Puppet Professional - exam objectives
Identify Style Guide recommendations
Describe language features
Identify the core resource types
Demonstrate knowledge of classes and defines
Describe how to use modules from the Forge
List installed modules:
puppet module list --tree
puppet module search nginx
puppet module install <module>
Install module to different environment:
puppet module install saz-motd --environment test
Demonstrate knowledge of module structure
Identify module authoring best practices
Describe environments in Puppet
Environments are groups of puppet agents. Configured via directory or config file. Directory is easier and will replace config file environments.
Directory environments, per default enabled in v3.7.
Provides module path, main manifest and -config version- script.
create test environment
mv /etc/puppetlabs/puppet/environments/production/manifests/site.pp /etc/puppetlabs/puppet/manifests
# edit puppet.conf
default_manifest = $confdir/manifests
cp -R /etc/puppetlabs/puppet/environments/production/ /etc/puppetlabs/puppet/environments/test
# check basemodulepath in puppet.conf includes: /opt/puppet/share/puppet/modules
Describe the life cycle of a Puppet run
Node sends data about its state (facts) to the puppet master (hostname, node name, os, virtual, etc.)
Puppet uses the facts to compile a catalog that specifies how the node should be configured. Sends the catalog to the agent.
Config changes (if necessary) are reported back to the master.
Puppet master aggregates reports and Puppet's API
can also report to 3rd party tools.
Describe Puppet ecosystem component usage
Describe how to configure a Puppet master
Meet the necessary system requirements.
Make sure DNS
is working, configure A and PTR records, a puppet CNAME will also work.
Sync time with NTPd or Chronyd.
Open firewall ports 8140/tcp (puppet master), 443/tcp (web console), 61613/tcp (ActiveMQ MCollective). If you are using the web-based install, open port 3000/tcp during install.
Configure master server.
Install agents via OS
repo or download package. Configure puppet.conf, enable puppet.service and start agent.
Sign agent certificates.
puppet cert list
puppet cert sign <name>
puppet cert sign --all
Describe the purpose of types and providers
Describe Puppet’s use of SSL certificates
All client↔server traffic over HTTPS.
Uses its own CA per default.
Public / private keys to encrypt and sign.
List outstanding certificates:
puppet cert list
List all certificates:
puppet cert list --all
puppet cert sign <NAME>
Environment node group
Create groups for setting environment only (dev, test, accept), do not add classes to these groups.
Set environment override only in the environment node groups.
Create a rule to match agents to env. groups. You can use pinning, but rules are the most flexible way to assign nodes.
Classification node group
Create classification node group for example web-dev, web-prod, monitor, etc.
Create a rule to match agents to class. groups.
Describe Node Manager
Role Based Access Control, manages permissions.
Can use external directories: LDAP, ActiveDirectory.
Manage roles and users via Enterprise Console “Access Control” tab.
Demonstrate knowledge of how to troubleshoot PE Console
Describe reporting capabilities in PE Console
Describe the purpose of PuppetDB
Demonstrate knowledge of Hiera
Describe the usage of MCollective
Log in as peadmin (cli).
su - peadmin
Install, enable and start the MCollective agent on the client:
yum install mcollective
peadmin@puppet:~$ mco ping web1-dev.mgmt.dc.polaire.nl
puppet.mgmt.dc.polaire.nl time=51.06 ms
---- ping statistics ----
1 replies max: 51.06 min: 51.06 avg: 51.06
Demonstrate knowledge of Facter
Facter collects facts about the current system.
Per default all facts will be returned.
Display single fact:
$ facter netmask
Can be extended with scripts on the local system or on puppet master (Plugins in Modules)
A single script can return multiple facts.
Local executable system script example: /etc/facter/facts.d/testje:
# create executable script:
# Then run the test:
$ facter key1
Find bottlenecks with:
Structured facts: hash or array.