc/puppetlabs/code/environments/pbg/modules/staging
INFO	 -> Updating module /etc/puppetlabs/code/environments/pbg/modules/apache
INFO	 -> Updating module /etc/puppetlabs/code/environments/pbg/modules/apt
INFO	 -> Updating module /etc/puppetlabs/code/environments/pbg/modules/aws
INFO	 -> Updating module /etc/puppetlabs/code/environments/pbg/modules/concat
INFO	 -> Updating module /etc/puppetlabs/code/environments/pbg/modules/docker_platform
WARN	 -> Puppet Forge module 'puppetlabs-docker_platform' has been deprecated, visit https://forge.puppet.com/puppetlabs/docker_platform for more information.
INFO	 -> Updating module /etc/puppetlabs/code/environments/pbg/modules/mysql
INFO	 -> Updating module /etc/puppetlabs/code/environments/pbg/modules/stdlib
INFO	 -> Updating module /etc/puppetlabs/code/environments/pbg/modules/epel
INFO	 -> Updating module /etc/puppetlabs/code/environments/pbg/modules/pbg_ntp

Pour tester si le module stdlib a été correctement installé, exécutez la commande suivante :

vagrant@ubuntu-xenial:/etc/puppetlabs/code/environments/pbg$ sudo puppet apply --environment pbg -e "notice(upcase('hello'))"
Notice: Scope(Class[main]): HELLO
Notice: Compiled catalog for ubuntu-xenial in environment pbg in 0.14 seconds
Notice: Applied catalog in 0.04 seconds

Le module apache nécessite que les modules concat et stdlib soient installés. Par contre la commande r10k ne gère pas de dépendances. La gestion des dépendances est donc manuelle. Afin d'aider l'administrateur à identifier les dépendances de tel ou tel module, il existe un Gem appelé generate_puppetfile. Installez donc ce Gem :

vagrant@ubuntu-xenial:/etc/puppetlabs/code/environments/pbg$ sudo gem install generate-puppetfile
Fetching: colorize-0.8.1.gem (100%)
Successfully installed colorize-0.8.1
Fetching: generate-puppetfile-1.0.0.gem (100%)
Successfully installed generate-puppetfile-1.0.0
Parsing documentation for colorize-0.8.1
Installing ri documentation for colorize-0.8.1
Parsing documentation for generate-puppetfile-1.0.0
Installing ri documentation for generate-puppetfile-1.0.0
Done installing documentation for colorize, generate-puppetfile after 1 seconds
2 gems installed

Utilisez maintenant ce Gem pour générer le puppetfile pour le module docker_platform :

vagrant@ubuntu-xenial:/etc/puppetlabs/code/environments/pbg$ sudo /opt/puppetlabs/puppet/lib/ruby/gems/2.4.0/gems/generate-puppetfile-1.0.0/bin/generate-puppetfile puppetlabs/docker_platform

Installing modules. This may take a few minutes.


Your Puppetfile has been generated. Copy and paste between the markers:

=======================================================================
forge 'https://forge.puppet.com'

# Modules discovered by generate-puppetfile
mod 'garethr/docker',             '5.3.0'
mod 'puppetlabs/apt',             '3.0.0'
mod 'puppetlabs/docker_platform', '2.2.1'
mod 'puppetlabs/stdlib',          '4.25.1'
mod 'stahnma/epel',               '1.3.0'
=======================================================================

Pour générer une liste de dépendances à jour, y compris leurs versions, pour un fichier puppetfile existant il convient d'utiliser la commande suivante :

vagrant@ubuntu-xenial:/etc/puppetlabs/code/environments/pbg$ sudo /opt/puppetlabs/puppet/lib/ruby/gems/2.4.0/gems/generate-puppetfile-1.0.0/bin/generate-puppetfile -p /etc/puppetlabs/code/environments/pbg/Puppetfile

Installing modules. This may take a few minutes.


Your Puppetfile has been generated. Copy and paste between the markers:

=======================================================================
forge 'https://forge.puppet.com'

# Modules discovered by generate-puppetfile
mod 'garethr/docker',             '5.3.0'
mod 'puppet/archive',             '3.0.0'
mod 'puppet/staging',             '3.2.0'
mod 'puppetlabs/apache',          '3.1.0'
mod 'puppetlabs/apt',             '3.0.0'
mod 'puppetlabs/aws',             '2.1.0'
mod 'puppetlabs/concat',          '4.2.1'
mod 'puppetlabs/docker_platform', '2.2.1'
mod 'puppetlabs/mysql',           '5.4.0'
mod 'puppetlabs/stdlib',          '4.25.1'
mod 'puppetlabs/translate',       '1.1.0'
mod 'stahnma/epel',               '1.3.0'
# Discovered elements from existing Puppetfile
mod 'pbg_ntp',
  :git => 'https://github.com/bitfield/pbg_ntp.git',
  :tag => '0.1.4'
=======================================================================

Notez que le Puppetfile existant n'est pas mis à jour :

vagrant@ubuntu-xenial:/etc/puppetlabs/code/environments/pbg$ cat Puppetfile 
forge 'http://forge.puppetlabs.com'

mod 'garethr/docker', '5.3.0'
mod 'puppet/archive', '1.3.0'
mod 'puppet/staging', '2.2.0'
mod 'puppetlabs/apache', '2.0.0'
mod 'puppetlabs/apt', '3.0.0'
mod 'puppetlabs/aws', '2.0.0'
mod 'puppetlabs/concat', '4.0.1'
mod 'puppetlabs/docker_platform', '2.2.1'
mod 'puppetlabs/mysql', '3.11.0'
mod 'puppetlabs/stdlib', '4.17.1'
mod 'stahnma/epel', '1.2.2'

mod 'pbg_ntp',
  :git => 'https://github.com/bitfield/pbg_ntp.git',
  :tag => '0.1.4'

Mettez à jour donc le Puppetfile :

vagrant@ubuntu-xenial:/etc/puppetlabs/code/environments/pbg$ sudo vi Puppetfile
vagrant@ubuntu-xenial:/etc/puppetlabs/code/environments/pbg$ cat Puppetfile
forge 'https://forge.puppet.com'

# Modules discovered by generate-puppetfile
mod 'garethr/docker',             '5.3.0'
mod 'puppet/archive',             '3.0.0'
mod 'puppet/staging',             '3.2.0'
mod 'puppetlabs/apache',          '3.1.0'
mod 'puppetlabs/apt',             '3.0.0'
mod 'puppetlabs/aws',             '2.1.0'
mod 'puppetlabs/concat',          '4.2.1'
mod 'puppetlabs/docker_platform', '2.2.1'
mod 'puppetlabs/mysql',           '5.4.0'
mod 'puppetlabs/stdlib',          '4.25.1'
mod 'puppetlabs/translate',       '1.1.0'
mod 'stahnma/epel',               '1.3.0'
# Discovered elements from existing Puppetfile
mod 'pbg_ntp',
  :git => 'https://github.com/bitfield/pbg_ntp.git',
  :tag => '0.1.4'

Dernièrement, utilisez le gestionnaire des modules r10k pour installer les modules :

vagrant@ubuntu-xenial:/etc/puppetlabs/code/environments/pbg$ sudo r10k puppetfile install --verbose
INFO	 -> Updating module /etc/puppetlabs/code/environments/pbg/modules/docker
INFO	 -> Updating module /etc/puppetlabs/code/environments/pbg/modules/archive
INFO	 -> Updating module /etc/puppetlabs/code/environments/pbg/modules/staging
INFO	 -> Updating module /etc/puppetlabs/code/environments/pbg/modules/apache
INFO	 -> Updating module /etc/puppetlabs/code/environments/pbg/modules/apt
INFO	 -> Updating module /etc/puppetlabs/code/environments/pbg/modules/aws
INFO	 -> Updating module /etc/puppetlabs/code/environments/pbg/modules/concat
INFO	 -> Updating module /etc/puppetlabs/code/environments/pbg/modules/docker_platform
INFO	 -> Updating module /etc/puppetlabs/code/environments/pbg/modules/mysql
INFO	 -> Updating module /etc/puppetlabs/code/environments/pbg/modules/stdlib
INFO	 -> Updating module /etc/puppetlabs/code/environments/pbg/modules/translate
INFO	 -> Updating module /etc/puppetlabs/code/environments/pbg/modules/epel
INFO	 -> Updating module /etc/puppetlabs/code/environments/pbg/modules/pbg_ntp

Commencez par créer le fichier module_mysql.pp :

vagrant@ubuntu-xenial:~$ sudo vi module_mysql.pp
vagrant@ubuntu-xenial:~$ cat module_mysql.pp
# Install MySQL and set up an example database
include mysql::server

mysql::db { 'cat_pictures':
  user     => 'greebo',
  password => 'tabby',
  host     => 'localhost',
  grant    => ['SELECT', 'UPDATE'],
}

La première ligne de ce fichier install le serveur MySQL en incluant la classe mysql avec le paramètre server. Le format de l'include est donc classe::paramètre. Lorsque Puppet rencontre cette ligne il recherche automatiquement Hiera pour toute clef qui correspond au nom du paramètre et utilise les valeurs. Dans ce cas, les valeurs se trouvent dans le fichier /etc/puppetlabs/code/environments/pbg/data/common.yaml et sont au nombre de deux :

...
  mysql::server::root_password: 'hairline-quotient-inside-tableful'
  mysql::server::remove_default_accounts: true
...

vagrant@ubuntu-xenial:~$ tail /etc/puppetlabs/code/environments/pbg/data/common.yaml 
      ensure: present
      uid: 1904
      shell: '/bin/bash'
  mysql::server::root_password: 'hairline-quotient-inside-tableful'
  mysql::server::remove_default_accounts: true
  apache::default_vhost: false
  pbg_ntp_params::version: 'latest'
  pbg_ntp_params2::start_at_boot: true
  pbg_ntp_params2::version: 'latest'
  pbg_ntp_params2::service_state: 'running'

Revenons au fichier module_mysql.pp. A la suite de la première ligne est une ressource - mysql::db :

mysql::db { 'cat_pictures':
  user     => 'greebo',
  password => 'tabby',
  host     => 'localhost',
  grant    => ['SELECT', 'UPDATE'],
}

Appliquez le manifest module_mysql.pp :

vagrant@ubuntu-xenial:~$ sudo puppet apply --environment=pbg module_mysql.pp 
Notice: Compiled catalog for ubuntu-xenial.ief2i.fr in environment pbg in 4.49 seconds
Notice: /Stage[main]/Mysql::Server::Install/Package[mysql-server]/ensure: created
Notice: /Stage[main]/Mysql::Server::Config/File[mysql-config-file]/ensure: defined content as '{md5}44e7aa974ab98260d7d013a2087f1c77'
Notice: /Stage[main]/Mysql::Server::Root_password/Mysql_user[root@localhost]/password_hash: changed password
Notice: /Stage[main]/Mysql::Server::Root_password/File[/root/.my.cnf]/ensure: defined content as '{md5}4bb1978026fab523a39a7fd27e4e39c2'
Notice: /Stage[main]/Mysql::Client::Install/Package[mysql_client]/ensure: created
Notice: /Stage[main]/Main/Mysql::Db[cat_pictures]/Mysql_database[cat_pictures]/ensure: created
Notice: /Stage[main]/Main/Mysql::Db[cat_pictures]/Mysql_user[greebo@localhost]/ensure: created
Notice: /Stage[main]/Main/Mysql::Db[cat_pictures]/Mysql_grant[greebo@localhost/cat_pictures.*]/ensure: created
Notice: Applied catalog in 270.54 seconds

Vérifiez ensuite que vous pouvez vous connecter avec l'utilisateur greebo et le mot de passe tabby :

vagrant@ubuntu-xenial:~$ mysql -ugreebo -p
Enter password: tabby
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 26
Server version: 5.7.22-0ubuntu0.16.04.1 (Ubuntu)

Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> SHOW databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| cat_pictures       |
+--------------------+
2 rows in set (0.01 sec)

mysql> USE cat_pictures;
Database changed
mysql> exit
Bye
vagrant@ubuntu-xenial:~$ 

Créez le fichier module_apache.pp :

vagrant@ubuntu-xenial:~$ sudo vi module_apache.pp
vagrant@ubuntu-xenial:~$ cat module_apache.pp
include apache

apache::vhost { 'cat-pictures.com':
  port          => '80',
  docroot       => '/var/www/cat-pictures',
  docroot_owner => 'www-data',
  docroot_group => 'www-data',
}

file { '/var/www/cat-pictures/index.html':
  content => "<img src='http://bitfieldconsulting.com/files/happycat.jpg'>",
  owner   => 'www-data',
  group   => 'www-data',
}

La première ligne installe apache. Lorsque Puppet rencontre cette ligne il recherche automatiquement Hiera pour toute clef qui correspond au nom du paramètre et utilise les valeurs. Dans ce cas, la valeur se trouve dans le fichier /etc/puppetlabs/code/environments/pbg/data/common.yaml :

...
  apache::default_vhost: false
...

vagrant@ubuntu-xenial:~$ tail /etc/puppetlabs/code/environments/pbg/data/common.yaml 
      ensure: present
      uid: 1904
      shell: '/bin/bash'
  mysql::server::root_password: 'hairline-quotient-inside-tableful'
  mysql::server::remove_default_accounts: true
  apache::default_vhost: false
  pbg_ntp_params::version: 'latest'
  pbg_ntp_params2::start_at_boot: true
  pbg_ntp_params2::version: 'latest'
  pbg_ntp_params2::service_state: 'running'

Revenons au fichier module_apache.pp. A la suite de la première ligne est une ressource - apache::vhost :

apache::vhost { 'cat-pictures.com':
  port          => '80',
  docroot       => '/var/www/cat-pictures',
  docroot_owner => 'www-data',
  docroot_group => 'www-data',
}

A la fin du fichier se trouve une ressource de type file :

file { '/var/www/cat-pictures/index.html':
  content => "<img src='http://bitfieldconsulting.com/files/happycat.jpg'>",
  owner   => 'www-data',
  group   => 'www-data',
}

Appliquez le manifest :

vagrant@ubuntu-xenial:~$ sudo puppet apply --environment=pbg module_apache.pp
Notice: Compiled catalog for ubuntu-xenial.ief2i.fr in environment pbg in 7.55 seconds
Notice: /Stage[main]/Apache/Package[httpd]/ensure: created
Notice: /Stage[main]/Apache/Exec[mkdir /etc/apache2/conf.d]/returns: executed successfully
Notice: /Stage[main]/Apache/File[/etc/apache2/sites-available/000-default.conf]/ensure: removed
Notice: /Stage[main]/Apache/File[/etc/apache2/sites-available/default-ssl.conf]/ensure: removed
Notice: /Stage[main]/Apache/File[/etc/apache2/sites-enabled/000-default.conf]/ensure: removed
Notice: /Stage[main]/Apache::Mod::Reqtimeout/File[reqtimeout.conf]/content: content changed '{md5}40b45155afb3d14263d12e6fc4a98513' to '{md5}81c51851ab7ee7942bef389dc7c0e985'
Notice: /Stage[main]/Apache::Mod::Alias/File[alias.conf]/content: content changed '{md5}c6e9f26152898c38e58211c8b362d5c3' to '{md5}cb528041df274fb077800a8e2e64f94e'
Notice: /Stage[main]/Apache::Mod::Autoindex/File[autoindex.conf]/content: content changed '{md5}bfba7d77669e02b869b92e98215d58fc' to '{md5}2421a3c6df32c7e38c2a7a22afdf5728'
Notice: /Stage[main]/Apache::Mod::Deflate/File[deflate.conf]/content: content changed '{md5}6649a32153b9afdc53f6898b5a10a2d6' to '{md5}a045d750d819b1e9dae3fbfb3f20edd5'
Notice: /Stage[main]/Apache::Mod::Dir/File[dir.conf]/content: content changed '{md5}fe4bc5fa3b3cc7a241fe57f8fabc55a1' to '{md5}c741d8ea840e6eb999d739eed47c69d7'
Notice: /Stage[main]/Apache::Mod::Mime/File[mime.conf]/content: content changed '{md5}7369c2fd5edf2192edbd6d865b632ae5' to '{md5}9da85e58f3bd6c780ce76db603b7f028'
Notice: /Stage[main]/Apache::Mod::Negotiation/File[negotiation.conf]/content: content changed '{md5}443398efdd41085bc1a70047f6e61c95' to '{md5}47284b5580b986a6ba32580b6ffb9fd7'
Notice: /Stage[main]/Apache::Mod::Setenvif/File[setenvif.conf]/content: content changed '{md5}533f5f92761c2c24d6820f1d7d1c45ad' to '{md5}c7ede4173da1915b7ec088201f030c28'
Notice: /Stage[main]/Apache::Mod::Worker/File[/etc/apache2/mods-available/worker.conf]/ensure: defined content as '{md5}1e3caf54ba0d71f3502b6cce6cda38d8'
Notice: /Stage[main]/Apache/Concat[/etc/apache2/ports.conf]/File[/etc/apache2/ports.conf]/content: content changed '{md5}a961f23471d985c2b819b652b7f64321' to '{md5}334fa5cddbf9a408ea1ca7a1666b1fc4'
Notice: /Stage[main]/Apache/File[/etc/apache2/apache2.conf]/content: content changed '{md5}da32fcc6a783acaebf0d74c17c726bf7' to '{md5}f0bb70225191ce965d8c3e8ae992ba4c'
Notice: /Stage[main]/Apache::Default_mods/Apache::Mod[authz_host]/File[authz_host.load]/content: content changed '{md5}f529587409471e3feb62256bccaf538a' to '{md5}4b8162e3e3a58d1dc2222e2ad352bd93'
Notice: /Stage[main]/Apache::Default_mods/Apache::Mod[authz_host]/File[authz_host.load symlink]/target: target changed '../mods-available/authz_host.load' to '/etc/apache2/mods-available/authz_host.load'
Notice: /Stage[main]/Apache::Mod::Authn_core/Apache::Mod[authn_core]/File[authn_core.load symlink]/target: target changed '../mods-available/authn_core.load' to '/etc/apache2/mods-available/authn_core.load'
Notice: /Stage[main]/Apache::Mod::Reqtimeout/Apache::Mod[reqtimeout]/File[reqtimeout.load symlink]/ensure: created
Notice: /Stage[main]/Apache::Mod::Reqtimeout/Apache::Mod[reqtimeout]/File[reqtimeout.conf symlink]/ensure: created
Notice: /Stage[main]/Apache::Mod::Alias/Apache::Mod[alias]/File[alias.load symlink]/target: target changed '../mods-available/alias.load' to '/etc/apache2/mods-available/alias.load'
Notice: /Stage[main]/Apache::Mod::Alias/Apache::Mod[alias]/File[alias.conf symlink]/target: target changed '../mods-available/alias.conf' to '/etc/apache2/mods-available/alias.conf'
Notice: /Stage[main]/Apache::Mod::Authn_file/Apache::Mod[authn_file]/File[authn_file.load symlink]/target: target changed '../mods-available/authn_file.load' to '/etc/apache2/mods-available/authn_file.load'
Notice: /Stage[main]/Apache::Mod::Autoindex/Apache::Mod[autoindex]/File[autoindex.load symlink]/target: target changed '../mods-available/autoindex.load' to '/etc/apache2/mods-available/autoindex.load'
Notice: /Stage[main]/Apache::Mod::Autoindex/Apache::Mod[autoindex]/File[autoindex.conf symlink]/target: target changed '../mods-available/autoindex.conf' to '/etc/apache2/mods-available/autoindex.conf'
Notice: /Stage[main]/Apache::Mod::Dav/Apache::Mod[dav]/File[dav.load symlink]/ensure: created
Notice: /Stage[main]/Apache::Mod::Dav_fs/File[dav_fs.conf]/content: content changed '{md5}162db96239f13b5416f369b6306d9db6' to '{md5}e36e2951cff0d4df331652ca6fccdb77'
Notice: /Stage[main]/Apache::Mod::Dav_fs/Apache::Mod[dav_fs]/File[dav_fs.load]/content: content changed '{md5}17f662fd023dbaaab9d89f9a11ae58c1' to '{md5}3fa14d6e9f9d8eb25d09ed4823508f6d'
Notice: /Stage[main]/Apache::Mod::Dav_fs/Apache::Mod[dav_fs]/File[dav_fs.load symlink]/ensure: created
Notice: /Stage[main]/Apache::Mod::Dav_fs/Apache::Mod[dav_fs]/File[dav_fs.conf symlink]/ensure: created
Notice: /Stage[main]/Apache::Mod::Deflate/Apache::Mod[deflate]/File[deflate.load]/content: content changed '{md5}6a7a23153796456ee919abdf728fd972' to '{md5}ac4540dd672556b07f900425751f745c'
Notice: /Stage[main]/Apache::Mod::Deflate/Apache::Mod[deflate]/File[deflate.load symlink]/target: target changed '../mods-available/deflate.load' to '/etc/apache2/mods-available/deflate.load'
Notice: /Stage[main]/Apache::Mod::Deflate/Apache::Mod[deflate]/File[deflate.conf symlink]/target: target changed '../mods-available/deflate.conf' to '/etc/apache2/mods-available/deflate.conf'
Notice: /Stage[main]/Apache::Mod::Dir/Apache::Mod[dir]/File[dir.load symlink]/target: target changed '../mods-available/dir.load' to '/etc/apache2/mods-available/dir.load'
Notice: /Stage[main]/Apache::Mod::Dir/Apache::Mod[dir]/File[dir.conf symlink]/target: target changed '../mods-available/dir.conf' to '/etc/apache2/mods-available/dir.conf'
Notice: /Stage[main]/Apache::Mod::Mime/Apache::Mod[mime]/File[mime.load symlink]/target: target changed '../mods-available/mime.load' to '/etc/apache2/mods-available/mime.load'
Notice: /Stage[main]/Apache::Mod::Mime/Apache::Mod[mime]/File[mime.conf symlink]/target: target changed '../mods-available/mime.conf' to '/etc/apache2/mods-available/mime.conf'
Notice: /Stage[main]/Apache::Mod::Negotiation/Apache::Mod[negotiation]/File[negotiation.load symlink]/target: target changed '../mods-available/negotiation.load' to '/etc/apache2/mods-available/negotiation.load'
Notice: /Stage[main]/Apache::Mod::Negotiation/Apache::Mod[negotiation]/File[negotiation.conf symlink]/target: target changed '../mods-available/negotiation.conf' to '/etc/apache2/mods-available/negotiation.conf'
Notice: /Stage[main]/Apache::Mod::Setenvif/Apache::Mod[setenvif]/File[setenvif.load symlink]/target: target changed '../mods-available/setenvif.load' to '/etc/apache2/mods-available/setenvif.load'
Notice: /Stage[main]/Apache::Mod::Setenvif/Apache::Mod[setenvif]/File[setenvif.conf symlink]/target: target changed '../mods-available/setenvif.conf' to '/etc/apache2/mods-available/setenvif.conf'
Notice: /Stage[main]/Apache::Default_mods/Apache::Mod[auth_basic]/File[auth_basic.load]/content: content changed '{md5}a92c34a3ce5e67e2ecbd272155ebe072' to '{md5}5eec35bb52e1ae9ff5eec602ed1d2374'
Notice: /Stage[main]/Apache::Default_mods/Apache::Mod[auth_basic]/File[auth_basic.load symlink]/target: target changed '../mods-available/auth_basic.load' to '/etc/apache2/mods-available/auth_basic.load'
Notice: /Stage[main]/Apache::Mod::Filter/Apache::Mod[filter]/File[filter.load symlink]/target: target changed '../mods-available/filter.load' to '/etc/apache2/mods-available/filter.load'
Notice: /Stage[main]/Apache::Default_mods/Apache::Mod[authz_core]/File[authz_core.load symlink]/target: target changed '../mods-available/authz_core.load' to '/etc/apache2/mods-available/authz_core.load'
Notice: /Stage[main]/Apache::Default_mods/Apache::Mod[access_compat]/File[access_compat.load]/content: content changed '{md5}f7f77b3eb4005749b583ff14b49f8bf1' to '{md5}a3e92887d86700b30a3869d0e8c159d7'
Notice: /Stage[main]/Apache::Default_mods/Apache::Mod[access_compat]/File[access_compat.load symlink]/target: target changed '../mods-available/access_compat.load' to '/etc/apache2/mods-available/access_compat.load'
Notice: /Stage[main]/Apache::Mod::Authz_user/Apache::Mod[authz_user]/File[authz_user.load]/content: content changed '{md5}bcf988f105564ec1e14b78df56a01cd8' to '{md5}69150f8246499e0135580d8cc16eaeab'
Notice: /Stage[main]/Apache::Mod::Authz_user/Apache::Mod[authz_user]/File[authz_user.load symlink]/target: target changed '../mods-available/authz_user.load' to '/etc/apache2/mods-available/authz_user.load'
Notice: /Stage[main]/Apache::Default_mods/Apache::Mod[authz_groupfile]/File[authz_groupfile.load]/content: content changed '{md5}97a3e14926ce7bf5f2d2a7b93ece648d' to '{md5}bf972e82336c72b20d67d871ef77d4ce'
Notice: /Stage[main]/Apache::Default_mods/Apache::Mod[authz_groupfile]/File[authz_groupfile.load symlink]/ensure: created
Notice: /Stage[main]/Apache::Mod::Env/Apache::Mod[env]/File[env.load symlink]/target: target changed '../mods-available/env.load' to '/etc/apache2/mods-available/env.load'
Notice: /Stage[main]/Apache::Mod::Worker/Apache::Mpm[worker]/File[/etc/apache2/mods-available/worker.load]/ensure: defined content as '{md5}3064ef75f030fbf76986f6f073beb113'
Notice: /Stage[main]/Apache::Mod::Worker/Apache::Mpm[worker]/File[/etc/apache2/mods-enabled/worker.conf]/ensure: created
Notice: /Stage[main]/Apache::Mod::Worker/Apache::Mpm[worker]/File[/etc/apache2/mods-enabled/worker.load]/ensure: created
Notice: /Stage[main]/Apache::Mod::Cgid/File[cgid.conf]/content: content changed '{md5}e8a2836392051bde889cf9c137058273' to '{md5}7dffbb5823bcbb9ab4d3e67ab14d38a0'
Notice: /Stage[main]/Apache::Mod::Cgid/Apache::Mod[cgid]/File[cgid.load symlink]/ensure: created
Notice: /Stage[main]/Apache::Mod::Cgid/Apache::Mod[cgid]/File[cgid.conf symlink]/ensure: created
Notice: /Stage[main]/Apache/File[/etc/apache2/mods-enabled/mpm_event.conf]/ensure: removed
Notice: /Stage[main]/Apache/File[/etc/apache2/mods-enabled/mpm_event.load]/ensure: removed
Notice: /Stage[main]/Apache/File[/etc/apache2/mods-enabled/status.conf]/ensure: removed
Notice: /Stage[main]/Apache/File[/etc/apache2/mods-enabled/status.load]/ensure: removed
Notice: /Stage[main]/Main/Apache::Vhost[cat-pictures.com]/File[/var/www/cat-pictures]/ensure: created
Notice: /Stage[main]/Main/File[/var/www/cat-pictures/index.html]/ensure: defined content as '{md5}e274bce610d32200bb7256542f720833'
Notice: /Stage[main]/Main/Apache::Vhost[cat-pictures.com]/Concat[25-cat-pictures.com.conf]/File[/etc/apache2/sites-available/25-cat-pictures.com.conf]/ensure: defined content as '{md5}3096e79ddd479b5289234df595f43817'
Notice: /Stage[main]/Main/Apache::Vhost[cat-pictures.com]/File[25-cat-pictures.com.conf symlink]/ensure: created
Notice: /Stage[main]/Apache::Service/Service[httpd]: Triggered 'refresh' from 1 event
Notice: Applied catalog in 66.04 seconds

Pour vérifier l'installation et la configuration de l'hôte virtuel, connectez-vous à l'adresse http://localhost:8080 avec votre navigateur :

Il semblerait que ce petit chaton soit bien content de vous voir !

Puppet sait installer des logiciels à partir d'un tarball (*.tar.gz) ou à partir d'un fichier zip. Créez les fichier module_archive.pp :

vagrant@ubuntu-xenial:~$ sudo vi module_archive.pp
vagrant@ubuntu-xenial:~$ cat module_archive.pp
file { '/var/www':
  ensure => directory,
}

archive { '/tmp/wordpress.tar.gz':
  ensure       => present,
  extract      => true,
  extract_path => '/var/www',
  source       => 'https://wordpress.org/latest.tar.gz',
  creates      => '/var/www/wordpress',
  cleanup      => true,
}

La deuxième ressource est une archive :

archive { '/tmp/wordpress.tar.gz':
  ensure       => present,
  extract      => true,
  extract_path => '/var/www',
  source       => 'https://wordpress.org/latest.tar.gz',
  creates      => '/var/www/wordpress',
  cleanup      => true,
}

Appliquez maintenant le manifest :

vagrant@ubuntu-xenial:~$ sudo puppet apply --environment=pbg module_archive.pp
Notice: Compiled catalog for ubuntu-xenial.ief2i.fr in environment pbg in 0.53 seconds
Notice: /Stage[main]/Main/Archive[/tmp/wordpress.tar.gz]/ensure: download archive from https://wordpress.org/latest.tar.gz to /tmp/wordpress.tar.gz and extracted in /var/www with cleanup
Notice: Applied catalog in 99.85 seconds

Vérifiez que le processus à abouti :

vagrant@ubuntu-xenial:~$ ls /var/www
cat-pictures  html  wordpress

<html> <DIV ALIGN=“CENTER”> Copyright © 2019 Hugh Norris.<br><br> </div> </html>