Modify README.md to confirm to new template
* updates README's formatting to confirm to new PL module standard * Created TOC linking to major headings in README to enhance readability, enable a user to find what they need quickly, and to act as a document guide.
This commit is contained in:
parent
03a17532d5
commit
70d9d4d900
2 changed files with 363 additions and 69 deletions
BIN
.DS_Store
vendored
Normal file
BIN
.DS_Store
vendored
Normal file
Binary file not shown.
432
README.md
432
README.md
|
@ -1,86 +1,380 @@
|
|||
puppetlabs-puppetdb
|
||||
===================
|
||||
puppetdb
|
||||
=========
|
||||
|
||||
Purpose: Install and manage the PuppetDB server and database, and
|
||||
configure the Puppet master to use PuppetDB
|
||||
Module: puppetlabs/puppetdb (http://forge.puppetlabs.com/puppetlabs/puppetdb)
|
||||
Puppet Version: 2.7+
|
||||
Platforms: RHEL6, Debian6, Ubuntu 10.04
|
||||
####Table of Contents
|
||||
|
||||
Installing and configuring PuppetDB isn’t *too* difficult, but we knew that it
|
||||
could and should be even easier than it was. That’s where the new
|
||||
`puppetlabs/puppetdb` module comes in. Whether you just want to throw PuppetDB
|
||||
onto a test system as quickly as possible so that you can check it out, or you
|
||||
want finer-grained access to managing the individual settings and configuration,
|
||||
this module aims to let you dive in at exactly the level of involvement that you
|
||||
desire.
|
||||
1. [Overview - What is the PuppetDB module?](#overview)
|
||||
2. [Module Description - What does the module do?](#module-description)
|
||||
3. [Setup - The basics of getting started with PuppetDB module](#setup)
|
||||
4. [Usage - The classes and parameters available for configuration](#usage)
|
||||
5. [Implementation - An under-the-hood peek at what the module is doing](#implementation)
|
||||
6. [Limitations - OS compatibility, etc.](#limitations)
|
||||
7. [Development - Guide for contributing to the module](#development)
|
||||
8. [Release Notes - Notes on the most recent updates to the module](#release-notes)
|
||||
|
||||
Here are some of the capabilities of the module; almost all of these are optional,
|
||||
so you are free to pick and choose which ones suit your needs:
|
||||
|
||||
* Installs and manages the core PuppetDB server
|
||||
* Installs and manages the underlying database server (PostgreSQL or a simple
|
||||
embedded database)
|
||||
* Configures your Puppet master to use PuppetDB
|
||||
* Optional support for opening the PuppetDB port in your firewall on
|
||||
RedHat-based distros
|
||||
* Validates your database connection before applying PuppetDB configuration
|
||||
changes, to help make sure that PuppetDB doesn’t end up in a broken state
|
||||
* Validates your PuppetDB connection before applying configuration changes to
|
||||
the Puppet master, to help make sure that your master doesn’t end up in a broken
|
||||
state
|
||||
|
||||
Examples
|
||||
Overview
|
||||
--------
|
||||
In the `tests` directory, there are example manifests that show how you can
|
||||
do a basic setup in a few different configurations. They include examples of
|
||||
setting up PuppetDB and all of its dependencies all on the same node as your
|
||||
Puppet master, and also an example of a 3-node distributed setup in which
|
||||
Puppet, PuppetDB, and PostgreSQL are all running on separate machines.
|
||||
By guiding puppetdb setup and configuration with a puppet master, the PuppetDB module provides fast, streamlined access to data on puppetized infrastructure.
|
||||
|
||||
Also, see `README_GETTING_STARTED.md` for a little more of a guided tour.
|
||||
Module Description
|
||||
-------------------
|
||||
The PuppetDB module provides a quick way to get started using PuppetDB, an open source inventory resource service that manages storage and retrieval of platform-generated data. The module will install PostgreSQL and PuppetDB if you don't have them, as well as set up the connection to puppet master. The module will also provide a dashboard you can use to view the current state of your system.
|
||||
|
||||
For more information about PuppetDB [please see the official PuppetDB documentation.](http://docs.puppetlabs.com/puppetdb/)
|
||||
|
||||
Resource Overview
|
||||
-----------------
|
||||
|
||||
##### `puppetdb` class
|
||||
Setup
|
||||
-----
|
||||
|
||||
This is a sort of ‘all-in-one’ class for the PuppetDB server. It’ll get you up
|
||||
and running with everything you need (including database setup and management)
|
||||
on the server side. The only other thing you’ll need to do is to configure your
|
||||
Puppet master to use PuppetDB... which leads us to:
|
||||
**What PuppetDB affects:**
|
||||
|
||||
##### `puppetdb::master::config` class
|
||||
* package/service/configuration files for PuppetDB
|
||||
* **note**: Using the `database_host` class will cause your routes.yaml file to be overwritten entirely (see **Usage** below for options and more information )
|
||||
* package/service/configuration files for PostgreSQL (optional, but set as default)
|
||||
* puppet master's runtime (via plugins)
|
||||
* puppet master's configuration
|
||||
* system firewall (optional)
|
||||
* listened-to ports
|
||||
|
||||
This class should be used on your Puppet master node. It’ll verify that it can
|
||||
successfully communicate with your PuppetDB server, and then configure your
|
||||
master to use PuppetDB.
|
||||
**Introductory Questions**
|
||||
|
||||
***NOTE***: Using this class involves allowing the module to manipulate your
|
||||
puppet configuration files; in particular: `puppet.conf` and `routes.yaml`. The
|
||||
`puppet.conf` changes are supplemental and should not affect any of your existing
|
||||
settings, but the `routes.yaml` file will be overwritten entirely. If you have an
|
||||
existing `routes.yaml` file, you will want to take care to use the `manage_routes`
|
||||
parameter of this class to prevent the module from managing that file, and
|
||||
you’ll need to manage it yourself.
|
||||
To begin using PuppetDB, you’ll have to make a few decisions:
|
||||
|
||||
##### `puppetdb::server` class
|
||||
* Which database back-end should I use?
|
||||
* PostgreSQL (default) or our embedded database
|
||||
* **note:** We suggest using the embedded database only for experimental environments rather than production, as it does not scale well and can cause difficulty in migrating to Postgres.
|
||||
* Should I run the database on the same node that I run PuppetDB on?
|
||||
* Should I run PuppetDB on the same node that I run my master on?
|
||||
|
||||
This is for managing the PuppetDB server independently of the underlying
|
||||
database that it depends on; so it’ll manage the PuppetDB package, service,
|
||||
config files, etc., but will allow you to manage the database (e.g. postgresql)
|
||||
however you see fit.
|
||||
The answers to those questions will be largely dependent on your answers to questions about your Puppet environment:
|
||||
|
||||
* How many nodes are you managing?
|
||||
* What kind of hardware are you running on?
|
||||
* Is your current load approaching the limits of your hardware?
|
||||
|
||||
##### `puppetdb::database::postgresql` class
|
||||
Depending on your answers to all of the questions above, you will likely fall under one of these set-up options:
|
||||
|
||||
This is a class for managing a postgresql server for use by PuppetDB. It can
|
||||
manage the postgresql packages and service, as well as creating and managing the
|
||||
puppetdb database and database user accounts.
|
||||
1. [Single Node (Testing and Development)](#single-node-setup)
|
||||
2. [Multiple Node (Recommended)](#multiple-node-setup)
|
||||
|
||||
##### Low-level classes
|
||||
### Single Node Setup
|
||||
|
||||
There are several lower-level classes in the module (e.g., `puppetdb::master::*`
|
||||
and `puppetdb::server::*` which you can use to manage individual configuration
|
||||
files or other parts of the system. In the interest of brevity, we’ll skip over
|
||||
those for now... but if you need more fine-grained control over your setup, feel
|
||||
free to dive into the module and have a look!)
|
||||
This approach assumes you will use our default database (PostgreSQL) and run everything (PostgreSQL, PuppetDB, puppet master) all on the same node. This setup will be great for a testing or experimental environment. In this case, your manifest will look
|
||||
like:
|
||||
|
||||
node puppetmaster {
|
||||
# Configure puppetdb and its underlying database
|
||||
include puppetdb
|
||||
# Configure the puppet master to use puppetdb
|
||||
include puppetdb::master::config
|
||||
}
|
||||
|
||||
You can provide some parameters for these classes if you’d like more control, but that is literally all that it will take to get you up and running with the default configuration.
|
||||
|
||||
### Multiple Node Setup
|
||||
|
||||
This approach is for those who prefer not to install PuppetDB on the same node as the puppet master. Your environment will be easier to scale if you are able to dedicate hardware to the individual system components. You may even choose to run the puppetdb server on a different node from the PostgreSQL database that it uses to store its data. So let’s have a look at what a manifest for that scenario might look like:
|
||||
|
||||
**This is an example of a very basic 3-node setup for PuppetDB.**
|
||||
|
||||
This node is our puppet master:
|
||||
|
||||
node puppet {
|
||||
# Here we configure the puppet master to use PuppetDB,
|
||||
# and tell it that the hostname is ‘puppetdb’
|
||||
class { 'puppetdb::master::config':
|
||||
puppetdb_server => 'puppetdb',
|
||||
}
|
||||
}
|
||||
|
||||
This node is our postgres server:
|
||||
|
||||
node puppetdb-postgres {
|
||||
# Here we install and configure postgres and the puppetdb
|
||||
# database instance, and tell postgres that it should
|
||||
# listen for connections to the hostname ‘puppetdb-postgres’
|
||||
class { 'puppetdb::database::postgresql':
|
||||
listen_addresses => 'puppetdb-postgres',
|
||||
}
|
||||
}
|
||||
|
||||
This node is our main puppetdb server:
|
||||
|
||||
node puppetdb {
|
||||
# Here we install and configure PuppetDB, and tell it where to
|
||||
# find the postgres database.
|
||||
class { 'puppetdb::server':
|
||||
database_host => 'puppetdb-postgres',
|
||||
}
|
||||
}
|
||||
|
||||
This should be all it takes to get a 3-node, distributed installation of PuppetDB up and running. Note that, if you prefer, you could easily move two of these classes to a single node and end up with a 2-node setup instead.
|
||||
|
||||
### Beginning with PuppetDB
|
||||
Whether you choose a single node development setup or a multi-node setup, a basic setup of PuppetDB will cause: PostgreSQL to install on the node if it’s not already there; PuppetDB postgres database instance and user account to be created; the postgres connection to be validated and, if successful, PuppetDB to be installed and configured; PuppetDB connection to be validated and, if successful, the puppet master config files to be modified to use PuppetDB; and the puppet master to be restarted so that it will pick up the config changes.
|
||||
|
||||
If your logging level is set to INFO or finer, you should start seeing PuppetDB-related log messages appear in both your puppet master log and your puppetdb log as subsequent agent runs occur.
|
||||
|
||||
If you’d prefer to use PuppetDB’s embedded database rather than PostgreSQL, have a
|
||||
look at the database parameter on the puppetdb class:
|
||||
|
||||
class { 'puppetdb':
|
||||
database => 'embedded',
|
||||
}
|
||||
|
||||
The embedded database can be useful for testing and very small production environments, but it is not recommended for production environments since it consumes a great deal of memory as your number of nodes increase.
|
||||
|
||||
### Cross-node Dependencies
|
||||
|
||||
It is worth noting that there are some cross-node dependencies, which means that the first time you add the module's configurations to your manifests, you may see a few failed puppet runs on the affected nodes.
|
||||
|
||||
PuppetDB handles cross-node dependencies by taking a sort of “eventual consistency” approach. There’s nothing that the module can do to control the order in which your nodes check in, but the module can check to verify that the services it depends on are up and running before it makes configuration changes--so that’s what it does.
|
||||
|
||||
When your puppet master node checks in, it will validate the connectivity to the puppetdb server before it applies its changes to the puppet master config files. If it can’t connect to puppetdb, then the puppet run will fail and the previous config files will be left intact. This prevents your master from getting into a broken state where all incoming puppet runs fail because the master is configured to use a puppetdb server that doesn’t exist yet. The same strategy is used to handle the dependency between the puppetdb server and the postgres server.
|
||||
|
||||
Hence the failed puppet runs. These failures should be limited to 1 failed run on the puppetdb node, and up to 2 failed runs on the puppet master node. After that,
|
||||
all of the dependencies should be satisfied and your puppet runs should start to succeed again.
|
||||
|
||||
You can also manually trigger puppet runs on the nodes in the correct order (Postgres, PuppetDB, puppet master), which will avoid any failed runs.
|
||||
|
||||
Usage
|
||||
------
|
||||
|
||||
PuppetDB supports a large number of configuration options for both configuring the
|
||||
puppetdb service and connecting that service to the puppet master.
|
||||
|
||||
### puppetdb
|
||||
The `puppetdb` class is intended as a high-level abstraction (sort of an 'all-in-one' class) to help simplify the process of getting your puppetdb server up and running. It wraps the slightly-lower-level classes `puppetdb::server` and `puppetdb::database::*`, and it'll get you up and running with everything you need (including database setup and management) on the server side. For maximum configurability, you may choose not to use this class. You may prefer to use the `puppetdb::server` class directly, or manage your puppetdb setup on your own.
|
||||
|
||||
You must declare the class to use it:
|
||||
|
||||
include puppetdb
|
||||
|
||||
**Parameters within `puppetdb`:**
|
||||
|
||||
####`listen_address`
|
||||
|
||||
The address that the web server should bind to for HTTP requests (defaults to `localhost`.'0.0.0.0' = all).
|
||||
|
||||
####`listen_port`
|
||||
|
||||
The port on which the puppetdb web server should accept HTTP requests (defaults to '8080').
|
||||
|
||||
####`open_listen_port`
|
||||
|
||||
If true, open the http_listen\_port on the firewall (defaults to false).
|
||||
|
||||
####`ssl_listen_address`
|
||||
|
||||
The address that the web server should bind to for HTTPS requests (defaults to
|
||||
`$::clientcert`). Set to '0.0.0.0' to listen on all addresses.
|
||||
|
||||
####`ssl_listen_port`
|
||||
|
||||
The port on which the puppetdb web server should accept HTTPS requests (defaults to '8081').
|
||||
|
||||
####`open_ssl_listen_port`
|
||||
|
||||
If true, open the ssl_listen\_port on the firewall (defaults to true).
|
||||
|
||||
####`database`
|
||||
|
||||
Which database backend to use; legal values are `postgres` (default) or `embedded`. The `embedded` db can be used for very small installations or for testing, but is not recommended for use in production environments. For more info, see the [puppetdb docs](http://docs.puppetlabs.com/puppetdb/).
|
||||
|
||||
####`database_port`
|
||||
|
||||
The port that the database server listens on (defaults to `5432`; ignored for `embedded` db).
|
||||
|
||||
####`database_username`
|
||||
|
||||
The name of the database user to connect as (defaults to `puppetdb`; ignored for
|
||||
`embedded` db).
|
||||
|
||||
####`database_password`
|
||||
|
||||
The password for the database user (defaults to `puppetdb`; ignored for `embedded` db).
|
||||
|
||||
####`database_name`
|
||||
|
||||
The name of the database instance to connect to (defaults to `puppetdb`; ignored for `embedded` db).
|
||||
|
||||
####`database_package`
|
||||
|
||||
The puppetdb package name in the package manager.
|
||||
|
||||
####`puppetdb_version`
|
||||
|
||||
The version of the `puppetdb` package that should be installed. You may specify an
|
||||
explicit version number, 'present', or 'latest' (defaults to 'present').
|
||||
|
||||
####`puppetdb_service`
|
||||
|
||||
The name of the puppetdb service.
|
||||
|
||||
####`manage_redhat_firewall`
|
||||
|
||||
*DEPRECATED: Use open_ssl_listen_port instead.*
|
||||
|
||||
Supports a Boolean of true or false, indicating whether or not the module should open a port in the firewall on RedHat-based systems. Defaults to `false`. This parameter is likely to change in future versions. Possible changes include support for non-RedHat systems and finer-grained control over the firewall rule (currently, it simply opens up the postgres port to all TCP connections).
|
||||
|
||||
####`confdir`
|
||||
|
||||
The puppetdb configuration directory (defaults to `/etc/puppetdb/conf.d`).
|
||||
|
||||
### puppetdb:server
|
||||
|
||||
The `puppetdb::server` class manages the puppetdb server independently of the underlying database that it depends on. It will manage the puppetdb package, service, config files, etc., but will still allow you to manage the database (e.g. postgresql) however you see fit.
|
||||
|
||||
class { 'puppetdb::server':
|
||||
database_host => 'puppetdb-postgres',
|
||||
}
|
||||
|
||||
**Parameters within `puppetdb::server`:**
|
||||
|
||||
Mostly the same parameters as `puppetdb`, with one addition
|
||||
|
||||
####`database_host`
|
||||
|
||||
The hostname or IP address of the database server (defaults to `localhost`; ignored for `embedded` db).
|
||||
|
||||
### puppetdb::master::config
|
||||
|
||||
The `puppetdb::master::config` class directs your puppet master to use PuppetDB, which means that this class should be used on your puppet master node. It’ll verify that it can successfully communicate with your puppetdb server, and then configure your master to use PuppetDB.
|
||||
|
||||
Using this class involves allowing the module to manipulate your puppet configuration files; in particular: puppet.conf and routes.yaml. The puppet.conf changes are supplemental and should not affect any of your existing settings, but the routes.yaml file will be overwritten entirely. If you have an existing routes.yaml file, you will want to take care to use the manage_routes parameter of this class to prevent the module from managing that file, and you’ll need to manage it yourself.
|
||||
|
||||
class { 'puppetdb::master::config':
|
||||
puppetdb_server => 'my.host.name',
|
||||
puppetdb_port => 8081,
|
||||
}
|
||||
|
||||
**Parameters within `puppetdb::master::config`:**
|
||||
|
||||
####`puppetdb_server`
|
||||
|
||||
The dns name or ip of the puppetdb server (defaults to the certname of the current node).
|
||||
|
||||
####`puppetdb_port`
|
||||
|
||||
The port that the puppetdb server is running on (defaults to 8081).
|
||||
|
||||
####`manage_routes`
|
||||
|
||||
If true, the module will overwrite the puppet master's routes file to configure it to use PuppetDB (defaults to true).
|
||||
|
||||
####`manage_storeconfigs`
|
||||
|
||||
If true, the module will manage the puppet master's storeconfig settings (defaults to true).
|
||||
|
||||
####`puppet_confdir`
|
||||
|
||||
Puppet's config directory (defaults to `/etc/puppet`).
|
||||
|
||||
####`puppet_conf`
|
||||
|
||||
Puppet's config file (defaults to `/etc/puppet/puppet.conf`).
|
||||
|
||||
####`puppetdb_version`
|
||||
|
||||
The version of the `puppetdb` package that should be installed. You may specify an
|
||||
explicit version number, 'present', or 'latest' (defaults to 'present').
|
||||
|
||||
####`puppetdb_startup_timeout`
|
||||
|
||||
The maximum amount of time that the module should wait for PuppetDB to start up. This is most important during the initial install of PuppetDB (defaults to 15 seconds).
|
||||
|
||||
####`restart_puppet`
|
||||
|
||||
If true, the module will restart the puppet master when PuppetDB configuration files are changed by the module. The default is 'true'. If set to 'false', you must restart the service manually in order to pick up changes to the config files (other than `puppet.conf`).
|
||||
|
||||
### puppetdb::database::postgresql
|
||||
The `puppetdb::database::postgresql` class manages a postgresql server for use by
|
||||
PuppetDB. It can manage the postgresql packages and service, as well as creating and managing the puppetdb database and database user accounts.
|
||||
|
||||
class { 'puppetdb::database::postgresql':
|
||||
listen_addresses => 'my.postgres.host.name',
|
||||
}
|
||||
|
||||
The `listen_address` is a comma-separated list of hostnames or IP addresses on which the postgres server should listen for incoming connections. This defaults to `localhost`. This parameter maps directly to postgresql's `listen_addresses` config option; use a '*' to allow connections on any accessible address.
|
||||
|
||||
Implementation
|
||||
---------------
|
||||
|
||||
### Resource overview
|
||||
|
||||
In addition to the classes and variables mentioned above, PuppetDB includes:
|
||||
|
||||
**puppetdb::master::routes**
|
||||
|
||||
Configures the puppet master to use PuppetDB as the facts terminus. *WARNING*: the
|
||||
current implementation simply overwrites your routes.yaml file; if you have an existing routes.yaml file that you are using for other purposes, you should *not* use this.
|
||||
|
||||
class { 'puppetdb::master::routes':
|
||||
puppet_confdir => '/etc/puppet'
|
||||
}
|
||||
|
||||
**puppetdb::master::storeconfigs**
|
||||
|
||||
Configures the puppet master to enable storeconfigs and to use PuppetDB as the
|
||||
storeconfigs backend.
|
||||
|
||||
class { 'puppetdb::master::storeconfigs':
|
||||
puppet_conf => '/etc/puppet/puppet.conf'
|
||||
}
|
||||
|
||||
**puppetdb::server::database_ini**
|
||||
|
||||
Manages PuppetDB's `database.ini` file.
|
||||
|
||||
class { 'puppetdb::server::database_ini':
|
||||
database_host => 'my.postgres.host',
|
||||
database_port => '5432',
|
||||
database_username => 'puppetdb_pguser',
|
||||
database_password => 'puppetdb_pgpasswd',
|
||||
database_name => 'puppetdb',
|
||||
}
|
||||
|
||||
**puppetdb::server::validate_db**
|
||||
|
||||
Validates that a successful database connection can be established between the node on
|
||||
which this resource is run and the specified puppetdb database instance
|
||||
(host/port/user/password/database name).
|
||||
|
||||
puppetdb::server::validate_db { 'validate my puppetdb database connection':
|
||||
database_host => 'my.postgres.host',
|
||||
database_username => 'mydbuser',
|
||||
database_password => 'mydbpassword',
|
||||
database_name => 'mydbname',
|
||||
}
|
||||
|
||||
### Custom Types
|
||||
|
||||
**puppetdb_conn_validator**
|
||||
|
||||
Verifies that a connection can be successfully established between a node and the puppetdb
|
||||
server. Its primary use is as a precondition to prevent configuration changes from being
|
||||
applied if the puppetdb server cannot be reached, but it could potentially be used for
|
||||
other purposes such as monitoring.
|
||||
|
||||
Limitations
|
||||
------------
|
||||
|
||||
Currently, PuppetDB is compatible with:
|
||||
|
||||
Puppet Version: 2.7+
|
||||
|
||||
Platforms : RHEL6, Debian6, Ubuntu 10.04
|
||||
|
||||
Development
|
||||
------------
|
||||
|
||||
Puppet Labs modules on the Puppet Forge are open projects, and community contributions are essential for keeping them great. We can’t access the huge number of platforms and myriad of hardware, software, and deployment configurations that Puppet is intended to serve.
|
||||
|
||||
We want to keep it as easy as possible to contribute changes so that our modules work in your environment. There are a few guidelines that we need contributors to follow so that we can have a chance of keeping on top of things.
|
||||
|
||||
You can read the complete module contribution guide [on the Puppet Labs wiki.](http://projects.puppetlabs.com/projects/module-site/wiki/Module_contributing)
|
||||
|
||||
Release Notes
|
||||
--------------
|
||||
|
||||
Minor bugfix release (fix a missing dependency in puppetdb::master::* classes).
|
Loading…
Reference in a new issue