Manage httpd/apache server through puppet
March 5, 2011 1 Comment
>
Being in the corporate network infrastructure will gobbles up hell lot of your invaluable time doing same thing over and over again if you are not exposed to the correct tools and obviously to correct technology.So finding the right tool and get accustomed with it is a very much required.
So I am going to give a brief snapshot of how a configuration system like puppet come to your rescue. It’s a swiss army knife for any sensible person involve in infrastructure.Yes, those of you doing it for over the years might be get accustomed with cfengine(a beast,indeed!!),chef et al.
Without much ado..here we go:
I have installed puppet in my system….
bhaskar@bhaskar-laptop_10:48:20_Sat Mar 05:~> sudo genlop -t puppet
Password:
* app-admin/puppet
Wed Apr 7 07:32:45 2010 >>> app-admin/puppet-0.25.4-r1
merge time: 23 seconds.
Tue Aug 3 08:03:31 2010 >>> app-admin/puppet-0.25.5
merge time: 29 seconds.
Now the next step is to configure a service which should be maintained by puppet. I have chose to take of apache/httpd configuration file. So first thing ,we need to go to the puppet installed base dir,means where puppet put configuration and manifest files.If the manifest directory is missing then please create it.Mine look like this :
bhaskar@bhaskar-laptop_10:48:30_Sat Mar 05:~> ls -al /etc/puppet
total 24
drwxr-xr-x 3 root root 4096 Mar 5 10:09 .
drwxr-xr-x 95 root root 4096 Mar 5 09:40 ..
-rw-r--r-- 1 root root 2346 Aug 3 2010 auth.conf
-rw-r--r-- 1 root root 378 Aug 3 2010 fileserver.conf
drwxr-xr-x 3 root root 4096 Mar 5 10:10 manifests
-rw-r--r-- 1 root root 1080 Feb 19 15:11 puppet.conf
This is almost default to the puppet configuration structure.Now inside that manifest folder I have created a dir called service,which hold my service I want to check with puppet.Here is view of it:
bhaskar@bhaskar-laptop_10:59:28_Sat Mar 05:/etc/puppet/manifests/services> ll
total 4
-rw-r--r-- 1 root root 496 Apr 7 2010 apache.pp
As you can see I have created a file called apache.pp, now let me show you what it look like inside:
1 class apache {
2 package {
3 apache:
4 ensure => installed
5 }
6
7 file {
8 "httpd.conf":
9 mode => 644,
10 owner => root,
11 group => root,
12 path => "/etc/apache2/httpd.conf",
13 source => "puppet://bhaskar-laptop.localdomain/files/httpd.conf",
14 }
15
16 service {
17 apache2:
18 ensure => true,
19 enable => true,
20 subscribe => [ File["httpd.conf"], Package [apache] ],
21 }
22 }
Pretty ordinary stuff, right!! indeed because puppet authors made it easy for us ordinary mortals.But having said that a small amount of OOP(object oriented programming) not harmful at all,rather help you to understand the structure more elaborately.
Isn’t that file content self explanatory,if not..like me to understand others code…bit by bit for you ;
Line 1 to 5: What essentially a class ,which hold a tag related to service,then it has variable called “ensure” which will check that the package or service installed in the system.
Line 7 to 14 : It has file section ,in which I am checking the main apache configuration file,with the permission and ownership of it.We need to mention the path where the file actually located in the system.
Line number 13 is tricky to many like me: it essentially the place from where puppet client server the files,for that we need to specify that path into a file just above level directory called fileserver.conf.And we need to copy that file that place from that original file location.Here is the visual representation of what I said above:
bhaskar@bhaskar-laptop_11:13:07_Sat Mar 05:/var/lib/puppet/files> sudo cp -v /etc/apache2/httpd.conf /var/lib/puppet/files/
`/etc/apache2/httpd.conf' -> `/var/lib/puppet/files/httpd.conf'
And the file holding the path is look like this and reside here /etc/puppet/fileserver.conf
1 # This file consists of arbitrarily named sections/modules
2 # defining where files are served from and to whom
3
4 # Define a section 'files'
5 # Adapt the allow/deny settings to your needs. Order
6 # for allow/deny does not matter, allow always takes precedence
7 # over deny
8 [files]
9 path /var/lib/puppet/files
10 # allow *.example.com
11 # deny *.evil.example.com
12 # allow 192.168.0.0/24
13 allow bhaskar-laptop
I hope I made it clear to you folks! Now the last part of the file:
Line number 16 to 20: it is a service section we are trying to monitor and manage.it said that the service should be enable and it make sure of it. And it subscribed to the package it holds and the main file related to it.
Now if you change the file permission of the apache main configuration file or changes to that file ..next time the puppetd client run it will restore back the previous conf..so bring back the sanity to the system.
Here is an example:
I am going to change the permission of the httpd.conf which has presently has this perm:
bhaskar@bhaskar-laptop_11:34:25_Sat Mar 05:~> ls -al /etc/apache2/httpd.conf
-rw-r--r-- 1 root root 6516 Jul 22 2010 /etc/apache2/httpd.conf
Now change to some thing like below:
bhaskar@bhaskar-laptop_11:36:42_Sat Mar 05:~> sudo chmod 640 /etc/apache2/httpd.conf
bhaskar@bhaskar-laptop_11:37:31_Sat Mar 05:~> ls -al /etc/apache2/httpd.conf
-rw-r----- 1 root root 6516 Jul 22 2010 /etc/apache2/httpd.conf
Now two option we have: either we wait until the next time the puppet client run and bring back the sanity or do that immediately,which is why like this;
bhaskar@bhaskar-laptop_12:38:39_Sat Mar 05:~> sudo /usr/sbin/puppetd --server bhaskar-laptop --test
info: Caching catalog for bhaskar-laptop
info: Applying configuration version '1299308926'
notice: //File[httpd.conf]/mode: mode changed '640' to '644'
notice: Finished catalog run in 0.35 seconds
So it bring back to it sanity,here is the evidence,compare with earlier listing with same file:
bhaskar@bhaskar-laptop_12:38:47_Sat Mar 05:~> ls -al /etc/apache2/httpd.conf
-rw-r--r-- 1 root root 6516 Jul 22 2010 /etc/apache2/httpd.conf
Ok, I have touched tip of an iceburg..it can be tweaked and configured leap and bounds and possibilities are aplenty.
Hope this will help.
Cheers!
Bhaskar
Unixbhaskar's Blog 