{"id":31,"date":"2007-08-02T16:24:10","date_gmt":"2007-08-02T21:24:10","guid":{"rendered":"http:\/\/blogs.cae.tntech.edu\/mwr\/2007\/08\/02\/the-new-file-server-puppet-and-modules\/"},"modified":"2024-10-27T14:26:19","modified_gmt":"2024-10-27T14:26:19","slug":"the-new-file-server-puppet-and-modules","status":"publish","type":"post","link":"https:\/\/sites.tntech.edu\/renfro\/2007\/08\/02\/the-new-file-server-puppet-and-modules\/","title":{"rendered":"The New File Server: Puppet and Modules"},"content":{"rendered":"

On to Puppet. I’ve not yet factored everything about the new server out into separate modules or classes; that’ll come later. But things that will either get reused on other systems (e.g., Active Directory ties) or things that need to be generated consistently and repeatedly (e.g., Amanda configurations) have been factored out. The new server’s manifest looks like:<\/p>\n

\nnode ch208r {\n    include cae-host\n\n    # ch208r (new file server) needs:\n\n    # Disk tools (XFS support, LVM support, parted)\n    package {\n        [ \"xfsdump\", \"lvm2\", \"parted\" ]: ensure => installed;\n    }\n    # Backup tools (see amandaconfig module for details)\n    include amanda\n    amanda::amandaconfig {\n        \"holding\":\n            labelstr   => \"HOLDING\",\n            dumpcycle  => 1,\n            tapecycle  => 2,\n            runtapes   => 1;\n        \"daily\":\n            labelstr   => \"DAILY\",\n            dumpcycle  => 35,\n            tapecycle  => 10,\n            runtapes   => 1;\n        \"archival\":\n            labelstr   => \"ARCH[2-9]\",\n            dumpcycle  => 0,\n            tapecycle  => 1000,\n            runtapes   => 4;\n    }\n\n    cron {\n        \"amdump-daily\":\n            command => \"\/usr\/local\/sbin\/mkdisklist > \/etc\/amanda\/daily\/disklist; \/usr\/sbin\/amdump daily; \/usr\/sbin\/amdump holding ; du -shc \/opt\/amanda\/work | tail -1 | mutt -s 'Amanda Disk Usage' 1234567890@vtext.com\",\n            ensure  => present,\n            user    => backup,\n            hour    => 0,\n            minute  => 15;\n    }\n\n    file { \n        \"\/etc\/amanda\/holding\/disklist\": \n            source => \"puppet:\/\/\/files\/apps\/amanda-server\/disklist.holding\"; \n    }\n\n    # Environmental monitoring\n    package {\n        [ \"ipmitool\", \"openipmi\" ]: ensure => installed;\n    }\n    file {\n        \"\/etc\/modules\":\n            source => \"puppet:\/\/\/files\/apps\/ipmitool\/modules\";\n    }\n\n    mount { \"\/home\":\n        atboot  => true,\n        device  => \"\/dev\/md1000\/home\",\n        ensure  => mounted,\n        fstype  => \"xfs\",\n        options => \"defaults\",\n        dump    => \"0\",\n        pass    => \"1\",\n        require => [ Package[\"xfsdump\"], Package[\"lvm2\"] ];\n    }\n\n    include active-directory-fileserver\n    # - NFS export of \/home\/CAE\n    package {\n        [ \"nfs-kernel-server\" ]: ensure => installed;\n    }\n\n    # - scponly for remote file access (no shell access allowed)\n    package {\n        [ \"scponly\" ]:\n            ensure => installed;\n    }\n\n}\n<\/pre>\n
Since the active-directory-fileserver class ties strongly into an active-directory-member class, and that class warrants an entire followup artcle for my authentication notes<\/a>, I’ll hold off on that part for now<\/s> which can be found here<\/a>. But the Amanda configuration code, that’s worth talking about now.<\/p>\n
If you’ve never used Amanda<\/a>, it’s arguably the best multi-system, multi-platform Free Software backup solution out there. We’ve kept it in constant service since late 2002, making this the third major fileserver we’ve put it on. It’s a little fiddly to get installed properly<\/a>:<\/p>\n
\nCreate the config directory (eg. \/usr\/local\/etc\/amanda\/confname) and copy the example\/ files into that directory. Edit these files to be correct for your site, consulting the amanda(8) man page if necessary. You can also send mail to mailto:\/\/amanda-users@amanda.org if you are having trouble deciding how to set things up. You will also need to create the directory for the log and database files for the configuration to use (eg \/usr\/local\/var\/amanda\/confname), and the work directory on the holding disk. These directories need to agree with the parameters in amanda.conf. Don’t forget to make all these directories writable by the dump user!<\/p><\/blockquote>\n
but worth it. Since I have no less than three different Amanda configurations to set up (one for rotating daily backups, one for monthly archival backups, and one to back up the Amanda holding disk as disaster insurance), I figured it was time to make Puppet create my configuration files in addition to copying them to the file server. It wasn’t nearly as difficult as I’d expected, and hopefully this will provide an example that’s easy enough to follow, complicated enough to be useful, and uses enough of Puppet’s module capabilities to keep others from hitting the same walls I did. I don’t claim any of them are perfect, but they’re currently working and relatively clean.<\/p>\n
First, I made a modules directory in the puppet root (\/etc\/puppet, in my case). Then I added the following entry into puppet’s fileserver.conf:<\/p>\n
\n[modules]\n  # path isn't actually used here\n  allow A.B.C.0\/24\n<\/pre>\n
where A.B.C.0\/24 corresponds to the class C subnet that can access the modules. In the modules folder, I created an amandaconfig folder, which currently has the following contents:<\/p>\n
\n\/etc\/puppet\/modules# ls -lR amandaconfig\namandaconfig:\ntotal 12\ndrwxr-xr-x 3 root root 4096 2007-08-02 15:36 files\ndrwxr-xr-x 3 root root 4096 2007-08-02 15:36 manifests\ndrwxr-xr-x 3 root root 4096 2007-08-02 15:36 templates\n\namandaconfig\/files:\ntotal 12\n-rw-r----- 1 root root 1827 2007-08-02 09:41 disklist.systems\n-rwxr-xr-x 1 root root  416 2007-07-31 14:31 mkdisklist\n-rwxr-xr-x 1 root root  390 2007-07-31 14:35 mkdisklist.archival\n\namandaconfig\/manifests:\ntotal 4\n-rw-r--r-- 1 root root 2554 2007-08-01 17:21 init.pp\n\namandaconfig\/templates:\ntotal 8\n-rw-r--r-- 1 root root 1418 2007-08-02 09:52 amanda.conf.erb\n-rw-r--r-- 1 root root   13 2007-07-25 21:05 changer.conf.erb\n<\/pre>\n
The files directory should contain auxiliary files for the module that don’t need to be edited on a per-configuration basis. Mine contains a couple of shell scripts to create amanda disklist files by iterating over the file server’s home directories, and a list of system partitions on other servers and workstations I need to back up daily. The manifests directory contains the Puppet code to create a series of working Amanda configurations, and the templates directory contains files that need to have some search\/replace operations done on a per-configuration basis.<\/p>\n
I also added an import \"amandaconfig\"<\/code> to the top of my site.pp to make sure the new Amanda module was usable.<\/p>\n
The contents of manifests\/init.pp:<\/p>\n
\n# Create a new Amanda configuration set.\nclass amanda {\n    package {\n        [ \"amanda-server\", \"amanda-client\", \"mtx\", \"dump\" ]:\n            ensure => latest;\n    }\n\n    file {\n        \"\/opt\/amanda\":\n            ensure => directory,\n            owner  => root,\n            group  => root,\n            mode   => 0755;\n\n        \"\/opt\/amanda\/work\":\n            ensure => directory,\n            owner  => backup,\n            group  => backup,\n            mode   => 0700;\n\n        \"\/usr\/local\/sbin\/mkdisklist\":\n            source => \"puppet:\/\/\/amandaconfig\/mkdisklist\",\n            owner  => root,\n            group  => backup,\n            mode   => 0750;\n\n        \"\/usr\/local\/sbin\/mkdisklist.archival\":\n            source => \"puppet:\/\/\/amandaconfig\/mkdisklist.archival\",\n            owner  => root,\n            group  => backup,\n            mode   => 0750;\n\n        \"\/etc\/amanda\/disklist.systems\":\n            source => \"puppet:\/\/\/amandaconfig\/disklist.systems\",\n            owner  => root,\n            group  => backup,\n            mode   => 0640;\n    }\n\n    define amandaconfig (\n        $confdir = \"\/etc\/amanda\",\n        $logdir = \"\/var\/log\/amanda\",\n        $libdir = \"\/var\/lib\/amanda\",\n        $user = \"backup\",\n        $group = \"backup\",\n        $dumpcycle = 1,\n        $tapecycle = 2,\n        $runtapes = 1,\n        $labelstr = \"LABEL\"\n    ) {\n\n        file {\n            \"$confdir\/$name\":\n                ensure => directory,\n                owner  => $user,\n                group  => $group,\n                mode   => 0770;\n\n            \"$confdir\/$name\/amanda.conf\":\n                content => template(\"amandaconfig\/amanda.conf.erb\"),\n                ensure  => present,\n                owner   => $user,\n                group   => $group,\n                mode    => 0755;\n\n            \"$confdir\/$name\/changer.conf\":\n                content => template(\"amandaconfig\/changer.conf.erb\"),\n                ensure  => present,\n                owner   => $user,\n                group   => $group,\n                mode    => 0755;\n\n            \"$confdir\/$name\/tapelist\":\n                ensure => present,\n                owner  => $user,\n                group  => $group,\n                mode   => 0600;\n\n            \"$libdir\/$name\":\n                ensure => directory,\n                owner  => $user,\n                group  => $group,\n                mode   => 0770;\n\n            \"$logdir\/$name\":\n                ensure => directory,\n                owner  => $user,\n                group  => $group,\n                mode   => 0770;\n\n        }\n    }\n}\n<\/pre>\n
Everything in the amanda class outside the amandaconfig definition gets evaluated when the node manifest gets to its include amanda<\/code> line. So the necessary holding disks are created, packages are installed, etc. After that, I can answer the questions for what makes each Amanda configuration unique in the amanda::amandaconfig<\/code> stanza. For example:<\/p>\n