{{tag>[puppet professional objectives certification]}}
=====Puppet Professional - exam objectives=====
Source: [[https://puppetlabs.com/services/certification/puppet-professional]]
====Language====
===Identify Style Guide recommendations===
to do...
===Describe language features===
to do...
===Identify the core resource types===
to do...
===Demonstrate knowledge of classes and defines===
to do...
====Modules====
===Describe how to use modules from the Forge===
* Puppet Forge: [[https://forge.puppetlabs.com]]
* List installed modules:puppet module list --tree
* Search modules:puppet module search nginx
* Install module:puppet module install
* Install module to different environment: puppet module install saz-motd --environment test
===Demonstrate knowledge of module structure===
to do...
===Identify module authoring best practices===
to do...
====Using Puppet====
===Describe environments in Puppet====
Environments are groups of puppet agents. Configured via //directory// or //config file//. Directory is easier and will replace config file environments.
* Directory environments, per default enabled in v3.7.
* Provides module path, main manifest and -config version- script.
==create test environment==
mv /etc/puppetlabs/puppet/environments/production/manifests/site.pp /etc/puppetlabs/puppet/manifests
# edit puppet.conf
default_manifest = $confdir/manifests
cp -R /etc/puppetlabs/puppet/environments/production/ /etc/puppetlabs/puppet/environments/test
# check basemodulepath in puppet.conf includes: /opt/puppet/share/puppet/modules
===Describe the life cycle of a Puppet run===
* Node sends data about its state (facts) to the puppet master (hostname, node name, os, virtual, etc.)
* Puppet uses the facts to compile a catalog that specifies how the node should be configured. Sends the catalog to the agent.
* Config changes (if necessary) are reported back to the master.
* Puppet master aggregates reports and Puppet's API can also report to 3rd party tools.
===Describe Puppet ecosystem component usage===
to do...
===Describe how to configure a Puppet master===
__Pre install__
* Meet the necessary system requirements.
* Make sure DNS is working, configure A and PTR records, a puppet CNAME will also work.
* Sync time with NTPd or Chronyd.
* Open firewall ports 8140/tcp (puppet master), 443/tcp (web console), 61613/tcp (ActiveMQ MCollective). If you are using the web-based install, open port 3000/tcp during install.
__Install__
* Monolitic or split install.
* Local or remote database.
__Post install__
* Configure master server.
* Install agents via OS repo or download package. Configure puppet.conf, enable puppet.service and start agent.
* Sign agent certificates. puppet cert list
puppet cert sign
#or
puppet cert sign --all
====Puppet Internals====
===Describe the purpose of types and providers===
to do...
===Describe Puppet’s use of SSL certificates===
* All client<->server traffic over HTTPS.
* Uses its own CA per default.
* Public / private keys to encrypt and sign.
* List outstanding certificates:puppet cert list
* List all certificates:puppet cert list --all
* Sign certificate:puppet cert sign
====Classification====
===Describe classification===
* Using the PE console, the best practice architecture is to create environment groups and classification groups.
* Classify via site.pp
* Classify using Hiera.
__Environment node group__
* Create groups for setting environment only (dev, test, accept), do not add classes to these groups.
* Set environment override only in the environment node groups.
* Create a rule to match agents to env. groups. You can use pinning, but rules are the most flexible way to assign nodes.
__Classification node group__
* Create classification node group for example web-dev, web-prod, monitor, etc.
* Create a rule to match agents to class. groups.
====Console====
===Describe Node Manager===
* Puppet Enterprise rule based node classification.
* Dynamically assign nodes to groups:
* Create node groups
* Create rules to dynamically add and remove nodes from node groups
* Assign classes to node groups
===Describe RBAC===
* Role Based Access Control, manages permissions.
* Can use external directories: LDAP, ActiveDirectory.
* Manage roles and users via Enterprise Console "Access Control" tab.
===Demonstrate knowledge of how to troubleshoot PE Console===
to do...
===Describe reporting capabilities in PE Console===
to do...
====Ecosystem====
===Describe the purpose of PuppetDB===
* Collects data generated by puppet.
* most recent facts from every node.
* most recent catalog from every node.
* optionally event reports.
* Exports resources. Can be used by other nodes. For example a backup module configures the client and also adds the backup agent definition to the backup server.
===Demonstrate knowledge of Hiera===
to do...
===Describe the usage of MCollective===
* Log in as peadmin (cli). su - peadmin
* Install, enable and start the MCollective agent on the client:yum install mcollective
* Test connectivity: peadmin@puppet:~$ mco ping web1-dev.mgmt.dc.polaire.nl
puppet.mgmt.dc.polaire.nl time=51.06 ms
---- ping statistics ----
1 replies max: 51.06 min: 51.06 avg: 51.06
*
===Demonstrate knowledge of Facter===
* Facter collects facts about the current system.
* Per default all facts will be returned.
* Display single fact: $ facter netmask
255.255.255.0
* Can be extended with scripts on the local system or on puppet master (Plugins in Modules)
* A single script can return multiple facts.
* Local executable system script example: /etc/facter/facts.d/testje:# create executable script:
#!/bin/bash
echo "key1=value1"
# Then run the test:
$ facter key1
value1
* Find bottlenecks with:facter --timing
* Structured facts: hash or array.