If you're still logging in to your systems with separate passwords, or manually pushing updates/installing packages, or just aren't sure if your dev/qa/stage envirorments match your production environment, puppet is for you.

Puppet is a tool used to help you manage your systems.  It can push files, install software, and do many other things.  It is especially useful in Linux environments, but it does support Windows and Mac as well.

Overview

In this example, I'll show you how to use puppet to make sure your user exists on all Linux systems, and push a SSH key for passwordless logins.  You will need to already have a basic puppet setup working, and know how to generate ssh keys.

One thing you want to do is make sure you chain your commands, to make sure they happen in the correct order.  This is accomplished with -> to indicate the order/flow.

Adding the user

Let's get right to it then!  We make sure my user home directory exists, and create it, then make sure my .ssh directory exists, and create it, then finally copy over the key itself.

class linuxkeys {
    file {
        "/home/rdraper":   
   	    owner => rdraper,   
            group => rdraper,   
            mode => 755,  
            ensure => directory;
        }
->
    file {
        "/home/rdraper/.ssh":   
  	    owner => rdraper,   
            group => rdraper,   
            mode => 700,  
            ensure => directory;
        }
->
    file {
	"/home/rdraper/.ssh/authorized_keys":
	owner => rdraper,
	group => rdraper,
	mode => 644,
	source => "puppet:///modules/linuxkeys/authorized_keys_rdraper";
	}
}

But what if your user is not yet defined on the system? So first we will have to define it. There are several ways to do it, depending on which version of puppet you have and what it supports. I'll give you the 2 examples that I have used.  Remember, this will have to be defined before any other rules that relate to the user and chained!

        user { "rdraper":
                ensure  => present,
                groups  => "wheel",
        }

If you have an older version, you might need to use the exec method to run a program. Use this format instead:

	exec { "adduser_rdraper":
		command => "adduser rdraper",
		# path    => [ "/usr/local/bin/", "/bin/" ],  # alternative syntax
		path    => "/usr/local/bin/:/bin/:/usr/sbin/:/usr/local/sbin/",
		unless	=> "grep -c rdraper /etc/passwd",
		#onlyif	=> "grep -c rdraper /etc/passwd", # alternate check
	}

Passwordless login

If you don't already have a sudoers file that enables users in the group wheel to sudo, don't forget to add one. Simply uncomment the following line and copy it in (and chmod +r it).

# %wheel	ALL=(ALL)	NOPASSWD: ALL

And add the file into your class:

	file {	"/etc/sudoers":
		owner => root,
		group => root,
		mode => 440,
		source => "puppet:///modules/linuxkeys/sudoers";
	}

Now that you've got your manifest, you can test to see if the user is created. Run "puppet agent --test" on a node to see if it creates the user. Then you can sudo without a password, after you have logged in (with your SSH key)!

That's it! As you can see, puppet can be very useful, this is just a small snippet of its functionality. There are many other automation tools (like Chef and Salt, see this wiki page for more), but puppet is the most popular.  If you liked this article or want to see how RDA can help integrate puppet into your environment, give us a call or contact us using the form on the right!