SEARCH
TOOLBOX
LANGUAGES
Puppet

Puppet

From GarrettHoneycutt

Revision as of 15:52, 7 November 2013 by Gh (Talk | contribs)
Jump to: navigation, search

Contents

Cheat Sheet

http://docs.puppetlabs.com/puppet_core_types_cheatsheet.pdf

Removing certs during provisioning process

It is generally advantageous to remove a cert, if it exists, with the name of a system that you are provisioning. If not, then when you reinstall a system with the same name you would have to remove the old cert manually. This involves configuring auth.conf to allow for a HTTP request and the query itself.

query to remove cert

PUPPETCA=puppetca.example.com
curl -k -X DELETE -H "Accept :pson" https://${PUPPETCA}:8140/production/certificate_status/`hostname -f`

auth.conf

The important part are lines 51 - 57

  1 # THIS FILE IS MANAGED BY PUPPET
  2 # ANY CHANGES WILL BE OVERWRITTEN
  3 #
  4 #
  5 # The ACL are checked in order of appearance in this file.
  6 # #
  7 # # For details on auth.conf syntax see:
  8 # # http://docs.puppetlabs.com/guides/rest_auth_conf.html
  9 # #
 10 # ### Authenticated ACL - those applies only when the client
 11 # ### has a valid certificate and is thus authenticated
 12 path ~ ^/catalog/([^/]+)$
 13 method find
 14 auth yes
 15 allow $1
 16
 17 path ~ ^/node/([^/]+)$
 18 method find
 19 auth yes
 20 allow $1
 21
 22 path  /certificate_revocation_list/ca
 23 method find
 24 auth yes
 25 allow *
 26
 27 path  /report
 28 method save
 29 auth yes
 30 allow *
 31
 32 path  /file
 33 auth yes
 34 allow *
 35
 36 path  /certificate/ca
 37 method find
 38 auth any
 39 allow *
 40
 41 path  /certificate/
 42 method find
 43 auth any
 44 allow *
 45
 46 path  /certificate_request
 47 method find, save
 48 auth any
 49 allow *
 50
 51 # Allows nodes to clean up certificates of any node. This is being triggered
 52 # at provisioning time in kickstart to remove the old certificate, since a new
 53 # one is generated when the system is provisioned.
 54 path /certificate_status/
 55 auth any
 56 method find, save, destroy
 57 allow *.example.com,pe-internal-dashboard
 58
 59 path  /facts
 60 method find, search
 61 auth any
 62 allow *
 63
 64 # allow all puppet systems to save facts
 65 path  /facts
 66 method save
 67 auth yes
 68 allow puppetmaster.example.com,puppet1.example.com,puppet2.example.com,puppet3.example.com,puppetdb.example.com
 69
 70 # allow anyone to see if a puppet master is alive.
 71 # used for load balancer health checks
 72 path /status/no_key
 73 method find
 74 auth any
 75 allow *
 76
 77
 78 path  /
 79 auth any

Spec tests

Spec tests are unit tests that allow you to test what should be present in the catalog.

Tim's tutorial - http://rspec-puppet.com/

Setup

Install Puppet

Install some other tools

sudo gem install -V puppet-lint puppetlabs_spec_helper rake rspec-puppet bundler librarian-puppet-simple --no-ri --no-rdoc

Testing

You must be in the directory of the module you are testing.

rake spec

SPEC_OPTS="--format documentation" bundle exec rake spec
This actually runs the equivalent of
rake spec_prep; rake spec_standalone; rake spec_clean
You can see these commands by typing
rake -T
If your tests need to download dependencies, you might want to use
rake spec_prep
once and then type
SPEC_OPTS="--format documentation" bundle exec rake spec_standalone
so you do not incur the cost of re-downloading stuff every time you want to run a test.

Dependencies / Fixtures

These should all be noted in your Modulefile and must be listed in .fixtures.yml. example

Examples

puppet-module-common has many different types of spec tests.