Linuxin keskitetty hallinta – Homework 3 – The trifecta (Package/file/service)

Course homepage: http://terokarvinen.com/2012/aikataulu-linux-palvelimena-ict4tn003-7-ict4tn003-kevaalla-2013

Assignment

Create package/file/service modules for apache2 and sshd.

Environment

To keep things fresh, I’ll be using a Debian live CD for the first module and an installed Xubuntu system for the second one.

Debian

The system will be a Virtualbox machine and the CD image is “debian-live-6.0.7-i386-xfce-desktop.iso”. As per the live CD defaults, username is ‘user’ and computer name is ‘debian’.

Xubuntu

The system will be a Virtualbox machine running Xubuntu 12.10. The username is ‘master’ and computer name is ‘palvelin’.

Preparation

Let’s begin by setting a finnish keyboard layout, updating the sources list and installing puppet. /etc/apt/sources.list will include the live CD as a source; we’ll comment that out.

user@debian:~$ setxkbmap fi
user@debian:~$ sudo apt-get update
user@debian:~$ sudo apt-get -y install puppet

Apache module

Directories

The module will be called ‘apache’. Let’s begin by creating the necessary directories. The /templates directory will have content later on.

user@debian:~$ mkdir -p puppet/modules/apache/manifests
user@debian:~$ mkdir -p puppet/modules/apache/templates

Module

Next up is the manifest file which will contain the interesting stuff. It’ll be extended to monitor the service’s configuration file later on:

user@debian:~$ nano puppet/modules/apache/manifests/init.pp

Contents:

class apache {

    package { "apache2":
        ensure => "installed",
    }

    service { "apache2":
        ensure => "running",
        require => Package["apache2"],
    }
}

Time to apply the module:

user@debian:~$ sudo puppet apply --modulepath puppet/modules/ -e 'class {"apache":}'
notice: /Stage[main]/Apache/Package[apache2]/ensure: ensure changed 'purged' to 'present'
user@debian:~$ sudo service apache2 status
Apache2 is running (pid 3744).

The module was succesfully applied. Now that apache2 is installed, we can copy its configuration file to the module’s /templates directory and update the manifest with the file monitoring part:

user@debian:~$ cp /etc/apache2/apache2.conf puppet/modules/apache/templates/apache2.conf

We’ll update it with the added file resource:

class apache {

    package { "apache2":
        ensure => "installed",
    }

    file { "/etc/apache2/apache2.conf":
        content => template("apache/apache2.conf"),
        require => Package["apache2"],
        notify => Service["apache2"],
    }

    service { "apache2":
        ensure => "running",
        require => Package["apache2"],
    }
}

I’ll modify the current apache2.conf with a comment (“# Hello!”) and apply the module again:

user@debian:~$ sudo puppet apply --modulepath puppet/modules/ -e 'class {"apache":}'
notice: /Stage[main]/Apache/File[/etc/apache2/apache2.conf]/content: content changed '{md5}b7c18b87627ce633f4$
notice: /Stage[main]/Apache/Service[apache2]: Triggered 'refresh' from 1 events

We can see that puppet noticed the change, and replaced the modified apache2.conf with the one from /templates. Thus, we can conclude that the module works.

Summary

We created a puppet module which ensures that the apache2 web server is installed, running and that its configuration file apache2.conf matches the one in the module’s /templates directory.

SSHD module

For this one I’ll be using the Xubuntu VM from the previous homework assignment. I’ve restored an earlier snapshot, so we’ll be updating sources.list and installing puppet again. The commands are identical to the ones in the previous Debian module, so I’ll omit those.

Directories

master@palvelin:~$ mkdir -p puppet/modules/sshd/manifests
master@palvelin:~$ mkdir -p puppet/modules/sshd/templates

Contents of puppet/modules/sshd/manifests/init.pp (1)

class sshd {

    package { "openssh-server":
        ensure => "installed",
    }

    service { "ssh":
        ensure => "running",
        require => Package["openssh-server"],
    }
}

Let’s apply it:

master@palvelin:~$ sudo puppet apply --modulepath puppet/modules/ -e 'class {"sshd":}'
warning: Could not retrieve fact fqdn
notice: /Stage[main]/Sshd/Package[openssh-server]/ensure: ensure changed 'purged' to 'present'
notice: Finished catalog run in 13.35 seconds

It took a while to apply, but it seems to have worked. Let’s verify that it did:

master@palvelin:~$ sudo service ssh status
ssh start/running, process 4560

Settings file monitoring

Time to copy sshd’s configuration file to puppet/modules/sshd/templates:

master@palvelin:~$ cp /etc/ssh/sshd_config puppet/modules/sshd/templates/sshd_config

We can now modify init.pp with the file resource, after which it’ll look like this:

class sshd {

    package { "openssh-server":
        ensure => "installed",
    }

    file { "/etc/ssh/sshd_config":
        content => template("sshd/sshd_config"),
        require => Package["openssh-server"],
        notify => Service["ssh"],
    }

    service { "ssh":
        ensure => "running",
        require => Package["openssh-server"],
    }
}

I’ll edit /etc/ssh/sshd_config by adding a comment (“# Moi”) and apply the module again:

master@palvelin:~$ sudo puppet apply --modulepath puppet/modules/ -e 'class {"sshd":}'
warning: Could not retrieve fact fqdn
notice: /Stage[main]/Sshd/File[/etc/ssh/sshd_config]/content: content changed '{md5}2cb2ebf3b385fb81340cc64533c0acbb' to '{md5}8caefdd9e251b7cc1baa37874149a870'
notice: /Stage[main]/Sshd/Service[ssh]: Triggered 'refresh' from 1 events
notice: Finished catalog run in 0.38 seconds

Puppet detected the change and replaced the modified sshd_config with the one from /templates. The module works.

About ensure => “running” on (X)Ubuntu

If your (X)Ubuntu 12.10 isn’t up-to-date, puppet might not be able to deduce whether a service is running. If that’s the case, refer to the handy trick mentioned here:

https://terokarvinen.com/2013/ssh-server-puppet-module-for-ubuntu-12-04

This homework uses GNU GPL 2 or later

Advertisements

About a1100320

IT student, musician, gamer. Beep boop.
This entry was posted in Linuxin keskitetty hallinta ICT4TN011-3. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s