Manage httpd/apache server through puppet

>

In this article I will show you that you can manage box running apache/httpd server through a configuration management software called puppet.

Being in the corporate network infrastructure will gobbles up hell lot of your invaluable time doing same thing over and over again if you are not exposed to the correct tools and obviously to correct technology.So finding the right tool and get accustomed with it is a very much required.

So I am going to give a brief snapshot of how a configuration system like puppet come to your rescue. It’s a swiss army knife for any sensible person involve in infrastructure.Yes, those of you doing it for over the years might be get accustomed with cfengine(a beast,indeed!!),chef et al.

Without much ado..here we go:

I have installed puppet in my system….

bhaskar@bhaskar-laptop_10:48:20_Sat Mar 05:~> sudo genlop -t puppet
Password:
* app-admin/puppet

Wed Apr 7 07:32:45 2010 >>> app-admin/puppet-0.25.4-r1
merge time: 23 seconds.

Tue Aug 3 08:03:31 2010 >>> app-admin/puppet-0.25.5
merge time: 29 seconds.

Now the next step is to configure a service which should be maintained by puppet. I have chose to take of apache/httpd configuration file. So first thing ,we need to go to the puppet installed base dir,means where puppet put configuration and manifest files.If the manifest directory is missing then please create it.Mine look like this :


bhaskar@bhaskar-laptop_10:48:30_Sat Mar 05:~> ls -al /etc/puppet
total 24
drwxr-xr-x 3 root root 4096 Mar 5 10:09 .
drwxr-xr-x 95 root root 4096 Mar 5 09:40 ..
-rw-r--r-- 1 root root 2346 Aug 3 2010 auth.conf
-rw-r--r-- 1 root root 378 Aug 3 2010 fileserver.conf
drwxr-xr-x 3 root root 4096 Mar 5 10:10 manifests
-rw-r--r-- 1 root root 1080 Feb 19 15:11 puppet.conf

This is almost default to the puppet configuration structure.Now inside that manifest folder I have created a dir called service,which hold my service I want to check with puppet.Here is view of it:

bhaskar@bhaskar-laptop_10:59:28_Sat Mar 05:/etc/puppet/manifests/services> ll
total 4
-rw-r--r-- 1 root root 496 Apr 7 2010 apache.pp

As you can see I have created a file called apache.pp, now let me show you what it look like inside:

1 class apache {
2 package {
3 apache:
4 ensure => installed
5 }
6
7 file {
8 "httpd.conf":
9 mode => 644,
10 owner => root,
11 group => root,
12 path => "/etc/apache2/httpd.conf",
13 source => "puppet://bhaskar-laptop.localdomain/files/httpd.conf",
14 }
15
16 service {
17 apache2:
18 ensure => true,
19 enable => true,
20 subscribe => [ File["httpd.conf"], Package [apache] ],
21 }
22 }

Pretty ordinary stuff, right!! indeed because puppet authors made it easy for us ordinary mortals.But having said that a small amount of OOP(object oriented programming) not harmful at all,rather help you to understand the structure more elaborately.

Isn’t that file content self explanatory,if not..like me to understand others code…bit by bit for you ;

Line 1 to 5: What essentially a class ,which hold a tag related to service,then it has variable called “ensure” which will check that the package or service installed in the system.

Line 7 to 14 : It has file section ,in which I am checking the main apache configuration file,with the permission and ownership of it.We need to mention the path where the file actually located in the system.

Line number 13 is tricky to many like me: it essentially the place from where puppet client server the files,for that we need to specify that path into a file just above level directory called fileserver.conf.And we need to copy that file that place from that original file location.Here is the visual representation of what I said above:


bhaskar@bhaskar-laptop_11:13:07_Sat Mar 05:/var/lib/puppet/files> sudo cp -v /etc/apache2/httpd.conf /var/lib/puppet/files/
`/etc/apache2/httpd.conf' -> `/var/lib/puppet/files/httpd.conf'

And the file holding the path is look like this and reside here /etc/puppet/fileserver.conf


1 # This file consists of arbitrarily named sections/modules
2 # defining where files are served from and to whom
3
4 # Define a section 'files'
5 # Adapt the allow/deny settings to your needs. Order
6 # for allow/deny does not matter, allow always takes precedence
7 # over deny
8 [files]
9 path /var/lib/puppet/files
10 # allow *.example.com
11 # deny *.evil.example.com
12 # allow 192.168.0.0/24
13 allow bhaskar-laptop

I hope I made it clear to you folks! Now the last part of the file:

Line number 16 to 20: it is a service section we are trying to monitor and manage.it said that the service should be enable and it make sure of it. And it subscribed to the package it holds and the main file related to it.

Now if you change the file permission of the apache main configuration file or changes to that file ..next time the puppetd client run it will restore back the previous conf..so bring back the sanity to the system.

Here is an example:
I am going to change the permission of the httpd.conf which has presently has this perm:


bhaskar@bhaskar-laptop_11:34:25_Sat Mar 05:~> ls -al /etc/apache2/httpd.conf
-rw-r--r-- 1 root root 6516 Jul 22 2010 /etc/apache2/httpd.conf

Now change to some thing like below:

bhaskar@bhaskar-laptop_11:36:42_Sat Mar 05:~> sudo chmod 640 /etc/apache2/httpd.conf
bhaskar@bhaskar-laptop_11:37:31_Sat Mar 05:~> ls -al /etc/apache2/httpd.conf
-rw-r----- 1 root root 6516 Jul 22 2010 /etc/apache2/httpd.conf

Now two option we have: either we wait until the next time the puppet client run and bring back the sanity or do that immediately,which is why like this;

bhaskar@bhaskar-laptop_12:38:39_Sat Mar 05:~> sudo /usr/sbin/puppetd --server bhaskar-laptop --test
info: Caching catalog for bhaskar-laptop
info: Applying configuration version '1299308926'
notice: //File[httpd.conf]/mode: mode changed '640' to '644'
notice: Finished catalog run in 0.35 seconds

So it bring back to it sanity,here is the evidence,compare with earlier listing with same file:


bhaskar@bhaskar-laptop_12:38:47_Sat Mar 05:~> ls -al /etc/apache2/httpd.conf
-rw-r--r-- 1 root root 6516 Jul 22 2010 /etc/apache2/httpd.conf

Ok, I have touched tip of an iceburg..it can be tweaked and configured leap and bounds and possibilities are aplenty.

Hope this will help.

Cheers!
Bhaskar

Advertisements

“Puppeting” the corporate network

I had have the opportunity to manage coporate infrastructure few times. One of them with a client who has large network to manage along with bright fellows in that team.

Configuring system and distribute to the same configuration to different node is a error prone and cumbersome job for the system administrators.The rescue act has been done by the little piece of software called “Puppet”.

Most of the big corporation started to implementing this software in their network or system administrator get adhere to it ,just to make their life little easier and painless.

Yes,it is written a small but extremely powerful and ease of use interpreted language called “ruby”,please visit this site http://www.ruby-language.org.So one has to have little bit of familarity with it handle it properly.But there is no hard and fst rule to learn it or know it in leangth and breadth ( although no harm in doing so!! ).

Say for example; if you want a particular configuration file to be updated across several hundred or thousand of node at once within very very limited timeframe,it is the software to watch out.One has to just write once the configuaration file once on master server and start the daemon .Client or nodes started to get it from the master.

Yes ,essentially the underlying architecture is a client/server model.So the master server can also implement the client too to manage itself,often the case.

For more details on that subject please visit http://reductivelabs.com and go through the document ,as it is very well describe it’s job.

The bottom line is that it’s become a swiss army knife for the system administrator to handle large network.

PS: I am using it for quite a while now personally,and enjoy the power it delivers.ReductiveLabs is earning hell lot of money to lend it to the big corporates.


Bhaskar Chowdhury

Chat Google Talk: unixbhaskar Skype: unixbhaskar Y! messenger: unixbhaskar
Contact Me StumbleuponFacebookDiggTwitterBloggerRedditTechnoratiWordpress