By thomas, Mon, 07/27/2009 - 11:48
The manifests are files that contain a series of functions, types, classes and control logic to apply a set of actions to nodes. In the manifests you define classes which are a grouping of type instances and functions. Classes are then applied to nodes.

There are many types predefined, for a complete list of all types and their usage, see the documentation. Common types used are:

  • augeas
  • cron
  • exec
  • file
  • mailalias
  • mount
  • package
  • selboolean
  • service
  • ssh_authorized_key
  • user
  • yumrepo

To create a new class, use the class keyword. As a simple example, we'll create a class which creates a file in root's home directory called hello, with the word "world" in it. 

class test {
	file {"/root/hello":
		content => "world",
		mode => 644,
		owner => root,
		group => root
	}		
}
To have this class applied to a node, we need to assign the class to the node with the node and include keywords. 
node client15 {
	include test
}
Put these definitions in site.pp and start puppetmaster. 
[root@server0 manifests]# cat site.pp
class test {
	file {"/root/hello":
		content => "world",
		mode => 644,
		owner => root,
		group => root
	}		
}

node client15 {
	include test
}
[root@server0 manifests]# service puppetmaster start
Starting puppetmaster:                                     [  OK  ]
Now that we have a minimal site.pp installed, we can configure our client and test the configuration. We'll configure clients from kickstart later, but to test the install at this point, login to client15 and execute puppet manually. 
[root@client15 ~]# puppetd --no-daemonize  --server server0.example.com --test --no-splay
info: Creating a new certificate request for client15.example.com
info: Creating a new SSL key at /var/lib/puppet/ssl/private_keys/client15.example.com.pem
warning: peer certificate won't be verified in this SSL session
notice: Did not receive certificate
notice: Set to run 'one time'; exiting with no certificate
Our client successfully connected to the puppetmaster but it failed to retrieve a catalog (what puppet calls the collection of actions to perform on the client). This is because our ssl key was not signed by the puppetmaster. Back on the puppetmaster, we'll sign the key for client15 and then try our test again. 

[root@server0 ssl]# puppetca --list
client15.example.com
[root@server0 ssl]# puppetca --sign client15.example.com
Signed client15.example.com
Back on client 15 
[root@client15 ~]# puppetd --no-daemonize  --server server0.example.com --test --no-splay
warning: peer certificate won't be verified in this SSL session
notice: Got signed certificate
info: Caching catalog at /var/lib/puppet/localconfig.yaml
notice: Starting catalog run
notice: //Node[client15]/test/File[/root/hello]/content: defined 'content' as '{md5}7d793037a0760186574b0282f2f435e7'
notice: //Node[client15]/test/File[/root/hello]/owner: defined 'owner' as 'root'
notice: //Node[client15]/test/File[/root/hello]/group: defined 'group' as 'root'
notice: //Node[client15]/test/File[/root/hello]/mode: defined 'mode' as '644'
info: Creating state file /var/lib/puppet/state/state.yaml
notice: Finished catalog run in 0.03 seconds
[root@client15 ~]# cat /root/hello
world[root@client15 ~]#
Now that we have verified that puppet is working, we'll make a proper site.pp file and some useful classes.