Puppet Cookbook - Third Edition

Book Image

Puppet Cookbook - Third Edition

Book Image

Puppet Cookbook - Third Edition

Overview of this book

Puppet Cookbook Third Edition

Puppet Cookbook Third Edition

Credits

About the Authors

About the Authors

About the Reviewers

About the Reviewers

www.PacktPub.com

www.PacktPub.com

Preface

Free Chapter

Puppet Language and Style

Puppet Language and Style

Adding a resource to a node

Using Facter to describe a node

Installing a package before starting a service

Installing, configuring, and starting a service

Using community Puppet style

Creating a manifest

Checking your manifests with Puppet-lint

Using standard naming conventions

Using inline templates

Iterating over multiple items

Writing powerful conditional statements

Using regular expressions in if statements

Using selectors and case statements

Using the in operator

Using regular expression substitutions

Using the future parser

Puppet Infrastructure

Puppet Infrastructure

Installing Puppet

Managing your manifests with Git

Creating a decentralized Puppet architecture

Writing a papply script

Running Puppet from cron

Bootstrapping Puppet with bash

Creating a centralized Puppet infrastructure

Creating certificates with multiple DNS names

Running Puppet from passenger

Setting up the environment

Configuring PuppetDB

Configuring Hiera

Setting node-specific data with Hiera

Storing secret data with hiera-gpg

Using MessagePack serialization

Automatic syntax checking with Git hooks

Pushing code around with Git

Managing Environments with Git

Writing Better Manifests

Writing Better Manifests

Using arrays of resources

Using resource defaults

Using defined types

Using run stages

Using roles and profiles

Passing parameters to classes

Passing parameters from Hiera

Writing reusable, cross-platform manifests

Getting information about the environment

Importing dynamic information

Passing arguments to shell commands

Working with Files and Packages

Working with Files and Packages

Making quick edits to config files

Editing INI style files with puppetlabs-inifile

Using Augeas to reliably edit config files

Building config files using snippets

Using ERB templates

Using array iteration in templates

Using EPP templates

Using GnuPG to encrypt secrets

Installing packages from a third-party repository

Comparing package versions

Users and Virtual Resources

Users and Virtual Resources

Using virtual resources

Managing users with virtual resources

Managing users' SSH access

Managing users' customization files

Using exported resources

Managing Resources and Files

Managing Resources and Files

Distributing cron jobs efficiently

Scheduling when resources are applied

Using host resources

Using exported host resources

Using multiple file sources

Distributing and merging directory trees

Cleaning up old files

Auditing resources

Temporarily disabling resources

Managing Applications

Managing Applications

Using public modules

Managing Apache servers

Creating Apache virtual hosts

Creating nginx virtual hosts

Creating databases and users

Internode Coordination

Internode Coordination

Managing firewalls with iptables

Building high-availability services using Heartbeat

Managing NFS servers and file shares

Using HAProxy to load-balance multiple web servers

Managing Docker with Puppet

External Tools and the Puppet Ecosystem

External Tools and the Puppet Ecosystem

Creating custom facts

Adding external facts

Setting facts as environment variables

Generating manifests with the Puppet resource command

Generating manifests with other tools

Using an external node classifier

Creating your own resource types

Creating your own providers

Creating custom functions

Testing your puppet manifests with rspec-puppet

Using librarian-puppet

Monitoring, Reporting, and Troubleshooting

Monitoring, Reporting, and Troubleshooting

Noop – the don't change anything option

Logging command output

Logging debug messages

Generating reports

Producing automatic HTML documentation

Drawing dependency graphs

Understanding Puppet errors

Inspecting configuration settings

Index

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

Managing firewalls with iptables

In this chapter, we will begin to configure services that require communication between hosts over the network. Most Linux distributions will default to running a host-based firewall, iptables. If you want your hosts to communicate with each other, you have two options: turn off iptables or configure iptables to allow the communication.

I prefer to leave iptables turned on and configure access. Keeping iptables is just another layer on your defense across the network. iptables isn't a magic bullet that will make your system secure, but it will block access to services you didn't intend to expose to the network.

Configuring iptables properly is a complicated task, which requires deep knowledge of networking. The example presented here is a simplification. If you are unfamiliar with iptables, I suggest you research iptables before continuing. More information can be found at http://wiki.centos.org/HowTos/Network/IPTables or https://help.ubuntu.com/community...