Puppet Cookbook - Third Edition

Book Image

Puppet Cookbook - Third Edition

Book Image

Puppet Cookbook - Third Edition

Overview of this book

Puppet Cookbook Third Edition

Puppet Cookbook Third Edition

Credits

About the Authors

About the Authors

About the Reviewers

About the Reviewers

www.PacktPub.com

www.PacktPub.com

Preface

Free Chapter

Puppet Language and Style

Puppet Language and Style

Adding a resource to a node

Using Facter to describe a node

Installing a package before starting a service

Installing, configuring, and starting a service

Using community Puppet style

Creating a manifest

Checking your manifests with Puppet-lint

Using standard naming conventions

Using inline templates

Iterating over multiple items

Writing powerful conditional statements

Using regular expressions in if statements

Using selectors and case statements

Using the in operator

Using regular expression substitutions

Using the future parser

Puppet Infrastructure

Puppet Infrastructure

Installing Puppet

Managing your manifests with Git

Creating a decentralized Puppet architecture

Writing a papply script

Running Puppet from cron

Bootstrapping Puppet with bash

Creating a centralized Puppet infrastructure

Creating certificates with multiple DNS names

Running Puppet from passenger

Setting up the environment

Configuring PuppetDB

Configuring Hiera

Setting node-specific data with Hiera

Storing secret data with hiera-gpg

Using MessagePack serialization

Automatic syntax checking with Git hooks

Pushing code around with Git

Managing Environments with Git

Writing Better Manifests

Writing Better Manifests

Using arrays of resources

Using resource defaults

Using defined types

Using run stages

Using roles and profiles

Passing parameters to classes

Passing parameters from Hiera

Writing reusable, cross-platform manifests

Getting information about the environment

Importing dynamic information

Passing arguments to shell commands

Working with Files and Packages

Working with Files and Packages

Making quick edits to config files

Editing INI style files with puppetlabs-inifile

Using Augeas to reliably edit config files

Building config files using snippets

Using ERB templates

Using array iteration in templates

Using EPP templates

Using GnuPG to encrypt secrets

Installing packages from a third-party repository

Comparing package versions

Users and Virtual Resources

Users and Virtual Resources

Using virtual resources

Managing users with virtual resources

Managing users' SSH access

Managing users' customization files

Using exported resources

Managing Resources and Files

Managing Resources and Files

Distributing cron jobs efficiently

Scheduling when resources are applied

Using host resources

Using exported host resources

Using multiple file sources

Distributing and merging directory trees

Cleaning up old files

Auditing resources

Temporarily disabling resources

Managing Applications

Managing Applications

Using public modules

Managing Apache servers

Creating Apache virtual hosts

Creating nginx virtual hosts

Creating databases and users

Internode Coordination

Internode Coordination

Managing firewalls with iptables

Building high-availability services using Heartbeat

Managing NFS servers and file shares

Using HAProxy to load-balance multiple web servers

Managing Docker with Puppet

External Tools and the Puppet Ecosystem

External Tools and the Puppet Ecosystem

Creating custom facts

Adding external facts

Setting facts as environment variables

Generating manifests with the Puppet resource command

Generating manifests with other tools

Using an external node classifier

Creating your own resource types

Creating your own providers

Creating custom functions

Testing your puppet manifests with rspec-puppet

Using librarian-puppet

Monitoring, Reporting, and Troubleshooting

Monitoring, Reporting, and Troubleshooting

Noop – the don't change anything option

Logging command output

Logging debug messages

Generating reports

Producing automatic HTML documentation

Drawing dependency graphs

Understanding Puppet errors

Inspecting configuration settings

Index

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

Managing users' SSH access

A sensible approach to access control for servers is to use named user accounts with passphrase-protected SSH keys, rather than having users share an account with a widely known password. Puppet makes this easy to manage thanks to the built-in ssh_authorized_key type.

To combine this with virtual users, as described in the previous section, you can create a define, which includes both the user and ssh_authorized_key resources. This will also come in handy when adding customization files and other resources to each user.

How to do it...

Follow these steps to extend your virtual users' class to include SSH access:

Create a new module ssh_user to contain our ssh_user definition. Create the modules/ssh_user/manifests/init.pp file as follows:

define ssh_user($key,$keytype) {
  user { $name:
    ensure     => present,
  }

  file { "/home/${name}":
    ensure => directory,
    mode   => '0700',
    owner  => $name,
    require => User["$name"]
  }
  file {...