Learning Puppet — Resources and the RAL
Welcome to Learning Puppet! This series covers the basics of writing Puppet code
Begin
Log into the Learning Puppet VM as root, and run puppet resource service
. This command will return something like the following:
[root@centos ~]# puppet resource service | more
service { 'abrtd':
ensure => 'running',
enable => 'true',
}
service { 'acpid':
ensure => 'running',
enable => 'true',
}
service { 'atd':
ensure => 'running',
enable => 'true',
}
service { 'auditd':
ensure => 'running',
enable => 'true',
}
service { 'cgconfig':
ensure => 'stopped',
enable => 'false',
}
service { 'cgred':
ensure => 'stopped',
enable => 'false',
Okay! You’ve just met your first Puppet resources.
What Just Happened?
puppet
: Most of Puppet’s functionality comes from a singlepuppet
command, which has many subcommands.resource
: Theresource
subcommand can inspect and modify resources interactively.service
: The first argument to thepuppet resource
command must be a resource type, which you’ll learn more about below. A full list of types can be found at the Puppet type reference.
Taken together, this command inspected every service on the system, whether running or stopped.
Resources
Imagine a system’s configuration as a collection of many independent atomic units; call them “resources.”
These pieces vary in size, complexity, and lifespan. Any of the following (and more) can be modeled as a single resource:
- A user account
- A specific file
- A directory of files
- A software package
- A running service
- A scheduled cron job
- An invocation of a shell command, when certain conditions are met
Any single resource is very similar to a group of related resources:
- Every file has a path and an owner
- Every user has a name, a UID, and a group
The implementation might differ — for example, you’d need a different command to start or stop a service on Windows than you would on Linux, and even across Linux distributions there’s some variety. But conceptually, you’re still starting or stopping a service, regardless of what you type into the console.
Abstraction
If you think about resources in this way, there are two notable insights you can derive:
- Similar resources can be grouped into types. Services will tend to look like services, and users will tend to look like users.
- The description of a resource type can be separated from its implementation.You can talk about whether a service is started without needing to know how to start it.
To these, Puppet adds a third insight:
- With a good enough description of a resource type, it’s possible to declare a desired state for a resource — instead of saying “run this command that starts a service,” say “ensure this service is running.”
These three insights form Puppet’s resource abstraction layer (RAL). The RAL consists of types (high-level models) and providers (platform-specific implementations) — by splitting the two, it lets you describe desired resource states in a way that isn’t tied to a specific OS.
Anatomy of a Resource
In Puppet, every resource is an instance of a resource type and is identified by atitle; it has a number of attributes (which are defined by the type), and each attribute has a value.
Puppet uses its own language to describe and manage resources:
[root@centos ~]# puppet resource user
user { 'HELLO':
ensure => 'present',
gid => '503',
home => '/home/HELLO',
password => '!!',
password_max_age => '99999',
password_min_age => '0',
shell => '/bin/bash',
uid => '502',
}
This syntax is called a resource declaration. You saw it earlier when you ran puppet resource service
, and it’s the heart of the Puppet language. It describes a desired state for a resource, without mentioning any steps that must be taken to reach that state.
Puppet Describe
The puppet describe
subcommand can list info about the currently installed resource types on a given machine. This is different from the type reference because it also catches plugins installed by a user, in addition to the built-in types.
puppet describe -l
— List all of the resource types available on the system.puppet describe -s <TYPE>
— Print short information about a type, without describing every attributepuppet describe <TYPE>
— Print long information, similar to what appears in thetype reference.
[root@centos ~]# puppet describe -l
These are the types known to puppet:
augeas - Apply a change or an array of changes to the ...
computer - Computer object management using DirectorySer ...
cron - Installs and manages cron jobs
exec - Executes external commands
file - Manages files, including their content, owner ...
filebucket - A repository for storing and retrieving file ...
group - Manage groups
host - Installs and manages host entries
interface - This represents a router or switch interface
k5login - Manage the `.k5login` file for a user
[root@centos ~]# puppet describe -s user
user
====
Manage users. This type is mostly built to manage system
users, so it is lacking some features useful for managing normal
users.
This resource type uses the prescribed native tools for creating
groups and generally uses POSIX APIs for retrieving information
about them. It does not directly modify `/etc/passwd` or anything.
**Autorequires:** If Puppet is managing the user's primary group (as
provided in the `gid` attribute), the user resource will autorequire
that group. If Puppet is managing any role accounts corresponding to the
user's roles, the user resource will autorequire those role accounts.
Parameters
----------
allowdupe, attribute_membership, attributes, auth_membership, auths,
comment, ensure, expiry, forcelocal, gid, groups, home, ia_load_module,
iterations, key_membership, keys, managehome, membership, name,
password, password_max_age, password_min_age, profile_membership,
profiles, project, purge_ssh_keys, role_membership, roles, salt, shell,
system, uid
Providers
---------
aix, directoryservice, hpuxuseradd, ldap, pw, user_role_add, useradd,
windows_adsi
The Puppet Resource Command
Puppet includes a command called puppet resource
, which can interactively inspect and modify resources on a single system.
Usage of puppet resource is as follows:
[root@centos ~]# puppet resource user HELLO
user { 'HELLO':
ensure => 'present',
gid => '503',
home => '/home/HELLO',
password => '!!',
password_max_age => '99999',
password_min_age => '0',
shell => '/bin/bash',
uid => '502',
}
refer: https://docs.puppetlabs.com/learning/ral.html