I understand how puppet helps setup servers etc., but would you use puppet for something like:
apt-get update && apt-get upgrade
I get the feeling the answer is no, if that is the case, what sort of automated process would you suggest to do these kinds of tasks?
So say I am setting up a new instance (agent) to connect to puppet, how could I wrap together multiple commands that I want to run on the server just to prep it before connecting to the puppet master? I'm hoping I can just write out all the commands in a file, and then somehow run this file.
For things like:
- apt-get update && apt-get upgrade
- install ruby, other libs
- basic server lockdowns etc.
Well, for APT in particular, you can configure many daily jobs, such as update. Just look at
/etc/cron.daily/apt
for a list of variables you can configure, and check the man page forapt.conf
for how to do it. The ones of most interest to you are these:As for upgrading the system, use the package
unattended-upgrades
.Having said all that, I prefer to use Puppet to control what packages must be kept at
ensure => latest
, orensure => version
, as well as controlling pin numbers for various source list and packages.And, I suppose, one could use a configuration like this:
Now, you mention doing stuff before calling puppet agent. Do you mean before running puppet agent for the first time? If so, then a solution such as Foreman might do the trick for you.
Here, where I manage my virtual hosts through Ganeti, we have puppet being installed by Ganeti's instance-debootstrap. We also have a small script we use to install puppet on older servers.
In the end, it is not possible to use an automated solution to install Puppet on existing servers unless said automated solution has been already installed. Our own preference is to install puppet first, and distribute anything else through it.
I have always used cron-apt for unattended automated updates. It is a bit clunky to configure, but once setup it works well. If you pair it with sSMTP you can get automated updates and/or notification via email.
In your situation you could use Puppet to control the cron-apt, sSMTP and crontab configuration files.
Here's my standard setup... tweak as appropriate.
Puppet uses a declarative language in which you specify how things ought to be according to your desired configuration, and you leave the method used to achieve that up to puppet to sort out. As such, it's not incredibly well-suited for running arbitrary commands from time to time.
It's easy enough to ask puppet to ensure that a package is installed, but for regular updates, I'd recommend you have puppet add a line to root's cron to do
$ apt-get update && apt-get upgrade
periodically. If you want to have fine-grained control over which packages get applied, then you could look into running your own apt repository.