Services for Puppet and Kerberos use stencils to provide configuration files.
Puppet is a toolkit for managing the configuration of many systems. On Oracle Solaris, the Puppet application is managed by SMF.
When you install the system/management/puppet package, you get two SMF service instances: puppet:master and puppet:agent. These instances are disabled by default.
After you enable these instances, the following command shows that both puppet:master and puppet:agent are contract services:
$ svcs -p puppet
STATE STIME FMRI
online 17:19:32 svc:/application/puppet:agent
17:19:32 2565 puppet
online 17:19:32 svc:/application/puppet:master
17:19:32 2567 puppet
The following command shows a little more information about the processes started by the contract services:
$ ps -o pid,args -p 2565,2567 PID COMMAND 2565 /usr/ruby/1.9/bin/ruby /usr/sbin/puppet agent --logdest /var/log/puppet/puppet- 2567 /usr/ruby/1.9/bin/ruby /usr/sbin/puppet master --logdest /var/log/puppet/puppet
As suggested by the ps output, puppet is writing to log files in /var/log/puppet:
$ ls /var/log/puppet puppet-agent.log puppet-master.log
Puppet expects to use a configuration file named /etc/puppet/puppet.conf. The /usr/sbin/puppet application reads configuration information from /etc/puppet/puppet.conf and not from properties set in the application/puppet service instances. To provide the required configuration file, each puppet instance provides a stencil file and configfile property group. The configfile property group tells the svcio utility to run and create the specified configuration file. The stencil file is used to write data from service property values to the configuration file in the correct format.
The following command shows all puppet service properties that are in a property group of type configfile. This output shows that both instances of the puppet service have the same configfile properties with the same values. Each puppet service instance provides the path to the configuration file, the mode of the configuration file, and the path to the stencil file.
$ svcprop -g configfile puppet svc:/application/puppet:master/:properties/puppet_stencil/mode astring 0444 svc:/application/puppet:master/:properties/puppet_stencil/path astring /etc/puppet/puppet.conf svc:/application/puppet:master/:properties/puppet_stencil/stencil astring puppet.stencil svc:/application/puppet:agent/:properties/puppet_stencil/mode astring 0444 svc:/application/puppet:agent/:properties/puppet_stencil/path astring /etc/puppet/puppet.conf svc:/application/puppet:agent/:properties/puppet_stencil/stencil astring puppet.stencil
The following commands confirm that these instance properties are inherited from the parent service.
$ svccfg -s puppet listprop -l all puppet_stencil puppet_stencil configfile manifest puppet_stencil/mode astring manifest 0444 puppet_stencil/path astring manifest /etc/puppet/puppet.conf puppet_stencil/stencil astring manifest puppet.stencil $ svccfg -s puppet:agent listprop -l all puppet_stencil $ svccfg -s puppet:master listprop -l all puppet_stencil
For your infrastructure, you might need puppet:agent1 and puppet:agent2 instances, for example. In that case, you would customize property values and add properties for each instance as shown in Modifying the Puppet Configuration File.
The following is the initial content of the configuration file, /etc/puppet/puppet.conf:
# WARNING: THIS FILE GENERATED FROM SMF DATA. # DO NOT EDIT THIS FILE. EDITS WILL BE LOST. # # See puppet.conf(5) and http://docs.puppetlabs.com/guides/configuring.html # for details.
The content of the stencil file tells you what properties and other information are written to the configuration file. The puppet.stencil path that is the value of the puppet_stencil/stencil property is relative to /lib/svc/stencils. The following is the content of the stencil file, /lib/svc/stencils/puppet.stencil:
# WARNING: THIS FILE GENERATED FROM SMF DATA.
# DO NOT EDIT THIS FILE. EDITS WILL BE LOST.
#
# See puppet.conf(5) and http://docs.puppetlabs.com/guides/configuring.html
# for details.
; walk each instance and extract all properties from the config PG
$%/(svc:/$%s:(.*)/:properties)/ {
$%{$%1/general/enabled:?
[$%2]
$%/$%1/config/(.*)/ {
$%3 = $%{$%1/config/$%3} }
}
}
In the stencil file, svc:/$%s:(.*)/:properties (or %1) expands to svc:/application/puppet:agent/:properties and svc:/application/puppet:master/:properties, where .* (or %2) matches every instance. The instance name is then used to label the block in the configuration file. The next occurrence of .* (or %3) matches every property in the config property group for the %1 service instance. The stencil tells svcio to write the property name and the value of that property from the service instance to the configuration file.
As you can see in Initial Puppet Configuration File, initially only the literal comment lines are written to the configuration file. Writing property values to the configuration file is prevented by the test of the value of the general/enabled property in the stencil file. The following command shows that by default, the value of the general/enabled property is false:
$ svcprop -p general/enabled puppet svc:/application/puppet:master/:properties/general/enabled boolean false svc:/application/puppet:agent/:properties/general/enabled boolean false
Using the svcadm enable command to enable an instance does not change the value of the general/enabled property. When you change the value of the general/enabled property to true and restart the instance, all the properties in the config property group for that instance are written to the configuration file.
$ svccfg -s puppet:agent setprop general/enabled=true $ svcprop -p general/enabled puppet:agent false $ svcadm refresh puppet:agent $ svcprop -p general/enabled puppet:agent true $ svcadm restart puppet:agent
The following command shows that initially the only property in the config property group is the path to the log file for each instance:
$ svcprop -p config puppet svc:/application/puppet:master/:properties/config/logdest astring /var/log/puppet/puppet-master.log svc:/application/puppet:agent/:properties/config/logdest astring /var/log/puppet/puppet-agent.log
The config property for the enabled instance has been added to the configuration file in a block labeled with the instance name:
# WARNING: THIS FILE GENERATED FROM SMF DATA. # DO NOT EDIT THIS FILE. EDITS WILL BE LOST. # # See puppet.conf(5) and http://docs.puppetlabs.com/guides/configuring.html # for details. [agent] logdest = /var/log/puppet/puppet-agent.log
The Puppet configuration documentation says that the configuration file can have [main], [agent], and [master] blocks. Configuration in the [main] block applies to both the agent and the master. For the Puppet agent, configuration in the [agent] block overrides the same configuration in the [main] block. For the Puppet master, configuration in the [master] block overrides the same configuration in the [main] block. If you want to provide a [main] block for configuration that is common to both the agent and master, create a puppet:main instance and appropriate config properties for that instance.
The following commands show how to add configuration to your Puppet configuration file.
$ svccfg -s puppet:agent svc:/application/puppet:agent> setprop config/report=true svc:/application/puppet:agent> setprop config/pluginsync=true svc:/application/puppet:agent> refresh svc:/application/puppet:agent> exit $ svcadm restart puppet:agent $ cat /etc/puppet/puppet.conf # WARNING: THIS FILE GENERATED FROM SMF DATA. # DO NOT EDIT THIS FILE. EDITS WILL BE LOST. # # See puppet.conf(5) and http://docs.puppetlabs.com/guides/configuring.html # for details. [agent] logdest = /var/log/puppet/puppet-agent.log pluginsync = true report = true
Similar commands can be used to remove properties and change property values. See Chapter 4, Configuring Services. To add a main instance, use the svccfg add command as shown in Adding Service Instances.
Another example of an Oracle Solaris service that uses a stencil is Kerberos. The following command shows that the configfile property group is krb5_conf, the stencil file is /lib/svc/stencils/krb5.conf.stencil, and the configuration file is /etc/krb5/krb5.conf.
$ svcprop -g configfile svc:/system/kerberos/install:default krb5_conf/disabled boolean true krb5_conf/group astring sys krb5_conf/mode integer 644 krb5_conf/owner astring root krb5_conf/path astring /etc/krb5/krb5.conf krb5_conf/stencil astring krb5.conf.stencil