space, → | next slide |
← | previous slide |
d | debug mode |
## <ret> | go to slide # |
c | table of contents (vi) |
f | toggle footer |
r | reload slides |
z | toggle help (this) |
$ ls mcp
Capfile config log
Gemfile config.ru public
Gemfile.lock db script
README doc spec
Rakefile features tmp
app lib vendor
$ bundle exec rspec spec
................
Finished in 0.00816 seconds
Many, many examples, 0 failures
$ ssh mudge@server1
Last login: Mon Aug 1 21:08:06 2011
from 123-45-67-89.
$ /usr/sbin/adduser -h
adduser [--home DIR] [--shell SHELL]
[--no-create-home] [--uid ID] [--firstuid ID]
[--lastuid ID] [--gecos GECOS]
[--ingroup GROUP | --gid ID]
[--disabled-password] [--disabled-login]
[--encrypt-home] USER
Add a normal user
$ sudo -i
# adduser mcp
Adding user `mcp' ...
Adding new group `mcp' (1002) ...
Adding new user `mcp' (1001) with group `mcp' ...
Creating home directory `/home/mcp' ...
Copying files from `/etc/skel' ...
Enter new UNIX password:
Retype new UNIX password:
...
Is the information correct? [Y/n]
# mkdir -m 700 ~mcp/.ssh
# vi ~mcp/.ssh/authorized_keys
# chmod 600 ~mcp/.ssh/authorized_keys
# chown -R mcp: ~mcp/.ssh
# mkdir -p ~mcp/apps/mcp/shared/config
# chown -R mcp: ~mcp/apps
# cd ~mcp/apps/mcp/shared/config
# vi database.yml
# chown mcp: database.yml
# apt-get install curl git-core subversion
Reading package lists... Done
Building dependency tree
Reading state information... Done
# cd /root
# curl -s \
https://rvm.beginrescueend.com/install/rvm \
-o rvm-installer
# chmod +x rvm-installer
# ./rvm-installer --version 1.6.32
Installation of RVM to /usr/local/rvm/ is
complete.
# apt-get install build-essential bison \
openssl libreadline6 libreadline6-dev \
zlib1g zlib1g-dev libssl-dev libyaml-dev \
libsqlite3-0 libsqlite3-dev sqlite3 \
libxml2-dev libxslt-dev autoconf \
libc6-dev ncurses-dev libcurl4-openssl-dev
Reading package lists... Done
Building dependency tree
Reading state information... Done
# rvm install 1.9.2-p290
Installing Ruby from source to:
/usr/local/rvm/rubies/ruby-1.9.2-p290, this
may take a while depending on your cpu(s)...
Install of ruby-1.9.2-p290 - #complete
# source /usr/local/rvm/scripts/rvm
# rvm use 1.9.2-p290
Using /usr/local/rvm/gems/ruby-1.9.2-p290
# gem install passenger -v3.0.8
Fetching: fastthread-1.0.7.gem (100%)
Building native extensions. This could
take a while...
Fetching: daemon_controller-0.2.6.gem (100%)
Fetching: rack-1.3.2.gem (100%)
...
Successfully installed passenger-3.0.8
# passenger-install-nginx-module
Welcome to the Phusion Passenger Nginx
module installer, v3.0.8.
# cd /opt/nginx/conf
# mkdir sites_available sites_enabled
# vi nginx.conf
# cd sites_available
# vi mcp.conf
# ln -s \
/opt/nginx/conf/sites_available/mcp.conf \
/opt/nginx/conf/sites_enabled/mcp.conf
# vi /etc/init.d/nginx
# chmod +x /etc/init.d/nginx
# update-rc.d -f nginx defaults
# /etc/init.d/nginx start
Starting nginx: nginx
$ cap deploy:setup
$ cap deploy:check
$ cap deploy:cold
sudo
user { 'henry':
ensure => present,
uid => '507',
gid => 'staff',
shell => '/bin/zsh',
home => '/home/henry',
managehome => true,
}
$ sudo puppet apply henry.pp
notice:
/Stage[main]//User[henry]/ensure: created
notice: Finished catalog run in 0.25 seconds
$ grep henry /etc/passwd
henry:x:507:50::/home/henry:/bin/zsh
$ sudo chsh henry
Changing shell for henry.
New shell [/bin/zsh]: /bin/bash
Shell changed.
$ sudo puppet apply henry.pp
notice:
/Stage[main]//User[henry]/shell:
shell changed '/bin/bash' to '/bin/zsh'
package { 'openssh-server':
ensure => installed,
}
file { '/etc/sudoers':
ensure => present,
}
service { 'sshd':
ensure => running,
}
group { 'mcp':
ensure => present,
}
user { 'mcp':
ensure => present,
gid => 'mcp',
home => '/home/mcp',
managehome => true,
}
group { 'mcp':
ensure => present,
}
Group['mcp']
user { 'mcp':
ensure => present,
require => Group['mcp'],
}
user { 'mcp':
ensure => present,
require => Group['mcp'],
}
group { 'mcp':
ensure => present,
require => User['mcp'],
}
err: Could not apply complete catalog:
Found dependency cycles in the following
relationships:
User[mcp] => Group[mcp], Group[mcp] => User[mcp];
try using the '--graph' option and open the '.dot'
files in OmniGraffle or GraphViz
ssh_authorized_key { 'mcp-mudge':
ensure => present,
key => 'AAAAB3NzaC1yc2EAAAAB...',
type => dsa,
user => 'mcp',
}
file {
'/home/mcp/apps':
ensure => directory,
owner => 'mcp',
group => 'mcp';
'/home/mcp/apps/mcp':
ensure => directory,
owner => 'mcp',
group => 'mcp';
'/home/mcp/apps/mcp/shared':
ensure => directory,
owner => 'mcp',
group => 'mcp';
'/home/mcp/apps/mcp/shared/config':
ensure => directory,
owner => 'mcp',
group => 'mcp';
}
file { '...config/database.yml':
ensure => present,
owner => 'mcp',
group => 'mcp',
source => 'puppet:///modules/mcp/database.yml',
}
source
file { '/some/config.yml':
source => [
'puppet:///confidential/config.yml',
'puppet:///modules/mcp/config.yml'
],
}
file { '/some/config.yml':
source => [
"puppet:///confidential/config.yml.$hostname",
"puppet:///confidential/config.yml.$tier",
'puppet:///modules/mcp/config.yml'
],
}
$tier = 'test'
# => "puppet:///confidential/config.yml.test"
$tier = 'staging'
# => "puppet:///confidential/config.yml.staging"
$tier = 'live'
# => "puppet:///confidential/config.yml.live"
$db_username = 'bob'
$db_password = 'letmein'
file { '/some/database.yml':
content => template('mcp/database.yml.erb'),
}
production:
adapter: mysql
username: <%= db_username %>
password: <%= db_password %>
extlookup
, ENCs, etc.package { 'rvm-dependencies':
ensure => installed,
name => [
'curl',
'git-core',
'subversion',
'build-essential',
...
],
}
file { '/root/rvm-installer':
ensure => present,
owner => 'root',
group => 'root',
mode => '0700',
source => 'puppet:///modules/mcp/rvm',
}
exec { 'install-rvm':
command => '/root/rvm-installer --version 1.6.32',
cwd => '/root',
unless => 'grep 1.6.32 /usr/local/rvm/VERSION',
path => '/usr/bin:/usr/sbin:/bin:/sbin',
require => Package['rvm-dependencies'],
}
exec { 'rvm install ruby-1.9.2-p290':
creates => '/usr/local/rvm/rubies/ruby-1.9.2-p290',
timeout => 1800,
path => '/usr/local/rvm/bin:/usr/bin...',
require => Exec['install-rvm'],
}
exec { 'install-passenger-3.0.8':
command => 'rvm-shell ... -c "gem install pas..."',
unless => 'rvm-shell ... -c "gem list passen..."',
path => '/usr/local/rvm/bin:/usr/bin:...',
timeout => 1800,
require => Exec['rvm install ruby-1.9.2-p290'],
}
$ rvm-shell ruby-1.9.2-p290 -c \
"gem install passenger -v3.0.8"
$ rvm-shell ruby-1.9.2-p290 -c \
"gem list passenger -v3.0.8 -i"
exec { 'install-nginx':
command => 'rvm-shell ... -c "passenger-..."',
creates => '...agents/nginx/PassengerHelperAgent',
timeout => 1800,
path => '/usr/local/rvm/bin:/usr/bin:...',
require => Exec['install-passenger-3.0.8'],
}
$ rvm-shell ruby-1.9.2-p290 -c \
"passenger-install-nginx-module --auto \
--auto-download \
--prefix=/opt/nginx"
file {
'/opt/nginx/conf/sites_available/mcp.conf':
ensure => present,
owner => 'root',
group => 'root',
source => 'puppet:///modules/mcp/mcp.conf';
'/opt/nginx/conf/sites_enabled/mcp.conf':
ensure => link,
owner => 'root',
group => 'root',
target => '/opt/nginx/c...vailable/mcp.conf',
}
file { '/etc/init.d/nginx':
ensure => present,
owner => 'root',
group => 'root',
mode => '0755',
source => 'puppet:///modules/mcp/nginx',
require => Exec['install-nginx'];
}
service { 'nginx':
ensure => running,
enable => true,
hasrestart => true,
hasstatus => true,
subscribe => File['/opt/nginx/conf/nginx.conf'],
require => [
File['/opt/nginx/conf/nginx.conf'],
File['/etc/init.d/nginx']
],
}
$ puppet apply --noop
config.vm.provision :puppet do |puppet|
puppet.module_path = "modules"
puppet.manifests_path = "manifests"
puppet.manifest_file = "mcp.pp"
end
$ bundle exec vagrant up
[default] Box natty was not found. Fetching box...
[default] Downloading with Vagrant::Downloaders::HTTP...
[default] Downloading box: http://mudge.name/downloads...
[default] Extracting box...
[default] Verifying box...
[default] Cleaning up downloaded box...
[default] Importing base box 'natty'...
[default] Matching MAC address for NAT networking...
[default] Clearing any previously set forwarded ports...
[default] Forwarding ports...
[default] -- ssh: 22 => 2222 (adapter 1)
[default] Creating shared folders metadata...
[default] Running any VM customizations...
[default] Booting VM...
[default] Waiting for VM to boot. This can take a few minutes.
$ bundle exec vagrant provision
[default] Running provisioner: Vagrant::Provisioners::Puppet...
[default] Running Puppet with mcp.pp...
Feature: General catalog policy
In order to ensure a host's catalog
As a manifest developer
I want all catalogs to obey some general rules
Scenario Outline: Compile and verify catalog
Given a node specified by "features/yaml/eg.yml"
When I compile its catalog
Then compilation should succeed
And all resource dependencies should resolve
Examples:
| hostname |
| localhost |