Puppet Professional - exam objectives
Language
Identify Style Guide recommendations
Describe language features
Identify the core resource types
Demonstrate knowledge of classes and defines
Modules
Describe how to use modules from the Forge
-
List installed modules:
puppet module list --tree
Search modules:
puppet module search nginx
Install module:
puppet module install <module>
Install module to different environment:
puppet module install saz-motd --environment test
Demonstrate knowledge of module structure
Identify module authoring best practices
Using Puppet
Describe environments in Puppet
Environments are groups of puppet agents. Configured via directory or config file. Directory is easier and will replace config file environments.
Directory environments, per default enabled in v3.7.
Provides module path, main manifest and -config version- script.
create test environment
mv /etc/puppetlabs/puppet/environments/production/manifests/site.pp /etc/puppetlabs/puppet/manifests
# edit puppet.conf
default_manifest = $confdir/manifests
cp -R /etc/puppetlabs/puppet/environments/production/ /etc/puppetlabs/puppet/environments/test
# check basemodulepath in puppet.conf includes: /opt/puppet/share/puppet/modules
Describe the life cycle of a Puppet run
Node sends data about its state (facts) to the puppet master (hostname, node name, os, virtual, etc.)
Puppet uses the facts to compile a catalog that specifies how the node should be configured. Sends the catalog to the agent.
Config changes (if necessary) are reported back to the master.
Puppet master aggregates reports and Puppet's
API can also report to 3rd party tools.
Describe Puppet ecosystem component usage
Pre install
Meet the necessary system requirements.
Make sure
DNS is working, configure A and PTR records, a puppet CNAME will also work.
Sync time with NTPd or Chronyd.
Open firewall ports 8140/tcp (puppet master), 443/tcp (web console), 61613/tcp (ActiveMQ MCollective). If you are using the web-based install, open port 3000/tcp during install.
Install
Post install
Configure master server.
Install agents via
OS repo or download package. Configure puppet.conf, enable puppet.service and start agent.
Sign agent certificates.
puppet cert list
puppet cert sign <name>
#or
puppet cert sign --all
Puppet Internals
Describe the purpose of types and providers
Describe Puppet’s use of SSL certificates
All client↔server traffic over HTTPS.
Uses its own CA per default.
Public / private keys to encrypt and sign.
List outstanding certificates:
puppet cert list
List all certificates:
puppet cert list --all
Sign certificate:
puppet cert sign <NAME>
Classification
Describe classification
Environment node group
Create groups for setting environment only (dev, test, accept), do not add classes to these groups.
Set environment override only in the environment node groups.
Create a rule to match agents to env. groups. You can use pinning, but rules are the most flexible way to assign nodes.
Classification node group
Create classification node group for example web-dev, web-prod, monitor, etc.
Create a rule to match agents to class. groups.
Console
Describe Node Manager
Describe RBAC
Role Based Access Control, manages permissions.
Can use external directories: LDAP, ActiveDirectory.
Manage roles and users via Enterprise Console “Access Control” tab.
Demonstrate knowledge of how to troubleshoot PE Console
Describe reporting capabilities in PE Console
Ecosystem
Describe the purpose of PuppetDB
Demonstrate knowledge of Hiera
Describe the usage of MCollective
Log in as peadmin (cli).
su - peadmin
Install, enable and start the MCollective agent on the client:
yum install mcollective
Test connectivity:
peadmin@puppet:~$ mco ping web1-dev.mgmt.dc.polaire.nl
puppet.mgmt.dc.polaire.nl time=51.06 ms
---- ping statistics ----
1 replies max: 51.06 min: 51.06 avg: 51.06
Demonstrate knowledge of Facter
Facter collects facts about the current system.
Per default all facts will be returned.
Display single fact:
$ facter netmask
255.255.255.0
Can be extended with scripts on the local system or on puppet master (Plugins in Modules)
A single script can return multiple facts.
Local executable system script example: /etc/facter/facts.d/testje:
# create executable script:
#!/bin/bash
echo "key1=value1"
# Then run the test:
$ facter key1
value1
Find bottlenecks with:
facter --timing
Structured facts: hash or array.