Course homepage: http://terokarvinen.com/2012/aikataulu-linux-palvelimena-ict4tn003-7-ict4tn003-kevaalla-2013
Assignment
Create package/file/service modules for apache2 and sshd.
Environment
To keep things fresh, I’ll be using a Debian live CD for the first module and an installed Xubuntu system for the second one.
Debian
The system will be a Virtualbox machine and the CD image is “debian-live-6.0.7-i386-xfce-desktop.iso”. As per the live CD defaults, username is ‘user’ and computer name is ‘debian’.
Xubuntu
The system will be a Virtualbox machine running Xubuntu 12.10. The username is ‘master’ and computer name is ‘palvelin’.
Preparation
Let’s begin by setting a finnish keyboard layout, updating the sources list and installing puppet. /etc/apt/sources.list will include the live CD as a source; we’ll comment that out.
user@debian:~$ setxkbmap fi user@debian:~$ sudo apt-get update user@debian:~$ sudo apt-get -y install puppet
Apache module
Directories
The module will be called ‘apache’. Let’s begin by creating the necessary directories. The /templates directory will have content later on.
user@debian:~$ mkdir -p puppet/modules/apache/manifests user@debian:~$ mkdir -p puppet/modules/apache/templates
Module
Next up is the manifest file which will contain the interesting stuff. It’ll be extended to monitor the service’s configuration file later on:
user@debian:~$ nano puppet/modules/apache/manifests/init.pp
Contents:
class apache {
package { "apache2":
ensure => "installed",
}
service { "apache2":
ensure => "running",
require => Package["apache2"],
}
}
Time to apply the module:
user@debian:~$ sudo puppet apply --modulepath puppet/modules/ -e 'class {"apache":}'
notice: /Stage[main]/Apache/Package[apache2]/ensure: ensure changed 'purged' to 'present'
user@debian:~$ sudo service apache2 status
Apache2 is running (pid 3744).
The module was succesfully applied. Now that apache2 is installed, we can copy its configuration file to the module’s /templates directory and update the manifest with the file monitoring part:
user@debian:~$ cp /etc/apache2/apache2.conf puppet/modules/apache/templates/apache2.conf
We’ll update it with the added file resource:
class apache {
package { "apache2":
ensure => "installed",
}
file { "/etc/apache2/apache2.conf":
content => template("apache/apache2.conf"),
require => Package["apache2"],
notify => Service["apache2"],
}
service { "apache2":
ensure => "running",
require => Package["apache2"],
}
}
I’ll modify the current apache2.conf with a comment (“# Hello!”) and apply the module again:
user@debian:~$ sudo puppet apply --modulepath puppet/modules/ -e 'class {"apache":}'
notice: /Stage[main]/Apache/File[/etc/apache2/apache2.conf]/content: content changed '{md5}b7c18b87627ce633f4$
notice: /Stage[main]/Apache/Service[apache2]: Triggered 'refresh' from 1 events
We can see that puppet noticed the change, and replaced the modified apache2.conf with the one from /templates. Thus, we can conclude that the module works.
Summary
We created a puppet module which ensures that the apache2 web server is installed, running and that its configuration file apache2.conf matches the one in the module’s /templates directory.
SSHD module
For this one I’ll be using the Xubuntu VM from the previous homework assignment. I’ve restored an earlier snapshot, so we’ll be updating sources.list and installing puppet again. The commands are identical to the ones in the previous Debian module, so I’ll omit those.
Directories
master@palvelin:~$ mkdir -p puppet/modules/sshd/manifests master@palvelin:~$ mkdir -p puppet/modules/sshd/templates
Contents of puppet/modules/sshd/manifests/init.pp (1)
class sshd {
package { "openssh-server":
ensure => "installed",
}
service { "ssh":
ensure => "running",
require => Package["openssh-server"],
}
}
Let’s apply it:
master@palvelin:~$ sudo puppet apply --modulepath puppet/modules/ -e 'class {"sshd":}'
warning: Could not retrieve fact fqdn
notice: /Stage[main]/Sshd/Package[openssh-server]/ensure: ensure changed 'purged' to 'present'
notice: Finished catalog run in 13.35 seconds
It took a while to apply, but it seems to have worked. Let’s verify that it did:
master@palvelin:~$ sudo service ssh status ssh start/running, process 4560
Settings file monitoring
Time to copy sshd’s configuration file to puppet/modules/sshd/templates:
master@palvelin:~$ cp /etc/ssh/sshd_config puppet/modules/sshd/templates/sshd_config
We can now modify init.pp with the file resource, after which it’ll look like this:
class sshd {
package { "openssh-server":
ensure => "installed",
}
file { "/etc/ssh/sshd_config":
content => template("sshd/sshd_config"),
require => Package["openssh-server"],
notify => Service["ssh"],
}
service { "ssh":
ensure => "running",
require => Package["openssh-server"],
}
}
I’ll edit /etc/ssh/sshd_config by adding a comment (“# Moi”) and apply the module again:
master@palvelin:~$ sudo puppet apply --modulepath puppet/modules/ -e 'class {"sshd":}'
warning: Could not retrieve fact fqdn
notice: /Stage[main]/Sshd/File[/etc/ssh/sshd_config]/content: content changed '{md5}2cb2ebf3b385fb81340cc64533c0acbb' to '{md5}8caefdd9e251b7cc1baa37874149a870'
notice: /Stage[main]/Sshd/Service[ssh]: Triggered 'refresh' from 1 events
notice: Finished catalog run in 0.38 seconds
Puppet detected the change and replaced the modified sshd_config with the one from /templates. The module works.
About ensure => “running” on (X)Ubuntu
If your (X)Ubuntu 12.10 isn’t up-to-date, puppet might not be able to deduce whether a service is running. If that’s the case, refer to the handy trick mentioned here:
https://terokarvinen.com/2013/ssh-server-puppet-module-for-ubuntu-12-04
This homework uses GNU GPL 2 or later
