Servermanagement with puppet – Part 2

Now we want to create a clear strukture for the puppet configuration files. The config in Part 1 is only a simple example to test the configuration. In this example we want to create the user „sebastian“ and „demo“ on all servers with a specific password.

1. Templates “/etc/puppet/manifests/templates.pp“:

This files defines various classes of server configurations. Those classes collects configurations to allocate it with servers (nodes).

#
# templates.pp
#

class baseclass {
    include user::admins
}

2. Modules “/etc/puppet/manifests/modules.pp“:

For serveral softwareconfigurations you can use puppet modules. There are a lot of modules available for the most applications. Here you see some of them:
http://git.puppet.immerda.ch oder
http://reductivelabs.com/trac/puppet/wiki/PuppetModules

#
# modules.pp
#

import "common"
import "user"

3. Nodes “/etc/puppet/manifests/nodes.pp“:

In this file you define the single servers and allocate them with the templates. The node „default“ match to each server which is connected to the puppetmaster.

#
# nodes.pp
#

node default {

}

node 'puppetmaster.domain.local' {
    include baseclass
}

node 'pc1.domain.local' {
    include baseclass
}

node 'pc2.domain.local' {
    include baseclass
}

4. Site “/etc/puppet/manifests/site.pp“:

Now import the single files in the main configuration file of the puppetmaster.

#
# site.pp
#

import "modules.pp"
import "templates.pp"
import "nodes.pp"

5. Installation / download the puppet modules:

In the „modules.pp“ file we use 2 modules. Install this modules with git:

aptitude install git-core
git clone git://git.puppet.immerda.ch/module-common.git /etc/puppet/modules/common
git clone git://git.puppet.immerda.ch/module-user.git /etc/puppet/modules/user

6. Create users

„/etc/puppet/modules/user/manifests/admins.pp“:

#
# admins.pp
#

class user::admins inherits user::virtual {

realize (
    User["sebastian"],
    User["demo"]
)
User["sebastian"]{ groups => admin }
User["demo"]{ groups => admin }

}

„/etc/puppet/modules/user/manifests/virtual.pp“:

#
# virtual.pp
#

class user::virtual {

    @user { "sebastian":
        ensure          => present,
        uid               => 1000,
        gid               => "users",
        comment       => "Sebastian",
        home            => "/home/sebastian",
        shell             =>"/bin/bash",
        managehome => true,
        password       => 'ENCRYPTED PASSWORD',
    }

    @user { "demo":
        ensure          => present,
        uid               => 1001,
        gid               => "users",
        comment       => "Demo",
        home            => "/home/demo",
        shell             => "/bin/bash",
        managehome => true,
        password      => 'ENCRYPTED PASSWORD',
    }

}

You get the „ENCRYPTED PASSWORD“ from the „/etc/shadow“ for example.

Or you can create this encrypted password with the howto in this Blog:
http://www.raskas.be/blog/2007/09/15/manual-encrypting-your-shadow-password

For the sake of completeness:

echo "CLEAR PASSWORD" | perl -nle 'print crypt($_, "\$1\$".join "", (".", "/", 0..9, "A".."Z", "a".."z")[rand 64, rand 64, rand 64, rand 64, rand 64, rand 64, rand 64, rand 64]);'