Table of Contents
Puppet Professional - exam objectives
Identify Style Guide recommendations
Describe language features
Identify the core resource types
Demonstrate knowledge of classes and defines
Describe how to use modules from the Forge
- Puppet Forge: https://forge.puppetlabs.com
- List installed modules:
puppet module list --tree
- Search modules:
puppet module search nginx
- Install module:
puppet module install <module>
- Install module to different environment:
puppet module install saz-motd --environment test
Demonstrate knowledge of module structure
Identify module authoring best practices
Describe environments in Puppet
Environments are groups of puppet agents. Configured via directory or config file. Directory is easier and will replace config file environments.
- Directory environments, per default enabled in v3.7.
- Provides module path, main manifest and -config version- script.
create test environment
mv /etc/puppetlabs/puppet/environments/production/manifests/site.pp /etc/puppetlabs/puppet/manifests # edit puppet.conf default_manifest = $confdir/manifests cp -R /etc/puppetlabs/puppet/environments/production/ /etc/puppetlabs/puppet/environments/test # check basemodulepath in puppet.conf includes: /opt/puppet/share/puppet/modules
Describe the life cycle of a Puppet run
- Node sends data about its state (facts) to the puppet master (hostname, node name, os, virtual, etc.)
- Puppet uses the facts to compile a catalog that specifies how the node should be configured. Sends the catalog to the agent.
- Config changes (if necessary) are reported back to the master.
- Puppet master aggregates reports and Puppet's API can also report to 3rd party tools.
Describe Puppet ecosystem component usage
Describe how to configure a Puppet master
- Meet the necessary system requirements.
- Make sure DNS is working, configure A and PTR records, a puppet CNAME will also work.
- Sync time with NTPd or Chronyd.
- Open firewall ports 8140/tcp (puppet master), 443/tcp (web console), 61613/tcp (ActiveMQ MCollective). If you are using the web-based install, open port 3000/tcp during install.
- Monolitic or split install.
- Local or remote database.
- Configure master server.
- Install agents via OS repo or download package. Configure puppet.conf, enable puppet.service and start agent.
- Sign agent certificates.
puppet cert list puppet cert sign <name> #or puppet cert sign --all
Describe the purpose of types and providers
Describe Puppet’s use of SSL certificates
- All client↔server traffic over HTTPS.
- Uses its own CA per default.
- Public / private keys to encrypt and sign.
- List outstanding certificates:
puppet cert list
- List all certificates:
puppet cert list --all
- Sign certificate:
puppet cert sign <NAME>
- Using the PE console, the best practice architecture is to create environment groups and classification groups.
- Classify via site.pp
- Classify using Hiera.
Environment node group
- Create groups for setting environment only (dev, test, accept), do not add classes to these groups.
- Set environment override only in the environment node groups.
- Create a rule to match agents to env. groups. You can use pinning, but rules are the most flexible way to assign nodes.
Classification node group
- Create classification node group for example web-dev, web-prod, monitor, etc.
- Create a rule to match agents to class. groups.
Describe Node Manager
- Puppet Enterprise rule based node classification.
- Dynamically assign nodes to groups:
- Create node groups
- Create rules to dynamically add and remove nodes from node groups
- Assign classes to node groups
- Role Based Access Control, manages permissions.
- Can use external directories: LDAP, ActiveDirectory.
- Manage roles and users via Enterprise Console “Access Control” tab.
Demonstrate knowledge of how to troubleshoot PE Console
Describe reporting capabilities in PE Console
Describe the purpose of PuppetDB
- Collects data generated by puppet.
- most recent facts from every node.
- most recent catalog from every node.
- optionally event reports.
- Exports resources. Can be used by other nodes. For example a backup module configures the client and also adds the backup agent definition to the backup server.
Demonstrate knowledge of Hiera
Describe the usage of MCollective
- Log in as peadmin (cli).
su - peadmin
- Install, enable and start the MCollective agent on the client:
yum install mcollective
- Test connectivity:
peadmin@puppet:~$ mco ping web1-dev.mgmt.dc.polaire.nl puppet.mgmt.dc.polaire.nl time=51.06 ms ---- ping statistics ---- 1 replies max: 51.06 min: 51.06 avg: 51.06
Demonstrate knowledge of Facter
- Facter collects facts about the current system.
- Per default all facts will be returned.
- Display single fact:
$ facter netmask 255.255.255.0
- Can be extended with scripts on the local system or on puppet master (Plugins in Modules)
- A single script can return multiple facts.
- Local executable system script example: /etc/facter/facts.d/testje:
# create executable script: #!/bin/bash echo "key1=value1" # Then run the test: $ facter key1 value1
- Find bottlenecks with:
- Structured facts: hash or array.