By thomas, Wed, 07/29/2009 - 17:02
In this class we'll define those changes that we want on all the machines in our organization. We'll start the class with a class definition and include anything we with to define. As a practical example, we'll create an ssh key for the user signer and install that key on any puppet clients that register with our puppetmaster. We'll also write out the puppet configuration file in /etc/sysconfig (should we need to update it at a later date, it will already be under puppet control).

[root@server0 manifests]# su - signer
[signer@server0 ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/signer/.ssh/id_rsa): 
Created directory '/home/signer/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/signer/.ssh/id_rsa.
Your public key has been saved in /home/signer/.ssh/id_rsa.pub.
The key fingerprint is:
35:b7:84:6d:34:8c:76:9a:8d:7c:3e:4a:e8:c1:1e:fd signer@server0.example.com
[signer@server0 ~]$ cat .ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAr9rnu0jbSPipuZI2umz/v73jeRTjxlX9D7cHSFIaJUUShFSelFUfojkjl4ri4m4qc40icArMa4NMGZ9d3y+ZqMqeIPZVtJKEqkn2E9GJS36N13H75DwVPv4KE2oLR9Zk4T8HovLr50tWbJr5/G6VfwwybR3q6HdJSO7liAKmrJwFokev1fsmiZQX+rADL8XB+gZ/9FsFIi4F4YKsLGQz78CSf/jZ71qNC5Y4HniVQDv6RmZp+koHT6hOPKTuUD/VOWXHxoLc9c6ypkeSMaINvNHDvmUsbp+rNppiZPKnsDFoh3fL4h5pFKJ1DAYjOdnhLKJgwLzmBq7qfYpd/PEw2Q== signer@server0.example.com
[signer@server0 ~]$ exit
[root@server0 manifests]# cat base.pp 
class base {
	remotefile { "/etc/sysconfig/puppet": mode => 644 }
        service { puppet: ensure => true, enable => true, hasrestart => true }
	ssh_authorized_key { "signer":
		ensure => present,
		type => "ssh-rsa",
		key => "AAAAB3NzaC1yc2EAAAABIwAAAQEAr9rnu0jbSPipuZI2umz/v73jeRTjxlX9D7cHSFIaJUUShFSelFUfojkjl4ri4m4qc40icArMa4NMGZ9d3y+ZqMqeIPZVtJKEqkn2E9GJS36N13H75DwVPv4KE2oLR9Zk4T8HovLr50tWbJr5/G6VfwwybR3q6HdJSO7liAKmrJwFokev1fsmiZQX+rADL8XB+gZ/9FsFIi4F4YKsLGQz78CSf/jZ71qNC5Y4HniVQDv6RmZp+koHT6hOPKTuUD/VOWXHxoLc9c6ypkeSMaINvNHDvmUsbp+rNppiZPKnsDFoh3fL4h5pFKJ1DAYjOdnhLKJgwLzmBq7qfYpd/PEw2Q==",
		name => "signer@example.com",
		target => "/root/.ssh/authorized_keys"
	}
}
[root@server0 manifests]# 
Now we have to create /etc/sysconfig/puppet that we referenced in our call to remotefile.
[root@server0 puppet]# pushd /var/lib/puppet/files
/var/lib/puppet/files /etc/puppet
[root@server0 puppet]# mkdir -p files/base/etc/sysconfig
[root@server0 puppet]# mkdir facts
[root@server0 puppet]# cd files/base/etc/sysconfig
[root@server0 sysconfig]# cat puppet
> PUPPET_SERVER=server0.example.com
> PUPPET_EXTRA_OPTS=--factsync
> EOF
[root@server0 files]# popd
/etc/puppet
Next, we'll configure the puppet fileserver to serve out files that are stored in /var/lib/puppet/files/base