Tuesday, November 28, 2017

Puppet:- ntp-deploy-through-inheritance....

Create a modile best
[root@pserver manifests]# pwd
/etc/puppet/modules/best/manifests
[root@pserver manifests]#

[root@pserver modules]# mkdir best
[root@pserver modules]# cd best
[root@pserver best]# ls
[root@pserver best]# pwd
/etc/puppet/modules/best
[root@pserver best]# mkdir {files,manifests}
[root@pserver best]# ls
files  manifests
[root@pserver best]# cd manifests/
[root@pserver manifests]# pwd
/etc/puppet/modules/best/manifests
[root@pserver manifests]# vi ntp.pp

class best::ntp {
        package {'ntp':
        ensure => installed,
        }

        service {'ntpd':
        ensure => running,
        require => Package['ntp'],
        }

        file {'/etc/ntp.conf':
        source => 'puppet:///modules/best/ntp.conf',
        notify => Service['ntpd'],
        require => Package['ntp'],
        }
}

[root@pserver manifests]# pwd
/etc/puppet/modules/best/manifests
[root@pserver manifests]# cd ../files/
[root@pserver files]# ls
[root@pserver files]# vi ntp_uk.conf

class best::ntp_uk inherits best::ntp {

        File['/etc/ntp.conf'] {
                source => 'puppet:///modules/best/ntp_uk.conf',
        }
}

[root@pserver files]# pwd
/etc/puppet/modules/best/files


[root@pserver files]# cd ../../../manifests/
[root@pserver manifests]# ls
site.pp
[root@pserver manifests]# vi site.pp

#include ntp
node 'node1.example.com' {
include samba
include best::ntp_uk
#include ntp
#class {'vsftpd':
#       version => '3.0.2-9',
#}
}

node 'node2.example.com' {
include httpd
}

[root@pserver manifests]# cd -
/etc/puppet/modules/best/files
[root@pserver files]# pwd
/etc/puppet/modules/best/files
[root@pserver files]# ls
ntp_uk.conf
[root@pserver files]# more ntp_uk.conf
server 192.168.10.200
[root@pserver files]# cd ../manifests/
[root@pserver manifests]# ls
ntp.pp  ntp_uk.pp


[root@pserver manifests]# more ntp_uk.pp
class admin::ntp_uk inherits best::ntp {

        File['/etc/ntpd.conf'] {
                source => 'puppet:///modules/best/ntp_uk.conf',
        }
}



go to client and run


[root@node1 ~]# puppet agent -t
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for node1.example.com
Info: Applying configuration version '1511822953'
Notice: /Stage[main]/Best::Ntp/File[/etc/ntp.conf]/content:
--- /etc/ntp.conf       2014-02-11 12:18:28.000000000 -0500
+++ /tmp/puppet-file20171127-6018-86t8qm        2017-11-27 17:49:23.841400464 -0500
@@ -1,58 +1 @@
-# For more information about this file, see the man pages
-# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
-
-driftfile /var/lib/ntp/drift
-
-# Permit time synchronization with our time source, but do not
-# permit the source to query or modify the service on this system.
-restrict default nomodify notrap nopeer noquery
-
-# Permit all access over the loopback interface.  This could
-# be tightened as well, but to do so would effect some of
-# the administrative functions.
-restrict 127.0.0.1
-restrict ::1
-
-# Hosts on local network are less restricted.
-#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
-
-# Use public servers from the pool.ntp.org project.
-# Please consider joining the pool (http://www.pool.ntp.org/join.html).
-server 0.rhel.pool.ntp.org iburst
-server 1.rhel.pool.ntp.org iburst
-server 2.rhel.pool.ntp.org iburst
-server 3.rhel.pool.ntp.org iburst
-
-#broadcast 192.168.1.255 autokey       # broadcast server
-#broadcastclient                       # broadcast client
-#broadcast 224.0.1.1 autokey           # multicast server
-#multicastclient 224.0.1.1             # multicast client
-#manycastserver 239.255.254.254                # manycast server
-#manycastclient 239.255.254.254 autokey # manycast client
-
-# Enable public key cryptography.
-#crypto
-
-includefile /etc/ntp/crypto/pw
-
-# Key file containing the keys and key identifiers used when operating
-# with symmetric key cryptography.
-keys /etc/ntp/keys
-
-# Specify the key identifiers which are trusted.
-#trustedkey 4 8 42
-
-# Specify the key identifier to use with the ntpdc utility.
-#requestkey 8
-
-# Specify the key identifier to use with the ntpq utility.
-#controlkey 8
-
-# Enable writing of statistics records.
-#statistics clockstats cryptostats loopstats peerstats
-
-# Disable the monitoring facility to prevent amplification attacks using ntpdc
-# monlist command when default restrict does not include the noquery flag. See
-# CVE-2013-5211 for more details.
-# Note: Monitoring will not be disabled with the limited restriction flag.
-disable monitor
+server 192.168.10.200

Info: Computing checksum on file /etc/ntp.conf
Info: /Stage[main]/Best::Ntp/File[/etc/ntp.conf]: Filebucketed /etc/ntp.conf to puppet with sum 913                                                                                                                                          c85f0fde85f83c2d6c030ecf259e9
Notice: /Stage[main]/Best::Ntp/File[/etc/ntp.conf]/content: content changed '{md5}913c85f0fde85f83c                                                                                                                                          2d6c030ecf259e9' to '{md5}489b4442e80b2fbcec12b167d15a63b9'
Info: /Stage[main]/Best::Ntp/File[/etc/ntp.conf]: Scheduling refresh of Service[ntpd]
Notice: /Stage[main]/Best::Ntp/Service[ntpd]: Triggered 'refresh' from 1 events
Notice: Finished catalog run in 0.42 seconds
[root@node1 ~]# ntpq -q
/usr/sbin/ntpq: illegal option -- q
ntpq - standard NTP query program - Ver. 4.2.6p5
USAGE:  ntpq [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [ host ...]
(AutoOpts bug):  could not locate the 'help' option.
[root@node1 ~]# ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 pserver.example .INIT.          16 u    -   64    0    0.000    0.000   0.000
[root@node1 ~]#


Posted by at No comments:

Sunday, November 26, 2017

Puppet:- httpd deploy

Puppet:- httpd deploy

Web server (httpd) deployment through puppet

On server, create a module http
[root@pserver manifests]# pwd
/etc/puppet/manifests
[root@pserver manifests]# cd ../modules/
[root@pserver modules]# ls
httpd  samba
[root@pserver modules]# cd httpd/
[root@pserver httpd]# ls
files  manifests
[root@pserver httpd]# cd files/
[root@pserver files]# ls
httpd.conf  index.html
[root@pserver files]# pwd
/etc/puppet/modules/httpd/files
[root@pserver files]# cd ../manifests/
[root@pserver manifests]# ls
init.pp
[root@pserver manifests]# cat init.pp
class httpd {
package {'httpd':
        ensure => present,
        before => Service['httpd'],
}
        file {'conffile':
        ensure => file,
        path => '/etc/httpd/conf.d/httpd.conf',
        #source => '/etc/puppet/modules/httpd/files/httpd.conf',
        source => "puppet:///modules/httpd/httpd.conf",
        require => Package['httpd'],
        notify => Service['httpd'],
}
        file{'htmlfile':
        ensure => file,
        path => '/var/www/html/index.html',
        source => 'puppet:///modules/httpd/index.html',
        require => Package['httpd'],
}
service {'httpd':
        ensure => running,
        enable => true,
}
 }
[root@pserver manifests]# pwd
/etc/puppet/modules/httpd/manifests
[root@pserver manifests]# more /etc/puppet/puppet.conf
[main]
certname=pserver.example.com
    # The Puppet log directory.
    # The default value is '$vardir/log'.
    logdir = /var/log/puppet

    # Where Puppet PID files are kept.
    # The default value is '$vardir/run'.
    rundir = /var/run/puppet

    # Where SSL certificates are kept.
    # The default value is '$confdir/ssl'.
    ssldir = $vardir/ssl

[agent]
    # The file in which puppetd stores a list of the classes
    # associated with the retrieved configuratiion.  Can be loaded in
    # the separate ``puppet`` executable using the ``--loadclasses``
    # option.
    # The default value is '$confdir/classes.txt'.
    classfile = $vardir/classes.txt

    # Where puppetd caches the local configuration.  An
    # extension indicating the cache format is added automatically.
    # The default value is '$confdir/localconfig'.
    localconfig = $vardir/localconfig
[root@pserver manifests]#
[root@pserver manifests]# cd /etc/puppet/manifests
[root@pserver manifests]# cat site.pp
include httpd


[root@pserver httpd]# ls
files  manifests
[root@pserver httpd]# cd files
[root@pserver files]# ls
httpd.conf  index.html
[root@pserver files]# cat index.html
<h1> This is my puppet test file. </h1>
[root@pserver files]# cat httpd.conf
<virtualhost *:80>
servername pserver.example.com
DocumentRoot /var/www/html
</virtualhost>
[root@pserver files]#


Now, go to agent and run the puppet agent -t command

[root@node1 ~]# rpm -qa | grep -i htpd
[root@node1 ~]# puppet agent -t
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for node1.example.com
Info: Applying configuration version '1511743302'
Notice: /Stage[main]/Httpd/Package[httpd]/ensure: created
Notice: /Stage[main]/Httpd/File[htmlfile]/content:
--- /var/www/html/index.html    2017-11-25 18:29:08.961053523 -0500
+++ /tmp/puppet-file20171126-14861-1bq6tj0      2017-11-26 19:41:44.797668250 -0500
@@ -1 +1 @@
-<h1>This is my puppet test.</h1>
+<h1> This is my puppet test file. </h1>

Info: Computing checksum on file /var/www/html/index.html
Info: /Stage[main]/Httpd/File[htmlfile]: Filebucketed /var/www/html/index.html to puppet with sum 4e50ac7cea7d16f3e5dfd938e9f5bd23
Notice: /Stage[main]/Httpd/File[htmlfile]/content: content changed '{md5}4e50ac7cea7d16f3e5dfd938e9f5bd23' to '{md5}f2afaa35c9d79f70c0c8569e3ad50bcc'
Notice: /Stage[main]/Httpd/File[conffile]/content:
--- /etc/httpd/conf.d/httpd.conf        2017-11-25 18:29:08.996053335 -0500
+++ /tmp/puppet-file20171126-14861-1vw56pm      2017-11-26 19:41:45.017667181 -0500
@@ -1,4 +1,4 @@
-<VirtualHost *:80>
-Servername pserver.example.com
+<virtualhost *:80>
+servername pserver.example.com
 DocumentRoot /var/www/html
-</VirtualHost>
+</virtualhost>

Info: Computing checksum on file /etc/httpd/conf.d/httpd.conf
Info: /Stage[main]/Httpd/File[conffile]: Filebucketed /etc/httpd/conf.d/httpd.conf to puppet with sum 1c286cf8c917e3966fdb2f7aa1936be1
Notice: /Stage[main]/Httpd/File[conffile]/content: content changed '{md5}1c286cf8c917e3966fdb2f7aa1936be1' to '{md5}8696bcdea55fdfd6036af2730cc538aa'
Info: /Stage[main]/Httpd/File[conffile]: Scheduling refresh of Service[httpd]
Notice: /Stage[main]/Httpd/Service[httpd]/ensure: ensure changed 'stopped' to 'running'
Info: /Stage[main]/Httpd/Service[httpd]: Unscheduling refresh on Service[httpd]
Notice: Finished catalog run in 2.97 seconds
[root@node1 ~]# systemctl status httpd
httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled)
   Active: active (running) since Sun 2017-11-26 19:41:45 EST; 11s ago
 Main PID: 15046 (httpd)
   Status: "Total requests: 0; Current requests/sec: 0; Current traffic:   0 B/sec"
   CGroup: /system.slice/httpd.service
           ├─15046 /usr/sbin/httpd -DFOREGROUND
           ├─15047 /usr/sbin/httpd -DFOREGROUND
           ├─15048 /usr/sbin/httpd -DFOREGROUND
           ├─15049 /usr/sbin/httpd -DFOREGROUND
           ├─15050 /usr/sbin/httpd -DFOREGROUND
           └─15051 /usr/sbin/httpd -DFOREGROUND

Nov 26 19:41:45 node1.example.com systemd[1]: Started The Apache HTTP Server.
[root@node1 ~]#


if you want to specify specific host, edit the site.pp file under manifest.

[root@pserver manifests]# cat site.pp
node 'node1.example.com' {
include samba
}

node 'node2.example.com' {
include httpd
}
[root@pserver manifests]#
Posted by at No comments:

Puppet:- Samba deployment

Puppet:- Samba deployment

[root@pserver manifests]# cat init.pp
class samba {
        package {'samba':
                ensure => 'present',
        }
        package {'samba-client':
                ensure => 'present',
        }
#       file {'smb.conf':
#               path    => '/etc/samba/smb.conf',
#               source  => 'puppet:///modiles/samba/smb.conf',
#               require => Package['samba'],
#               subscribe => Service['smb'],
#       }

        user {'jay':
                ensure => 'present',
                managehome => 'true',
                require => Package['samba'],
        }

#       exec {'set smb passwd for jay':
#               shell => "/bin/echo -e "redhat\nredhat" | /usr/bin/smbpasswd -s -a jay"
##              require => Package['samba-client'],
#       }
        service {'smb':
                ensure => 'running',
#               enable => 'true',
        }
}
[root@pserver manifests]# pwd
/etc/puppet/modules/samba/manifests
[root@pserver manifests]# cd ../../../manifests/
[root@pserver manifests]# cat site.pp
include httpd
include samba
[root@pserver manifests]#


go to agent and run

[root@node2 puppet]# puppet agent -t
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for node2.example.com
Info: Applying configuration version '1511746320'
Notice: /Stage[main]/Samba/User[jay]/ensure: created
Notice: Finished catalog run in 0.36 seconds
[root@node2 puppet]# id jay
uid=2002(jay) gid=2002(jay) groups=2002(jay)
[root@node2 puppet]# ls -ld /home/jay
drwx------. 3 jay jay 4096 Nov 26 20:32 /home/jay
[root@node2 puppet]#


[root@node2 puppet]# systemctl status smb
smb.service - Samba SMB Daemon
   Loaded: loaded (/usr/lib/systemd/system/smb.service; disabled)
   Active: active (running) since Sun 2017-11-26 20:30:07 EST; 14s ago
 Main PID: 18255 (smbd)
   Status: "smbd: ready to serve connections..."
   CGroup: /system.slice/smb.service
           ├─18255 /usr/sbin/smbd
           └─18257 /usr/sbin/smbd

Nov 26 20:30:07 node2.example.com smbd[18255]: [2017/11/26 20:30:07.892874,  0] ../lib/u...y)
Nov 26 20:30:07 node2.example.com systemd[1]: Started Samba SMB Daemon.
Hint: Some lines were ellipsized, use -l to show in full.


if you want to specify specific host, edit the site.pp file under manifest.

[root@pserver manifests]# cat site.pp
node 'node1.example.com' {
include samba
}

node 'node2.example.com' {
include httpd
}
[root@pserver manifests]#

Posted by at No comments:
Subscribe to: Posts (Atom)