Which is better for Puppet 3.7 or newer ?
1- Hiera with Yaml definition as
ubuntu.yaml:
---
classes:
- google-chrome
- xcode
2- Base node definition as
node.pp:
node "ubuntu" {
include google-chrome
include xcode
}
I think you misunderstand purpose of using hiera. According to documentation:
Hiera is a key/value lookup tool for configuration data, built to make Puppet better and let you set node-specific data without repeating yourself.
Hiera gives you a versatile way to deliver configuration parameters. So in my opinion "2- Base node definition", with hiera as configuration provider is proper way of using puppet with hiera.
E.g: instead of definig:
node node1 {
class { 'some_class_1' :
param_1 => value1,
param_2 => value2,
}
class { 'some_class_2' :
param_1 => value3,
param_2 => value4,
}
}
node node2 {
class { 'some_class_1' :
param_1 => value11,
param_2 => value22,
}
class { 'some_class_2' :
param_1 => value33,
param_2 => value44,
}
}
Use hiera as configuration provider. In puppet define only:
node some_regexp { #or just provide node names
include some_class_1
include some_class_2
}
than define proper hiera files:
node1.yaml
some_class_1::param_1: value1
some_class_1::param_2: value2
some_class_2::param_1: value3
some_class_2::param_2: value4
node2.yaml
some_class_1::param_1: value11
some_class_1::param_2: value22
some_class_2::param_1: value33
some_class_2::param_2: value44
Related
I try to only deploy fail2ban Apache jails if apache is actually installed. I have a fact for that that works.
# fail2ban
$jails = [
'ssh', 'ssh-ddos',
'pam-generic'
] + if $f2b_enable_apache { ['apache-auth', 'apache-badbots', 'apache-multiport', 'apache-noscript', 'apache-overflows'] }
notify{"Enable apache jails: ${f2b_enable_apache}":}
notify{"Jails: ${jails}":}
class { 'fail2ban':
package_ensure => 'latest',
jails => $jails
}
When I run it though, then I get the follwing output
Without apache:
Puppet : Enable apache jails: false
Puppet : Jails: [ssh, ssh-ddos, pam-generic, apache-auth, apache-badbots, apache-multiport, apache-noscript, apache-overflows]
With apache:
Puppet : Enable apache jails: true
Puppet : Jails: [ssh, ssh-ddos, pam-generic, apache-auth, apache-badbots, apache-multiport, apache-noscript, apache-overflows]
What am I doing wrong? Why is it in both cases appended? Is there a better way to achieve this that is extensible?
I would likely use a selector expression for this:
$jails = $f2b_enable_apache ? {
true => ['ssh', 'ssh-ddos', 'pam-generic', 'apache-auth', 'apache-badbots', 'apache-multiport', 'apache-noscript', 'apache-overflows'],
false => ['ssh', 'ssh-ddos', 'pam-generic'],
}
There are indeed algorithms for using Array[String] concatenation here, but they become messy due to Puppet DSL enforcing the immutability of variables. This uses one variable, one conditional expression, and no lambda iterator functions.
I have a puppet class I am configuring:
class { 'filebeat':
modules => [
module => 'apache',
module => 'iptables',
],
],
}
I am trying to output the following:
filebeat:
modules:
- module: apache
- module: iptables
However, having the two items both named "module" causes the second one to overwrite the first. The actual output I get is:
filebeat:
modules:
- module: iptables
How can I edit my Puppet code such that I generate the desired yaml output with multiple module entries?
The correct syntax is:
class { 'filebeat':
modules => [
{ module => 'apache' } ,
{ module => 'auditd' } ,
],
}
I'm trying to deploy an application called Bag-Of-Holding via Puppet using the instruction as posted on github - https://github.com/ribeiroit/boh-puppet
I run the command: sudo puppet apply /etc/puppet/manifests/site.pp
and I get the error below:
Error: Evaluation Error: Error while evaluating a Resource Statement, Could not find declared class boh at /etc/puppet/manifests/site.pp:2:2 on node lab1-hp-elitebook-8570p
It appears the puppet is having hard time finding the class boh which is already in the manifest folder
This is my directory tree:
/etc/puppet
├── code
├── manifests
└── modules
└── boh-puppet
├── manifests
└── templates
my site.pp file is located in /etc/puppet/manifests
and it looks like this:
node 'lab1-hp-elitebook-8570p' {
class { 'boh':
python_version => 3,
environment => 'dev',
language => 'en',
debug => 'True',
create_superuser => 'true',
pkg_checksum => '86b0164f7fd6c5e4aa43c8f056f08cea'
}
}
And init.pp file has the class {boh } and that's located at:
/etc/puppet/modules/boh-puppet/manifests
Any ideas how to fix this?
Puppet requires certain namespace restrictions and conventions with module directory structure and class names when autoloading. In this case, your problem can be solved most simply and cleanly to follow normal conventions by renaming your module directory of boh-puppet to simply boh. That will fix your issue.
Consult the documentation here for more information: https://puppet.com/docs/puppet/4.10/lang_namespaces.html
Since you are using puppet apply with absolute paths, you will also need to supply the path to your modules by modifying the command to: sudo puppet apply --modulepath=/etc/puppet/modules /etc/puppet/manifests/site.pp.
You are not calling the module name properly. This should work:
node 'lab1-hp-elitebook-8570p' {
class { 'boh-puppet':
python_version => 3,
environment => 'dev',
language => 'en',
debug => 'True',
create_superuser => 'true',
pkg_checksum => '86b0164f7fd6c5e4aa43c8f056f08cea'
}
}
or the fqn this:
node 'lab1-hp-elitebook-8570p' {
class { '::boh-puppet':
python_version => 3,
environment => 'dev',
language => 'en',
debug => 'True',
create_superuser => 'true',
pkg_checksum => '86b0164f7fd6c5e4aa43c8f056f08cea'
}
}
I'm new to puppet. I know that cassandra is missing from yum so I figured a puppet recipe would download and install it, but it seems like locp/cassandra is just trying to install it from yum. The recipe is supposed to work, but I don't see anything on https://github.com/locp/cassandra as to why it's not working for me or any thing I need to set up before it should work.
I used librarian-puppet to install the modules in puppet/modules.
Error
==> default: Notice: /Stage[main]/Cassandra/File[/var/lib/cassandra/data]: Dependency Package[dsc22] has failures: true
Vagrantfile
# -*- mode: ruby -*-
# vi: set ft=ruby :
Vagrant.configure(2) do |config|
config.vm.box = "puphpet/centos65-x64"
config.vm.provision "puppet" do |p|
p.module_path = "puppet/modules"
p.manifests_path = "puppet/manifests"
p.manifest_file = "site.pp"
end
end
puppet/manifests/site.pp
class { 'cassandra':
cluster_name => 'foobar',
listen_address => "${::ipaddress}",
}
puppet/Puppetfile
forge 'https://forgeapi.puppetlabs.com'
mod "locp/cassandra"
You could also use the cassandra::datastax_repo class. To incorporate that into the answer provided by #Frédéric-Henri, one could do the following:
class { 'cassandra::datastax_repo': } ->
class { 'cassandra':
cluster_name => 'foobar',
listen_address => "${::ipaddress}"
}
Thats probably because the repo is not configured (see here)
Add the following to your site.pp and make sure to add a require on it in your cassandra class
class repo {
yumrepo { "datastax":
descr => "DataStax Repo for Apache Cassandra",
baseurl => "http://rpm.datastax.com/community",
gpgcheck => "0",
enabled => "1";
}
}
class { 'cassandra':
cluster_name => 'foobar',
listen_address => "${::ipaddress}",
require => Yumrepo["datastax"],
}
include repo
include cassandra
With the logstash 1.2.1 one can now have conditional to do various stuff. Even the earlier version's conf file can get complicated if one is managing many log files and implement metric extraction.
After looking at this comprehensive example, I really wondered my self, how can I detect any breakages in this configuration?
Any ideas.
For a syntax check, there is --configtest:
java -jar logstash.jar agent --configtest --config <yourconfigfile>
To test the logic of the configuration you can write rspec tests. This is an example rspec file to test a haproxy log filter:
require "test_utils"
describe "haproxy logs" do
extend LogStash::RSpec
config <<-CONFIG
filter {
grok {
type => "haproxy"
add_tag => [ "HTTP_REQUEST" ]
pattern => "%{HAPROXYHTTP}"
}
date {
type => 'haproxy'
match => [ 'accept_date', 'dd/MMM/yyyy:HH:mm:ss.SSS' ]
}
}
CONFIG
sample({'#message' => '<150>Oct 8 08:46:47 syslog.host.net haproxy[13262]: 10.0.1.2:44799 [08/Oct/2013:08:46:44.256] frontend-name backend-name/server.host.net 0/0/0/1/2 404 1147 - - ---- 0/0/0/0/0 0/0 {client.host.net||||Apache-HttpClient/4.1.2 (java 1. 5)} {text/html;charset=utf-8|||} "GET /app/status HTTP/1.1"',
'#source_host' => '127.0.0.1',
'#type' => 'haproxy',
'#source' => 'tcp://127.0.0.1:60207/',
}) do
insist { subject["#fields"]["backend_name"] } == [ "backend-name" ]
insist { subject["#fields"]["http_request"] } == [ "/app/status" ]
insist { subject["tags"].include?("HTTP_REQUEST") }
insist { subject["#timestamp"] } == "2013-10-08T06:46:44.256Z"
reject { subject["#timestamp"] } == "2013-10-08T06:46:47Z"
end
end
This will, based on a given filter configuration, run input samples and test if the expected output is produced.
To run the test, save the test as haproxy_spec.rb and run `logstash rspec:
java -jar logstash.jar rspec haproxy_spec.rb
There are lots of spec examples in the Logstash source repository.
since logstash has been upgraded and now the command will be something like (give the folder)
/opt/logstash/bin/logstash agent --configtest -f /etc/logstash/logstash-indexer/conf.d
If you see some warning, but the error message is mixed together, and you didn't know which one have issue. You have to check its file one by one