» Puppet https://tekslate.com Watch Learn & Excel Fri, 23 Jun 2017 10:52:40 +0000 en-US hourly 1 http://wordpress.org/?v=4.3.1 Puppet Tutorials https://tekslate.com/tutorials/puppet-tutorials/ https://tekslate.com/tutorials/puppet-tutorials/#comments Fri, 24 Jun 2016 06:22:50 +0000 https://tekslate.com/?page_id=22057 Welcome to Puppet Tutorials. The objective of these tutorials is to provide in depth understand of Puppet. In addition to …

The post Puppet Tutorials appeared first on .

]]>
Welcome to Puppet Tutorials. The objective of these tutorials is to provide in depth understand of Puppet.

In addition to free Puppet Tutorials, we will cover common interview questions, issues and how to’s of Puppet.

Introduction

Puppet is used to automate several routine sysadmin configuration tasks.

Puppet in an enterprise grade configuration management system.

It allows you to define the state of your IT infrastructure. Once it is defined, Puppet will automatically enforce the correct state on an on-going basis.

Managing software state on hundreds of thousands of servers can be a real challenge. What web server should be installed? What web server configuration should looks like? Which users should have access to certain machine or group of machines? Now multiply those questions and many more by the number of servers you have and you end up in a total madness.

Fortunately the year is 2014+ so welcome to the world where tools for various automation are all over the open source world and different people use different sets depending on their needs, use case and environment requirements.

Puppet configuration management tool

Puppet consists of a language, client-server processes and the Resource Abstraction Layer.

The language allows the description of a server configuration with an abstraction of the resources that an administrator already thinks in: users, groups, packages, files, cron, mount and services, to name a few.

The relationship between the resources are also specified. For example, a service depends on a configuration file, and that file depends on a package being installed. The relationships provide order as the policy is applied and allow Puppet to restart dependent services when their configurations change.

Desired to gain proficiency on Puppet? Explore the blog post 
on Puppet Training to become a pro in Puppet.

The resources can also be composed into logical collections. To reuse the previous example, a package, a configuration file and a service can be grouped together. The group can then be reused and treated as a single logical entity in other Puppet code. The client-server setup provides a secure mechanism for transporting the specific configurations from the central description to the individual hosts over HTTP with SSL authentication and encryption — the same SSL used to secure online banking and e-commerce. Each host only receives its specifically compiled configuration to apply.

Configurations are audited and applied by querying current state, comparing the results with the desired state, and taking the appropriate action for each resource. Applying the configuration will take a base install operating system to a fully configured server. Changes to the central policy can also update configuration files or apply patches. The cycle of auditing and syncing systems with the assigned policy is then used to manage systems throughout the system lifecycle.

The auditing and syncing cycle can ensure consistency across the entire network. With traditional tools and techniques, the chance that two machines providing the same service are configured the same is quite small. As the server counts climb, inconsistencies created by configuration drift cause confusion and mistakes.

Meet Puppet. A software framework that allows you to easily make rapid changes across your infrastructure and enforce consistency with minimal efforts in four simple steps.

-Define what the final state of your machines and groups of machines should look like with simple rules

-Simulate enforcement of the rules to see how it goes

-Enforce the rules so the machine can enter the desired software state

-Receive reports about the changes, run time etc.

So how to get started with it so it can make your operations life easier? Well we should know how its basics works first, so we can take proper decisions and avoid wrong ones bite us later.

-Puppet runs/executes the so-called manifests files (recipes). Think of them like simple programs.

-Manifest files describe the final stage of the system with clear, easy to use and understand syntax.

-Group of manifest files are called modules

-Puppet have set of functions you can use to make your life easier

-Puppet is cool so it offers you functionality to write your own custom functions, classes and facts.

Puppet packages should be available for most major distros already. Just search for puppet using your package manager of choice. For example, on Ubuntu 10.04 you’d want puppet and puppet-common for the managed systems, and puppet master for the central server (if you have multiple systems). You might also want the vim-puppet package if you’ll be writing Puppet manifests in Vim, or puppet-el if you want to write manifests in GNU Emacs.

When you’re working with Puppet, you’re working with resources. Users, packages, files, services, etc. A resource describes something on your system. You can find the standard types on the language resource guide on Puppet Labs’ site. Some resources are standard across all OSes (like files) others are OS-dependent (like zfs and zone, which are Solaris-only).

For single systems, you’ll usually use puppet to execute a manifest. Remember, a manifest is a file containing a set of resources and instructions on how that resource should be configured or manipulated.

Puppet also has a shell that you can use to execute Puppet commands and configure a local system. The Resource Abstraction Layer Shell (ralsh) can list resources, and operate on resources. Here’s a simple example to verify whether a user exists on the system using ralsh:

ralsh user norm

If norm doesn’t exist as a user account on the system yet, you’ll see this:

user { 'norm':
    ensure => 'absent'
}

This is Puppet providing the current system configuration, as expressed in the Puppet language. This is how you’d write a manifest to remove the usernorm from a system. What if we want to add norm as a user with ralsh? Easy:

ralsh user norm

Ridiculously easy, isn’t it? That will create norm with some sane defaults. Here’s the manifest that ralsh executes:

user { 'norm':
    uid => '1001',
    ensure => 'present',
    gid => '1001',
    home => '/home/norm',
    shell => '/bin/sh'
}

You’d write that up as a manifest and run it using puppet on your local system. What if we want to make norm‘s shell bash instead of sh? Let’s look at that as a manifest:

user { 'norm':
    uid => '1001',
    ensure => 'present',
    gid => '1001',
    home => '/home/norm',
    shell => '/bin/sh'
}

Copy that to a file, like norm.pp, and change the shell line to shell => ‘/bin/sh’. Then run puppet norm.pp. Puppet will check the user, and make the changes necessary so that the user conforms to the manifest.

Check out the top Puppet Interview Questions now!

Features of Puppet

-Designed in such a way that it prevents duplication for everyone solving the same problem.

-Mature Tool

-Powerful Framework

-Simplify System Administrator’s Technical Task.

-System Administrator’s task is written in Puppet’s Native code and can be shared.

-Makes it possible to make rapid and repeatable changes automatically.

-Maintains System Consistency and Integrity.

-Helpful in managing Physical and Virtual devices as well as cloud.

Advantages of puppet over other tools

Normally most of the configuration management tool, deploy the required configuration on a machine, and leave them as it is. But puppet keeps on verifying the configuration at a specified interval(which you can modify as per requirement).

Puppet defines the configurations for a host with the help of a language which is very easy to learn and is only used for that purpose.

Puppet is used by major players in the industry like Google,red hat etc.

Larger open-source developer base

Wide number of platforms are supported in puppet.

Its works very smooth, even when deployed in a large infrastructure(thousands of hosts to manage)

Conclusion

Puppet automation tool seems robust, user friendly interface, as well as very declarative. Installation was very easy for me it was nothing to worry about dependencies at installation.

The post Puppet Tutorials appeared first on .

]]>
https://tekslate.com/tutorials/puppet-tutorials/feed/ 0
Puppet Interview Questions and Answers https://tekslate.com/puppet-interview-questions-and-answers https://tekslate.com/puppet-interview-questions-and-answers#comments Wed, 09 Mar 2016 09:39:33 +0000 https://tekslate.com/?p=15878 Puppet Interview Questions 1. What is Puppet ? Puppet is a  configuration Tool which is use to automate administration tasks. …

The post Puppet Interview Questions and Answers appeared first on .

]]>
Puppet Interview Questions

1. What is Puppet ?

Puppet is a  configuration Tool which is use to automate administration tasks. Puppet Agent(Client) sends request to Puppet Master (Server) and Puppet Master Push Configuration on Agent.

2. What is Manifests ?

Manifests, in Puppet, are the files in which the client configuration is specified.

3. What is Module and How it is different from Manifest ?

Whatever the manifests we defined in modules, can call or include into other manifests. Which makes easier management of Manifests.It helps you to push specific manifests on specific Node or Agent.

4. What are the Commands to check requests of Certificates ?

puppetca –list (2.6)
puppet ca list (3.0)

5. What are the Commands to sign Requested Certificates ?

puppetca  –sign hostname-of-agent (2.6)
puppet ca  sign hostname-of-agent (3.0)

6. Where Puppet Master Stores Certificates

/var/lib/puppet/ssl/ca/signed

7. What is Facter ?

Sometime you need to write manifests on conditional expression based on agent specific data which is available through Facter. Facter provides information like Kernel version,Dist release, IP Address, CPU info and etc.You can defined your facter also.

8. What is the use of etckeeper-commit-post and etckeeper-commit-pre on Puppet Agent ?

etckeeper-commit-post: In this configuration file you can define command and scripts which executes after pushing configuration on Agente

etckeeper-commit-pre: In this configuration file you can define command and scripts which executes before pushing configuration on Agent

9. What is Puppet Kick ?

By default Puppet Agent request to Puppet Master after a periodic time which known as “runinterval”. Puppet Kick is a utility which allows you to trigger Puppet Agent from Puppet Master.

10. What is MCollective ?

MCollective is a powerful orchestration framework. Run actions on thousands of servers simultaneously, using existing plugins or writing your own.

Puppet Devops Interview Questions

11. What’s special about Puppet’s model-driven design?

Traditionally, managing the configurations of a large group of computers has meant a series of imperative steps; in its rawest state, SSH and a for loop. This general approach grew more sophisticated over time, but it retained the more profound limitations at its root.

Puppet takes a different approach, which is to model everything — the current state of the node, the desired configuration state, the actions taken during configuration enforcement — as data: each node receives a catalog of resources and relationships, compares it to the current system state, and makes changes as needed to bring the system into compliance.

The benefits go far beyond just healing the headaches of configuration drift and unknown system state: modeling systems as data lets Puppet simulate configuration changes, track the history of a system over its lifecycle, and prove that refactored manifest code still produces the same system state. It also drastically lowers the barrier to entry for hacking and extending Puppet: instead of analyzing code and reverse-engineering the effects of each step, a user can just parse data, and sysadmins have been able to add significant value to their Puppet deployments with an afternoon’s worth of perl scripting.

Interested in mastering Puppet Training? Enroll now for FREE demo on Puppet Training.

12. Why does Puppet have its own language? Why not use XML or YAML as the configuration format? Why not use Ruby as the input language?

The language used for manifests is ultimately Puppet’s human interface, and XML and YAML, being data formats developed around the processing capabilities of computers, are horrible human interfaces. While some people are comfortable reading and writing them, there’s a reason why we use web browsers instead of just reading the HTML directly. Also, using XML or YAML would limit any assurance that the interface was declarative — one process might treat an XML configuration differently from another.

13. Can Puppet manage workstations?

Yes, Puppet can manage any type of machine, and is used to manage many organizations that have a mix of laptops and desktops.

14. Does Puppet run on Windows?

Yes. As of Puppet 2.7.6 basic types and providers do run on Windows, and the test suite is being run on Windows to ensure future compatibility. More information can be found on the Puppet on Windows page, and bug reports and patches are welcome.

15. What size organizations should use Puppet?

There is no minimum or maximum organization size that can benefit from Puppet, but there are sizes that are more likely to benefit. Organizations with only a handful of servers are unlikely to consider maintaining those servers to be a real problem, while those that have more need to consider carefully how they eliminate manual management tasks.

16. My servers are all unique; can Puppet still help?

Yes.

All servers are at least somewhat unique, but very few servers are entirely unique; host names and IP addresses (e.g.) will always differ, but nearly every server runs a relatively standard operating system. Servers are also often very similar to other servers within a single organization — all Solaris servers might have similar security settings, or all web servers might have roughly equivalent configurations — even if they’re very different from servers in other organizations. Finally, servers are often needlessly unique, in that they have been built and managed manually with no attempt at retaining appropriate consistency.

Puppet can help both on the side of consistency and uniqueness. Puppet can be used to express the consistency that should exist, even if that consistency spans arbitrary sets of servers based on any type of data like operating system, data centre, or physical location. Puppet can also be used to handle uniqueness, either by allowing special provision of what makes a given host unique or through specifying exceptions to otherwise standard classes.

17. Who is Puppet Labs?

Puppet Labs (formerly Reductive Labs) is a small, private company focused on re-framing the server automation problem.

18. How should I upgrade Puppet and Facter?

The best way to install and upgrade Puppet and Facter is via your operating system’s package management system, using either your vendor’s repository or one of Puppet Labs’ public repositories.

If you have installed Puppet from source, make sure you remove old versions entirely (including all application and library files) before upgrading. Configuration data (usually located in/etc/puppet or /var/lib/puppet, although the location can vary) can be left in place between installs.

19. What characters are permitted in a class name? In a module name? In other identifiers?

Class names can contain lowercase letters, numbers, and underscores, and should begin with a lowercase letter. “::” can be used as a namespace separator.

The same rules should be used when naming defined resource types, modules, and parameters, although modules and parameters cannot use the namespace separator.

Variable names can include alphanumeric characters and underscores, and are case-sensitive.

Puppet Interview Questions And Answers For Experienced

20. How do I document my manifests?

The puppet language includes a simple documentation syntax, which is currently documented on the Puppet Manifest Documentation wiki page. The puppetdoc command uses this inline documentation to automatically generate RDoc or HTML documents for your manifests and modules.

21. How do I manage passwords on Red Hat Enterprise Linux, CentOS, and Fedora Core?

As described in the Type reference, you need the Shadow Password Library, which is provided by the ruby-shadow package. The ruby-shadow library is available natively for fc6 (and higher), and should build on the corresponding RHEL and CentOS variants.

22. How do all of these variables, like $operatingsystem, get set?

The variables are all set by Facter. You can get a full listing of the available variables and their values by running facter by itself in a shell.

# facter

Check out this blog post to learn more Puppet Tutorials.

23. Can I access environment variables with Facter?

Not directly. However, Facter reads in custom facts from a special subset of environment variables. Any environment variable with a prefix of FACTER_ will be converted into a fact when Facter runs. For example:

p

The value of the FACTER_FOO environment variable would now be available in your Puppet manifests as $foo, and would have a value of ‘bar’. Using shell scripting to export an arbitrary subset of environment variables as facts is left as an exercise for the reader.

24. Why shouldn’t I use autosign for all my clients?

It is very tempting to enable autosign for all nodes, as it cuts down on the manual steps required to bootstrap a new node (or indeed to move it to a new puppet master).

Typically this would be done with a *.example.com or even * in the autosign.conf file.

This however can be very dangerous as it can enable a node to masquerade as another node, and get the configuration intended for that node. The reason for this is that the node chooses the certificate common name (‘CN’ – usually its fqdn, but this is fully configurable), and the puppet master then uses this CN to look up the node definition to serve. The certificate itself is stored, so two nodes could not connect with the same CN (eg alice.example.com), but this is not the problem.

The problem lies in the fact that the puppet master does not make a 1-1 mapping between a node and the first certificate it saw for it, and hence multiple certificates can map to the same node, for example:

– alice.example.com connects, gets node alice { } definition.

– bob.example.com connects with CN alice.bob.example.com, and also matches node alice { } definition.

Without autosigning, it would be apparent that bob was trying to get alice’s configuration – as the puppet cert process lists the full fqdn/CN presented. With autosign turned on, bob silently retrieves alice’s configuration.

Depending on your environment, this may not present a significant risk. It essentially boils down to the question ‘Do I trust everything that can connect to my puppet master?’.

If you do still choose to have a permanent, or semi-permanent, permissive autosign.conf, please consider doing the following:

– Firewall your puppet master – restrict port tcp/8140 to only networks that you trust.

– Create puppet masters for each ‘trust zone’, and only include the trusted nodes in that Puppet masters manifest.

– Never use a full wildcard such as *.

Puppet Master Interview Questions

25. What happens if I am on Puppet 2.6x or earlier?

Nothing changes for you. Puppet 2.6.x remains licensed as GPLv2. The license change is not retroactive.

26. Does this change affect all the components of Puppet?

As part of this change, we’re also changing the license of the Facter system inventory tool to Apache. This change will take effect with Facter version 1.6.0, and earlier versions of Facter will remain licensed under the GPLv2 license. This change will bring the licensing of Puppet’s two key components into alignment.

Our other major product, MCollective, is already licensed under the Apache 2.0 license.

27. What does this mean if I or my company have or want to contribute code to Puppet?

As part of this license change, Puppet Labs has approached every existing contributor to the project and asked them to sign a Contributor License Agreement or CLA.

Signing this CLA for yourself or your company provides both you and Puppet Labs with additional legal protections, and confirms:

1. That you own and are entitled to the code you are contributing to Puppet

2. That you are willing to have it used in distributions

This gives assurance that the origins and ownership of the code cannot be disputed in the event of any legal challenge.

28. What if I haven’t signed a CLA?

If you haven’t signed a CLA, then we can’t yet accept your code contribution into Puppet or Facter. Signing a CLA is very easy: simply log into your GitHub account and go to our CLA page to sign the agreement.

We’ve worked hard to try find to everyone who has contributed code to Puppet, but if you have questions or concerns about a previous contribution you’ve made to Puppet and you don’t believed you’ve signed a CLA, please sign a CLA or contact us for further information.

29. Does signing a CLA change who owns Puppet?

The change in license and the requirement for a CLA doesn’t change who owns the code. This is a pure license agreement and NOT a Copyright assignment. If you sign a CLA, you maintain full copyright to your own code and are merely providing a license to Puppet Labs to use your code.

All other code remains the copyright of Puppet Labs.

30. Which versions of Ruby does Puppet support?

Puppet requires an MRI Ruby interpreter. Certain versions of Ruby are tested more thoroughly with Puppet than others, and some versions are not tested at all. Run ruby –version to check the version of Ruby on your system.

Starting with Puppet 4, puppet-agent packages do not rely on the OS’s Ruby version, as it bundles its own Ruby environment. You can install puppet-agent alongside any version of Ruby or on systems without Ruby installed. Likewise Puppet Enterprise does not rely on the OS’s Ruby version, as it bundles its own Ruby environment. You can install PE alongside any version of Ruby or on systems without Ruby installed.  The Windows installers provided by Puppet Labs don’t rely on the OS’s Ruby version, and can be installed alongside any version of Ruby or on systems without Ruby installed.

The post Puppet Interview Questions and Answers appeared first on .

]]>
https://tekslate.com/puppet-interview-questions-and-answers/feed/ 2