One of the new features released in Puppet 3.4.0 is the ability to add options to rpm package installs. This is a feature that’s been discussed in a couple of tickets over the years and now we’ve got an official, in core, approach I’ve copied the code to the yum and apt providers github branch. class pkgoptions { package { 'strace': ensure => 'installed', provider => 'yum', install_options => [ '--noplugins', '--enablerepo=fedora' ], # or install_options => [ '-t', 'squeeze-backports' ], for Debian backports } } The approach in this patch is not the final one I’d like to take so I’ve not submitted it upstream. Read on →

“a simple resource that blocks transactions until a check passes, theoretically indicating that a remote resource is in a desired state.”    – Puppet Remote Resource Documentation I stumbled over the Puppet Remote Resource module while looking around the Puppetlabs github account for something completely different and was surprised to find that I’d never seen this little gem mentioned anywhere else. A pre-built way to have a puppet resource skipped based on the result of an external command is a very flexible tool, especially when you couple it with all the available nagios checks. Read on →

I don’t often impulse buy technical books. They cost too much and consume too much shelf space to be purchased frivolously but when it’s 1.95 for a Kindle book on Go and I’m stuck miles from home it seemed like a good idea. An Introduction to Programming in Go is a well written guide to your first hour in Go. While you can probably find coverage of the same material on the web, having it all nicely curated in one place is worth the money for someone like me who just wants a little taster and overview. Read on →

Over the years Puppet has handled resources ordering without explicit dependencies in different ways, with the release of Puppet 3.3.0 they’ve exposed this ordering logic to the admin with three interesting options. To test these options out we’ll use the ‘ordering’ test module shown below. We include three classes, ordering::beta, ordering::alpha and ordering::gamma (note that the includes are not in alphabetically sorted order). Each of these classes has three notify statements that show a number and the class they are contained in. Read on →

We use Amazon CloudFormation for a number of our deployments at $WORK. Although it’s nice to have security group creation inside the same template as the resources it will secure, CloudFormations ‘helpful’ addition of a unique string at the end of the resource names it creates can sometimes be a problem. A couple of tools assume security groups will have an absolute, unchanging name and lack a way to search for an appropriately tagged security group whose name can change on stack rebuild. Read on →

Even though I don’t spend as much time writing puppet code as I used to I try to stay relevant and as part of that I like to read all the Puppet books that come out. Below are the ones I’ve read this year, brief thoughts on them and the reading path I’d give to a new junior. As the name implies the Puppet 3 Beginner’s Guide is a decent place to start learning Puppet. Read on →

The kind people at Apress provided me with an alpha review copy of Pro Puppet and while it’s not the finished product you can already get a good feel for the books tone and coverage. I quite liked the first edition of Pro Puppet and this update is more evolutionary than revolutionary. All chapters from the previous edition are present and the biggest addition is the very welcome chapter on using Hiera in your modules; even if it’s oddly placed at the end of the book. Read on →

Puppet has always supported templating via ERB and while it’s a powerful, flexible templating engine the ability to use any arbitrary ruby code inside a template that’s run on the puppet master sometimes raises some eyebrows. As part of a security architecture review the concept of replacing the templating engine with something that still allows looping and text manipulation without allowing too much else was discussed and led to the idea of allowing templates to be written in Liquid. Read on →

While doing some experiments with Ansible I came across a little snippet of code that I really liked - - name: manage /etc/sudoers template: src=sudoers.j2 dest=/etc/sudoers validate='visudo -cf %s' Ansible runs the command specified by ‘validate’ against the expanded templates contents and only copies the newly generated file in to place if it’s valid. This is a wonderful feature that will help stop you from making some potentially time consuming errors. Read on →

Facter 1.7 introduced support for external facts, and I gave some external fact examples, but it left a couple of small issues unresolved. One of the larger ones is the subject of syncing the external facts down to the clients. At the moment most people are managing the external facts as file resources which creates one important difference between an internal and external fact. Internal facts are synced down at the start of the run and so are available to the puppet agent within a single run. Read on →