Puppet 简明教程

$ wget http://puppetlabs.com/downloads/facter/facter-latest.tgz  ------: 1

$ gzip -d -c facter-latest.tgz | tar xf - -----: 2
$ cd facter-* ------: 3
$ sudo ruby install.rb # or become root and run install.rb -----:4

# /etc/testingdir/code/environments/test/environment.conf
# Puppet Enterprise requires $basemodulepath; see note below under modulepath".
modulepath = site:dist:modules:$basemodulepath
# Use our custom script to get a git commit for the current state of the code:
config_version = get_environment_commit.sh

$ sudo rpm -ivh https://yum.puppetlabs.com/puppetlabs-release-pc1-el7.noarch.rpm

$ sudo yum -y install puppetserver

$ sudo vi /etc/sysconfig/puppetserver
Find the JAVA_ARGS and use the –Xms and –Xms options to set the memory allocation.
We will allocate 3GB of space
JAVA_ARGS="-Xms3g -Xmx3g"

$ sudo systemctl start puppetserver

$ sudo systemctl enable puppetserver

$ sudo /opt/puppetlabs/bin/puppet cert list

"Brcleprod004.brcl.com" (SHA259)
15:90:C2:FB:ED:69:A4:F7:B1:87:0B:BF:F7:ll:
B5:1C:33:F7:76:67:F3:F6:45:AE:07:4B:F 6:E3:ss:04:11:8d

$ sudo /opt/puppetlabs/bin/puppet cert sign Brcleprod004.brcl.com

Notice: Signed certificate request for Brcle004.brcl.com
Notice: Removing file Puppet::SSL::CertificateRequest Brcle004.brcl.com at
'/etc/puppetlabs/puppet/ssl/ca/requests/Brcle004.brcl.com.pem'

$ sudo /opt/puppetlabs/bin/puppet cert sign --all

$ sudo /opt/puppetlabs/bin/puppet cert clean hostname

$ sudo /opt/puppetlabs/bin/puppet cert list --all

+ "puppet" (SHA256) 5A:71:E6:06:D8:0F:44:4D:70:F0:
BE:51:72:15:97:68:D9:67:16:41:B0:38:9A:F2:B2:6C:B
B:33:7E:0F:D4:53 (alt names: "DNS:puppet", "DNS:Brcle004.nyc3.example.com")

+ "Brcle004.brcl.com" (SHA259) F5:DC:68:24:63:E6:F1:9E:C5:FE:F5:
1A:90:93:DF:19:F2:28:8B:D7:BD:D2:6A:83:07:BA:F E:24:11:24:54:6A

+ " Brcle004.brcl.com" (SHA259) CB:CB:CA:48:E0:DF:06:6A:7D:75:E6:CB:22:BE:35:5A:9A:B3

cat <<EOF >/etc/r10k.yaml
# The location to use for storing cached Git repos
:cachedir: '/var/cache/r10k'
# A list of git repositories to create
:sources:
# This will clone the git repository and instantiate an environment per
# branch in /etc/puppet/environments
:opstree:
#remote: 'https://github.com/fullstack-puppet/fullstackpuppet-environment.git'
remote: '/var/lib/git/fullstackpuppet-environment.git'
basedir: '/etc/puppet/environments'
EOF

r10k deploy environment -pv

cat << EOF > /etc/cron.d/r10k.conf
SHELL = /bin/bash
PATH = /sbin:/bin:/usr/sbin:/usr/bin
H/15 * * * * root r10k deploy environment -p
EOF

curl --cert /etc/puppet/ssl/certs/puppet.corp.guest.pem \
--key /etc/puppet/ssl/private_keys/puppet.corp.guest.pem \
--cacert /etc/puppet/ssl/ca/ca_crt.pem \
-H 'Accept: yaml' \
https://puppet.corp.guest:8140/production/catalog/puppet.corp.guest

host { 'one.vipin.com':
   alias => [ 'satu', 'dua', 'tiga' ],
   ip => '192.168.100.1',
   ensure => present,
}

resource { 'baz':
   require => [ Package['rpm'], File['testfile'] ],
}

$content = 'some content\n'
file { '/tmp/testing': content => $content }

$user = root
file {
   '/etc/passwd':
   owner => $user,
}

$user = bin
   file {
      '/bin':
      owner => $user,
      recurse => true,
   }

if $Filename {
   file { '/some/file': ensure => present }
} else {
   file { '/some/other/file': ensure => present }
}

if $machine == 'production' {
   include ssl
} else {
   include nginx
}

if $ machine == 'production' {
   include ssl
} elsif $ machine == 'testing' {
   include nginx
} else {
   include openssl
}

@user { vipin: ensure => present }

User <| title == vipin |>

# this is a comment

/*
This is a comment
*/

file { "/etc/tomcat/sites-available/default.conf":
   ensure => "present",
   content => template("tomcat/vhost.erb")
}

service { 'tomcat':
   ensure => running,
   enable => true
}

file { "/etc/tomcat/sites-available/default.conf":
   ensure => "present",
   content => template("vhost.erb"),
   notify => Service['tomcat']
}

[puppetmasterd]
...
modulepath = /var/lib/puppet/modules:/data/puppet/modules

/etc/puppet/modules:/usr/share/puppet:/var/lib/modules.

MODULE_PATH/
   downcased_module_name/
      files/
      manifests/
         init.pp
      lib/
         puppet/
            parser/
               functions
            provider/
            type/
         facter/
      templates/
      README

[module]
path /path/to/files
allow *.domain.com
deny *.wireless.domain.com

[private]
path /data/private/%h
allow *

[root@puppetmaster modules]# tree brcle_account
brcle_account
└── manifests  └── init.pp [root@puppetmaster modules]# cat brcle_account/manifests/init.pp
class brcle_account {
   user { 'G01063908':
      ensure => 'present',
      uid => '121',
      shell => '/bin/bash',
      home => '/home/G01063908',
   }

   file {'/tmp/userfile.txt':
      ensure => file,
      content => "the value for the 'OperatingSystem' fact is: $OperatingSystem \n",
   }
}

[root@puppetmaster modules]# puppet agent --test
Notice: /Stage[main]/Activemq::Service/Service[activemq]/ensure:
ensure changed 'stopped' to 'running'
Info: /Stage[main]/Activemq::Service/Service[activemq]:
Unscheduling refresh on Service[activemq]

Notice: Finished catalog run in 4.09 seconds
[root@puppetmaster modules]# cat /tmp/testfile.txt
the value for the 'OperatingSystem' fact is: Linux

[root@puppetmaster modules]# facter OperatingSystem
Linux

[root@puppetagent1 ~]# facter
architecture => x86_64
augeasversion => 1.0.0
bios_release_date => 13/09/2012
bios_vendor => innotek GmbH
bios_version => VirtualBox
blockdevice_sda_model => VBOX HARDDISK
blockdevice_sda_size => 22020587520
blockdevice_sda_vendor => ATA
blockdevice_sr0_model => CD-ROM
blockdevice_sr0_size => 1073741312
blockdevice_sr0_vendor => VBOX
blockdevices => sda,sr0
boardmanufacturer => Oracle Corporation
boardproductname => VirtualBox
boardserialnumber => 0

domain => codingbee.dyndns.org
facterversion => 2.1.0
filesystems => ext4,iso9660
fqdn => puppetagent1.codingbee.dyndns.org
hardwareisa => x86_64
hardwaremodel => x86_64
hostname => puppetagent1
id => root
interfaces => eth0,lo
ipaddress => 172.228.24.01
ipaddress_eth0 => 172.228.24.01
ipaddress_lo => 127.0.0.1
is_virtual => true
kernel => Linux
kernelmajversion => 2.6
kernelrelease => 2.6.32-431.23.3.el6.x86_64
kernelversion => 2.6.32
lsbdistcodename => Final
lsbdistdescription => CentOS release 6.5 (Final)
lsbdistid => CentOS
lsbdistrelease => 6.5
lsbmajdistrelease => 6
lsbrelease => :base-4.0-amd64:base-4.0-noarch:core-4.0-amd64:core-4.0noarch:graphics-4.0-amd64:
graphics-4.0-noarch:printing-4.0-amd64:printing-4.0noarch
macaddress => 05:00:22:47:H9:77
macaddress_eth0 => 05:00:22:47:H9:77
manufacturer => innotek GmbH
memoryfree => 125.86 GB
memoryfree_mb => 805.86
memorysize => 500 GB
memorysize_mb => 996.14
mtu_eth0 => 1500
mtu_lo => 16436
netmask => 255.255.255.0
netmask_eth0 => 255.255.255.0

network_lo => 127.0.0.0
operatingsystem => CentOS
operatingsystemmajrelease => 6
operatingsystemrelease => 6.5
osfamily => RedHat
partitions => {"sda1"=>{
"uuid"=>"d74a4fa8-0883-4873-8db0-b09d91e2ee8d", "size" =>"1024000",
"mount" => "/boot", "filesystem" => "ext4"}, "sda2"=>{"size" => "41981952",
"filesystem" => "LVM2_member"}
}
path => /usr/lib64/qt3.3/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
physicalprocessorcount => 1
processor0 => Intel(R) Core(TM) i7 CPU         920  @ 2.67GHz
processor1 => Intel(R) Core(TM) i7 CPU         920  @ 2.67GHz
processor2 => Intel(R) Core(TM) i7 CPU         920  @ 2.67GHz
processorcount => 3
productname => VirtualBox
ps => ps -ef
puppetversion => 3.6.2
rubysitedir => /usr/lib/ruby/site_ruby/1.8
rubyversion => 1.8.7
selinux => true
selinux_config_mode => enforcing
selinux_config_policy => targeted
selinux_current_mode => enforcing
selinux_enforced => true
selinux_policyversion => 24
serialnumber => 0
sshdsakey => AAAAB3NzaC1kc3MAAACBAK5fYwRM3UtOs8zBCtRTjuHLw56p94X/E0UZBZwFR3q7
WH0x5+MNsjfmdCxKvpY/WlIIUcFJzvlfjXm4qDaTYalbzSZJMT266njNbw5WwLJcJ74KdW92ds76pjgm
CsjAh+R9YnyKCEE35GsYjGH7whw0gl/rZVrjvWYKQDOmJA2dAAAAFQCoYABgjpv3EkTWgjLIMnxA0Gfud
QAAAIBM4U6/nerfn6Qvt43FC2iybvwVo8ufixJl5YSEhs92uzsW6jiw68aaZ32q095/gEqYzeF7a2knr
OpASgO9xXqStYKg8ExWQVaVGFTR1NwqhZvz0oRSbrN3h3tHgknoKETRAg/imZQ2P6tppAoQZ8wpuLrXU
CyhgJGZ04Phv8hinAAAAIBN4xaycuK0mdH/YdcgcLiSn8cjgtiETVzDYa+jF
swapfree => 3.55 GB
swapfree_mb => 2015.99
swapsize => 3.55 GB
swapsize_mb => 2015.99
timezone => GMT
type => Other
uniqueid => a8c0af01
uptime => 45:012 hours
uptime_days => 0
uptime_hours => 6
uptime_seconds => 21865
uuid => BD8B9D85-1BFD-4015-A633-BF71D9A6A741
virtual => virtualbox

[root@puppetagent1 facter]# env | grep "FACTERLIB"
[root@puppetagent1 facter]#

[root@puppetagent1 tmp]# tree /tmp/test_facts/
/tmp/some_facts/
├── vipin
│   └── longest_river.rb
└── testing
   └── longest_wall.rb

[root@puppetagent1 vipin]# cat longest_river.rb
Facter.add('longest_river') do
   setcode "echo Nile"
end

[root@puppetagent1 testing]# cat longest_wall.rb
Facter.add('longest_wall') do
   setcode "echo 'China Wall'"
end

[root@puppetagent1 /]# export
FACTERLIB = "/tmp/some_facts/river:/tmp/some_facts/wall"
[root@puppetagent1 /]# env | grep "FACTERLIB"
FACTERLIB = /tmp/some_facts/river:/tmp/some_facts/wall

[root@puppetagent1 /]# facter longest_river
Nile
[root@puppetagent1 /]# facter longest_wall
China Wall

[root@puppetmaster ~]# puppet describe --list
These are the types known to puppet:
augeas          - Apply a change or an array of changes to the  ...
computer        - Computer object management using DirectorySer ...
cron            - Installs and manages cron jobs
exec            - Executes external commands
file            - Manages files, including their content, owner ...
filebucket      - A repository for storing and retrieving file  ...
group           - Manage groups
host            - Installs and manages host entries
interface       - This represents a router or switch interface
k5login         - Manage the ‘.k5login’ file for a user
macauthorization - Manage the Mac OS X authorization database
mailalias       - .. no documentation ..
maillist        - Manage email lists
mcx             - MCX object management using DirectoryService  ...
mount           - Manages mounted filesystems, including puttin ...
nagios_command  - The Nagios type command
nagios_contact  - The Nagios type contact
nagios_contactgroup - The Nagios type contactgroup
nagios_host     - The Nagios type host
nagios_hostdependency - The Nagios type hostdependency
nagios_hostescalation - The Nagios type hostescalation
nagios_hostextinfo - The Nagios type hostextinfo
nagios_hostgroup - The Nagios type hostgroup

nagios_service  - The Nagios type service
nagios_servicedependency - The Nagios type servicedependency
nagios_serviceescalation - The Nagios type serviceescalation
nagios_serviceextinfo - The Nagios type serviceextinfo
nagios_servicegroup - The Nagios type servicegroup
nagios_timeperiod - The Nagios type timeperiod
notify          - .. no documentation ..
package         - Manage packages
resources       - This is a metatype that can manage other reso ...
router          - .. no documentation ..
schedule        - Define schedules for Puppet
scheduled_task  - Installs and manages Windows Scheduled Tasks
selboolean      - Manages SELinux booleans on systems with SELi ...
service         - Manage running services
ssh_authorized_key - Manages SSH authorized keys
sshkey          - Installs and manages ssh host keys
stage           - A resource type for creating new run stages
tidy            - Remove unwanted files based on specific crite ...
user            - Manage users
vlan            - .. no documentation ..
whit            - Whits are internal artifacts of Puppet's curr ...
yumrepo         - The client-side description of a yum reposito ...
zfs             - Manage zfs
zone            - Manages Solaris zones
zpool           - Manage zpools

[root@puppetmaster ~]# puppet resource user
user { 'abrt':
   ensure           => 'present',
   gid              => '173',
   home             => '/etc/abrt',
   password         => '!!',
   password_max_age => '-1',
   password_min_age => '-1',
   shell            => '/sbin/nologin',
   uid              => '173',
}

user { 'admin':
   ensure           => 'present',
   comment          => 'admin',
   gid              => '444',
   groups           => ['sys', 'admin'],
   home             => '/var/admin',
   password         => '*',
   password_max_age => '99999',
   password_min_age => '0',
   shell            => '/sbin/nologin',
   uid              => '55',
}

user { 'tomcat':
   ensure           => 'present',
   comment          => 'tomcat',
   gid              => '100',
   home             => '/var/www',
   password         => '!!',
   password_max_age => '-1',
   password_min_age => '-1',
   shell            => '/sbin/nologin',
   uid              => '100',
}

[root@puppetmaster ~]# puppet resource user tomcat
user { 'apache':
   ensure           => 'present',
   comment          => 'tomcat',
   gid              => '100',
   home             => '/var/www',
   password         => '!!',
   password_max_age => '-1',
   password_min_age => '-1',
   shell            => '/sbin/nologin',
   uid              => '100’,
}

[root@puppetmaster ~]# puppet describe user
user
====
Manage users.  This type is mostly built to manage system users,
so it is lacking some features useful for managing normal users.

This resource type uses the prescribed native tools for creating groups
and generally uses POSIX APIs for retrieving information about them.
It does not directly modify ‘/etc/passwd’ or anything.

**Autorequires:** If Puppet is managing the user's primary group
(as provided in the ‘gid’ attribute),
the user resource will autorequire that group.
If Puppet is managing any role accounts corresponding to the user's roles,
the user resource will autorequire those role accounts.

Parameters
----------
- **allowdupe**
   Whether to allow duplicate UIDs. Defaults to ‘false’.
   Valid values are ‘true’, ‘false’, ‘yes’, ‘no’.

- **attribute_membership**
   Whether specified attribute value pairs should be treated as the
   **complete list** (‘inclusive’) or the **minimum list** (‘minimum’) of
   attribute/value pairs for the user. Defaults to ‘minimum’.
   Valid values are ‘inclusive’, ‘minimum’.

- **auths**
   The auths the user has.  Multiple auths should be
   specified as an array.
   Requires features manages_solaris_rbac.

- **comment**
   A description of the user.  Generally the user's full name.

- **ensure**
   The basic state that the object should be in.
   Valid values are ‘present’, ‘absent’, ‘role’.

- **expiry**
   The expiry date for this user. Must be provided in
   a zero-padded YYYY-MM-DD format --- e.g. 2010-02-19.
   If you want to make sure the user account does never
   expire, you can pass the special value ‘absent’.
   Valid values are ‘absent’. Values can match ‘/^\d{4}-\d{2}-\d{2}$/’.
   Requires features manages_expiry.

- **forcelocal**
   Forces the mangement of local accounts when accounts are also
   being managed by some other NSS

- **gid**
   The user's primary group. Can be specified numerically or by name.
   This attribute is not supported on Windows systems; use the ‘groups’
   attribute instead. (On Windows, designating a primary group is only
   meaningful for domain accounts, which Puppet does not currently manage.)

- **groups**
   The groups to which the user belongs. The primary group should
   not be listed, and groups should be identified by name rather than by
   GID.  Multiple groups should be specified as an array.

- **home**
   The home directory of the user.  The directory must be created
   separately and is not currently checked for existence.

- **ia_load_module**
   The name of the I&A module to use to manage this user.
   Requires features manages_aix_lam.

- **iterations**
   This is the number of iterations of a chained computation of the
   password hash (http://en.wikipedia.org/wiki/PBKDF2).  This parameter
   is used in OS X. This field is required for managing passwords on OS X
   >= 10.8.
   Requires features manages_password_salt.

- **key_membership**

- **managehome**
   Whether to manage the home directory when managing the user.
   This will create the home directory when ‘ensure => present’, and
   delete the home directory when ‘ensure => absent’. Defaults to ‘false’.
   Valid values are ‘true’, ‘false’, ‘yes’, ‘no’.

- **membership**
   Whether specified groups should be considered the **complete list**
   (‘inclusive’) or the **minimum list** (‘minimum’) of groups to which
   the user belongs. Defaults to ‘minimum’.
   Valid values are ‘inclusive’, ‘minimum’.

- **name**
   The user name. While naming limitations vary by operating system,
   it is advisable to restrict names to the lowest common denominator,
   which is a maximum of 8 characters beginning with a letter.
   Note that Puppet considers user names to be case-sensitive, regardless
   of the platform's own rules; be sure to always use the same case when
   referring to a given user.

- **password**
   The user's password, in whatever encrypted format the local
   system requires.
   * Most modern Unix-like systems use salted SHA1 password hashes. You can use
      Puppet's built-in ‘sha1’ function to generate a hash from a password.
   * Mac OS X 10.5 and 10.6 also use salted SHA1 hashes.

Windows API
   for setting the password hash.
   [stdlib]: https://github.com/puppetlabs/puppetlabs-stdlib/
   Be sure to enclose any value that includes a dollar sign ($) in single
   quotes (') to avoid accidental variable interpolation.
   Requires features manages_passwords.

- **password_max_age**
   The maximum number of days a password may be used before it must be changed.
   Requires features manages_password_age.

- **password_min_age**
   The minimum number of days a password must be used before it may be changed.
   Requires features manages_password_age.

- **profile_membership**
   Whether specified roles should be treated as the **complete list**
   (‘inclusive’) or the **minimum list** (‘minimum’) of roles
   of which the user is a member. Defaults to ‘minimum’.
   Valid values are ‘inclusive’, ‘minimum’.

- **profiles**
   The profiles the user has.  Multiple profiles should be
   specified as an array.
   Requires features manages_solaris_rbac.

- **project**
   The name of the project associated with a user.
   Requires features manages_solaris_rbac.

- **uid**
   The user ID; must be specified numerically. If no user ID is
   specified when creating a new user, then one will be chosen
   automatically. This will likely result in the same user having
   different UIDs on different systems, which is not recommended. This is
   especially noteworthy when managing the same user on both Darwin and
   other platforms, since Puppet does UID generation on Darwin, but
   the underlying tools do so on other platforms.
   On Windows, this property is read-only and will return the user's
   security identifier (SID).

[root@puppetmaster ~]# puppet describe user --providers
user
====
Manage users.
This type is mostly built to manage systemusers,
so it is lacking some features useful for managing normalusers.
This resource type uses the prescribed native tools for
creating groups and generally uses POSIX APIs for retrieving informationabout them.
It does not directly modify '/etc/passwd' or anything.

- **comment**
   A description of the user.  Generally the user's full name.

- **ensure**
   The basic state that the object should be in.
   Valid values are 'present', 'absent', 'role'.

- **expiry**
   The expiry date for this user.
   Must be provided in a zero-padded YYYY-MM-DD format --- e.g. 2010-02-19.
   If you want to make sure the user account does never expire,
   you can pass the special value 'absent'.
   Valid values are 'absent'.
   Values can match '/^\d{4}-\d{2}-\d{2}$/'.
   Requires features manages_expiry.

- **forcelocal**
   Forces the management of local accounts when accounts are also
   being managed by some other NSS
   Valid values are 'true', 'false', 'yes', 'no'.
   Requires features libuser.

- **gid**
   The user's primary group.  Can be specified numerically or by name.
   This attribute is not supported on Windows systems; use the ‘groups’
   attribute instead. (On Windows, designating a primary group is only
   meaningful for domain accounts, which Puppet does not currently manage.)

- **groups**
   The groups to which the user belongs. The primary group should
   not be listed, and groups should be identified by name rather than by
   GID. Multiple groups should be specified as an array.

- **home**
   The home directory of the user.  The directory must be created
   separately and is not currently checked for existence.

- **ia_load_module**
   The name of the I&A module to use to manage this user.
   Requires features manages_aix_lam.

- **iterations**
   This is the number of iterations of a chained computation of the
   password hash (http://en.wikipedia.org/wiki/PBKDF2).
   This parameter is used in OS X.
   This field is required for managing passwords on OS X >= 10.8.

- **key_membership**
   Whether specified key/value pairs should be considered the
   **complete list** ('inclusive') or the **minimum list** ('minimum') of
   the user's attributes. Defaults to 'minimum'.
   Valid values are 'inclusive', 'minimum'.

- **keys**
   Specify user attributes in an array of key = value pairs.
   Requires features manages_solaris_rbac.

- **managehome**
   Whether to manage the home directory when managing the user.
   This will create the home directory when 'ensure => present', and
   delete the home directory when ‘ensure => absent’. Defaults to ‘false’.
   Valid values are ‘true’, ‘false’, ‘yes’, ‘no’.

- **membership**
   Whether specified groups should be considered the **complete list**
   (‘inclusive’) or the **minimum list** (‘minimum’) of groups to which
   the user belongs. Defaults to ‘minimum’.
   Valid values are ‘inclusive’, ‘minimum’.

- **name**
   The user name. While naming limitations vary by operating system,
   it is advisable to restrict names to the lowest common denominator.

- **password**
   The user's password, in whatever encrypted format the local system requires.
   * Most modern Unix-like systems use salted SHA1 password hashes. You can use
      Puppet's built-in ‘sha1’ function to generate a hash from a password.
   * Mac OS X 10.5 and 10.6 also use salted SHA1 hashes.
   * Mac OS X 10.7 (Lion) uses salted SHA512 hashes.
   The Puppet Labs [stdlib][] module contains a ‘str2saltedsha512’
   function which can generate password hashes for Lion.
   * Mac OS X 10.8 and higher use salted SHA512 PBKDF2 hashes.
   When managing passwords on these systems the salt and iterations properties
   need to be specified as well as the password.
   [stdlib]: https://github.com/puppetlabs/puppetlabs-stdlib/
   Be sure to enclose any value that includes a dollar sign ($) in single
   quotes (') to avoid accidental variable interpolation.
   Requires features manages_passwords.

- **password_max_age**
   The maximum number of days a password may be used before it must be changed.
Requires features manages_password_age.

- **password_min_age**
   The minimum number of days a password must be used before it may be changed.
Requires features manages_password_age.

- **profile_membership**
   Whether specified roles should be treated as the **complete list**
   (‘inclusive’) or the **minimum list** (‘minimum’) of roles
   of which the user is a member. Defaults to ‘minimum’.
   Valid values are ‘inclusive’, ‘minimum’.

- **profiles**
   The profiles the user has.  Multiple profiles should be
   specified as an array.
Requires features manages_solaris_rbac.

- **project**
   The name of the project associated with a user.
   Requires features manages_solaris_rbac.

- **purge_ssh_keys**
   Purge ssh keys authorized for the user
   if they are not managed via ssh_authorized_keys.
   When true, looks for keys in .ssh/authorized_keys in the user's home directory.
   Possible values are true, false, or an array of
   paths to file to search for authorized keys.
   If a path starts with ~ or %h, this token is replaced with the user's home directory.
   Valid values are ‘true’, ‘false’.

- **role_membership**
   Whether specified roles should be considered the **complete list**
   (‘inclusive’) or the **minimum list** (‘minimum’) of roles the user has.
   Defaults to ‘minimum’.
Valid values are ‘inclusive’, ‘minimum’.

- **roles**
   The roles the user has.  Multiple roles should be
   specified as an array.
Requires features manages_solaris_rbac.

- **salt**
   This is the 32 byte salt used to generate the PBKDF2 password used in
   OS X. This field is required for managing passwords on OS X >= 10.8.
   Requires features manages_password_salt.

- **shell**
   The user's login shell.  The shell must exist and be
   executable.
   This attribute cannot be managed on Windows systems.
   Requires features manages_shell.

- **system**
   Whether the user is a system user, according to the OS's criteria;
   on most platforms, a UID less than or equal to 500 indicates a system
   user. Defaults to ‘false’.
   Valid values are ‘true’, ‘false’, ‘yes’, ‘no’.

- **uid**
   The user ID; must be specified numerically. If no user ID is
   specified when creating a new user, then one will be chosen
   automatically. This will likely result in the same user having
   different UIDs on different systems, which is not recommended.
   This is especially noteworthy when managing the same user on both Darwin and
   other platforms, since Puppet does UID generation on Darwin, but
   the underlying tools do so on other platforms.
   On Windows, this property is read-only and will return the user's
   security identifier (SID).

Providers
---------

- **aix**
   User management for AIX.
   * Required binaries: '/bin/chpasswd', '/usr/bin/chuser',
   '/usr/bin/mkuser', '/usr/sbin/lsgroup', '/usr/sbin/lsuser',
   '/usr/sbin/rmuser'.
   * Default for ‘operatingsystem’ == ‘aix’.
   * Supported features: ‘manages_aix_lam’, ‘manages_expiry’,
   ‘manages_homedir’, ‘manages_password_age’, ‘manages_passwords’,
   ‘manages_shell’.

- **directoryservice**
   User management on OS X.
   * Required binaries: ‘/usr/bin/dscacheutil’, ‘/usr/bin/dscl’,
   ‘/usr/bin/dsimport’, ‘/usr/bin/plutil’, ‘/usr/bin/uuidgen’.
   * Default for ‘operatingsystem’ == ‘darwin’.
   * Supported features: ‘manages_password_salt’, ‘manages_passwords’,
   ‘manages_shell’.

- **hpuxuseradd**
   User management for HP-UX. This provider uses the undocumented ‘-F’
   switch to HP-UX's special ‘usermod’ binary to work around the fact that
   its standard ‘usermod’ cannot make changes while the user is logged in.
   * Required binaries: ‘/usr/sam/lbin/useradd.sam’,
   ‘/usr/sam/lbin/userdel.sam’, ‘/usr/sam/lbin/usermod.sam’.
   * Default for ‘operatingsystem’ == ‘hp-ux’.
   * Supported features: ‘allows_duplicates’, ‘manages_homedir’,
   ‘manages_passwords’.

- **ldap**
   User management via LDAP.
   This provider requires that you have valid values for all of the
   LDAP-related settings in ‘puppet.conf’, including ‘ldapbase’.
   You will almost definitely need settings for ‘ldapuser’ and ‘ldappassword’ in order
   for your clients to write to LDAP.
* Supported features: ‘manages_passwords’, ‘manages_shell’.

- **pw**
   User management via ‘pw’ on FreeBSD and DragonFly BSD.
   * Required binaries: ‘pw’.
   * Default for ‘operatingsystem’ == ‘freebsd, dragonfly’.
   * Supported features: ‘allows_duplicates’, ‘manages_expiry’,
   ‘manages_homedir’, ‘manages_passwords’, ‘manages_shell’.

- **user_role_add**
   User and role management on Solaris, via ‘useradd’ and ‘roleadd’.
   * Required binaries: ‘passwd’, ‘roleadd’, ‘roledel’, ‘rolemod’,
   ‘useradd’, ‘userdel’, ‘usermod’.
   * Default for ‘osfamily’ == ‘solaris’.
   * Supported features: ‘allows_duplicates’, ‘manages_homedir’,
   ‘manages_password_age’, ‘manages_passwords’, ‘manages_solaris_rbac’.

- **useradd**
   User management via ‘useradd’ and its ilk.  Note that you will need to
   install Ruby's shadow password library (often known as ‘ruby-libshadow’)
   if you wish to manage user passwords.
   * Required binaries: ‘chage’, ‘luseradd’, ‘useradd’, ‘userdel’, ‘usermod’.
   * Supported features: ‘allows_duplicates’, ‘libuser’, ‘manages_expiry’,
   ‘manages_homedir’, ‘manages_password_age’, ‘manages_passwords’,
   ‘manages_shell’, ‘system_users’.

- **windows_adsi**
   Local user management for Windows.
   * Default for 'operatingsystem' == 'windows'.
   * Supported features: 'manages_homedir', 'manages_passwords'.

puppet resource user vipin ensure = present uid = '505'
shell = '/bin/bash' home = '/home/vipin'

[root@puppetmaster ~]# cat /etc/passwd | grep "vipin"
vipin:x:505:501::/home/vipin:/bin/bash

$value = template ("testtemplate.erb")

define testingsite($cgidir, $tracdir) {
   file { "testing-$name":
   path => "/etc/tomcat/testing/$name.conf",
   owner => superuser,
   group => superuser,
   mode => 644,
   require => File[tomcatconf],
   content => template("testsite.erb"),
   notify => Service[tomcat]
}
   symlink { "testsym-$name":
      path => "$cgidir/$name.cgi",
      ensure => "/usr/share/test/cgi-bin/test.cgi"
   }
}

<Location "/cgi-bin/ <%= name %>.cgi">
   SetEnv TEST_ENV "/export/svn/test/<%= name %>"
</Location>

# You need something like this to authenticate users
<Location "/cgi-bin/<%= name %>.cgi/login">
   AuthType Basic
   AuthName "Test"
   AuthUserFile /etc/tomcat/auth/svn
   Require valid-user
</Location>

Include /etc/apache2/trac/[^.#]*

[root@puppetmaster ~]# cat /etc/puppet/manifests/site.pp
class user_account ($username){
   user { $username:
      ensure => present,
      uid    => '101',
      shell  => '/bin/bash',
      home   => "/home/$username",
   }
}
node 'Brcleprod002' {
   class { user_account:
      username => "G01063908",
   }
}
node 'Brcleprod002' {
   class {user_account:
      username => "G01063909",
   }
}

[root@puppetagent1 ~]# puppet agent --test
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for puppetagent1.testing.dyndns.org
Info: Applying configuration version '1419452655'

Notice: /Stage[main]/User_account/User[homer]/ensure: created
Notice: Finished catalog run in 0.15 seconds
[root@brcleprod001 ~]# cat /etc/passwd | grep "vipin"
G01063908:x:101:501::/home/G01063909:/bin/bash

[root@Brcleprod002 ~]# puppet agent --test
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for puppetagent2.testing.dyndns.org
Info: Applying configuration version '1419452725'

Notice: /Stage[main]/User_account/User[bart]/ensure: created
Notice: Finished catalog run in 0.19 seconds
[root@puppetagent2 ~]# cat /etc/passwd | grep "varsha"
G01063909:x:101:501::/home/G01063909:/bin/bash

[root@puppetmaster ~]# cat /etc/puppet/manifests/site.pp
class user_account ($username = ‘g01063908'){
   user { $username:
      ensure => present,
      uid    => '101',
      shell  => '/bin/bash',
      home   => "/home/$username",
   }
}
node 'Brcleprod001' {
   class {user_account:}
}
node 'Brcleprod002' {
   class {user_account:
      username => "g01063909",
   }
}

module Puppet::Parser::Functions
   newfunction(:write_line_to_file) do |args|
      filename = args[0]
      str = args[1]
      File.open(filename, 'a') {|fd| fd.puts str }
   end
end

write_line_to_file('/user/vipin.txt, "Hello vipin!")

[main]
manifest = /usr/testing/puppet/site.pp
modulepath = /usr/testing/puppet/modules
[development]
manifest = /usr/testing/puppet/development/site.pp
modulepath = /usr/testing/puppet/development/modules

[puppetd]
environment = Testing

#puppetd -–environment = testing

service { "sshd":
   ensure => present,
}

newparam(:source) do
   desc "The repo source"
   validate do |value|
      if value =~ /^git/
         resource[:provider] = :git
      else
         resource[:provider] = :svn
      end
   end
   isnamevar
end

newparam(:path) do
   desc "Destination path"
   validate do |value|
      unless value =~ /^\/[a-z0-9]+/
         raise ArgumentError , "%s is not a valid file path" % value
      end

require 'fileutils'
Puppet::Type.type(:repo).provide(:svn) do
   desc "SVN Support"

   commands :svncmd => "svn"
   commands :svnadmin => "svnadmin"

   def create
      svncmd "checkout", resource[:name], resource[:path]
   end

   def destroy
      FileUtils.rm_rf resource[:path]
   end

   def exists?
      File.directory? resource[:path]
   end
end

repo { "wp":
   source => "http://g01063908.git.brcl.org/trunk/",
   path => "/var/www/wp",
   ensure => present,
}

# cd /etc/puppet/modules
# puppet module generate Live-module

class live-module {
}

include live-module

# touch test-module/manifests/httpd.pp

class test-module::httpd {
   package { 'httpd':
      ensure => installed,
   }
}

class test-module {
   include test-module::httpd
}

# puppet apply test-module/tests/init.pp --noop

Notice: Compiled catalog for puppet.example.com in environment
production in 0.59 seconds

Notice: /Stage[main]/test-module::Httpd/Package[httpd]/ensure:
current_value absent, should be present (noop)

Notice: Class[test-module::Httpd]: Would have triggered 'refresh' from 1
events

Notice: Stage[main]: Would have triggered 'refresh' from 1 events
Notice: Finished catalog run in 0.67 seconds

class test-module::httpd {
   package { 'httpd':
      ensure => installed,
   }
   service { 'httpd':
      ensure => running,
      enable => true,
      require => Package["httpd"],
   }
}

# puppet apply test-module/tests/init.pp --noop
Notice: Compiled catalog for puppet.example.com in environment
production in 0.56 seconds

Notice: /Stage[main]/test-module::Httpd/Package[httpd]/ensure:
current_value absent, should be present (noop)

Notice: /Stage[main]/test-module::Httpd/Service[httpd]/ensure:
current_value stopped, should be running (noop)

Notice: Class[test-module::Httpd]: Would have triggered 'refresh' from 2
events

Notice: Stage[main]: Would have triggered 'refresh' from 1 events
Notice: Finished catalog run in 0.41 seconds

Listen <%= @httpd_port %>
NameVirtualHost *:<% = @httpd_port %>

<VirtualHost *:<% = @httpd_port %>>
   DocumentRoot /var/www/testserver/
   ServerName <% = @fqdn %>

   <Directory "/var/www/testserver/">
      Options All Indexes FollowSymLinks
      Order allow,deny
      Allow from all
   </Directory>
</VirtualHost>

class test-module::httpd {
   package { 'httpd':
      ensure => installed,
   }
   service { 'httpd':
      ensure => running,
      enable => true,
      require => Package["httpd"],
   }
   file {'/etc/httpd/conf.d/testserver.conf':
      notify => Service["httpd"],
      ensure => file,
      require => Package["httpd"],
      content => template("test-module/testserver.conf.erb"),
   }
   file { "/var/www/myserver":
      ensure => "directory",
   }
}

class test-module (
   $http_port = 80
) {
   include test-module::httpd
}

# puppet apply test-module/tests/init.pp --noop
Warning: Config file /etc/puppet/hiera.yaml not found, using Hiera
defaults

Notice: Compiled catalog for puppet.example.com in environment
production in 0.84 seconds

Notice: /Stage[main]/test-module::Httpd/File[/var/www/myserver]/ensure:
current_value absent, should be directory (noop)

Notice: /Stage[main]/test-module::Httpd/Package[httpd]/ensure:
current_value absent, should be present (noop)

Notice:
/Stage[main]/test-module::Httpd/File[/etc/httpd/conf.d/myserver.conf]/ensure:
current_value absent, should be file (noop)

Notice: /Stage[main]/test-module::Httpd/Service[httpd]/ensure:
current_value stopped, should be running (noop)

Notice: Class[test-module::Httpd]: Would have triggered 'refresh' from 4
events

Notice: Stage[main]: Would have triggered 'refresh' from 1 events
Notice: Finished catalog run in 0.51 seconds

if $operatingsystemmajrelease <= 6 {
   exec { 'iptables':
      command => "iptables -I INPUT 1 -p tcp -m multiport --ports
      ${httpd_port} -m comment --comment 'Custom HTTP Web Host' -j ACCEPT &&
      iptables-save > /etc/sysconfig/iptables",
      path => "/sbin",
      refreshonly => true,
      subscribe => Package['httpd'],
   }
   service { 'iptables':
      ensure => running,
      enable => true,
      hasrestart => true,
      subscribe => Exec['iptables'],
   }
}  elsif $operatingsystemmajrelease == 7 {
   exec { 'firewall-cmd':
      command => "firewall-cmd --zone=public --addport = $ {
      httpd_port}/tcp --permanent",
      path => "/usr/bin/",
      refreshonly => true,
      subscribe => Package['httpd'],
   }
   service { 'firewalld':
      ensure => running,
      enable => true,
      hasrestart => true,
      subscribe => Exec['firewall-cmd'],
   }
}

# puppet apply test-module/tests/init.pp --noop
Warning: Config file /etc/puppet/hiera.yaml not found, using Hiera
defaults

Notice: Compiled catalog for puppet.example.com in environment
production in 0.82 seconds

Notice: /Stage[main]/test-module::Httpd/Exec[iptables]/returns:
current_value notrun, should be 0 (noop)

Notice: /Stage[main]/test-module::Httpd/Service[iptables]: Would have
triggered 'refresh' from 1 events

exec { 'semanage-port':
   command => "semanage port -a -t http_port_t -p tcp ${httpd_port}",
   path => "/usr/sbin",
   require => Package['policycoreutils-python'],
   before => Service ['httpd'],
   subscribe => Package['httpd'],
   refreshonly => true,
}

package { 'policycoreutils-python':
   ensure => installed,
}

# puppet apply test-module/tests/init.pp --noop
...
Notice: /Stage[main]/test-module::Httpd/Package[policycoreutilspython]/
ensure: current_value absent, should be present (noop)
...
Notice: /Stage[main]/test-module::Httpd/Exec[semanage-port]/returns:
current_value notrun, should be 0 (noop)
...
Notice: /Stage[main]/test-module::Httpd/Service[httpd]/ensure:
current_value stopped, should be running (noop)

<html>
   <head>
      <title>Congratulations</title>
   <head>

   <body>
      <h1>Congratulations</h1>
      <p>Your puppet module has correctly applied your configuration.</p>
   </body>
</html>

class test-module::app {
   file { "/var/www/test-server/index.html":
      ensure => file,
      mode => 755,
      owner => root,
      group => root,
      source => "puppet:///modules/test-module/index.html",
      require => Class["test-module::httpd"],
   }
}

class test-module (
   $http_port = 80
) {
   include test-module::httpd
   include test-module::app
}

# puppet apply test-module/tests/init.pp --noop
Warning: Config file /etc/puppet/hiera.yaml not found, using Hiera
defaults

Notice: Compiled catalog for brcelprod001.brcle.com in environment
production in 0.66 seconds

Notice: /Stage[main]/Test-module::Httpd/Exec[iptables]/returns:
current_value notrun, should be 0 (noop)

Notice: /Stage[main]/Test-module::Httpd/Package[policycoreutilspython]/
ensure: current_value absent, should be present (noop)

Notice: /Stage[main]/Test-module::Httpd/Service[iptables]: Would have
triggered 'refresh' from 1 events

Notice: /Stage[main]/Test-module::Httpd/File[/var/www/myserver]/ensure:
current_value absent, should be directory (noop)

Notice: /Stage[main]/Test-module::Httpd/Package[httpd]/ensure:
current_value absent, should be present (noop)

Notice:
/Stage[main]/Test-module::Httpd/File[/etc/httpd/conf.d/myserver.conf]/ensur
e: current_value absent, should be file (noop)

Notice: /Stage[main]/Test-module::Httpd/Exec[semanage-port]/returns:
current_value notrun, should be 0 (noop)

Notice: /Stage[main]/Test-module::Httpd/Service[httpd]/ensure:
current_value stopped, should be running (noop)

Notice: Class[test-module::Httpd]: Would have triggered 'refresh' from 8
Notice:
/Stage[main]/test-module::App/File[/var/www/myserver/index.html]/ensur:
current_value absent, should be file (noop)

Notice: Class[test-module::App]: Would have triggered 'refresh' from 1
Notice: Stage[main]: Would have triggered 'refresh' from 2 events Notice:
Finished catalog run in 0.74 seconds

# puppet module build test-module