> My initial "layout" was motivated by a need to "harden" our Linux > systems. I grouped the various hardening configs into: > > Kernel > OS > Network > Shell > Files > Application > > I'm hoping I can create the same module structure within puppet.
Start here: http://docs.puppetlabs.com/guides/modules.html > Using "sudo" as the first example, I want puppet to ensure "/usr/bin/ > sudo" has "4111" file perms and "root:root" ownership. > > Directory layout: > I used this handy script from "ProfFalken" > http://www.threedrunkensysadsonthe.net/2010/04/quick-creation-of-puppet-modules/ > > BUT...this is where things are getting a little grey. I currently > have: > > [root@laptop manifests]# pwd > /etc/puppet/manifests > [root@laptop manifests]# > [root@laptop manifests]# tree os > os > |-- files > |-- lib > | |-- facter > | `-- puppet > | |-- parser > | |-- provider > | `-- type > |-- manifests > | |-- init.pp > | `-- sudo.pp > `-- templates > > 9 directories, 2 files > [root@laptop manifests]# You have your modules in /etc/puppet/manifests directory - which is probably not what you want. Modules should be located in something like /etc/puppet/modules as per instructions above. > [root@laptop manifests]# cat os/manifests/sudo.pp > # /etc/puppet/manifests/classes/sudo.pp > > class sudo { > file { "/etc/sudoers": > owner => "root", > group => "root", > mode => 4111, > } > } > [root@laptop manifests]# > > Am I on the correct track? Close. The class with the same name as the module should live in init.pp. So class sudo {} should be in: $MODULE_PATH/sudo/manifests/init.pp > I'm guessing I should break the classes down into: > sudo::perms > sudo::ownership > sudo::file (have puppet serve the sudo template) Far too fine grained probably :-). 1 class is enough to do all this ... depends on what you are trying to do. Don't go crazy with organisation before you understand the language caveats. Start developing _something_ and see how your organisation works for you. > > then in "os/manifests/site.pp" ..... would I import sudo? > You 'include sudo' or use the parameterized class syntax: class { "sudo": } > and the second question: How would I create hosts groups? I would like > to group my hosts in "dev", "uat", "staging" and "prod" etc? How do you identify these hosts now? I presume you have some DNS naming convention - this is generally what most people do ... they have a dns name such as: foo1.uat.mydomain.com And they identify the class of machine this way by using regsubst or inline_template to extract the 'uat' or 'dev' part out and use that as a variable. Otherwise ... you need to use node classification if your machines are not meaningfully named and identify them with your own knowledge of what the machines do: node roadwarrior.mydomain.com { $hostgroup = "uat" include somestuff } node donaldduck.mydomain.com { $hostgroup = "dev" include somestuff } class somestuff { case $hostgroup { "uat" : { # ... uat related stuff } "dev" : { # ... dev related stuff } } } ken. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
