Organize webserver configurations with roles and profiles
Sections
The roles and profiles method is a reliable way to build reusable, configurable, and refactorable system configurations.
Roles and profiles allow you to select relevant pieces of code from modules and bundle them together to create your own custom set of code for managing things. Profiles are the individual bundles of code. Roles gather profiles together so you can assign them to nodes. This allows you to efficiently organize your Puppet code.
- Define a profile that configures virtual webhost (vhost) to serve the
example.com
website with a firewall rule. - Create a role to contain the profile.
- Assign the role to the
apache
node group.
puppetlabs/firewall
module to your Puppetfile, following the same process you used to Install the apache module. Remember to add the firewall modules
dependencies (puppetlabs/stdlib
), such
as:mod 'puppetlabs/firewall', '2.3.2'
mod 'puppetlabs/stdlib' , '4.0.0'
Copied!
Set up your prerequisites
Before writing content for roles and profiles, you need to create modules to store them in.
-
Create one module for
profile
and one forrole
directly in your control repo. Do not put them in your Puppetfile. -
Make a new directory in the control repo named
site
. For example,/etc/puppetlabs/code/environments/production/site
. -
Add
site
to themodulepath
in theenvironment.conf
file. Themodulepath
is the place where Puppet looks for module information. For example:modulepath = site:modules:$basemodulepath
. -
Put the
role
andprofile
modules in thesite
directory.
Write a profile for your Apache vhost
Write a webserver profile that includes rules for your Apache vhost and firewall.
- Installed the
puppetlabs/apache
module, thepuppetlabs/firewall
module, and their dependencies from the Forge. - Created the
role
andprofile
modules, as explained in Set up your prerequisites.
Set data for the profile
Hiera is a configuration method that allows you to set defaults in your code or override defaults (in certain circumstances). Use it to refine profile data.
Suppose you want to use the custom fact stage
to represent the
deployment stage of the node, which can be dev
, test
,
or prod
. For this example, use dev
and
prod
.
-
console_data
for data defined in the console. -
nodes/%{trusted.certname}
for per-node overrides. -
stage/%{facts.stage}
for setting stage-specific data. -
common
for global fallback data.
This structure lets you tune the settings for ports and IPs in each stage.
# cat /etc/puppetlabs/code/environments/production/data/stage/dev.yaml
---
profile::webserver::example::content: "Hello from dev\n"
profile::webserver::example::ports:
- '8080'
Copied!
# cat /etc/puppetlabs/code/environments/production/data/stage/prod.yaml
---
profile::webserver::example::ips:
- '0.0.0.0'
- '::'
Copied!
This is a brief introduction to what you can do with structured data in Hiera. To learn more about setting up hierarchical data, see Getting started with Hiera.
Write a role for your Apache webserver
Roles contain sets of profiles. To write roles, think about the machines you're
managing and decide what else they need in addition to the webserver
profile.
apache
node group to use the webserver
profile you just wrote, and that your organization
assigns all machines (including workstations) a profile called profile::base
that manages basic policies and uses some conditional logic
to include operating-system-specific configuration.- In your control repo, open the
.pp
file for therole
module. If it doesn't exist, create the necessary directories and file, such as:/etc/puppetlabs/code/environments/production/site/role/manifests/exampleserver.pp
Copied! - Write a role that includes both the
base
profile and yourwebserver
profile:class role::exampleserver { include profile::base include profile::webserver }
Copied! - You can add more profiles to this role, or create additional roles with more profile configurations based on your needs.
Assign the role to nodes
Assign the exampleserver
role to the node group containing the nodes
that you want to have the Apache vhost configuration you
wrote in the webserver::example
profile.
role::exampleserver
to all nodes in the apache
node
group.-
In the console, click Node groups and select the
apache
node group. -
On the Classes tab, select
role::exampleserver
and click Add class. - Commit the change.
apache
node group manages your Apache vhost based on the rules you wrote in your
webserver
profile. When the nodes check in with PE, PE distributes the
role (and the contained profiles) to the individual nodes and ensures the individual
nodes have the Apache service
and the desired configurations.