How to Write a Puppet Site Manifest

Prior to creating a Puppet site manifest, perform the following tasks:

• Determine which resource types to declare in the manifest. Use the puppet describe resource-type command to obtain this information. This command shows all of the available attributes, or parameters, for the specified resource type.

  # puppet describe resource-type

  See Puppet Resources and Resource Types.

• Familiarize yourself with the syntax to declare resources within a Puppet manifest. See Declaring Puppet Resources and Language: Resources.

• Familiarize yourself with the syntax to define a specific Oracle Solaris system configuration within a Puppet manifest. For examples, see Using Puppet to Manage System Configuration in Oracle Solaris.

The following procedure describes how to write a Puppet site manifest to enforce a configuration globally within your infrastructure.

1. Become an administrator who is assigned the Puppet Management rights profile.

   See Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.4.

2. Create a site.pp file on the Puppet Server (server).

   # touch /etc/puppetlabs/code/environments/production/manifests/site.pp

3. Define the specified configuration within the Puppet site manifest (site.pp) and save your changes.

   See Working With Puppet Resources and Resource Types in Oracle Solaris for more details.

4. Test the configuration changes that you made to the site.pp file before applying them permanently.

   # puppet apply -v --noop /etc/puppetlabs/code/environments/production/manifests/site.pp

   apply

   Applies the configuration to the Puppet manifest on the server.

   -v

   Indicates to use verbose mode.

   --noop

   Enables you to perform a dry run test without applying your changes.

   The Puppet Agent (agent) that runs on each node queries the server for configuration changes at regular intervals and then applies any required changes to the agent-managed node.

5. Verify that the node retrieved the latest configuration changes by checking the /var/log/puppetlabs/puppet/puppet-agent.log log file.
6. Apply the latest configuration changes manually.

   # puppet agent -t

   The -t (--test) option enables verbose logging, which causes the agent daemon to remain in the foreground, exits if the server's configuration is invalid (as in the case of a syntax error), then exits after running the configuration one time.

   Use the puppet help agent command to show all of the available Puppet subcommands. Also see the puppet(8) man page.

Example 4-1 Writing a Puppet Manifest

The following example shows how to declare resources in a Puppet site manifest. This example begins with the site.pp file in the correct directory on the server.

First, declare resources in the site.pp file. In this example, the file resource type is declared by specifying the ensure and content attributes. These attributes ensure that a custom-file.txt file exists in the root directory of the node and that the file includes the words, Hello World.

file { '/custom-file.txt':
  ensure => 'present',
  content => "Hello World",
}

After saving the site.pp file, test the configuration's validity on the server as follows:

# puppet apply -v --noop /etc/puppetlabs/code/environments/production/manifests/site.pp
2022-02-10 01:44:21 -0800 Puppet (info): Computing checksum on file /custom-
file.txt
2022-02-10 01:44:21 -0800 /Stage[main]/Main/File[/custom-file.txt] (info):
Filebucketed/
custom-file.txt to puppet with sum 103e5b132c69289dc18042a99b73fad9
2022-02-10 01:44:21 -0800 /Stage[main]/Main/File[/custom-file.txt]/content
(notice): content changed '{md5}103e5b132c69289dc18042a99b73fad9' to
'{md5}e4b97f0c18e5bb0bb24d6dbe0db326f4'
2022-02-10 01:44:22 -0800 /Stage[main]/Main/User[testuser409]/ensure (notice): created
2022-02-10 01:44:26 -0800 /Stage[main]/Main/Service[nfs/client]/ensure (notice): ensure
changed 'stopped' to 'running' (corrective)
2022-02-10 01:44:26 -0800 /Stage[main]/Main/Service[nfs/client] (info): Unscheduling
refresh on Service[nfs/client]
2022-02-10 01:44:26 -0800 Puppet (notice): Applied catalog in 5.30 seconds

The -v option specifies verbose mode and the --noop option ensures that no changes are made to the node. Using the --noop option for testing purposes enables you to perform a dry run without applying the changes to the manifest.

The agent that runs on each node queries the server for configuration changes at regular intervals and then applies any updates, as needed. Check the node's /var/log/puppetlabs/puppet/puppet-agent.log log file to verify that the node applied the latest changes:

# ls -la /custom-file.txt
-rw-------   1 root     root          16 Mar 22 21:50 /custom-file.txt
# cat /custom-file.txt
Hello World
# tail /var/log/puppetlabs/puppet/puppet-agent.log
....
2016-03-22 21:50:17 +0000 /Stage[main]/Main/File[/custom-file.txt]/ensure (notice): created
2016-03-22 21:50:17 +0000 Puppet (notice): Finished catalog run in 0.21 seconds

The previous output indicates that the configuration is being enforced on the node. By default, agents poll the server for configuration changes at 30-minute intervals. Also, you can verify the configuration by checking whether the custom-file.txt file exists on the node.

Optionally, manually apply the configuration changes by running the following command on the node:

# puppet agent -t

For specific examples that show how to use Puppet to define an Oracle Solaris system configuration, see Using Puppet to Manage System Configuration in Oracle Solaris.