DEV Community: Martin Alfke The latest articles on DEV Community by Martin Alfke (@tuxmea). https://dev.to/tuxmea https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F412233%2F4f6397d3-ddc0-4798-b33d-dcce1ff5e41c.png DEV Community: Martin Alfke https://dev.to/tuxmea en Das neue Puppet Open Source Projekt heißt "OpenVox" Martin Alfke Tue, 28 Jan 2025 15:00:38 +0000 https://dev.to/betadots/das-neue-puppet-open-source-projekt-heisst-openvox-2330 https://dev.to/betadots/das-neue-puppet-open-source-projekt-heisst-openvox-2330 <p><a href="https://puppet.com" rel="noopener noreferrer">Puppet by Perforce</a> hat <a href="https://www.puppet.com/blog/open-source-puppet-updates-2025" rel="noopener noreferrer">angekündigt</a>,<br> dass die Open Source Pakete ab 2025 nur noch nach Zustimmung einer nicht weiter definierten EULA verfügbar gemacht werden sollen. </p> <p><code>In early 2025, Puppet will begin to ship any new binaries and packages developed by our team to a private, hardened, and controlled location. Community contributors will have free access to this private repo under the terms of an End-User License Agreement (EULA) for development use.</code></p> <p>Dabei muss berücksichtigt werden, dass die kostenfreie Variante nur für maximal 25 Nodes gilt.<br> Wer mehr Systeme mit Puppet Open Source verwalten will, benötigt eine <code>Puppet Labs Support Commercial License</code>.</p> <p>Die Open Source Community hat das Gespräch mit dem Puppet Management gesucht.</p> <p>Hier das Resultat:</p> <ul> <li> Das neue Puppet Open Source Projekt heißt <code>OpenVox</code> <ul> <li>Vorbereitung</li> <li>Aus Puppet wird OpenVox und Puppet Open Source</li> <li>Source Code, Pakete und Container</li> <li>Ich nutze Puppet Open Source. Was muss ich tun?</li> <li>Puppet Open Source</li> <li>OpenVox</li> <li>Die weitere Entwicklung</li> <li>Wie kann man helfen?</li> <li>Professioneller Support</li> <li>Zusammenfassung</li> </ul> </li> </ul> <h2> Vorbereitung </h2> <p>Vor dem ersten Gespräch mit Puppet hat sich die Community im Vorfeld besprochen und analysiert, ob man als Open Source Projekt in der Lage sein kann, die weitere Entwicklung zu stemmen.<br> Das Feedback aus der Open Source Community und von Open Source Usern war sehr positiv.</p> <p>Einige Nutzer haben sogar direkt angekündigt, dass man Entwickler für dedizierte Aufgaben zur Verfügung stellen möchte.</p> <h2> Aus Puppet wird OpenVox und Puppet Open Source </h2> <p>Die Open Source Community hat sich mit Puppet by Perforce darauf geeinigt, dass die weitere Entwicklung von Puppet in einem Fork unter der Verwaltung der Open Source Community erfolgen soll.</p> <p>Nach einer <a href="https://github.com/OpenVoxProject/planning/discussions/9" rel="noopener noreferrer">öffentlichen Abstimmung Ende 2024</a> innerhalb der Community, hat man sich für den Namen <code>OpenVox</code> entschieden und beschlossen, dass die Entwicklung innerhalb der bereits existierenden <a href="https://voxpupuli.org" rel="noopener noreferrer"><code>Vox Pupuli</code> Puppet Open Source Community</a> auf <a href="https://github.com/voxpupuli" rel="noopener noreferrer">GitHub</a> stattfinden soll.</p> <p>Da Perforce die Namensrechte an <code>Puppet</code> besitzt, hat man gemeinsam mit Perforce entschieden, dass die Pakete, die durch das OpenVox Projekt erstellt werden, nicht mehr <code>Puppet</code> im Namen haben sollen.<br> Dies ist auch in Hinsicht auf Differenzierbarkeit der Herkunft der Pakete sinnvoll.<br> Die Open Source Pakete von Perforce werden weiterhin <code>puppet-agent</code>, <code>puppetdb</code> und <code>puppetserver</code> heißen.</p> <p>Gemeinsam mit Perforce wurde vereinbart, dass man sowohl die Kommandozeile, wie auch Namen der Konfigurationsdateien und die Schnittstellen zur Erweiterung von Puppet ( <code>/lib/puppet</code> in Modulen) zu existierenden Installation und Code kompatibel halten möchte.</p> <p>Die weitere Kompatibilität soll durch ein <code>Language Steering Committee</code> sichergestellt werden, in dem alle Beteiligten gemeinsam über Änderungen an der Puppet DSL oder Inkompatibilitäten entscheiden.</p> <h2> Source Code, Pakete und Container </h2> <p>Der frei verfügbare <a href="https://github.com/puppetlabs" rel="noopener noreferrer">Puppet Open Source Code</a> wurde in das <a href="https://github.com/openvoxproject" rel="noopener noreferrer">OpenVox GitHub Projekt</a> geforkt.</p> <p>Im ersten Schritt hat das Re-branding stattgefunden.<br> <strong>Für Anwender ist es wichtig zu wissen, dass Kommandozeilen Tools, Bibliotheken und Puppet Erweiterungen auch unter OpenVox vollständig kompatibel zu Puppet Open Source sind.</strong></p> <p>Aktuell werden die Pipelines zur Erstellung der RedHat und Debian Pakete auf öffentliche GitHub Actions umgestellt und sollen sehr bald zur Verfügung gestellt werden.<br> Erste reproduzierbare Build wurden bereits getetstet.<br> Pakete für Windows und MacOS sind ebenfalls geplant.</p> <p>Die Puppet Container (<a href="https://github.com/voxpupuli/container-puppetserver" rel="noopener noreferrer">puppetserver</a> und <a href="https://github.com/voxpupuli/container-puppetdb" rel="noopener noreferrer">puppetdb</a>) werden nicht mehr weiter gepflegt!</p> <p>Statt dessen werden OpenVox Container zur Verfügung gestellt. Aktuell wird an <a href="https://github.com/OpenVoxProject/container-openvoxserver" rel="noopener noreferrer">OpenVox Server</a> und <a href="https://github.com/OpenVoxProject/container-openvoxdb" rel="noopener noreferrer">OpenVoxDB</a> gearbeitet.</p> <h2> Ich nutze Puppet Open Source. Was muss ich tun? </h2> <p>Es gibt 2 Möglichkeiten:</p> <ol> <li>Puppet Open Source</li> <li>OpenVox</li> </ol> <h3> Puppet Open Source </h3> <p>Man muss bei Puppet die EULA akzeptieren und sich ab 25 Nodes um eine Lizenz kümmern.</p> <h3> OpenVox </h3> <p>Die Installations-Anleitung für die Migration findet man auf der<br> <a href="https://voxpupuli.org/openvox/install/" rel="noopener noreferrer">OpenVox Projekt Seite</a>.</p> <p>Da die Konfigurationspfade und -dateien, sowie die Kommandos alle identisch sind, muss keine weitere Anpassung oder Umstellung vorgenommen werden.<br> Auch der existierende Puppet Code funktioniert ohne Anpassungen.</p> <p>Nutzer von OpenVox werden gebeten die aktuellen Pakete und Container in einer Testumgebung zu validieren.</p> <h2> Die weitere Entwicklung </h2> <p>Es gibt eine ganze Reihe von Wünschen aus der Community, die bisher leider nicht umgesetzt wurden.<br> Zuerst möchte man aktuelle Betriebssystemversionen unterstützen. Hierbei hatte die Community oft nach Paketen für Debian stable und testing gefragt.</p> <p>Im nächsten Schritt soll der Code von alten Artefakten befreit werden.<br> Nicht mehr gepflegte Ruby Erweiterungen sollen durch moderne Implementierungen ersetzt werden.<br> Der Code Zoo (Jruby, Clojure, Java) soll aufgeräumt werden.</p> <h2> Wie kann man helfen? </h2> <p>Die Puppet Community möchte sich als Professionelles Open Source Projekt etablieren.<br> Dazu sucht man die finanzielle Unterstützung von Usern, Firmen und öffentlichen Einrichtungen für Open Source Arbeit.</p> <p>Auch individuelle Zuarbeit ist gerne gesehen. Es muss Dokumentation geschrieben werden, die Pakete müssen getestet werden.<br> Die Community braucht die Unterstützung der Anwender, sei es durch Zuarbeit, Code Reviews oder Bug Reports.</p> <p>Im nächsten Schritt benötigt man Spiegel Server, Bandbreite und Storage.</p> <h2> Professioneller Support </h2> <p>Open Source Support ist für viele Kunden ein wichtiger Aspekt bei der Wahl der Mittel.<br> Für OpenVox gibt es bereits jetzt schon 2 Firmen, die Support anbieten:</p> <p>Wir von der <a href="https://www.betadots.de" rel="noopener noreferrer">betadots GmbH</a> unterstützen Kunden bei Planung, Installation, Updates von OpenVox, Puppet Open Source und Puppet Enterprise und kümmern uns um die Weiterbildung der Mitarbeiter im Umfeld von Git und GitLab, Foreman/Katello, Puppet/OpenVox und Linux HA.</p> <p>In Amerikanischem Raum wird die Firma <a href="https://overlookinfratech.com/" rel="noopener noreferrer">overlookinfratech</a> Ansprechpartner für OpenVox Support sein.</p> <p>Weitere Firmen werden auf der <a href="https://voxpupuli.org/openvox/support/" rel="noopener noreferrer">Support Übersicht von OpenVox</a> gelistet werden.</p> <h2> Zusammenfassung </h2> <p>OpenVox ist ein drop-in Ersatz für Puppet Open Source.</p> <p>Die Community hat gezeigt, dass sie den Wunsch nach Weiterentwicklung hat und in der Lage ist diese Arbeiten durchzuführen.</p> <p>Professioneller Support und Trainings stehen in den USA und in Europa zur Verfügung.</p> <p>Open Source ist die Basis für den Erfolg vieler Unternehmen. Deshalb: Unterstützt Eure Community.</p> <p>Für weitere Informationen stehen <a href="//mailto:info@betadots.de">wir</a> gerne zur Verfügung.</p> <p>Datacenters need automation</p> <p>betadots GmbH</p> puppet opensource openvox cfgmgmt The Ruby side of Puppet - Part 3 - Custom Types and Providers Martin Alfke Mon, 20 Jan 2025 18:50:29 +0000 https://dev.to/betadots/the-ruby-side-of-puppet-part-3-custom-types-and-providers-4hma https://dev.to/betadots/the-ruby-side-of-puppet-part-3-custom-types-and-providers-4hma <p>This is the final post in a three-part serie, covering the concepts and best practices for extending <a href="https://www.puppet.com" rel="noopener noreferrer">Puppet</a> using <a href="https://www.puppet.com/docs/puppet/latest/custom_facts" rel="noopener noreferrer">custom facts</a>, <a href="https://www.puppet.com/docs/puppet/latest/custom_functions_ruby" rel="noopener noreferrer">custom functions</a> and <a href="https://www.puppet.com/docs/puppet/latest/custom_types" rel="noopener noreferrer">custom types</a> and <a href="https://www.puppet.com/docs/puppet/latest/provider_development" rel="noopener noreferrer">providers</a>.</p> <p><a href="https://dev.to/betadots/the-ruby-side-of-puppet-part-1-custom-facts-3hb7">Part 1</a> explores how to create custom facts, which allow nodes to send information to the Puppet Server.</p> <p><a href="https://dev.to/betadots/the-ruby-side-of-puppet-part-2-custom-functions-7c7">Part 2</a> discusses building custom functions to process data or execute specific tasks.</p> <p>Part 3 (this post) focuses on custom types and providers, allowing you to extend Puppet's DSL and control system resources.</p> <p>Types are at the core of Puppet’s declarative DSL. Types describe the desired state of the system, targeting specific, configurable parts (sometimes OS-specific). Puppet provides a set of <a href="https://www.puppet.com/docs/puppet/latest/type.html" rel="noopener noreferrer">core types</a>, available with any Puppet agent installation.</p> <p>Some of the core types include:</p> <ul> <li>file</li> <li>user</li> <li>group</li> <li>package</li> <li>service</li> </ul> <p><strong>Why Create Custom Types and Providers</strong>:</p> <p>There are several reasons to develop custom types and providers:</p> <ul> <li>Avoid relying on the often unreliable or hard-to-maintain <code>exec</code> resources</li> <li>Manage an application that requires CLI commands for configuration.</li> <li>Handle configurations with highly specific syntax that existing Puppet types cannot manage (like <code>file</code> or <code>concat</code>).</li> </ul> <p><strong>Content</strong>:</p> <ol> <li>General concepts</li> <li>Types and providers in modules</li> <li>Type description</li> <li>Provider implementation</li> <li>Using custom types in Puppet DSL</li> <li>Resource API</li> <li>Summary</li> </ol> <h2> General concepts </h2> <p>A custom type consists of two main parts:</p> <ul> <li> <strong>Type definiton</strong>: This defines how the type will be used in the Puppet DSL.</li> <li> <strong>Provider implementation(s)</strong>: One or more providers per type define how to interact with the system to manage resources.</li> </ul> <h3> Type definition </h3> <p>The type describes how Puppet resources are declared in the DSL. For example, to manage an application’s configuration:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight puppet"><code><span class="n">app_config</span> <span class="p">{</span> <span class="o">&lt;</span><span class="n">setting</span><span class="o">&gt;</span><span class="p">:</span> <span class="py">ensure</span> <span class="p">=&gt;</span> <span class="n">present</span><span class="p">,</span> <span class="py">property</span> <span class="p">=&gt;</span> <span class="o">&lt;</span><span class="n">value</span><span class="o">&gt;</span><span class="p">,</span> <span class="py">param</span> <span class="p">=&gt;</span> <span class="o">&lt;</span><span class="n">app_args</span><span class="o">&gt;</span><span class="p">,</span> <span class="py">provider</span> <span class="p">=&gt;</span> <span class="o">&lt;</span><span class="n">auth_method</span><span class="o">&gt;</span><span class="p">,</span> <span class="p">}</span> </code></pre> </div> <p>In the type definition, you typically have a <strong>namevar</strong> (a key identifier) and mutiple <strong>parameters</strong> and <strong>properties</strong>.</p> <ul> <li> <strong>Namevar</strong>: The key identifying the resource instance in the type declaration.</li> <li> <strong>Properties</strong>: These represent something measurable on the target system, such as a user’s UID or GID, or an application’s config value.</li> <li> <strong>Parameters</strong>: Parameters influence how Puppet manages a resource but don’t directly map to something measurable on the system. For example, <code>manage_home</code> in the <code>user</code> type is a parameter that affects Puppet’s behavior but isn’t a property of the user account.</li> </ul> <p>The difference between parameters and properties is nicely described on the <a href="https://www.puppet.com/docs/puppet/latest/custom_types#custom_types" rel="noopener noreferrer">Puppet Type/Provider development page</a>:</p> <p>Properties:</p> <blockquote> <p>"Properties correspond to something measurable on the target system. For example, the UID and GID of a user account are properties, because their current state can be queried or changed. In practical terms, setting a value for a property causes a method to be called on the provider."</p> </blockquote> <p>Parameters:</p> <blockquote> <p>"Parameters change how Puppet manages a resource, but do not necessarily map directly to something measurable. For example, the user type’s managehome attribute is a parameter — its value affects what Puppet does, but the question of whether Puppet is managing a home directory isn’t an innate property of the user account."</p> </blockquote> <p>In our example, the property is the value of the config setting, whereas the parameter specifies application attributes.</p> <h3> Provider implementations </h3> <p>Providers define the mechanisms for managing the state of the resources described by types. They handle:</p> <ul> <li>Determining whether the resource already exists.</li> <li>Creating or removing resources.</li> <li>Modifying resources.</li> <li>Optionally, listing all existing resources of the type.</li> </ul> <h2> Types and providers in modules </h2> <p>Custom types and providers are placed within the <code>lib/puppet</code> directory of a module.</p> <ul> <li>The type file is located in <code>lib/puppet/type</code> and named after the resource type (<code>app_config.rb</code> in this case).</li> <li>Provider implementations go into the <code>lib/puppet/provider</code> directory, inside a subdirectory named after the resource type. Each provider is named according to its provider implementation (e.g., <code>ruby.rb</code>, <code>cli.rb</code>, <code>cert.rb</code>, <code>token.rb</code>, <code>user.rb</code>)</li> </ul> <p>For example:</p> <ol> <li>Type: app_config</li> <li>Providers: <ul> <li>cert</li> <li>token</li> <li>user </li> </ul> </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># &lt;modulepath&gt;/&lt;modulename&gt; modules/application/ \- lib/ \- puppet/ |- type/ | \- app_config.rb \- provider/ \- app_config/ |- cert.rb |- token.rb \- user.rb </code></pre> </div> <h2> Type description </h2> <p>New custom types can be crated using two different API versions.<br> APIv1 is the old, classic way using getters and setters within the providers.<br> APIv2 is a new implementation which is integrated into PDK - this implementation is also called <code>Resource API</code>.</p> <p>In the next section we introduce the APIv1 implementation. The Resource API implementation is handled later in this document.</p> <h3> APIv1 </h3> <p>The traditional method uses <code>Puppet::Type.newtype</code>, which defines the type.<br> It is recommended to add the type documentation into the code.<br> This allows users to run <code>puppet describe &lt;type&gt;</code> on their system to display the documentation.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># lib/puppet/type/app_config.rb</span> <span class="no">Puppet</span><span class="o">::</span><span class="no">Type</span><span class="p">.</span><span class="nf">newtype</span><span class="p">(</span><span class="ss">:app_config</span><span class="p">)</span> <span class="k">do</span> <span class="vi">@doc</span> <span class="o">=</span> <span class="sx">%q{Manage application config. There are three ways to authenticate: cert, token, user. cert is the default provider. Example: app_config: { 'enable_logging': ensure =&gt; present, value =&gt; true, } }</span> <span class="c1"># ... the code ...</span> <span class="k">end</span> </code></pre> </div> <h3> Management </h3> <p>The most important feature of a type is to add or remove something from the system.<br> This is usually handled with the <code>ensure</code> property.<br> To enable <code>ensure</code>, a single line is needed: <code>ensurable</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># lib/puppet/type/app_config.rb</span> <span class="no">Puppet</span><span class="o">::</span><span class="no">Type</span><span class="p">.</span><span class="nf">newtype</span><span class="p">(</span><span class="ss">:app_config</span><span class="p">)</span> <span class="k">do</span> <span class="vi">@doc</span> <span class="o">=</span> <span class="sx">%q{Manage application config. There are three ways to authenticate: cert, token, user. cert is the default provider. Example: app_config: { 'enable_logging': ensure =&gt; present, value =&gt; true, } }</span> <span class="n">ensurable</span> <span class="k">end</span> </code></pre> </div> <h3> Namevar </h3> <p>When declaring the type, one must specify a title - one could refer to this as a type instance identifier.<br> Usually this reflects for something the type is managing.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight puppet"><code><span class="n">user</span> <span class="p">{</span> <span class="s1">'betadots'</span><span class="p">:</span> <span class="c"># &lt;- title </span><span class="p">}</span> </code></pre> </div> <p>The most simple implementation is to add a parameter with the name <code>:name</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># lib/puppet/type/app_config.rb</span> <span class="no">Puppet</span><span class="o">::</span><span class="no">Type</span><span class="p">.</span><span class="nf">newtype</span><span class="p">(</span><span class="ss">:app_config</span><span class="p">)</span> <span class="k">do</span> <span class="vi">@doc</span> <span class="o">=</span> <span class="sx">%q{Manage application config. There are three ways to authenticate: cert, token, user. cert is the default provider. Example: app_config: { 'enable_logging': ensure =&gt; present, value =&gt; true, } }</span> <span class="n">ensurable</span> <span class="n">newparam</span><span class="p">(</span><span class="ss">:name</span><span class="p">)</span> <span class="k">do</span> <span class="n">desc</span> <span class="s2">"The app config setting to manage. see app_cli conf --help"</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <p>Passing the <code>namevar: true</code> key to the parameter is another way to identify a namevar:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="n">newparam</span><span class="p">(</span><span class="ss">:key</span><span class="p">,</span> <span class="ss">namevar: </span><span class="kp">true</span><span class="p">)</span> <span class="k">do</span> <span class="n">desc</span> <span class="s1">'The app config setting key to manage. see app_cli conf --help'</span> <span class="k">end</span> </code></pre> </div> <h3> Properties </h3> <p>Next we add the other property. Each property can be validated by its content.<br> In our demo case we expect a string value.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># lib/puppet/type/app_config.rb</span> <span class="no">Puppet</span><span class="o">::</span><span class="no">Type</span><span class="p">.</span><span class="nf">newtype</span><span class="p">(</span><span class="ss">:app_config</span><span class="p">)</span> <span class="k">do</span> <span class="vi">@doc</span> <span class="o">=</span> <span class="sx">%q{Manage application config. There are three ways to authenticate: cert, token, user. cert is the default provider. Example: app_config: { 'enable_logging': ensure =&gt; present, value =&gt; true, } }</span> <span class="n">ensurable</span> <span class="n">newparam</span><span class="p">(</span><span class="ss">:name</span><span class="p">)</span> <span class="k">do</span> <span class="n">desc</span> <span class="s2">"The app config setting to manage. see app_cli conf --help"</span> <span class="k">end</span> <span class="n">newproperty</span><span class="p">(</span><span class="ss">:value</span><span class="p">)</span><span class="k">do</span> <span class="n">desc</span> <span class="s2">"The config value to set."</span> <span class="n">validate</span> <span class="k">do</span> <span class="o">|</span><span class="n">value</span><span class="o">|</span> <span class="k">unless</span> <span class="n">value</span> <span class="o">=~</span> <span class="sr">/^\w+/</span> <span class="k">raise</span> <span class="no">ArgumentError</span><span class="p">,</span> <span class="s2">"%s is not a valid value"</span> <span class="o">%</span> <span class="n">value</span> <span class="k">end</span> <span class="k">end</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <p>Besides this one can provide specific valid values which are validated automatically:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="n">newproperty</span><span class="p">(</span><span class="ss">:enable</span><span class="p">)</span> <span class="k">do</span> <span class="n">newvalue</span><span class="p">(</span><span class="ss">:true</span><span class="p">)</span> <span class="n">newvalue</span><span class="p">(</span><span class="ss">:false</span><span class="p">)</span> <span class="k">end</span> </code></pre> </div> <p>Please note that arrays as property values are validated in a different way:</p> <p>From <a href="https://www.puppet.com/docs/puppet/latest/custom_types#tandp_properties_and_parameters" rel="noopener noreferrer">Puppet custom types</a> website:</p> <blockquote> <p>By default, if a property is assigned multiple values in an array:</p> <ul> <li>It is considered in sync if any of those values matches the current value.</li> <li>If none of those values match, the first one is used when syncing the property.</li> </ul> </blockquote> <p>If all array values should be matched, the property needs the<br> <code>array_matching</code>to be set to <code>:all</code>. The default value is <code>:first</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="n">newproperty</span><span class="p">(</span><span class="ss">:flags</span><span class="p">,</span> <span class="ss">:array_matching</span> <span class="o">=&gt;</span> <span class="ss">:all</span><span class="p">)</span> <span class="k">do</span> <span class="c1"># ...</span> <span class="k">end</span> </code></pre> </div> <p>Accessing values can be done in two ways:</p> <ol> <li> <code>should</code> for properties, <code>value</code> for parameters</li> <li> <code>value</code> for both, properties and parameters</li> </ol> <p>We prefer to use the explizit methods as this makes it more clear, whether we deal with a property or a parameter.</p> <h3> Parameters </h3> <p>Parameters are defined in a similar way:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># lib/puppet/type/app_config.rb</span> <span class="no">Puppet</span><span class="o">::</span><span class="no">Type</span><span class="p">.</span><span class="nf">newtype</span><span class="p">(</span><span class="ss">:app_config</span><span class="p">)</span> <span class="k">do</span> <span class="vi">@doc</span> <span class="o">=</span> <span class="sx">%q{Manage application config. There are three ways to authenticate: cert, token, user. cert is the default provider. Example: app_config: { 'enable_logging': ensure =&gt; present, value =&gt; true, cli_args =&gt; ['-p'], # persistency } }</span> <span class="n">ensurable</span> <span class="n">newparam</span><span class="p">(</span><span class="ss">:name</span><span class="p">)</span> <span class="k">do</span> <span class="n">desc</span> <span class="s2">"The app config setting to manage. see app_cli conf --help"</span> <span class="k">end</span> <span class="n">newproperty</span><span class="p">(</span><span class="ss">:value</span><span class="p">)</span> <span class="k">do</span> <span class="n">desc</span> <span class="s2">"The config value to set."</span> <span class="n">validate</span> <span class="k">do</span> <span class="o">|</span><span class="n">value</span><span class="o">|</span> <span class="k">unless</span> <span class="n">value</span> <span class="o">=~</span> <span class="sr">/^\w+/</span> <span class="k">raise</span> <span class="no">ArgumentError</span><span class="p">,</span> <span class="s2">"%s is not a valid value"</span> <span class="o">%</span> <span class="n">value</span> <span class="k">end</span> <span class="k">end</span> <span class="k">end</span> <span class="n">newparam</span><span class="p">(</span><span class="ss">:cli_args</span><span class="p">,</span> <span class="ss">:array_matching</span> <span class="o">=&gt;</span> <span class="ss">:all</span><span class="p">)</span> <span class="k">do</span> <span class="n">desc</span> <span class="s2">"CLI options to use during command execution."</span> <span class="n">validate</span> <span class="k">do</span> <span class="o">|</span><span class="n">value</span><span class="o">|</span> <span class="k">unless</span> <span class="n">value</span><span class="p">.</span><span class="nf">class</span> <span class="o">==</span> <span class="no">Array</span> <span class="k">raise</span> <span class="no">ArgumentError</span><span class="p">,</span> <span class="s2">"%s is not a an array"</span> <span class="o">%</span> <span class="n">value</span> <span class="k">end</span> <span class="k">end</span> <span class="n">defaultto</span> <span class="p">[</span><span class="s1">'-p'</span><span class="p">]</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <h3> Boolean parameters </h3> <p>Parameter which get a bool value should be handled in a different way to avoid code repetition<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="nb">require</span> <span class="s1">'puppet/parameter/boolean'</span> <span class="c1"># ...</span> <span class="n">newparam</span><span class="p">(</span><span class="ss">:force</span><span class="p">,</span> <span class="ss">:boolean</span> <span class="o">=&gt;</span> <span class="kp">true</span><span class="p">,</span> <span class="ss">:parent</span> <span class="o">=&gt;</span> <span class="no">Puppet</span><span class="o">::</span><span class="no">Parameter</span><span class="o">::</span><span class="no">Boolean</span><span class="p">)</span> </code></pre> </div> <h3> Automatic relationships </h3> <p>Within the type we can specify soft dependencies between different types.</p> <p>E.g. the app_cli should use a user which must be available on the system<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="n">autorequire</span><span class="p">(</span><span class="ss">:user</span><span class="p">)</span> <span class="k">do</span> <span class="p">[</span><span class="s1">'app'</span><span class="p">]</span> <span class="k">end</span> </code></pre> </div> <p>From now on the new custom type can already be used in Puppet DSL, the compiler will create a catalog but the agent will produce an error, as there are no functional providers.</p> <h3> Agent side prerun evaluation </h3> <p>It is possible to have the agent first check some things prior the catalog will be applied.<br> This is what the <code>:pre_run_check</code> method can be used for<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="k">def</span> <span class="nf">pre_run_check</span> <span class="no">File</span><span class="p">.</span><span class="nf">exist?</span><span class="p">(</span><span class="s1">'/opt/app/bin/app.exe'</span><span class="p">)</span> <span class="o">&amp;&amp;</span> <span class="k">raise</span> <span class="no">Puppet</span><span class="o">::</span><span class="no">Error</span><span class="p">,</span> <span class="s2">"App not installed"</span> <span class="k">end</span> </code></pre> </div> <h3> Features </h3> <p>When using multiple providers (similar to the package resource) we want to be sure that the provider has all required implementations (features).<br> A type can require a feature:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># lib/puppet/type/app_config.rb</span> <span class="no">Puppet</span><span class="o">::</span><span class="no">Type</span><span class="p">.</span><span class="nf">newtype</span><span class="p">(</span><span class="ss">:app_config</span><span class="p">)</span> <span class="k">do</span> <span class="vi">@doc</span> <span class="o">=</span> <span class="sx">%q{Manage application config. There are three ways to authenticate: cert, token, user. cert is the default provider. Example: app_config: { 'enable_logging': ensure =&gt; present, value =&gt; true, file =&gt; '/opt/app/etc/app.cfg', cli_args =&gt; ['-p'], # persistency } }</span> <span class="n">ensurable</span> <span class="c1"># global feature</span> <span class="c1"># feature :cli, "The cli feature requires some parameters", :methods =&gt; [:cli]</span> <span class="n">newparam</span><span class="p">(</span><span class="ss">:name</span><span class="p">)</span> <span class="k">do</span> <span class="n">desc</span> <span class="s2">"The app config setting to manage. see app_cli conf --help"</span> <span class="k">end</span> <span class="n">newproperty</span><span class="p">(</span><span class="ss">:value</span><span class="p">)</span> <span class="k">do</span> <span class="n">desc</span> <span class="s2">"The config value to set."</span> <span class="n">validate</span> <span class="k">do</span> <span class="o">|</span><span class="n">value</span><span class="o">|</span> <span class="k">unless</span> <span class="n">value</span> <span class="o">=~</span> <span class="sr">/^\w+/</span> <span class="k">raise</span> <span class="no">ArgumentError</span><span class="p">,</span> <span class="s2">"%s is not a valid value"</span> <span class="o">%</span> <span class="n">value</span> <span class="k">end</span> <span class="k">end</span> <span class="k">end</span> <span class="c1"># The property config_file must be set when using the cli </span> <span class="c1"># option to configure app.</span> <span class="c1"># The cli provider will check for a feature.</span> <span class="n">newproperty</span><span class="p">(</span><span class="ss">:file</span><span class="p">,</span> <span class="ss">:required_features</span> <span class="o">=&gt;</span> <span class="sx">%w{cli}</span><span class="p">)</span> <span class="k">do</span> <span class="n">desc</span> <span class="s2">"The config file to use."</span> <span class="n">validate</span> <span class="k">do</span> <span class="o">|</span><span class="n">value</span><span class="o">|</span> <span class="k">unless</span> <span class="p">(</span><span class="no">File</span><span class="p">.</span><span class="nf">expand_path</span><span class="p">(</span><span class="n">value</span><span class="p">)</span> <span class="o">==</span> <span class="n">value</span><span class="p">)</span> <span class="k">raise</span> <span class="no">ArgumentError</span><span class="p">,</span> <span class="s2">"%s is not an absolute path"</span> <span class="o">%</span> <span class="n">value</span> <span class="k">end</span> <span class="k">end</span> <span class="ss">defaultto: </span><span class="s1">'/opt/app/etc/app.cfg'</span> <span class="k">end</span> <span class="n">newparam</span><span class="p">(</span><span class="ss">:cli_args</span><span class="p">,</span> <span class="ss">:array_matching</span> <span class="o">=&gt;</span> <span class="ss">:all</span><span class="p">)</span> <span class="k">do</span> <span class="n">desc</span> <span class="s2">"CLI options to use during command execution."</span> <span class="n">validate</span> <span class="k">do</span> <span class="o">|</span><span class="n">value</span><span class="o">|</span> <span class="k">unless</span> <span class="n">value</span><span class="p">.</span><span class="nf">class</span> <span class="o">==</span> <span class="no">Array</span> <span class="k">raise</span> <span class="no">ArgumentError</span><span class="p">,</span> <span class="s2">"%s is not a an array"</span> <span class="o">%</span> <span class="n">value</span> <span class="k">end</span> <span class="k">end</span> <span class="ss">defaultto: </span><span class="p">[</span><span class="s1">'-p'</span><span class="p">]</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <h2> Provider implementation </h2> <p>Once the type is defined, the provider must handle how the resource is managed. Providers typically implement methods to:</p> <ul> <li>Check if the resource exists (<code>exists?</code>).</li> <li>Create a new resource (<code>create</code>).</li> <li>Read existing resource properties (<code>prefetch</code> or a getter)</li> <li>Modify a resource (<code>flush</code> or a setter).</li> <li>Delete a resource (<code>destroy</code>). </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># lib/puppet/provider/app_config/cli.rb</span> <span class="no">Puppet</span><span class="o">::</span><span class="no">Type</span><span class="p">.</span><span class="nf">type</span><span class="p">(</span><span class="ss">:app_config</span><span class="p">).</span><span class="nf">provide</span><span class="p">(</span><span class="ss">:cli</span><span class="p">)</span> <span class="k">do</span> <span class="n">desc</span> <span class="s2">"The app_config types cli provider."</span> <span class="k">end</span> </code></pre> </div> <p>It is also possible to re-use and extend existing providers classes.<br> Common code can be placed inside a generic provider (<code>lib/puppet/provider/app_config.rb</code>).<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># lib/puppet/provider/app_config/cli.rb</span> <span class="no">Puppet</span><span class="o">::</span><span class="no">Type</span><span class="p">.</span><span class="nf">type</span><span class="p">(</span><span class="ss">:app_config</span><span class="p">).</span><span class="nf">provide</span><span class="p">(</span><span class="ss">:cli</span><span class="p">,</span> <span class="ss">:parent</span> <span class="o">=&gt;</span> <span class="no">Puppet</span><span class="o">::</span><span class="no">Provider</span><span class="o">::</span><span class="no">App_config</span><span class="p">)</span> <span class="k">do</span> <span class="n">desc</span> <span class="s2">"The app_config types cli provider reuses shared/common code from app_config.rb."</span> <span class="k">end</span> </code></pre> </div> <p>If you want to add shared functionality to multiple providers, you can place your code into the PuppetX module directory: <code>lib/puppet_x/&lt;company_name&gt;/&lt;unique class name&gt;</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># lib/puppet/provider/app_config/cli.rb</span> <span class="nb">require_relative</span> <span class="s1">'../../puppet_x/betadots/app_api.rb'</span> <span class="no">Puppet</span><span class="o">::</span><span class="no">Type</span><span class="p">.</span><span class="nf">type</span><span class="p">(</span><span class="ss">:app_config</span><span class="p">).</span><span class="nf">provide</span><span class="p">(</span><span class="ss">:cli</span><span class="p">)</span> <span class="k">do</span> <span class="n">desc</span> <span class="s2">"The app_config types cli provider reuses shared/common code from app_config.rb."</span> <span class="k">end</span> </code></pre> </div> <p>A new provider can be created by inheriting from and extending an existing provider:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># lib/puppet/provider/app_config/token.rb</span> <span class="no">Puppet</span><span class="o">::</span><span class="no">Type</span><span class="p">.</span><span class="nf">type</span><span class="p">(</span><span class="ss">:app_config</span><span class="p">).</span><span class="nf">provide</span><span class="p">(</span><span class="ss">:token</span><span class="p">,</span> <span class="ss">:parent</span> <span class="o">=&gt;</span> <span class="ss">:api</span><span class="p">,</span> <span class="ss">:source</span> <span class="o">=&gt;</span> <span class="ss">:api</span><span class="p">)</span> <span class="k">do</span> <span class="n">desc</span> <span class="s2">"The app_config types token provideris an extension to the api provider."</span> <span class="k">end</span> </code></pre> </div> <p>Additionally one can reuse any provider from any type:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># lib/puppet/provider/app_config/file.rb</span> <span class="no">Puppet</span><span class="o">::</span><span class="no">Type</span><span class="p">.</span><span class="nf">type</span><span class="p">(</span><span class="ss">:app_config</span><span class="p">).</span><span class="nf">provide</span><span class="p">(</span><span class="ss">:file</span><span class="p">,</span> <span class="ss">:parent</span> <span class="o">=&gt;</span> <span class="no">Puppet</span><span class="o">::</span><span class="no">Type</span><span class="p">.</span><span class="nf">type</span><span class="p">(</span><span class="ss">:ini_setting</span><span class="p">).</span><span class="nf">provider</span><span class="p">(</span><span class="ss">:ruby</span><span class="p">))</span> <span class="k">do</span> <span class="n">desc</span> <span class="s2">"The app_config types token provideris an extension to the api provider."</span> <span class="k">end</span> </code></pre> </div> <h3> Selection of provider </h3> <p>The Puppet Agent must know which provider to use, if multiple providers are present.<br> You can use of the <code>provider</code> meta parameterr or let providers perform checks to determine if they are valid for the system. The options include:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Check</th> <th>Example</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td>commands</td> <td><code>commands :app =&gt; "/opt/app/bin/app.exe"</code></td> <td>Valid if the command <code>/opt/app/bin/app.exe</code> exists. The command can be later used using <code>:app</code>.</td> </tr> <tr> <td>confine - exists</td> <td><code>confine :exists =&gt; "/opt/app/etc/app.conf"</code></td> <td>Valid if the file exists.</td> </tr> <tr> <td>confine - bool</td> <td><code>confine :true =&gt; /^10\./.match(%x{/opt/app/bin/app.exec version})</code></td> <td>Valid if Version is 10.x</td> </tr> <tr> <td>confine - Fact</td> <td><code>confine 'os.family' =&gt; :debian</code></td> <td>Valid if the fact value matches</td> </tr> <tr> <td>confing - feature</td> <td><code>confine :feature =&gt; :cli</code></td> <td>Valid if the provider has the feature</td> </tr> <tr> <td>defaultfor</td> <td><code>defaultfor 'os.family' =&gt; :debian</code></td> <td>Use this provider as default for Debian-based systems.</td> </tr> </tbody> </table></div> <h3> Reading and applying configuration </h3> <p>The provider needs the ability to create, read, update and delete individual configuration states (CRUD API).</p> <p>Each configuration property needs a <code>getter</code> (read) and a <code>setter</code> (modify) method.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># lib/puppet/provider/app_config/cli.rb</span> <span class="c1"># app_config: { 'enable_logging':</span> <span class="c1"># ensure =&gt; present,</span> <span class="c1"># value =&gt; true,</span> <span class="c1"># }</span> <span class="c1">#</span> <span class="no">Puppet</span><span class="o">::</span><span class="no">Type</span><span class="p">.</span><span class="nf">type</span><span class="p">(</span><span class="ss">:app_config</span><span class="p">).</span><span class="nf">provide</span><span class="p">(</span><span class="ss">:cli</span><span class="p">)</span> <span class="k">do</span> <span class="n">desc</span> <span class="s2">"The app_config types cli provider."</span> <span class="c1"># confine to existing command</span> <span class="n">commands</span> <span class="ss">:app</span> <span class="o">=&gt;</span> <span class="s2">"/opt/app/bin/app.exe"</span> <span class="k">def</span> <span class="nf">exists?</span> <span class="vi">@result</span> <span class="o">=</span> <span class="n">app_cli</span><span class="p">(</span><span class="s1">'list'</span><span class="p">).</span><span class="nf">split</span><span class="p">(</span><span class="sr">%r{</span><span class="se">\n</span><span class="sr">}</span><span class="p">).</span><span class="nf">grep</span><span class="p">(</span><span class="sr">%r{^</span><span class="si">#{</span><span class="n">resource</span><span class="p">[</span><span class="ss">:key</span><span class="p">]</span><span class="si">}</span><span class="sr">}</span><span class="p">)</span> <span class="k">if</span> <span class="vi">@result</span><span class="p">.</span><span class="nf">length</span> <span class="o">&gt;</span> <span class="mi">1</span> <span class="k">raise</span> <span class="no">ParserError</span><span class="p">,</span> <span class="s1">'found multiple config items found, please fix this'</span> <span class="k">end</span> <span class="k">return</span> <span class="kp">false</span> <span class="k">if</span> <span class="vi">@result</span><span class="p">.</span><span class="nf">empty?</span> <span class="k">return</span> <span class="kp">true</span> <span class="k">unless</span> <span class="vi">@result</span><span class="p">.</span><span class="nf">empty?</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">create</span> <span class="n">app</span><span class="p">([</span><span class="s1">'set'</span><span class="p">,</span> <span class="n">resource</span><span class="p">[</span><span class="ss">:name</span><span class="p">],</span> <span class="n">resource</span><span class="p">[</span><span class="ss">:value</span><span class="p">]])</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">destroy</span> <span class="n">app</span><span class="p">([</span><span class="s1">'rm'</span><span class="p">,</span> <span class="n">resource</span><span class="p">[</span><span class="ss">:name</span><span class="p">]])</span> <span class="k">end</span> <span class="c1"># getter</span> <span class="k">def</span> <span class="nf">value</span><span class="p">()</span> <span class="vi">@result</span><span class="p">[</span><span class="mi">0</span><span class="p">].</span><span class="nf">split</span><span class="p">[</span><span class="mi">1</span><span class="p">]</span> <span class="k">end</span> <span class="c1"># setter</span> <span class="k">def</span> <span class="nf">value</span><span class="o">=</span><span class="p">(</span><span class="n">value</span><span class="p">)</span> <span class="n">app</span><span class="p">([</span><span class="s1">'set'</span><span class="p">,</span> <span class="n">resource</span><span class="p">[</span><span class="ss">:name</span><span class="p">],</span> <span class="n">resource</span><span class="p">[</span><span class="ss">:value</span><span class="p">]])</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <p>It is recommended to also create the <code>instances</code> class method, which can collect all instances of a resource type into a hash.<br> The namevar is the hash key, which has a hash of paramters and properties as value.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="nb">require</span> <span class="s1">'yaml'</span> <span class="k">def</span> <span class="nc">self</span><span class="o">.</span><span class="nf">instances</span> <span class="n">instances</span> <span class="o">=</span> <span class="p">[]</span> <span class="no">YAML</span><span class="p">.</span><span class="nf">load</span><span class="p">(</span><span class="n">app_cli</span><span class="p">(</span><span class="s1">'list'</span><span class="p">)).</span><span class="nf">each</span> <span class="k">do</span> <span class="o">|</span><span class="n">key</span><span class="p">,</span> <span class="n">value</span><span class="o">|</span> <span class="n">attributes_hash</span> <span class="o">=</span> <span class="p">{</span> <span class="ss">key: </span><span class="n">key</span><span class="p">,</span> <span class="ss">ensure: :present</span><span class="p">,</span> <span class="ss">value: </span><span class="n">value</span><span class="p">,</span> <span class="ss">name: </span><span class="n">key</span><span class="p">}</span> <span class="n">instances</span> <span class="o">&lt;&lt;</span> <span class="n">new</span><span class="p">(</span><span class="n">attributes_hash</span><span class="p">)</span> <span class="k">end</span> <span class="n">instances</span> <span class="k">end</span> </code></pre> </div> <p>Sometimes it is not possible to collect all instances, such as with the <code>file</code> resource. In such cases no <code>instance</code> method is defined.</p> <p>The <code>instance</code> method is used indirectly be each type when calling <code>prefetch</code> to get the acutal configuration and returns the<code>@property_hash</code> instance variable.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="k">def</span> <span class="nc">self</span><span class="o">.</span><span class="nf">prefetch</span><span class="p">(</span><span class="n">resources</span><span class="p">)</span> <span class="n">resources</span><span class="p">.</span><span class="nf">each_key</span> <span class="k">do</span> <span class="o">|</span><span class="nb">name</span><span class="o">|</span> <span class="n">provider</span> <span class="o">=</span> <span class="n">instances</span><span class="p">.</span><span class="nf">find</span> <span class="p">{</span> <span class="o">|</span><span class="n">instance</span><span class="o">|</span> <span class="n">instance</span><span class="p">.</span><span class="nf">name</span> <span class="o">==</span> <span class="nb">name</span> <span class="p">}</span> <span class="n">resources</span><span class="p">[</span><span class="nb">name</span><span class="p">].</span><span class="nf">provider</span> <span class="o">=</span> <span class="n">provider</span> <span class="k">if</span> <span class="n">provider</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <p>This allows the type getter and setter to read an manipulate the instance variable, instead of writing <code>getter</code> and <code>setter</code> methods for each type.<br> This behavior is added by declaring the <code>mk_resource_methods</code> class method.</p> <p>Once this is implemented you can run the command <code>puppet resource app_config</code> to retrieve all existing configurations.</p> <h3> Refresh events </h3> <p>In some cases it is required to <code>refresh</code> a resource, for example, to restart a service, remount a mount, or rerun an exec resource. To allow a type/provider to react to a refresh event, it needs special handling.</p> <p>Within the type the <code>refreshable</code> feature must be activated and a <code>refresh</code> definition is added.</p> <p>The following examples are taken from puppet <code>service</code> type and provider. The feature describes, which provider definition should be executed upon refresh event.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># lib/puppet/type/services.rb</span> <span class="c1"># ...</span> <span class="n">feature</span> <span class="ss">:refreshable</span><span class="p">,</span> <span class="s2">"The provider can restart the service."</span><span class="p">,</span> <span class="ss">:methods</span> <span class="o">=&gt;</span> <span class="p">[</span><span class="ss">:restart</span><span class="p">]</span> <span class="c1"># ...</span> <span class="k">def</span> <span class="nf">refresh</span> <span class="c1"># Only restart if we're actually running</span> <span class="k">if</span> <span class="p">(</span><span class="vi">@parameters</span><span class="p">[</span><span class="ss">:ensure</span><span class="p">]</span> <span class="o">||</span> <span class="n">newattr</span><span class="p">(</span><span class="ss">:ensure</span><span class="p">)).</span><span class="nf">retrieve</span> <span class="o">==</span> <span class="ss">:running</span> <span class="n">provider</span><span class="p">.</span><span class="nf">restart</span> <span class="k">else</span> <span class="n">debug</span> <span class="s2">"Skipping restart; service is not running"</span> <span class="k">end</span> <span class="k">end</span> <span class="c1"># ...</span> </code></pre> </div> <h2> Using custom types in Puppet DSL </h2> <p>Once the custom type and provider are implemented, you can use them in your manifests as follows:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight puppet"><code><span class="c"># Type declaration </span><span class="n">app_config</span> <span class="p">{</span> <span class="s1">'enable_logging'</span><span class="p">:</span> <span class="py">ensure</span> <span class="p">=&gt;</span> <span class="n">present</span><span class="p">,</span> <span class="py">value</span> <span class="p">=&gt;</span> <span class="kc">true</span><span class="p">,</span> <span class="kp">require</span> <span class="p">=&gt;</span> <span class="nc">File</span><span class="p">[</span><span class="s1">'/opt/app/etc/app.cfg'</span><span class="p">],</span> <span class="kp">subscribe</span> <span class="p">=&gt;</span> <span class="nc">Service</span><span class="p">|</span><span class="s1">'app'</span><span class="p">|,</span> <span class="p">}</span> <span class="c"># Type reference </span><span class="n">service</span> <span class="p">{</span> <span class="s1">'app'</span><span class="p">:</span> <span class="py">ensure</span> <span class="p">=&gt;</span> <span class="n">running</span><span class="p">,</span> <span class="kp">subscribe</span> <span class="p">=&gt;</span> <span class="nc">App_config</span><span class="p">[</span><span class="s1">'enable_logging'</span><span class="p">],</span> <span class="p">}</span> <span class="c"># Type declaration using lambda and splat operator </span><span class="nv">$config_hash</span><span class="o">.</span><span class="n">each</span> <span class="p">|</span><span class="nc">String</span> <span class="nv">$key</span><span class="p">,</span> <span class="nc">Hash</span> <span class="nv">$hash</span><span class="p">|</span><span class="err"> </span><span class="p">{</span> <span class="n">app_config</span> <span class="p">{</span><span class="err"> </span><span class="nv">$key</span><span class="p">:</span> <span class="o">*</span> <span class="p">=&gt;</span> <span class="nv">$hash</span><span class="p">,</span> <span class="p">}</span> <span class="p">}</span> <span class="c"># Virtual or exported resource </span><span class="err">@@</span><span class="n">app_config</span> <span class="p">{</span><span class="err"> </span><span class="s1">'app_mount'</span><span class="p">:</span> <span class="py">ensure</span> <span class="p">=&gt;</span> <span class="n">present</span><span class="p">,</span> <span class="py">value</span> <span class="p">=&gt;</span> <span class="s2">"</span><span class="err">$</span><span class="s2">{facts['networking']['fqdn']}/srv/app_mount"</span><span class="p">,</span> <span class="py">tag</span> <span class="p">=&gt;</span> <span class="s1">'blog'</span><span class="p">,</span> <span class="p">}</span> <span class="c"># Resource collector </span><span class="nc">App_config</span> <span class="o">&lt;</span><span class="p">&lt;|</span> <span class="n">tag</span> <span class="o">==</span> <span class="s1">'blog'</span> <span class="p">|&gt;</span><span class="o">&gt;</span> </code></pre> </div> <h2> Resource API </h2> <p>The modern resource API has one limitation: one can not refresh types!<br> Besides this it also consists of types and providers which must be placed at the same location as the existing implementation.</p> <h3> Resource API Type </h3> <p>The resource API type uses an attributes hash to list all parameters and properties. Within the <code>type</code> key one can use any of the built-in Puppet data types.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># lib/puppet/type/app_config.rb</span> <span class="nb">require</span> <span class="s1">'puppet/resource_api'</span> <span class="no">Puppet</span><span class="o">::</span><span class="no">ResourceApi</span><span class="p">.</span><span class="nf">register_type</span><span class="p">(</span> <span class="ss">name: </span><span class="s1">'app_config'</span><span class="p">,</span> <span class="ss">docs: </span><span class="o">&lt;&lt;-</span><span class="no">EOS</span><span class="p">,</span><span class="sh"> @summary The type to manage app config settings @example app_config { 'key': ensure =&gt; present, value =&gt; 'value', } This type provides Puppet with the capabilities to manage our application config </span><span class="no"> EOS</span> <span class="ss">features: </span><span class="p">[]</span> <span class="ss">attributes: </span><span class="p">{</span> <span class="ss">ensure: </span><span class="p">{</span> <span class="ss">type: </span><span class="s1">'Enum[present, absent]'</span><span class="p">,</span> <span class="ss">desc: </span><span class="s1">'Whether the setting should be added or removed'</span><span class="p">,</span> <span class="ss">default: </span><span class="s1">'present'</span><span class="p">,</span> <span class="p">},</span> <span class="ss">name: </span><span class="p">{</span> <span class="ss">type: </span><span class="s1">'String'</span><span class="p">,</span> <span class="ss">desc: </span><span class="s1">'The setting to manage'</span><span class="p">,</span> <span class="ss">behavior: :namevar</span><span class="p">,</span> <span class="p">},</span> <span class="ss">value: </span><span class="p">{</span> <span class="ss">type: </span><span class="s1">'Variant[String, Integer, Array]'</span><span class="p">,</span> <span class="ss">desc: </span><span class="s1">'The value to set'</span> <span class="p">}</span> <span class="p">}</span> <span class="p">)</span> </code></pre> </div> <h3> Respource API Provider </h3> <p>The most simple solution is to make use of the <code>SimpleProvider</code> class.<br> This provider needs up to 4 defines:</p> <ul> <li>get</li> <li>create</li> <li>update</li> <li>delete </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># lib/puppet/provider/app_config/cli.rb</span> <span class="nb">require</span> <span class="s1">'puppet/resource_api/simple_provider'</span> <span class="nb">require</span> <span class="s1">'open3'</span> <span class="k">class</span> <span class="nc">Puppet::Provider::AppConfig::Cli</span> <span class="o">&lt;</span> <span class="no">Puppet</span><span class="o">::</span><span class="no">ResourceApi</span><span class="o">::</span><span class="no">SimpleProvider</span> <span class="vg">$app_command</span> <span class="o">=</span> <span class="s1">'/opt/app/bin/app.exe'</span> <span class="c1"># Get: fetching all readable config settings into a hash</span> <span class="k">def</span> <span class="nf">get</span><span class="p">(</span><span class="n">context</span><span class="p">)</span> <span class="n">context</span><span class="p">.</span><span class="nf">debug</span><span class="p">(</span><span class="s1">'Returning data from command'</span><span class="p">)</span> <span class="vi">@result</span> <span class="o">=</span> <span class="p">[]</span> <span class="n">stdout</span><span class="p">,</span> <span class="n">stderr</span><span class="p">,</span> <span class="n">status</span> <span class="o">=</span> <span class="no">Open3</span><span class="p">.</span><span class="nf">capture3</span><span class="p">(</span><span class="s1">'/opt/app/bin/app.exe list'</span><span class="p">)</span> <span class="k">raise</span> <span class="no">ParseError</span> <span class="s2">"Error running command: </span><span class="se">\n</span><span class="si">#{</span><span class="n">stderr</span><span class="si">}</span><span class="s2">"</span> <span class="k">unless</span> <span class="n">status</span><span class="p">.</span><span class="nf">success?</span> <span class="c1"># Missing error handling. This is just for demo</span> <span class="vi">@command_result</span> <span class="o">=</span> <span class="n">stdout</span><span class="p">.</span><span class="nf">split</span><span class="p">(</span><span class="sr">%r{</span><span class="se">\n</span><span class="sr">}</span><span class="p">)</span> <span class="vi">@command_result</span><span class="p">.</span><span class="nf">each</span> <span class="k">do</span> <span class="o">|</span><span class="n">line</span><span class="o">|</span> <span class="k">next</span> <span class="k">if</span> <span class="n">line</span> <span class="o">==</span> <span class="s1">'---'</span> <span class="n">key</span> <span class="o">=</span> <span class="n">line</span><span class="p">.</span><span class="nf">split</span><span class="p">(</span><span class="s1">':'</span><span class="p">)[</span><span class="mi">0</span><span class="p">]</span> <span class="n">value</span> <span class="o">=</span> <span class="n">line</span><span class="p">.</span><span class="nf">split</span><span class="p">(</span><span class="s1">':'</span><span class="p">)[</span><span class="mi">1</span><span class="p">].</span><span class="nf">strip</span> <span class="nb">hash</span> <span class="o">=</span> <span class="p">{</span> <span class="s1">'ensure'</span><span class="p">:</span> <span class="s1">'present'</span><span class="p">,</span> <span class="s1">'name'</span><span class="p">:</span> <span class="n">key</span><span class="p">,</span> <span class="s1">'value'</span><span class="p">:</span> <span class="n">value</span><span class="p">,</span> <span class="p">}</span> <span class="vi">@result</span> <span class="o">+=</span> <span class="p">[</span> <span class="nb">hash</span> <span class="p">]</span> <span class="k">end</span> <span class="vi">@result</span> <span class="k">end</span> <span class="c1"># Create: add a new config setting with name and should value</span> <span class="k">def</span> <span class="nf">create</span><span class="p">(</span><span class="n">context</span><span class="p">,</span> <span class="nb">name</span><span class="p">,</span> <span class="n">should</span><span class="p">)</span> <span class="n">context</span><span class="p">.</span><span class="nf">notice</span><span class="p">(</span><span class="s2">"Creating '</span><span class="si">#{</span><span class="nb">name</span><span class="si">}</span><span class="s2">' with </span><span class="si">#{</span><span class="n">should</span><span class="p">[</span><span class="ss">:value</span><span class="p">]</span><span class="si">}</span><span class="s2">"</span><span class="p">)</span> <span class="n">_stdout</span><span class="p">,</span> <span class="n">_stderr</span><span class="p">,</span> <span class="n">status</span> <span class="o">=</span> <span class="no">Open3</span><span class="p">.</span><span class="nf">capture3</span><span class="p">(</span><span class="s2">"/opt/app/bin/app.exe set </span><span class="si">#{</span><span class="nb">name</span><span class="si">}</span><span class="s2"> </span><span class="si">#{</span><span class="n">should</span><span class="p">[</span><span class="ss">:value</span><span class="p">]</span><span class="si">}</span><span class="s2">"</span><span class="p">)</span> <span class="c1"># Missing error handling. This is just for demo</span> <span class="k">return</span> <span class="kp">true</span> <span class="k">unless</span> <span class="n">status</span><span class="p">.</span><span class="nf">success?</span> <span class="k">end</span> <span class="c1"># Update: correct an existing setting with name and replace with should value</span> <span class="k">def</span> <span class="nf">update</span><span class="p">(</span><span class="n">context</span><span class="p">,</span> <span class="nb">name</span><span class="p">,</span> <span class="n">should</span><span class="p">)</span> <span class="n">context</span><span class="p">.</span><span class="nf">notice</span><span class="p">(</span><span class="s2">"Updating '</span><span class="si">#{</span><span class="nb">name</span><span class="si">}</span><span class="s2">' with </span><span class="si">#{</span><span class="n">should</span><span class="p">[</span><span class="ss">:value</span><span class="p">]</span><span class="si">}</span><span class="s2">"</span><span class="p">)</span> <span class="n">_stdout</span><span class="p">,</span> <span class="n">_stderr</span><span class="p">,</span> <span class="n">status</span> <span class="o">=</span> <span class="no">Open3</span><span class="p">.</span><span class="nf">capture3</span><span class="p">(</span><span class="s2">"/opt/app/bin/app.exe set </span><span class="si">#{</span><span class="nb">name</span><span class="si">}</span><span class="s2"> </span><span class="si">#{</span><span class="n">should</span><span class="p">[</span><span class="ss">:value</span><span class="p">]</span><span class="si">}</span><span class="s2">"</span><span class="p">)</span> <span class="c1"># Missing error handling. This is just for demo</span> <span class="k">return</span> <span class="kp">true</span> <span class="k">unless</span> <span class="n">status</span><span class="p">.</span><span class="nf">success?</span> <span class="k">end</span> <span class="c1"># Delete: remove a config setting</span> <span class="k">def</span> <span class="nf">delete</span><span class="p">(</span><span class="n">context</span><span class="p">,</span> <span class="nb">name</span><span class="p">)</span> <span class="n">context</span><span class="p">.</span><span class="nf">notice</span><span class="p">(</span><span class="s2">"Deleting '</span><span class="si">#{</span><span class="nb">name</span><span class="si">}</span><span class="s2">'"</span><span class="p">)</span> <span class="n">_stdout</span><span class="p">,</span> <span class="n">_stderr</span><span class="p">,</span> <span class="n">status</span> <span class="o">=</span> <span class="no">Open3</span><span class="p">.</span><span class="nf">capture3</span><span class="p">(</span><span class="s2">"/opt/app/bin/app.exe rm </span><span class="si">#{</span><span class="nb">name</span><span class="si">}</span><span class="s2">"</span><span class="p">)</span> <span class="c1"># Missing error handling. This is just for demo</span> <span class="k">return</span> <span class="kp">true</span> <span class="k">unless</span> <span class="n">status</span><span class="p">.</span><span class="nf">success?</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <h2> Summary </h2> <p>Types and providers are not complex. They basically describe the CRUD behavior of Puppet.<br> The type defines how to use the Puppet DSL, while the provider controls how to check and handle specific settings.</p> <p>Please stop using <code>exec</code> for almost anything that is not super simple. In most cases, a simple type and provider will allow better analysis, error handling and control over what is happening. Besides this: <strong>custom types and providers execute faster</strong> compared to <code>exec</code> type usage - far more faster!</p> <p>The example application and the working types and providers are available on GitHub:</p> <ul> <li>The app: <a href="https://github.com/betadots/workshop-demo-app" rel="noopener noreferrer">workshop demo app</a> </li> <li>The Puppet module with types and providers for the app: <a href="https://github.com/betadots/workshop-demo-module/tree/ruby_workshop" rel="noopener noreferrer">workshop demo module</a> </li> </ul> <p>App usage:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Install APP:</span> git clone https://github.com/betadots/workshop-demo-app /opt/app /opt/app/bin/app.exe <span class="c"># Install Puppet module:</span> git clone https://github.com/betadots/workshop-demo-module <span class="nt">-b</span> ruby_workshop modules/app <span class="c"># Type API V1</span> puppet resource app_config <span class="nt">--modulepath</span> modules <span class="c"># Type Resource API</span> puppet resource app_config2 <span class="nt">--modulepath</span> modules </code></pre> </div> <p>Happy puppetizing,<br> Martin</p> puppet ruby Die Ruby-Seite von Puppet - Teil 3 - Benutzerdefinierte Typen und Provider Martin Alfke Mon, 20 Jan 2025 18:48:32 +0000 https://dev.to/betadots/die-ruby-seite-von-puppet-teil-3-benutzerdefinierte-typen-und-provider-jbp https://dev.to/betadots/die-ruby-seite-von-puppet-teil-3-benutzerdefinierte-typen-und-provider-jbp <p>Dies ist der letzte Beitrag in einer dreiteiligen Serie, die die Konzepte und Best Practices für die Erweiterung von <a href="https://www.puppet.com" rel="noopener noreferrer">Puppet</a> mithilfe von <a href="https://www.puppet.com/docs/puppet/latest/custom_facts" rel="noopener noreferrer">benutzerdefinierten Fakten</a>, <a href="https://www.puppet.com/docs/puppet/latest/custom_functions_ruby" rel="noopener noreferrer">benutzerdefinierten Funktionen</a> und <a href="https://www.puppet.com/docs/puppet/latest/custom_types" rel="noopener noreferrer">benutzerdefinierten Typen</a> sowie <a href="https://www.puppet.com/docs/puppet/latest/provider_development" rel="noopener noreferrer">Providern</a> behandelt.</p> <p><a href="https://dev.to/betadots/die-ruby-seite-von-puppet-teil-1-benutzerdefinierte-fakten-4nnj">Teil 1</a> untersucht, wie man benutzerdefinierte Fakten erstellt, die es Knoten ermöglichen, Informationen an den Puppet-Server zu senden.</p> <p><a href="https://dev.to/betadots/die-ruby-seite-von-puppet-teil-2-benutzerdefinierte-funktionen-4ph3">Teil 2</a> behandelt den Aufbau benutzerdefinierter Funktionen zur Verarbeitung von Daten oder zur Ausführung spezifischer Aufgaben.</p> <p>Teil 3 (dieser Beitrag) konzentriert sich auf benutzerdefinierte Typen und Provider, mit denen Puppets DSL erweitert und Systemressourcen verwaltet werden können.</p> <p>Typen stehen im Zentrum der deklarativen DSL von Puppet. Typen beschreiben den gewünschten Zustand des Systems und zielen auf spezifische, konfigurierbare Teile ab (manchmal betriebssystemspezifisch). Puppet bietet eine Reihe von <a href="https://www.puppet.com/docs/puppet/latest/type.html" rel="noopener noreferrer">Kern-Typen</a>, die mit jeder Puppet-Agent-Installation verfügbar sind.</p> <p>Einige der Kern-Typen umfassen:</p> <ul> <li>file</li> <li>user</li> <li>group</li> <li>package</li> <li>service</li> </ul> <p><strong>Warum benutzerdefinierte Typen und Provider erstellen</strong>:</p> <p>Es gibt mehrere Gründe, benutzerdefinierte Typen und Provider zu entwickeln:</p> <ul> <li>Vermeiden von den oft unzuverlässigen oder schwer zu wartenden <code>exec</code>-Ressourcen.</li> <li>Verwalten einer Anwendung, die CLI-Befehle zur Konfiguration benötigt.</li> <li>Handhaben von Konfigurationen mit hochspezifischer Syntax, die bestehende Puppet-Typen nicht verwalten können (wie <code>file</code> oder <code>concat</code>).</li> </ul> <p><strong>Inhalt</strong>:</p> <ol> <li>Allgemeine Konzepte</li> <li>Typen und Provider in Modulen</li> <li>Typbeschreibung</li> <li>Provider-Implementierung</li> <li>Verwendung benutzerdefinierter Typen in der Puppet DSL</li> <li>Resourcen-API</li> <li>Zusammenfassung</li> </ol> <h2> Allgemeine Konzepte </h2> <p>Ein Typ besteht aus zwei Hauptteilen:</p> <ul> <li> <strong>Typdefinition</strong>: Diese definiert, wie der Typ in der Puppet DSL verwendet wird.</li> <li> <strong>Provider-Implementierung(en)</strong>: Ein oder mehrere Provider pro Typ definieren, wie mit dem System interagiert wird, um Ressourcen zu verwalten.</li> </ul> <h3> Typdefinition </h3> <p>Der Typ beschreibt, wie Puppet-Ressourcen in der DSL deklariert werden. Zum Beispiel, um die Konfiguration einer Anwendung zu verwalten:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight puppet"><code><span class="n">app_config</span> <span class="p">{</span> <span class="o">&lt;</span><span class="n">setting</span><span class="o">&gt;</span><span class="p">:</span> <span class="py">ensure</span> <span class="p">=&gt;</span> <span class="n">present</span><span class="p">,</span> <span class="py">property</span> <span class="p">=&gt;</span> <span class="o">&lt;</span><span class="n">value</span><span class="o">&gt;</span><span class="p">,</span> <span class="py">param</span> <span class="p">=&gt;</span> <span class="o">&lt;</span><span class="n">app_args</span><span class="o">&gt;</span><span class="p">,</span> <span class="py">provider</span> <span class="p">=&gt;</span> <span class="o">&lt;</span><span class="n">auth_method</span><span class="o">&gt;</span><span class="p">,</span> <span class="p">}</span> </code></pre> </div> <p>Typdefinition haben einen <strong>Namevar</strong> (ein Schlüsselbezeichner) und mehrere <strong>Parameter</strong> und <strong>Properties (Eigenschaften)</strong>.</p> <ul> <li> <strong>Namevar</strong>: Der Schlüssel, der die Ressourceninstanz in der Typdeklaration identifiziert.</li> <li> <strong>Properties (Eigenschaften)</strong>: Diese repräsentieren etwas Messbares im Zielsystem, wie die UID oder GID eines Benutzers oder einen Konfigurationswert einer Anwendung.</li> <li> <strong>Parameter</strong>: Parameter beeinflussen, wie Puppet eine Ressource verwaltet, spiegeln jedoch nicht direkt etwas Messbares im System wider. Zum Beispiel ist <code>manage_home</code> im <code>user</code>-Typ ein Parameter, der Puppets Verhalten beeinflusst, aber keine Eigenschaft des Benutzerkontos ist.</li> </ul> <p>Der Unterschied zwischen Parametern und Eigenschaften wird auf der <a href="https://www.puppet.com/docs/puppet/latest/custom_types#custom_types" rel="noopener noreferrer">Puppet-Typ/Provider-Entwicklungsseite</a> gut beschrieben:</p> <p>Properties:</p> <blockquote> <p>"Eigenschaften entsprechen etwas Messbarem im Zielsystem. Zum Beispiel sind die UID und GID eines Benutzerkontos Eigenschaften, da ihr aktueller Zustand abgefragt oder geändert werden kann. Praktisch bedeutet das, dass das Festlegen eines Wertes für eine Eigenschaft eine Methode im Provider aufruft."</p> </blockquote> <p>Parameter:</p> <blockquote> <p>"Parameter ändern, wie Puppet eine Ressource verwaltet, entsprechen jedoch nicht unbedingt direkt etwas Messbarem. Zum Beispiel ist das managehome-Attribut des Benutzertyps ein Parameter – sein Wert beeinflusst, was Puppet tut, aber die Frage, ob Puppet ein Home-Verzeichnis verwaltet, ist keine angeborene Eigenschaft des Benutzerkontos."</p> </blockquote> <p>In unserem Beispiel ist die Eigenschaft der Wert des Konfigurationseinstellungen, während der Parameter die Anwendungsattribute angibt.</p> <h3> Provider-Implementierungen </h3> <p>Provider definieren die Mechanismen zur Verwaltung des Zustands der durch Typen beschriebenen Ressourcen. Sie behandeln:</p> <ul> <li>Bestimmung, ob die Ressource bereits existiert</li> <li>Erstellen oder Entfernen von Ressourcen.</li> <li>Ändern von Ressourcen.</li> <li>Optional das Auflisten aller vorhandenen Ressourcen des Typs.</li> </ul> <h2> Typen und Provider in Modulen </h2> <p>Benutzerdefinierte Typen und Provider werden im Verzeichnis <code>lib/puppet</code> eines Moduls platziert.</p> <ul> <li>Die Typdatei befindet sich in <code>lib/puppet/type</code> und ist nach dem Ressourcentyp benannt (<code>app_config.rb</code> in diesem Fall).</li> <li>Provider-Implementierungen gehen in das Verzeichnis <code>lib/puppet/provider</code>, in ein Unterverzeichnis, das nach dem Ressourcentyp benannt ist. Jeder Provider ist nach seiner Provider-Implementierung benannt (z.B. <code>ruby.rb</code>, <code>cli.rb</code>, <code>cert.rb</code>, <code>token.rb</code>, <code>user.rb</code>)</li> </ul> <p>Beispiel:</p> <ol> <li>Typ: app_config</li> <li>Provider: <ul> <li>cert</li> <li>token</li> <li>user </li> </ul> </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># &lt;modulpfad&gt;/&lt;modulname&gt; modules/application/ \- lib/ \- puppet/ |- type/ | \- app_config.rb \- provider/ \- app_config/ |- cert.rb |- token.rb \- user.rb </code></pre> </div> <h2> Typbeschreibung </h2> <p>Neue benutzerdefinierte Typen können mit zwei verschiedenen API-Versionen erstellt werden. APIv1 ist die alte, klassische Methode, die Getter und Setter innerhalb der Provider verwendet. APIv2 ist eine neue Implementierung, die in PDK integriert ist – diese Implementierung wird auch als <code>Resource-API</code> bezeichnet.</p> <p>Im nächsten Abschnitt stellen wir die APIv1-Implementierung vor. Die Implementierung der Ressourcen-API wird später in diesem Dokument behandelt.</p> <h3> APIv1 </h3> <p>Die traditionelle Methode verwendet <code>Puppet::Type.newtype</code>, die den Typ definiert. Es wird empfohlen, die Typdokumentation in den Code einzufügen. Dies ermöglicht es den Benutzern, <code>puppet describe &lt;type&gt;</code> auf ihrem System auszuführen, um die Dokumentation anzuzeigen.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># lib/puppet/type/app_config.rb</span> <span class="no">Puppet</span><span class="o">::</span><span class="no">Type</span><span class="p">.</span><span class="nf">newtype</span><span class="p">(</span><span class="ss">:app_config</span><span class="p">)</span> <span class="k">do</span> <span class="vi">@doc</span> <span class="o">=</span> <span class="sx">%q{Verwalten der Anwendungsconfig. Es gibt drei Möglichkeiten zur Authentifizierung: Zertifikat, Token, Benutzer. Zertifikat ist der Standard Provider. Beispiel: app_config: { 'enable_logging': ensure =&gt; present, value =&gt; true, } }</span> <span class="c1"># ... der Code ...</span> <span class="k">end</span> </code></pre> </div> <h3> Verwaltung </h3> <p>Die wichtigste Funktion eines Typs besteht darin, etwas zum System hinzuzufügen oder zu entfernen. Dies wird normalerweise mit der <code>ensure</code>-Eigenschaft behandelt. Um <code>ensure</code> zu aktivieren, ist eine einzige Zeile erforderlich: <code>ensurable</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># lib/puppet/type/app_config.rb</span> <span class="no">Puppet</span><span class="o">::</span><span class="no">Type</span><span class="p">.</span><span class="nf">newtype</span><span class="p">(</span><span class="ss">:app_config</span><span class="p">)</span> <span class="k">do</span> <span class="vi">@doc</span> <span class="o">=</span> <span class="sx">%q{Verwalten der Anwendungsconfig. Es gibt drei Möglichkeiten zur Authentifizierung: Zertifikat, Token, Benutzer. Zertifikat ist der Standard Provider. Beispiel: app_config: { 'enable_logging': ensure =&gt; present, value =&gt; true, } }</span> <span class="n">ensurable</span> <span class="k">end</span> </code></pre> </div> <h3> Namevar </h3> <p>Bei der Deklaration des Typs muss ein Titel angegeben werden – dies könnte man als Typinstanz-Identifikator bezeichnen. In der Regel spiegelt dies wider, wofür der Typ verantwortlich ist.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight puppet"><code><span class="n">user</span> <span class="p">{</span> <span class="s1">'betadots'</span><span class="p">:</span> <span class="c"># &lt;- Titel </span><span class="p">}</span> </code></pre> </div> <p>Die einfachste Implementierung besteht darin, einen Parameter mit dem Namen <code>:name</code> hinzuzufügen.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># lib/puppet/type/app_config.rb</span> <span class="no">Puppet</span><span class="o">::</span><span class="no">Type</span><span class="p">.</span><span class="nf">newtype</span><span class="p">(</span><span class="ss">:app_config</span><span class="p">)</span> <span class="k">do</span> <span class="vi">@doc</span> <span class="o">=</span> <span class="sx">%q{Verwalten der Anwendungsconfig. Es gibt drei Möglichkeiten, sich zu authentifizieren: Zertifikat, Token, Benutzer. Zertifikat ist der Standard Provider. Beispiel: app_config: { 'enable_logging': ensure =&gt; present, value =&gt; true, } }</span> <span class="n">ensurable</span> <span class="n">newparam</span><span class="p">(</span><span class="ss">:name</span><span class="p">)</span> <span class="k">do</span> <span class="n">desc</span> <span class="s2">"Das Anwendungsconfig-Element, das verwaltet werden soll. Siehe app_cli conf --help"</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <p>Das Übergeben des Schlüssels <code>namevar: true</code> an den Parameter ist eine weitere Möglichkeit, einen Namevar zu identifizieren:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="n">newparam</span><span class="p">(</span><span class="ss">:key</span><span class="p">,</span> <span class="ss">namevar: </span><span class="kp">true</span><span class="p">)</span> <span class="k">do</span> <span class="n">desc</span> <span class="s1">'Der Schlüssel des Anwendungsconfig-Elements, das verwaltet werden soll. Siehe app_cli conf --help'</span> <span class="k">end</span> </code></pre> </div> <h3> Eigenschaften </h3> <p>Als Nächstes fügen wir die andere Eigenschaft hinzu. Jede Eigenschaft kann durch ihren Inhalt validiert werden. In unserem Demo-Fall erwarten wir einen Stringwert.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># lib/puppet/type/app_config.rb</span> <span class="no">Puppet</span><span class="o">::</span><span class="no">Type</span><span class="p">.</span><span class="nf">newtype</span><span class="p">(</span><span class="ss">:app_config</span><span class="p">)</span> <span class="k">do</span> <span class="vi">@doc</span> <span class="o">=</span> <span class="sx">%q{Verwalten der Anwendungsconfig. Es gibt drei Möglichkeiten, sich zu authentifizieren: Zertifikat, Token, Benutzer. Zertifikat ist der Standard Provider. Beispiel: app_config: { 'enable_logging': ensure =&gt; present, value =&gt; true, } }</span> <span class="n">ensurable</span> <span class="n">newparam</span><span class="p">(</span><span class="ss">:name</span><span class="p">)</span> <span class="k">do</span> <span class="n">desc</span> <span class="s2">"Das Anwendungsconfig-Element, das verwaltet werden soll. Siehe app_cli conf --help"</span> <span class="k">end</span> <span class="n">newproperty</span><span class="p">(</span><span class="ss">:value</span><span class="p">)</span> <span class="k">do</span> <span class="n">desc</span> <span class="s2">"Der zu setzende Konfigurationswert."</span> <span class="n">validate</span> <span class="k">do</span> <span class="o">|</span><span class="n">value</span><span class="o">|</span> <span class="k">unless</span> <span class="n">value</span> <span class="o">=~</span> <span class="sr">/^\w+/</span> <span class="k">raise</span> <span class="no">ArgumentError</span><span class="p">,</span> <span class="s2">"%s ist kein gültiger Wert"</span> <span class="o">%</span> <span class="n">value</span> <span class="k">end</span> <span class="k">end</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <p>Außerdem kann man spezifische gültige Werte angeben, die automatisch validiert werden:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="n">newproperty</span><span class="p">(</span><span class="ss">:enable</span><span class="p">)</span> <span class="k">do</span> <span class="n">newvalue</span><span class="p">(</span><span class="ss">:true</span><span class="p">)</span> <span class="n">newvalue</span><span class="p">(</span><span class="ss">:false</span><span class="p">)</span> <span class="k">end</span> </code></pre> </div> <p>Bitte beachten, dass Arrays als Eigenschaftswerte auf andere Weise validiert werden:</p> <p>Von der Website <a href="https://www.puppet.com/docs/puppet/latest/custom_types#tandp_properties_and_parameters" rel="noopener noreferrer">Puppet benutzerdefinierte Typen</a>:</p> <blockquote> <p>Standardmäßig wird eine Eigenschaft, die mehrere Werte in einem Array zugewiesen bekommt:</p> <ul> <li>Als synchron betrachtet, wenn einer dieser Werte dem aktuellen Wert entspricht.</li> <li>Wenn keiner dieser Werte übereinstimmt, wird der erste Wert beim Synchronisieren der Eigenschaft verwendet.</li> </ul> </blockquote> <p>Wenn alle Array-Werte übereinstimmen sollen, muss die Eigenschaft <code>array_matching</code> auf <code>:all</code> gesetzt werden. Der Standardwert ist <code>:first</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="n">newproperty</span><span class="p">(</span><span class="ss">:flags</span><span class="p">,</span> <span class="ss">:array_matching</span> <span class="o">=&gt;</span> <span class="ss">:all</span><span class="p">)</span> <span class="k">do</span> <span class="c1"># ...</span> <span class="k">end</span> </code></pre> </div> <p>Der Zugriff auf Werte kann auf zwei Arten erfolgen:</p> <ol> <li> <code>should</code> für Eigenschaften, <code>value</code> für Parameter.</li> <li> <code>value</code> für sowohl Eigenschaften als auch Parameter.</li> </ol> <p>Wir bevorzugen die expliziten Methoden, da dies klarer macht, ob wir es mit einer Eigenschaft oder einem Parameter zu tun haben.</p> <h3> Parameter </h3> <p>Parameter werden auf ähnliche Weise definiert:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># lib/puppet/type/app_config.rb</span> <span class="no">Puppet</span><span class="o">::</span><span class="no">Type</span><span class="p">.</span><span class="nf">newtype</span><span class="p">(</span><span class="ss">:app_config</span><span class="p">)</span> <span class="k">do</span> <span class="vi">@doc</span> <span class="o">=</span> <span class="sx">%q{Verwalten der Anwendungsconfig. Es gibt drei Möglichkeiten, sich zu authentifizieren: Zertifikat, Token, Benutzer. Zertifikat ist der Standard Provider. Beispiel: app_config: { 'enable_logging': ensure =&gt; present, value =&gt; true, cli_args =&gt; ['-p'], # Persistenz } }</span> <span class="n">ensurable</span> <span class="n">newparam</span><span class="p">(</span><span class="ss">:name</span><span class="p">)</span> <span class="k">do</span> <span class="n">desc</span> <span class="s2">"Das Anwendungsconfig-Element, das verwaltet werden soll. Siehe app_cli conf --help"</span> <span class="k">end</span> <span class="n">newproperty</span><span class="p">(</span><span class="ss">:value</span><span class="p">)</span> <span class="k">do</span> <span class="n">desc</span> <span class="s2">"Der zu setzende Konfigurationswert."</span> <span class="n">validate</span> <span class="k">do</span> <span class="o">|</span><span class="n">value</span><span class="o">|</span> <span class="k">unless</span> <span class="n">value</span> <span class="o">=~</span> <span class="sr">/^\w+/</span> <span class="k">raise</span> <span class="no">ArgumentError</span><span class="p">,</span> <span class="s2">"%s ist kein gültiger Wert"</span> <span class="o">%</span> <span class="n">value</span> <span class="k">end</span> <span class="k">end</span> <span class="k">end</span> <span class="n">newparam</span><span class="p">(</span><span class="ss">:cli_args</span><span class="p">,</span> <span class="ss">:array_matching</span> <span class="o">=&gt;</span> <span class="ss">:all</span><span class="p">)</span> <span class="k">do</span> <span class="n">desc</span> <span class="s2">"CLI-Optionen, die während der Befehlsausführung verwendet werden sollen."</span> <span class="n">validate</span> <span class="k">do</span> <span class="o">|</span><span class="n">value</span><span class="o">|</span> <span class="k">unless</span> <span class="n">value</span><span class="p">.</span><span class="nf">class</span> <span class="o">==</span> <span class="no">Array</span> <span class="k">raise</span> <span class="no">ArgumentError</span><span class="p">,</span> <span class="s2">"%s ist kein Array"</span> <span class="o">%</span> <span class="n">value</span> <span class="k">end</span> <span class="k">end</span> <span class="n">defaultto</span> <span class="p">[</span><span class="s1">'-p'</span><span class="p">]</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <h3> Boolean-Parameter </h3> <p>Parameter, die einen booleschen Wert erhalten, sollten auf andere Weise behandelt werden, um Codewiederholungen zu vermeiden.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="nb">require</span> <span class="s1">'puppet/parameter/boolean'</span> <span class="c1"># ...</span> <span class="n">newparam</span><span class="p">(</span><span class="ss">:force</span><span class="p">,</span> <span class="ss">:boolean</span> <span class="o">=&gt;</span> <span class="kp">true</span><span class="p">,</span> <span class="ss">:parent</span> <span class="o">=&gt;</span> <span class="no">Puppet</span><span class="o">::</span><span class="no">Parameter</span><span class="o">::</span><span class="no">Boolean</span><span class="p">)</span> </code></pre> </div> <h3> Automatische Abhängigkeiten </h3> <p>Innerhalb des Typs können wir weiche Abhängigkeiten zwischen verschiedenen Typen angeben.</p> <p>Beispiel: Das <code>app_cli</code> sollte einen Benutzer verwenden, der im System verfügbar sein muss.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="n">autorequire</span><span class="p">(</span><span class="ss">:user</span><span class="p">)</span> <span class="k">do</span> <span class="p">[</span><span class="s1">'app'</span><span class="p">]</span> <span class="k">end</span> </code></pre> </div> <p>Von nun an kann der neue benutzerdefinierte Typ bereits in Puppet DSL verwendet werden, der Compiler wird ein Katalog erstellen, aber der Agent wird einen Fehler produzieren, da es keine funktionalen Provider gibt.</p> <h3> Vorabprüfung auf der Agentenseite </h3> <p>Es ist möglich, dass der Agent zunächst einige Dinge überprüft, bevor der Katalog angewendet wird. Dafür kann die Methode <code>:pre_run_check</code> verwendet werden.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="k">def</span> <span class="nf">pre_run_check</span> <span class="no">File</span><span class="p">.</span><span class="nf">exist?</span><span class="p">(</span><span class="s1">'/opt/app/bin/app.exe'</span><span class="p">)</span> <span class="o">&amp;&amp;</span> <span class="k">raise</span> <span class="no">Puppet</span><span class="o">::</span><span class="no">Error</span><span class="p">,</span> <span class="s2">"App nicht installiert"</span> <span class="k">end</span> </code></pre> </div> <h3> Merkmale </h3> <p>Bei der Verwendung mehrerer Provider (ähnlich der Ressourcenpakete) wollen wir sicherstellen, dass der Provider alle erforderlichen Implementierungen (Merkmale - Features) hat. Ein Typ kann ein Merkmal erfordern:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># lib/puppet/type/app_config.rb</span> <span class="no">Puppet</span><span class="o">::</span><span class="no">Type</span><span class="p">.</span><span class="nf">newtype</span><span class="p">(</span><span class="ss">:app_config</span><span class="p">)</span> <span class="k">do</span> <span class="vi">@doc</span> <span class="o">=</span> <span class="sx">%q{Verwalten der Anwendungsconfig. Es gibt drei Möglichkeiten, sich zu authentifizieren: Zertifikat, Token, Benutzer. Zertifikat ist der Standard Provider. Beispiel: app_config: { 'enable_logging': ensure =&gt; present, value =&gt; true, file =&gt; '/opt/app/etc/app.cfg', cli_args =&gt; ['-p'], # Persistenz } }</span> <span class="n">ensurable</span> <span class="c1"># globales Merkmal</span> <span class="c1"># feature :cli, "Das CLI-Merkmal erfordert einige Parameter", :methods =&gt; [:cli]</span> <span class="n">newparam</span><span class="p">(</span><span class="ss">:name</span><span class="p">)</span> <span class="k">do</span> <span class="n">desc</span> <span class="s2">"Das Anwendungsconfig-Element, das verwaltet werden soll. Siehe app_cli conf --help"</span> <span class="k">end</span> <span class="n">newproperty</span><span class="p">(</span><span class="ss">:value</span><span class="p">)</span> <span class="k">do</span> <span class="n">desc</span> <span class="s2">"Der zu setzende Konfigurationswert."</span> <span class="n">validate</span> <span class="k">do</span> <span class="o">|</span><span class="n">value</span><span class="o">|</span> <span class="k">unless</span> <span class="n">value</span> <span class="o">=~</span> <span class="sr">/^\w+/</span> <span class="k">raise</span> <span class="no">ArgumentError</span><span class="p">,</span> <span class="s2">"%s ist kein gültiger Wert"</span> <span class="o">%</span> <span class="n">value</span> <span class="k">end</span> <span class="k">end</span> <span class="k">end</span> <span class="c1"># Die Eigenschaft config_file muss gesetzt werden, wenn die CLI</span> <span class="c1"># Option zur Konfiguration von App verwendet wird.</span> <span class="c1"># Der CLI-Provider wird nach einem Merkmal suchen.</span> <span class="n">newproperty</span><span class="p">(</span><span class="ss">:file</span><span class="p">,</span> <span class="ss">:required_features</span> <span class="o">=&gt;</span> <span class="sx">%w{cli}</span><span class="p">)</span> <span class="k">do</span> <span class="n">desc</span> <span class="s2">"Die zu verwendende Konfigurationsdatei."</span> <span class="n">validate</span> <span class="k">do</span> <span class="o">|</span><span class="n">value</span><span class="o">|</span> <span class="k">unless</span> <span class="p">(</span><span class="no">File</span><span class="p">.</span><span class="nf">expand_path</span><span class="p">(</span><span class="n">value</span><span class="p">)</span> <span class="o">==</span> <span class="n">value</span><span class="p">)</span> <span class="k">raise</span> <span class="no">ArgumentError</span><span class="p">,</span> <span class="s2">"%s ist kein absoluter Pfad"</span> <span class="o">%</span> <span class="n">value</span> <span class="k">end</span> <span class="k">end</span> <span class="n">defaultto</span> <span class="s1">'/opt/app/etc/app.cfg'</span> <span class="k">end</span> <span class="n">newparam</span><span class="p">(</span><span class="ss">:cli_args</span><span class="p">,</span> <span class="ss">:array_matching</span> <span class="o">=&gt;</span> <span class="ss">:all</span><span class="p">)</span> <span class="k">do</span> <span class="n">desc</span> <span class="s2">"CLI-Optionen, die während der Befehlsausführung verwendet werden sollen."</span> <span class="n">validate</span> <span class="k">do</span> <span class="o">|</span><span class="n">value</span><span class="o">|</span> <span class="k">unless</span> <span class="n">value</span><span class="p">.</span><span class="nf">class</span> <span class="o">==</span> <span class="no">Array</span> <span class="k">raise</span> <span class="no">ArgumentError</span><span class="p">,</span> <span class="s2">"%s ist kein Array"</span> <span class="o">%</span> <span class="n">value</span> <span class="k">end</span> <span class="k">end</span> <span class="n">defaultto</span> <span class="p">[</span><span class="s1">'-p'</span><span class="p">]</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <h2> Provider-Implementierung </h2> <p>Sobald der Typ definiert ist, muss der Anbieter steuern, wie die Ressource verwaltet wird. Anbieter implementieren typischerweise Methoden, um:</p> <ul> <li>Überprüfen, ob die Ressource existiert (<code>exists?</code>).</li> <li>Eine neue Ressource erstellen (<code>create</code>).</li> <li>Vorhandene Ressourcenattribute lesen (<code>prefetch</code> oder ein Getter).</li> <li>Eine Ressource ändern (<code>flush</code> oder ein Setter).</li> <li>Eine Ressource löschen (<code>destroy</code>). </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># lib/puppet/provider/app_config/cli.rb</span> <span class="no">Puppet</span><span class="o">::</span><span class="no">Type</span><span class="p">.</span><span class="nf">type</span><span class="p">(</span><span class="ss">:app_config</span><span class="p">).</span><span class="nf">provide</span><span class="p">(</span><span class="ss">:cli</span><span class="p">)</span> <span class="k">do</span> <span class="n">desc</span> <span class="s2">"Der CLI-Anbieter des app_config-Typs."</span> <span class="k">end</span> </code></pre> </div> <p>Es ist auch möglich, bestehende Anbieterklassen wiederzuverwenden und zu erweitern. Gemeinsamer Code kann in einem generischen Anbieter (<code>lib/puppet/provider/app_config.rb</code>) platziert werden.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># lib/puppet/provider/app_config/cli.rb</span> <span class="no">Puppet</span><span class="o">::</span><span class="no">Type</span><span class="p">.</span><span class="nf">type</span><span class="p">(</span><span class="ss">:app_config</span><span class="p">).</span><span class="nf">provide</span><span class="p">(</span><span class="ss">:cli</span><span class="p">,</span> <span class="ss">:parent</span> <span class="o">=&gt;</span> <span class="no">Puppet</span><span class="o">::</span><span class="no">Provider</span><span class="o">::</span><span class="no">App_config</span><span class="p">)</span> <span class="k">do</span> <span class="n">desc</span> <span class="s2">"Der CLI-Anbieter des app_config-Typs verwendet gemeinsamen Code aus app_config.rb."</span> <span class="k">end</span> </code></pre> </div> <p>Wenn eine gemeinsame Funktionalität für mehrere Anbieter hinzugefügt werden soll, kann man den Code im Puppet_X-Modulverzeichnis ablegen: <code>lib/puppet_x/&lt;unternehmens_name&gt;/&lt;eindeutiger Klassenname&gt;</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># lib/puppet/provider/app_config/cli.rb</span> <span class="nb">require_relative</span> <span class="s1">'../../puppet_x/betadots/app_api.rb'</span> <span class="no">Puppet</span><span class="o">::</span><span class="no">Type</span><span class="p">.</span><span class="nf">type</span><span class="p">(</span><span class="ss">:app_config</span><span class="p">).</span><span class="nf">provide</span><span class="p">(</span><span class="ss">:cli</span><span class="p">)</span> <span class="k">do</span> <span class="n">desc</span> <span class="s2">"Der CLI-Anbieter des app_config-Typs verwendet gemeinsamen Code aus app_config.rb."</span> <span class="k">end</span> </code></pre> </div> <p>Ein neuer Anbieter kann erstellt werden, indem er von einem bestehenden Anbieter erbt und diesen erweitert:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># lib/puppet/provider/app_config/token.rb</span> <span class="no">Puppet</span><span class="o">::</span><span class="no">Type</span><span class="p">.</span><span class="nf">type</span><span class="p">(</span><span class="ss">:app_config</span><span class="p">).</span><span class="nf">provide</span><span class="p">(</span><span class="ss">:token</span><span class="p">,</span> <span class="ss">:parent</span> <span class="o">=&gt;</span> <span class="ss">:api</span><span class="p">,</span> <span class="ss">:source</span> <span class="o">=&gt;</span> <span class="ss">:api</span><span class="p">)</span> <span class="k">do</span> <span class="n">desc</span> <span class="s2">"Der Token-Anbieter des app_config-Typs ist eine Erweiterung des API-Anbieters."</span> <span class="k">end</span> </code></pre> </div> <p>Zusätzlich kann man jeden Anbieter von jedem Typ wiederverwenden:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># lib/puppet/provider/app_config/file.rb</span> <span class="no">Puppet</span><span class="o">::</span><span class="no">Type</span><span class="p">.</span><span class="nf">type</span><span class="p">(</span><span class="ss">:app_config</span><span class="p">).</span><span class="nf">provide</span><span class="p">(</span><span class="ss">:file</span><span class="p">,</span> <span class="ss">:parent</span> <span class="o">=&gt;</span> <span class="no">Puppet</span><span class="o">::</span><span class="no">Type</span><span class="p">.</span><span class="nf">type</span><span class="p">(</span><span class="ss">:ini_setting</span><span class="p">).</span><span class="nf">provider</span><span class="p">(</span><span class="ss">:ruby</span><span class="p">))</span> <span class="k">do</span> <span class="n">desc</span> <span class="s2">"Der Datei-Anbieter des app_config-Typs ist eine Erweiterung des API-Anbieters."</span> <span class="k">end</span> </code></pre> </div> <h3> Auswahl des Anbieters </h3> <p>Der Puppet-Agent muss wissen, welcher Anbieter zu verwenden ist, wenn mehrere Anbieter vorhanden sind. Man kann den <code>provider</code>-Meta-Parameter verwenden oder die Anbieter Überprüfungen durchführen lassen, um festzustellen, ob sie für das System gültig sind. Die Optionen umfassen:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Überprüfung</th> <th>Beispiel</th> <th>Beschreibung</th> </tr> </thead> <tbody> <tr> <td>Befehle</td> <td><code>commands :app =&gt; "/opt/app/bin/app.exe"</code></td> <td>Gültig, wenn der Befehl <code>/opt/app/bin/app.exe</code> existiert. Der Befehl kann später mit <code>:app</code> verwendet werden.</td> </tr> <tr> <td>Einschränkung - existiert</td> <td><code>confine :exists =&gt; "/opt/app/etc/app.conf"</code></td> <td>Gültig, wenn die Datei existiert.</td> </tr> <tr> <td>Einschränkung - bool</td> <td><code>confine :true =&gt; /^10\./.match(%x{/opt/app/bin/app.exec version})</code></td> <td>Gültig, wenn die Version 10.x ist.</td> </tr> <tr> <td>Einschränkung - Fakt</td> <td><code>confine 'os.family' =&gt; :debian</code></td> <td>Gültig, wenn der Faktwert übereinstimmt.</td> </tr> <tr> <td>Einschränkung - Funktion</td> <td><code>confine :feature =&gt; :cli</code></td> <td>Gültig, wenn der Anbieter die Funktion hat.</td> </tr> <tr> <td>defaultfor</td> <td><code>defaultfor 'os.family' =&gt; :debian</code></td> <td>Anbieter als Standard für Debian-basierte Systeme.</td> </tr> </tbody> </table></div> <h3> Lesen und Anwenden von Konfigurationen </h3> <p>Der Anbieter benötigt die Fähigkeit, einzelne Konfigurationszustände zu erstellen, zu lesen, zu aktualisieren und zu löschen (CRUD-API).</p> <p>Jede Konfigurationseigenschaft benötigt eine <code>getter</code>- (lesen) und eine <code>setter</code>- (ändern) Methode.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># lib/puppet/provider/app_config/cli.rb</span> <span class="c1"># app_config: { 'enable_logging':</span> <span class="c1"># ensure =&gt; present,</span> <span class="c1"># value =&gt; true,</span> <span class="c1"># }</span> <span class="c1">#</span> <span class="no">Puppet</span><span class="o">::</span><span class="no">Type</span><span class="p">.</span><span class="nf">type</span><span class="p">(</span><span class="ss">:app_config</span><span class="p">).</span><span class="nf">provide</span><span class="p">(</span><span class="ss">:cli</span><span class="p">)</span> <span class="k">do</span> <span class="n">desc</span> <span class="s2">"Der CLI-Anbieter des app_config-Typs."</span> <span class="c1"># Einschränkung auf bestehenden Befehl</span> <span class="n">commands</span> <span class="ss">:app</span> <span class="o">=&gt;</span> <span class="s2">"/opt/app/bin/app.exe"</span> <span class="k">def</span> <span class="nf">exists?</span> <span class="vi">@result</span> <span class="o">=</span> <span class="n">app_cli</span><span class="p">(</span><span class="s1">'list'</span><span class="p">).</span><span class="nf">split</span><span class="p">(</span><span class="sr">%r{</span><span class="se">\n</span><span class="sr">}</span><span class="p">).</span><span class="nf">grep</span><span class="p">(</span><span class="sr">%r{^</span><span class="si">#{</span><span class="n">resource</span><span class="p">[</span><span class="ss">:key</span><span class="p">]</span><span class="si">}</span><span class="sr">}</span><span class="p">)</span> <span class="k">if</span> <span class="vi">@result</span><span class="p">.</span><span class="nf">length</span> <span class="o">&gt;</span> <span class="mi">1</span> <span class="k">raise</span> <span class="no">ParserError</span><span class="p">,</span> <span class="s1">'Mehrere Konfigurationselemente gefunden, bitte beheben Sie dies'</span> <span class="k">end</span> <span class="k">return</span> <span class="kp">false</span> <span class="k">if</span> <span class="vi">@result</span><span class="p">.</span><span class="nf">empty?</span> <span class="k">return</span> <span class="kp">true</span> <span class="k">unless</span> <span class="vi">@result</span><span class="p">.</span><span class="nf">empty?</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">create</span> <span class="n">app</span><span class="p">([</span><span class="s1">'set'</span><span class="p">,</span> <span class="n">resource</span><span class="p">[</span><span class="ss">:name</span><span class="p">],</span> <span class="n">resource</span><span class="p">[</span><span class="ss">:value</span><span class="p">]])</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">destroy</span> <span class="n">app</span><span class="p">([</span><span class="s1">'rm'</span><span class="p">,</span> <span class="n">resource</span><span class="p">[</span><span class="ss">:name</span><span class="p">]])</span> <span class="k">end</span> <span class="c1"># getter</span> <span class="k">def</span> <span class="nf">value</span><span class="p">()</span> <span class="vi">@result</span><span class="p">[</span><span class="mi">0</span><span class="p">].</span><span class="nf">split</span><span class="p">[</span><span class="mi">1</span><span class="p">]</span> <span class="k">end</span> <span class="c1"># setter</span> <span class="k">def</span> <span class="nf">value</span><span class="o">=</span><span class="p">(</span><span class="n">value</span><span class="p">)</span> <span class="n">app</span><span class="p">([</span><span class="s1">'set'</span><span class="p">,</span> <span class="n">resource</span><span class="p">[</span><span class="ss">:name</span><span class="p">],</span> <span class="n">resource</span><span class="p">[</span><span class="ss">:value</span><span class="p">]])</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <p>Es wird empfohlen, auch die <code>instances</code>-Klassenmethode zu erstellen, die alle Instanzen eines Ressourcentyps in einem Hash sammeln kann. Der Namevar ist der Hash-Schlüssel, der einen Hash von Parametern und Eigenschaften als Wert hat.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="nb">require</span> <span class="s1">'yaml'</span> <span class="k">def</span> <span class="nc">self</span><span class="o">.</span><span class="nf">instances</span> <span class="n">instances</span> <span class="o">=</span> <span class="p">[]</span> <span class="no">YAML</span><span class="p">.</span><span class="nf">load</span><span class="p">(</span><span class="n">app_cli</span><span class="p">(</span><span class="s1">'list'</span><span class="p">)).</span><span class="nf">each</span> <span class="k">do</span> <span class="o">|</span><span class="n">key</span><span class="p">,</span> <span class="n">value</span><span class="o">|</span> <span class="n">attributes_hash</span> <span class="o">=</span> <span class="p">{</span> <span class="ss">key: </span><span class="n">key</span><span class="p">,</span> <span class="ss">ensure: :present</span><span class="p">,</span> <span class="ss">value: </span><span class="n">value</span><span class="p">,</span> <span class="ss">name: </span><span class="n">key</span><span class="p">}</span> <span class="n">instances</span> <span class="o">&lt;&lt;</span> <span class="n">new</span><span class="p">(</span><span class="n">attributes_hash</span><span class="p">)</span> <span class="k">end</span> <span class="n">instances</span> <span class="k">end</span> </code></pre> </div> <p>Manchmal ist es nicht möglich, alle Instanzen zu sammeln, z. B. beim <code>file</code>-Ressourcentyp. In solchen Fällen wird keine <code>instance</code>-Methode definiert.</p> <p>Die <code>instance</code>-Methode wird indirekt von jedem Typ verwendet, wenn <code>prefetch</code> aufgerufen wird, um die aktuelle Konfiguration zu erhalten und die <code>@property_hash</code>-Instanzvariable zurückzugeben.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="k">def</span> <span class="nc">self</span><span class="o">.</span><span class="nf">prefetch</span><span class="p">(</span><span class="n">resources</span><span class="p">)</span> <span class="n">resources</span><span class="p">.</span><span class="nf">each_key</span> <span class="k">do</span> <span class="o">|</span><span class="nb">name</span><span class="o">|</span> <span class="n">provider</span> <span class="o">=</span> <span class="n">instances</span><span class="p">.</span><span class="nf">find</span> <span class="p">{</span> <span class="o">|</span><span class="n">instance</span><span class="o">|</span> <span class="n">instance</span><span class="p">.</span><span class="nf">name</span> <span class="o">==</span> <span class="nb">name</span> <span class="p">}</span> <span class="n">resources</span><span class="p">[</span><span class="nb">name</span><span class="p">].</span><span class="nf">provider</span> <span class="o">=</span> <span class="n">provider</span> <span class="k">if</span> <span class="n">provider</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <p>Dies ermöglicht es dem Typ, Getter und Setter zu verwenden, um die Instanzvariable zu lesen und zu manipulieren, anstatt für jeden Typ <code>getter</code>- und <code>setter</code>-Methoden zu schreiben. Dieses Verhalten wird durch die Deklaration der <code>mk_resource_methods</code>-Klassenmethode hinzugefügt.</p> <p>Sobald dies implementiert ist, kann man den Befehl <code>puppet resource app_config</code> ausführen, um alle vorhandenen Konfigurationen abzurufen.</p> <h3> Refresh-Ereignisse </h3> <p>In einigen Fällen ist es erforderlich, eine Ressource zu <code>aktualisieren</code> (refresh), beispielsweise um einen Dienst neu zu starten, ein Laufwerk erneut zu mounten oder eine Exec-Ressource erneut auszuführen. Damit ein Typ/Anbieter auf ein Aktualisierungsereignis reagieren kann, ist eine spezielle Behandlung erforderlich.</p> <p>Innerhalb des Typs muss die <code>refreshable</code>-Funktion aktiviert werden, und eine <code>refresh</code>-Definition wird hinzugefügt.</p> <p>Die folgenden Beispiele stammen vom Puppet <code>service</code> Typ und Anbieter. Die Funktion beschreibt, welche Anbieterdefinition bei einem Aktualisierungsereignis ausgeführt werden soll.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># lib/puppet/type/services.rb</span> <span class="c1"># ...</span> <span class="n">feature</span> <span class="ss">:refreshable</span><span class="p">,</span> <span class="s2">"Der Anbieter kann den Dienst neu starten."</span><span class="p">,</span> <span class="ss">:methods</span> <span class="o">=&gt;</span> <span class="p">[</span><span class="ss">:restart</span><span class="p">]</span> <span class="c1"># ...</span> <span class="k">def</span> <span class="nf">refresh</span> <span class="c1"># Nur neu starten, wenn wir tatsächlich laufen</span> <span class="k">if</span> <span class="p">(</span><span class="vi">@parameters</span><span class="p">[</span><span class="ss">:ensure</span><span class="p">]</span> <span class="o">||</span> <span class="n">newattr</span><span class="p">(</span><span class="ss">:ensure</span><span class="p">)).</span><span class="nf">retrieve</span> <span class="o">==</span> <span class="ss">:running</span> <span class="n">provider</span><span class="p">.</span><span class="nf">restart</span> <span class="k">else</span> <span class="n">debug</span> <span class="s2">"Neustart überspringen; Dienst läuft nicht"</span> <span class="k">end</span> <span class="k">end</span> <span class="c1"># ...</span> </code></pre> </div> <h2> Verwendung benutzerdefinierter Typen in Puppet DSL </h2> <p>Sobald der benutzerdefinierte Typ und Anbieter implementiert sind, kann man diesen in Puppet Manifesten wie folgt verwenden:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight puppet"><code><span class="c"># Typdeklaration </span><span class="n">app_config</span> <span class="p">{</span> <span class="s1">'enable_logging'</span><span class="p">:</span> <span class="py">ensure</span> <span class="p">=&gt;</span> <span class="n">present</span><span class="p">,</span> <span class="py">value</span> <span class="p">=&gt;</span> <span class="kc">true</span><span class="p">,</span> <span class="kp">require</span> <span class="p">=&gt;</span> <span class="nc">File</span><span class="p">[</span><span class="s1">'/opt/app/etc/app.cfg'</span><span class="p">],</span> <span class="kp">subscribe</span> <span class="p">=&gt;</span> <span class="nc">Service</span><span class="p">[</span><span class="s1">'app'</span><span class="p">],</span> <span class="p">}</span> <span class="c"># Typreferenz </span><span class="n">service</span> <span class="p">{</span> <span class="s1">'app'</span><span class="p">:</span> <span class="py">ensure</span> <span class="p">=&gt;</span> <span class="n">running</span><span class="p">,</span> <span class="kp">subscribe</span> <span class="p">=&gt;</span> <span class="nc">App_config</span><span class="p">[</span><span class="s1">'enable_logging'</span><span class="p">],</span> <span class="p">}</span> <span class="c"># Typdeklaration mit Lambda und Splat-Operator </span><span class="nv">$config_hash</span><span class="o">.</span><span class="n">each</span> <span class="p">|</span><span class="nc">String</span> <span class="nv">$key</span><span class="p">,</span> <span class="nc">Hash</span> <span class="nv">$hash</span><span class="p">|</span> <span class="p">{</span> <span class="n">app_config</span> <span class="p">{</span> <span class="nv">$key</span><span class="p">:</span> <span class="o">*</span> <span class="p">=&gt;</span> <span class="nv">$hash</span><span class="p">,</span> <span class="p">}</span> <span class="p">}</span> <span class="c"># Virtuelle oder exportierte Ressource </span><span class="err">@@</span><span class="n">app_config</span> <span class="p">{</span> <span class="s1">'app_mount'</span><span class="p">:</span> <span class="py">ensure</span> <span class="p">=&gt;</span> <span class="n">present</span><span class="p">,</span> <span class="py">value</span> <span class="p">=&gt;</span> <span class="s2">"</span><span class="err">$</span><span class="s2">{facts['networking']['fqdn']}/srv/app_mount"</span><span class="p">,</span> <span class="py">tag</span> <span class="p">=&gt;</span> <span class="s1">'blog'</span><span class="p">,</span> <span class="p">}</span> <span class="c"># Ressourcen-Sammler </span><span class="nc">App_config</span> <span class="o">&lt;</span><span class="p">&lt;|</span> <span class="n">tag</span> <span class="o">==</span> <span class="s1">'blog'</span> <span class="p">|&gt;</span><span class="o">&gt;</span> </code></pre> </div> <h2> Resourcen-API </h2> <p>Die moderne Ressourcen-API hat eine Einschränkung: Man kann Typen nicht aktualisieren! Außerdem besteht sie aus Typen und Anbietern, die am selben Ort wie die bestehende Implementierung platziert werden müssen.</p> <h3> Ressourcen-API-Typ </h3> <p>Der Ressourcen-API-Typ verwendet einen Attributs-Hash, um alle Parameter und Eigenschaften aufzulisten. Innerhalb des <code>type</code>-Schlüssels kann man jeden der integrierten Puppet-Datentypen verwenden.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># lib/puppet/type/app_config.rb</span> <span class="nb">require</span> <span class="s1">'puppet/resource_api'</span> <span class="no">Puppet</span><span class="o">::</span><span class="no">ResourceApi</span><span class="p">.</span><span class="nf">register_type</span><span class="p">(</span> <span class="ss">name: </span><span class="s1">'app_config'</span><span class="p">,</span> <span class="ss">docs: </span><span class="o">&lt;&lt;-</span><span class="no">EOS</span><span class="p">,</span><span class="sh"> @summary Der Typ zur Verwaltung von App-Konfigurationseinstellungen @example app_config { 'key': ensure =&gt; present, value =&gt; 'value', } Dieser Typ bietet Puppet die Möglichkeit, unsere Anwendungsconfig zu verwalten. </span><span class="no"> EOS</span> <span class="ss">features: </span><span class="p">[]</span> <span class="ss">attributes: </span><span class="p">{</span> <span class="ss">ensure: </span><span class="p">{</span> <span class="ss">type: </span><span class="s1">'Enum[present, absent]'</span><span class="p">,</span> <span class="ss">desc: </span><span class="s1">'Ob die Einstellung hinzugefügt oder entfernt werden soll'</span><span class="p">,</span> <span class="ss">default: </span><span class="s1">'present'</span><span class="p">,</span> <span class="p">},</span> <span class="ss">name: </span><span class="p">{</span> <span class="ss">type: </span><span class="s1">'String'</span><span class="p">,</span> <span class="ss">desc: </span><span class="s1">'Die Einstellung, die verwaltet werden soll'</span><span class="p">,</span> <span class="ss">behavior: :namevar</span><span class="p">,</span> <span class="p">},</span> <span class="ss">value: </span><span class="p">{</span> <span class="ss">type: </span><span class="s1">'Variant[String, Integer, Array]'</span><span class="p">,</span> <span class="ss">desc: </span><span class="s1">'Der Wert, der gesetzt werden soll'</span> <span class="p">}</span> <span class="p">}</span> <span class="p">)</span> </code></pre> </div> <h3> Ressourcen-API-Anbieter </h3> <p>Die einfachste Lösung ist die Verwendung der Klasse <code>SimpleProvider</code>. Dieser Anbieter benötigt bis zu 4 Definitionen:</p> <ul> <li>get</li> <li>create</li> <li>update</li> <li>delete </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># lib/puppet/provider/app_config/cli.rb</span> <span class="nb">require</span> <span class="s1">'puppet/resource_api/simple_provider'</span> <span class="nb">require</span> <span class="s1">'open3'</span> <span class="k">class</span> <span class="nc">Puppet::Provider::AppConfig::Cli</span> <span class="o">&lt;</span> <span class="no">Puppet</span><span class="o">::</span><span class="no">ResourceApi</span><span class="o">::</span><span class="no">SimpleProvider</span> <span class="vg">$app_command</span> <span class="o">=</span> <span class="s1">'/opt/app/bin/app.exe'</span> <span class="c1"># Get: Alle lesbaren Konfigurationseinstellungen in einen Hash abrufen</span> <span class="k">def</span> <span class="nf">get</span><span class="p">(</span><span class="n">context</span><span class="p">)</span> <span class="n">context</span><span class="p">.</span><span class="nf">debug</span><span class="p">(</span><span class="s1">'Gibt Daten vom Befehl zurück'</span><span class="p">)</span> <span class="vi">@result</span> <span class="o">=</span> <span class="p">[]</span> <span class="n">stdout</span><span class="p">,</span> <span class="n">stderr</span><span class="p">,</span> <span class="n">status</span> <span class="o">=</span> <span class="no">Open3</span><span class="p">.</span><span class="nf">capture3</span><span class="p">(</span><span class="s1">'/opt/app/bin/app.exe list'</span><span class="p">)</span> <span class="k">raise</span> <span class="no">ParseError</span> <span class="s2">"Fehler beim Ausführen des Befehls: </span><span class="se">\n</span><span class="si">#{</span><span class="n">stderr</span><span class="si">}</span><span class="s2">"</span> <span class="k">unless</span> <span class="n">status</span><span class="p">.</span><span class="nf">success?</span> <span class="c1"># Fehlende Fehlerbehandlung. Dies dient nur zur Demo</span> <span class="vi">@command_result</span> <span class="o">=</span> <span class="n">stdout</span><span class="p">.</span><span class="nf">split</span><span class="p">(</span><span class="sr">%r{</span><span class="se">\n</span><span class="sr">}</span><span class="p">)</span> <span class="vi">@command_result</span><span class="p">.</span><span class="nf">each</span> <span class="k">do</span> <span class="o">|</span><span class="n">line</span><span class="o">|</span> <span class="k">next</span> <span class="k">if</span> <span class="n">line</span> <span class="o">==</span> <span class="s1">'---'</span> <span class="n">key</span> <span class="o">=</span> <span class="n">line</span><span class="p">.</span><span class="nf">split</span><span class="p">(</span><span class="s1">':'</span><span class="p">)[</span><span class="mi">0</span><span class="p">]</span> <span class="n">value</span> <span class="o">=</span> <span class="n">line</span><span class="p">.</span><span class="nf">split</span><span class="p">(</span><span class="s1">':'</span><span class="p">)[</span><span class="mi">1</span><span class="p">].</span><span class="nf">strip</span> <span class="nb">hash</span> <span class="o">=</span> <span class="p">{</span> <span class="s1">'ensure'</span><span class="p">:</span> <span class="s1">'present'</span><span class="p">,</span> <span class="s1">'name'</span><span class="p">:</span> <span class="n">key</span><span class="p">,</span> <span class="s1">'value'</span><span class="p">:</span> <span class="n">value</span><span class="p">,</span> <span class="p">}</span> <span class="vi">@result</span> <span class="o">+=</span> <span class="p">[</span> <span class="nb">hash</span> <span class="p">]</span> <span class="k">end</span> <span class="vi">@result</span> <span class="k">end</span> <span class="c1"># Create: Eine neue Konfigurationseinstellung mit Name und Sollwert hinzufügen</span> <span class="k">def</span> <span class="nf">create</span><span class="p">(</span><span class="n">context</span><span class="p">,</span> <span class="nb">name</span><span class="p">,</span> <span class="n">should</span><span class="p">)</span> <span class="n">context</span><span class="p">.</span><span class="nf">notice</span><span class="p">(</span><span class="s2">"Erstelle '</span><span class="si">#{</span><span class="nb">name</span><span class="si">}</span><span class="s2">' mit </span><span class="si">#{</span><span class="n">should</span><span class="p">[</span><span class="ss">:value</span><span class="p">]</span><span class="si">}</span><span class="s2">"</span><span class="p">)</span> <span class="n">_stdout</span><span class="p">,</span> <span class="n">_stderr</span><span class="p">,</span> <span class="n">status</span> <span class="o">=</span> <span class="no">Open3</span><span class="p">.</span><span class="nf">capture3</span><span class="p">(</span><span class="s2">"/opt/app/bin/app.exe set </span><span class="si">#{</span><span class="nb">name</span><span class="si">}</span><span class="s2"> </span><span class="si">#{</span><span class="n">should</span><span class="p">[</span><span class="ss">:value</span><span class="p">]</span><span class="si">}</span><span class="s2">"</span><span class="p">)</span> <span class="c1"># Fehlende Fehlerbehandlung. Dies dient nur zur Demo</span> <span class="k">return</span> <span class="kp">true</span> <span class="k">unless</span> <span class="n">status</span><span class="p">.</span><span class="nf">success?</span> <span class="k">end</span> <span class="c1"># Update: Eine vorhandene Einstellung mit Namen korrigieren und durch den Sollwert ersetzen</span> <span class="k">def</span> <span class="nf">update</span><span class="p">(</span><span class="n">context</span><span class="p">,</span> <span class="nb">name</span><span class="p">,</span> <span class="n">should</span><span class="p">)</span> <span class="n">context</span><span class="p">.</span><span class="nf">notice</span><span class="p">(</span><span class="s2">"Aktualisiere '</span><span class="si">#{</span><span class="nb">name</span><span class="si">}</span><span class="s2">' mit </span><span class="si">#{</span><span class="n">should</span><span class="p">[</span><span class="ss">:value</span><span class="p">]</span><span class="si">}</span><span class="s2">"</span><span class="p">)</span> <span class="n">_stdout</span><span class="p">,</span> <span class="n">_stderr</span><span class="p">,</span> <span class="n">status</span> <span class="o">=</span> <span class="no">Open3</span><span class="p">.</span><span class="nf">capture3</span><span class="p">(</span><span class="s2">"/opt/app/bin/app.exe set </span><span class="si">#{</span><span class="nb">name</span><span class="si">}</span><span class="s2"> </span><span class="si">#{</span><span class="n">should</span><span class="p">[</span><span class="ss">:value</span><span class="p">]</span><span class="si">}</span><span class="s2">"</span><span class="p">)</span> <span class="c1"># Fehlende Fehlerbehandlung. Dies dient nur zur Demo</span> <span class="k">return</span> <span class="kp">true</span> <span class="k">unless</span> <span class="n">status</span><span class="p">.</span><span class="nf">success?</span> <span class="k">end</span> <span class="c1"># Delete: Eine Konfigurationseinstellung entfernen</span> <span class="k">def</span> <span class="nf">delete</span><span class="p">(</span><span class="n">context</span><span class="p">,</span> <span class="nb">name</span><span class="p">)</span> <span class="n">context</span><span class="p">.</span><span class="nf">notice</span><span class="p">(</span><span class="s2">"Lösche '</span><span class="si">#{</span><span class="nb">name</span><span class="si">}</span><span class="s2">'"</span><span class="p">)</span> <span class="n">_stdout</span><span class="p">,</span> <span class="n">_stderr</span><span class="p">,</span> <span class="n">status</span> <span class="o">=</span> <span class="no">Open3</span><span class="p">.</span><span class="nf">capture3</span><span class="p">(</span><span class="s2">"/opt/app/bin/app.exe rm </span><span class="si">#{</span><span class="nb">name</span><span class="si">}</span><span class="s2">"</span><span class="p">)</span> <span class="c1"># Fehlende Fehlerbehandlung. Dies dient nur zur Demo</span> <span class="k">return</span> <span class="kp">true</span> <span class="k">unless</span> <span class="n">status</span><span class="p">.</span><span class="nf">success?</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <h2> Zusammenfassung </h2> <p>Typen und Anbieter sind nicht komplex. Sie beschreiben im Grunde das CRUD-Verhalten von Puppet. Der Typ definiert, wie man die Puppet DSL verwendet, während der Anbieter steuert, wie spezifische Einstellungen überprüft und behandelt werden.</p> <p>Eine exzessive Nutzung der <code>exec</code> Resource ist zu vermweiden. In den meisten Fällen ermöglicht ein einfacher Typ und Anbieter eine bessere Analyse, Fehlerbehandlung und Kontrolle über das, was passiert. Darüber hinaus: <strong>benutzerdefinierte Typen und Anbieter führen schneller aus</strong> im Vergleich zur Verwendung des <code>exec</code>-Typs - viel schneller!</p> <p>Die Beispielanwendung und die funktionierenden Typen und Anbieter aus diesem Posting sind auf GitHub verfügbar:</p> <ul> <li>Die App: <a href="https://github.com/betadots/workshop-demo-app" rel="noopener noreferrer">Workshop-Demo-App</a> </li> <li>Das Puppet-Modul mit Typen und Anbietern für die App: <a href="https://github.com/betadots/workshop-demo-module/tree/ruby_workshop" rel="noopener noreferrer">Workshop-Demo-Modul</a> </li> </ul> <p>App-Nutzung:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># APP installieren:</span> git clone https://github.com/betadots/workshop-demo-app /opt/app /opt/app/bin/app.exe <span class="c"># Puppet-Modul installieren:</span> git clone https://github.com/betadots/workshop-demo-module <span class="nt">-b</span> ruby_workshop modules/app <span class="c"># Type API V1</span> puppet resource app_config <span class="nt">--modulepath</span> modules <span class="c"># Type Resource API</span> puppet resource app_config2 <span class="nt">--modulepath</span> modules </code></pre> </div> <p>Viel Spaß beim Puppetisieren,<br><br> Martin</p> puppet ruby The Ruby side of Puppet - Part 2 - Custom Functions Martin Alfke Tue, 14 Jan 2025 16:04:08 +0000 https://dev.to/betadots/the-ruby-side-of-puppet-part-2-custom-functions-7c7 https://dev.to/betadots/the-ruby-side-of-puppet-part-2-custom-functions-7c7 <p>This is the second post in a series of three, covering the concepts and best practices for extending <a href="https://www.puppet.com" rel="noopener noreferrer">Puppet</a> using <a href="https://www.puppet.com/docs/puppet/latest/custom_facts" rel="noopener noreferrer">custom facts</a>, <a href="https://www.puppet.com/docs/puppet/latest/custom_functions_ruby" rel="noopener noreferrer">custom functions</a> and <a href="https://www.puppet.com/docs/puppet/latest/custom_types" rel="noopener noreferrer">custom types</a> and <a href="https://www.puppet.com/docs/puppet/latest/provider_development" rel="noopener noreferrer">providers</a>.</p> <p><a href="https://dev.to/betadots/the-ruby-side-of-puppet-part-1-custom-facts-3hb7">Part 1 covers Custom Facts</a>, which explain how a node can provide information to the Puppet Server.</p> <p>Part 2 (this post) focuses on Custom Functions, demonstrating how to develop functions for data processing and execution.</p> <p><a href="https://dev.to/betadots/the-ruby-side-of-puppet-part-3-custom-types-and-providers-4hma">Part 3</a> covers Custom Types and Providers, showing how to extend Puppet's DSL functionality.</p> <p><strong>Custom Functions in Puppet</strong>:</p> <p>Functions in Puppet are executed on the Puppet server, specifically inside the compiler. These functions have access to all facts and Puppet variables, as long as they exist within the function’s namespace.</p> <p>There are two main types of functions in Puppet:</p> <ul> <li>Statement functions</li> <li>Return value functions</li> </ul> <p><strong>Statement functions</strong> can interact with Puppet internals. The most common statement functions are <code>include</code> or <code>contain</code>, which add classes to the catalog, or <code>noop</code> and <code>notice</code>, which set all resources into simulation mode or print entries into the Puppet server log file.</p> <p><strong>Return value functions</strong> such as <code>lookup</code> or <code>read_url</code>, return values from Hiera or external sources like web servers.<br> Some return value functions can also manipulate data (<code>each</code>, <code>filter</code>, <code>map</code>, <code>reduce</code>).</p> <p><strong>Why Create Custom Functions?</strong></p> <p>Here are some reasons you might develop custom functions in Puppet:</p> <ul> <li>Writing a custom Hiera lookup function</li> <li>Converting data structures for specific needs</li> </ul> <p><strong>Content</strong>:</p> <ol> <li>Function development</li> <li>Functions in Modules</li> <li>General API</li> <li>Dispatcher and Define</li> <li>Using functions in Puppet DSL</li> <li>Summary</li> </ol> <h2> Function development </h2> <p>Since functions are executed only at compile time, it is advisable to first focus on their core functionality before integrating them with the Function API. This allows you to test the logic with local data, avoiding issues on the Puppet server that could break compilation or even crash the server.</p> <p>For example, imagine you have a data structure that outlines various aspects of a system's configuration. Using a function, you can expose specific parts of this data structure as variables.</p> <p><strong>Example Data Structure</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">server_hash</span><span class="pi">:</span> <span class="s1">'</span><span class="s">postfix'</span><span class="err">:</span> <span class="s1">'</span><span class="s">config'</span><span class="err">:</span> <span class="s1">'</span><span class="s">transport'</span><span class="err">:</span> <span class="s1">'</span><span class="s">mta'</span> <span class="s1">'</span><span class="s">ssl'</span><span class="err">:</span> <span class="kc">true</span> <span class="s">'apache'</span><span class="err">:</span> <span class="s1">'</span><span class="s">config'</span><span class="err">:</span> <span class="s1">'</span><span class="s">vhost'</span><span class="err">:</span> <span class="s1">'</span><span class="s">server.domain.tld'</span> <span class="s1">'</span><span class="s">document_root'</span><span class="err">:</span> <span class="s1">'</span><span class="s">/srv/www/html/server.domain.tld'</span> <span class="s1">'</span><span class="s">ssl'</span><span class="err">:</span> <span class="kc">true</span> <span class="s">'proxy_pass'</span><span class="err">:</span> <span class="s1">'</span><span class="s">http://localhost:8080'</span> <span class="s1">'</span><span class="s">tomcat'</span><span class="err">:</span> <span class="s1">'</span><span class="s">config'</span><span class="err">:</span> <span class="s1">'</span><span class="s">application'</span><span class="err">:</span> <span class="s1">'</span><span class="s">crm'</span> <span class="s1">'</span><span class="s">service'</span><span class="err">:</span> <span class="s1">'</span><span class="s">frontend'</span> </code></pre> </div> <p>Assume that this data structure comes from Hiera, and you want to allow other teams, who may write their own modules, to reuse this data without performing additional lookups. This would allow you to modify the data structure internally while still providing teams with the required information.</p> <p><strong>Example Function</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># test data</span> <span class="n">server_hash</span> <span class="o">=</span> <span class="p">{</span> <span class="s1">'postfix'</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="s1">'config'</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="s1">'transport'</span> <span class="o">=&gt;</span> <span class="s1">'mta'</span><span class="p">,</span> <span class="s1">'ssl'</span> <span class="o">=&gt;</span> <span class="kp">true</span> <span class="p">}</span> <span class="p">},</span> <span class="s1">'apache'</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="s1">'config'</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="s1">'vhost'</span> <span class="o">=&gt;</span> <span class="s1">'server.domain.tld'</span><span class="p">,</span> <span class="s1">'document_root'</span> <span class="o">=&gt;</span> <span class="s1">'/srv/www/html/server.domain.tld'</span><span class="p">,</span> <span class="s1">'ssl'</span> <span class="o">=&gt;</span> <span class="kp">true</span><span class="p">,</span> <span class="s1">'proxy_pass'</span> <span class="o">=&gt;</span> <span class="s1">'http://localhost:8080'</span> <span class="p">}</span> <span class="p">},</span> <span class="s1">'tomcat'</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="s1">'config'</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="s1">'application'</span> <span class="o">=&gt;</span> <span class="s1">'crm'</span><span class="p">,</span> <span class="s1">'service'</span> <span class="o">=&gt;</span> <span class="s1">'frontend'</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="c1"># function definition</span> <span class="k">def</span> <span class="nf">read_service_config</span><span class="p">(</span><span class="n">data</span><span class="p">,</span> <span class="n">service</span><span class="p">)</span> <span class="n">data</span><span class="p">[</span><span class="n">service</span><span class="p">]</span> <span class="k">end</span> <span class="c1"># testing the function</span> <span class="nb">puts</span> <span class="n">read_service_config</span><span class="p">(</span><span class="n">server_hash</span><span class="p">,</span> <span class="s1">'tomcat'</span><span class="p">)</span> </code></pre> </div> <h2> Functions in Modules </h2> <p>Puppet provides an API for creating custom functions. To ensure the Puppet agent can locate these functions, they must be placed in specific directories within a module.</p> <p>Files inside the module's <code>lib</code> directory are synchronized across all agents. Note that it is not possible to limit which files are synchronized.</p> <p>Custom functions can be added to one of two directory structures:</p> <ul> <li> <code>lib/puppet/parser/functions</code> - Functions API v1</li> <li> <code>lib/puppet/functions</code> - Functions API v2</li> </ul> <p>The newer Functions API v2 supports subdirectories, allowing you to namespace your functions. The filename should match the function name.</p> <p>In this post, we’ll focus on the modern API v2.</p> <p><strong>Example Directory Structure</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># &lt;modulepath&gt;/stdlib/</span> <span class="se">\-</span> lib/ <span class="se">\-</span> puppet/ <span class="se">\-</span> functions/ <span class="se">\-</span> stdlib/ <span class="se">\-</span> to_yaml.rb </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># stdlib/lib/puppet/functions/stdlib/to_yaml.rb</span> <span class="no">Puppet</span><span class="o">::</span><span class="no">Functions</span><span class="p">.</span><span class="nf">create_function</span><span class="p">(</span><span class="ss">:'stdlib::to_yaml'</span><span class="p">)</span> <span class="k">do</span> <span class="c1"># ...</span> <span class="k">end</span> </code></pre> </div> <p>We recommend prefixing custom functions with the module name to avoid naming conflicts.</p> <h2> General API </h2> <p>To create custom functions in Puppet, use the following structure:</p> <p><strong>Example</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># &lt;modulepath&gt;/betadots/lib/puppet/functions/betadots/resolve.rb</span> <span class="no">Puppet</span><span class="o">::</span><span class="no">Functions</span><span class="p">.</span><span class="nf">create_function</span><span class="p">(</span><span class="ss">:'betadots::resolve'</span><span class="p">)</span> <span class="k">do</span> <span class="c1"># ...</span> <span class="k">end</span> </code></pre> </div> <p>Note that the namespace <strong>must</strong> be identical to the module name.</p> <h2> Dispatcher and Define </h2> <p>Within the <code>do ... end</code> of the function, you need to add a dispatcher. The dispatcher validates the input data and links it to a named definition, which executes the corresponding Ruby code.</p> <p>The dispatcher can check data types using <code>param</code> and map values to Ruby symbols. The definition uses the dispatcher’s name and the parameters provided in the dispatcher.</p> <p>The final command in the definition determines the return value.</p> <p><strong>Example Dispatcher for an IPv4 Address</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># &lt;modulepath&gt;/betadots/lib/puppet/functions/betadots/resolve.rb</span> <span class="no">Puppet</span><span class="o">::</span><span class="no">Functions</span><span class="p">.</span><span class="nf">create_function</span><span class="p">(</span><span class="ss">:'betadots::resolve'</span><span class="p">)</span> <span class="k">do</span> <span class="n">dispatch</span> <span class="ss">:ip</span> <span class="k">do</span> <span class="n">param</span> <span class="s1">'Regexp[/^(\d{1,3}).(\d{1,3}).(\d{1,3}).(\d{1,3})$/]'</span><span class="p">,</span> <span class="ss">:ipaddr</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <p>Here’s a table of common parameter methods used in dispatchers:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Method</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td> <code>param</code> or <code>required_param</code> </td> <td>A mandatory argument. May occur multiple times. <strong>Position</strong>: All mandatory arguments must come first.</td> </tr> <tr> <td><code>optional_param</code></td> <td>An argument that can be omitted. You can use any number of these. When there are multiple optional arguments, users can only pass latter ones if they also provide values for the prior ones. This also applies to repeated arguments. <strong>Position</strong>: Must come after any required arguments.</td> </tr> <tr> <td> <code>repeated_params</code> or <code>optional_repeated_params</code> </td> <td>A repeatable argument, which can receive zero or more values. A signature can only use one repeatable argument. <strong>Position</strong>: Must come after any non-repeating arguments.</td> </tr> <tr> <td><code>required_repeated_param</code></td> <td>A repeatable argument, which must receive one or more values. A signature can only use one repeatable argument. <strong>Position</strong>: Must come after any non-repeating arguments.</td> </tr> <tr> <td> <code>block_param</code> or <code>required_block_param</code> </td> <td>A mandatory lambda (block of Puppet code). A signature can only use one block. <strong>Position</strong>: Must come after all other arguments.</td> </tr> <tr> <td><code>optional_block_param</code></td> <td>An optional lambda. A signature can only use one block. <strong>Position</strong>: Must come after all other arguments.</td> </tr> </tbody> </table></div> <p><strong>Adding a Definition</strong>:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Description</th> <th>Dispatcher</th> <th>Definition</th> </tr> </thead> <tbody> <tr> <td>Name</td> <td><code>dispatch :ip</code></td> <td><code>def ip</code></td> </tr> <tr> <td>Parameter</td> <td><code>param ..., :ipaddr</code></td> <td><code>def ip(ipaddr)</code></td> </tr> </tbody> </table></div> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># &lt;modulepath&gt;/betadots/lib/puppet/functions/betadots/resolve.rb</span> <span class="no">Puppet</span><span class="o">::</span><span class="no">Functions</span><span class="p">.</span><span class="nf">create_function</span><span class="p">(</span><span class="ss">:'betadots::resolve'</span><span class="p">)</span> <span class="k">do</span> <span class="nb">require</span> <span class="s1">'resolv'</span> <span class="n">dispatch</span> <span class="ss">:ip</span> <span class="k">do</span> <span class="n">param</span> <span class="s1">'Regexp[/^(\d{1,3}).(\d{1,3}).(\d{1,3}).(\d{1,3})$/]'</span><span class="p">,</span> <span class="ss">:ipaddr</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">ip</span><span class="p">(</span><span class="n">ipaddr</span><span class="p">)</span> <span class="no">Resolv</span><span class="p">.</span><span class="nf">getname</span> <span class="n">ipaddr</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <p>Now additional dispatchers and definitions can be added:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># &lt;modulepath&gt;/betadots/lib/puppet/functions/betadots/resolve.rb</span> <span class="no">Puppet</span><span class="o">::</span><span class="no">Functions</span><span class="p">.</span><span class="nf">create_function</span><span class="p">(</span><span class="ss">:'betadots::resolve'</span><span class="p">)</span> <span class="k">do</span> <span class="nb">require</span> <span class="s1">'socket'</span> <span class="n">dispatch</span> <span class="ss">:ip</span> <span class="k">do</span> <span class="n">param</span> <span class="s1">'Regexp[/^(\d{1,3}).(\d{1,3}).(\d{1,3}).(\d{1,3})$/]'</span><span class="p">,</span> <span class="ss">:ipaddr</span> <span class="k">end</span> <span class="n">dispatch</span> <span class="ss">:dnsname</span> <span class="k">do</span> <span class="n">param</span> <span class="s1">'Regexp[/.*/]'</span><span class="p">,</span> <span class="ss">:dnsname</span> <span class="k">end</span> <span class="n">dispatch</span> <span class="ss">:local_hostname</span> <span class="k">do</span> <span class="n">param</span> <span class="s1">'Regexp[//]'</span><span class="p">,</span> <span class="ss">:local_hostname</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">ip</span><span class="p">(</span><span class="n">ipaddr</span><span class="p">)</span> <span class="no">Addrinfo</span><span class="p">.</span><span class="nf">tcp</span><span class="p">(</span><span class="n">ipaddr</span><span class="p">,</span> <span class="s1">'80'</span><span class="p">).</span><span class="nf">getnameinfo</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">dnsname</span><span class="p">(</span><span class="n">dnsname</span><span class="p">)</span> <span class="no">Addrinfo</span><span class="p">.</span><span class="nf">ip</span><span class="p">(</span><span class="n">dnsname</span><span class="p">).</span><span class="nf">getnameinfo</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">local_hostname</span> <span class="no">Socket</span><span class="p">.</span><span class="nf">gethostname</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <h2> Using functions in Puppet DSL </h2> <p>Within Puppet the functions usually gets executed during compile time.<br> A special case is the <a href="https://www.puppet.com/docs/puppet/8/deferring_functions.html" rel="noopener noreferrer">deferred function</a> which gets executed on the agent.</p> <p>Let's consider two use-cases:</p> <ol> <li>using resolv function on the compiler</li> <li>using resolv function on the agent</li> </ol> <h3> Use case 1: compiler execution </h3> <p>The function can be used anywhere in the code:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight puppet"><code><span class="k">class</span> <span class="nc">betadots::resolver</span> <span class="p">(</span> <span class="nc">Stdlib</span><span class="p">::</span><span class="nc">Fqdn</span> <span class="nv">$local_hostname</span> <span class="o">=</span> <span class="nf">betadots::resolve</span><span class="p">(),</span> <span class="p">)</span> <span class="p">{</span> <span class="nv">$ip_from_google</span> <span class="o">=</span> <span class="nf">betadots::resolve</span><span class="p">(</span><span class="s1">'www.google.com'</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <h3> Use case 2: agent execution </h3> <p>The function must be declared to run in deferred mode in Puppet. Avoid using the function within the class header, as this could potentially overwrite the function call from hiera data.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight puppet"><code><span class="k">class</span> <span class="nc">betadots::local_resolve</span> <span class="p">(</span> <span class="p">)</span> <span class="p">{</span> <span class="nv">$local_api_ip</span> <span class="o">=</span> <span class="nf">Deferred</span><span class="p">(</span><span class="s1">'betadots::resolve'</span><span class="p">,</span> <span class="p">[</span><span class="s1">'api.int.domain.tld'</span><span class="p">])</span> <span class="p">}</span> </code></pre> </div> <h2> Summary </h2> <p>Puppet provides a stable API for creating custom functions.<br> Before creating a new function, check whether a solutions already exists in <a href="https://github.com/puppetlabs/puppetlabs-stdlib" rel="noopener noreferrer">Stdlib-</a> or <a href="https://github.com/voxpupuli/puppet-extlib" rel="noopener noreferrer">Extlib-Module</a>.</p> <p>Remember to prefix your functions with your module name to avoid conflicts and help identify their origin.</p> <p>Happy puppetizing,<br> Martin</p> puppet ruby Die Ruby-Seite von Puppet - Teil 2 - Benutzerdefinierte Funktionen Martin Alfke Tue, 14 Jan 2025 16:01:03 +0000 https://dev.to/betadots/die-ruby-seite-von-puppet-teil-2-benutzerdefinierte-funktionen-4ph3 https://dev.to/betadots/die-ruby-seite-von-puppet-teil-2-benutzerdefinierte-funktionen-4ph3 <p>Dies ist der zweite Beitrag einer dreiteiligen Serie, in der die Konzepte und Best Practices zum Erweitern von <a href="https://www.puppet.com" rel="noopener noreferrer">Puppet</a> mithilfe von <a href="https://www.puppet.com/docs/puppet/latest/custom_facts" rel="noopener noreferrer">benutzerdefinierten Facts</a>, <a href="https://www.puppet.com/docs/puppet/latest/custom_functions_ruby" rel="noopener noreferrer">benutzerdefinierten Funktionen</a> und <a href="https://www.puppet.com/docs/puppet/latest/custom_types" rel="noopener noreferrer">benutzerdefinierten Typen</a> und <a href="https://www.puppet.com/docs/puppet/latest/provider_development" rel="noopener noreferrer">Providern</a> behandelt werden.</p> <p><a href="https://dev.to/betadots/die-ruby-seite-von-puppet-teil-1-benutzerdefinierte-fakten-4nnj">Teil 1 behandelt Benutzerdefinierte Facts</a>, die erklären, wie ein Knoten Informationen an den Puppet-Server übermitteln kann.</p> <p>Teil 2 (dieser Beitrag) konzentriert sich auf Benutzerdefinierte Funktionen und zeigt, wie man Funktionen für Datenverarbeitung und Ausführung entwickelt.</p> <p><a href="https://dev.to/betadots/die-ruby-seite-von-puppet-teil-3-benutzerdefinierte-typen-und-provider-jbp">Teil 3</a> stellt dar, wie man die DSL-Funktionalität von Puppet mit neuen Typen und Provider erweitert.</p> <p><strong>Benutzerdefinierte Funktionen in Puppet</strong>:</p> <p>Funktionen in Puppet werden auf dem Puppet-Server, insbesondere im Compiler, ausgeführt. Diese Funktionen haben Zugriff auf alle Facts und Puppet-Variablen, solange sie mit dem Namensraum angegeben werden.</p> <p>Es gibt zwei Haupttypen von Funktionen in Puppet:</p> <ul> <li>Anweisungsfunktionen</li> <li>Rückgabefunktionen</li> </ul> <p><strong>Anweisungsfunktionen</strong> können mit den internen Mechanismen von Puppet interagieren. Die gebräuchlichsten Anweisungsfunktionen sind <code>include</code> und <code>contain</code>, die Klassen zum Katalog hinzufügen, oder <code>noop</code> und <code>notice</code>, die alle Ressourcen in den Simulationsmodus versetzen oder Einträge in die Protokolldatei des Puppet-Servers schreiben.</p> <p><strong>Rückgabefunktionen</strong> wie <code>lookup</code> oder <code>read_url</code> geben Werte aus Hiera oder externen Quellen wie Webservern zurück. Einige Rückgabefunktionen können auch Daten manipulieren (<code>each</code>, <code>filter</code>, <code>map</code>, <code>reduce</code>).</p> <p><strong>Warum benutzerdefinierte Funktionen erstellen?</strong></p> <p>Hier sind einige Gründe, warum man benutzerdefinierte Funktionen in Puppet entwickeln könnte:</p> <ul> <li>Erstellen einer benutzerdefinierten Hiera-Suchfunktion</li> <li>Umwandeln von Datenstrukturen für spezifische Anforderungen</li> </ul> <p><strong>Inhalt</strong>:</p> <ol> <li>Funktion-Entwicklung</li> <li>Funktionen in Modulen</li> <li>Allgemeine API</li> <li>Dispatcher und Definition</li> <li>Verwendung von Funktionen in der Puppet-DSL</li> <li>Zusammenfassung</li> </ol> <h2> Funktion-Entwicklung </h2> <p>Da Funktionen nur zur Kompilierzeit ausgeführt werden, empfiehlt es sich, sich zunächst auf ihre Kernfunktionalität zu konzentrieren, bevor sie in die Funktions-API integriert werden. Dadurch kann die Logik mit lokalen Daten getestet werden, ohne dass Probleme auf dem Puppet-Server auftreten, die die Kompilierung unterbrechen oder den Server sogar zum Absturz bringen könnten.</p> <p>Als Beispiel wird eine Datenstruktur definiert, die verschiedene Aspekte der Konfiguration eines Systems darstellt. Mit einer Funktion kann man bestimmte Teile dieser Datenstruktur als Variablen verfügbar machen.</p> <p><strong>Beispiel für eine Datenstruktur</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">server_hash</span><span class="pi">:</span> <span class="s1">'</span><span class="s">postfix'</span><span class="err">:</span> <span class="s1">'</span><span class="s">config'</span><span class="err">:</span> <span class="s1">'</span><span class="s">transport'</span><span class="err">:</span> <span class="s1">'</span><span class="s">mta'</span> <span class="s1">'</span><span class="s">ssl'</span><span class="err">:</span> <span class="kc">true</span> <span class="s">'apache'</span><span class="err">:</span> <span class="s1">'</span><span class="s">config'</span><span class="err">:</span> <span class="s1">'</span><span class="s">vhost'</span><span class="err">:</span> <span class="s1">'</span><span class="s">server.domain.tld'</span> <span class="s1">'</span><span class="s">document_root'</span><span class="err">:</span> <span class="s1">'</span><span class="s">/srv/www/html/server.domain.tld'</span> <span class="s1">'</span><span class="s">ssl'</span><span class="err">:</span> <span class="kc">true</span> <span class="s">'proxy_pass'</span><span class="err">:</span> <span class="s1">'</span><span class="s">http://localhost:8080'</span> <span class="s1">'</span><span class="s">tomcat'</span><span class="err">:</span> <span class="s1">'</span><span class="s">config'</span><span class="err">:</span> <span class="s1">'</span><span class="s">application'</span><span class="err">:</span> <span class="s1">'</span><span class="s">crm'</span> <span class="s1">'</span><span class="s">service'</span><span class="err">:</span> <span class="s1">'</span><span class="s">frontend'</span> </code></pre> </div> <p>Angenommen, diese Datenstruktur stammt aus Hiera, und man möchte anderen Teams, die ihre eigenen Module schreiben, die Wiederverwendung dieser Daten ohne zusätzliche Abfragen ermöglichen. Dadurch kann man die interne Datenstruktur ändern und die Funktion anpassen, während die Teams weiterhin die benötigten Informationen zur Verfügung gestellt bekommen.</p> <p><strong>Beispiel für eine Funktion</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># Test Daten</span> <span class="n">server_hash</span> <span class="o">=</span> <span class="p">{</span> <span class="s1">'postfix'</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="s1">'config'</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="s1">'transport'</span> <span class="o">=&gt;</span> <span class="s1">'mta'</span><span class="p">,</span> <span class="s1">'ssl'</span> <span class="o">=&gt;</span> <span class="kp">true</span> <span class="p">}</span> <span class="p">},</span> <span class="s1">'apache'</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="s1">'config'</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="s1">'vhost'</span> <span class="o">=&gt;</span> <span class="s1">'server.domain.tld'</span><span class="p">,</span> <span class="s1">'document_root'</span> <span class="o">=&gt;</span> <span class="s1">'/srv/www/html/server.domain.tld'</span><span class="p">,</span> <span class="s1">'ssl'</span> <span class="o">=&gt;</span> <span class="kp">true</span><span class="p">,</span> <span class="s1">'proxy_pass'</span> <span class="o">=&gt;</span> <span class="s1">'http://localhost:8080'</span> <span class="p">}</span> <span class="p">},</span> <span class="s1">'tomcat'</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="s1">'config'</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="s1">'application'</span> <span class="o">=&gt;</span> <span class="s1">'crm'</span><span class="p">,</span> <span class="s1">'service'</span> <span class="o">=&gt;</span> <span class="s1">'frontend'</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="c1"># Funktion definition</span> <span class="k">def</span> <span class="nf">read_service_config</span><span class="p">(</span><span class="n">data</span><span class="p">,</span> <span class="n">service</span><span class="p">)</span> <span class="n">data</span><span class="p">[</span><span class="n">service</span><span class="p">]</span> <span class="k">end</span> <span class="c1"># Testen der Funktion</span> <span class="nb">puts</span> <span class="n">read_service_config</span><span class="p">(</span><span class="n">server_hash</span><span class="p">,</span> <span class="s1">'tomcat'</span><span class="p">)</span> </code></pre> </div> <h2> Funktionen in Modulen </h2> <p>Puppet stellt eine API zum Erstellen benutzerdefinierter Funktionen zur Verfügung. Damit der Puppet Compiler diese Funktionen finden kann, müssen sie in bestimmten Verzeichnissen innerhalb eines Moduls abgelegt werden.</p> <p>Dateien im <code>lib</code>-Verzeichnis des Moduls werden auf alle Agenten synchronisiert. Es ist nicht möglich, zu steuern, welche Dateien synchronisiert werden.</p> <p>Benutzerdefinierte Funktionen können zu einer der beiden folgenden Verzeichnisstrukturen hinzugefügt werden:</p> <ul> <li> <code>lib/puppet/parser/functions</code> - Funktionen API v1</li> <li> <code>lib/puppet/functions</code> - Funktionen API v2</li> </ul> <p>Die neuere Funktionen-API v2 unterstützt Unterverzeichnisse, sodass man Funktionen in Namespaces organisieren können. Der Dateiname sollte mit dem Funktionsnamen übereinstimmen.</p> <p>In diesem Beitrag konzentrieren wir uns auf die moderne API v2.</p> <p><strong>Beispiel für eine Verzeichnisstruktur</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># &lt;modulepath&gt;/stdlib/</span> <span class="se">\-</span> lib/ <span class="se">\-</span> puppet/ <span class="se">\-</span> functions/ <span class="se">\-</span> stdlib/ <span class="se">\-</span> to_yaml.rb </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># stdlib/lib/puppet/functions/stdlib/to_yaml.rb</span> <span class="no">Puppet</span><span class="o">::</span><span class="no">Functions</span><span class="p">.</span><span class="nf">create_function</span><span class="p">(</span><span class="ss">:'stdlib::to_yaml'</span><span class="p">)</span> <span class="k">do</span> <span class="c1"># ...</span> <span class="k">end</span> </code></pre> </div> <p>Wir empfehlen, benutzerdefinierte Funktionen mit dem Modulnamen zu präfixen, um Namenskonflikte zu vermeiden.</p> <h2> Allgemeine API </h2> <p>Um benutzerdefinierte Funktionen in Puppet zu erstellen, verwendet man die folgende Struktur:</p> <p><strong>Beispiel</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># &lt;modulepath&gt;/betadots/lib/puppet/functions/betadots/resolve.rb</span> <span class="no">Puppet</span><span class="o">::</span><span class="no">Functions</span><span class="p">.</span><span class="nf">create_function</span><span class="p">(</span><span class="ss">:'betadots::resolve'</span><span class="p">)</span> <span class="k">do</span> <span class="c1"># ...</span> <span class="k">end</span> </code></pre> </div> <p>Bitte beachten, dass der Funktions Namespace identisch zum Modulnamen (betadots) sein <strong>muss</strong>.</p> <h2> Dispatcher und Definition </h2> <p>Innerhalb des <code>do ... end</code> Blocks der Funktion muss ein Dispatcher und eine Definition hinzugefügt werden. Der Dispatcher validiert die Eingabedaten und verknüpft sie mit einer benannten Definition, die den entsprechenden Ruby-Code ausführt.</p> <p>Der Dispatcher kann Datentypen mithilfe von <code>param</code> prüfen und Werte Ruby-Symbolen zuordnen. Die Definition verwendet den Namen des Dispatchers und die im Dispatcher bereitgestellten Parameter.</p> <p>Der letzte Befehl in der Definition bestimmt den Rückgabewert.</p> <p><strong>Beispiel für einen Dispatcher für eine IPv4-Adresse</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># &lt;modulepath&gt;/betadots/lib/puppet/functions/betadots/resolve.rb</span> <span class="no">Puppet</span><span class="o">::</span><span class="no">Functions</span><span class="p">.</span><span class="nf">create_function</span><span class="p">(</span><span class="ss">:'betadots::resolve'</span><span class="p">)</span> <span class="k">do</span> <span class="n">dispatch</span> <span class="ss">:ip</span> <span class="k">do</span> <span class="n">param</span> <span class="s1">'Regexp[/^(\d{1,3}).(\d{1,3}).(\d{1,3}).(\d{1,3})$/]'</span><span class="p">,</span> <span class="ss">:ipaddr</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <p>Hier ist eine Tabelle mit gängigen Methoden für Parameter in Dispatchern:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Methode</th> <th>Beschreibung</th> </tr> </thead> <tbody> <tr> <td> <code>param</code> oder <code>required_param</code> </td> <td>Ein obligatorisches Argument. Kann mehrfach verwendet werden. <strong>Position</strong>: Alle Pflichtargumente müssen zuerst erscheinen.</td> </tr> <tr> <td><code>optional_param</code></td> <td>Ein Argument, das ausgelassen werden kann.</td> </tr> <tr> <td> <code>repeated_params</code> oder <code>optional_repeated_params</code> </td> <td>Ein wiederholbares Argument, das null oder mehr Werte annehmen kann.</td> </tr> <tr> <td><code>required_repeated_param</code></td> <td>Ein wiederholbares Argument, das einen oder mehr Werte annehmen muss.</td> </tr> <tr> <td> <code>block_param</code> oder <code>required_block_param</code> </td> <td>Ein obligatorisches Lambda.</td> </tr> <tr> <td><code>optional_block_param</code></td> <td>Ein optionales Lambda.</td> </tr> </tbody> </table></div> <p><strong>Hinzufügen einer Definition</strong>:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Beschreibung</th> <th>Dispatcher</th> <th>Definition</th> </tr> </thead> <tbody> <tr> <td>Name</td> <td><code>dispatch :ip</code></td> <td><code>def ip</code></td> </tr> <tr> <td>Parameter</td> <td><code>param ..., :ipaddr</code></td> <td><code>def ip(ipaddr)</code></td> </tr> </tbody> </table></div> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># &lt;modulepath&gt;/betadots/lib/puppet/functions/betadots/resolve.rb</span> <span class="no">Puppet</span><span class="o">::</span><span class="no">Functions</span><span class="p">.</span><span class="nf">create_function</span><span class="p">(</span><span class="ss">:'betadots::resolve'</span><span class="p">)</span> <span class="k">do</span> <span class="nb">require</span> <span class="s1">'resolv'</span> <span class="n">dispatch</span> <span class="ss">:ip</span> <span class="k">do</span> <span class="n">param</span> <span class="s1">'Regexp[/^(\d{1,3}).(\d{1,3}).(\d{1,3}).(\d{1,3})$/]'</span><span class="p">,</span> <span class="ss">:ipaddr</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">ip</span><span class="p">(</span><span class="n">ipaddr</span><span class="p">)</span> <span class="no">Resolv</span><span class="p">.</span><span class="nf">getname</span> <span class="n">ipaddr</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <p>Nun können zusätzliche Dispatcher und Definitionen hinzugefügt werden:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># &lt;modulepath&gt;/betadots/lib/puppet/functions/betadots/resolve.rb</span> <span class="no">Puppet</span><span class="o">::</span><span class="no">Functions</span><span class="p">.</span><span class="nf">create_function</span><span class="p">(</span><span class="ss">:'betadots::resolve'</span><span class="p">)</span> <span class="k">do</span> <span class="nb">require</span> <span class="s1">'socket'</span> <span class="n">dispatch</span> <span class="ss">:ip</span> <span class="k">do</span> <span class="n">param</span> <span class="s1">'Regexp[/^(\d{1,3}).(\d{1,3}).(\d{1,3}).(\d{1,3})$/]'</span><span class="p">,</span> <span class="ss">:ipaddr</span> <span class="k">end</span> <span class="n">dispatch</span> <span class="ss">:dnsname</span> <span class="k">do</span> <span class="n">param</span> <span class="s1">'Regexp[/.*/]'</span><span class="p">,</span> <span class="ss">:dnsname</span> <span class="k">end</span> <span class="n">dispatch</span> <span class="ss">:local_hostname</span> <span class="k">do</span> <span class="n">param</span> <span class="s1">'Regexp[//]'</span><span class="p">,</span> <span class="ss">:local_hostname</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">ip</span><span class="p">(</span><span class="n">ipaddr</span><span class="p">)</span> <span class="no">Addrinfo</span><span class="p">.</span><span class="nf">tcp</span><span class="p">(</span><span class="n">ipaddr</span><span class="p">,</span> <span class="s1">'80'</span><span class="p">).</span><span class="nf">getnameinfo</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">dnsname</span><span class="p">(</span><span class="n">dnsname</span><span class="p">)</span> <span class="no">Addrinfo</span><span class="p">.</span><span class="nf">ip</span><span class="p">(</span><span class="n">dnsname</span><span class="p">).</span><span class="nf">getnameinfo</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span> <span class="k">end</span> <span class="k">def</span> <span class="nf">local_hostname</span> <span class="no">Socket</span><span class="p">.</span><span class="nf">gethostname</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <h2> Verwendung von Funktionen in der Puppet-DSL </h2> <p>Innerhalb von Puppet werden Funktionen in der Regel während der Kompilierzeit ausgeführt.<br> Eine besondere Ausnahme bildet die <a href="https://www.puppet.com/docs/puppet/8/deferring_functions.html" rel="noopener noreferrer">deferred function</a>, die auf dem Agenten ausgeführt wird.</p> <p>Im folgenden betrachten wir die zwei Anwendungsfälle:</p> <ol> <li>Verwendung der <code>resolve</code>-Funktion im Compiler</li> <li>Verwendung der <code>resolve</code>-Funktion auf dem Agenten</li> </ol> <h3> Anwendungsfall 1: Ausführung im Compiler </h3> <p>Die Funktion kann an beliebiger Stelle im Code verwendet werden:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight puppet"><code><span class="k">class</span> <span class="nc">betadots::resolver</span> <span class="p">(</span> <span class="nc">Stdlib</span><span class="p">::</span><span class="nc">Fqdn</span> <span class="nv">$local_hostname</span> <span class="o">=</span> <span class="nf">betadots::resolve</span><span class="p">(),</span> <span class="p">)</span> <span class="p">{</span> <span class="nv">$ip_from_google</span> <span class="o">=</span> <span class="nf">betadots::resolve</span><span class="p">(</span><span class="s1">'www.google.com'</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <h3> Anwendungsfall 2: Ausführung auf dem Agenten </h3> <p>Die Funktion muss in deferred mode deklariert werden, um in Puppet auf dem Agenten ausgeführt zu werden. Die Funktion sollte nicht als Parameter im Header der Klasse verwendet werden, da dies möglicherweise den Funktionsaufruf mit hiera-Daten überschreiben könnte.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight puppet"><code><span class="k">class</span> <span class="nc">betadots::local_resolve</span> <span class="p">(</span> <span class="p">)</span> <span class="p">{</span> <span class="nv">$local_api_ip</span> <span class="o">=</span> <span class="nf">Deferred</span><span class="p">(</span><span class="s1">'betadots::resolve'</span><span class="p">,</span> <span class="p">[</span><span class="s1">'api.int.domain.tld'</span><span class="p">])</span> <span class="p">}</span> </code></pre> </div> <h2> Zusammenfassung </h2> <p>Puppet bietet eine stabile API zum Erstellen benutzerdefinierter Funktionen.<br> Bevor eine neue Funktion erstellt wird, bitte prüfen, ob bereits eine Lösung im <a href="https://github.com/puppetlabs/puppetlabs-stdlib" rel="noopener noreferrer">Stdlib-</a> oder <a href="https://github.com/voxpupuli/puppet-extlib" rel="noopener noreferrer">Extlib-Modul</a> vorhanden ist.</p> <p>Funktionen sollten mit dem Modulnamen zu präfixen, um Konflikte zu vermeiden und deren Herkunft zu kennzeichnen.</p> <p>Viel Erfolg beim Puppetisieren,<br> Martin</p> puppet ruby Die Ruby-Seite von Puppet - Teil 1 - Benutzerdefinierte Fakten Martin Alfke Wed, 01 Jan 2025 17:26:54 +0000 https://dev.to/betadots/die-ruby-seite-von-puppet-teil-1-benutzerdefinierte-fakten-4nnj https://dev.to/betadots/die-ruby-seite-von-puppet-teil-1-benutzerdefinierte-fakten-4nnj <p>Dies ist der erste von drei Beiträgen, die die Konzepte und Best Practices zur Erweiterung von <a href="https://www.puppet.com" rel="noopener noreferrer">Puppet</a> mit Hilfe von <a href="https://www.puppet.com/docs/puppet/latest/custom_facts" rel="noopener noreferrer">benutzerdefinierten Fakten</a>, <a href="https://www.puppet.com/docs/puppet/8/custom_functions_ruby" rel="noopener noreferrer">benutzerdefinierten Funktionen</a>, <a href="https://www.puppet.com/docs/puppet/latest/custom_types" rel="noopener noreferrer">benutzerdefinierten Typen</a> und <a href="https://www.puppet.com/docs/puppet/latest/provider_development" rel="noopener noreferrer">Providern</a> behandeln.</p> <p><strong>Teil 1</strong> (dieser Beitrag) erklärt benutzerdefinierte Fakten und wie ein Puppet Agent dem Puppet-Server Informationen bereitstellen kann.</p> <p><a href="https://dev.to/betadots/die-ruby-seite-von-puppet-teil-2-benutzerdefinierte-funktionen-4ph3"><strong>Teil 2</strong></a> konzentriert sich auf benutzerdefinierte Funktione und erläutert detailliert, wie Datenverarbeitungs- oder Ausführungsfunktionen entwickelt werden können.</p> <p><a href="https://dev.to/betadots/die-ruby-seite-von-puppet-teil-3-benutzerdefinierte-typen-und-provider-jbp"><strong>Teil 3</strong></a> deckt benutzerdefinierte Typen und Provider ab, die die Funktionalität der Puppet-DSL erweitern.</p> <p><strong>Benutzerdefinierte Fakten</strong>:</p> <p>Es gibt mehrere Gründe, benutzerdefinierte Fakten zu entwickeln:</p> <ul> <li>Wann immer ein VM-Namensschema verwendet wird, empfehlen wir, das Namensschema als benutzerdefinierten Fakt bereitzustellen.</li> <li>Es ist manchmal erforderlich, den Zustand bestimmter Konfigurationen zu bestimmen oder ob bestimmte Software installiert ist.</li> <li>Die Rechenzentrumsabteilung benötigt möglicherweise einen Überblick über die physische Hardware, Details zu den Hardwareanbietern und End-of-Life (EOL)-Supportdaten. Darüber hinaus kann die Finanzabteilung Informationen über die Anzahl der verwendeten kommerziellen Lizenzen und die Versionen der installierten Software benötigen.</li> </ul> <p>Wann immer Informationen von einem Puppet Agenten benötigt werden, bietet Puppet die Möglichkeit, benutzerdefinierte Fakten zu implementieren.</p> <p><strong>Inhalt</strong>:</p> <ol> <li>Faktenerstellung</li> <li>Fakten in Modulen</li> <li>Allgemeine API</li> <li>Einschränkungen</li> <li>Hilfsfunktionen</li> <li>Zugriff auf andere Fakten</li> <li>Rückgabewerte</li> <li>Windows-Fakten</li> <li>Weitere Konzepte</li> <li>Codierungsstrategien und strukturierte Daten</li> <li>Zusammenfassung</li> </ol> <h2> Faktenerstellung </h2> <p>Benutzerdefinierte Fakten können lokal auf einem Arbeitsplatz oder auf dem System entwickelt werden, auf dem der Fakt benötigt wird. Bevor der ungetestete Fakt in den Puppet-Code aufgenommen wird, kann der Faktladepfad auf zwei Arten angegeben und unabhängig gestestet werden.</p> <p>Die folgende Verzeichnisstruktur wird verwendet:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">ls</span> ~/new_fact/ betadots_application_version.rb </code></pre> </div> <p>Um den Fakt auszuführen, verwenden man einen der folgenden Befehle:</p> <ol> <li><code>FACTERLIB=~/new_fact facter betadots_application_version</code></li> <li><code>facter --custom-dir ~/new_fact betadots_application_version</code></li> </ol> <h2> Fakten in Modulen </h2> <p>Puppet stellt eine API zur Entwicklung benutzerdefinierter Fakten bereit. Um sicherzustellen, dass der Puppet-Agent sie findet, müssen benutzerdefinierte Fakten in einem bestimmten Verzeichnis innerhalb eines Moduls abgelegt werden.</p> <p>Alle Dateien im <code>lib</code>-Verzeichnis von Modulen werden auf alle Agenten synchronisiert. Es ist nicht möglich, einzuschränken, welche Dateien synchronisiert werden.</p> <p>Benutzerdefinierte Fakten sollten im Verzeichnis <code>lib/facter</code> eines Moduls abgelegt werden. Obwohl man einen beliebigen Dateinamen wählen kann, wird empfohlen, den Namen des Fakts als Dateinamen zu verwenden, um eine einfache Identifikation zu gewährleisten. Der Dateiname muss mit <code>.rb</code> enden.</p> <p>Wir empfehlen außerdem, dem Namen des benutzerdefinierten Fakts einen Firmen- oder Abteilungspräfix hinzuzufügen.</p> <h2> Allgemeine API </h2> <p>Facter bietet eine API zum Erstellen neuer benutzerdefinierter Fakten.</p> <p>Beispiel:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># ~/new_fact/betadots_application_version.rb</span> <span class="no">Facter</span><span class="p">.</span><span class="nf">add</span><span class="p">(</span><span class="ss">:betadots_application_version</span><span class="p">)</span> <span class="k">do</span> <span class="n">setcode</span> <span class="k">do</span> <span class="c1"># Code hier</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <p>Der Block <code>setcode do ... end</code> enthält den gesamten Ruby-Code für den Fakt. Das Ergebnis des letzten Befehls oder der letzten Variablen wird als Rückgabewert des Fakts verwendet.</p> <h2> Einschränkungen </h2> <p>Da alle benutzerdefinierten Fakten an alle Puppet-Agenten verteilt werden, ist es wichtig sicherzustellen, dass betriebssystem- oder anwendungsspezifische Fakten nur dort ausgeführt werden, wo es erforderlich ist.</p> <p>Dies wird durch Einschränkungen (confining) erreicht.</p> <p>Einschränkungen können auf einfache oder strukturierte Fakten oder auf anderen Ruby-Code wie <code>File.exist?</code> angewendet werden.</p> <p>Einfache Fakt-Einschränkung:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># ~/new_fact/betadots_application_version.rb</span> <span class="no">Facter</span><span class="p">.</span><span class="nf">add</span><span class="p">(</span><span class="ss">:betadots_application_version</span><span class="p">)</span> <span class="k">do</span> <span class="n">confine</span> <span class="ss">kernel: </span><span class="s1">'Linux'</span> <span class="n">setcode</span> <span class="k">do</span> <span class="c1"># Code hier</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <p>Einschränkung unter Verwendung eines Ruby-Blocks und Fakten:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># ~/new_fact/betadots_application_version.rb</span> <span class="no">Facter</span><span class="p">.</span><span class="nf">add</span><span class="p">(</span><span class="ss">:betadots_application_version</span><span class="p">)</span> <span class="k">do</span> <span class="n">confine</span> <span class="s1">'os'</span> <span class="k">do</span> <span class="o">|</span><span class="n">os</span><span class="o">|</span> <span class="n">os</span><span class="p">[</span><span class="s1">'family'</span><span class="p">]</span> <span class="o">==</span> <span class="s1">'RedHat'</span> <span class="k">end</span> <span class="n">setcode</span> <span class="k">do</span> <span class="c1"># Code hier</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <p>Einschränkung unter Verwendung eines Ruby-Blocks und Ruby-Code:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># ~/new_fact/betadots_application_version.rb</span> <span class="no">Facter</span><span class="p">.</span><span class="nf">add</span><span class="p">(</span><span class="ss">:betadots_application_version</span><span class="p">)</span> <span class="k">do</span> <span class="n">confine</span> <span class="k">do</span> <span class="no">File</span><span class="p">.</span><span class="nf">exist?</span><span class="p">(</span><span class="s1">'/etc/sysconfig/application'</span><span class="p">)</span> <span class="k">end</span> <span class="n">setcode</span> <span class="k">do</span> <span class="c1"># Code hier</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <h2> Hilfsfunktionen </h2> <p>Facter bietet mehrere Hilfsmethoden, die verwendet werden können, ohne dass die Klasse <code>facter</code> erforderlich ist:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Hilfsfunktion</th> <th>Beschreibung</th> </tr> </thead> <tbody> <tr> <td><code>Facter::Core::Execution::execute</code></td> <td>Führt ein ausführbares Programm auf dem System mit einer Timeout-Option aus, um das Aufhängen von Facter-Läufen zu verhindern.</td> </tr> <tr> <td><code>Facter::Core::Execution::which</code></td> <td>Prüft, ob ein ausführbares Programm verfügbar ist. Funktioniert auf jedem unterstützten Betriebssystem und durchsucht die Standardpfade <code>ENV['PATH'] + ['/sbin', '/usr/sbin']</code>.</td> </tr> <tr> <td><code>Facter.value</code></td> <td>Bietet Zugriff auf den Wert eines anderen Fakts. Achtung! Loops vermeiden!</td> </tr> </tbody> </table></div> <p>Weitere Informationen findet man in der <a href="https://www.rubydoc.info/gems/facter" rel="noopener noreferrer">API-Dokumentation</a>.</p> <p>Bitte beachten, dass <code>Facter::Core::Execution::exec</code> zugunsten von <code>Facter::Core::Execution::execute</code> veraltet ist. Dies ist wichtig, wenn man von älteren Versionen von Facter migriert.</p> <p>Die <code>timeout</code>-Options-Hash kann auf zwei Arten festgelegt werden:</p> <p>Gültig für den gesamten Fakt:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="no">Facter</span><span class="p">.</span><span class="nf">add</span><span class="p">(</span><span class="s1">'&lt;name&gt;'</span><span class="p">,</span> <span class="p">{</span><span class="ss">timeout: </span><span class="mi">5</span><span class="p">})</span> <span class="k">do</span> <span class="o">...</span> <span class="k">end</span> </code></pre> </div> <p>Pro Ausführungsmethode:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="no">Facter</span><span class="o">::</span><span class="no">Core</span><span class="o">::</span><span class="no">Execution</span><span class="o">::</span><span class="n">execute</span><span class="p">(</span><span class="s1">'&lt;cmd&gt;'</span><span class="p">,</span> <span class="n">options</span> <span class="o">=</span> <span class="p">{</span><span class="ss">:timeout</span> <span class="o">=&gt;</span> <span class="mi">5</span><span class="p">})</span> </code></pre> </div> <p>Zum Beispiel, wenn eine Anwendung ihre Konfiguration über <code>/opt/app/bin/app config</code> zurückgibt, kann man ein Timeout von 5 Sekunden festlegen:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># ~/new_fact/betadots_application_version.rb</span> <span class="no">Facter</span><span class="p">.</span><span class="nf">add</span><span class="p">(</span><span class="ss">:betadots_application_version</span><span class="p">)</span> <span class="k">do</span> <span class="n">confine</span> <span class="k">do</span> <span class="no">File</span><span class="p">.</span><span class="nf">exist?</span><span class="p">(</span><span class="s1">'/etc/sysconfig/application'</span><span class="p">)</span> <span class="k">end</span> <span class="n">setcode</span> <span class="k">do</span> <span class="no">Facter</span><span class="o">::</span><span class="no">Core</span><span class="o">::</span><span class="no">Execution</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="s1">'/opt/app/bin/app config'</span><span class="p">,</span> <span class="p">{</span><span class="ss">:timeout</span> <span class="o">=&gt;</span> <span class="mi">5</span><span class="p">})</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <p>Das Ergebnis des letzten Befehls oder die Angabe einer Variable wird als Faktenergebnis verwendet.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># ~/new_fact/betadots_application_version.rb</span> <span class="no">Facter</span><span class="p">.</span><span class="nf">add</span><span class="p">(</span><span class="ss">:betadots_application_version</span><span class="p">)</span> <span class="k">do</span> <span class="n">confine</span> <span class="k">do</span> <span class="no">File</span><span class="p">.</span><span class="nf">exist?</span><span class="p">(</span><span class="s1">'/etc/sysconfig/application'</span><span class="p">)</span> <span class="k">end</span> <span class="n">setcode</span> <span class="k">do</span> <span class="n">config_list</span> <span class="o">=</span> <span class="no">Facter</span><span class="o">::</span><span class="no">Core</span><span class="o">::</span><span class="no">Execution</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="s1">'/opt/app/bin/app config'</span><span class="p">,</span> <span class="p">{</span><span class="ss">:timeout</span> <span class="o">=&gt;</span> <span class="mi">5</span><span class="p">})</span> <span class="n">config_list</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <h2> Zugriff auf andere Fakten </h2> <p>Es ist möglich, dass ein benutzerdefinierter Fakt den Wert eines anderen Fakts verwendet, indem er <code>Facter.value</code> verwendet. Dies sollte jedoch vorsichtig geschehen, um zyklische Abhängigkeiten zwischen Fakten zu vermeiden.</p> <p>In unserem Beispiel hat die Anwendung unterschiedliche Konfigurationspfade für verschiedene Betriebssysteme.</p> <ul> <li>RedHat - /etc/sysconfig/application</li> <li>Debian - /etc/default/application</li> </ul> <p>Beispiel mit Zugriff auf einen anderen Fakt:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># ~/new_fact/betadots_application_version.rb</span> <span class="no">Facter</span><span class="p">.</span><span class="nf">add</span><span class="p">(</span><span class="ss">:betadots_application_version</span><span class="p">)</span> <span class="k">do</span> <span class="n">confine</span> <span class="k">do</span> <span class="n">app_cfg_file</span> <span class="o">=</span> <span class="k">case</span> <span class="no">Facter</span><span class="p">.</span><span class="nf">value</span><span class="p">(</span><span class="s1">'os'</span><span class="p">)[</span><span class="s1">'family'</span><span class="p">]</span> <span class="k">when</span> <span class="s1">'RedHat'</span> <span class="s1">'/etc/sysconfig/application'</span> <span class="k">when</span> <span class="s1">'Debian'</span> <span class="s1">'/etc/default/application'</span> <span class="k">end</span> <span class="no">File</span><span class="p">.</span><span class="nf">exist?</span><span class="p">(</span><span class="n">app_cfg_file</span><span class="p">)</span> <span class="k">end</span> <span class="n">setcode</span> <span class="k">do</span> <span class="no">Facter</span><span class="o">::</span><span class="no">Core</span><span class="o">::</span><span class="no">Execution</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="s1">'/opt/app/bin/app config'</span><span class="p">)</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <p>Das Beispiel ruft den <code>os</code>-Fakt ab und verwendet den <code>family</code>-Schlüssel, um das Betriebssystem zu vergleichen, und wendet dann eine Logik an, um zu bestimmen, welchen Anwendungskonfigurationspfad geprüft werden soll.</p> <h2> Rückgabewerte </h2> <p>Puppet erwartet, dass benutzerdefinierte Fakten einen gültigen Werttyp zurückgeben, insbesondere Strings, Ganze Zahlen oder Arrays.<br> Wenn der Wert eines Fakts <code>nil</code> oder <code>undef</code> ist, wird der Fakt einfach nicht definiert.</p> <h2> Windows-Fakten </h2> <p>Facter ist eine plattformübergreifende API und stellt die gleichen Funktionen auf allen Betriebssystemen bereit. Es ist jedoch wichtig zu beachten, dass Pfade und ausführbare Dateien in einer Windows-Umgebung unterschiedlich sein können.</p> <p>Mit Hilfe des <code>Facter::Core::Execution.execute</code> werden üblicherweise Powershell Kommandos gestartet.</p> <p>Das folgende Beispiel erstellt einen Windows-Fakt:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># ~/new_fact/windows_version.rb</span> <span class="no">Facter</span><span class="p">.</span><span class="nf">add</span><span class="p">(</span><span class="ss">:windows_version</span><span class="p">)</span> <span class="k">do</span> <span class="n">confine</span> <span class="ss">osfamily: </span><span class="s1">'windows'</span> <span class="n">setcode</span> <span class="k">do</span> <span class="no">Facter</span><span class="o">::</span><span class="no">Core</span><span class="o">::</span><span class="no">Execution</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="s1">'reg query "HKLM\Software\Microsoft\Internet Explorer" /v svcVersion'</span><span class="p">,</span> <span class="p">{</span><span class="ss">:timeout</span> <span class="o">=&gt;</span> <span class="mi">5</span><span class="p">})</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <p>Das Beispiel verwendet den <code>reg query</code>-Befehl, um die Version des Internet Explorers zu erhalten.</p> <p>Bitte beachten, dass die <a href="https://docs.microsoft.com/en-us/windows/win32/api/" rel="noopener noreferrer">Win32 API calls</a> seit Ruby 1.9 deprecated sind.<br> Man kann statt dessen die <a href="https://github.com/ruby/fiddle" rel="noopener noreferrer">Fiddle</a> oder andere Ruby Bibliotheken nutzen.</p> <h2> Weitere Konzepte </h2> <h3> Protokollierung </h3> <p>Zur Analyse eines Facts kann man auf die <code>debug</code> Methode zugreifen.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="no">Facter</span><span class="p">.</span><span class="nf">add</span><span class="p">(</span><span class="ss">:betadots_application_version</span><span class="p">)</span> <span class="k">do</span> <span class="n">setcode</span> <span class="k">do</span> <span class="no">Facter</span><span class="p">.</span><span class="nf">debug</span><span class="p">(</span><span class="s2">"Custom fact 'betadots_application_version' running"</span><span class="p">)</span> <span class="o">...</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <p>Es sind folgende Log Level möglich: <code>debug</code>, <code>info</code>, <code>warn</code>, <code>error</code> und <code>fatal</code>.</p> <h3> Aggregierung </h3> <p>Eine weitere Option ist das Zusammenstellen von Facts als Hash mit Hilfe von <code>aggregates</code> und <code>chunks</code>.<br> Jeder <code>chunk</code>benötigt einen Namen (key) und einen Wert (value), wobei der Wert entweder ein Array oder ein Hash sein <strong>muss</strong>!</p> <p>Nachdem Facter alle chunks eingelesen und validiert hat, werden diese aggregiert. Als default werden die Arrays oder Hashes gemerged.<br> Es besteht die Möglichkeit, eine eigene Aggregierungs Funktion zu schreiben.</p> <p>Wir gehen davon aus, dass unsere Beispielanwendung es uns ermöglicht, Einstellungen auszulesen: <code>/opt/app/bin/app config &lt;key&gt;</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># ~/new_fact/betadots_application_version.rb</span> <span class="no">Facter</span><span class="p">.</span><span class="nf">add</span><span class="p">(</span><span class="ss">:betadots_application_version</span><span class="p">,</span> <span class="ss">:type</span> <span class="o">=&gt;</span> <span class="ss">:aggregate</span><span class="p">)</span> <span class="k">do</span> <span class="n">confine</span> <span class="k">do</span> <span class="n">app_cfg_file</span> <span class="o">=</span> <span class="k">case</span> <span class="no">Facter</span><span class="p">.</span><span class="nf">value</span><span class="p">(</span><span class="s1">'os'</span><span class="p">)[</span><span class="s1">'family'</span><span class="p">]</span> <span class="k">when</span> <span class="s1">'RedHat'</span> <span class="s1">'/etc/sysconfig/application'</span> <span class="k">when</span> <span class="s1">'Debian'</span> <span class="s1">'/etc/default/application'</span> <span class="k">end</span> <span class="no">File</span><span class="p">.</span><span class="nf">exist?</span><span class="p">(</span><span class="n">app_cfg_file</span><span class="p">)</span> <span class="k">end</span> <span class="n">chunk</span><span class="p">(</span><span class="ss">:config_version</span><span class="p">)</span> <span class="k">do</span> <span class="p">{</span><span class="ss">:version</span> <span class="o">=&gt;</span> <span class="no">Facter</span><span class="o">::</span><span class="no">Core</span><span class="o">::</span><span class="no">Execution</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="s1">'/opt/app/bin/app config version'</span><span class="p">)}</span> <span class="k">end</span> <span class="n">chunk</span><span class="p">(</span><span class="ss">:config_cache_size</span><span class="p">)</span> <span class="k">do</span> <span class="p">{</span><span class="ss">:cache_size</span> <span class="o">=&gt;</span> <span class="no">Facter</span><span class="o">::</span><span class="no">Core</span><span class="o">::</span><span class="no">Execution</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="s1">'/opt/app/bin/app config cache_size'</span><span class="p">)}</span> <span class="k">end</span> <span class="n">chunk</span><span class="p">(</span><span class="ss">:config_log_level</span><span class="p">)</span> <span class="k">do</span> <span class="p">{</span><span class="ss">:log_level</span> <span class="o">=&gt;</span> <span class="no">Facter</span><span class="o">::</span><span class="no">Core</span><span class="o">::</span><span class="no">Execution</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="s1">'/opt/app/bin/app config log_level'</span><span class="p">)}</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <p>Ergebnis:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>betadots_application_version =&gt; { version =&gt; '1.2.4', cache_size =&gt; '400M', log_level =&gt; 'info', } </code></pre> </div> <h3> Gewichtung </h3> <p>Facter ermöglicht es, den Rückgabe Wert auf unterschiedliche Arten zu ermitteln. Die einzelnen Arten bekommen eine Gewichtung, damit Facter danach entscheiden kann, welche Art (Methode) vals Rückgabewert verwendet werden soll.</p> <p>Wir gehen davon aus, dass unsere Besipielanwendung entweder über systemd oder über eine andere Art gestartet wurde (PID Datei).</p> <p>Hinweis: Externe Fakten haben eine Gewichtung von 1000. Man kann externe Fakten überschreiben, indem man für den Custom Fakt den gleichen Namen verwendet und eine Gewichtung über 1000 hinterlegt.</p> <p>Weitere Informationen findet man in der <a href="https://www.puppet.com/docs/puppet/latest/custom_facts#configuring_facts-fact-precedence" rel="noopener noreferrer">Fact precedence</a> Sektion der <a href="https://www.puppet.com/docs/puppet/latest/custom_facts" rel="noopener noreferrer">Custom facts overview</a> Seite.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="no">Facter</span><span class="p">.</span><span class="nf">add</span><span class="p">(</span><span class="s1">'application_running'</span><span class="p">)</span> <span class="k">do</span> <span class="n">has_weight</span> <span class="mi">100</span> <span class="n">setcode</span> <span class="k">do</span> <span class="no">Facter</span><span class="o">::</span><span class="no">Core</span><span class="o">::</span><span class="no">Execution</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="s1">'systemctl status app'</span><span class="p">)</span> <span class="k">end</span> <span class="k">end</span> <span class="no">Facter</span><span class="p">.</span><span class="nf">add</span><span class="p">(</span><span class="s1">'application_running'</span><span class="p">)</span> <span class="k">do</span> <span class="n">has_weight</span> <span class="mi">50</span> <span class="n">setcode</span> <span class="k">do</span> <span class="no">File</span><span class="p">.</span><span class="nf">exist?</span><span class="p">(</span><span class="s1">'/var/run/application.pid'</span><span class="p">)</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <h3> Blocking und Caching </h3> <p>Normalerweise werden Facts bei jedem Lauf eines Puppet Agenten erneut ermittelt. Dies kann bei manchen Facts dazu führen, dass Facter mehr Zeit benötigt, bis alle Facts geladen sind. Dies gilt insbesondere, wenn Facts eine Anwendung abfragen und diese Abfrage eine hohe Last erzeugt und lange dauert oder es gibt "teure" Facts, die gar nicht benötigt werden.<br> Facter ermöglicht es, einen Cache zu verwenden, so dass Facts nur einmalig und danch erst nach der Lebensdauer des Cache Objektes erneut abgefragt werden und man kann Blacklisten mit unerwünschen Facts pflegen.</p> <p>Die Facter Konfiguration erfolgt in <code>/etc/puppetlabs/facter/facter.conf</code> auf *nix Systemen oder in <code>C:\ProgramData\PuppetLabs\facter\etc\facter.conf</code> auf Windows.<br> Bitte beachten, dass die Konfiguration auf dem Puppet Agent erfolgen muss!<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># /etc/puppetlabs/facter/facter.conf facts : { blocklist : [ "file system", "EC2", "processors.isa" ] ttls : [ { "timezone": 30 days }, { "my-fact-group": 30 days }, ] } fact-groups : { my-fact-group : [ "os", "ssh.version"] } </code></pre> </div> <p>Innerhalb des Elementes <code>blocklist</code> kann man entweder einen Fact, ein Subelement eines Fact Hashes oder eine Facter Gruppe angeben.<br> Existierende Facter Gruppen kann man aus Facter auslesen:</p> <h4> Facter block groups </h4> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>facter <span class="nt">--list-block-groups</span> EC2 - ec2_metadata - ec2_userdata file system - mountpoints - filesystems - partitions hypervisors - hypervisors </code></pre> </div> <h4> Facter cache groups </h4> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>facter <span class="nt">--list-cache-groups</span> EC2 - ec2_metadata - ec2_userdata GCE - gce ... </code></pre> </div> <p>Außerdem kann man eigene Facter Gruppen innerhalb der <code>facts-group</code> Sektion hinterlegen.</p> <p>Bitte beachten, dass das <a href="https://forge.puppet.com/modules/dylanratcliffe/facter_cache/readme" rel="noopener noreferrer">Dylan Ratcliffe's facter_cache Module</a> seit Puppet 6 nicht mehr notwendig ist.</p> <p>Mehr Informationen findet man auf der Puppet Webseite im Bereich <a href="https://www.puppet.com/docs/puppet/latest/configuring_facter" rel="noopener noreferrer"><code>facter.conf</code> settings</a>.</p> <h2> Codierungsstrategien und strukturierte Daten </h2> <ul> <li>Anzahl dr Fakten redizieren</li> <li>Hashes verwenden</li> <li>Generischer Code und Ruby Module</li> </ul> <p>Wenn ein Fakt komplexe Daten zurückgeben muss, sollten strukturierte Daten verwendet werden, um hierarchische Informationen bereitzustellen. Weitere Informationen zur Strukturierung von Daten finden Sie in der Puppet-Dokumentation zu <a href="https://www.puppet.com/docs/puppet/8/custom_facts.html#structured_data_in_custom_facts" rel="noopener noreferrer">strukturierten Daten in benutzerdefinierten Fakten</a>.</p> <p>Eine bewährte Praxis besteht darin, sich für eine Struktur zu entscheiden, wenn ein Fakt mehr als eine einzelne Zeichenfolge zurückgeben soll. Solche Daten werden in der Regel in Hashes oder Arrays organisiert, die wahlweise direkt einen Hash liefern oder über aggregates zusammengesetzt werden:</p> <p>Lösung 1: Hash in Ruby:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="no">Facter</span><span class="p">.</span><span class="nf">add</span><span class="p">(</span><span class="ss">:betadots_file_check</span><span class="p">)</span> <span class="k">do</span> <span class="n">setcode</span> <span class="k">do</span> <span class="n">file_list</span> <span class="o">=</span> <span class="k">case</span> <span class="no">Facter</span><span class="p">.</span><span class="nf">value</span><span class="p">(</span><span class="ss">:kernel</span><span class="p">)</span> <span class="k">when</span> <span class="s1">'windows'</span> <span class="p">[</span> <span class="s1">'c:/Program Data/Application/bin/app'</span><span class="p">,</span> <span class="s1">'c:/backup/state.txt'</span><span class="p">,</span> <span class="p">]</span> <span class="k">when</span> <span class="s1">'Linux'</span> <span class="p">[</span> <span class="s1">'/opt/app/bin/app'</span><span class="p">,</span> <span class="s1">'/etc/backup/state.txt'</span><span class="p">,</span> <span class="p">]</span> <span class="k">end</span> <span class="n">result</span> <span class="o">=</span> <span class="p">{}</span> <span class="n">file_list</span><span class="p">.</span><span class="nf">each</span> <span class="o">|</span><span class="nb">name</span><span class="o">|</span> <span class="k">do</span> <span class="n">result</span><span class="p">[</span><span class="nb">name</span><span class="p">]</span> <span class="o">=</span> <span class="p">{</span> <span class="ss">:size</span> <span class="o">=&gt;</span> <span class="no">File</span><span class="p">.</span><span class="nf">size</span><span class="p">(</span><span class="nb">name</span><span class="p">),</span> <span class="ss">:world_writable</span> <span class="o">=&gt;</span> <span class="no">File</span><span class="p">.</span><span class="nf">world_writable?</span><span class="p">(</span><span class="nb">name</span><span class="p">)</span> <span class="p">}</span> <span class="k">if</span> <span class="no">File</span><span class="p">.</span><span class="nf">exist?</span><span class="p">(</span><span class="nb">name</span><span class="p">)</span> <span class="k">end</span> <span class="n">result</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <p>Facter Ergebnis:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="p">{</span> <span class="s1">'/opt/app/bin/app'</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="n">size</span> <span class="o">=&gt;</span> <span class="mi">64328</span><span class="p">,</span> <span class="n">world_writable</span> <span class="o">=&gt;</span> <span class="n">null</span><span class="p">,</span> <span class="p">},</span> <span class="s1">'/etc/backup/state.txt'</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="n">size</span> <span class="o">=&gt;</span> <span class="mi">0</span><span class="p">,</span> <span class="n">world_writable</span> <span class="o">=&gt;</span> <span class="mi">438</span><span class="p">,</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Lösung 2: Hashes mit Hilfe von aggregate:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="no">Facter</span><span class="p">.</span><span class="nf">add</span><span class="p">(</span><span class="ss">:betadots_file_check</span><span class="p">,</span> <span class="ss">:type</span> <span class="o">=&gt;</span> <span class="ss">:aggregate</span><span class="p">)</span> <span class="k">do</span> <span class="n">file_list</span> <span class="o">=</span> <span class="k">case</span> <span class="no">Facter</span><span class="p">.</span><span class="nf">value</span><span class="p">(</span><span class="ss">:kernel</span><span class="p">)</span> <span class="k">when</span> <span class="s1">'windows'</span> <span class="p">[</span> <span class="s1">'c:/Program Data/Application/bin/app'</span><span class="p">,</span> <span class="s1">'c:/backup/state.txt'</span><span class="p">,</span> <span class="p">]</span> <span class="k">when</span> <span class="s1">'Linux'</span> <span class="p">[</span> <span class="s1">'/opt/app/bin/app'</span><span class="p">,</span> <span class="s1">'/etc/backup/state.txt'</span><span class="p">,</span> <span class="p">]</span> <span class="k">end</span> <span class="n">chunk</span><span class="p">(</span><span class="ss">:file_size</span><span class="p">)</span> <span class="k">do</span> <span class="n">result</span> <span class="o">=</span> <span class="p">{}</span> <span class="n">file_list</span><span class="p">.</span><span class="nf">each</span> <span class="o">|</span><span class="nb">name</span><span class="o">|</span> <span class="k">do</span> <span class="n">result</span><span class="p">[</span><span class="nb">name</span><span class="p">]</span> <span class="o">=</span> <span class="p">{</span> <span class="ss">:size</span> <span class="o">=&gt;</span> <span class="no">File</span><span class="p">.</span><span class="nf">size</span><span class="p">(</span><span class="nb">name</span><span class="p">)</span> <span class="p">}</span> <span class="k">if</span> <span class="no">File</span><span class="p">.</span><span class="nf">exist?</span><span class="p">(</span><span class="nb">name</span><span class="p">)</span> <span class="k">end</span> <span class="n">result</span> <span class="k">end</span> <span class="n">chunk</span><span class="p">(</span><span class="ss">:file_world_writable</span><span class="p">)</span> <span class="k">do</span> <span class="n">result</span> <span class="o">=</span> <span class="p">{}</span> <span class="n">file_list</span><span class="p">.</span><span class="nf">each</span> <span class="o">|</span><span class="nb">name</span><span class="o">|</span> <span class="k">do</span> <span class="n">result</span><span class="p">[</span><span class="nb">name</span><span class="p">]</span> <span class="o">=</span> <span class="p">{</span> <span class="ss">:world_writable</span> <span class="o">=&gt;</span> <span class="no">File</span><span class="p">.</span><span class="nf">world_writable?</span><span class="p">(</span><span class="nb">name</span><span class="p">)</span> <span class="p">}</span> <span class="k">if</span> <span class="no">File</span><span class="p">.</span><span class="nf">exist?</span><span class="p">(</span><span class="nb">name</span><span class="p">)</span> <span class="k">end</span> <span class="n">result</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <p>Facter Ergebnis:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="p">{</span> <span class="s1">'/opt/app/bin/app'</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="n">size</span> <span class="o">=&gt;</span> <span class="mi">64328</span><span class="p">,</span> <span class="n">world_writable</span> <span class="o">=&gt;</span> <span class="n">null</span><span class="p">,</span> <span class="p">},</span> <span class="s1">'/etc/backup/state.txt'</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="n">size</span> <span class="o">=&gt;</span> <span class="mi">0</span><span class="p">,</span> <span class="n">world_writable</span> <span class="o">=&gt;</span> <span class="mi">438</span><span class="p">,</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Ein weiteres Facter Besipiel liest das Agent Zertifikat aus und liefert die Zertifikatserweiterungen als Fact Hash:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="no">Facter</span><span class="p">.</span><span class="nf">add</span><span class="p">(</span><span class="ss">:betadots_cert_extension</span><span class="p">)</span> <span class="k">do</span> <span class="n">setcode</span> <span class="k">do</span> <span class="nb">require</span> <span class="s1">'openssl'</span> <span class="nb">require</span> <span class="s1">'puppet'</span> <span class="nb">require</span> <span class="s1">'puppet/ssl/oids'</span> <span class="c1"># set variables</span> <span class="n">extension_hash</span> <span class="o">=</span> <span class="p">{}</span> <span class="n">certdir</span> <span class="o">=</span> <span class="no">Puppet</span><span class="p">.</span><span class="nf">settings</span><span class="p">[</span><span class="ss">:certdir</span><span class="p">]</span> <span class="n">certname</span> <span class="o">=</span> <span class="no">Puppet</span><span class="p">.</span><span class="nf">settings</span><span class="p">[</span><span class="ss">:certname</span><span class="p">]</span> <span class="n">certificate_file</span> <span class="o">=</span> <span class="s2">"</span><span class="si">#{</span><span class="n">certdir</span><span class="si">}</span><span class="s2">/</span><span class="si">#{</span><span class="n">certname</span><span class="si">}</span><span class="s2">.pem"</span> <span class="c1"># get puppet ssl oids</span> <span class="n">oids</span> <span class="o">=</span> <span class="p">{}</span> <span class="no">Puppet</span><span class="o">::</span><span class="no">SSL</span><span class="o">::</span><span class="no">Oids</span><span class="o">::</span><span class="no">PUPPET_OIDS</span><span class="p">.</span><span class="nf">each</span> <span class="k">do</span> <span class="o">|</span><span class="n">o</span><span class="o">|</span> <span class="n">oids</span><span class="p">[</span><span class="n">o</span><span class="p">[</span><span class="mi">0</span><span class="p">]]</span> <span class="o">=</span> <span class="n">o</span><span class="p">[</span><span class="mi">1</span><span class="p">]</span> <span class="k">end</span> <span class="c1"># read the certificate</span> <span class="n">cert</span> <span class="o">=</span> <span class="no">OpenSSL</span><span class="o">::</span><span class="no">X509</span><span class="o">::</span><span class="no">Certificate</span><span class="p">.</span><span class="nf">new</span> <span class="no">File</span><span class="p">.</span><span class="nf">read</span> <span class="n">certificate_file</span> <span class="c1"># cert extensions differs if we run via agent (numeric) or via facter (names)</span> <span class="n">cert</span><span class="p">.</span><span class="nf">extensions</span><span class="p">.</span><span class="nf">each</span> <span class="k">do</span> <span class="o">|</span><span class="n">extension</span><span class="o">|</span> <span class="k">case</span> <span class="n">extension</span><span class="p">.</span><span class="nf">oid</span><span class="p">.</span><span class="nf">to_s</span> <span class="k">when</span> <span class="sr">%r{^1</span><span class="se">\.</span><span class="sr">3</span><span class="se">\.</span><span class="sr">6</span><span class="se">\.</span><span class="sr">1</span><span class="se">\.</span><span class="sr">4</span><span class="se">\.</span><span class="sr">1</span><span class="se">\.</span><span class="sr">34380</span><span class="se">\.</span><span class="sr">1</span><span class="se">\.</span><span class="sr">1}</span> <span class="n">short_name</span> <span class="o">=</span> <span class="n">oids</span><span class="p">[</span><span class="n">extension</span><span class="p">.</span><span class="nf">oid</span><span class="p">]</span> <span class="n">value</span> <span class="o">=</span> <span class="n">extension</span><span class="p">.</span><span class="nf">value</span><span class="p">[</span><span class="mi">2</span><span class="o">..-</span><span class="mi">1</span><span class="p">]</span> <span class="n">extension_hash</span><span class="p">[</span><span class="n">short_name</span><span class="p">]</span> <span class="o">=</span> <span class="n">value</span> <span class="k">unless</span> <span class="n">short_name</span> <span class="o">==</span> <span class="s1">'pp_preshared_key'</span> <span class="k">when</span> <span class="sr">%r{^pp_}</span> <span class="n">short_name</span> <span class="o">=</span> <span class="n">extension</span><span class="p">.</span><span class="nf">oid</span> <span class="n">value</span> <span class="o">=</span> <span class="n">extension</span><span class="p">.</span><span class="nf">value</span><span class="p">[</span><span class="mi">2</span><span class="o">..-</span><span class="mi">1</span><span class="p">]</span> <span class="n">extension_hash</span><span class="p">[</span><span class="n">short_name</span><span class="p">]</span> <span class="o">=</span> <span class="n">value</span> <span class="k">unless</span> <span class="n">short_name</span> <span class="o">==</span> <span class="s1">'pp_preshared_key'</span> <span class="k">end</span> <span class="k">end</span> <span class="n">extension_hash</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <h2> Zusammenfassung </h2> <p>Dieser Beitrag hat die Grundlagen zur Erstellung von benutzerdefinierten Fakten in Puppet beschrieben. Benutzerdefinierte Fakten sind ein leistungsfähiges Werkzeug, um einem Puppet-Server oder einem Management-Tool Informationen zu liefern. Facts werden in Modulen hinterlegt und sollten bei Bedarf eingeschränkt (confine) werden. Die Rückgabewerte sollten als Hash oder Array und nur in seltenen Fällen als Bool, String oder Integer ausgegeben werden.</p> <p>Ein letzter Hinweis: Nur lokale Kommandos ausführen! Wenn man Remote Systeme in Kombination mit Facter nutzen möchte, müssen diese Hochverfügbar und skaliert aufgebaut sein.</p> <p>Happy puppetizing,<br> Martin</p> puppet ruby The Ruby side of Puppet - Part 1 - Custom Facts Martin Alfke Wed, 01 Jan 2025 17:26:04 +0000 https://dev.to/betadots/the-ruby-side-of-puppet-part-1-custom-facts-3hb7 https://dev.to/betadots/the-ruby-side-of-puppet-part-1-custom-facts-3hb7 <p>This is the first in a series of three posts covering the concepts and best practices for extending <a href="https://www.puppet.com" rel="noopener noreferrer">Puppet</a> using <a href="https://www.puppet.com/docs/puppet/latest/custom_facts" rel="noopener noreferrer">custom facts</a>, <a href="https://www.puppet.com/docs/puppet/8/custom_functions_ruby" rel="noopener noreferrer">custom functions</a> and <a href="https://www.puppet.com/docs/puppet/latest/custom_types" rel="noopener noreferrer">custom types</a> and <a href="https://www.puppet.com/docs/puppet/latest/provider_development" rel="noopener noreferrer">providers</a>.</p> <p><strong>Part 1</strong> (this post) explains custom facts and how a node can provide information to the Puppet Server.</p> <p><a href="https://dev.to/betadots/the-ruby-side-of-puppet-part-2-custom-functions-7c7"><strong>Part 2</strong></a> focuses on custom functions, detailing how to develop data processing or execution functions.</p> <p><a href="https://dev.to/betadots/the-ruby-side-of-puppet-part-3-custom-types-and-providers-4hma"><strong>Part 3</strong></a> covers custom types and providers, extending Puppet DSL functionality.</p> <p><strong>Custom Facts</strong>:</p> <p>There are several reasons to develop custom facts:</p> <ul> <li>Whenever a VM naming model is used, we recommend providing the naming schema as a custom fact.</li> <li>It is sometimes necessary to determine the state of certain configurations or whether specific software is installed.</li> <li>The datacenter department may need an overview of physical hardware, hardware vendor details, and end-of-life (EOL) support dates. Additionally, the finance department may require information on the number of commercial licenses in use and the versions of installed software.</li> </ul> <p>Whenever information from a node is needed, Puppet offers the option to deploy custom facts.</p> <p><strong>Content</strong>:</p> <ol> <li>Fact Development</li> <li>Facts in Modules</li> <li>General API</li> <li>Confining</li> <li>Helpers</li> <li>Accessing Other Facts</li> <li>Return Values</li> <li>Windows Facts</li> <li>Additional Concepts</li> <li>Coding Strategies and Structured Data</li> <li>Summary</li> </ol> <h2> Fact Development </h2> <p>You can develop custom facts locally on a workstation or on the system where the fact is needed. Before adding the untested fact to your Puppet code, you can specify the fact load path in two ways.</p> <p>The following directory structure is used:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">ls</span> ~/new_fact/ betadots_application_version.rb </code></pre> </div> <p>To execute the fact, use one of the following commands:</p> <ol> <li><code>FACTERLIB=~/new_fact facter betadots_application_version</code></li> <li><code>facter --custom-dir ~/new_fact betadots_application_version</code></li> </ol> <h2> Facts in Modules </h2> <p>Puppet provides an API to develop custom facts. To ensure the Puppet agent finds them, custom facts must be placed in a specific directory within a module.</p> <p>All files in the <code>lib</code> directory of modules are synchronized to all agents. It’s not possible to restrict which files are synchronized.</p> <p>Custom facts should be placed in the <code>lib/facter</code> directory of a module. Although you can choose any filename, it's recommended to use the fact name as the filename for easy identification. The filename must end with <code>.rb</code>.</p> <p>We also recommend prefixing the custom fact name with a company or department identifier.</p> <h2> General API </h2> <p>Facter provides an API to create new custom facts.</p> <p>Example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># ~/new_fact/betadots_application_version.rb</span> <span class="no">Facter</span><span class="p">.</span><span class="nf">add</span><span class="p">(</span><span class="ss">:betadots_application_version</span><span class="p">)</span> <span class="k">do</span> <span class="n">setcode</span> <span class="k">do</span> <span class="c1"># Code here</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <p>The <code>setcode do ... end</code> block contains all the Ruby code for the fact. The result of the last command or variable is used as the fact’s return value.</p> <h2> Confining </h2> <p>Since all custom facts are distributed to all Puppet agents, it’s essential to ensure that OS- or application-specific facts are only executed where necessary.</p> <p>This is achieved by confining facts.</p> <p>Confinement can be applied to simple or structured facts or any other Ruby code, such as <code>File.exist?</code>.</p> <p>Simple fact confinement:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># ~/new_fact/betadots_application_version.rb</span> <span class="no">Facter</span><span class="p">.</span><span class="nf">add</span><span class="p">(</span><span class="ss">:betadots_application_version</span><span class="p">)</span> <span class="k">do</span> <span class="n">confine</span> <span class="ss">kernel: </span><span class="s1">'Linux'</span> <span class="n">setcode</span> <span class="k">do</span> <span class="c1"># Code here</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <p>Confinement using Ruby block and facts:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># ~/new_fact/betadots_application_version.rb</span> <span class="no">Facter</span><span class="p">.</span><span class="nf">add</span><span class="p">(</span><span class="ss">:betadots_application_version</span><span class="p">)</span> <span class="k">do</span> <span class="n">confine</span> <span class="s1">'os'</span> <span class="k">do</span> <span class="o">|</span><span class="n">os</span><span class="o">|</span> <span class="n">os</span><span class="p">[</span><span class="s1">'family'</span><span class="p">]</span> <span class="o">==</span> <span class="s1">'RedHat'</span> <span class="k">end</span> <span class="n">setcode</span> <span class="k">do</span> <span class="c1"># Code here</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <p>Confinement using Ruby block and Ruby code:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># ~/new_fact/betadots_application_version.rb</span> <span class="no">Facter</span><span class="p">.</span><span class="nf">add</span><span class="p">(</span><span class="ss">:betadots_application_version</span><span class="p">)</span> <span class="k">do</span> <span class="n">confine</span> <span class="k">do</span> <span class="no">File</span><span class="p">.</span><span class="nf">exist?</span><span class="p">(</span><span class="s1">'/etc/sysconfig/application'</span><span class="p">)</span> <span class="k">end</span> <span class="n">setcode</span> <span class="k">do</span> <span class="c1"># Code here</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <h2> Helpers </h2> <p>Facter provides several helper methods that can be used without requiring the <code>facter</code> class:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Helper</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><code>Facter::Core::Execution::execute</code></td> <td>Runs an executable on the system with a timeout option to prevent hanging facter runs.</td> </tr> <tr> <td><code>Facter::Core::Execution::which</code></td> <td>Checks if an executable is available. Works on any supported OS, searching the default paths <code>ENV['PATH'] + ['/sbin', '/usr/sbin']</code> </td> </tr> <tr> <td><code>Facter.value</code></td> <td>Provides access to the value of any other fact. Be careful to avoid loops!</td> </tr> </tbody> </table></div> <p>More information is available in the <a href="https://www.rubydoc.info/gems/facter" rel="noopener noreferrer">API documentation</a>.</p> <p>Please note that <code>Facter::Core::Execution::exec</code> has been deprecated in favor of <code>Facter::Core::Execution::execute</code>. This is important when migrating from older versions of Facter.</p> <p>The <code>timeout</code> options hash can be set in two ways:</p> <p>Valid for the whole fact:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="no">Facter</span><span class="p">.</span><span class="nf">add</span><span class="p">(</span><span class="s1">'&lt;name&gt;'</span><span class="p">,</span> <span class="p">{</span><span class="ss">timeout: </span><span class="mi">5</span><span class="p">})</span> <span class="k">do</span> <span class="o">...</span> <span class="k">end</span> </code></pre> </div> <p>Per execute method<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="no">Facter</span><span class="o">::</span><span class="no">Core</span><span class="o">::</span><span class="no">Execution</span><span class="o">::</span><span class="n">execute</span><span class="p">(</span><span class="s1">'&lt;cmd&gt;'</span><span class="p">,</span> <span class="n">options</span> <span class="o">=</span> <span class="p">{</span><span class="ss">:timeout</span> <span class="o">=&gt;</span> <span class="mi">5</span><span class="p">})</span> </code></pre> </div> <p>For example, if an application returns its configuration via <code>/opt/app/bin/app config</code>, you can set a timeout of 5 seconds:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># ~/new_fact/betadots_application_version.rb</span> <span class="no">Facter</span><span class="p">.</span><span class="nf">add</span><span class="p">(</span><span class="ss">:betadots_application_version</span><span class="p">)</span> <span class="k">do</span> <span class="n">confine</span> <span class="k">do</span> <span class="no">File</span><span class="p">.</span><span class="nf">exist?</span><span class="p">(</span><span class="s1">'/etc/sysconfig/application'</span><span class="p">)</span> <span class="k">end</span> <span class="n">setcode</span> <span class="k">do</span> <span class="no">Facter</span><span class="o">::</span><span class="no">Core</span><span class="o">::</span><span class="no">Execution</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="s1">'/opt/app/bin/app config'</span><span class="p">,</span> <span class="p">{</span><span class="ss">:timeout</span> <span class="o">=&gt;</span> <span class="mi">5</span><span class="p">})</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <p>The result of the last command or a variable with content is used as fact result.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># ~/new_fact/betadots_application_version.rb</span> <span class="no">Facter</span><span class="p">.</span><span class="nf">add</span><span class="p">(</span><span class="ss">:betadots_application_version</span><span class="p">)</span> <span class="k">do</span> <span class="n">confine</span> <span class="k">do</span> <span class="no">File</span><span class="p">.</span><span class="nf">exist?</span><span class="p">(</span><span class="s1">'/etc/sysconfig/application'</span><span class="p">)</span> <span class="k">end</span> <span class="n">setcode</span> <span class="k">do</span> <span class="n">config_list</span> <span class="o">=</span> <span class="no">Facter</span><span class="o">::</span><span class="no">Core</span><span class="o">::</span><span class="no">Execution</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="s1">'/opt/app/bin/app config'</span><span class="p">,</span> <span class="p">{</span><span class="ss">:timeout</span> <span class="o">=&gt;</span> <span class="mi">5</span><span class="p">})</span> <span class="n">config_list</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <h2> Accessing Other Facts </h2> <p>It’s possible for a custom fact to leverage the value of another fact by using <code>Facter.value</code>.However, this should be done cautiously to avoid introducing cyclic dependencies between facts.</p> <p>In our example the application has to different config paths for different OS.</p> <ul> <li>RedHat - /etc/sysconfig/application</li> <li>Debian - /etc/default/application</li> </ul> <p>Example with access to another fact:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># ~/new_fact/betadots_application_version.rb</span> <span class="no">Facter</span><span class="p">.</span><span class="nf">add</span><span class="p">(</span><span class="ss">:betadots_application_version</span><span class="p">)</span> <span class="k">do</span> <span class="n">confine</span> <span class="k">do</span> <span class="n">app_cfg_file</span> <span class="o">=</span> <span class="k">case</span> <span class="no">Facter</span><span class="p">.</span><span class="nf">value</span><span class="p">(</span><span class="s1">'os'</span><span class="p">)[</span><span class="s1">'family'</span><span class="p">]</span> <span class="k">when</span> <span class="s1">'RedHat'</span> <span class="s1">'/etc/sysconfig/application'</span> <span class="k">when</span> <span class="s1">'Debian'</span> <span class="s1">'/etc/default/application'</span> <span class="k">end</span> <span class="no">File</span><span class="p">.</span><span class="nf">exist?</span><span class="p">(</span><span class="n">app_cfg_file</span><span class="p">)</span> <span class="k">end</span> <span class="n">setcode</span> <span class="k">do</span> <span class="no">Facter</span><span class="o">::</span><span class="no">Core</span><span class="o">::</span><span class="no">Execution</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="s1">'/opt/app/bin/app config'</span><span class="p">)</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <p>The example retreives the <code>os</code> fact and uses the <code>family</code> key to compare the OS, then applies logic to determine which application config path to check for.</p> <h2> Return values </h2> <p>Puppet expects custom facts to return a valid value type, specifically strings, integers, booleans, or structured data (such as arrays and hashes). If the fact cannot determine a valid value, it should return <code>nil</code> or <code>undef</code> to indicate that no fact value is available.</p> <h2> Windows Facts </h2> <p>Windows-based systems support custom facts just like Linux or other Unix-like systems.<br> The main difference is that many Windows-specific tasks (such as checking installed software or reading from the registry)may require platform-specific Ruby code.</p> <p>Within the <code>Facter::Core::Execution.execute</code> usually powershell commands is used.</p> <p>Here's an example of a Windows custom fact that retrieves the version of Internet Explorer:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># ~/new_fact/betadots_internet_explorer_version.rb</span> <span class="no">Facter</span><span class="p">.</span><span class="nf">add</span><span class="p">(</span><span class="ss">:betadots_internet_explorer_version</span><span class="p">)</span> <span class="k">do</span> <span class="n">confine</span> <span class="ss">kernel: </span><span class="s1">'windows'</span> <span class="n">setcode</span> <span class="k">do</span> <span class="no">Facter</span><span class="o">::</span><span class="no">Core</span><span class="o">::</span><span class="no">Execution</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="s1">'reg query "HKLM\Software\Microsoft\Internet Explorer" /v svcVersion'</span><span class="p">)</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <p>In this example, we use the <code>reg query</code>command to check the Internet Explorer version in the Windows registry.</p> <p>Please note that the <a href="https://docs.microsoft.com/en-us/windows/win32/api/" rel="noopener noreferrer">Win32 API calls</a> are deprecated since ruby 1.9.<br> Please consider using <a href="https://github.com/ruby/fiddle" rel="noopener noreferrer">Fiddle</a> or other Ruby-based libraries for interacting with the system.</p> <h2> Additional Concepts </h2> <h3> Logging </h3> <p>It's often useful to include logging within custom facts to help with troubleshooting and development. You can log messages using Puppet's built-in logging mechanism:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="no">Facter</span><span class="p">.</span><span class="nf">add</span><span class="p">(</span><span class="ss">:betadots_application_version</span><span class="p">)</span> <span class="k">do</span> <span class="n">setcode</span> <span class="k">do</span> <span class="no">Facter</span><span class="p">.</span><span class="nf">debug</span><span class="p">(</span><span class="s2">"Custom fact 'betadots_application_version' running"</span><span class="p">)</span> <span class="o">...</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <p>Logging levels include <code>debug</code>, <code>info</code>, <code>warn</code>, <code>error</code>, and <code>fatal</code>.</p> <h3> Aggregates </h3> <p>Another option to create structured facts is the usage of chunks.<br> Each chunk must have a name and returns a data structure which must be of type array or hash.<br> After reading all chunks, the chunks will be aggregated. The default is to merge arrays or hashes.</p> <p>It is possible to write a different aggregate definition.</p> <p>We assume that our app can directly read config keys: <code>/opt/app/bin/app config &lt;key&gt;</code> returns the value.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># ~/new_fact/betadots_application_version.rb</span> <span class="no">Facter</span><span class="p">.</span><span class="nf">add</span><span class="p">(</span><span class="ss">:betadots_application_version</span><span class="p">,</span> <span class="ss">:type</span> <span class="o">=&gt;</span> <span class="ss">:aggregate</span><span class="p">)</span> <span class="k">do</span> <span class="n">confine</span> <span class="k">do</span> <span class="n">app_cfg_file</span> <span class="o">=</span> <span class="k">case</span> <span class="no">Facter</span><span class="p">.</span><span class="nf">value</span><span class="p">(</span><span class="s1">'os'</span><span class="p">)[</span><span class="s1">'family'</span><span class="p">]</span> <span class="k">when</span> <span class="s1">'RedHat'</span> <span class="s1">'/etc/sysconfig/application'</span> <span class="k">when</span> <span class="s1">'Debian'</span> <span class="s1">'/etc/default/application'</span> <span class="k">end</span> <span class="no">File</span><span class="p">.</span><span class="nf">exist?</span><span class="p">(</span><span class="n">app_cfg_file</span><span class="p">)</span> <span class="k">end</span> <span class="n">chunk</span><span class="p">(</span><span class="ss">:config_version</span><span class="p">)</span> <span class="k">do</span> <span class="p">{</span><span class="ss">:version</span> <span class="o">=&gt;</span> <span class="no">Facter</span><span class="o">::</span><span class="no">Core</span><span class="o">::</span><span class="no">Execution</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="s1">'/opt/app/bin/app config version'</span><span class="p">)}</span> <span class="k">end</span> <span class="n">chunk</span><span class="p">(</span><span class="ss">:config_cache_size</span><span class="p">)</span> <span class="k">do</span> <span class="p">{</span><span class="ss">:cache_size</span> <span class="o">=&gt;</span> <span class="no">Facter</span><span class="o">::</span><span class="no">Core</span><span class="o">::</span><span class="no">Execution</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="s1">'/opt/app/bin/app config cache_size'</span><span class="p">)}</span> <span class="k">end</span> <span class="n">chunk</span><span class="p">(</span><span class="ss">:config_log_level</span><span class="p">)</span> <span class="k">do</span> <span class="p">{</span><span class="ss">:log_level</span> <span class="o">=&gt;</span> <span class="no">Facter</span><span class="o">::</span><span class="no">Core</span><span class="o">::</span><span class="no">Execution</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="s1">'/opt/app/bin/app config log_level'</span><span class="p">)}</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <p>Result:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>betadots_application_version =&gt; { version =&gt; '1.2.4', cache_size =&gt; '400M', log_level =&gt; 'info', } </code></pre> </div> <h3> Weight </h3> <p>Facter offers the option to select a value based on priority of a fact.<br> Let's assume that an application is either started form systemd or in any other way (so it has a pid file).</p> <p>Note: external facts have a built in weight value of 1000. Overriding external facts is possible by creating a fact with the same name and specifying a weight value over 1000.</p> <p>More details can be found in the <a href="https://www.puppet.com/docs/puppet/latest/custom_facts#configuring_facts-fact-precedence" rel="noopener noreferrer">Fact precedence</a> section of the <a href="https://www.puppet.com/docs/puppet/latest/custom_facts" rel="noopener noreferrer">Custom facts overview page</a>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="no">Facter</span><span class="p">.</span><span class="nf">add</span><span class="p">(</span><span class="s1">'application_running'</span><span class="p">)</span> <span class="k">do</span> <span class="n">has_weight</span> <span class="mi">100</span> <span class="n">setcode</span> <span class="k">do</span> <span class="no">Facter</span><span class="o">::</span><span class="no">Core</span><span class="o">::</span><span class="no">Execution</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="s1">'systemctl status app'</span><span class="p">)</span> <span class="k">end</span> <span class="k">end</span> <span class="no">Facter</span><span class="p">.</span><span class="nf">add</span><span class="p">(</span><span class="s1">'application_running'</span><span class="p">)</span> <span class="k">do</span> <span class="n">has_weight</span> <span class="mi">50</span> <span class="n">setcode</span> <span class="k">do</span> <span class="no">File</span><span class="p">.</span><span class="nf">exist?</span><span class="p">(</span><span class="s1">'/var/run/application.pid'</span><span class="p">)</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <h3> Blocking and Caching </h3> <p>By default, facts are recalculated each time they are queried. In certain scenarios, this might be inefficient, especially for computationally expensive facts or facts that rarely change. Facter offers a caching mechanism that allows you to persist fact values between Puppet runs.</p> <p>Besides this some facts might be of no interest, but take long time to read.<br> In this case Facters blocklist can be used.</p> <p>Configuration takes place in <code>/etc/puppetlabs/facter/facter.conf</code> on *nix systems or <code>C:\ProgramData\PuppetLabs\facter\etc\facter.conf</code> on Windows.<br> Please note that this configuratoin must be done on the Puppet agents!<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># /etc/puppetlabs/facter/facter.conf facts : { blocklist : [ "file system", "EC2", "processors.isa" ] ttls : [ { "timezone": 30 days }, { "my-fact-group": 30 days }, ] } fact-groups : { my-fact-group : [ "os", "ssh.version"] } </code></pre> </div> <p>As you can see: within the <code>blocklist</code> we can mention the facts itself, a sub fact, or a fact group.<br> Existing facter groups can be read on the command line:</p> <h4> Facter block groups </h4> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>facter <span class="nt">--list-block-groups</span> EC2 - ec2_metadata - ec2_userdata file system - mountpoints - filesystems - partitions hypervisors - hypervisors </code></pre> </div> <h4> Facter cache groups </h4> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>facter <span class="nt">--list-cache-groups</span> EC2 - ec2_metadata - ec2_userdata GCE - gce ... </code></pre> </div> <p>Besides this we can add our own fact groups using the <code>facts-group</code> setting.</p> <p>Please note that in the past people were using <a href="https://forge.puppet.com/modules/dylanratcliffe/facter_cache/readme" rel="noopener noreferrer">Dylan Ratcliffe's facter_cache Module</a>. This is no longer needed as of Puppet 6, when the facter.conf settings were introduced.</p> <p>The Puppet website provides more information on <a href="https://www.puppet.com/docs/puppet/latest/configuring_facter" rel="noopener noreferrer"><code>facter.conf</code> settings</a>.</p> <h2> Coding Strategies and Structured Data </h2> <ul> <li>Limit the total number of facts</li> <li>Use data hashes</li> <li>Generic code and Ruby modules</li> </ul> <p>In more advanced cases, facts can return structured data, such as arrays or hashes. Structured facts allow for more complex data to be passed back to the Puppet server.</p> <p>It is absolutely required to limit the total number of facts for a node. Main reason is the performance of PuppetDB.</p> <p>Hashes or arrays can be built directly in Ruby code or via Facter aggregates.</p> <p>e.g. We need the state of several files.</p> <p>Solution 1: Hash in Ruby:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="no">Facter</span><span class="p">.</span><span class="nf">add</span><span class="p">(</span><span class="ss">:betadots_file_check</span><span class="p">)</span> <span class="k">do</span> <span class="n">setcode</span> <span class="k">do</span> <span class="n">file_list</span> <span class="o">=</span> <span class="k">case</span> <span class="no">Facter</span><span class="p">.</span><span class="nf">value</span><span class="p">(</span><span class="ss">:kernel</span><span class="p">)</span> <span class="k">when</span> <span class="s1">'windows'</span> <span class="p">[</span> <span class="s1">'c:/Program Data/Application/bin/app'</span><span class="p">,</span> <span class="s1">'c:/backup/state.txt'</span><span class="p">,</span> <span class="p">]</span> <span class="k">when</span> <span class="s1">'Linux'</span> <span class="p">[</span> <span class="s1">'/opt/app/bin/app'</span><span class="p">,</span> <span class="s1">'/etc/backup/state.txt'</span><span class="p">,</span> <span class="p">]</span> <span class="k">end</span> <span class="n">result</span> <span class="o">=</span> <span class="p">{}</span> <span class="n">file_list</span><span class="p">.</span><span class="nf">each</span> <span class="o">|</span><span class="nb">name</span><span class="o">|</span> <span class="k">do</span> <span class="n">result</span><span class="p">[</span><span class="nb">name</span><span class="p">]</span> <span class="o">=</span> <span class="p">{</span> <span class="s1">'size'</span> <span class="o">=&gt;</span> <span class="no">File</span><span class="p">.</span><span class="nf">size</span><span class="p">(</span><span class="nb">name</span><span class="p">),</span> <span class="s1">'world_writable'</span> <span class="o">=&gt;</span> <span class="no">File</span><span class="p">.</span><span class="nf">world_writable?</span><span class="p">(</span><span class="nb">name</span><span class="p">)</span> <span class="p">}</span> <span class="k">if</span> <span class="no">File</span><span class="p">.</span><span class="nf">exist?</span><span class="p">(</span><span class="nb">name</span><span class="p">)</span> <span class="k">end</span> <span class="n">result</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <p>Will return:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="p">{</span> <span class="sr">/opt/</span><span class="n">app</span><span class="o">/</span><span class="n">bin</span><span class="o">/</span><span class="n">app</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="n">size</span> <span class="o">=&gt;</span> <span class="mi">64328</span><span class="p">,</span> <span class="n">world_writable</span> <span class="o">=&gt;</span> <span class="n">null</span><span class="p">,</span> <span class="p">},</span> <span class="sr">/etc/</span><span class="n">backup</span><span class="o">/</span><span class="n">state</span><span class="p">.</span><span class="nf">txt</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="n">size</span> <span class="o">=&gt;</span> <span class="mi">0</span><span class="p">,</span> <span class="n">world_writable</span> <span class="o">=&gt;</span> <span class="mi">438</span><span class="p">,</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Solution 2: Hashes using aggregate:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="no">Facter</span><span class="p">.</span><span class="nf">add</span><span class="p">(</span><span class="ss">:betadots_file_check</span><span class="p">,</span> <span class="ss">:type</span> <span class="o">=&gt;</span> <span class="ss">:aggregate</span><span class="p">)</span> <span class="k">do</span> <span class="n">file_list</span> <span class="o">=</span> <span class="k">case</span> <span class="no">Facter</span><span class="p">.</span><span class="nf">value</span><span class="p">(</span><span class="ss">:kernel</span><span class="p">)</span> <span class="k">when</span> <span class="s1">'windows'</span> <span class="p">[</span> <span class="s1">'c:/Program Data/Application/bin/app'</span><span class="p">,</span> <span class="s1">'c:/backup/state.txt'</span><span class="p">,</span> <span class="p">]</span> <span class="k">when</span> <span class="s1">'Linux'</span> <span class="p">[</span> <span class="s1">'/opt/app/bin/app'</span><span class="p">,</span> <span class="s1">'/etc/backup/state.txt'</span><span class="p">,</span> <span class="p">]</span> <span class="k">end</span> <span class="n">chunk</span><span class="p">(</span><span class="ss">:file_size</span><span class="p">)</span> <span class="k">do</span> <span class="n">result</span> <span class="o">=</span> <span class="p">{}</span> <span class="n">file_list</span><span class="p">.</span><span class="nf">each</span> <span class="o">|</span><span class="nb">name</span><span class="o">|</span> <span class="k">do</span> <span class="n">result</span><span class="p">[</span><span class="nb">name</span><span class="p">]</span> <span class="o">=</span> <span class="p">{</span> <span class="ss">:size</span> <span class="o">=&gt;</span> <span class="no">File</span><span class="p">.</span><span class="nf">size</span><span class="p">(</span><span class="nb">name</span><span class="p">)</span> <span class="p">}</span> <span class="k">if</span> <span class="no">File</span><span class="p">.</span><span class="nf">exist?</span><span class="p">(</span><span class="nb">name</span><span class="p">)</span> <span class="k">end</span> <span class="n">result</span> <span class="k">end</span> <span class="n">chunk</span><span class="p">(</span><span class="ss">:file_world_writable</span><span class="p">)</span> <span class="k">do</span> <span class="n">result</span> <span class="o">=</span> <span class="p">{}</span> <span class="n">file_list</span><span class="p">.</span><span class="nf">each</span> <span class="o">|</span><span class="nb">name</span><span class="o">|</span> <span class="k">do</span> <span class="n">result</span><span class="p">[</span><span class="nb">name</span><span class="p">]</span> <span class="o">=</span> <span class="p">{</span> <span class="ss">:world_writable</span> <span class="o">=&gt;</span> <span class="no">File</span><span class="p">.</span><span class="nf">world_writable?</span><span class="p">(</span><span class="nb">name</span><span class="p">)</span> <span class="p">}</span> <span class="k">if</span> <span class="no">File</span><span class="p">.</span><span class="nf">exist?</span><span class="p">(</span><span class="nb">name</span><span class="p">)</span> <span class="k">end</span> <span class="n">result</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <p>Will return:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="p">{</span> <span class="sr">/opt/</span><span class="n">app</span><span class="o">/</span><span class="n">bin</span><span class="o">/</span><span class="n">app</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="n">size</span> <span class="o">=&gt;</span> <span class="mi">64328</span><span class="p">,</span> <span class="n">world_writable</span> <span class="o">=&gt;</span> <span class="n">null</span><span class="p">,</span> <span class="p">},</span> <span class="sr">/etc/</span><span class="n">backup</span><span class="o">/</span><span class="n">state</span><span class="p">.</span><span class="nf">txt</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="n">size</span> <span class="o">=&gt;</span> <span class="mi">0</span><span class="p">,</span> <span class="n">world_writable</span> <span class="o">=&gt;</span> <span class="mi">438</span><span class="p">,</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Another example reads the Puppet agent certificate and provides the certificate extensions as a Facter hash:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="no">Facter</span><span class="p">.</span><span class="nf">add</span><span class="p">(</span><span class="ss">:betadots_cert_extension</span><span class="p">)</span> <span class="k">do</span> <span class="n">setcode</span> <span class="k">do</span> <span class="nb">require</span> <span class="s1">'openssl'</span> <span class="nb">require</span> <span class="s1">'puppet'</span> <span class="nb">require</span> <span class="s1">'puppet/ssl/oids'</span> <span class="c1"># set variables</span> <span class="n">extension_hash</span> <span class="o">=</span> <span class="p">{}</span> <span class="n">certdir</span> <span class="o">=</span> <span class="no">Puppet</span><span class="p">.</span><span class="nf">settings</span><span class="p">[</span><span class="ss">:certdir</span><span class="p">]</span> <span class="n">certname</span> <span class="o">=</span> <span class="no">Puppet</span><span class="p">.</span><span class="nf">settings</span><span class="p">[</span><span class="ss">:certname</span><span class="p">]</span> <span class="n">certificate_file</span> <span class="o">=</span> <span class="s2">"</span><span class="si">#{</span><span class="n">certdir</span><span class="si">}</span><span class="s2">/</span><span class="si">#{</span><span class="n">certname</span><span class="si">}</span><span class="s2">.pem"</span> <span class="c1"># get puppet ssl oids</span> <span class="n">oids</span> <span class="o">=</span> <span class="p">{}</span> <span class="no">Puppet</span><span class="o">::</span><span class="no">SSL</span><span class="o">::</span><span class="no">Oids</span><span class="o">::</span><span class="no">PUPPET_OIDS</span><span class="p">.</span><span class="nf">each</span> <span class="k">do</span> <span class="o">|</span><span class="n">o</span><span class="o">|</span> <span class="n">oids</span><span class="p">[</span><span class="n">o</span><span class="p">[</span><span class="mi">0</span><span class="p">]]</span> <span class="o">=</span> <span class="n">o</span><span class="p">[</span><span class="mi">1</span><span class="p">]</span> <span class="k">end</span> <span class="c1"># read the certificate</span> <span class="n">cert</span> <span class="o">=</span> <span class="no">OpenSSL</span><span class="o">::</span><span class="no">X509</span><span class="o">::</span><span class="no">Certificate</span><span class="p">.</span><span class="nf">new</span> <span class="no">File</span><span class="p">.</span><span class="nf">read</span> <span class="n">certificate_file</span> <span class="c1"># cert extensions differs if we run via agent (numeric) or via facter (names)</span> <span class="n">cert</span><span class="p">.</span><span class="nf">extensions</span><span class="p">.</span><span class="nf">each</span> <span class="k">do</span> <span class="o">|</span><span class="n">extension</span><span class="o">|</span> <span class="k">case</span> <span class="n">extension</span><span class="p">.</span><span class="nf">oid</span><span class="p">.</span><span class="nf">to_s</span> <span class="k">when</span> <span class="sr">%r{^1</span><span class="se">\.</span><span class="sr">3</span><span class="se">\.</span><span class="sr">6</span><span class="se">\.</span><span class="sr">1</span><span class="se">\.</span><span class="sr">4</span><span class="se">\.</span><span class="sr">1</span><span class="se">\.</span><span class="sr">34380</span><span class="se">\.</span><span class="sr">1</span><span class="se">\.</span><span class="sr">1}</span> <span class="n">short_name</span> <span class="o">=</span> <span class="n">oids</span><span class="p">[</span><span class="n">extension</span><span class="p">.</span><span class="nf">oid</span><span class="p">]</span> <span class="n">value</span> <span class="o">=</span> <span class="n">extension</span><span class="p">.</span><span class="nf">value</span><span class="p">[</span><span class="mi">2</span><span class="o">..-</span><span class="mi">1</span><span class="p">]</span> <span class="n">extension_hash</span><span class="p">[</span><span class="n">short_name</span><span class="p">]</span> <span class="o">=</span> <span class="n">value</span> <span class="k">unless</span> <span class="n">short_name</span> <span class="o">==</span> <span class="s1">'pp_preshared_key'</span> <span class="k">when</span> <span class="sr">%r{^pp_}</span> <span class="n">short_name</span> <span class="o">=</span> <span class="n">extension</span><span class="p">.</span><span class="nf">oid</span> <span class="n">value</span> <span class="o">=</span> <span class="n">extension</span><span class="p">.</span><span class="nf">value</span><span class="p">[</span><span class="mi">2</span><span class="o">..-</span><span class="mi">1</span><span class="p">]</span> <span class="n">extension_hash</span><span class="p">[</span><span class="n">short_name</span><span class="p">]</span> <span class="o">=</span> <span class="n">value</span> <span class="k">unless</span> <span class="n">short_name</span> <span class="o">==</span> <span class="s1">'pp_preshared_key'</span> <span class="k">end</span> <span class="k">end</span> <span class="n">extension_hash</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <h2> Summary </h2> <p>Custom facts are a powerful way to extend Puppet’s built-in facts with your organization’s specific information. Whether you’re retrieving application versions, monitoring system configuration, or providing custom details for a specific environment, custom facts help ensure that Puppet has the right data to apply the correct configuration.</p> <p>In this post, we’ve covered the basics of custom fact development, including:</p> <ul> <li>How to create custom facts in a local environment or as part of a module.</li> <li>The API for creating and confining facts.</li> <li>Accessing other facts and helper methods to enhance fact functionality.</li> <li>Returning structured data for complex requirements.</li> </ul> <p>One more advise: Run local commands only! If connections to remote systems are required you must ensure scalability and high availability.</p> <p>Happy puppetizing,<br> Martin</p> puppet ruby devops cfgmgmt Puppet best practice Martin Alfke Wed, 08 May 2024 08:10:51 +0000 https://dev.to/betadots/puppet-best-practice-3b9c https://dev.to/betadots/puppet-best-practice-3b9c <p>At <a href="https://www.betados.de">betadots</a>, during our <a href="https://puppet.com">Puppet</a> code reviews, we often receive requests for a comprehensive summary of best practices and guidelines.<br> In response, we've compiled this article to delve deep into Puppet's best practices and implementations.</p> <p>Table of content</p> <ul> <li> Control Repo <ul> <li>Test your control-repo!</li> </ul> </li> <li>Hiera</li> <li>Node Classification</li> <li>Library Module Usage</li> <li>Profiles: Doing Them right</li> <li> Module Development <ul> <li>General Concepts and Structure</li> <li>Parameters and Variables</li> <li>Declaration and References</li> <li>Class and Resource Ordering</li> <li>Documentation</li> </ul> </li> <li>Summary</li> <li> Examples <ul> <li>environment.conf</li> <li>bin/config_script.sh</li> <li>manifests/site.pp</li> <li>Hiera Config</li> <li>Simple Hiera Data</li> <li>Module Classes</li> <li>Class Spec Tests</li> </ul> </li> </ul> <h2> Control Repo </h2> <p>The control repo's layout is crucial. We scrutinize files such as <code>environment.conf</code>, <code>Puppetfile</code>, <code>manifests/site.pp</code>, and <code>hiera.yaml</code>.</p> <p>In <code>environment.conf</code>, we focus on settings like <code>config_version</code>, <code>modulepath</code>, and <code>environment_timeout</code>.</p> <p>When examining <code>Puppetfile</code>, we emphasize library modules, versions, and sources. While <a href="https://forge.puppet.com/">Puppet forge</a> offers convenience, mirroring library module GIT repositories internally is advisable for control and security. Using git tags in <code>Puppetfile</code> for module versioning facilitates pre-upgrade reviews and eliminates Puppet server internet dependencies.</p> <h3> Test your Control Repo </h3> <p>Thorough testing validates code changes effectively. Our tests include:</p> <ul> <li>Linting with <a href="https://github.com/puppetlabs/puppet-lint">puppet lint</a> </li> <li>Unit testing with <a href="https://github.com/puppetlabs/rspec-puppet">rspec puppet</a> </li> <li>Acceptance testing using <a href="https://github.com/voxpupuli/beaker">puppet beaker</a> or <a href="https://puppetlabs.github.io/litmus/">puppet litmus</a> </li> <li>Catalog diffing with <a href="https://github.com/voxpupuli/puppet-catalog_diff">catalog diff tool</a> and <a href="https://github.com/voxpupuli/puppet-catalog-diff-viewer">catalog diff viewer</a> </li> </ul> <p>Consider adopting <a href="https://www.puppet.com/docs/pdk/3.x/pdk.html">PDK - Puppet Development Kit</a> or leveraging <a href="https://github.com/voxpupuli/onceover">onceover</a>.</p> <p>Ensure you're using the right version of RSpec-Puppet, distinguishing between maintained projects by <a href="https://github.com/rodjek/rspec-puppet">Rodjek</a> and <a href="https://github.com/puppetlabs/rspec-puppet">Puppet Inc.</a>.</p> <p>For your reference:</p> <ul> <li><p>The official website for puppet-lint is now located at <a href="https://puppetlabs.github.io/puppet-lint/">https://puppetlabs.github.io/puppet-lint/</a>.<br> Please note that the older version is no longer maintained.</p></li> <li><p>Similarly, for RSpec, we advise consulting the <a href="https://github.com/puppetlabs/rspec-puppet/blob/main/README.md">README</a> file in the official GitHub repository. Be cautious not to mistake it for the project by Rodjek. While they may appear similar currently, this could change in the future.</p></li> </ul> <h2> Hiera </h2> <p>Hiera is pivotal, covering node classification, library module API parameters, and infrastructure differences. We stress correct Hiera implementation, aligning hierarchy layers with infrastructure complexity while balancing diversity and maintainability.<br> All Hiera layers should rely solely on Puppet or trusted facts.</p> <p>Next we analyze the data and check for data keys and their module namespace usage.</p> <p>If no module namespace is used, we can be sure that all hiera values are looked up using explizit lookup function.<br> This has a huge impact on analyzing and understanding code and data, as class parameters are mapped to different names within hiera.</p> <h2> Node Classification </h2> <p>In <code>manifests/site.pp</code>, we inspect resource defaults, node declarations, and data processing.</p> <p>Setting resource defaults simplifies coding, while following the roles and profiles pattern aids in managing numerous identically configured systems.</p> <p>For divergent infrastructures, Hiera-based node classification offers flexibility, shifting complexity from static code to dynamic data.</p> <p>We usually recommend to set the following resource defaults:</p> <ul> <li>file : disable backup</li> <li>exec : path parameter default</li> <li>package : default provider (only needed in an environment with Windows nodes)</li> </ul> <p>Another topic we look for is data processing based on node data like fqdn or network information. Here we ask to please move this to a custom fact.<br> Nice side effect: this will drastically reduce the compilation time, as the node calculates its own data.</p> <h2> Library Module Usage </h2> <p>Leverage upstream library modules whenever possible to solve problems efficiently. However, consider community contributions or feature requests for missing functionalities rather than internal forks or rewrites.</p> <p>Modern libraries adopting the data-in-modules pattern facilitate configuration solely through Hiera data, minimizing Puppet code development.</p> <h2> Profiles: Doing Them Right </h2> <p>Profiles encapsulate infrastructure components like user management, authentication, and application deployment. Combining resource and library module declarations within profiles streamlines configuration management.</p> <p>Clear profile class naming aids in identifying responsibilities and maintaining a single source of truth.</p> <p>The main win over just using library module data is the capability to identify which profile declares the library class.</p> <p>Any subprofile which is split into multiple files - maybe due to better readability or maintainability - must be specified being a private subprofile.<br> This can be achieved by placing <code>assert_private()</code> into the beginning of the class body.</p> <p>The concept of profile module development is the same as for library modules.</p> <h2> Module Development </h2> <p>Module development involves several considerations:</p> <ul> <li>General Concepts and Structure: Utilize PDK for module creation and consider modulesync for managing multiple modules.</li> <li>Parameters and Variables: Emphasize class parameters for flexibility and avoid unnecessary variable mapping.</li> <li>Declaration and References: Ensure resource references are in the same class as the declaration and use Puppet-lint plugins for reference checks.</li> <li>Class and Resource Ordering: Maintain proper class and resource ordering for predictable execution.</li> <li>Documentation: Leverage Puppet Strings for comprehensive module documentation, including parameter usage, limitations, and code examples.</li> </ul> <h3> General Concepts and Structure </h3> <p>To simply get started with a new module we recommend using PDK. It will help to ramp up the module skeleton.<br> If you create a class with PDK, it will also create a simple test class for it.</p> <p>In case that many modules must be managed, we recommend to switch to <a href="https://github.com/voxpupuli/modulesync">modulesync</a> from <a href="https://github.com/voxpupuli">Voxpupuli Puppet community</a>.</p> <p>Every module must have a dedicated API.</p> <p>That means that there are specific classes to be used by others, which have parameter to allow adoptions.<br> Any subclass which is not an API endpoint, must be marked as being <code>private</code>.</p> <p>Testing should be done on all classes, the private ones should verify for compiler error, whereas your API classes spec tests should also cover different parameters and operating systems.</p> <p>Differences between operating systems must be done via hiera data in library or profile modules.</p> <p>If you find self written profile class code repeated or copied within multiple modules you must check if building an additional internal library module can be used to reduce the multiple development overhead.</p> <p>Testing must at least cover linting and unit tests.<br> Acceptance tests need VM automation or container technologies and should be added as soon as possible.</p> <h3> Parameters and Variables </h3> <p>Class Parameters allow flexible usage of profiles. Any parameter can be validated using a <a href="https://www.puppet.com/docs/puppet/latest/lang_data_type.html">Puppet Data Type</a>. You also can create custom data types if the basic ones are not sufficient for you use case. In the past validation was often done with <code>assert_*</code> or <code>validate_*</code> functions in the class body. With data types you can specify the type of data you are expecting right in the class header and don't need to care about validation later on.</p> <p>With class parameters you can specify different settings for specific use cases like access to a dev and a prod machine via hiera.</p> <p>Please stop doing variable mapping!</p> <p>We often see that hash parameters are not used directly but that certain elements of a hash are placed into a new variable.<br> This only makes sense if you need the specific value multiple times.<br> Rule of thumb, if you need a special piece of data more then twice, you might do a mapping.<br> But in most cases we recommend to not do it!</p> <p>Variable mapping produces code which is hard to understand, because you must always keep in mind the original variable and the mapped variables.</p> <h3> Declaration and References </h3> <p>Using resource references, you can set default values and ordering.</p> <p>We sometimes see references on resources which are not local to the class.<br> The class <code>config</code> declares the file and a class <code>service</code> declares the service.</p> <p>Whenever someone refactors on of the classes, you must also take care on the references.</p> <p>We highly recommend to make use of the <a href="https://github.com/voxpupuli/puppet-lint-reference_on_declaration_outside_of_class-check">reference on declaration outside of class</a> puppet-lint plugin.</p> <h3> Class and Resource Ordering </h3> <p>We mentioned that references should be local to a declaration.<br> But how to ensure resource ordering?</p> <p>Normally resources inside a class are always processed in the same order as they appear in the class.<br> There are some resource types which have <code>soft autorequire dependecies</code>, like user and their primary group.</p> <p>In general you must ensure that classes are always done in right order.<br> Otherwise puppet tries to make an educated guess in which order resources and classes might be.</p> <p>Classes and resources ordering should be separate from declaration.</p> <h3> Documentation </h3> <p>Classes can have many parameters. So where do you look for information on how to make use of them?<br> This is where <a href="https://www.puppet.com/docs/puppet/latest/puppet_strings.html">Puppet strings</a> will be used.<br> Puppet strings allows you to render the file <code>REFERENCE.md</code> using a rake task.</p> <p>Additionally it offers the option to run a documentation web server with access to your completely deployed control-repository.<br> It will check for any file updates and update the documentation automatically.<br> We recommend to put a web server with user authentication in front of the puppet strings web service.</p> <p>Next to class responsibility, limitations, usage and parameter documentation we recommend to document any complex code.<br> We sometimes see multiple usages of <code>filter</code>, <code>map</code> or <code>reduce</code> functions which parse and restructure data.<br> Any new person working on the code must be able to understand why and what is done. Data examples can be useful.</p> <h2> Summary </h2> <p>Structured and documented code simplifies Puppet management. Adopting automated testing and coding principles from reputable library modules - like the ones from <a href="https://forge.puppet.com/modules/puppetlabs">Puppet Inc</a> and <a href="https://forge.puppet.com/modules/puppet">Voxpupuli</a> - enhances code quality and reliability.</p> <h2> Examples </h2> <p>Below are examples illustrating various Puppet practices.</p> <h3> environment.conf </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>config_version <span class="o">=</span> <span class="s1">'bin/config_script.sh $environmentpath $environment'</span> modulepath <span class="o">=</span> site:modules:<span class="nv">$basemodulepath</span> </code></pre> </div> <h3> bin/config_script.sh </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c">#!/bin/bash</span> <span class="k">if</span> <span class="o">[</span> <span class="nt">-x</span> /usr/bin/git <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nv">ENVGITDIR</span><span class="o">=</span><span class="s2">"</span><span class="nv">$1</span><span class="s2">/environments/</span><span class="nv">$2</span><span class="s2">/.git"</span> /usr/bin/git <span class="nt">--git-dir</span> <span class="s2">"</span><span class="k">${</span><span class="nv">ENVGITDIR</span><span class="k">}</span><span class="s2">"</span> log <span class="nt">--pretty</span><span class="o">=</span>format:<span class="s2">"%h - %an, %ad : %s"</span> <span class="nt">-1</span> <span class="k">else </span><span class="nb">echo</span> <span class="s2">"no git - environment </span><span class="nv">$1</span><span class="s2">"</span> <span class="k">fi </span><span class="nb">exit </span>0 </code></pre> </div> <h3> manifests/site.pp </h3> <div class="highlight js-code-highlight"> <pre class="highlight puppet"><code><span class="nc">File</span> <span class="p">{</span> <span class="py">backup</span> <span class="p">=&gt;</span> <span class="kc">false</span><span class="p">,</span> <span class="p">}</span> <span class="nc">Exec</span> <span class="p">{</span> <span class="py">path</span> <span class="p">=&gt;</span> <span class="nv">$facts</span><span class="p">[</span><span class="s1">'path'</span><span class="p">],</span> <span class="p">}</span> <span class="k">if</span> <span class="nv">$facts</span><span class="p">[</span><span class="s1">'os'</span><span class="p">][</span><span class="s1">'family'</span><span class="p">]</span> <span class="o">==</span> <span class="s1">'windows'</span> <span class="p">{</span> <span class="nc">Package</span> <span class="p">{</span> <span class="py">provider</span> <span class="p">=&gt;</span> <span class="s1">'choco'</span><span class="p">,</span> <span class="p">}</span> <span class="p">}</span> <span class="c"># Node classification - sorted Hash # e.g. # classes_hash: # '01_base': 'profile::base' # '02_security': 'profile::security' # '12_application': 'profile::application::billing' # '13_service': # - 'profile::application::billing::backend' # - 'profile::application::billing::admin_ui' # # overwriting identifier classes: # classes_hash: # '13_service': 'profile::application::billing2' # # disabling identifier classes: # classes_hash: # '13_service': '' # # $element[0]: the hash key identifier # $element[1]: the class name to load # </span><span class="nv">$classes_hash</span> <span class="o">=</span> <span class="nf">lookup</span><span class="p">(</span><span class="s1">'classes_hash'</span><span class="p">,</span> <span class="p">{</span> <span class="s1">'value_type'</span> <span class="p">=&gt;</span> <span class="nc">Hash</span><span class="p">,</span> <span class="s1">'default_value'</span> <span class="p">=&gt;</span> <span class="p">{}</span> <span class="p">})</span> <span class="nv">$classes_hash</span><span class="o">.</span><span class="n">keys</span><span class="o">.</span><span class="n">sort</span><span class="o">.</span><span class="n">each</span> <span class="p">|</span><span class="nv">$key</span><span class="p">|</span> <span class="p">{</span> <span class="k">if</span> <span class="nv">$classes_hash</span><span class="p">[</span><span class="nv">$key</span><span class="p">]</span> <span class="o">!=</span> <span class="s1">''</span> <span class="p">{</span> <span class="n">contain</span> <span class="nv">$classes_hash</span><span class="p">[</span><span class="nv">$key</span><span class="p">]</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="n">echo</span> <span class="p">{</span> <span class="nv">$key</span><span class="p">:</span> <span class="py">message</span> <span class="p">=&gt;</span> <span class="s2">"Class for </span><span class="nv">${key}</span><span class="s2"> on </span><span class="err">$</span><span class="s2">{facts['networking']['fqdn']} is disabled"</span><span class="p">,</span> <span class="py">withpath</span> <span class="p">=&gt;</span> <span class="kc">false</span><span class="p">,</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="k">node</span> <span class="k">default</span> <span class="p">{}</span> </code></pre> </div> <h3> Hiera Config </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="nn">---</span> <span class="na">version</span><span class="pi">:</span> <span class="m">5</span> <span class="na">defaults</span><span class="pi">:</span> <span class="na">datadir</span><span class="pi">:</span> <span class="s">data</span> <span class="na">lookup_key</span><span class="pi">:</span> <span class="s">eyaml_lookup_key</span> <span class="na">options</span><span class="pi">:</span> <span class="na">pkcs7_private_key</span><span class="pi">:</span> <span class="s2">"</span><span class="s">/etc/puppetlabs/puppet/keys/private_key.pkcs7.pem"</span> <span class="na">pkcs7_public_key</span><span class="pi">:</span> <span class="s2">"</span><span class="s">/etc/puppetlabs/puppet/keys/public_key.pkcs7.pem"</span> <span class="na">hierarchy</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s2">"</span><span class="s">node</span><span class="nv"> </span><span class="s">yaml</span><span class="nv"> </span><span class="s">hierarchy"</span> <span class="na">paths</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">nodes/%{trusted.certname}.yaml"</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s2">"</span><span class="s">role</span><span class="nv"> </span><span class="s">yaml</span><span class="nv"> </span><span class="s">hierarchy"</span> <span class="na">paths</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">role/%{trusted.extensions.pp_role}-%{trusted.extensions.pp_env}.yaml"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">role/%{trusted.extensions.pp_role}.yaml"</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s2">"</span><span class="s">os</span><span class="nv"> </span><span class="s">yaml</span><span class="nv"> </span><span class="s">hierarchy"</span> <span class="na">paths</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">os/%{facts.os.family}-%{facts.os.release.major}.yaml"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">os/%{facts.os.family}.yaml"</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s2">"</span><span class="s">zone</span><span class="nv"> </span><span class="s">yaml</span><span class="nv"> </span><span class="s">hierarchy"</span> <span class="na">paths</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">zone/%{trusted.extentions.pp_zone}.yaml"</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s2">"</span><span class="s">Common"</span> <span class="na">path</span><span class="pi">:</span> <span class="s2">"</span><span class="s">common.yaml"</span> </code></pre> </div> <h3> Simple Hiera Data </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># data/common.yaml</span> <span class="nn">---</span> <span class="c1"># Node classification using classes_hash</span> <span class="na">classes_hash</span><span class="pi">:</span> <span class="s1">'</span><span class="s">00_base_ssh'</span><span class="err">:</span> <span class="s1">'</span><span class="s">ssh'</span> <span class="s1">'</span><span class="s">01_base_nft'</span><span class="err">:</span> <span class="s1">'</span><span class="s">profile::nftables'</span> <span class="s1">'</span><span class="s">02_base_nft_rules'</span><span class="err">:</span> <span class="s1">'</span><span class="s">profile::nftables::rules::base'</span> <span class="c1"># Commmon SSH data</span> <span class="c1"># using saz-ssh: https://forge.puppet.com/modules/saz/ssh/readme</span> <span class="na">ssh::server_options</span><span class="pi">:</span> <span class="na">Protocol</span><span class="pi">:</span> <span class="s1">'</span><span class="s">2'</span> <span class="na">ListenAddress</span><span class="pi">:</span> <span class="pi">-</span> <span class="s1">'</span><span class="s">127.0.0.0'</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">%{::facts.networking.hostname}"</span> <span class="na">PasswordAuthentication</span><span class="pi">:</span> <span class="s1">'</span><span class="s">yes'</span> <span class="na">SyslogFacility</span><span class="pi">:</span> <span class="s1">'</span><span class="s">AUTHPRIV'</span> <span class="na">UsePAM</span><span class="pi">:</span> <span class="s1">'</span><span class="s">yes'</span> <span class="na">X11Forwarding</span><span class="pi">:</span> <span class="s1">'</span><span class="s">yes'</span> <span class="na">ssh::server::match_block</span><span class="pi">:</span> <span class="na">filetransfer</span><span class="pi">:</span> <span class="na">type</span><span class="pi">:</span> <span class="s1">'</span><span class="s">group'</span> <span class="na">options</span><span class="pi">:</span> <span class="na">ChrootDirectory</span><span class="pi">:</span> <span class="s1">'</span><span class="s">/home/sftp'</span> <span class="na">ForceCommand</span><span class="pi">:</span> <span class="s1">'</span><span class="s">internal-sftp'</span> <span class="c1"># Adding core resources</span> <span class="c1"># requires puppetlabs-stdlib : https://forge.puppet.com/modules/puppetlabs/stdlib/readme</span> <span class="na">stdlib::manage::create_resources</span><span class="pi">:</span> <span class="s1">'</span><span class="s">package'</span><span class="err">:</span> <span class="s1">'</span><span class="s">nano'</span><span class="err">:</span> <span class="na">ensure</span><span class="pi">:</span> <span class="s1">'</span><span class="s">absent'</span> <span class="err"> </span><span class="s1">'</span><span class="s">vim'</span><span class="err">:</span> <span class="na">ensure</span><span class="pi">:</span> <span class="s1">'</span><span class="s">present'</span> <span class="err"> </span><span class="s1">'</span><span class="s">user'</span><span class="err">:</span> <span class="s1">'</span><span class="s">monitoring'</span><span class="err">:</span> <span class="na">ensure</span><span class="pi">:</span> <span class="s1">'</span><span class="s">present'</span> <span class="na">uid</span><span class="pi">:</span> <span class="s1">'</span><span class="s">11225'</span> <span class="na">gid</span><span class="pi">:</span> <span class="s1">'</span><span class="s">11225'</span> <span class="na">password</span><span class="pi">:</span> <span class="s1">'</span><span class="s">!'</span> </code></pre> </div> <h3> Module Classes </h3> <div class="highlight js-code-highlight"> <pre class="highlight puppet"><code><span class="c"># @summary Installs and configures the application # @author betadots GmbH # @param parameter1 Parameter to set thing 1 # @param parameter2 Parameter to set thing 2 # @example # include application # or # class { 'application': # parameter1 =&gt; 'value, # } # </span><span class="k">class</span> <span class="nc">application</span> <span class="p">(</span> <span class="nc">Datatype</span> <span class="nv">$parameter1</span><span class="p">,</span> <span class="nc">Datatype</span> <span class="nv">$parameter2</span> <span class="o">=</span> <span class="s1">'default'</span><span class="p">,</span> <span class="p">)</span> <span class="p">{</span> <span class="n">contain</span> <span class="n">application::install</span> <span class="n">contain</span> <span class="n">application::config</span> <span class="n">contain</span> <span class="n">application::service</span> <span class="nc">Class</span><span class="p">[</span><span class="s1">'application::install'</span><span class="p">]</span> <span class="p">-&gt;</span> <span class="nc">Class</span><span class="p">[</span><span class="s1">'application::config'</span><span class="p">]</span> <span class="p">~&gt;</span> <span class="nc">Class</span><span class="p">[</span><span class="s1">'application::service'</span><span class="p">]</span> <span class="p">}</span> <span class="k">class</span> <span class="nc">application::install</span> <span class="p">{</span> <span class="nf">assert_private</span><span class="p">()</span> <span class="c"># Puppet DSL </span><span class="p">}</span> <span class="o">...</span> </code></pre> </div> <h3> Class Spec Tests </h3> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># spec/classes/application_spec.rb</span> <span class="n">describe</span> <span class="s1">'application'</span> <span class="k">do</span> <span class="n">on_supported_os</span><span class="p">.</span><span class="nf">each</span> <span class="k">do</span> <span class="o">|</span><span class="n">os</span><span class="p">,</span> <span class="n">os_facts</span><span class="o">|</span> <span class="n">context</span> <span class="s2">"on </span><span class="si">#{</span><span class="n">os</span><span class="si">}</span><span class="s2">"</span> <span class="k">do</span> <span class="n">let</span><span class="p">(</span><span class="ss">:facts</span><span class="p">)</span> <span class="p">{</span> <span class="n">os_facts</span> <span class="p">}</span> <span class="n">it</span> <span class="p">{</span> <span class="n">is_expected</span><span class="p">.</span><span class="nf">to</span> <span class="n">compile</span><span class="p">.</span><span class="nf">with_all_deps</span> <span class="p">}</span> <span class="n">it</span> <span class="p">{</span> <span class="n">is_expected</span><span class="p">.</span><span class="nf">to</span> <span class="n">contain_class</span><span class="p">(</span><span class="s1">'application::install'</span><span class="p">)}</span> <span class="k">end</span> <span class="k">end</span> <span class="k">end</span> <span class="c1"># spec/classes/application_install_spec.rb</span> <span class="n">describe</span> <span class="s1">'application::install'</span> <span class="k">do</span> <span class="n">on_supported_os</span><span class="p">.</span><span class="nf">each</span> <span class="k">do</span> <span class="o">|</span><span class="n">os</span><span class="p">,</span> <span class="n">os_facts</span><span class="o">|</span> <span class="n">context</span> <span class="s2">"on </span><span class="si">#{</span><span class="n">os</span><span class="si">}</span><span class="s2">"</span> <span class="k">do</span> <span class="n">let</span><span class="p">(</span><span class="ss">:facts</span><span class="p">)</span> <span class="p">{</span> <span class="n">os_facts</span> <span class="p">}</span> <span class="n">it</span> <span class="p">{</span> <span class="n">is_expected</span><span class="p">.</span><span class="nf">to</span> <span class="n">compile</span><span class="p">.</span><span class="nf">and_raise_error</span><span class="p">(</span><span class="sx">%{private}</span><span class="p">)</span> <span class="p">}</span> <span class="k">end</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <p>Happy puppetizing,<br><br> Martin</p> puppet bestpractice itautomation platformengineering Scaling Puppet Infrastructure Martin Alfke Mon, 05 Feb 2024 09:55:29 +0000 https://dev.to/betadots/scaling-puppet-infrastructure-3p2o https://dev.to/betadots/scaling-puppet-infrastructure-3p2o <p>In large environments with many nodes one must take care of Puppet server scaling.<br> When and if scaling is needed, depends on the number of nodes and on code complexity and size.<br> This article describes the different ways of tuning Puppet server infrastructure.</p> <p>Table of content:</p> <ol> <li> Puppet Server tuning <ol> <li>Performance tuning a single node</li> <li>Scaling horizontally</li> </ol> </li> <li>PuppetDB tuning</li> <li>Analyzing performance win</li> <li>Distributed Puppet agent runs</li> <li>Summary</li> </ol> <p>Scaling the hard way:</p> <ol> <li>Scaling beyond JRuby limits</li> <li>Multiple Puppet Server instances</li> </ol> <h2> Puppet Server tuning </h2> <h3> Performance tuning single node </h3> <p>We sometimes see the usage of horizontal scaling, even when there is no need to do it.<br> As scaling horizontally needs further infrastructure components like Load Balancer and Puppet Server Compilers, we usually first ask to do performance tuning on the single node instance.</p> <p>A properly configured and optimized single Puppet server should be able to handle <a href="https://www.puppet.com/docs/pe/2023.5/hardware_requirements#hardware_requirements_standard">up to 2500 nodes</a> - using default runinterval of 30 minutes.</p> <p>There are three different possibilities for tuning, which sometimes rely upon each other:</p> <h4> Java Version </h4> <p>Puppet server package has a dependency on java openjdk (headless).<br> On most Linux distributions this will install Java 1.8.</p> <p>Please ensure to upgrade to Java 17 and set the java alternative accordingly:</p> <p>e.g (on Almalinux 8)<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>alternatives <span class="nt">--set</span> java /usr/lib/jvm/java-17-openjdk-17.0.9.0.9-2.el8.x86_64/bin/java </code></pre> </div> <h4> Number of JRuby instances </h4> <p>With its default configuration a Puppet Server spins up 2 JRuby instances.<br> Each instance is able to handle a single Puppet Agent request.<br> When there are more requests, these get queued.</p> <p>Each JRuby instance needs 512 MB of Java Heap RAM.<br> Just to be sure: it is not possible to run more than 32 JRuby instances on a single node!</p> <p>Adopting the number of JRuby instances takes place in <code>/etc/puppetlabs/puppetserver/conf.d/puppetserver.conf</code> within the <code>jruby-puppet</code> section by setting the <code>max-active-instances</code> parameter:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>jruby-puppet: { ... max-active-instances: 8 # &lt;------- JRuby instances ... } </code></pre> </div> <p>Please note that increasing the number of JRuby instances causes the Java process to need more Java HEAP RAM.</p> <h4> Puppet Server Java Heap Size </h4> <p>The Java engine should have enough RAM to be able to spin up and maintain the JRuby instances.<br> If you forget to increase Java Heap size, you will see Java out-of-memory error messages in the Puppet server logfile.</p> <p>Increasing Java Heapsize takes place in <code>/etc/default/puppetserver</code> (Debian based) or <code>/etc/sysconfig/puppetserver</code> (RedHat based).</p> <p>The Java Heap size is provided as a Java argument:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># /etc/[sysconfig|default]/puppetserver JAVA_ARGS="-Xms18g -Xmx18g -Djruby.logger.class=com.puppetlabs.jruby_utils.jruby.Slf4jLogger </code></pre> </div> <p>In this example we have set the Java Heap size (upper and lower limit) to 18 GB RAM.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># Lower limit -Xms18g # Upper limit -Xmx18g </code></pre> </div> <p>It is considered best practice to set upper and lower limit to the same value, so Java reserves the RAM upon start up.</p> <p>Please note that the maximum possible value is limited by the amount of the system RAM.<br> If you increase the Java heap size beyond system RAM, you will find Kernel out-of-memory errors in the journal.</p> <p>Besides this one must be aware that Java switches memory handling when using more than 32 GB of heap, which reduce the amount of objects. Also see the <a href="https://www.codecentric.de/wissens-hub/blog/35gb-heap-less-32gb-java-jvm-memory-oddities">blog post from Codecentric</a> or <a href="https://confluence.atlassian.com/jirakb/do-not-use-heap-sizes-between-32-gb-and-47-gb-in-jira-compressed-oops-1167745277.html#:~:text=Java%20disables%20Compressed%20Oops%20for,can%20store%20in%20the%20heap.">Atlassian</a>.</p> <h4> Reserved Code Cache </h4> <p>When Puppet servers receive a request from a node the Puppet Code is loaded into code cache in memory.<br> The default value is set to 512 MB RAM.</p> <p>A larger Puppet code base or complex code might need a larger Code cache setting.<br> Code cache is configured as Java argument in <code>/etc/[sysconfig|default]/puppetserver</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># /etc/[sysconfig|default]/puppetserver JAVA_ARGS="-Xms18g -Xmx18g -XX:ReservedCodeCacheSize=1024m -Djruby.logger.class=com.puppetlabs.jruby_utils.jruby.Slf4jLogger </code></pre> </div> <p>In this example we have set the code cache size to 1024 MB RAM.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>-XX:ReservedCodeCacheSize=1024m </code></pre> </div> <p>Please note that the maximum possible value is at <code>2048m</code>.</p> <p>Please ensure that the Puppet server process was restarted after setting all the required configuration options.</p> <p>A short mathematical sizing rule of thumb:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Java Heap size (M) = ( No of JRuby instances * 512M ) + 512M Reserved Code Cache Size (M) = No of JRuby instances * 128M </code></pre> </div> <h2> Scaling horizontally </h2> <p>If a single Puppet server is not able to handle the amount of requests - e.g. in large infrastructures exceeding 2000 nodes - one has the option to set up additional compilers.</p> <p>Please note that each Puppet server infrastructure component should receive the performance tuning settings!</p> <h3> Infrastructure setup </h3> <p>A high performance Puppet infrastructure consists of the following components:</p> <ul> <li>CA Server</li> <li>Compiler(s)</li> <li>Load balancer</li> </ul> <p>A Puppet agent sends the request to the Load balancer.<br> The load balancer passes the request to a free compiler.</p> <p>From a Puppet agent point of view, the request is sent to the Load balancer and the response is received from the compiler.<br> This has a special meaning when it comes to SSL certificates and strict SSL validation.</p> <p>We will discuss this when we come to the compiler setup.</p> <h3> Puppet CA Server </h3> <p>The Puppet CA server is a standalone single instance, which is used to spin up and maintain additional Puppet compilers.<br> From CA server point of view a compiler is just a node.</p> <p>All new CSR's must be signed on the CA server.<br> When you want to scale your Puppet infrastructure the CA Server will be your existing Puppet server.</p> <p>When we want to sign the compilers certificates including dns_alt_names, we must configure the CA instance, to be able to do this by modifying the <code>/etc/puppetlabs/puppetserver/conf.d/ca.conf</code> file:</p> <p>We must allow subject alt names setting:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># /etc/puppetlabs/puppetserver/conf.d/ca.conf certificate-authority: { # allow CA to sign certificate requests that have subject alternative names. allow-subject-alt-names: true # &lt;----- enable SAN cert signing # allow CA to sign certificate requests that have authorization extensions. # allow-authorization-extensions: false # enable the separate CRL for Puppet infrastructure nodes # enable-infra-crl: false } </code></pre> </div> <p>Please ensure that the Puppet server process was restarted after doing all the required changes.</p> <h3> Adding compilers </h3> <p>Compilers should <strong>not</strong> act as CA Server!<br> The CA functionality is managed in <code>/etc/puppetlabs/puppetserver/services.d/ca.cfg</code></p> <p>Now we need to change the settings so that a compiler does not act as CA server, but pass all CA related requests to the CA server:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># To enable the CA service, leave the following line uncommented # puppetlabs.services.ca.certificate-authority-service/certificate-authority-service # To disable the CA service, comment out the above line and uncomment the line below puppetlabs.services.ca.certificate-authority-disabled-service/certificate-authority-disabled-service puppetlabs.trapperkeeper.services.watcher.filesystem-watch-service/filesystem-watch-service </code></pre> </div> <p>Please not that all compilers (and the CA server) should receive the Puppet code. In most environments we see that the compilers and the CA server have a NFS mount on which the code is deployed on the CA server and used on all compilers.</p> <p>The NFS share is beyond scope of this document.</p> <p>The Puppet agent will not connect to a compiler but to the load balancer.</p> <p>If we keep the default setup, the Puppet agent will refuse to connect to the load-balancer, if DNS ALT Names are missing in the compilers certificate.</p> <p>The compiler <strong>MUST</strong> have the Load balancer DNS name configured, prior generating the CSR.</p> <p>This can be achieved by adding the <code>dns_alt_names</code> configuration setting into <code>7etc/puppetlabs/puppet/puppet.conf</code> into the <code>agent</code> section.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>[agent] dns_alt_names = loadbalancer.domain.tld,compiler-fqdn.domain.tld </code></pre> </div> <h3> Adding load balancer </h3> <p>Each request to a Puppet Server starts a compilation process with different runtimes. One should <strong>not</strong> configure the roundrobin distribution algorithm on the load balancer.</p> <p>Instead we want to distribute the connections to the Puppet compiler with the least work to do - which means the one with the least connections. In HAproxy this setting is called <code>leastconn</code>.</p> <p>Besides this you do not want to rely on Layer 3 IP connection, but on Layer 7 functionality. Within HAproxy one should add the <code>SSL</code> directive to each backend.</p> <h2> PuppetDB tuning </h2> <p>In most environments PuppetDB is used to store facts, reports, catalogs and exported resources.<br> The more nodes you have in your infrastructure, the higher the load and the memory requirement on the PuppetDB process.</p> <h3> Tuning PuppetDB </h3> <p>PuppetDB is a HTTP(S) Rest API in front of a PostgreSQL database.<br> One can say that PuppetDB also is a kind of web service.</p> <h4> Java Heap size </h4> <p>The most important setting is Java heap size.<br> Per default a PuppetDB is configured to use 512MB Heap size.</p> <p>Configuration takes place in <code>/etc/sysconfig/puppetdb</code> (RedHat/SLES) or <code>7etc/default/puppetdb</code> (Debian).</p> <p>The Java Heap size is provided as a Java argument:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># /etc/[sysconfig|default]/puppetdb JAVA_ARGS="-Xms1g -Xmx1g ... </code></pre> </div> <p>In this example we have set the Java Heap size (upper and lower limit) to 1 GB RAM.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># Lower limit -Xms1g # Upper limit -Xmx1g </code></pre> </div> <p>It is considered best practice to set upper and lower limit to the same value, so Java reserves the RAM upon start up.</p> <p>We usually receive good results with 1GB or 2GB heap site (depending on the number of nodes)</p> <h4> Database connection pool </h4> <p>Within the PuppetDB configuration file, which is located at <code>/etc/puppetlabs/puppetdb/conf.d/database.conf</code>, one can set the maximum numbers of idle and active PostgreSQL connections within the <code>database</code> section:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>maximum-pool-size = 25 # default </code></pre> </div> <p>Please note that PuppetDB uses two connection pools:</p> <ul> <li>read pool</li> <li>write pool</li> </ul> <p>The read pool can be set individually by setting <code>maximum-pool-size</code> in the <code>read-database</code> section. The default value is <code>10</code>.</p> <p>The <code>maximum-pool-size</code> should be set to the sum of both.</p> <p>Please check your PostgreSQL configuration (especially the max connection setting) prior increasing the connection pool.</p> <h4> Block facts </h4> <p>Another possibility is to lower the number of facts stored.</p> <p>This can be achieved by setting <code>facts-blocklist</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>facts-blocklist = ["fact1", "fact2", "fact3"] </code></pre> </div> <h4> Command processing threads </h4> <p>Besides this PuppetDB lets you configure the number of threads by setting <code>threads</code> within the <code>command-processing</code> section in <code>/etc/puppetlabs/puppetdb/conf.d/config.ini</code>.<br> As default PuppetDB will use half the number of cores of the system.</p> <h4> Web server threads </h4> <p>Last but least one can set the <code>max-threads</code> in <code>/etc/puppetlabs/puppetdb/conf.d/jetty.ini</code>.<br> This specifies the number if parallel possible HTTP and HTTPS connections.</p> <h3> Scaling PuppetDB </h3> <p>In former times, it was best practice to have a single PuppetDB instance on the Puppet Server.<br> If you have the need for scaling Puppet Servers, one should consider having PuppetDB on each Puppet infrastructure node, which connect to a centralized PostgreSQL database.</p> <h2> Analyzing performance win </h2> <p>Every time one does performance tuning, one also wants to get proof that the new setting has improved performance.<br> The most simple check is by getting the compile times from puppetserver logfile.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">awk</span> <span class="s1">'/Compiled catalog/ {print $12" "$14}'</span> /var/log/puppetlabs/puppetserver/puppetserver.log production 0.07 production 0.05 production 0.05 production 0.04 production 0.04 production 0.03 production 0.03 </code></pre> </div> <p>You can also get highest and lowest compile time<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">awk</span> <span class="s1">'/Compiled catalog/ {print $12" "$14}'</span> /var/log/puppetlabs/puppetserver/puppetserver.log | <span class="nb">sort</span> | <span class="nb">awk</span> <span class="s1">'NR==1; END{print}'</span> production 0.03 production 0.07 </code></pre> </div> <p>If you need an average compile time the following command will be helpful<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">awk</span> <span class="s1">'/Compiled catalog/ {print $12" "$14}'</span> /var/log/puppetlabs/puppetserver/puppetserver.log | <span class="nb">sort</span> | <span class="nb">awk</span> <span class="s1">'{total += $2; count++ } END { print total/count }'</span> 0.0442857 </code></pre> </div> <p>Another option is provided by the <a href="https://forge.puppet.com/modules/puppetlabs/puppet_operational_dashboards/readme">Puppet Operational Dashboards</a>.</p> <p>This will setup a Grafana frontend which reads data from an InfluxDB, which gets its content from a Telegraf agent which connects via HTTPS to the Puppet server metrics endpoints.</p> <p>In Puppet Enterprise the PostgreSQL database also uses SSL certificates, which also allows fetching PostgreSQL metrics.<br> When running Puppet Open Source, one needs to add an additional telegraf configuration to query the PostgreSQL database using a user and password and push the data into InfluxDB.</p> <h2> Distributed Puppet agent runs </h2> <p>Within the introduction we mentioned that a single server can handle up to 2500 nodes.<br> This number of nodes requires that Puppet agent runs must be evenly distributed over time.</p> <p>The default way for a Puppet agent is running as a daemon, which will schedule a Puppet agent run upon start and triggers the next runs every 30 minutes (<code>runinterval</code> config option).</p> <p>Due to the reason that systems might be starting in parallel one will still see overloaded Puppet server infrastructure.<br> As a result one will recognize that the Puppet agent run takes very long time. If the Agent did not receive a reply from Puppet server within 5 minutes (<code>http_read_timeout</code> config option), it will stop the actual request and repeat again in 30 minutes.</p> <p>The config options can be modified in <code>puppet.conf</code> config file in section <code>agent</code>.</p> <p>Please reconsider if Puppet should run every 30 minutes.<br> In some infrastructure Puppet is running in <code>noop</code> mode as changes may only be deployed during maintenance window.<br> In this case one still wants the node to regular check its configuration, but maybe 4 times a day only, so people can identify within the reporting that the systems are still in desired state.<br> Doubling the <code>runinterval</code> option reduces the load on the Puppet server to its half, so the Puppet server can handle double number of nodes.</p> <p>But one still will see huge and many load spikes on the Puppet server.<br> It still can happen that to many nodes try to request for their configuration in parallel.</p> <p>We usually recommend to customers to run the agent via cron.<br> One run will be done at reboot and the other runs will take place as recurring cron entries.<br> To distribute the agent runs over time one can make use of the <code>fqdnrand</code> function inside Puppet. This function generates a unique number for a hostame or FQDN.</p> <p>One can use the <a href="https://forge.puppet.com/modules/reidmv/puppet_run_scheduler/readme">reidmv puppet_run_scheduler module</a> to configure Puppet accordingly.</p> <p>Please note that within Puppet Enterprise environments the Puppet agent on the Puppet servers <strong>must</strong> be running as agent daemon service!</p> <h2> Summary </h2> <p>Tuning and scaling a Puppet server is very simple, as it is a single Java process and a web service only.</p> <p>Tuning is mostly related to the Java process and memory handling and is usually limited by the amount of RAM and numbers of CPUs being available.</p> <p>Scaling can be achieved by using simple, already established solutions to distribute web traffic amongst several servers.</p> <p>Distributing the Puppet agent runs ensures evenly used Puppet servers which allows more nodes to get managed.</p> <h2> Scaling beyond JRuby limits </h2> <p>We already mentioned that you can not spin up more than 32 JRuby instances.</p> <p>We tried it. Be sure. It is not working at all.</p> <p>But what to do if you have high end (e.g. HPC) hardware?</p> <ul> <li>72 cores</li> <li>248 GB RAM</li> </ul> <p>Usually you want to slice the big hardware e.g using KVM or Docker and run multiple VMs or <a href="https://dev.to/betadots/puppet-containers-are-back-alive-5c2n">Puppet server containers</a> for example by using <a href="https://github.com/voxpupuli/crafty">Voxpupuli CRAFTY</a>.</p> <p>Normally we see such a hardware only within virtualization or container based environments or within a HPC platform.</p> <p>In our specific use case the usage of KVM, Docker, Podman or Kubernetes was not possible. Don't ask.</p> <p>We talked about this in the <a href="https://puppetcommunity.slack.com/archives/C0W298S9G/p1697392478214749">Puppet community Slack channel</a> and people told us that the only option is to spin up multiple Puppet server instances by "some specific symlinking and copying of config files".</p> <p>Just to be sure: this is not something you can configure out-of-the-box, but needs lots of changes also to Puppet internal scripts.</p> <h2> Multiple Puppet Server instances </h2> <p>You want it the hard way. Here we go..</p> <p>Please note that this is just first findings, not automated and of course unsupported!</p> <p>Requirements:</p> <ul> <li>big hardware</li> <li>multiple IP addresses on the node <ul> <li>one for the main Puppet CA server</li> <li>one for the HAproxy loadbalancer</li> <li>and one for each compiler</li> </ul> </li> <li>DNS configured for each IP</li> <li>Puppet CA server configured and running</li> </ul> <p>Assumptions:</p> <ul> <li>the main installation is used for the Puppet CA server</li> <li>compilers will use copy of this installation</li> <li>main CA server FQDN: puppetserver.domain.tld</li> <li>compiler FQDN: puppetcompiler1.domain.tld</li> <li>load balancer FQDN: puppetbalancer.domain.tld</li> </ul> <p>First we need to stop the running Puppet Server, then we can copy several directories and make modifications to configuration files and scripts.<br> Afterwards we can start the Puppet server processes and then we can install and configure HAproxy.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>systemctl stop puppetserver </code></pre> </div> <h3> Files and directories needed </h3> <p>Each Puppet server instance needs several files and directories copied from the main installation:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Service config</span> <span class="nb">cp</span> <span class="nt">-pr</span> /etc/sysconfig/puppetserver /etc/sysconfig/puppetservercompiler1 <span class="c"># Puppet agent config</span> <span class="nb">cp</span> <span class="nt">-pr</span> /etc/puppetlabs/puppet /etc/puppetlabs/puppetcompiler1 <span class="c"># Puppet server config</span> <span class="nb">cp</span> <span class="nt">-pr</span> /etc/puppetlabs/puppetserver /etc/puppetlabs/puppetservercompiler1 <span class="c"># Puppet server application</span> <span class="nb">cp</span> <span class="nt">-pr</span> /opt/puppetlabs/server /opt/puppetlabs/servercompiler1 <span class="c"># Puppet server logging</span> <span class="nb">cp</span> <span class="nt">-pr</span> /var/log/puppetlabs/puppetserver /var/log/puppetlabs/puppetservercompiler1 <span class="c"># Puppet server service</span> <span class="nb">cp</span> <span class="nt">-pr</span> /usr/lib/systemd/system/puppetserver.service /usr/lib/systemd/system/puppetservercompiler1.service </code></pre> </div> <h3> Config files </h3> <h4> /etc/puppetlabs/puppet/puppet.conf </h4> <p>The main Puppet configuration from the main Puppet CA Server should only receive an entry for the server:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>puppet config <span class="nb">set</span> <span class="nt">--section</span> main server puppetserver.domain.tld </code></pre> </div> <h4> /etc/sysconfig/puppetservercompiler1 </h4> <p>Change the paths:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>... INSTALL_DIR="/opt/puppetlabs/servercompiler1/apps/puppetserver" CONFIG="/etc/puppetlabs/puppetservercompiler1/conf.d" # Bootstrap path BOOTSTRAP_CONFIG="/etc/puppetlabs/puppetservercompiler1/services.d/,/opt/puppetlabs/servercompiler1/apps/puppetserver/config/services.d/" ... </code></pre> </div> <h4> /etc/puppetlabs/puppetservercompiler1/services.d/ca.cfg </h4> <p>Disable CA<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># To enable the CA service, leave the following line uncommented #puppetlabs.services.ca.certificate-authority-service/certificate-authority-service # To disable the CA service, comment out the above line and uncomment the line below puppetlabs.services.ca.certificate-authority-disabled-service/certificate-authority-disabled-service puppetlabs.trapperkeeper.services.watcher.filesystem-watch-service/filesystem-watch-service </code></pre> </div> <h4> /etc/puppetlabs/puppetservercompiler1/conf.d/global.conf </h4> <p>Adopt path<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>global: { # Path to logback logging configuration file; for more # info, see http://logback.qos.ch/manual/configuration.html logging-config: /etc/puppetlabs/puppetservercompiler1/logback.xml } </code></pre> </div> <h4> /etc/puppetlabs/puppetservercompiler1/conf.d/metrics.conf </h4> <p>Adopt the server id<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>metrics: { # a server id that will be used as part of the namespace for metrics produced # by this server server-id: puppetservercompiler1 registries: { ... </code></pre> </div> <h4> /etc/puppetlabs/puppetservercompiler1/conf.d/puppetserver.conf </h4> <p>Adopt paths<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>jruby-puppet: { ruby-load-path: [/opt/puppetlabs/puppet/lib/ruby/vendor_ruby] # Adopt path gem-home: /opt/puppetlabs/servercompiler1/data/puppetserver/jruby-gems # Adopt paths gem-path: [${jruby-puppet.gem-home}, "/opt/puppetlabs/servercompiler1/data/puppetserver/vendored-jruby-gems", "/opt/puppetlabs/puppet/lib/ruby/vendor_gems"] # Adopt path server-conf-dir: /etc/puppetlabs/puppetcompiler1 server-code-dir: /etc/puppetlabs/code # Adopt path server-var-dir: /opt/puppetlabs/servercompiler1/data/puppetserver # Adopt path server-run-dir: /var/run/puppetlabs/puppetservercompiler1 # Adopt path server-log-dir: /var/log/puppetlabs/puppetservercompiler1 ... } ... </code></pre> </div> <h4> /etc/puppetlabs/puppetservercompiler1/conf.d/webserver.conf </h4> <p>Adopt Path and IP and/or Port<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>webserver: { access-log-config: /etc/puppetlabs/puppetservercompiler1/request-logging.xml client-auth: want ssl-host: 10.110.10.102 # &lt;---- add compiler1 IP and/or ssl-port: 8141 # &lt;---- use another port } </code></pre> </div> <h4> /etc/puppetlabs/puppetservercompiler1/logback.xml </h4> <p>Adopt paths<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight xml"><code><span class="nt">&lt;configuration</span> <span class="na">scan=</span><span class="s">"true"</span> <span class="na">scanPeriod=</span><span class="s">"60 seconds"</span><span class="nt">&gt;</span> <span class="nt">&lt;appender</span> <span class="na">name=</span><span class="s">"STDOUT"</span> <span class="na">class=</span><span class="s">"ch.qos.logback.core.ConsoleAppender"</span><span class="nt">&gt;</span> <span class="nt">&lt;encoder&gt;</span> <span class="nt">&lt;pattern&gt;</span>%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX} %-5p [%t] [%c{2}] %m%n<span class="nt">&lt;/pattern&gt;</span> <span class="nt">&lt;/encoder&gt;</span> <span class="nt">&lt;/appender&gt;</span> <span class="nt">&lt;appender</span> <span class="na">name=</span><span class="s">"F1"</span> <span class="na">class=</span><span class="s">"ch.qos.logback.core.rolling.RollingFileAppender"</span><span class="nt">&gt;</span> <span class="c">&lt;!-- TODO: this path should not be hard-coded --&gt;</span> <span class="nt">&lt;file&gt;</span>/var/log/puppetlabs/puppetservercompiler1/puppetserver.log<span class="nt">&lt;/file&gt;</span> <span class="nt">&lt;append&gt;</span>true<span class="nt">&lt;/append&gt;</span> <span class="nt">&lt;rollingPolicy</span> <span class="na">class=</span><span class="s">"ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"</span><span class="nt">&gt;</span> <span class="c">&lt;!-- rollover daily --&gt;</span> <span class="nt">&lt;fileNamePattern&gt;</span>/var/log/puppetlabs/puppetservercompiler1/puppetserver-%d{yyyy-MM-dd}.%i.log.gz<span class="nt">&lt;/fileNamePattern&gt;</span> <span class="c">&lt;!-- each file should be at most 200MB, keep 90 days worth of history, but at most 1GB total--&gt;</span> <span class="nt">&lt;maxFileSize&gt;</span>200MB<span class="nt">&lt;/maxFileSize&gt;</span> <span class="nt">&lt;maxHistory&gt;</span>90<span class="nt">&lt;/maxHistory&gt;</span> <span class="nt">&lt;totalSizeCap&gt;</span>1GB<span class="nt">&lt;/totalSizeCap&gt;</span> <span class="nt">&lt;/rollingPolicy&gt;</span> <span class="nt">&lt;encoder&gt;</span> <span class="nt">&lt;pattern&gt;</span>%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX} %-5p [%t] [%c{2}] %m%n<span class="nt">&lt;/pattern&gt;</span> <span class="nt">&lt;/encoder&gt;</span> <span class="nt">&lt;/appender&gt;</span> <span class="nt">&lt;appender</span> <span class="na">name=</span><span class="s">"STATUS"</span> <span class="na">class=</span><span class="s">"ch.qos.logback.core.rolling.RollingFileAppender"</span><span class="nt">&gt;</span> <span class="nt">&lt;file&gt;</span>/var/log/puppetlabs/puppetservercompiler1/puppetserver-status.log<span class="nt">&lt;/file&gt;</span> <span class="nt">&lt;append&gt;</span>true<span class="nt">&lt;/append&gt;</span> <span class="nt">&lt;rollingPolicy</span> <span class="na">class=</span><span class="s">"ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"</span><span class="nt">&gt;</span> <span class="c">&lt;!-- rollover daily --&gt;</span> <span class="nt">&lt;fileNamePattern&gt;</span>/var/log/puppetlabs/puppetservercompiler1/puppetserver-status-%d{yyyy-MM-dd}.%i.log.gz<span class="nt">&lt;/fileNamePattern&gt;</span> <span class="c">&lt;!-- each file should be at most 200MB, keep 90 days worth of history, but at most 1GB total--&gt;</span> <span class="nt">&lt;maxFileSize&gt;</span>200MB<span class="nt">&lt;/maxFileSize&gt;</span> <span class="nt">&lt;maxHistory&gt;</span>90<span class="nt">&lt;/maxHistory&gt;</span> <span class="nt">&lt;totalSizeCap&gt;</span>1GB<span class="nt">&lt;/totalSizeCap&gt;</span> <span class="nt">&lt;/rollingPolicy&gt;</span> <span class="nt">&lt;encoder&gt;</span> <span class="c">&lt;!-- note that this will only log the JSON message (%m) and a newline (%n)--&gt;</span> <span class="nt">&lt;pattern&gt;</span>%m%n<span class="nt">&lt;/pattern&gt;</span> <span class="nt">&lt;/encoder&gt;</span> <span class="nt">&lt;/appender&gt;</span> <span class="c">&lt;!-- without additivity="false", the status log messages will be sent to every other appender as well--&gt;</span> <span class="nt">&lt;logger</span> <span class="na">name=</span><span class="s">"puppetlabs.trapperkeeper.services.status.status-debug-logging"</span> <span class="na">level=</span><span class="s">"debug"</span> <span class="na">additivity=</span><span class="s">"false"</span><span class="nt">&gt;</span> <span class="nt">&lt;appender-ref</span> <span class="na">ref=</span><span class="s">"STATUS"</span><span class="nt">/&gt;</span> <span class="nt">&lt;/logger&gt;</span> <span class="nt">&lt;logger</span> <span class="na">name=</span><span class="s">"org.eclipse.jetty"</span> <span class="na">level=</span><span class="s">"INFO"</span><span class="nt">/&gt;</span> <span class="nt">&lt;logger</span> <span class="na">name=</span><span class="s">"org.apache.http"</span> <span class="na">level=</span><span class="s">"INFO"</span><span class="nt">/&gt;</span> <span class="nt">&lt;logger</span> <span class="na">name=</span><span class="s">"jruby"</span> <span class="na">level=</span><span class="s">"info"</span><span class="nt">/&gt;</span> <span class="nt">&lt;root</span> <span class="na">level=</span><span class="s">"info"</span><span class="nt">&gt;</span> <span class="c">&lt;!--&lt;appender-ref ref="STDOUT"/&gt;--&gt;</span> <span class="c">&lt;!-- ${logappender} logs to console when running the foreground command --&gt;</span> <span class="nt">&lt;appender-ref</span> <span class="na">ref=</span><span class="s">"${logappender}"</span><span class="nt">/&gt;</span> <span class="nt">&lt;appender-ref</span> <span class="na">ref=</span><span class="s">"F1"</span><span class="nt">/&gt;</span> <span class="nt">&lt;/root&gt;</span> <span class="nt">&lt;/configuration&gt;</span> </code></pre> </div> <h4> /usr/lib/systemd/system/puppetservercompiler1.service </h4> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># # Local settings can be configured without being overwritten by package upgrades, for example # if you want to increase puppetserver open-files-limit to 10000, # you need to increase systemd's LimitNOFILE setting, so create a file named # "/etc/systemd/system/puppetservercompiler1.service.d/limits.conf" containing: # [Service] # LimitNOFILE=10000 # You can confirm it worked by running systemctl daemon-reload # then running systemctl show puppetserver | grep LimitNOFILE # [Unit] Description=puppetserver compiler1 Service After=syslog.target network.target nss-lookup.target [Service] Type=forking EnvironmentFile=/etc/sysconfig/puppetservercompiler1 User=puppet TimeoutStartSec=300 TimeoutStopSec=60 Restart=on-failure StartLimitBurst=5 PIDFile=/run/puppetlabs/puppetservercompiler1/puppetserver.pid # https://tickets.puppetlabs.com/browse/EZ-129 # Prior to systemd v228, TasksMax was unset by default, and unlimited. Starting in 228 a default of '512' # was implemented. This is low enough to cause problems for certain applications. In systemd 231, the # default was changed to be 15% of the default kernel limit. This explicitly sets TasksMax to 4915, # which should match the default in systemd 231 and later. # See https://github.com/systemd/systemd/issues/3211#issuecomment-233676333 TasksMax=4915 #set default privileges to -rw-r----- UMask=027 ExecReload=/opt/puppetlabs/servercompiler1/apps/puppetserver/bin/puppetserver reload ExecStart=/opt/puppetlabs/servercompiler1/apps/puppetserver/bin/puppetserver start ExecStop=/opt/puppetlabs/servercompiler1/apps/puppetserver/bin/puppetserver stop KillMode=process SuccessExitStatus=143 StandardOutput=syslog [Install] WantedBy=multi-user.target </code></pre> </div> <h3> Scripts to adopt </h3> <p>Unluckily several scripts must be modified, too.</p> <p>Mostly due to hardcoded paths.</p> <h4> /opt/puppetlabs/servercompiler1/apps/puppetserver/bin/puppetserver </h4> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c">#!/bin/bash</span> <span class="c">#set default privileges to -rw-r-----</span> <span class="nb">umask </span>027 <span class="nb">set</span> <span class="nt">-a</span> <span class="k">if</span> <span class="o">[</span> <span class="nt">-r</span> <span class="s2">"/etc/default/puppetservercompiler1"</span> <span class="o">]</span> <span class="p">;</span> <span class="k">then</span> <span class="nb">.</span> /etc/default/puppetservercompiler1 <span class="k">elif</span> <span class="o">[</span> <span class="nt">-r</span> <span class="s2">"/etc/sysconfig/puppetservercompiler1"</span> <span class="o">]</span> <span class="p">;</span> <span class="k">then</span> <span class="nb">.</span> /etc/sysconfig/puppetservercompiler1 <span class="k">elif</span> <span class="o">[</span> <span class="sb">`</span><span class="nb">uname</span><span class="sb">`</span> <span class="o">==</span> <span class="s2">"OpenBSD"</span> <span class="o">]</span> <span class="p">;</span> <span class="k">then </span><span class="nv">JAVA_BIN</span><span class="o">=</span><span class="si">$(</span>javaPathHelper <span class="nt">-c</span> puppetserver<span class="si">)</span> <span class="nv">JAVA_ARGS</span><span class="o">=</span><span class="s2">"-Xms2g -Xmx2g -Djruby.logger.class=com.puppetlabs.jruby_utils.jruby.Slf4jLogger"</span> <span class="nv">TK_ARGS</span><span class="o">=</span><span class="s2">""</span> <span class="nv">USER</span><span class="o">=</span><span class="s2">"_puppet"</span> <span class="nv">INSTALL_DIR</span><span class="o">=</span><span class="s2">"/opt/puppetlabs/servercompiler1/apps/puppetserver"</span> <span class="nv">CONFIG</span><span class="o">=</span><span class="s2">"/etc/puppetlabs/puppetservercompiler1/conf.d"</span> <span class="k">else </span><span class="nb">echo</span> <span class="s2">"You seem to be missing some important configuration files; could not find /etc/default/puppetservercompiler1 or /etc/sysconfig/puppetservercompiler1"</span> <span class="o">&gt;</span>&amp;2 <span class="nb">exit </span>1 <span class="k">fi</span> ... </code></pre> </div> <h4> /opt/puppetlabs/servercompiler1/apps/puppetserver/cli/apps/foreground </h4> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c">#!/usr/bin/env bash</span> <span class="nv">restartfile</span><span class="o">=</span><span class="s2">"/opt/puppetlabs/servercompiler1/data/puppetserver/restartcounter"</span> <span class="nv">cli_defaults</span><span class="o">=</span><span class="k">${</span><span class="nv">INSTALL_DIR</span><span class="k">}</span>/cli/cli-defaults.sh ... </code></pre> </div> <h4> /opt/puppetlabs/servercompiler1/apps/puppetserver/cli/apps/reload </h4> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c">#!/usr/bin/env bash</span> <span class="nb">set</span> +e <span class="nv">restartfile</span><span class="o">=</span><span class="s2">"/opt/puppetlabs/servercompiler1/data/puppetserver/restartcounter"</span> <span class="nv">reload_timeout</span><span class="o">=</span><span class="s2">"</span><span class="k">${</span><span class="nv">RELOAD_TIMEOUT</span><span class="k">:-</span><span class="nv">120</span><span class="k">}</span><span class="s2">"</span> <span class="nb">timeout</span><span class="o">=</span><span class="s2">"</span><span class="nv">$reload_timeout</span><span class="s2">"</span> <span class="nv">realname</span><span class="o">=</span><span class="s2">"puppetservercompiler1"</span> ... <span class="nv">initial</span><span class="o">=</span><span class="s2">"</span><span class="si">$(</span><span class="nb">head</span> <span class="nt">-n</span> 1 <span class="s2">"</span><span class="nv">$restartfile</span><span class="s2">"</span><span class="si">)</span><span class="s2">"</span> <span class="nv">pid</span><span class="o">=</span><span class="s2">"</span><span class="si">$(</span>pgrep <span class="nt">-f</span> <span class="s2">"puppet-server-release.jar.* -m puppetlabs.trapperkeeper.main --config /etc/puppetlabs/puppetservercompiler1/conf.d"</span><span class="si">)</span><span class="s2">"</span> <span class="nb">kill</span> <span class="nt">-HUP</span> <span class="nv">$pid</span> <span class="o">&gt;</span>/dev/null 2&gt;&amp;1 ... </code></pre> </div> <h4> /opt/puppetlabs/servercompiler1/apps/puppetserver/cli/apps/start </h4> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c">#!/usr/bin/env bash</span> <span class="nb">set</span> +e <span class="nb">env </span><span class="nv">pid</span><span class="o">=</span><span class="s2">"</span><span class="si">$(</span>pgrep <span class="nt">-f</span> <span class="s2">"puppet-server-release.jar.* -m puppetlabs.trapperkeeper.main --config /etc/puppetlabs/puppetservercompiler1/conf.d"</span><span class="si">)</span><span class="s2">"</span> <span class="nv">restartfile</span><span class="o">=</span><span class="s2">"/opt/puppetlabs/servercompiler1/data/puppetserver/restartcounter"</span> <span class="nv">start_timeout</span><span class="o">=</span><span class="s2">"</span><span class="k">${</span><span class="nv">START_TIMEOUT</span><span class="k">:-</span><span class="nv">300</span><span class="k">}</span><span class="s2">"</span> <span class="nv">real_name</span><span class="o">=</span><span class="s2">"puppetservercompiler1"</span> ... </code></pre> </div> <h4> /opt/puppetlabs/servercompiler1/apps/puppetserver/cli/apps/stop </h4> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c">#!/usr/bin/env bash</span> <span class="nb">set</span> +e <span class="nv">pid</span><span class="o">=</span><span class="s2">"</span><span class="si">$(</span>pgrep <span class="nt">-f</span> <span class="s2">"puppet-server-release.jar.* -m puppetlabs.trapperkeeper.main --config /etc/puppetlabs/puppetservercompiler1/conf.d"</span><span class="si">)</span><span class="s2">"</span> <span class="nv">realname</span><span class="o">=</span><span class="s2">"puppetservercompiler1"</span> ... </code></pre> </div> <h4> /opt/puppetlabs/servercompiler1/apps/puppetserver/cli/cli-defaults.sh </h4> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">INSTALL_DIR</span><span class="o">=</span><span class="s2">"/opt/puppetlabs/servercompiler1/apps/puppetserver"</span> <span class="k">if</span> <span class="o">[</span> <span class="nt">-n</span> <span class="s2">"</span><span class="nv">$JRUBY_JAR</span><span class="s2">"</span> <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"Warning: the JRUBY_JAR setting is no longer needed and will be ignored."</span> 1&gt;&amp;2 <span class="k">fi </span><span class="nv">CLASSPATH</span><span class="o">=</span><span class="s2">"</span><span class="k">${</span><span class="nv">CLASSPATH</span><span class="k">}</span><span class="s2">:/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/facter.jar:/opt/puppetlabs/servercompiler1/data/puppetserver/jars/*"</span> </code></pre> </div> <h3> Adoptions to scripts from main installation </h3> <p>As we now have changed the way on how to determine the correct pid, we must also do this adoption at the main puppet server cli commands.</p> <h4> /opt/puppetlabs/server/apps/puppetserver/cli/apps/reload </h4> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>... <span class="nv">pid</span><span class="o">=</span><span class="s2">"</span><span class="si">$(</span>pgrep <span class="nt">-f</span> <span class="s2">"puppet-server-release.jar.* -m puppetlabs.trapperkeeper.main --config /etc/puppetlabs/puppetserver/conf.d"</span><span class="si">)</span><span class="s2">"</span> ... </code></pre> </div> <h4> /opt/puppetlabs/server/apps/puppetserver/cli/apps/start </h4> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>... <span class="nv">pid</span><span class="o">=</span><span class="s2">"</span><span class="si">$(</span>pgrep <span class="nt">-f</span> <span class="s2">"puppet-server-release.jar.* -m puppetlabs.trapperkeeper.main --config /etc/puppetlabs/puppetserver/conf.d"</span><span class="si">)</span><span class="s2">"</span> ... </code></pre> </div> <h4> /opt/puppetlabs/server/apps/puppetserver/cli/apps/stop </h4> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>... <span class="nv">pid</span><span class="o">=</span><span class="s2">"</span><span class="si">$(</span>pgrep <span class="nt">-f</span> <span class="s2">"puppet-server-release.jar.* -m puppetlabs.trapperkeeper.main --config /etc/puppetlabs/puppetserver/conf.d"</span><span class="si">)</span><span class="s2">"</span> ... </code></pre> </div> <h3> Start the stack </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>systemctl start puppetserver systemctl start puppetservercompiler1 </code></pre> </div> <p>Happy hacking and success on performance tuning your Puppet server infrastructure.</p> <p>Martin Alfke<br> <a href="mailto:ma@betadots.de">ma@betadots.de</a></p> puppet scaling tuning itautomation HDM Foreman integration Martin Alfke Thu, 25 Jan 2024 08:55:17 +0000 https://dev.to/betadots/hdm-foreman-integration-3ge4 https://dev.to/betadots/hdm-foreman-integration-3ge4 <p>Analyzing Hiera Data can be very difficult.<br> <a href="https://github.com/betadots/hdm" rel="noopener noreferrer">HDM - Hiera Data manager</a> is a web UI, which let's you analyze Hiera Data in a user-friendly way.</p> <p>We now have built and released the HDM Foreman integration, which consists of two packages:</p> <ul> <li> <a href="https://github.com/betadots/smart_proxy_hdm" rel="noopener noreferrer">Foreman HDM Smart Proxy plugin</a>: smart_proxy_hdm</li> <li> <a href="https://github.com/betadots/foreman_hdm/" rel="noopener noreferrer">Foreman HDM plugin</a>: foreman_hdm</li> </ul> <h2> HDM Foreman Smart Proxy </h2> <p>Foreman needs to read data from HDM. HDM offers an API endpoint to allow remote systems to query for data and structure.<br> The <a href="https://github.com/betadots/smart_proxy_hdm" rel="noopener noreferrer">Foreman HDM Smart Proxy plugin</a> needs to know where it can find the HDM API endpoint and how to authorize.</p> <h2> HDM Foreman Plugin </h2> <p>The <a href="https://github.com/betadots/foreman_hdm/" rel="noopener noreferrer">Foreman HDM plugin</a> is an extension to the node view and adds a new tab which shows node hiera data.<br> Node data are fetched via HDM Smart Proxy from HDM API endpoint.</p> <h2> Requirements </h2> <p>First you need a <a href="https://github.com/betadots/hdm" rel="noopener noreferrer">HDM - Hiera Data manager</a> installation. The installation can take place on an individual node or a Puppet Server.<br> HDM needs access to</p> <ul> <li>PuppetDB to read environments, nodes and facts</li> <li>Puppet Code to read hiera config file and hiera data</li> </ul> <p>Besides this HDM requires to <strong>only</strong> make use of facts and trusted variables in hiera.yaml file.<br> Any variable which gets set during catalog compilation can not be evaluated by HDM and HDM will display these hierarchies as unresolvable.</p> <p>The HDM Foreman integration needs at least Foreman 3.6 or newer. We don't build packages for older versions.<br> Older versions must use HDM integration from ruybgems.org.</p> <h2> Installation </h2> <p>You must install the packages from the Foreman Plugins repository and initialize the database:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>dnf <span class="nb">install</span> <span class="nt">-y</span> rubygem-foreman_hdm rubygem-smart_proxy_hdm foreman-rake db:migrate </code></pre> </div> <p>Next you need to configure the HDM Smart Proxy:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># /etc/foreman-proxy/settings.d/hdm.yml</span> <span class="c1"># HDM Smart Proxy</span> <span class="na">:enabled</span><span class="pi">:</span> <span class="s">https</span> <span class="na">:hdm_url</span><span class="pi">:</span> <span class="s1">'</span><span class="s">http://&lt;HDM</span><span class="nv"> </span><span class="s">IP&gt;:&lt;HDM</span><span class="nv"> </span><span class="s">Port&gt;'</span> <span class="na">:hdm_user</span><span class="pi">:</span> <span class="s1">'</span><span class="s">&lt;HDM</span><span class="nv"> </span><span class="s">API</span><span class="nv"> </span><span class="s">User</span><span class="nv"> </span><span class="s">Email&gt;'</span> <span class="na">:hdm_password</span><span class="pi">:</span> <span class="s1">'</span><span class="s">&lt;HDM</span><span class="nv"> </span><span class="s">API</span><span class="nv"> </span><span class="s">User</span><span class="nv"> </span><span class="s">Password&gt;'</span> </code></pre> </div> <p>HDM User and Password must be taken from an HDM API user!<br> You can omit these settings if you have disabled HDM user authentication.</p> <p>Now the smart proxy must be restarted:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>systemctl restart foreman-proxy </code></pre> </div> <h2> Screenshots </h2> <p>HDM Data view</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fraw.githubusercontent.com%2Fbetadots%2Fhdm%2Fmain%2Fscreenshots%2FHDM-12-node_data_details_2.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fraw.githubusercontent.com%2Fbetadots%2Fhdm%2Fmain%2Fscreenshots%2FHDM-12-node_data_details_2.png" alt="HDM Data View"></a></p> <p>Foreman Data View</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fraw.githubusercontent.com%2Fbetadots%2Fhdm%2Fmain%2Fscreenshots%2Fforeman%2FForeman-Host-3.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fraw.githubusercontent.com%2Fbetadots%2Fhdm%2Fmain%2Fscreenshots%2Fforeman%2FForeman-Host-3.png" alt="Foreman Data View"></a></p> <p>Happy hacking on Puppet and Hiera data,</p> <p>Martin</p> puppet foreman Puppet container version schema update Martin Alfke Wed, 03 Jan 2024 16:08:30 +0000 https://dev.to/betadots/puppet-container-version-schema-update-4n42 https://dev.to/betadots/puppet-container-version-schema-update-4n42 <p>Community: we hear you!</p> <p>Several people have asked to please change the version schema on <a href="https://github.com/voxpupuli/container-puppetserver/">puppetserver-container</a> and <a href="https://github.com/voxpupuli/container-puppetdb/">puppetdb-container</a>.</p> <h2> Puppet Inc version schema </h2> <p>Prior the repositories have been handed over from <a href="https://puppet.com">Puppet Inc</a> to <a href="https://voxpupuli.org">Puppet Community</a>, the container images were using the Puppet server and PuppetDB versions, which were used inside the container.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>&lt;puppet.major&gt;.&lt;puppet.minor&gt;.&lt;puppet.patch&gt; </code></pre> </div> <p>Example usage:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker run <span class="nt">--name</span> puppet <span class="nt">--hostname</span> puppet puppetlabs-puppetserver:7.2.0 </code></pre> </div> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Name</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td>puppet.major</td> <td>Describes the contained major Puppet version (7 or 8)</td> </tr> <tr> <td>puppet.minor</td> <td>Describes the contained minor Puppet version</td> </tr> <tr> <td>puppet.patch</td> <td>Describes the contained patchlevel Puppet version</td> </tr> </tbody> </table></div> <h2> Initial voxpupuli version schema </h2> <p>The original version schema did not show if changes to the container image have been done.<br> At <a href="https://voxpupuli.org">Voxpupuli</a> it was decided to use a new version schema:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>v&lt;major&gt;.&lt;minor&gt;.&lt;patch&gt;-&lt;puppet release&gt; </code></pre> </div> <p>Example usage:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker run <span class="nt">--name</span> puppet <span class="nt">--hostname</span> puppet ghcr.io/voxpupuli/container-puppetserver:v1.0.0-7 </code></pre> </div> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Name</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td>major</td> <td>Describes the major version of the base container (Ubunutu 22.04) or incompatible changes</td> </tr> <tr> <td>minor</td> <td>Describes new features or refactoring with backward compatibility</td> </tr> <tr> <td>patch</td> <td>Describes if minor changes or bugfixes have been implemented</td> </tr> <tr> <td>puppet release</td> <td>Describes the contained major Puppet release (7 or 8)</td> </tr> </tbody> </table></div> <p>At <a href="https://github.com/voxpupuli/crafty.git">Voxpupuli Crafty</a> we had a <a href="https://github.com/voxpupuli/crafty/discussions/22">discussion</a> on how to improve the version schema.<br> Additionally we received feedback from customers, that they were unhappy with the new version schema as it was unclear, which exact Puppet version is inside the containers.</p> <h2> New version schema </h2> <p>The new version schema has the following layout:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>&lt;puppet.major&gt;.&lt;puppet.minor&gt;.&lt;puppet.patch&gt;-v&lt;container.major&gt;.&lt;container.minor&gt;.&lt;container.patch&gt; </code></pre> </div> <p>Example usage:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker run <span class="nt">--name</span> puppet <span class="nt">--hostname</span> puppet ghcr.io/voxpupuli/container-puppetserver:7.13.0-v1.2.0 </code></pre> </div> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Name</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td>puppet.major</td> <td>Describes the contained major Puppet version (7 or 8)</td> </tr> <tr> <td>puppet.minor</td> <td>Describes the contained minor Puppet version</td> </tr> <tr> <td>puppet.patch</td> <td>Describes the contained patchlevel Puppet version</td> </tr> <tr> <td>container.major</td> <td>Describes the major version of the base container (Ubunutu 22.04) or incompatible changes</td> </tr> <tr> <td>container.minor</td> <td>Describes new features or refactoring with backward compatibility</td> </tr> <tr> <td>container.patch</td> <td>Describes if minor changes or bugfixes have been implemented</td> </tr> </tbody> </table></div> <p>Many thanks to the community for the great feedback and ideas for improvement.</p> <p>Happy hacking on Puppet in containers.</p> <p>Martin Alfke</p> puppet containers devops automation Puppet Containers are back alive Martin Alfke Tue, 31 Oct 2023 09:40:15 +0000 https://dev.to/betadots/puppet-containers-are-back-alive-5c2n https://dev.to/betadots/puppet-containers-are-back-alive-5c2n <p>In early 2023 <a href="https://www.puppet.com">Puppet Inc.</a> decided to stop working on their containers for Puppetserver and PuppetDB and offered the repositories for adoption.</p> <p>At <a href="https://betadots.de">betadots GmbH</a> we believe that there is an usecase for Puppet servers based on containers.<br> We also have several customers who already use Puppet in containers or are planning to migrate to a container based technology.</p> <p>Therefor we decided to continue, upgrade and improve the work on the containers.</p> <p>Content:</p> <p>Hosting and License<br> Latest Updates<br> Future Improvements<br> Commercial Support</p> <h2> Hosting and License </h2> <p>To prevent license changes done by a company, we asked the <a href="https://voxpupuli.org">Voxpupuli community</a> to be the host for the Open Source based repositories.</p> <p>This gives users and customers the benefit of being sure that the Open Source License will be kept. And also the potential number of contributors is much higher.</p> <p>On mid October <a href="https://github.com/bastelfreak">Tim (bastelfreak) Meusel</a> asked Puppet's famous and well known <a href="https://github.com/binford2k">Ben (binford2k) Ford</a> to migrate the container repositories to Voxpupuli. They where then transferred and are now owned and maintained by Voxpupuli.</p> <p>We now have two new repositories for container based Puppet infrastructure:</p> <ul> <li><a href="https://github.com/voxpupuli/container-puppetserver">container-puppetserver</a></li> <li><a href="https://github.com/voxpupuli/container-puppetdb">container-puppetdb</a></li> </ul> <p>2 hours after migration we were able to spin up an actual version of a Puppetserver and a PuppetDB on an updated base image.<br> Both containers are now published under Apache-2.0 license.<br> <a href="https://betadots.de">betadots GmbH</a> supports Voxpupuli with updating and maintaining the containers.</p> <h2> Latest Updates </h2> <p>For the moment we use the official Ubuntu 22.04 x86_64 base image in combination with the official Puppet Ubuntu packages released by Puppet Inc.</p> <p>We are looking forward to also maintain ARM based containers, but for this we have to wait for the official Packages being finished by Puppet Inc. Puppetserver and PuppetDB are already supported on ARM, to be more precise they don't depend on an arch. But we have still to wait for the Puppet Agent to be Released on the ARM platform. The nightly builds are already there, but we wait for the final, official release. The Agent is needed in some build steps for the container, so we wait. But the build pipeline is prepared and when the packages are available it is easy to add the new arch to it.</p> <p>On October 18th <a href="https://github.com/rwaffen">Robert (rwaffen) Waffen</a> announced on <a href="https://puppetcommunity.slack.com/archives/C0W1Y5VL0/p1697641383534739">Puppet Community Slack in the voxpupuli channel</a>, that he was able to deploy a fully functional container-based Puppet setup using a (Docker) compose file.</p> <p>The compose configuration is <strong>NOT</strong> hosted within the container repositories, but in the <a href="https://github.com/voxpupuli/crafty.git">CRAFTY - Containerized Resources And Funky Tools (in) YAML</a> repository. This will serve as the central hub for bundling all components related to the containerized Puppet infrastructure. You can think of it as a spiritual successor to Pupperware.</p> <p>The containers are built to be compatible with Docker as well as other container systems such as Podman, for example. At present, they are exclusively built and tested in a Docker environment. If you encounter any issues with alternative systems, please don't hesitate to contact us. Additionally, we warmly welcome pull requests.</p> <h2> Future improvements </h2> <p>At the moment we work on a CI pipeline to automatically deploy newly built containers to docker hub and GitHub container registry. The Github part is already finished. But we might tweak some things here and there. So this is not yet production ready.</p> <p>Besides this, we need support for writing a proper helm chart within the <a href="https://github.com/voxpupuli/crafty.git">CRAFTY Repository</a>. Anyone who can help with this would be very welcome! We aim for the containers to be used in standalone container environments and also in cluster management systems like Kubernetes (k8s).</p> <p>We continue to enhance our documentation and are delighted to review and incorporate contributions.</p> <h2> Commercial Support </h2> <p>At <a href="https://betadots.de">betadots GmbH</a>, we provide commercial support for container-based Puppet infrastructures.</p> <p>Please get <a href="//mailto:info@betadots.de?subject=Puppet%20Support%20request">in touch with us</a> if you need further information.</p> <p>Happy hacking on Puppet and containers to everyone.</p> <p><a href="https://github.com/tuxmea">Martin (tuxmea) Alfke</a><br> <a href="https://github.com/rwaffen">Robert (rwaffen) Waffen</a><br> <a href="https://github.com/bastelfreak">Tim (bastelfreak) Meusel</a></p> containers puppet configurationmanagement kubernetes