Book Image

Puppet Cookbook - Third Edition

Book Image

Puppet Cookbook - Third Edition

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
Puppet Cookbook - Third Edition
Feb, 2015 | 336 pages
No titles found
Table of Contents (17 chapters)
Puppet Cookbook Third Edition
Puppet Cookbook Third Edition
Credits
Credits
About the Authors
About the Authors
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Puppet Language and Style
Puppet Language and Style
Introduction
Adding a resource to a node
Using Facter to describe a node
Installing a package before starting a service
Installing, configuring, and starting a service
Using community Puppet style
Creating a manifest
Checking your manifests with Puppet-lint
Using modules
Using standard naming conventions
Using inline templates
Iterating over multiple items
Writing powerful conditional statements
Using regular expressions in if statements
Using selectors and case statements
Using the in operator
Using regular expression substitutions
Using the future parser
2
Puppet Infrastructure
Puppet Infrastructure
Introduction
Installing Puppet
Managing your manifests with Git
Creating a decentralized Puppet architecture
Writing a papply script
Running Puppet from cron
Bootstrapping Puppet with bash
Creating a centralized Puppet infrastructure
Creating certificates with multiple DNS names
Running Puppet from passenger
Setting up the environment
Configuring PuppetDB
Configuring Hiera
Setting node-specific data with Hiera
Storing secret data with hiera-gpg
Using MessagePack serialization
Automatic syntax checking with Git hooks
Pushing code around with Git
Managing Environments with Git
3
Writing Better Manifests
Writing Better Manifests
Introduction
Using arrays of resources
Using resource defaults
Using defined types
Using tags
Using run stages
Using roles and profiles
Passing parameters to classes
Passing parameters from Hiera
Writing reusable, cross-platform manifests
Getting information about the environment
Importing dynamic information
Passing arguments to shell commands
4
Working with Files and Packages
Working with Files and Packages
Introduction
Making quick edits to config files
Editing INI style files with puppetlabs-inifile
Using Augeas to reliably edit config files
Building config files using snippets
Using ERB templates
Using array iteration in templates
Using EPP templates
Using GnuPG to encrypt secrets
Installing packages from a third-party repository
Comparing package versions
5
Users and Virtual Resources
Users and Virtual Resources
Introduction
Using virtual resources
Managing users with virtual resources
Managing users' SSH access
Managing users' customization files
Using exported resources
6
Managing Resources and Files
Managing Resources and Files
Introduction
Distributing cron jobs efficiently
Scheduling when resources are applied
Using host resources
Using exported host resources
Using multiple file sources
Distributing and merging directory trees
Cleaning up old files
Auditing resources
Temporarily disabling resources
7
Managing Applications
Managing Applications
Introduction
Using public modules
Managing Apache servers
Creating Apache virtual hosts
Creating nginx virtual hosts
Managing MySQL
Creating databases and users
8
Internode Coordination
Internode Coordination
Introduction
Managing firewalls with iptables
Building high-availability services using Heartbeat
Managing NFS servers and file shares
Using HAProxy to load-balance multiple web servers
Managing Docker with Puppet
9
External Tools and the Puppet Ecosystem
External Tools and the Puppet Ecosystem
Introduction
Creating custom facts
Adding external facts
Setting facts as environment variables
Generating manifests with the Puppet resource command
Generating manifests with other tools
Using an external node classifier
Creating your own resource types
Creating your own providers
Creating custom functions
Testing your puppet manifests with rspec-puppet
Using librarian-puppet
Using r10k
10
Monitoring, Reporting, and Troubleshooting
Monitoring, Reporting, and Troubleshooting
Introduction
Noop – the don't change anything option
Logging command output
Logging debug messages
Generating reports
Producing automatic HTML documentation
Drawing dependency graphs
Understanding Puppet errors
Inspecting configuration settings
Index
Index

Using GnuPG to encrypt secrets

We often need Puppet to have access to secret information, such as passwords or crypto keys, for it to configure systems properly. But how do you avoid putting such secrets directly into your Puppet code, where they're visible to anyone who has read access to your repository?

It's a common requirement for third-party developers and contractors to be able to make changes via Puppet, but they definitely shouldn't see any confidential information. Similarly, if you're using a distributed Puppet setup like that described in Chapter 2, Puppet Infrastructure, every machine has a copy of the whole repo, including secrets for other machines that it doesn't need and shouldn't have. How can we prevent this?

One answer is to encrypt the secrets using the GnuPG tool, so that any secret information in the Puppet repo is undecipherable (for all practical purposes) without the appropriate key. Then we distribute the key securely to the people or machines that need it.

Getting...

Previous Section
End of Section 10
Next Section