Puppet on ZachFi

Puppet Providers and Unit Testing

Fri, 24 Feb 2017 00:00:00 +0000

Sometimes Puppet providers execute their logic based on the contents of a @property_hash, which is just a representation of a resource’s actual state. Its easy enough to test a provider for the basics, but populating the @property_hash for a unit test has always been something of a chore, and often gets skipped, leaving large portions of provider code untested. I wish I’d understood this years ago, but now that I’ve got my head round it, its pretty simple.

User Management Patterns

Sat, 26 Mar 2016 00:00:00 +0000

User management can be a bit of a sore subject for some admins, but I’ve found it can really pay off when done correctly, though its not always clear what that means. I’ve been on both sides of that line in the past, sometimes when the line moves, and sometimes not.

I’m a believer that managing the users and groups in your organization proficiently and with low overhead is important. It should be done well, if for no other reason, than to be able to state authoritatively who should have access to what and why, ideally requiring as little administrative time as possible once the system is in place.

Using LDAP for Puppet classification

Mon, 23 Nov 2015 00:00:00 +0000

Over the last year, I’ve been slowly moving some of my private Puppet code to use LDAP as a data source. Through this process, a bit of strategy, some tool and some schema has emerged I’ll share here.

It’s worth noting that Puppet has had an LDAP Node Classifier for quite some time, probably longer than I’ve been using Puppet. Though looking over the documentation, you wouldn’t know it, but the most useful bit of this whole work is that fact that Puppet supports the configuration variables necessary to make a connection to an LDAP server, and those variables are available for reference.

Moving My Puppet Master to OpenBSD

Wed, 11 Feb 2015 00:00:00 +0000

I recently had some network trouble that isolated a system I use to host FreeBSD jails to be without network. The bummer of it is, that I used this particular system for hosting most of my primary working system. Things like CI and Puppet and such all lived in neat little jails, and while all the little jails and all the little services are still on disk I have no access. I suspect the hand-me-down Cisco switch is the culprit, but after years of service, meh.

Backups with Exported Resources

Fri, 19 Sep 2014 00:00:00 +0000

Failure happens. Its a part of working in technology, and as a techno worker bee, my job is to ensure that those failures have as little impact on my team and my company as can be summoned. Part of this (as the business peeps say) “risk mitigation strategy”, is backups. Its a part of working in technology that I want to give as little attention as possible, so its important its low touch and that its done correctly and is available when I need it.

Using Puppet with Fabric

Fri, 15 Aug 2014 00:00:00 +0000

Fabric describes itself as a “library and command-line tool for streamlining the use of SSH for application deployment or systems administration tasks”. To get this work done, Fabric uses what are called “fabfiles’, which is just some python stored in a file called fabfile.py. In terms of execution, it works a lot like Rake from the Ruby world. You have a base command, in this case fab and each task is read from the fabfile.py and executed on request. Nothing too earth shattering.

PkgNG on FreeBSD with Puppet

Sat, 30 Jun 2012 00:00:00 +0000

I’ve recently discovered FreeBSD’s new package manager and it looks poised to become the default package manager soon in FreeBSD 10.

After watching the video from BSDCAN I realized that there was some pretty serious effort going into the project, but still a bit rough around the edges. Some wiki reading later, I was ready to dive in.

More sources of information seem to be springing up about this new package manager, and though it does not solve all of the issues surrounding package management in FreeBSD such as custom options on your ports, it sure is a vast improvement from previous tools that are available for FreeBSD for my use cases.

Generate Permutations of Puppet Resources

Tue, 01 May 2012 00:00:00 +0000

Here is a Puppet module that is a bit of a meta-module. Its only purpose is to create other resources by computing the permutations of parameters and generating new resources. The reason this is useful, is that it allows you to create lots of similar resources that might have some common and some unique parameters.

Consider the following PXE example:

permute { "Debian Installers":
  resource => 'pxe::installer',
  unique   => {
    arch => ["amd64","i386"],
    ver  => ["squeeze","wheezy"],
    os   => "debian"
  },
  common   => {
    file   => "os_<%= os %>",
    kernel => "images/<%= os %>/<%= ver %>/<%= arch %>/linux",
    append => "initrd=images/<%= os %>/<%= ver %>/<%= arch %>/initrd.gz text",
  },
}

For every key in the unique parameter hash, a resource will be created for every combination of things. The keys in the common parameter hash will get passed through ERB before the resource is created. This allows you to do interesting things like the above that allow you to determine the values of the parameters before the resource is generated.