Puppet

Puppet is a cross platform framework enabling system administrators to perform common tasks using code. The code can do a variety of tasks from installing new software, to checking file permissions, or updating user accounts. Puppet is great not only during the initial installation of a system, but also throughout the system's entire life cycle. In most circumstances puppet will be used in a client/server configuration.

This section will cover installing and configuring Puppet in a client/server configuration. This simple example will demonstrate how to install Apache using Puppet. 

 Puppet configuration in ubuntu

Prior to configuring puppet you may want to add a DNS CNAME record for puppet.example.com, where example.com is your domain. By default Puppet clients check DNS for puppet.example.com as the puppet server name, or Puppet Master. See Domain Name Service (DNS) for more DNS details.  

If you do not wish to use DNS, you can add entries to the server and client /etc/hosts file. For example, in the Puppet server's /etc/hosts file add: 

127.0.0.1 localhost.localdomain localhost puppet
192.168.1.17 puppetclient.example.com puppetclient

On each Puppet client, add an entry for the server: 

  192.168.1.16 puppetmaster.example.com puppetmaster puppet
  

Installation

To install Puppet, in a terminal on the server enter: 

sudo apt install puppetmaster 

On the client machine, or machines, enter: 

sudo apt install puppet 

Configuration

Create a folder path for the apache2 class: 

  sudo mkdir -p /etc/puppet/modules/apache2/manifests 

Now setup some resources for apache2.

 Create a file /etc/puppet/modules/apache2/manifests/init.pp 

 containing the following: 

class apache2 {
  package { 'apache2':
    ensure => installed,
  }

  service { 'apache2':
    ensure  => true,
    enable  => true,
    require => Package['apache2'],
  }
}

Next, create a node file /etc/puppet/manifests/site.pp with: 

node 'puppetclient.example.com' {
   include apache2
}

Replace puppetclient.example.com with your actual Puppet client's host name. 

The final step for this simple Puppet server is to restart the daemon: 

service puppetmaster start

Now everything is configured on the Puppet server, it is time to configure the client. 

First, configure the Puppet agent daemon to start. 

Edit /etc/default/puppet, 

changing START to yes: 

START=yes 

Then start the service:

sudo service puppet start

View the client cert fingerprint 

sudo puppet agent --fingerprint 

Back on the Puppet server, view pending certificate signing requests: 

sudo puppet cert list 

On the Puppet server, verify the fingerprint of the client and sign puppetclient's cert: 

sudo puppet cert sign puppetclient.example.com 

On the Puppet client, run the puppet agent manually in the foreground. This step isn't strictly speaking necessary, but it is the best way to test and debug the puppet service. 

sudo puppet agent --test 

Check /var/log/syslog on both hosts for any errors with the configuration. If all goes well the apache2 package and it's dependencies will be installed on the Puppet client. 

Cert exchange from Puppet master to puppet client

 

After the successful configuration Puppet client Ubuntu Desktop will search Puppet master Server and ask for cert request before accepting any administrative instructions from Master puppet server.

To view such cert request run the command at Puppet Master Ubuntu server.

 puppet cert list 

 

 root@server1:~# puppet cert list
  "desktop1.example.com" (SHA256) BD:F7:7C:76:48:09:C5:FE:0C:A8:CD:81:92:1D:A4:1F:15:1C:1A:6E:DE:C1:3C:B4:CA:FC:C6:2F:B4:9A:91:74
root@server1:~# 

It means that there is a machine named as dekstop1.example.com which came into existence and asking for cert request. Now the puppet master server must sign the cert requested from puppet client. It can be done as follows:

puppet cert sign desktop1.example.com

The output will be like this:

root@server1:~# puppet cert sign desktop1.example.com
Notice: Signed certificate request for desktop1.example.com
Notice: Removing file Puppet::SSL::CertificateRequest desktop1.example.com at '/var/lib/puppet/ssl/ca/requests/desktop1.example.com.pem'
root@server1:~#

 

It means the request from desktop machine is accepted at Puppet master machine. We can check that with command as well:

puppet cert list -all

root@server1:~# puppet cert list -all
+ "desktop1.example.com"        (SHA256) 7A:B7:CE:C4:A0:05:99:E7:E2:53:AD:D2:7F:6E:B5:38:CA:87:E0:8D:C7:0E:71:89:82:E1:17:FA:9D:B1:01:6D
+ "server1.server1.example.com" (SHA256) FF:E2:49:B9:2F:B4:D1:79:21:E9:1A:83:22:FA:DB:E8:5D:9B:9A:1C:E1:4D:83:B9:16:9D:FD:8B:72:FD:62:5F (alt names: "DNS:puppet", "DNS:puppet.server1.example.com", "DNS:server1.server1.example.com")
root@server1:~#

 

 

The above + sign in the output shows successful certificate signing at Puppet master Ubuntu Server.


To view the client cert fingerprint at Puppet Client Ubuntu desktop, run:

puppet agent --fingerprint

root@desktop1:~# puppet agent --fingerprint
(SHA256) 7A:B7:CE:C4:A0:05:99:E7:E2:53:AD:D2:7F:6E:B5:38:CA:87:E0:8D:C7:0E:71:89:82:E1:17:FA:9D:B1:01:6D
root@desktop1:~#

Revoke Client from Puppet master

puppet cert clean desktop1.example.com

root@server1:~# puppet cert clean desktop1.example.com
Notice: Revoked certificate with serial 3
Notice: Removing file Puppet::SSL::Certificate desktop1.example.com at '/var/lib/puppet/ssl/ca/signed/desktop1.example.com.pem'
Notice: Removing file Puppet::SSL::Certificate desktop1.example.com at '/var/lib/puppet/ssl/certs/desktop1.example.com.pem'
root@server1:~#

To be sure the certificates are completely removed on the Puppet Master Ubuntu server I explicitly cleaned them again

puppet cert -c

Create a user and group

Puppet uses some defaults for unspecified user and group attributes, so all you’ll need to do to create a new user and group is set the ‘ensure’ attribute to ‘present’. This ‘present’ value tells Puppet to check if the resource exists on the system, and to create the specified resource if it does not.

1. To create a user named jargyle, on your Puppet master, run puppet apply -e "user { 'jargyle': ensure => present, }". The result should show, in part, Notice: /Stage[main]/Main/User[jargyle]/ensure: created.
   
   
2. To create a group named web, on your Puppet master, run puppet apply -e "group { 'web': ensure => present, }". The result should show, in part, Notice: /Stage[main]/Main/Group[web]/ensure: created.
   

That’s it! You’ve successfully created the Puppet user jargyle and the Puppet group web.

Add the user to the main manifest

1. From the command line on your Puppet master, run puppet resource -e user jargyle. This opens a file in your text editor with the following content:
   

        user { 'jargyle':
         ensure           => 'present',
          gid              => '501',
          home             => '/home/jargyle',
          password         => '!!',
          password_max_age => '99999',
          password_min_age => '0',
          shell            => '/bin/bash',
          uid              => '501',
        }
   

   Note: Your uid (the user ID), or gid (the group ID) might be different numbers than the examples shown in this guide.

2. Add the following Puppet code to the file:
   

        comment           => 'Judy Argyle',
        groups            => 'web',
   

3. Delete the following Puppet code from the file:
   

          gid              => '501',
   

4. Copy all of the code, and save and exit the file.
   
5. Paste the code from Step 10 into your default node in site.pp. It should look like this:
   

       user { 'jargyle':
         ensure           => 'present',
         home             => '/home/jargyle',
         comment           => 'Judy Argyle',
         groups            => 'web',
         password         => '!!',
         password_max_age => '99999',
         password_min_age => '0',
         shell            => '/bin/bash',
         uid              => '501',
       }
   

6. From the command line on your Puppet master, run puppet parser validate site.pp to ensure that there are no errors. The parser will return nothing if there are no errors.
   
   
7. From the command line on your Puppet agent, use puppet agent -t to trigger a Puppet run.
   
   Group Creation
   
    group { 'web':
     ensure => 'present',
   
   }
   

 User Creation using puppet:

Site.pp file will look 

puppet resource -e user <username> will give user details


file { "/home/<username>":
  ensure => "directory",
  owner => "<username>",
  group => "<username>",
  mode => 700,
  require => [ User[<username>], Group[web] ],
}
user { '<username>':
  ensure           => 'present',
  home             => '/home/<username>',
  password         => '$6$5VlLaver$pYdcH2SosbTuwWFwIJ/HOSFDXXKwI3YilP/dD1/HDPj3ehSNcxxCXVMCFeSq1hP4S/dEsCK.7P/JK1PQkJa/n/',
  password_max_age => '99999',
  password_min_age => '0',
  uid              => '1008',
} 

  Admin User Creating using puppet:

file { "/home/<username>":
  ensure => present,
  owner => "<username>",
  group => "<username>",
  mode => 700,
  require => [ User[<username>], Group[web] ],
} 
user { 'rust':
  ensure           => 'present',
  comment          => '<username>,,,',

  groups           => ['adm', 'sudo', 'lpadmin', 'sambashare'],
  home             => '/home/<username>',
  password         => '$6$kloPQQEH$iARRrKtmHm29OgswTqtYhcflto4h4nElE7PpJ2wTyNzXk1fwaF2e0XlH9HYDjynCclioRlpQ6SIHkyBSK3nOU/',
  password_max_age => '99999',
  password_min_age => '0',
  shell            => '/bin/bash',
  uid              => '1013',
} 

Folder creation

 file { '/home/Share':
        ensure => directory,
        mode => '0755',
        owner => 'root',
        group => 'root',

Sharing file

file { "/home/Share/filename.docx":
        mode => "0777",
        owner => 'root',
        group => 'root',
        source => 'puppet:///modules/mymodule/filename.docx',
    } 

create  a folder in /etc/puppet/module

#mkdir -p /etc/puppet/module/mymodule/file

 then copy flename.docx file into /etc/puppet/module/mymodule/file

 

 

How To Create a Puppet Module To Automate WordPress Installation on Ubuntu 14.04

PostedOctober 22, 2014 35.7k views WordPress Configuration Management Scaling Ubuntu

Introduction

Puppet is a configuration management tool that system administrators use to automate the processes involved in maintaining a company's IT infrastructure. Writing individual Puppet manifest files is sufficient for automating simple tasks. However, when you have an entire workflow to automate, it is ideal to create and use a Puppet module instead. A Puppet module is just a collection of manifests along with files that those manifests require, neatly bundled into a reusable and shareable package.
WordPress is a very popular blogging platform. As an administrator, you might find yourself installing WordPress and its dependencies (Apache, PHP, and MySQL) very often. This installation process is a good candidate for automation, and today we create a Puppet module that does just that.

What This Tutorial Includes

In this tutorial you will create a Puppet module that can perform the following activities:

• Install Apache and PHP
• Install MySQL
• Create a database and a database user on MySQL for WordPress
• Install and configure WordPress

You will then create a simple manifest that uses the module to set up WordPress on Ubuntu 14.04. At the end of this tutorial, you will have a reusable WordPress module and a working WordPress installation on the server.

Prerequisites

You will need the following:

• Ubuntu 14.04 server
• A sudo user
• You shoud understand how to manage WordPress once you get to the control panel setup. If you need help with that, check the later parts of this tutorial

Step 1 — Install Puppet in Standalone Mode

To install Puppet using apt-get, the Puppet Labs Package repository has to be added to the list of available repositories. Puppet Labs has a Debian package that does this. The name of this package depends on the version of Ubuntu you are using. As this tutorial uses Ubuntu 14.04, Trusty Tahr, you have to download and install puppetlabs-release-trusty.deb.
Create and move into your Downloads directory:

mkdir ~/Downloads
cd ~/Downloads

Get the package:

wget https://apt.puppetlabs.com/puppetlabs-release-trusty.deb
sudo dpkg -i puppetlabs-release-trusty.deb

You can now install Puppet using apt-get.

sudo apt-get update
sudo apt-get install puppet

Puppet is now installed. You can check by typing in:

sudo puppet --version

It should print Puppet's version. At the time of this writing, the latest version is 3.7.1.
Note: If you see a warning message about templatedir, check the solution in Step 2.

Step 2 - Install Apache and MySQL Modules

Managing Apache and MySQL are such common activities that PuppetLabs has its own modules for them. We'll use these modules to install and configure Apache and MySQL.
You can list all the Puppet modules installed on your system using the following command:

sudo puppet module list

You will find no modules currently installed.
You might see a warning message that says:

Warning: Setting templatedir is deprecated. See http://links.puppetlabs.com/env-settings-deprecations
(at /usr/lib/ruby/vendor_ruby/puppet/settings.rb:1071:in `each')

To remove this warning, use nano to edit the puppet.conf file, and comment out the templatedir line:

sudo nano /etc/puppet/puppet.conf

After the edits, the file should have the following contents. You are just commenting out the templatedir line:

[main]
logdir=/var/log/puppet
vardir=/var/lib/puppet
ssldir=/var/lib/puppet/ssl
rundir=/var/run/puppet
factpath=$vardir/lib/facter
#templatedir=$confdir/templates

[master]
# These are needed when the puppetmaster is run by passenger
# and can safely be removed if webrick is used.
ssl_client_header = SSL_CLIENT_S_DN
ssl_client_verify_header = SSL_CLIENT_VERIFY

That should remove the warning message.
Install the PuppetLabs Apache and MySQL modules:

sudo puppet module install puppetlabs-apache
sudo puppet module install puppetlabs-mysql

Verify the installation by listing the modules again:

sudo puppet module list

You should be able to see the Apache and MySQL modules in the list.

/etc/puppet/modules
├── puppetlabs-apache (v1.1.1)
├── puppetlabs-concat (v1.1.1)
├── puppetlabs-mysql (v2.3.1)
└── puppetlabs-stdlib (v4.3.2)

Step 3 - Create a New Module for WordPress

Create a new directory to keep all your custom modules.

mkdir ~/MyModules
cd ~/MyModules

Let us call our module do-wordpress. Generate the generic new module:

puppet module generate do-wordpress --skip-interview

If you don't include the --skip-interview flag, the command will be interactive, and will prompt you with various questions about the module to populate the metadata.json file.
At this point a new directory named do-wordpress has been created. It contains boilerplate code and a directory structure that is necessary to build the module.
Edit the metadata.json file to replace puppetlabs-stdlib with puppetlabs/stdlib.

nano ~/MyModules/do-wordpress/metadata.json

This edit is required due a currently open bug in Puppet. After the change, your metadata.json file should look like this:

{
  "name": "do-wordpress",
  "version": "0.1.0",
  "author": "do",
  "summary": null,
  "license": "Apache 2.0",
  "source": "",
  "project_page": null,
  "issues_url": null,
  "dependencies": [
    {"name":"puppetlabs/stdlib","version_requirement":">= 1.0.0"}
  ]
}

Step 4 - Create a Manifest to Install Apache and PHP

Use nano to create and edit a file named web.pp in the manifests directory, which will install Apache and PHP:

nano ~/MyModules/do-wordpress/manifests/web.pp

Install Apache and PHP with default parameters. We use prefork as the MPM (Multi-Processing Module) to maximize compatibility with other libraries.
Add the following code to the file exactly:

class wordpress::web {

    # Install Apache
    class {'apache': 
        mpm_module => 'prefork'
    }

    # Add support for PHP 
    class {'::apache::mod::php': }
}

Step 5 - Create a File to Store Configuration Variables

Use nano to create and edit a file named conf.pp in the manifests directory.

nano ~/MyModules/do-wordpress/manifests/conf.pp

This file is the one place where you should set custom configuration values such as passwords and names. Every other configuration file on the system will pull its values from this file.
In the future, if you need to change the Wordpress/MySQL configuration, you will have to change only this file.
Add the following code to the file. Make sure you replace the database values with the custom information you want to use with WordPress. You will most likely want to leave dbhost set to localhost. You should change the rootpassword and dbuserpassword.
Variables that you can or should edit are marked in red:

class wordpress::conf {
    # You can change the values of these variables
    # according to your preferences

    $root_password = 'password'
    $db_name = 'wordpress'
    $db_user = 'wp'
    $db_user_password = 'password'
    $db_host = 'localhost'

    # Don't change the following variables

    # This will evaluate to wp@localhost
    $db_user_host = "${db_user}@${db_host}"

    # This will evaluate to wp@localhost/wordpress.*
    $db_user_host_db = "${db_user}@${db_host}/${db_name}.*"
}

Step 6 - Create a Manifest for MySQL

Use nano to create and edit a file named db.pp in the manifests directory:

nano ~/MyModules/do-wordpress/manifests/db.pp

This manifest does the following:

• Installs MySQL server
• Sets the root password for MySQL server
• Creates a database for Wordpress
• Creates a user for Wordpress
• Grants privileges to the user to access the database
• Installs MySQL client and bindings for various languages

All of the above actions are performed by the classes ::mysql::server and ::mysql::client.
Add the following code to the file exactly as shown. Inline comments are included to provide a better understanding:

class wordpress::db {

    class { '::mysql::server':

        # Set the root password
        root_password => $wordpress::conf::root_password,

        # Create the database
        databases => {
            "${wordpress::conf::db_name}" => {
                ensure => 'present',
                charset => 'utf8'
            }
        },

        # Create the user
        users => {
            "${wordpress::conf::db_user_host}" => {
                ensure => present,
                password_hash => mysql_password("${wordpress::conf::db_user_password}")
            }
        },

        # Grant privileges to the user
        grants => {
            "${wordpress::conf::db_user_host_db}" => {
                ensure     => 'present',
                options    => ['GRANT'],
                privileges => ['ALL'],
                table      => "${wordpress::conf::db_name}.*",
                user       => "${wordpress::conf::db_user_host}",
            }
        },
    }

    # Install MySQL client and all bindings
    class { '::mysql::client':
        require => Class['::mysql::server'],
        bindings_enable => true
    }
}

Step 7 - Download the Latest WordPress

Download the latest WordPress installation bundle from the official website using wget and store it in the files directory.
Create and move to a new directory:

mkdir ~/MyModules/do-wordpress/files
cd ~/MyModules/do-wordpress/files

Download the files:

wget http://wordpress.org/latest.tar.gz

Step 8 - Create a Template for wp-config.php

You might already know that Wordpress needs a wp-config.php file that contains information about the MySQL database that it is allowed to use. A template is used so that Puppet can generate this file with the right values.
Create a new directory named templates.

mkdir ~/MyModules/do-wordpress/templates

Move into the /tmp directory:

cd /tmp

Extract the WordPress files:

tar -xvzf ~/MyModules/do-wordpress/files/latest.tar.gz  # Extract the tar

The latest.tar.gz file that you downloaded contains a wp-config-sample.php file. Copy the file to the templates directory as wp-config.php.erb.

cp /tmp/wordpress/wp-config-sample.php ~/MyModules/do-wordpress/templates/wp-config.php.erb

Clean up the /tmp directory:

rm -rf /tmp/wordpress  # Clean up

Edit the wp-config.php.erb file using nano.

nano ~/MyModules/do-wordpress/templates/wp-config.php.erb

Use the variables defined in conf.pp to set the values for DBNAME, DBUSER, DBPASSWORD and DBHOST. You can use the exact settings shown below, which will pull in your actual variables from the conf.pp file we created earlier. The items marked in red are the exact changes that you need to make on the four database-related lines.
Ignoring the comments, your file should look like this:

<?php
define('DB_NAME', '<%= scope.lookupvar('wordpress::conf::db_name') %>');
define('DB_USER', '<%= scope.lookupvar('wordpress::conf::db_user') %>');
define('DB_PASSWORD', '<%= scope.lookupvar('wordpress::conf::db_user_password') %>');
define('DB_HOST', '<%= scope.lookupvar('wordpress::conf::db_host') %>');
define('DB_CHARSET', 'utf8');
define('DB_COLLATE', '');

define('AUTH_KEY',         'put your unique phrase here');
define('SECURE_AUTH_KEY',  'put your unique phrase here');
define('LOGGED_IN_KEY',    'put your unique phrase here');
define('NONCE_KEY',        'put your unique phrase here');
define('AUTH_SALT',        'put your unique phrase here');
define('SECURE_AUTH_SALT', 'put your unique phrase here');
define('LOGGED_IN_SALT',   'put your unique phrase here');
define('NONCE_SALT',       'put your unique phrase here');

$table_prefix  = 'wp_';

define('WP_DEBUG', false);

if ( !defined('ABSPATH') )
    define('ABSPATH', dirname(__FILE__) . '/');

require_once(ABSPATH . 'wp-settings.php');

Step 9 - Create a Manifest for Wordpress

Use nano to create and edit a file named wp.pp in the manifests directory:

nano ~/MyModules/do-wordpress/manifests/wp.pp

This manifest performs the following actions:

• Copies the contents of the Wordpress installation bundle to /var/www/. This has to be done because the default configuration of Apache serves files from /var/www/
• Generates a wp-config.php file using the template

Add the following code to the file exactly as shown:

class wordpress::wp {

    # Copy the Wordpress bundle to /tmp
    file { '/tmp/latest.tar.gz':
        ensure => present,
        source => "puppet:///modules/wordpress/latest.tar.gz"
    }

    # Extract the Wordpress bundle
    exec { 'extract':
        cwd => "/tmp",
        command => "tar -xvzf latest.tar.gz",
        require => File['/tmp/latest.tar.gz'],
        path => ['/bin'],
    }

    # Copy to /var/www/
    exec { 'copy':
        command => "cp -r /tmp/wordpress/* /var/www/",
        require => Exec['extract'],
        path => ['/bin'],
    }

    # Generate the wp-config.php file using the template
    file { '/var/www/wp-config.php':
        ensure => present,
        require => Exec['copy'],
        content => template("wordpress/wp-config.php.erb")
    }
}

Step 10 - Create init.pp, a Manifest that Integrates the Other Manifests

Every Puppet module needs to have a file named init.pp. When an external manifest includes your module, the contents of this file will be executed. The puppet module generate command created a generic version of this file for you already.
Edit init.pp using nano:

nano ~/MyModules/do-wordpress/manifests/init.pp

Let the file have the following contents.
You can leave the commented explanations and examples at the top. There should be an empty block for the wordpress class. Add the contents shown here so the wordpress block looks like the one shown below. Make sure you get the brackets nested correctly.
Inline comments are included to explain the settings:

class wordpress {
    # Load all variables
    class { 'wordpress::conf': }

    # Install Apache and PHP
    class { 'wordpress::web': }

    # Install MySQL
    class { 'wordpress::db': }

    # Run Wordpress installation only after Apache is installed
    class { 'wordpress::wp': 
        require => Notify['Apache Installation Complete']
    }

    # Display this message after MySQL installation is complete
    notify { 'MySQL Installation Complete':
        require => Class['wordpress::db']
    }

    # Display this message after Apache installation is complete
    notify { 'Apache Installation Complete':
        require => Class['wordpress::web']
    }

    # Display this message after Wordpress installation is complete
    notify { 'Wordpress Installation Complete':
        require => Class['wordpress::wp']
    }
}

Step 11 - Build the WordPress Module

The module is now ready to be built. Move into the MyModules directory:

cd ~/MyModules

Use the puppet module build command to build the module:

sudo puppet module build do-wordpress

You should see the following output from a successful build:

Notice: Building /home/user/MyModules/do-wordpress for release
Module built: /home/user/MyModules/do-wordpress/pkg/do-wordpress-0.1.0.tar.gz

The module is now ready to be used and shared. You will find the installable bundle in the module's pkg directory.

Step 12 - Install the WordPress Module

To use the module, it has to be installed first. Use the puppet module install command.

sudo puppet module install ~/MyModules/do-wordpress/pkg/do-wordpress-0.1.0.tar.gz

After installation, when you run the sudo puppet module list command, you should see an output similar to this:

/etc/puppet/modules
├── do-wordpress (v0.1.0)
├── puppetlabs-apache (v1.1.1)
├── puppetlabs-concat (v1.1.1)
├── puppetlabs-mysql (v2.3.1)
└── puppetlabs-stdlib (v4.3.2)

Now that it's installed, you should reference this module as do-wordpress for any Puppet commands.

Updating or Uninstalling the Module

If you receive installation errors, or if you notice configuration problems with WordPress, you will likely need to make changes in one or more of the manifest and related files we created earlier in the tutorial.
Or, you may simply want to uninstall the module at some point.
To update or uninstall the module, use this command:

sudo puppet module uninstall do-wordpress

If you just wanted to uninstall, you're done.
Otherwise, make the changes you needed, then rebuild and reinstall the module according to Steps 11-12.

Step 13 - Use the Module in a Standalone Manifest File to Install WordPress

To use the module to install Wordpress, you have to create a new manifest, and apply it.
Use nano to create and edit a file named install-wp.pp in the /tmp directory (or any other directory of your choice).

nano /tmp/install-wp.pp

Add the following contents to the file exactly as shown:

class { 'wordpress':
}

Apply the manifest using puppet apply. This is the step that gets WordPress up and running on your server:

sudo puppet apply /tmp/install-wp.pp

It's fine to see a warning or two.
This will take a while to run, but when it completes, you will have Wordpress and all its dependencies installed and running.
The final few successful installation lines should look like this:

Notice: /Stage[main]/Apache/File[/etc/apache2/mods-enabled/authn_core.load]/ensure: removed
Notice: /Stage[main]/Apache/File[/etc/apache2/mods-enabled/status.load]/ensure: removed
Notice: /Stage[main]/Apache/File[/etc/apache2/mods-enabled/mpm_prefork.load]/ensure: removed
Notice: /Stage[main]/Apache/File[/etc/apache2/mods-enabled/status.conf]/ensure: removed
Notice: /Stage[main]/Apache/File[/etc/apache2/mods-enabled/mpm_prefork.conf]/ensure: removed
Notice: /Stage[main]/Apache::Service/Service[httpd]: Triggered 'refresh' from 55 events
Notice: Finished catalog run in 55.91 seconds

You can open a browser and visit http://server-IP/. You should see the WordPress welcome screen.

From here, you can configure your WordPress control panel normally.

Deploying to Multiple Servers

If you are running Puppet in an Agent-Master configuration and want to install WordPress on one or more remote machines, all you have to do is add the line class {'wordpress':} to the node definitions of those machines. To learn more about Agent-Master configuration and node definitions, you can refer to this tutorial:
How To Install Puppet To Manage Your Server Infrastructure

Conclusion

With this tutorial, you have learned to create your own Puppet module that sets up WordPress for you. You could further build on this to add support for automatically installing certain themes and plugins. Finally, when you feel your module could be useful for others as well, you can publish it on Puppet Forg

 

Delete Existing Certificates

Delete any existing SSL certificates that were created during the package install. The default location of Puppet's SSL certificates is /var/lib/puppet/ssl:

sudo rm -rf /var/lib/puppet/ssl

 

How To Install Puppet 6 On Ubuntu 18?

Puppet has client-server architecture, which consists of a puppet master (server) and puppet agents (client). Puppet Master has all the configurations, and it compiles and supplies the configurations to puppet agents. Puppet Agents send the facts to puppet master requesting catalogs in intervals. Puppet Master sends the back the requested catalog to the puppet agent. Puppet Agent then applies that catalog on the node and reports back to the master.

Now that you have a basic understanding of Puppet let’s get started and set up a Puppet Master and Puppet Agent.

If you are an absolute beginner, you may like to take this online video course.

Environment Details

I am using 2 Ubuntu 18.04 machines. One will act as a puppet master and the other one as a puppet agent. Below are the details of the machines:

Puppet Master (Server)

• Hostname: puppet, puppet.geekflate.com
• IP Address: 192.168.0.108

Puppet Agent (Client)

• Hostname: puppetagent
• Ip Address: 192.168.0.107

Installing Puppet Server

Before I begin the installation, I need to edit the /etc/hosts file on both master and agent so that they can resolve each other.

On the Master node

[email protected]:~$ sudo gedit /etc/hosts

[sudo] password for geekflare:

127.0.0.1 localhost
127.0.1.1 geekflare
192.168.0.108 puppet puppet.geekflare.com

On Agent Node

[email protected]:~$ sudo gedit /etc/hosts

127.0.0.1 localhost
127.0.1.1 geekflare
192.168.0.107 puppetagent
192.168.0.108 puppet puppet.geekflare.com

­Now, I need to get a puppet repository on my master node and update it.

Download the puppet repository.

[email protected]:~$ wget https://apt.puppetlabs.com/puppet6-release-bionic.deb

--2019-10-15 15:41:34-- https://apt.puppetlabs.com/puppet6-release-bionic.deb

Resolving apt.puppetlabs.com (apt.puppetlabs.com)... 99.86.19.107, 99.86.19.59, 99.86.19.2, ...

Connecting to apt.puppetlabs.com (apt.puppetlabs.com)|99.86.19.107|:443... connected.

HTTP request sent, awaiting response... 200 OK

Length: 11736 (11K) [application/x-debian-package]

Saving to: ‘puppet6-release-bionic.deb’

puppet6-release-bio 100%[===================>] 11.46K --.-KB/s in 0s

2019-10-15 15:41:34 (236 MB/s) - ‘puppet6-release-bionic.deb’ saved [11736/11736]

Add and configure puppet 6 repo.

[email protected]:~$ sudo dpkg -i puppet6-release-bionic.deb

Selecting previously unselected package puppet6-release.

(Reading database ... 187041 files and directories currently installed.)

Preparing to unpack puppet6-release-bionic.deb ...

Unpacking puppet6-release (6.0.0-5bionic) ...

Setting up puppet6-release (6.0.0-5bionic) ...

Update the repository list.

[email protected]:~$ sudo apt update

Hit:1 https://download.docker.com/linux/ubuntu bionic InRelease

Hit:2 http://security.ubuntu.com/ubuntu cosmic-security InRelease

Hit:3 http://ppa.launchpad.net/ansible/ansible/ubuntu cosmic InRelease

Get:4 http://download.virtualbox.org/virtualbox/debian cosmic InRelease [4,429 B]

Get:5 http://apt.puppetlabs.com bionic InRelease [85.3 kB]

Hit:6 http://us.archive.ubuntu.com/ubuntu cosmic InRelease

Hit:7 http://us.archive.ubuntu.com/ubuntu cosmic-updates InRelease

Get:8 http://download.virtualbox.org/virtualbox/debian cosmic/contrib amd64 Packages [1,466 B]

Get:9 http://apt.puppetlabs.com bionic/puppet6 all Packages [13.5 kB]

Hit:10 http://us.archive.ubuntu.com/ubuntu cosmic-backports InRelease

Get:11 http://apt.puppetlabs.com bionic/puppet6 i386 Packages [13.5 kB]

Get:12 http://apt.puppetlabs.com bionic/puppet6 amd64 Packages [32.3 kB]

Fetched 151 kB in 2s (61.9 kB/s)

Reading package lists... Done

Building dependency tree

Reading state information... Done

234 packages can be upgraded. Run 'apt list --upgradable' to see them.

Installing Puppet Server

Let’s run the below command on the master node to install the puppet server on it.

[email protected]:~$ sudo apt install -y puppetserver

Reading package lists... Done

Building dependency tree

Reading state information... Done

The following additional packages will be installed:

 ca-certificates-java java-common openjdk-8-jre-headless puppet-agent

Suggested packages:

 default-jre fonts-dejavu-extra fonts-ipafont-gothic fonts-ipafont-mincho

 fonts-wqy-microhei fonts-wqy-zenhei

The following NEW packages will be installed:

 ca-certificates-java java-common openjdk-8-jre-headless puppet-agent

 puppetserver

0 upgraded, 5 newly installed, 0 to remove and 234 not upgraded.

Need to get 109 MB of archives.

After this operation, 287 MB of additional disk space will be used.

Get:1 http://us.archive.ubuntu.com/ubuntu cosmic/main amd64 java-common all 0.68ubuntu1 [6,988 B]

Get:2 http://apt.puppetlabs.com bionic/puppet6 amd64 puppet-agent amd64 6.10.1-1bionic [19.9 MB]

Get:3 http://us.archive.ubuntu.com/ubuntu cosmic-updates/universe amd64 openjdk-8-jre-headless amd64 8u212-b03-0ubuntu1.18.10.1 [27.2 MB]

Get:4 http://apt.puppetlabs.com bionic/puppet6 amd64 puppetserver all 6.7.1-1bionic [61.5 MB]

Get:5 http://us.archive.ubuntu.com/ubuntu cosmic/main amd64 ca-certificates-java all 20180516ubuntu1 [12.3 kB]

Fetched 109 MB in 1min 41s (1,072 kB/s)

Unpacking puppetserver (6.7.1-1bionic) ...

Setting up puppet-agent (6.10.1-1bionic) ...

Created symlink /etc/systemd/system/multi-user.target.wants/puppet.service → /lib/systemd/system/puppet.service.

Created symlink /etc/systemd/system/multi-user.target.wants/pxp-agent.service → /lib/systemd/system/pxp-agent.service.

Removed /etc/systemd/system/multi-user.target.wants/pxp-agent.service.

Setting up java-common (0.68ubuntu1) ...

Processing triggers for libc-bin (2.28-0ubuntu1) ...

Processing triggers for systemd (239-7ubuntu10.12) ...

Processing triggers for man-db (2.8.4-2) ...

Processing triggers for ca-certificates (20180409) ...

Updating certificates in /etc/ssl/certs...

0 added, 0 removed; done.

Running hooks in /etc/ca-certificates/update.d...

done.

Setting up ca-certificates-java (20180516ubuntu1) ...

head: cannot open '/etc/ssl/certs/java/cacerts' for reading: No such file or directory

Adding debian:SSL.com_EV_Root_Certification_Authority_ECC.pem

Adding debian:ssl-cert-snakeoil.pem

Adding debian:SwissSign_Gold_CA_-_G2.pem

Adding debian:SZAFIR_ROOT_CA2.pem

Adding debian:OpenTrust_Root_CA_G3.pem

Adding debian:TWCA_Root_Certification_Authority.pem

Adding debian:QuoVadis_Root_CA_2_G3.pem

Adding debian:DST_Root_CA_X3.pem

Adding debian:SecureSign_RootCA11.pem

Adding debian:QuoVadis_Root_CA_1_G3.pem

Adding debian:T-TeleSec_GlobalRoot_Class_3.pem

Adding debian:Go_Daddy_Root_Certificate_Authority_-_G2.pem

Adding debian:Actalis_Authentication_Root_CA.pem

Adding debian:Chambers_of_Commerce_Root_-_2008.pem

done.

Processing triggers for ca-certificates (20180409) ...

Updating certificates in /etc/ssl/certs...

0 added, 0 removed; done.

Running hooks in /etc/ca-certificates/update.d...

done.

done.

Setting up openjdk-8-jre-headless:amd64 (8u212-b03-0ubuntu1.18.10.1) ...

Setting up puppetserver (6.7.1-1bionic) ...

usermod: no changes

Processing triggers for systemd (239-7ubuntu10.12) ...

Configuring Puppet Server

 Edit the puppetserver file, as shown below. This to configure JVM of the puppet server.

[email protected]:~$ sudo gedit /etc/default/puppetserver


# Modify this if you'd like to change the memory allocation, enable JMX, etc

JAVA_ARGS="-Xms512m -Xmx512m -Djruby.logger.class=com.puppetlabs.jruby_utils.jruby.Slf4jLogger"

 Edit puppet configuration file to modify puppet server settings.

[email protected]:~$ sudo gedit /etc/puppetlabs/puppet/puppet.conf


# This file can be used to override the default puppet settings.

# See the following links for more details on what settings are available:

# - https://puppet.com/docs/puppet/latest/config_important_settings.html

# - https://puppet.com/docs/puppet/latest/config_about_settings.html

# - https://puppet.com/docs/puppet/latest/config_file_main.html

# - https://puppet.com/docs/puppet/latest/configuration.html

[master]

vardir = /opt/puppetlabs/server/data/puppetserver

logdir = /var/log/puppetlabs/puppetserver

rundir = /var/run/puppetlabs/puppetserver

pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid

codedir = /etc/puppetlabs/code

dns_alt_names = puppet,puppet.geekflare.com

[main]

certname = puppet.geekflare.com

server = puppet.geekflare.com

environment = production

runinterval = 15m

Puppet Server needs to generate a root and intermediate signing, CA.

[email protected]:~$ sudo /opt/puppetlabs/bin/puppetserver ca setup

Generation succeeded. Find your files in /etc/puppetlabs/puppet/ssl/ca

 Start and enable the puppet server service.

[email protected]:~$ sudo systemctl start puppetserver

[email protected]:~$ sudo systemctl enable puppetserver

Synchronizing state of puppetserver.service with SysV service script with /lib/systemd/systemd-sysv-install.

Executing: /lib/systemd/systemd-sysv-install enable puppetserver

Installing Puppet Agent

Follow the below steps on the agent node as you did for the master system. Puppet repository needs to present on all the agent nodes.

[email protected]:~$ wget https://apt.puppetlabs.com/puppet6-release-bionic.deb

[email protected]:~$ sudo dpkg -i puppet6-release-bionic.deb

[email protected]:~$ sudo apt update

Run the below command on the agent node to install the puppet agent.

[email protected]:~$ sudo apt install -y puppet-agent

Reading package lists... Done

Building dependency tree

Reading state information... Done

The following NEW packages will be installed:

 puppet-agent

0 upgraded, 1 newly installed, 0 to remove and 233 not upgraded.

Need to get 19.9 MB of archives.

After this operation, 115 MB of additional disk space will be used.

Get:1 http://apt.puppetlabs.com bionic/puppet6 amd64 puppet-agent amd64 6.10.1-1bionic [19.9 MB]

Fetched 19.9 MB in 2s (8,488 kB/s)

Selecting previously unselected package puppet-agent.

(Reading database ... 185786 files and directories currently installed.)

Preparing to unpack .../puppet-agent_6.10.1-1bionic_amd64.deb ...

Unpacking puppet-agent (6.10.1-1bionic) ...

Setting up puppet-agent (6.10.1-1bionic) ...

Created symlink /etc/systemd/system/multi-user.target.wants/puppet.service → /lib/systemd/system/puppet.service.

Created symlink /etc/systemd/system/multi-user.target.wants/pxp-agent.service → /lib/systemd/system/pxp-agent.service.

Removed /etc/systemd/system/multi-user.target.wants/pxp-agent.service.

Processing triggers for libc-bin (2.28-0ubuntu1) ...

Configuring Puppet Agent

 Edit the puppet configuration file on the agent node.

[email protected]:~$ sudo gedit /etc/puppetlabs/puppet/puppet.conf

[main]

certname = puppetagent

server = puppet.geekflare.com

environment = production

runinterval = 15m

Run the below command to start the puppet service. This command will also start automatically after it boots.

[email protected]:~$ sudo /opt/puppetlabs/bin/puppet resource service puppet ensure=running enable=true

service { 'puppet':

 ensure => 'running',

 enable => 'true',

} 

Generate and Sign Certificates

When the agent starts for the first time, it sends a certificate signing request to the puppet master. The master needs to check and sign this certificate. After this, the agent will fetch catalogs from the master and apply them to agent nodes regularly.

Now that the puppet agent is running run the below command on the master node to check if it has received any certificate signing request.

On the Master Node

[email protected]:~$ sudo /opt/puppetlabs/bin/puppetserver ca list

[sudo] password for geekflare:

Requested Certificates:

   puppetagent (SHA256) EA:68:23:B5:C3:71:2C:E6:4A:6A:3B:2F:24:F5:B8:5B:50:F7:3F:12:89:DE:B1:EB:D1:0A:74:3E:48:C3:D7:35

Sign the certificate sent by the agent.

[email protected]:~$ sudo /opt/puppetlabs/bin/puppetserver ca list

[sudo] password for geekflare:

Requested Certificates:

   puppetagent (SHA256) EA:68:23:B5:C3:71:2C:E6:4A:6A:3B:2F:24:F5:B8:5B:50:F7:3F:12:89:DE:B1:EB:D1:0A:74:3E:48:C3:D7:35

Run the below command to check all the certificate list. One certificate is already there, be a default of master node, and the other one is from the agent node.

[email protected]:~$ sudo /opt/puppetlabs/bin/puppetserver ca list --all

Signed Certificates:

   puppetagent (SHA256) EA:68:23:B5:C3:71:2C:E6:4A:6A:3B:2F:24:F5:B8:5B:50:F7:3F:12:89:DE:B1:EB:D1:0A:74:3E:48:C3:D7:35

   puppet.geekflare.com (SHA256) 71:30:5B:C8:C5:CE:28:A0:60:5C:4F:39:26:D0:FC:DA:DF:0A:0F:4D:ED:D4:B1:9C:05:1A:38:2F:D6:5F:9C:06 alt names: ["DNS:puppet.geekflare.com", "DNS:puppet", "DNS:puppet.geekflare.com"]

On Agent Node

Now run this command to test if the connection has been established between master and agent nodes, and everything is running fine.

[email protected]:~$ sudo /opt/puppetlabs/bin/puppet agent --test

Info: Using configured environment 'production'

Info: Retrieving pluginfacts

Info: Retrieving plugin

Info: Retrieving locales

Info: Caching catalog for puppet-agent

Info: Applying configuration version '1571171191'

Notice: Applied catalog in 0.02 seconds

Sample Puppet Example

Let’s run a simple puppet example. I will create a simple puppet manifest, which creates a directory with a certain permission.

On the Master Node:

[email protected]:~$ sudo gedit /etc/puppetlabs/code/environments/production/manifests/site.pp

 Put the below content.

node 'puppetagent' { # Applies only to mentioned node. If nothing mentioned, applies to all.

    file { '/home/test': # Resource type file

            ensure => 'directory', # Create a directory

            owner => 'root', # Ownership

            group => 'root', # Group Name

            mode => '0755', # Directory permissions

         }

}

Now run the below command for an agent to reach out to master and pull the configurations. After running this command, it should create that directory on the agent node.

On Agent Node

[email protected]:~$ sudo /opt/puppetlabs/bin/puppet agent --test

[sudo] password for geekflare:

Info: Using configured environment 'production'

Info: Retrieving pluginfacts

Info: Retrieving plugin

Info: Retrieving locales

Info: Caching catalog for puppetagent

Info: Applying configuration version '1571333010'

Notice: /Stage[main]/Main/Node[puppetagent]/File[/home/test]/ensure: created

Notice: Applied catalog in 0.05 seconds

Run the ls command to check if the director has been created successfully. 

[email protected]:~$ ls -l /home/

total 32

drwxr-xr-x 13 geekflare geekflare 4096 Jul 19 08:06 geekflare

drwx------ 2 root root 16384 Oct 23 2018 lost+found

drwxr-xr-x 23 geekflare geekflare 4096 Oct 17 11:02 geekflare

drwxr-xr-x 2 root root 4096 Oct 17 13:23 test

drwxr-xr-x 2 username username 4096 Jun 29 09:38 username

There you go!

Conclusion

This was a simple example to demonstrate its working. But imagine a bigger scenario, where you got to install or apply a certain configuration on hundreds of servers. Puppet can help you achieve it in minutes.

Removing puppet completely

 

Uninstall puppet-agent including dependent package

If you would like to remove puppet-agent and it's dependent packages which are no longer needed from Ubuntu,

$ sudo apt-get remove --auto-remove puppet-agent 

Use Purging puppet-agent

If you use with purge options to puppet-agent package all the configuration and dependent packages will be removed.

$ sudo apt-get purge puppet-agent 

If you use purge options along with auto remove, will be removed everything regarding the package, It's really useful when you want to reinstall again.

$ sudo apt-get purge --auto-remove puppet-agent 

 

https://www.thelinuxfaq.com/ubuntu/ubuntu-17-04-zesty-zapus/puppet-agent?type=uninstall

Execute a shell command/script

 using puppet

 

file { "/home/Share/clear.sh":
       mode => "0777",
       owner => 'root',
       group => 'root',
       source => 'puppet:///modules/mymodule/clear.sh',
    notify => Exec['extract_editor_script'],
   }

exec { 'extract_editor_script':
  command => "/bin/bash -c '/home/Share/clear.sh'",
}

create  a folder in /etc/puppet/module

#mkdir -p /etc/puppet/module/mymodule/file

 then copy flename.docx file into /etc/puppet/module/mymodule/file

Example: Clear.sh

#!/bin/bash
cd /home
sudo find  -type f -name '*.pdf' -exec  rm {} +
sudo find -type f -name '*.c' -exec rm {} +
sudo find -type f -name '*.java' -exec rm {} +
sudo find -type f -name '*.y' -exec rm {} +
sudo find -type f -name '*.py' -exec rm {} +
sudo find -type f -name '*.cc' -exec rm {} +
sudo find  -type f -name '*.zip' -exec  rm {} +
sudo find  -type f -name '*.rar' -exec  rm {} +
sudo find  -type f -name '*.gz' -exec  rm {} +
sudo find  -type f -name '*.html' -exec  rm {} +
sudo find  -type f -name '*.txt' -exec  rm {} +
sudo find  -type f -name '*.exe' -exec  rm {} +
sudo find  -type f -name '*.bz2' -exec  rm {} +
sudo find  -type f -name '*.awk' -exec  rm {} +
sudo find  -type f -name '*.l' -exec  rm {} +
sudo find  -type f -name '*.ppt' -exec  rm {} +
sudo find  -type f -name '*.pptx' -exec  rm {} +
sudo find  -type f -name '*.doc' -exec  rm {} +
sudo find  -type f -name '*.class' -exec  rm {} +
sudo find  -type f -name '*.bak' -exec  rm {} +

sudo find  -type f -name '*.docx' -exec  rm {} +
sudo find  -type f -name '*.out' -exec  rm {} +
sudo find  -type f -name '*.xls' -exec  rm {} +
sudo find  -type f -name '*.php' -exec  rm {} +
sudo find  -type f -name '*.S' -exec  rm {} +
sudo find  -type f -name '*.tar.gz' -exec  rm {} +
sudo find  -type f -name '*.tgz' -exec  rm {} +
sudo find  -type f -name '*.s' -exec  rm {} +
chmod 700 /home/student
chmod 700 /home/labadmin
chmod 700 /home/localadmin
rm -rf /home/student/Desktop/*
rm -rf /home/student/Downloads/*
echo "operation completed"
poweroff
 



Courtesy:
https://docs.puppet.com/puppet/4.5/reference/quick_start_user_group.html

https://www.digitalocean.com/community/tutorials/how-to-create-a-puppet-module-to-automate-wordpress-installation-on-ubuntu-14-04

https://geekflare.com/puppet-installation-ubuntu/

https://help.ubuntu.com/lts/serverguide/puppet.html

Puppet – Setting user password

When you use the user resource, you'll notice that it contains a password attribute. This can only be used to enter an encrypted password, aka a hashed password. For security reasons, you cannot use a plain text password.
Also for some reason, you can't use the passwd command to create hash value and retrieve that value from teh /etc/shadow file either. However Puppet passes the password supplied in the user type definition into the /etc/shadow file.
You have to use the openssl command to generate the hash:

 
#openssl passwd -1  
#Enter your password here 
Password: 
Verifying - Password: 
 $1$HTumvYUGYUGwsxQxCp3F/nGc4DCYM

You then insert this password into your resource:

user { 'TestUser': 
  ensure   => present,
  password => '$1$HTumvYUGYUGwsxQxCp3F/nGc4DCYM',
}

https://codingbee.net/puppet/puppet-setting-user-password 

or

Passwords are saved in /etc/shadow file you can copy from there

https://stackoverflow.com/questions/19114328/managing-a-user-password-for-linux-in-puppet