Basic puppet: Writing infrastructure configuration with an ENC, style, how-to?

puppet foreman

5,711

Solution 1

One approach to this is expressed in Designing Puppet – Roles and Profiles. The basic tenets are as follows:

A node includes one role, and one only.
A role includes one or more profiles to define the type of server
A profile includes and manages modules to define a logical technical stack
Modules manage resources
Modules should only be responsible for managing aspects of the component they are written for

Solution 2

I am assuming you are telling Foreman to import from a puppet master, if so I would suggest setting up your puppet dir like this:

puppet
puppet/manifests
puppet/manifests/site.pp
puppet/manifests/nodes/default.pp
puppet/manifests/nodes/{server-type}.pp
...
puppet/modules
puppet/modules/{module1}
puppet/modules/{module1}/files
puppet/modules/{module1}/manefests
puppet/modules/{module1}/templates
...
etc

you would then include this line in the site.pp file:

import 'nodes/*'

Then, in default.pp create your base server:

node default {
    #this is where you put all of the puppet directives you want on every server.
    #for example if you wanted screen on all of your servers
    package{ "screen": ensure -> installed; }
}

Then in another file under nodes, say web.pp you could include that and then set the directives for all web servers like so:

node /^web0[1-9]\.example\.com$/ inherits default {
    #this will inherit all of the settings in the default node and then do anything else you add.
    #like installing nginx
    package { "nginx": ensure -> installed; }
}

You can even chain inherits like in this db.pp file:

node db inherits default {
    #install postgresql-9.3
    package { "postgresql-9.3": ensure -> installed; }
}

node /^db0[1-9]\.example\.com$/ inherits db {
    #This block can even be empty unless you need something here.
}

5,711

Mojo

Platform Engineer at DreamWorks Animation

Updated on September 18, 2022

Comments

Mojo almost 2 years

I barely know enough Puppet to ask this question.

I think I understand that the configuration for a particular node would consist of a collection of modules, with some node-specific glue. From the tutorials and documentation, it appears that the node-specific resources would be in a manifests/site.pp file, in node /nodename/ { } resources, with "includes" for the relevant classes, and resources to make node-specific configuration changes.

Now enter an External Node Classifier (ENC) such as theForeman.

From my reading of the ENC documentation, I COULD use node /nodename/ { } resources in a site.pp, but I can't declare any new resources. It's basically not recommended. The generated YAML is all just includes and variable settings.

So what does one do for configuration specific to a given node or a host group -- the wiring that integrates all your included classes?

Do you end up creating a class that's specific to the node? Where do you put that class, in a node-specific module? Or do you make a catch-all module for your site-specific configuration with classes that can be assigned to a specific node?
- Admin over 10 years
  
  I appear to be in this situation (not entirely unexpected) where the Puppet tutorial teaches a configuration style that's not really useful in a real-world configuration. I'm struggling to find guidance.
- Admin over 10 years
  
  Couldn't you just define your nodes in the site manifest, and import the puppet environment into TheForeman? Am I missing something? Is this one specific problem or a plethora?
- Admin over 10 years
  
  My nodes had some resources defined within the node object, and those can't be imported. I don't know where to put those resources now. (That and getting my terminology correct.)
Mojo over 10 years

Did you mean to include puppet/nodes as one of the directories on the puppet master? So the node-specific configuration isn't distributed by the ENC (Foreman) but delivered by the puppet master? I thought nodes delivered by the ENC couldn't include resources (like "package").
meatflag over 10 years

Yes I did mean to include nodes but under puppet/manifests. I also had the site.pp file in the wrong location. node configs can contain resources, I do it all over the place. Only time I don't is when I need to have more than just a package, like when I need the package, a config, and maybe a user. Then I'll use a class, which i define under the modules dir.
Mojo over 10 years

I'm going to have to grab that book so I can put some concrete definitions to the terms "role" and "profile." I've not seen those words used in any other Puppet contexts, so I can't connect them to code in my head.
sciurus over 10 years

It's not a book, it's a blog post. Most of the post is spent explaining the authors idea of roles and profiles, including demonstrating code for them.
Mojo over 10 years

YES and it's just what I was looking for. Tell me this: Where do the roles and profiles go? Do you build a module called "roles" and one called "profiles?" That would make sense to me. Then on the ENC you can just assign a role to a node and get its proper bundle.
Nathan Basanese almost 9 years

// , Minor note. "tenants" should read "tenets".
David Gardner about 8 years

import is deprecated -- use hiera_include instead to include a bunch of classes via some logic (see docs.puppet.com/hiera/1/…)