Puppet

Introduction
Put simply, Puppet is a system for automating system administration tasks. To learn more, read our big picture overview of Puppet, or take a deeper look at what Puppet can do with the Puppet Introduction. There's also a Puppet Brochure which gives the highlights of Puppet's functionality. (taken from the Puppet homepage)

Puppet Master
Note: Ruby must be compiled with ipv6 USE flag

Puppet-0.23.0 ebuild creates puppetd.conf and puppetmasterd.conf under /etc/puppet. The configuration file should be puppet.conf so delete the others:

Create puppet.conf /etc/puppet/puppet.conf:

Create site.pp /etc/puppet/manifests/site.pp:

Puppet Agent
Create puppet.conf /etc/puppet/puppet.conf:

Test
You need to sign your certifcate:

1. on the server: Start the puppet master

2. on the client:

debug: Calling puppetca.getcert warning: peer certificate won't be verified in this SSL session notice: Did not receive certificate

3. Run puppet cert -l on the server, you should see your request:

gandalf

4. At the next run your puppet agent should create /tmp/testfile

Package
class wine { package{'xwininfo': name    => 'xwininfo', category => 'x11-apps', ensure  => present, } }

File permission/File with source/Directory
file {'sshd_config': path     => '/etc/ssh/sshd_config', owner    => root, group    => root, mode     => 600, hasstatus => true, source   => "puppet://$server/global/sshd_config", subscribe => Service['sshd'], }

service{'sshd': enable => true, ensure => running, require => Package['openssh'], }

package{'openssh': category => 'net-misc', name    => 'openssh', ensure  => present, }

File:

Source means if you have setup the fileserver.conf in your puppetmasterd, then your client will be able to download that file, change the permissions and so forth, and with subscription, it will restart your service.

Service:

Enable means puppet will check your runlevel, and if the services hasnt been defined to run at this runlevel, it will ensure it has been defiend to run at this runlevel.

hasstatus set it true if /etc/init.d/scriptname supports status command. If you haven't setup it will try to check the service with ps.

Package:

Ensure => latest,installed,present,absent

Latest:

Will emerge your package at run if there is a newer version

Installed:

Will emerge your package if it isn't installed.

Present:

If the package isn't present it will do nothing, if it is it will perform the class' actions.

Absent:

It will unmerge your app.

file {'/data': ensure => directory, owner => root, group => root, mode  => 755, }

Node configs
Every node should at least have an empty configuration:

node lisa { } node 'fqdn.yourdomain.com' { }

I've setup some standard rules like: desktop-linux,server linux:

class desktop-linux { include xorg_config } class server-linux { include timezone-sync }

Then you can setup server called lisa as server:

node lisa { include server-linux }

Schedule
class sync { schedule{ daily: range => "2 - 4", repeat => 1, } exec {"/usr/bin/emerge --sync --quiet": schedule => daily } }

Every exec which have daily schedule will be executed between 2-4AM, repeat => 1, so puppet will run only one time.

Mount options
class fs_check { mount { "/tmp": atboot => yes, device => "/dev/rootvg/tmp", ensure => mounted, fstype => xfs, remounts => true, pass => 1, dump => 0, options => "noexec,nosuid,nodev,noatime" } }

After the mount options changed, the system will try to remount it.

User
class check_user { user { superfly: ensure => 'present', home => '/home/superfly', shell => '/bin/zsh', password => 'password', groups => ['wheel','users'] } }