Use Puppet Modules to Create a LAMP Stack
- Deprecated guides:
- Ubuntu 14.04
Traducciones al EspañolEstamos traduciendo nuestros guías y tutoriales al Español. Es posible que usted esté viendo una traducción generada automáticamente. Estamos trabajando con traductores profesionales para verificar las traducciones de nuestro sitio web. Este proyecto es un trabajo en curso.
Puppet modules are the building blocks of your Puppet managed servers. Modules install and configure packages, create directories, and generate any other server changes that the user includes in the module. A Puppet module aims to perform all parts of a certain task, such as downloading the Apache package, configuring all files, changing the MPM data, and setting up virtual hosts. Modules are, in turn, broken down into classes that are .pp
files meant to simplify the module into various tasks and improve the module’s readability for any future users.
In this guide, you will create an Apache and a PHP module. A MySQL module will be adapted from the Puppet Lab’s MySQL module found on the Puppet Forge. These steps will create a full LAMP stack on your server and provide an overview of the various ways modules can be utilized.
Before You Begin
Set up a Puppet Master (Ubuntu 18.04) and two Puppet agents (Ubuntu 18.04 and CentOS 7) by following the steps in the Getting Started with Puppet - Basic Installation and Setup guide.
Create the Apache Module
From the Puppet Master, navigate to Puppet’s module directory and create the
apache
directory:cd /etc/puppetlabs/code/environments/production/modules/ sudo mkdir apache
From within the
apache
directory, createmanifests
,templates
,files
, andexamples
directories:cd apache sudo mkdir {manifests,templates,files,examples}
Navigate to the
manifests
directory:cd manifests
From here, the module will be separated into classes, based on the goals of that particular section of code. In this instance, there will be an
init.pp
class for downloading the Apache package, aparams.pp
file to define any variables and parameters,config.pp
to manage any configuration files for the Apache service itself, and avhosts.pp
file to define the virtual hosts. This module will also make use of Hiera data to store variables for each node.
Create the Initial Apache Class and Parameters
From within the
manifests
directory, create aninit.pp
file to hold theapache
class. This class should share its name with the module name. This file will be used to install the Apache package. Since Ubuntu 18.04 and CentOS 7 use different package names for Apache, a variable will be used:- File: /etc/puppetlabs/code/environments/production/modules/apache/manifests/init.pp
1 2 3 4 5 6 7 8
class apache { package { 'apache': name => $apachename, ensure => present, } }
The
package
resource allows for the management of a package. This is used to add, remove, or ensure a package is present. In most cases, the name of the resource (apache
, above) should be the name of the package being managed. Because of the difference in naming conventions, however, this resource is simply calledapache
, while the actual name of the package is called upon with thename
reference.name
, in this instance, calls for the yet-undefined variable$apachename
. Theensure
reference ensures that the package ispresent
.The
params.pp
file will be used to define the needed variables. While these variables could be defined within theinit.pp
file, since more variables will need to be used outside of the resource type itself, using aparams.pp
file allows for variables to be defined inif
statements and used across multiple classes.Create a
params.pp
and add the following code:- File: /etc/puppetlabs/code/environments/production/modules/apache/manifests/params.pp
1 2 3 4 5 6 7 8 9 10 11 12 13
class apache::params { if $::osfamily == 'RedHat' { $apachename = 'httpd' } elsif $::osfamily == 'Debian' { $apachename = 'apache2' } else { fail ( 'this is not a supported distro.') } }
Outside of the original
init.pp
class, each class name needs to branch off ofapache
. As such, this class is calledapache::params
. The name after the double colon should share a name with the file.An
if
statement is used to define the parameters, pulling from information provided by Facter, which is already installed on the Puppet master. In this case, Facter will be used to pull down the operating system family (osfamily
), to discern if it is Red Hat or Debian-based.Note
For the duration of this guide, when something needs to be added to the parameter list the variables needed for Red Hat and Debian will be provided, but the expanding code will not be shown. A complete copy ofparams.pp
can be viewed here.With the parameters finally defined, we need to call the
params.pp
file and the parameters intoinit.pp
. To do this, the parameters need to be added after the class name, but before the opening curly bracket ({
):- File: /etc/puppetlabs/code/environments/production/modules/apache/manifests/init.pp
1 2 3
class apache ( $apachename = $::apache::params::apachename, ) inherits ::apache::params {
The value string
$::apache::params::value
tells Puppet to pull the values from theapache
modules,params
class, followed by the parameter name. The fragmentinherits ::apache::params
allows forinit.pp
to inherit these values.
Manage Configuration Files
The Apache configuration file will be different depending on whether you are working on a Red Hat- or Debian-based system. These can be viewed here: httpd.conf (Red Hat), apache2.conf (Debian).
Copy the content of
httpd.conf
andapache2.conf
in separate files and save them in thefiles
directory located at/etc/puppetlabs/code/environments/production/modules/apache/files
.Both files need to be edited to disable keepalive. You will need to add the line
KeepAlive Off
thehttpd.conf
file. If you do not want to change this setting, a comment should be added to the top of each file:- File: /etc/puppetlabs/code/environments/production/modules/apache/files/httpd.conf
1
# This file is managed by Puppet
Add these files to the
init.pp
file, so Puppet will know where they are located on both the master server and agent nodes. To do this, thefile
resource is used:- File: /etc/puppetlabs/code/environments/production/modules/apache/manifests/init.pp
1 2 3 4 5
file { 'configuration-file': path => $conffile, ensure => file, source => $confsource, }
Because the configuration file is found in two different locations, the resource is given the generic name
configuration-file
with the file path defined as a parameter with thepath
attribute.ensure
ensures that it is a file.source
provides the location on the Puppet master of the files created above.Open the
params.pp
file. The$conffile
and$confsource
variables need to be defined within theif
statement:- File: /etc/puppetlabs/code/environments/production/modules/apache/manifests/params.pp
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
if $::osfamily == 'RedHat' { ... $conffile = '/etc/httpd/conf/httpd.conf' $confsource = 'puppet:///modules/apache/httpd.conf' } elsif $::osfamily == 'Debian' { ... $conffile = '/etc/apache2/apache2.conf' $confsource = 'puppet:///modules/apache/apache2.conf' } else { ...
These parameters will also need to be added to the beginning of the
apache
class declaration in theinit.pp
file, similar to the previous example. A complete copy of theinit.pp
file can be seen here for reference.When the configuration file is changed, Apache needs to restart. To automate this, the
service
resource can be used in combination with thenotify
attribute, which will call the resource to run whenever the configuration file is changed:- File: /etc/puppetlabs/code/environments/production/modules/apache/manifests/init.pp
1 2 3 4 5 6 7 8 9 10 11
file { 'configuration-file': path => $conffile, ensure => file, source => $confsource, notify => Service['apache-service'], } service { 'apache-service': name => $apachename, hasrestart => true, }
The
service
resource uses the already-created parameter that defined the Apache name on Red Hat and Debian systems. Thehasrestart
attribute will trigger a restart of the defined service.
Create the Virtual Hosts Files
Depending on your systems distribution the virtual hosts files will be managed differently. Because of this, the code for virtual hosts will be encased in an if
statement, similar to the one used in the params.pp
class but containing actual Puppet resources. This will provide an example of an alternate use of if
statements within Puppet’s code.
From within the
apache/manifests/
directory, create and open avhosts.pp
file. Add the skeleton of theif
statement:- File: /etc/puppetlabs/code/environments/production/modules/apache/manifests/vhosts.pp
1 2 3 4 5 6 7 8 9 10 11
class apache::vhosts { if $::osfamily == 'RedHat' { } elsif $::osfamily == 'Debian' { } else { } }
The location of the virtual hosts file on our CentOS 7 server is
/etc/httpd/conf.d/vhost.conf
. This file will need to be created as a template on the Puppet master. The same needs to be done for the Ubuntu virtual hosts file, which is located at/etc/apache2/sites-available/example.com.conf
, replacingexample.com
with the server’s FQDN. Navigate to thetemplates
file within theapache
module, and then create two files for your virtual hosts:For Red Hat systems:
- File: /etc/puppetlabs/code/environments/production/modules/apache/templates/vhosts-rh.conf.erb
1 2 3 4 5 6 7 8
<VirtualHost *:80> ServerAdmin <%= @adminemail %> ServerName <%= @servername %> ServerAlias www.<%= @servername %> DocumentRoot /var/www/<%= @servername -%>/public_html/ ErrorLog /var/www/<%- @servername -%>/logs/error.log CustomLog /var/www/<%= @servername -%>/logs/access.log combined </Virtual Host>
For Debian systems:
- File: /etc/puppet/modules/apache/templates/vhosts-deb.conf.erb
1 2 3 4 5 6 7 8 9 10 11
<VirtualHost *:80> ServerAdmin <%= @adminemail %> ServerName <%= @servername %> ServerAlias www.<%= @servername %> DocumentRoot /var/www/html/<%= @servername -%>/public_html/ ErrorLog /var/www/html/<%- @servername -%>/logs/error.log CustomLog /var/www/html/<%= @servername -%>/logs/access.log combined <Directory /var/www/html/<%= @servername -%>/public_html> Require all granted </Directory> </Virtual Host>
Only two variables are used in these files:
adminemail
andservername
. These will be defined on a node-by-node basis, within thesite.pp
file.Return to the
vhosts.pp
file. The templates created can now be referenced in the code:- File: /etc/puppetlabs/code/environments/production/modules/apache/manifests/vhosts.pp
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
class apache::vhosts { if $::osfamily == 'RedHat' { file { '/etc/httpd/conf.d/vhost.conf': ensure => file, content => template('apache/vhosts-rh.conf.erb'), } } elsif $::osfamily == 'Debian' { file { "/etc/apache2/sites-available/$servername.conf": ensure => file, content => template('apache/vhosts-deb.conf.erb'), } } else { fail('This is not a supported distro.') } }
Both distribution families call to the
file
resource and take on the title of the virtual host’s location on the respective distribution. For Debian, this once more means referencing the$servername
value. Thecontent
attribute calls to the respective templates.Note
Values containing variables, such as the name of the Debian file resource above, need to be wrapped in double quotes ("
). Any variables in single quotes ('
) are parsed exactly as written and will not pull in a variable.Both virtual hosts files reference two directories that are not on the systems by default. These can be created through the use of the
file
resource, each located within theif
statement. The completevhosts.conf
file should resemble:- File: /etc/puppetlabs/code/environments/production/modules/apache/manifests/vhosts.pp
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27
class apache::vhosts { if $::osfamily == 'RedHat' { file { '/etc/httpd/conf.d/vhost.conf': ensure => file, content => template('apache/vhosts-rh.conf.erb'), } file { [ '/var/www/$servername', '/var/www/$servername/public_html', '/var/www/$servername/log', ]: ensure => directory, } } elsif $::osfamily == 'Debian' { file { "/etc/apache2/sites-available/$servername.conf": ensure => file, content => template('apache/vhosts-deb.conf.erb'), } file { [ '/var/www/$servername', '/var/www/$servername/public_html', '/var/www/$servername/logs', ]: ensure => directory, } } else { fail ( 'This is not a supported distro.') } }
Test and Run the Module
From within the
apache/manifests/
directory, run thepuppet parser
on all files to ensure the Puppet coding is without error:sudo /opt/puppetlabs/bin/puppet parser validate init.pp params.pp vhosts.pp
It should return empty, barring any issues.
Navigate to the
examples
directory within theapache
module. Create aninit.pp
file and include the created classes. Replace the values for$servername
and$adminemail
with your own:- File: /etc/puppetlabs/code/environments/production/modules/apache/examples/init.pp
1 2 3 4 5
$serveremail = 'webmaster@example.com' $servername = 'example.com' include apache include apache::vhosts
Test the module by running
puppet apply
with the--noop
tag:sudo /opt/puppetlabs/bin/puppet apply --noop init.pp
It should return no errors, and output that it will trigger refreshes from events. To install and configure apache on the Puppet master, this can be run again without
--noop
, if so desired.Navigate back to the main Puppet directory and then to the
manifests
folder (not the one located in the Apache module).cd /etc/puppetlabs/code/environments/production/manifests
If you are continuing this guide from the Getting Started with Puppet - Basic Installation and Setup guide, you should have a
site.pp
file already created. If not, create one now.Open
site.pp
and include the Apache module for each agent node. Also input the variables for theadminemail
andservername
parameters. If you followed the Getting Started with Puppet - Basic Installation and Setup guide, a single node configuration withinsite.pp
will resemble the following:- File: /etc/puppetlabs/code/environments/production/manifests/site.pp
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43
node 'ubuntuhost.example.com' { $adminemail = 'webmaster@example.com' $servername = 'hostname.example.com' include accounts include apache include apache::vhosts resources { 'firewall': purge => true, } Firewall { before => Class['firewall::post'], require => Class['firewall::pre'], } class { ['firewall::pre', 'firewall::post']: } } node 'centoshost.example.com' { $adminemail = 'webmaster@example.com' $servername = 'hostname.example.com' include accounts include apache include apache::vhosts resources { 'firewall': purge => true, } Firewall { before => Class['firewall::post'], require => Class['firewall::pre'], } class { ['firewall::pre', 'firewall::post']: } }
If you did not follow the Getting Started with Puppet - Basic Installation and Setup guide, then your
site.pp
file should resemble the following example:- File: /etc/puppetlabs/code/environments/production/manifests/site.pp
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
node 'ubupuppet.ip.linodeusercontent.com' { $adminemail = 'webmaster@example.com' $servername = 'hostname.example.com' include apache include apache::vhosts } node 'centospuppet.ip.linodeusercontent.com' { $adminemail = 'webmaster@example.com' $servername = 'hostname.example.com' include apache include apache::vhosts }
By default, the Puppet agent service on your managed nodes will automatically check with the master once every 30 minutes and apply any new configurations from the master. You can also manually invoke the Puppet agent process in-between automatic agent runs. To manually run the new module on your agent nodes, log in to the nodes and run:
sudo /opt/puppetlabs/bin/puppet agent -t
Using the MySQL Module
Many modules needed to run a server already exist within Puppet Labs' Puppet Forge. These can be configured just as extensively as a module that you created and can save time since the module need not be created from scratch.
Ensure you are in the /etc/puppetlabs/code/environments/production/modules
directory and install the
Puppet Forge’s MySQL module by PuppetLabs. This will also install any prerequisite modules.
cd /etc/puppetlabs/code/environments/production/modules
sudo /opt/puppetlabs/bin/puppet module install puppetlabs-mysql
Use Hiera to Create Databases
Before you begin to create the configuration files for the MySQL module, consider that you may not want the same values to be used across all agent nodes. To supply Puppet with the correct data per node, Hiera is used. In this instance, you will be using a different root password per node, thus creating different MySQL databases.
Navigate to
/etc/puppet
and create Hiera’s configuration filehiera.yaml
in the mainpuppet
directory. You will use Hiera’s default values:- File: /etc/puppetlabs/code/environments/production/hiera.yaml
1 2 3 4 5 6 7 8
--- version: 5 hierarchy: - name: Common path: common.yaml defaults: data_hash: yaml_data datadir: data
Create the file
common.yaml
. It will be used to define the defaultroot
password for MySQL:- File: /etc/puppetlabs/code/environments/production/common.yaml
1
mysql::server::root_password: 'password'
The
common.yaml
file is used when a variable is not defined elsewhere. This means all servers will share the same MySQL root password. These passwords can also be hashed to increase security.To use the MySQL module’s defaults you can simply add an
include '::mysql::server'
line to thesite.pp
file. However, in this example, you will override some of the module’s defaults to create a database for each of your nodes. Edit thesite.pp
file with the following values:1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39
node 'ubupuppet.ip.linodeusercontent.com' { $adminemail = 'webmaster@example.com' $servername = 'hostname.example.com' include apache include apache::vhosts include php mysql::db { "mydb_${fqdn}": user => 'myuser', password => 'mypass', dbname => 'mydb', host => $::fqdn, grant => ['SELECT', 'UPDATE'], tag => $domain, } } node 'centospuppet.ip.linodeusercontent.com' { $adminemail = 'webmaster@example.com' $servername = 'hostname.example.com' include apache include apache::vhosts include mysql::server include php mysql::db { "mydb_${fqdn}": user => 'myuser', password => 'mypass', dbname => 'mydb', host => $::fqdn, grant => ['SELECT', 'UPDATE'], tag => $domain, } }
You can run these updates manually on each node by SSHing into each node and issuing the following command:
sudo /opt/puppetlabs/bin/puppet agent -t
Otherwise, the Puppet agent service on your managed nodes will automatically check with the master once every 30 minutes and apply any new configurations from the master.
Create the PHP Module
Create the
php
directory in the/etc/puppetlabs/code/environments/production/modules
path, and generate thefiles
,manifests
,templates
, andexamples
directories afterward:sudo mkdir php cd php sudo mkdir {files,manifests,examples,templates}
Create the
init.pp
. This file will use thepackage
resource to install PHP. Two packages will be installed: The PHP package and the PHP extension and application repository. Add the following contents to your file:- File: /etc/puppetlabs/code/environments/production/modules/php/manifests/init.pp
1 2 3 4 5 6 7 8 9 10 11 12
class php { package { 'php': name: $phpname, ensure: present, } package { 'php-pear': ensure: present, } }
Add
include php
to the hosts in yoursites.pp
file:- File: /etc/puppetlabs/code/environments/production/manifests/site.pp
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22
node 'ubupuppet.ip.linodeusercontent.com' { $adminemail = 'webmaster@example.com' $servername = 'hostname.example.com' include apache include apache::vhosts include mysql::database include php } node 'centospuppet.ip.linodeusercontent.com' { $adminemail = 'webmaster@example.com' $servername = 'hostname.example.com' include apache include apache::vhosts include mysql::database include php }
Run the following command on your agent nodes to pull in any changes to your servers.
sudo /opt/puppetlabs/bin/puppet agent -t
Otherwise, the Puppet agent service on your managed nodes will automatically check with the master once every 30 minutes and apply any new configurations from the master.
You should now have a fully functioning LAMP stack on each of your Puppet managed nodes.
This page was originally published on