├── examples ├── files │ ├── config_dir │ │ ├── 1 │ │ ├── 2 │ │ └── 3 │ ├── mysql.cnf │ ├── motd.txt │ ├── database.yml │ └── run-puppet.sh ├── pry.pp ├── fact_external.txt ├── docker_install.pp ├── facts_hash.pp ├── package_ensure.pp ├── date.sh ├── facts_architecture.pp ├── lookup_type.pp ├── user_remove.pp ├── package.pp ├── facts_distro_codename.pp ├── lookup_merge.pp ├── package_remove.pp ├── expression_numeric.pp ├── docker_image.pp ├── docker_run_hello.pp ├── file_directory.pp ├── lookup.pp ├── file_source.pp ├── package_version.pp ├── service.pp ├── variable_array.pp ├── join.pp ├── pick.pp ├── pry_install.pp ├── string_interpolation.pp ├── template_compute.epp ├── template_hiera.epp ├── aws_credentials.epp ├── docker_absent.pp ├── file_hello.pp ├── file_owner.pp ├── file_symlink.pp ├── package_ensure_params.pp ├── package_puppet_gem.pp ├── variable_simple.pp ├── dirname.pp ├── grep.pp ├── file_tree.pp ├── lint_test.pp ├── variable_string.pp ├── lookup_hash_dot.pp ├── file_mode.pp ├── service_hasrestart.pp ├── fact_memory.pp ├── file_group.pp ├── backup.sh.epp ├── file_http.pp ├── template_hiera_params.epp ├── docker_build_hello.pp ├── fact_if.pp ├── hiera_users.pp ├── loadyaml.pp ├── hiera_users2.pp ├── service_pattern.pp ├── template_iterate.epp ├── aws_sdk.pp ├── file_line.pp ├── docker_run.pp ├── docker_run_nginx.pp ├── fact_networking.pp ├── package_gem.pp ├── empty.pp ├── hiera_hash.pp ├── template_iterate2.epp ├── docker_volume2.pp ├── epp_hiera.pp ├── role_app_server.pp ├── service_custom_restart.pp ├── exec_user.pp ├── eyaml_edit.sh ├── exec_onlyif.pp ├── iteration_hash.pp ├── file_epp.pp ├── package_url.pp ├── service_hasstatus.pp ├── template_params.epp ├── file_line_match.pp ├── if.pp ├── profile_nginx.pp ├── hiera_minimal.config.yaml ├── iteration_each.pp ├── template_if.epp ├── docker_mount.pp ├── docker_non_service.pp ├── hash_attributes.pp ├── file_inline_epp.pp ├── file_line_absent.pp ├── variable_hash.pp ├── docker_run_many.pp ├── docker_volume.pp ├── role_app_server_profiles.pp ├── exec.pp ├── class_params.pp ├── type_alias.pp ├── epp_params.pp ├── user.pp ├── cron.pp ├── module_mysql.pp ├── aws_hiera.pp ├── fact_cloud.pp ├── docker_build_nginx.pp ├── lookup2.pp ├── member_has_key.pp ├── lookup_hash.pp ├── resource_array.pp ├── exec_refreshonly.pp ├── expression_boolean.pp ├── package_file_service.pp ├── run-puppet.pp ├── fqdn_rand.pp ├── ssh_authorized_key.pp ├── iteration_simple.pp ├── module_archive.pp ├── regex.pp ├── case.pp ├── type_alias_pattern.pp ├── package_file_service_require.pp ├── Dockerfile.pbg-demo ├── module_apache.pp ├── Dockerfile.hello ├── Dockerfile.nginx ├── class_params2.pp ├── Dockerfile.nginx.epp ├── docker_network.pp ├── docker_template.pp ├── Dockerfile.website.epp ├── docker_website.pp ├── aws_instance.pp ├── profile_tomcat.pp ├── defined_resource_type.pp ├── aws_vpc.pp └── iam_policy.json ├── puppet ├── .gitignore ├── Puppetfile ├── hiera.yaml └── data │ ├── aws.yaml │ └── common.yaml ├── .gitignore ├── .github └── FUNDING.yml ├── scripts ├── start_vagrant.sh └── vagrant_provision.sh ├── img └── robot_butler.png ├── LICENSE ├── README.md └── Vagrantfile /examples/files/config_dir/1: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /examples/files/config_dir/2: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /examples/files/config_dir/3: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /examples/pry.pp: -------------------------------------------------------------------------------- 1 | pry() 2 | -------------------------------------------------------------------------------- /puppet/.gitignore: -------------------------------------------------------------------------------- 1 | modules 2 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .vagrant 2 | *.swp 3 | 4 | -------------------------------------------------------------------------------- /examples/fact_external.txt: -------------------------------------------------------------------------------- 1 | cloud=aws 2 | -------------------------------------------------------------------------------- /examples/docker_install.pp: -------------------------------------------------------------------------------- 1 | include docker 2 | -------------------------------------------------------------------------------- /examples/facts_hash.pp: -------------------------------------------------------------------------------- 1 | notice($facts['kernel']) 2 | -------------------------------------------------------------------------------- /examples/package_ensure.pp: -------------------------------------------------------------------------------- 1 | ensure_packages(['cowsay']) 2 | -------------------------------------------------------------------------------- /examples/date.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo "date=`date +%F`" 3 | -------------------------------------------------------------------------------- /examples/facts_architecture.pp: -------------------------------------------------------------------------------- 1 | notice($facts['os']['architecture']) 2 | -------------------------------------------------------------------------------- /examples/lookup_type.pp: -------------------------------------------------------------------------------- 1 | notice(lookup('apparmor_enabled', Boolean)) 2 | -------------------------------------------------------------------------------- /examples/user_remove.pp: -------------------------------------------------------------------------------- 1 | user { 'godot': 2 | ensure => absent, 3 | } 4 | -------------------------------------------------------------------------------- /examples/package.pp: -------------------------------------------------------------------------------- 1 | package { 'cowsay': 2 | ensure => installed, 3 | } 4 | -------------------------------------------------------------------------------- /examples/facts_distro_codename.pp: -------------------------------------------------------------------------------- 1 | notice($facts['os']['distro']['codename']) 2 | -------------------------------------------------------------------------------- /examples/lookup_merge.pp: -------------------------------------------------------------------------------- 1 | notice(lookup('firewall_allow_list', Array, 'unique')) 2 | -------------------------------------------------------------------------------- /examples/package_remove.pp: -------------------------------------------------------------------------------- 1 | package { 'apparmor': 2 | ensure => absent, 3 | } 4 | -------------------------------------------------------------------------------- /examples/expression_numeric.pp: -------------------------------------------------------------------------------- 1 | $value = (17 * 8) + (12 / 4) - 1 2 | notice($value) 3 | -------------------------------------------------------------------------------- /examples/docker_image.pp: -------------------------------------------------------------------------------- 1 | docker::image { 'bitfield/hello': 2 | ensure => latest, 3 | } 4 | -------------------------------------------------------------------------------- /examples/docker_run_hello.pp: -------------------------------------------------------------------------------- 1 | docker::run { 'pbg-hello': 2 | image => 'pbg-hello', 3 | } 4 | -------------------------------------------------------------------------------- /examples/file_directory.pp: -------------------------------------------------------------------------------- 1 | file { '/etc/config_dir': 2 | ensure => directory, 3 | } 4 | -------------------------------------------------------------------------------- /examples/lookup.pp: -------------------------------------------------------------------------------- 1 | file { lookup('backup_path', String): 2 | ensure => directory, 3 | } 4 | -------------------------------------------------------------------------------- /.github/FUNDING.yml: -------------------------------------------------------------------------------- 1 | # These are supported funding model platforms 2 | 3 | github: bitfield 4 | -------------------------------------------------------------------------------- /examples/file_source.pp: -------------------------------------------------------------------------------- 1 | file { '/etc/motd': 2 | source => '/examples/files/motd.txt', 3 | } 4 | -------------------------------------------------------------------------------- /examples/package_version.pp: -------------------------------------------------------------------------------- 1 | package { 'openssl': 2 | ensure => '1.0.2g-1ubuntu4.8', 3 | } 4 | -------------------------------------------------------------------------------- /examples/service.pp: -------------------------------------------------------------------------------- 1 | service { 'sshd': 2 | ensure => running, 3 | enable => true, 4 | } 5 | -------------------------------------------------------------------------------- /scripts/start_vagrant.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | vagrant plugin install vagrant-vbguest 3 | vagrant up 4 | -------------------------------------------------------------------------------- /examples/files/mysql.cnf: -------------------------------------------------------------------------------- 1 | !includedir /etc/mysql/conf.d/ 2 | !includedir /etc/mysql/mysql.conf.d/ 3 | -------------------------------------------------------------------------------- /examples/variable_array.pp: -------------------------------------------------------------------------------- 1 | $heights = [193, 120, 181, 164, 172] 2 | 3 | $first_height = $heights[0] 4 | -------------------------------------------------------------------------------- /examples/join.pp: -------------------------------------------------------------------------------- 1 | $values = ['1', '2', '3'] 2 | notice(join($values, '... ')) 3 | 4 | # Result: '1... 2... 3' 5 | -------------------------------------------------------------------------------- /examples/pick.pp: -------------------------------------------------------------------------------- 1 | $remote_host = '' 2 | notice(pick($remote_host, 'localhost')) 3 | 4 | # Result: 'localhost' 5 | -------------------------------------------------------------------------------- /examples/pry_install.pp: -------------------------------------------------------------------------------- 1 | ensure_packages(['pry'], 2 | { 3 | 'provider' => 'puppet_gem', 4 | } 5 | ) 6 | -------------------------------------------------------------------------------- /examples/string_interpolation.pp: -------------------------------------------------------------------------------- 1 | $my_name = 'John' 2 | notice("Hello, ${my_name}! It's great to meet you!") 3 | -------------------------------------------------------------------------------- /examples/template_compute.epp: -------------------------------------------------------------------------------- 1 | innodb_buffer_pool_size=<%= $facts['memory']['system']['total_bytes'] * 3/4 %> 2 | -------------------------------------------------------------------------------- /examples/template_hiera.epp: -------------------------------------------------------------------------------- 1 | AllowUsers<% lookup('users').each | $user | { -%> 2 | <%= $user -%> 3 | <% } %> 4 | -------------------------------------------------------------------------------- /img/robot_butler.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bitfield/puppet-beginners-guide-3/HEAD/img/robot_butler.png -------------------------------------------------------------------------------- /examples/aws_credentials.epp: -------------------------------------------------------------------------------- 1 | <%- | String $aws_access_key | -%> 2 | aws_access_key_id = <%= $aws_access_key %> 3 | -------------------------------------------------------------------------------- /examples/docker_absent.pp: -------------------------------------------------------------------------------- 1 | docker::run { 'hello': 2 | ensure => absent, 3 | image => 'bitfield/hello', 4 | } 5 | -------------------------------------------------------------------------------- /examples/file_hello.pp: -------------------------------------------------------------------------------- 1 | file { '/tmp/hello.txt': 2 | ensure => file, 3 | content => "hello, world\n", 4 | } 5 | -------------------------------------------------------------------------------- /examples/file_owner.pp: -------------------------------------------------------------------------------- 1 | file { '/etc/owned_by_ubuntu': 2 | ensure => present, 3 | owner => 'ubuntu', 4 | } 5 | -------------------------------------------------------------------------------- /examples/file_symlink.pp: -------------------------------------------------------------------------------- 1 | file { '/etc/this_is_a_link': 2 | ensure => link, 3 | target => '/etc/motd', 4 | } 5 | -------------------------------------------------------------------------------- /examples/package_ensure_params.pp: -------------------------------------------------------------------------------- 1 | ensure_packages(['cowsay'], 2 | { 3 | 'ensure' => 'latest', 4 | } 5 | ) 6 | -------------------------------------------------------------------------------- /examples/package_puppet_gem.pp: -------------------------------------------------------------------------------- 1 | package { 'r10k': 2 | ensure => installed, 3 | provider => puppet_gem, 4 | } 5 | -------------------------------------------------------------------------------- /examples/variable_simple.pp: -------------------------------------------------------------------------------- 1 | $my_name = 'Zaphod Beeblebrox' 2 | $answer = 42 3 | $scheduled_for_demolition = true 4 | -------------------------------------------------------------------------------- /examples/dirname.pp: -------------------------------------------------------------------------------- 1 | $file = '/var/www/vhosts/mysite' 2 | notice(dirname($file)) 3 | 4 | # Result: '/var/www/vhosts' 5 | -------------------------------------------------------------------------------- /examples/grep.pp: -------------------------------------------------------------------------------- 1 | $values = ['foo', 'bar', 'baz'] 2 | notice(grep($values, 'ba.*')) 3 | 4 | # Result: ['bar', 'baz'] 5 | -------------------------------------------------------------------------------- /examples/file_tree.pp: -------------------------------------------------------------------------------- 1 | file { '/etc/config_dir': 2 | source => '/examples/files/config_dir', 3 | recurse => true, 4 | } 5 | -------------------------------------------------------------------------------- /examples/lint_test.pp: -------------------------------------------------------------------------------- 1 | file { '/tmp/lint.txt': 2 | ensure => file, 3 | content => "puppet-lint is your friend\n", 4 | } 5 | -------------------------------------------------------------------------------- /examples/variable_string.pp: -------------------------------------------------------------------------------- 1 | $php_package = 'php7.0-cli' 2 | 3 | package { $php_package: 4 | ensure => installed, 5 | } 6 | -------------------------------------------------------------------------------- /examples/lookup_hash_dot.pp: -------------------------------------------------------------------------------- 1 | $web_root = lookup('cms_parameters.static.web_root', String) 2 | notice("web_root is ${web_root}") 3 | -------------------------------------------------------------------------------- /examples/file_mode.pp: -------------------------------------------------------------------------------- 1 | file { '/etc/owned_by_ubuntu': 2 | ensure => present, 3 | owner => 'ubuntu', 4 | mode => '0644', 5 | } 6 | -------------------------------------------------------------------------------- /examples/service_hasrestart.pp: -------------------------------------------------------------------------------- 1 | service { 'ntp': 2 | ensure => running, 3 | enable => true, 4 | hasrestart => true, 5 | } 6 | -------------------------------------------------------------------------------- /examples/fact_memory.pp: -------------------------------------------------------------------------------- 1 | $buffer_pool = $facts['memory']['system']['total_bytes'] * 3/4 2 | notice("innodb_buffer_pool_size=${buffer_pool}") 3 | -------------------------------------------------------------------------------- /examples/file_group.pp: -------------------------------------------------------------------------------- 1 | file { '/etc/owned_by_ubuntu': 2 | ensure => present, 3 | owner => 'ubuntu', 4 | group => 'ubuntu', 5 | } 6 | -------------------------------------------------------------------------------- /examples/files/motd.txt: -------------------------------------------------------------------------------- 1 | The best software in the world only sucks. The worst software is significantly worse than that. 2 | -Luke Kanies 3 | -------------------------------------------------------------------------------- /examples/backup.sh.epp: -------------------------------------------------------------------------------- 1 | <%- | String $data_dir | -%> 2 | #!/bin/bash 3 | mkdir -p /backup 4 | tar cvzf /backup/backup.tar.gz <%= $data_dir %> 5 | -------------------------------------------------------------------------------- /examples/file_http.pp: -------------------------------------------------------------------------------- 1 | file { '/tmp/README.md': 2 | source => 'https://raw.githubusercontent.com/puppetlabs/puppet/master/README.md', 3 | } 4 | -------------------------------------------------------------------------------- /examples/template_hiera_params.epp: -------------------------------------------------------------------------------- 1 | <% | Array[String] $users | -%> 2 | AllowUsers<% $users.each | $user | { -%> 3 | <%= $user -%> 4 | <% } %> 5 | -------------------------------------------------------------------------------- /examples/docker_build_hello.pp: -------------------------------------------------------------------------------- 1 | docker::image { 'pbg-hello': 2 | docker_file => '/examples/Dockerfile.hello', 3 | ensure => latest, 4 | } 5 | -------------------------------------------------------------------------------- /examples/fact_if.pp: -------------------------------------------------------------------------------- 1 | if $facts['os']['selinux']['enabled'] { 2 | notice('SELinux is enabled') 3 | } else { 4 | notice('SELinux is disabled') 5 | } 6 | -------------------------------------------------------------------------------- /examples/hiera_users.pp: -------------------------------------------------------------------------------- 1 | lookup('users', Array[String]).each | String $username | { 2 | user { $username: 3 | ensure => present, 4 | } 5 | } 6 | -------------------------------------------------------------------------------- /examples/files/database.yml: -------------------------------------------------------------------------------- 1 | development: 2 | adapter: mysql 3 | database: dev_db 4 | username: root 5 | password: 6 | socket: /tmp/mysql.sock 7 | -------------------------------------------------------------------------------- /examples/files/run-puppet.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | cd /etc/puppetlabs/code/environments/production && git pull 3 | /opt/puppetlabs/bin/puppet apply manifests/ 4 | -------------------------------------------------------------------------------- /examples/loadyaml.pp: -------------------------------------------------------------------------------- 1 | $db_config = loadyaml('/examples/files/database.yml') 2 | notice($db_config['development']['database']) 3 | 4 | # Result: 'dev_db' 5 | -------------------------------------------------------------------------------- /examples/hiera_users2.pp: -------------------------------------------------------------------------------- 1 | lookup('users2', Hash, 'hash').each | String $username, Hash $attrs | { 2 | user { $username: 3 | * => $attrs, 4 | } 5 | } 6 | -------------------------------------------------------------------------------- /examples/service_pattern.pp: -------------------------------------------------------------------------------- 1 | service { 'ntp': 2 | ensure => running, 3 | enable => true, 4 | hasstatus => false, 5 | pattern => 'ntpd', 6 | } 7 | -------------------------------------------------------------------------------- /examples/template_iterate.epp: -------------------------------------------------------------------------------- 1 | <% $facts['networking']['interfaces'].each |String $interface, Hash $attrs| { -%> 2 | interface <%= $interface %>; 3 | <% } -%> 4 | -------------------------------------------------------------------------------- /examples/aws_sdk.pp: -------------------------------------------------------------------------------- 1 | ensure_packages( 2 | [ 3 | 'aws-sdk-core', 4 | 'retries' 5 | ], 6 | { 7 | 'provider' => 'puppet_gem' 8 | } 9 | ) 10 | -------------------------------------------------------------------------------- /examples/file_line.pp: -------------------------------------------------------------------------------- 1 | file_line { 'set ulimits': 2 | path => '/etc/security/limits.conf', 3 | line => 'www-data - nofile 32768', 4 | } 5 | -------------------------------------------------------------------------------- /examples/docker_run.pp: -------------------------------------------------------------------------------- 1 | docker::run { 'hello': 2 | image => 'bitfield/hello', 3 | command => '/bin/sh -c "while true; do echo Hello, world; sleep 1; done"', 4 | } 5 | -------------------------------------------------------------------------------- /examples/docker_run_nginx.pp: -------------------------------------------------------------------------------- 1 | docker::run { 'pbg-nginx': 2 | image => 'pbg-nginx:latest', 3 | ports => ['80:80'], 4 | pull_on_start => true, 5 | } 6 | -------------------------------------------------------------------------------- /examples/fact_networking.pp: -------------------------------------------------------------------------------- 1 | notice("My hostname is ${facts['hostname']}") 2 | notice("My FQDN is ${facts['fqdn']}") 3 | notice("My IP is ${facts['networking']['ip']}") 4 | -------------------------------------------------------------------------------- /examples/package_gem.pp: -------------------------------------------------------------------------------- 1 | package { 'ruby': 2 | ensure => installed, 3 | } 4 | 5 | package { 'puppet-lint': 6 | ensure => installed, 7 | provider => gem, 8 | } 9 | -------------------------------------------------------------------------------- /examples/empty.pp: -------------------------------------------------------------------------------- 1 | notice(empty('')) 2 | 3 | # Result: true 4 | 5 | notice(empty([])) 6 | 7 | # Result: true 8 | 9 | notice(empty({})) 10 | 11 | # Result: true 12 | -------------------------------------------------------------------------------- /examples/hiera_hash.pp: -------------------------------------------------------------------------------- 1 | $cobbler_config = lookup('cobbler_config') 2 | 3 | $manage_dhcp = $cobbler_config['manage_dhcp'] 4 | $pxe_just_once = $cobbler_config['pxe_just_once'] 5 | -------------------------------------------------------------------------------- /examples/template_iterate2.epp: -------------------------------------------------------------------------------- 1 | <% $facts['networking']['interfaces'].each |String $interface, Hash $attrs| { -%> 2 | local_address <%= $attrs['bindings'][0]['address'] %>; 3 | <% } -%> 4 | -------------------------------------------------------------------------------- /examples/docker_volume2.pp: -------------------------------------------------------------------------------- 1 | docker::run { 'volume_test2': 2 | image => 'nginx:1.13.3-alpine', 3 | volumes => ['pbg-volume:/usr/share/nginx/html'], 4 | ports => ['80:80'], 5 | } 6 | -------------------------------------------------------------------------------- /examples/epp_hiera.pp: -------------------------------------------------------------------------------- 1 | file { '/tmp/sshd_config_example': 2 | content => epp('/examples/template_hiera_params.epp', 3 | { 4 | 'users' => lookup('users'), 5 | } 6 | ), 7 | } 8 | -------------------------------------------------------------------------------- /examples/role_app_server.pp: -------------------------------------------------------------------------------- 1 | # Be an app server 2 | class role::app_server { 3 | include postgresql 4 | include apache 5 | include java 6 | include tomcat 7 | include my_app 8 | } 9 | -------------------------------------------------------------------------------- /examples/service_custom_restart.pp: -------------------------------------------------------------------------------- 1 | service { 'ntp': 2 | ensure => running, 3 | enable => true, 4 | restart => '/bin/echo Restarting >>/tmp/debug.log && systemctl restart ntp', 5 | } 6 | -------------------------------------------------------------------------------- /examples/exec_user.pp: -------------------------------------------------------------------------------- 1 | exec { 'say-hello': 2 | command => '/bin/echo Hello, this is `whoami` >/tmp/hello-ubuntu.txt', 3 | user => 'ubuntu', 4 | creates => '/tmp/hello-ubuntu.txt', 5 | } 6 | -------------------------------------------------------------------------------- /examples/eyaml_edit.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | /opt/puppetlabs/puppet/bin/eyaml edit --gpg-always-trust --gpg-recipients=puppet@cat-pictures.com /etc/puppetlabs/code/environments/pbg/data/secret.eyaml 3 | -------------------------------------------------------------------------------- /examples/exec_onlyif.pp: -------------------------------------------------------------------------------- 1 | exec { 'process-incoming-cat-pictures': 2 | command => '/usr/local/bin/cat-picture-generator --import /tmp/incoming/*', 3 | onlyif => '/bin/ls /tmp/incoming/*', 4 | } 5 | -------------------------------------------------------------------------------- /examples/iteration_hash.pp: -------------------------------------------------------------------------------- 1 | $nics = $facts['networking']['interfaces'] 2 | $nics.each | String $interface, Hash $attributes | { 3 | notice("Interface ${interface} has IP ${attributes['ip']}") 4 | } 5 | -------------------------------------------------------------------------------- /examples/file_epp.pp: -------------------------------------------------------------------------------- 1 | file { '/usr/local/bin/backup': 2 | content => epp('/examples/backup.sh.epp', 3 | { 4 | 'data_dir' => '/examples', 5 | } 6 | ), 7 | mode => '0755', 8 | } 9 | -------------------------------------------------------------------------------- /examples/package_url.pp: -------------------------------------------------------------------------------- 1 | package { 'docker-engine': 2 | provider => dpkg, 3 | source => 'http://apt.dockerproject.org/repo/pool/main/d/docker-engine/docker-engine_1.11.0-0~xenial_amd64.deb', 4 | } 5 | -------------------------------------------------------------------------------- /examples/service_hasstatus.pp: -------------------------------------------------------------------------------- 1 | package { 'ntp': 2 | ensure => installed, 3 | } 4 | 5 | service { 'ntp': 6 | ensure => running, 7 | enable => true, 8 | hasstatus => false, 9 | } 10 | -------------------------------------------------------------------------------- /examples/template_params.epp: -------------------------------------------------------------------------------- 1 | <% | String[1] $aws_access_key, 2 | String[1] $aws_secret_key, 3 | | -%> 4 | aws_access_key_id = <%= $aws_access_key %> 5 | aws_secret_access_key = <%= $aws_secret_key %> 6 | -------------------------------------------------------------------------------- /examples/file_line_match.pp: -------------------------------------------------------------------------------- 1 | file_line { 'adjust ulimits': 2 | path => '/etc/security/limits.conf', 3 | line => 'www-data - nofile 9999', 4 | match => '^www-data .* nofile', 5 | } 6 | -------------------------------------------------------------------------------- /examples/if.pp: -------------------------------------------------------------------------------- 1 | $install_perl = true 2 | if $install_perl { 3 | package { 'perl': 4 | ensure => installed, 5 | } 6 | } else { 7 | package { 'perl': 8 | ensure => absent, 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /examples/profile_nginx.pp: -------------------------------------------------------------------------------- 1 | # Install Nginx from mainline repo 2 | class profile::nginx { 3 | class { 'nginx': 4 | manage_repo => true, 5 | package_source => 'nginx-mainline', 6 | } 7 | 8 | } 9 | -------------------------------------------------------------------------------- /examples/hiera_minimal.config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | version: 5 3 | 4 | defaults: 5 | datadir: data 6 | data_hash: yaml_data 7 | 8 | hierarchy: 9 | - name: "Common defaults" 10 | path: "common.yaml" 11 | -------------------------------------------------------------------------------- /examples/iteration_each.pp: -------------------------------------------------------------------------------- 1 | $tasks = ['task1', 'task2', 'task3'] 2 | $tasks.each | $task | { 3 | file { "/usr/local/bin/${task}": 4 | content => "echo I am ${task}\n", 5 | mode => '0755', 6 | } 7 | } 8 | -------------------------------------------------------------------------------- /examples/template_if.epp: -------------------------------------------------------------------------------- 1 | <% if $ssl_enabled { -%> 2 | ## SSL directives 3 | SSLEngine on 4 | SSLCertificateFile "<%= $ssl_cert %>" 5 | SSLCertificateKeyFile "<%= $ssl_key %>" 6 | ... 7 | <% } -%> 8 | -------------------------------------------------------------------------------- /examples/docker_mount.pp: -------------------------------------------------------------------------------- 1 | docker::run { 'mount_test': 2 | image => 'library/alpine:3.6', 3 | volumes => ['/tmp/container_data:/mnt/data'], 4 | command => '/bin/sh -c "echo Hello, world >/mnt/data/hello.txt"', 5 | } 6 | -------------------------------------------------------------------------------- /examples/docker_non_service.pp: -------------------------------------------------------------------------------- 1 | docker::run { 'hello': 2 | image => 'bitfield/hello', 3 | command => '/bin/sh -c "while true; do echo Hello, world; sleep 1; done"', 4 | manage_service => false, 5 | } 6 | -------------------------------------------------------------------------------- /examples/hash_attributes.pp: -------------------------------------------------------------------------------- 1 | $attributes = { 2 | 'owner' => 'ubuntu', 3 | 'group' => 'ubuntu', 4 | 'mode' => '0644', 5 | } 6 | 7 | file { '/tmp/test': 8 | ensure => present, 9 | * => $attributes, 10 | } 11 | -------------------------------------------------------------------------------- /examples/file_inline_epp.pp: -------------------------------------------------------------------------------- 1 | $web_root = '/var/www' 2 | $backup_dir = '/backup/www' 3 | 4 | file { '/usr/local/bin/backup': 5 | content => inline_epp('rsync -a <%= $web_root %>/ <%= $backup_dir %>/'), 6 | mode => '0755', 7 | } 8 | -------------------------------------------------------------------------------- /examples/file_line_absent.pp: -------------------------------------------------------------------------------- 1 | file_line { 'remove dash from valid shells': 2 | ensure => absent, 3 | path => '/etc/shells', 4 | match => '^/bin/dash', 5 | match_for_absence => true, 6 | } 7 | -------------------------------------------------------------------------------- /examples/variable_hash.pp: -------------------------------------------------------------------------------- 1 | $heights = { 2 | 'john' => 193, 3 | 'rabiah' => 120, 4 | 'abigail' => 181, 5 | 'melina' => 164, 6 | 'sumiko' => 172, 7 | } 8 | 9 | notice("John's height is ${heights['john']}cm.") 10 | -------------------------------------------------------------------------------- /examples/docker_run_many.pp: -------------------------------------------------------------------------------- 1 | range(1,20).each | $instance | { 2 | docker::run { "hello-${instance}": 3 | image => 'bitfield/hello', 4 | command => '/bin/sh -c "while true; do echo Hello, world; sleep 1; done"', 5 | } 6 | } 7 | -------------------------------------------------------------------------------- /examples/docker_volume.pp: -------------------------------------------------------------------------------- 1 | docker::run { 'volume_test': 2 | image => 'library/alpine:3.6', 3 | volumes => ['pbg-volume:/mnt/volume'], 4 | command => '/bin/sh -c "echo Hello from inside a Docker volume >/mnt/volume/index.html"', 5 | } 6 | -------------------------------------------------------------------------------- /examples/role_app_server_profiles.pp: -------------------------------------------------------------------------------- 1 | # Be an app server 2 | class role::app_server { 3 | include profile::postgresql 4 | include profile::apache 5 | include profile::java 6 | include profile::tomcat 7 | include profile::my_app 8 | } 9 | -------------------------------------------------------------------------------- /examples/exec.pp: -------------------------------------------------------------------------------- 1 | exec { 'install-cat-picture-generator': 2 | cwd => '/tmp/cat-picture-generator', 3 | command => '/tmp/cat-picture/generator/configure && /usr/bin/make install', 4 | creates => '/usr/local/bin/cat-picture-generator', 5 | } 6 | -------------------------------------------------------------------------------- /examples/class_params.pp: -------------------------------------------------------------------------------- 1 | # Manage NTP 2 | class pbg_ntp_params ( 3 | String $version = 'installed', 4 | ) { 5 | ensure_packages(['ntp'], 6 | { 7 | 'ensure' => $version, 8 | } 9 | ) 10 | } 11 | 12 | include pbg_ntp_params 13 | -------------------------------------------------------------------------------- /examples/type_alias.pp: -------------------------------------------------------------------------------- 1 | type ServiceState = Enum['running', 'stopped'] 2 | 3 | define myservice(ServiceState $state) { 4 | service { $name: 5 | ensure => $state, 6 | } 7 | } 8 | 9 | myservice { 'ntp': 10 | state => 'running', 11 | } 12 | -------------------------------------------------------------------------------- /examples/epp_params.pp: -------------------------------------------------------------------------------- 1 | file { '/root/aws_credentials': 2 | content => epp('/examples/template_params.epp', 3 | { 4 | 'aws_access_key' => 'AKIAIAF7V6N2PTOIZVA2', 5 | 'aws_secret_key' => '7IBpXjoYRVbJ/rCTVLaAMyud+i4co11lVt1Df1vt', 6 | } 7 | ), 8 | } 9 | -------------------------------------------------------------------------------- /examples/user.pp: -------------------------------------------------------------------------------- 1 | group { 'devs': 2 | ensure => present, 3 | gid => 3000, 4 | } 5 | 6 | user { 'hsing-hui': 7 | ensure => present, 8 | uid => '3001', 9 | home => '/home/hsing-hui', 10 | shell => '/bin/bash', 11 | groups => ['devs'], 12 | } 13 | -------------------------------------------------------------------------------- /examples/cron.pp: -------------------------------------------------------------------------------- 1 | cron { 'cron example': 2 | command => '/bin/date +%F', 3 | user => 'ubuntu', 4 | environment => ['MAILTO=admin@example.com', 'PATH=/bin'], 5 | hour => '0', 6 | minute => '0', 7 | weekday => ['Saturday', 'Sunday'], 8 | } 9 | -------------------------------------------------------------------------------- /examples/module_mysql.pp: -------------------------------------------------------------------------------- 1 | # Install MySQL and set up an example database 2 | include mysql::server 3 | 4 | mysql::db { 'cat_pictures': 5 | user => 'greebo', 6 | password => 'tabby', 7 | host => 'localhost', 8 | grant => ['SELECT', 'UPDATE'], 9 | } 10 | -------------------------------------------------------------------------------- /examples/aws_hiera.pp: -------------------------------------------------------------------------------- 1 | $aws_resources = lookup('aws_resources', Hash, 'hash') 2 | $aws_resources.each | String $r_type, Hash $resources | { 3 | $resources.each | String $r_title, Hash $attrs | { 4 | Resource[$r_type] { $r_title: 5 | * => $attrs, 6 | } 7 | } 8 | } 9 | -------------------------------------------------------------------------------- /examples/fact_cloud.pp: -------------------------------------------------------------------------------- 1 | case $facts['cloud'] { 2 | 'aws': { 3 | notice('This is an AWS cloud server ') 4 | } 5 | 'gcp': { 6 | notice('This is a Google cloud server') 7 | } 8 | default: { 9 | notice("I'm not sure which cloud I'm in!") 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /examples/docker_build_nginx.pp: -------------------------------------------------------------------------------- 1 | file { '/tmp/Dockerfile.nginx': 2 | source => '/examples/Dockerfile.nginx', 3 | notify => Docker::Image['pbg-nginx'], 4 | } 5 | 6 | docker::image { 'pbg-nginx': 7 | docker_file => '/tmp/Dockerfile.nginx', 8 | ensure => latest, 9 | } 10 | -------------------------------------------------------------------------------- /examples/lookup2.pp: -------------------------------------------------------------------------------- 1 | notice("Apache is set to use ${lookup('apache_worker_factor', Integer)} workers") 2 | 3 | unless lookup('apparmor_enabled', Boolean) { 4 | exec { 'apt-get -y remove apparmor': } 5 | } 6 | 7 | notice('dns_allow_query enabled: ', lookup('dns_allow_query', Boolean)) 8 | -------------------------------------------------------------------------------- /examples/member_has_key.pp: -------------------------------------------------------------------------------- 1 | $values = [ 2 | 'foo', 3 | 'bar', 4 | 'baz', 5 | ] 6 | notice(member($values, 'foo')) 7 | 8 | # Result: true 9 | 10 | $valuehash = { 11 | 'a' => 1, 12 | 'b' => 2, 13 | 'c' => 3, 14 | } 15 | notice(has_key($valuehash, 'b')) 16 | 17 | # Result: true 18 | -------------------------------------------------------------------------------- /examples/lookup_hash.pp: -------------------------------------------------------------------------------- 1 | $cobbler_config = lookup('cobbler_config', Hash) 2 | $manage_dhcp = $cobbler_config['manage_dhcp'] 3 | $pxe_just_once = $cobbler_config['pxe_just_once'] 4 | if $pxe_just_once { 5 | notice('pxe_just_once is enabled') 6 | } else { 7 | notice('pxe_just_once is disabled') 8 | } 9 | -------------------------------------------------------------------------------- /examples/resource_array.pp: -------------------------------------------------------------------------------- 1 | $dependencies = [ 2 | 'php7.0-cgi', 3 | 'php7.0-cli', 4 | 'php7.0-common', 5 | 'php7.0-gd', 6 | 'php7.0-json', 7 | 'php7.0-mcrypt', 8 | 'php7.0-mysql', 9 | 'php7.0-soap', 10 | ] 11 | 12 | package { $dependencies: 13 | ensure => installed, 14 | } 15 | -------------------------------------------------------------------------------- /examples/exec_refreshonly.pp: -------------------------------------------------------------------------------- 1 | package { 'postfix': 2 | ensure => installed, 3 | } 4 | 5 | file { '/etc/aliases': 6 | content => 'root: admin@example.com', 7 | notify => Exec['newaliases'], 8 | } 9 | 10 | exec { 'newaliases': 11 | command => '/usr/bin/newaliases', 12 | refreshonly => true, 13 | } 14 | -------------------------------------------------------------------------------- /examples/expression_boolean.pp: -------------------------------------------------------------------------------- 1 | notice(9 < 10) 2 | notice(11 > 10) 3 | notice(10 >= 10) 4 | notice(10 <= 10) 5 | notice('foo' == 'foo') 6 | notice('foo' in 'foobar') 7 | notice('foo' in ['foo', 'bar']) 8 | notice('foo' in { 'foo' => 'bar' }) 9 | notice('foo' =~ /oo/) 10 | notice('foo' =~ String) 11 | notice(1 != 2) 12 | -------------------------------------------------------------------------------- /examples/package_file_service.pp: -------------------------------------------------------------------------------- 1 | package { 'mysql-server': 2 | ensure => installed, 3 | notify => Service['mysql'], 4 | } 5 | 6 | file { '/etc/mysql/mysql.cnf': 7 | source => '/examples/files/mysql.cnf', 8 | notify => Service['mysql'], 9 | } 10 | 11 | service { 'mysql': 12 | ensure => running, 13 | enable => true, 14 | } 15 | -------------------------------------------------------------------------------- /examples/run-puppet.pp: -------------------------------------------------------------------------------- 1 | # Set up regular Puppet runs 2 | file { '/usr/local/bin/run-puppet': 3 | source => '/etc/puppetlabs/code/environments/production/files/run-puppet.sh', 4 | mode => '0755', 5 | } 6 | 7 | cron { 'run-puppet': 8 | command => '/usr/local/bin/run-puppet', 9 | hour => '*', 10 | minute => '*/15', 11 | } 12 | -------------------------------------------------------------------------------- /examples/fqdn_rand.pp: -------------------------------------------------------------------------------- 1 | cron { 'run daily backup': 2 | command => '/usr/local/bin/backup', 3 | minute => '0', 4 | hour => fqdn_rand(24, 'run daily backup'), 5 | } 6 | 7 | cron { 'run daily backup sync': 8 | command => '/usr/local/bin/backup_sync', 9 | minute => '0', 10 | hour => fqdn_rand(24, 'run daily backup sync'), 11 | } 12 | -------------------------------------------------------------------------------- /examples/ssh_authorized_key.pp: -------------------------------------------------------------------------------- 1 | ssh_authorized_key { 'john@bitfieldconsulting.com': 2 | user => 'ubuntu', 3 | type => 'ssh-rsa', 4 | key => 'AAAAB3NzaC1yc2EAAAABIwAAAIEA3ATqENg+GWACa2BzeqTdGnJhNoBer8x6pfWkzNzeM8Zx7/2Tf2pl7kHdbsiTXEUawqzXZQtZzt/j3Oya+PZjcRpWNRzprSmd2UxEEPTqDw9LqY5S2B8og/NyzWaIYPsKoatcgC7VgYHplcTbzEhGu8BsoEVBGYu3IRy5RkAcZik=', 5 | } 6 | -------------------------------------------------------------------------------- /examples/iteration_simple.pp: -------------------------------------------------------------------------------- 1 | file { '/usr/local/bin/task1': 2 | content => "echo I am task1\n", 3 | mode => '0755', 4 | } 5 | 6 | file { '/usr/local/bin/task2': 7 | content => "echo I am task2\n", 8 | mode => '0755', 9 | } 10 | 11 | file { '/usr/local/bin/task3': 12 | content => "echo I am task3\n", 13 | mode => '0755', 14 | } 15 | -------------------------------------------------------------------------------- /examples/module_archive.pp: -------------------------------------------------------------------------------- 1 | file { '/var/www': 2 | ensure => directory, 3 | } 4 | 5 | archive { '/tmp/wordpress.tar.gz': 6 | ensure => present, 7 | extract => true, 8 | extract_path => '/var/www', 9 | source => 'https://wordpress.org/latest.tar.gz', 10 | creates => '/var/www/wordpress', 11 | cleanup => true, 12 | } 13 | -------------------------------------------------------------------------------- /examples/regex.pp: -------------------------------------------------------------------------------- 1 | $candidate = 'foo' 2 | notice($candidate =~ /foo/) # literal 3 | notice($candidate =~ /f/) # substring 4 | notice($candidate =~ /f.*/) # f followed by zero or more characters 5 | notice($candidate =~ /f.o/) # f, any character, o 6 | notice($candidate =~ /fo+/) # f followed by one or more 'o's 7 | notice($candidate =~ /[fgh]oo/) # f, g, or h followed by 'oo' 8 | -------------------------------------------------------------------------------- /examples/case.pp: -------------------------------------------------------------------------------- 1 | $webserver = 'nginx' 2 | case $webserver { 3 | 'nginx': { 4 | notice("Looks like you're using Nginx! Good choice!") 5 | } 6 | 'apache': { 7 | notice("Ah, you're an Apache fan, eh?") 8 | } 9 | 'IIS': { 10 | notice('Well, somebody has to.') 11 | } 12 | default: { 13 | notice("I'm not sure which webserver you're using!") 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /examples/type_alias_pattern.pp: -------------------------------------------------------------------------------- 1 | type IPAddress = Pattern[/\A([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])){3}\z/] 2 | 3 | define socket_server( 4 | IPAddress $listen_address, 5 | IPAddress $public_address, 6 | ) { 7 | # ... 8 | } 9 | 10 | socket_server { 'myserver': 11 | listen_address => '0.0.0.0', 12 | public_address => $facts['networking']['ip'], 13 | } 14 | -------------------------------------------------------------------------------- /examples/package_file_service_require.pp: -------------------------------------------------------------------------------- 1 | package { 'mysql-server': 2 | ensure => installed, 3 | } 4 | 5 | file { '/etc/mysql/mysql.cnf': 6 | source => '/examples/files/mysql.cnf', 7 | notify => Service['mysql'], 8 | require => Package['mysql-server'], 9 | } 10 | 11 | service { 'mysql': 12 | ensure => running, 13 | enable => true, 14 | require => [Package['mysql-server'], File['/etc/mysql/mysql.cnf']], 15 | } 16 | -------------------------------------------------------------------------------- /examples/Dockerfile.pbg-demo: -------------------------------------------------------------------------------- 1 | FROM nginx:1.13.3-alpine 2 | RUN apk update \ 3 | && apk add redis 4 | 5 | LABEL org.label-schema.vendor="Bitfield Consulting" \ 6 | org.label-schema.url="http://bitfieldconsulting.com" \ 7 | org.label-schema.name="Redis Demo" \ 8 | org.label-schema.version="1.0.0" \ 9 | org.label-schema.vcs-url="github.com:bitfield/puppet-beginners-guide.git" \ 10 | org.label-schema.docker.schema-version="1.0" 11 | -------------------------------------------------------------------------------- /examples/module_apache.pp: -------------------------------------------------------------------------------- 1 | include apache 2 | 3 | apache::vhost { 'cat-pictures.com': 4 | port => '80', 5 | docroot => '/var/www/cat-pictures', 6 | docroot_owner => 'www-data', 7 | docroot_group => 'www-data', 8 | } 9 | 10 | file { '/var/www/cat-pictures/index.html': 11 | content => "", 12 | owner => 'www-data', 13 | group => 'www-data', 14 | } 15 | -------------------------------------------------------------------------------- /examples/Dockerfile.hello: -------------------------------------------------------------------------------- 1 | FROM library/alpine:3.6 2 | CMD /bin/sh -c "while true; do echo Hello, world; sleep 1; done" 3 | 4 | LABEL org.label-schema.vendor="Bitfield Consulting" \ 5 | org.label-schema.url="http://bitfieldconsulting.com" \ 6 | org.label-schema.name="Hello World" \ 7 | org.label-schema.version="1.0.0" \ 8 | org.label-schema.vcs-url="github.com:bitfield/puppet-beginners-guide.git" \ 9 | org.label-schema.docker.schema-version="1.0" 10 | -------------------------------------------------------------------------------- /examples/Dockerfile.nginx: -------------------------------------------------------------------------------- 1 | FROM nginx:1.13.3-alpine 2 | RUN echo "Hello, world" >/usr/share/nginx/html/index.html 3 | 4 | LABEL org.label-schema.vendor="Bitfield Consulting" \ 5 | org.label-schema.url="http://bitfieldconsulting.com" \ 6 | org.label-schema.name="Nginx Hello World" \ 7 | org.label-schema.version="1.0.0" \ 8 | org.label-schema.vcs-url="github.com:bitfield/puppet-beginners-guide.git" \ 9 | org.label-schema.docker.schema-version="1.0" 10 | -------------------------------------------------------------------------------- /examples/class_params2.pp: -------------------------------------------------------------------------------- 1 | # Manage NTP 2 | class pbg_ntp_params2 ( 3 | Boolean $start_at_boot, 4 | String[1] $version = 'installed', 5 | Enum['running', 'stopped'] $service_state = 'running', 6 | ) { 7 | ensure_packages(['ntp'], 8 | { 9 | 'ensure' => $version, 10 | } 11 | ) 12 | 13 | service { 'ntp': 14 | ensure => $service_state, 15 | enable => $start_at_boot, 16 | } 17 | } 18 | 19 | include pbg_ntp_params2 20 | -------------------------------------------------------------------------------- /examples/Dockerfile.nginx.epp: -------------------------------------------------------------------------------- 1 | <% | String $message | -%> 2 | FROM nginx:1.13.3-alpine 3 | RUN echo "<%= $message %>" >/usr/share/nginx/html/index.html 4 | 5 | LABEL org.label-schema.vendor="Bitfield Consulting" \ 6 | org.label-schema.url="http://bitfieldconsulting.com" \ 7 | org.label-schema.name="Nginx Dynamic Message" \ 8 | org.label-schema.version="1.0.0" \ 9 | org.label-schema.vcs-url="github.com:bitfield/puppet-beginners-guide.git" \ 10 | org.label-schema.docker.schema-version="1.0" 11 | -------------------------------------------------------------------------------- /examples/docker_network.pp: -------------------------------------------------------------------------------- 1 | docker_network { 'pbg-net': 2 | ensure => present, 3 | } 4 | 5 | docker::run { 'pbg-redis': 6 | image => 'redis:4.0.1-alpine', 7 | net => 'pbg-net', 8 | } 9 | 10 | docker::image { 'pbg-demo': 11 | docker_file => '/examples/Dockerfile.pbg-demo', 12 | ensure => latest, 13 | } 14 | 15 | docker::run { 'pbg-demo': 16 | image => 'pbg-demo:latest', 17 | net => 'pbg-net', 18 | command => '/bin/sh -c "redis-cli -h pbg-redis set message \"Hello, world\""', 19 | } 20 | -------------------------------------------------------------------------------- /examples/docker_template.pp: -------------------------------------------------------------------------------- 1 | file { '/tmp/Dockerfile.nginx': 2 | content => epp('/examples/Dockerfile.nginx.epp', 3 | { 4 | 'message' => 'Containers rule!' 5 | } 6 | ), 7 | notify => Docker::Image['pbg-nginx'], 8 | } 9 | 10 | docker::image { 'pbg-nginx': 11 | docker_file => '/tmp/Dockerfile.nginx', 12 | ensure => latest, 13 | notify => Docker::Run['pbg-nginx'], 14 | } 15 | 16 | docker::run { 'pbg-nginx': 17 | image => 'pbg-nginx:latest', 18 | ports => ['80:80'], 19 | pull_on_start => true, 20 | } 21 | -------------------------------------------------------------------------------- /puppet/Puppetfile: -------------------------------------------------------------------------------- 1 | forge 'http://forge.puppetlabs.com' 2 | 3 | mod 'garethr/docker', '5.3.0' 4 | mod 'puppet/archive', '1.3.0' 5 | mod 'puppet/staging', '2.2.0' 6 | mod 'puppetlabs/apache', '2.0.0' 7 | mod 'puppetlabs/apt', '3.0.0' 8 | mod 'puppetlabs/aws', '2.0.0' 9 | mod 'puppetlabs/concat', '4.0.1' 10 | mod 'puppetlabs/docker_platform', '2.2.1' 11 | mod 'puppetlabs/mysql', '3.11.0' 12 | mod 'puppetlabs/stdlib', '4.17.1' 13 | mod 'stahnma/epel', '1.2.2' 14 | 15 | mod 'pbg_ntp', 16 | :git => 'https://github.com/bitfield/pbg_ntp.git', 17 | :tag => '0.1.4' 18 | -------------------------------------------------------------------------------- /examples/Dockerfile.website.epp: -------------------------------------------------------------------------------- 1 | <% | String $git_url | -%> 2 | FROM nginx:1.13.3-alpine 3 | RUN apk update \ 4 | && apk add git \ 5 | && cd /usr/share/nginx \ 6 | && mv html html.orig \ 7 | && git clone <%= $git_url %> html 8 | 9 | LABEL org.label-schema.vendor="Bitfield Consulting" \ 10 | org.label-schema.url="http://bitfieldconsulting.com" \ 11 | org.label-schema.name="Nginx Git Website" \ 12 | org.label-schema.version="1.0.0" \ 13 | org.label-schema.vcs-url="github.com:bitfield/puppet-beginners-guide.git" \ 14 | org.label-schema.docker.schema-version="1.0" 15 | -------------------------------------------------------------------------------- /examples/docker_website.pp: -------------------------------------------------------------------------------- 1 | file { '/tmp/Dockerfile.nginx': 2 | content => epp('/examples/Dockerfile.website.epp', 3 | { 4 | 'git_url' => 'https://github.com/bitfield/pbg-website.git' 5 | } 6 | ), 7 | notify => Docker::Image['pbg-nginx'], 8 | } 9 | 10 | docker::image { 'pbg-nginx': 11 | docker_file => '/tmp/Dockerfile.nginx', 12 | ensure => latest, 13 | notify => Docker::Run['pbg-nginx'], 14 | } 15 | 16 | docker::run { 'pbg-nginx': 17 | image => 'pbg-nginx:latest', 18 | ports => ['80:80'], 19 | pull_on_start => true, 20 | } 21 | -------------------------------------------------------------------------------- /scripts/vagrant_provision.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | source /etc/lsb-release 3 | wget https://apt.puppetlabs.com/puppet-release-${DISTRIB_CODENAME}.deb 4 | dpkg -i puppet-release-${DISTRIB_CODENAME}.deb 5 | apt-get update 6 | apt-get -y install git puppet-agent 7 | echo 'Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin:/opt/puppetlabs/bin:/opt/puppetlabs/puppet/bin"' >/etc/sudoers.d/puppet 8 | /opt/puppetlabs/puppet/bin/gem install gpgme --no-rdoc --no-ri 9 | /opt/puppetlabs/puppet/bin/gem install hiera-eyaml-gpg --no-rdoc --no-ri 10 | /opt/puppetlabs/puppet/bin/gem install r10k --no-rdoc --no-ri 11 | -------------------------------------------------------------------------------- /puppet/hiera.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | version: 5 3 | 4 | defaults: 5 | datadir: data 6 | data_hash: yaml_data 7 | 8 | hierarchy: 9 | - name: "Secret data (encrypted)" 10 | lookup_key: eyaml_lookup_key 11 | path: "secret.eyaml" 12 | options: 13 | gpg_gnupghome: '/home/ubuntu/.gnupg' 14 | - name: "AWS resources" 15 | path: "aws.yaml" 16 | - name: "Host-specific data" 17 | path: "nodes/%{facts.hostname}.yaml" 18 | - name: "OS release-specific data" 19 | path: "os/%{facts.os.release.major}.yaml" 20 | - name: "OS distro-specific data" 21 | path: "os/%{facts.os.distro.codename}.yaml" 22 | - name: "Common defaults" 23 | path: "common.yaml" 24 | -------------------------------------------------------------------------------- /examples/aws_instance.pp: -------------------------------------------------------------------------------- 1 | $ami = 'ami-933105e8' 2 | $region = 'us-east-1' 3 | 4 | ec2_securitygroup { 'pbg-sg': 5 | ensure => present, 6 | description => 'PBG security group', 7 | region => $region, 8 | vpc => 'default-vpc', 9 | ingress => [ 10 | { 11 | description => 'SSH access from world', 12 | protocol => 'tcp', 13 | port => 22, 14 | cidr => '0.0.0.0/0', 15 | }, 16 | { 17 | description => 'Ping access from world', 18 | protocol => 'icmp', 19 | cidr => '0.0.0.0/0', 20 | }, 21 | ], 22 | } 23 | 24 | ec2_instance { 'pbg-demo': 25 | ensure => present, 26 | region => $region, 27 | subnet => 'default-subnet', 28 | security_groups => 'pbg-sg', 29 | image_id => $ami, 30 | instance_type => 't1.micro', 31 | associate_public_ip_address => true, 32 | key_name => 'pbg', 33 | } 34 | -------------------------------------------------------------------------------- /examples/profile_tomcat.pp: -------------------------------------------------------------------------------- 1 | # Site-specific Tomcat configuration 2 | class profile::tomcat { 3 | tomcat::install { '/usr/share/tomcat7': 4 | install_from_source => false, 5 | package_ensure => present, 6 | package_name => ['libtomcat7-java','tomcat7-common','tomcat7'], 7 | } 8 | 9 | exec { 'reload-tomcat': 10 | command => '/usr/sbin/service tomcat7 restart', 11 | refreshonly => true, 12 | } 13 | 14 | lookup('tomcat_allowed_ips', Array[String[7]]).each |String $source_ip| { 15 | firewall { "100 Tomcat access from ${source_ip}": 16 | proto => 'tcp', 17 | dport => '8080', 18 | source => $source_ip, 19 | action => 'accept', 20 | } 21 | } 22 | 23 | file { '/usr/share/tomcat7/logs': 24 | ensure => directory, 25 | owner => 'tomcat7', 26 | require => Tomcat::Install['/usr/share/tomcat7'], 27 | } 28 | 29 | file { '/etc/logrotate.d/tomcat7': 30 | source => 'puppet:///site-modules/profile/tomcat/tomcat7.logrotate', 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Copyright 2018 John Arundel 2 | 3 | Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: 4 | 5 | The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. 6 | 7 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 8 | -------------------------------------------------------------------------------- /examples/defined_resource_type.pp: -------------------------------------------------------------------------------- 1 | # Manage user and SSH key together 2 | define user_with_key( 3 | Enum[ 4 | 'ssh-dss', 5 | 'dsa', 6 | 'ssh-rsa', 7 | 'rsa', 8 | 'ecdsa-sha2-nistp256', 9 | 'ecdsa-sha2-nistp384', 10 | 'ecdsa-sha2-nistp521', 11 | 'ssh-ed25519', 12 | 'ed25519' 13 | ] $key_type, 14 | String[1] $key, 15 | ) { 16 | user { $title: 17 | ensure => present, 18 | home => "/home/${title}", 19 | managehome => true, 20 | } 21 | 22 | file { "/home/${title}/.ssh": 23 | ensure => directory, 24 | owner => $title, 25 | group => $title, 26 | mode => '0700', 27 | } 28 | 29 | ssh_authorized_key { $title: 30 | user => $title, 31 | type => $key_type, 32 | key => $key, 33 | } 34 | } 35 | 36 | user_with_key { 'john': 37 | key_type => 'ssh-rsa', 38 | key => 'AAAAB3NzaC1yc2EAAAABIwAAAIEA3ATqENg+GWACa2BzeqTdGnJhNoBer8x6pfWkzNzeM8Zx7/2Tf2pl7kHdbsiTXEUawqzXZQtZzt/j3Oya+PZjcRpWNRzprSmd2UxEEPTqDw9LqY5S2B8og/NyzWaIYPsKoatcgC7VgYHplcTbzEhGu8BsoEVBGYu3IRy5RkAcZik=', 39 | } 40 | -------------------------------------------------------------------------------- /puppet/data/aws.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | ami: 'ami-933105e8' 3 | region: 'us-east-1' 4 | aws_resources: 5 | 'ec2_vpc': 6 | 'pbg-vpc': 7 | ensure: present 8 | region: "%{lookup('region')}" 9 | cidr_block: '10.99.0.0/16' 10 | 'ec2_vpc_internet_gateway': 11 | 'pbg-igw': 12 | ensure: present 13 | region: "%{lookup('region')}" 14 | vpc: 'pbg-vpc' 15 | 'ec2_vpc_routetable': 16 | 'pbg-rt': 17 | ensure: present 18 | region: "%{lookup('region')}" 19 | vpc : 'pbg-vpc' 20 | routes: 21 | - destination_cidr_block: '10.99.0.0/16' 22 | gateway: 'local' 23 | - destination_cidr_block: '0.0.0.0/0' 24 | gateway: 'pbg-igw' 25 | 'ec2_vpc_subnet': 26 | 'pbg-vpc-subnet': 27 | ensure: present 28 | region: "%{lookup('region')}" 29 | vpc: 'pbg-vpc' 30 | cidr_block: '10.99.0.0/24' 31 | availability_zone: "%{lookup('region')}a" 32 | route_table: 'pbg-rt' 33 | 'ec2_securitygroup': 34 | 'pbg-vpc-sg': 35 | ensure: present 36 | description: 'PBG security group' 37 | region: "%{lookup('region')}" 38 | vpc: 'pbg-vpc' 39 | ingress: 40 | - description: 'SSH access from world' 41 | protocol: 'tcp' 42 | port: 22 43 | cidr: '0.0.0.0/0' 44 | - description: 'Ping access from world' 45 | protocol: 'icmp' 46 | cidr: '0.0.0.0/0' 47 | 'ec2_instance': 48 | 'pbg-vpc-demo': 49 | ensure: present 50 | region: "%{lookup('region')}" 51 | subnet: 'pbg-vpc-subnet' 52 | security_groups: 'pbg-vpc-sg' 53 | image_id: "%{lookup('ami')}" 54 | instance_type: 't1.micro' 55 | associate_public_ip_address: true 56 | key_name: 'pbg' 57 | -------------------------------------------------------------------------------- /examples/aws_vpc.pp: -------------------------------------------------------------------------------- 1 | $ami = 'ami-933105e8' 2 | $region = 'us-east-1' 3 | 4 | ec2_vpc { 'pbg-vpc': 5 | ensure => present, 6 | region => $region, 7 | cidr_block => '10.99.0.0/16', 8 | } 9 | 10 | ec2_vpc_internet_gateway { 'pbg-igw': 11 | ensure => present, 12 | region => $region, 13 | vpc => 'pbg-vpc', 14 | } 15 | 16 | ec2_vpc_routetable { 'pbg-rt': 17 | ensure => present, 18 | region => $region, 19 | vpc => 'pbg-vpc', 20 | routes => [ 21 | { 22 | destination_cidr_block => '10.99.0.0/16', 23 | gateway => 'local' 24 | }, 25 | { 26 | destination_cidr_block => '0.0.0.0/0', 27 | gateway => 'pbg-igw' 28 | }, 29 | ], 30 | } 31 | 32 | ec2_vpc_subnet { 'pbg-vpc-subnet': 33 | ensure => present, 34 | vpc => 'pbg-vpc', 35 | region => $region, 36 | cidr_block => '10.99.0.0/24', 37 | availability_zone => "${region}a", 38 | route_table => 'pbg-rt', 39 | } 40 | 41 | ec2_securitygroup { 'pbg-vpc-sg': 42 | ensure => present, 43 | description => 'PBG security group', 44 | region => $region, 45 | vpc => 'pbg-vpc', 46 | ingress => [ 47 | { 48 | description => 'SSH access from world', 49 | protocol => 'tcp', 50 | port => 22, 51 | cidr => '0.0.0.0/0', 52 | }, 53 | { 54 | description => 'Ping access from world', 55 | protocol => 'icmp', 56 | cidr => '0.0.0.0/0', 57 | }, 58 | ], 59 | } 60 | 61 | ec2_instance { 'pbg-vpc-demo': 62 | ensure => present, 63 | region => $region, 64 | subnet => 'pbg-vpc-subnet', 65 | security_groups => 'pbg-vpc-sg', 66 | image_id => $ami, 67 | instance_type => 't1.micro', 68 | associate_public_ip_address => true, 69 | key_name => 'pbg', 70 | } 71 | -------------------------------------------------------------------------------- /puppet/data/common.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | test: 'This is a test' 3 | consul_node: true 4 | apache_worker_factor: 100 5 | apparmor_enabled: true 6 | syslog_server: '10.170.81.32' 7 | monitor_ips: 8 | - '10.179.203.46' 9 | - '212.100.235.160' 10 | - '10.181.120.77' 11 | - '94.236.56.148' 12 | cobbler_config: 13 | manage_dhcp: true 14 | pxe_just_once: true 15 | domain: 'bitfieldconsulting.com' 16 | servername: 'www.bitfieldconsulting.com' 17 | port: 80 18 | docroot: '/var/www/bitfieldconsulting.com' 19 | dns_allow_query: true 20 | backup_retention_days: 10 21 | backup_path: "/backup/%{facts.hostname}" 22 | ips: 23 | home: '130.190.0.1' 24 | office1: '74.12.203.14' 25 | office2: '95.170.0.75' 26 | firewall_allow_list: 27 | - "%{lookup('ips.home')}" 28 | - "%{lookup('ips.office1')}" 29 | - "%{lookup('ips.office2')}" 30 | vpn_allow_list: "%{alias('firewall_allow_list')}" 31 | cms_parameters: 32 | static: 33 | sites_root: '/var/www/sites' 34 | assets_root: 'files' 35 | web_root: 'public_html' 36 | laravel: 37 | sites_root: '/var/www/sites' 38 | assets_root: 'public_html/files' 39 | web_root: 'current/public' 40 | force_www_rewrite: 41 | comment: "Force WWW" 42 | rewrite_cond: "%{literal('%')}{HTTP_HOST} !^www\\. [NC]" 43 | rewrite_rule: "^(.*)$ https://www.%{literal('%')}{HTTP_HOST}%{literal('%')}{REQUEST_URI} [R=301,L]" 44 | users: 45 | - 'katy' 46 | - 'lark' 47 | - 'bridget' 48 | - 'hsing-hui' 49 | - 'charles' 50 | users2: 51 | 'katy': 52 | ensure: present 53 | uid: 1900 54 | shell: '/bin/bash' 55 | 'lark': 56 | ensure: present 57 | uid: 1901 58 | shell: '/bin/sh' 59 | 'bridget': 60 | ensure: present 61 | uid: 1902 62 | shell: '/bin/bash' 63 | 'hsing-hui': 64 | ensure: present 65 | uid: 1903 66 | shell: '/bin/sh' 67 | 'charles': 68 | ensure: present 69 | uid: 1904 70 | shell: '/bin/bash' 71 | mysql::server::root_password: 'hairline-quotient-inside-tableful' 72 | mysql::server::remove_default_accounts: true 73 | apache::default_vhost: false 74 | pbg_ntp_params::version: 'latest' 75 | pbg_ntp_params2::start_at_boot: true 76 | pbg_ntp_params2::version: 'latest' 77 | pbg_ntp_params2::service_state: 'running' 78 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # The Puppet Beginner's Guide, 3rd Edition 2 | 3 | ![It's great having a robot butler](/img/robot_butler.png) 4 | 5 | Keyboards wear out; that's a scientific fact. As a small measure to prevent this, I'm making all the code examples in the third edition of [The Puppet Beginner's Guide](http://bitfieldconsulting.com/pbg3) freely available to download and use in this repo, so you don't have to type them in from the book. You'll find them in the [examples](https://github.com/bitfield/puppet-beginners-guide-3/tree/master/examples) directory. 6 | 7 | If you're already using Puppet, you can dive straight in and look at the examples. You can read, use, and modify them without needing to buy the book, although obviously I will be happier if you do. (Buy two copies, in case you leave one on the bus by mistake.) 8 | 9 | > John Arundel is a well-known [infrastructure and DevOps consultant](https://bitfieldconsulting.com/about), the author of the bestselling [Puppet Beginner's Guide](http://amzn.to/2x5e3sR) and [Cloud Native DevOps with Kubernetes](https://amzn.to/2PEPTjc), and an experienced [Golang trainer and mentor](https://bitfieldconsulting.com/golang). Say hello@bitfieldconsulting.com to get in touch! 10 | 11 | Throughout the book, we'll be developing a complete, working example infrastructure, which you can use as a basis for your own. You can view and download it at the [Puppet Beginner's Guide demo repo](https://github.com/bitfield/control-repo-3). 12 | 13 | If you're new to Puppet, a great way to try it out quickly is to use a Vagrant virtual machine, which will run on your own computer, and there's a specific [Vagrant image](https://app.vagrantup.com/ubuntu/boxes/xenial64) recommended for use with this book. Follow the instructions below to install Virtualbox and Vagrant, and you'll be able to run the examples in this repo in just a few minutes. 14 | 15 | Download and install [Virtualbox](https://www.virtualbox.org/). 16 | 17 | Download and install [Vagrant](https://www.vagrantup.com/downloads.html). 18 | 19 | In the `puppet-beginners-guide-3` repo directory, run: 20 | 21 | scripts/start_vagrant.sh 22 | ... 23 | 24 | Machine booted and ready! 25 | 26 | Connect to the VM with the following command: 27 | 28 | vagrant ssh 29 | 30 | You now have a command line shell on the VM. Check that Puppet is installed and working: 31 | 32 | puppet --version 33 | 5.2.0 34 | 35 | Try the 'Hello, world' example: 36 | 37 | sudo puppet apply /examples/file_hello.pp 38 | Notice: Compiled catalog for localhost in environment production in 0.07 seconds 39 | Notice: /Stage[main]/Main/File[/tmp/hello.txt]/ensure: defined content as '{md5}22c3683b094136c3398391ae71b20f04' 40 | Notice: Applied catalog in 0.01 seconds 41 | 42 | cat /tmp/hello.txt 43 | hello, world 44 | 45 | Well, that was easy! Reward yourself with a big cup of tea and a slice of cake. It's important to keep your strength up. 46 | -------------------------------------------------------------------------------- /Vagrantfile: -------------------------------------------------------------------------------- 1 | # -*- mode: ruby -*- 2 | # vi: set ft=ruby : 3 | 4 | # All Vagrant configuration is done below. The "2" in Vagrant.configure 5 | # configures the configuration version (we support older styles for 6 | # backwards compatibility). Please don't change it unless you know what 7 | # you're doing. 8 | Vagrant.configure("2") do |config| 9 | # The most common configuration options are documented and commented below. 10 | # For a complete reference, please see the online documentation at 11 | # https://docs.vagrantup.com. 12 | 13 | # Every Vagrant development environment requires a box. You can search for 14 | # boxes at https://atlas.hashicorp.com/search. 15 | # If you have trouble running the 64-bit Vagrant VM, try this instead: 16 | # config.vm.box = "ubuntu/xenial32" 17 | config.vm.box = "ubuntu/xenial64" 18 | 19 | # Disable automatic box update checking. If you disable this, then 20 | # boxes will only be checked for updates when the user runs 21 | # `vagrant box outdated`. This is not recommended. 22 | # config.vm.box_check_update = false 23 | 24 | # Create a forwarded port mapping which allows access to a specific port 25 | # within the machine from a port on the host machine. In the example below, 26 | # accessing "localhost:8080" will access port 80 on the guest machine. 27 | config.vm.network "forwarded_port", guest: 80, host: 8080 28 | 29 | # Create a private network, which allows host-only access to the machine 30 | # using a specific IP. 31 | # config.vm.network "private_network", ip: "192.168.33.10" 32 | 33 | # Create a public network, which generally matched to bridged network. 34 | # Bridged networks make the machine appear as another physical device on 35 | # your network. 36 | # config.vm.network "public_network" 37 | 38 | # Share an additional folder to the guest VM. The first argument is 39 | # the path on the host to the actual folder. The second argument is 40 | # the path on the guest to mount the folder. And the optional third 41 | # argument is a set of non-required options. 42 | config.vm.synced_folder ".", "/vagrant", disabled: true 43 | config.vm.synced_folder "./puppet", "/etc/puppetlabs/code/environments/pbg" 44 | config.vm.synced_folder "./examples", "/examples" 45 | 46 | # Provider-specific configuration so you can fine-tune various 47 | # backing providers for Vagrant. These expose provider-specific options. 48 | # Example for VirtualBox: 49 | # 50 | # config.vm.provider "virtualbox" do |vb| 51 | # # Display the VirtualBox GUI when booting the machine 52 | # vb.gui = true 53 | # 54 | # # Customize the amount of memory on the VM: 55 | # vb.memory = "1024" 56 | # end 57 | # 58 | # View the documentation for the provider you are using for more 59 | # information on available options. 60 | 61 | # Define a Vagrant Push strategy for pushing to Atlas. Other push strategies 62 | # such as FTP and Heroku are also available. See the documentation at 63 | # https://docs.vagrantup.com/v2/push/atlas.html for more information. 64 | # config.push.define "atlas" do |push| 65 | # push.app = "YOUR_ATLAS_USERNAME/YOUR_APPLICATION_NAME" 66 | # end 67 | 68 | # Enable provisioning with a shell script. Additional provisioners such as 69 | # Puppet, Chef, Ansible, Salt, and Docker are also available. Please see the 70 | # documentation for more information about their specific syntax and use. 71 | # config.vm.provision "shell", inline: <<-SHELL 72 | # apt-get update 73 | # apt-get install -y apache2 74 | # SHELL 75 | config.vm.provision "shell", path: "scripts/vagrant_provision.sh" 76 | end 77 | -------------------------------------------------------------------------------- /examples/iam_policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Action": [ 6 | "ec2:DescribeAccountAttributes", 7 | "ec2:DescribeRegions", 8 | "ec2:DescribeInstances", 9 | "ec2:RunInstances", 10 | "ec2:StartInstances", 11 | "ec2:StopInstances", 12 | "ec2:DeleteTags", 13 | "ec2:CreateTags", 14 | "ec2:TerminateInstances", 15 | "elasticloadbalancing:DescribeLoadBalancers", 16 | "elasticloadbalancing:CreateLoadBalancer", 17 | "elasticloadbalancing:DescribeTags", 18 | "elasticloadbalancing:RegisterInstancesWithLoadBalancer", 19 | "elasticloadbalancing:DeleteLoadBalancer", 20 | "ec2:DescribeSecurityGroups", 21 | "ec2:CreateSecurityGroup", 22 | "ec2:AuthorizeSecurityGroupIngress", 23 | "ec2:RevokeSecurityGroupIngress", 24 | "ec2:DeleteSecurityGroup", 25 | "ec2:DescribeVpcs", 26 | "ec2:*Vpc*", 27 | "ec2:CreateVpc", 28 | "ec2:DeleteVpc", 29 | "ec2:AssociateDhcpOptions", 30 | "ec2:DescribeDhcpOptions", 31 | "ec2:CreateDhcpOptions", 32 | "ec2:DeleteDhcpOptions", 33 | "ec2:DescribeCustomerGateways", 34 | "ec2:CreateCustomerGateway", 35 | "ec2:DeleteCustomerGateway", 36 | "ec2:DescribeInternetGateways", 37 | "ec2:CreateInternetGateway", 38 | "ec2:AttachInternetGateway", 39 | "ec2:DeleteInternetGateway", 40 | "ec2:DetachInternetGateway", 41 | "ec2:DescribeRouteTables", 42 | "ec2:CreateRouteTable", 43 | "ec2:DeleteRouteTable", 44 | "ec2:CreateRoute", 45 | "ec2:DescribeSubnets", 46 | "ec2:CreateSubnet", 47 | "ec2:DeleteSubnet", 48 | "ec2:AssociateRouteTable", 49 | "ec2:DescribeVpnConnections", 50 | "ec2:CreateVpnConnection", 51 | "ec2:DeleteVpnConnection", 52 | "ec2:CreateVpnConnectionRoute", 53 | "ec2:DescribeVpnGateways", 54 | "ec2:CreateVpnGateway", 55 | "ec2:AttachVpnGateway", 56 | "ec2:DetachVpnGateway", 57 | "ec2:DeleteVpnGateway", 58 | "ec2:CreateTags", 59 | "autoscaling:DescribeAutoScalingGroups", 60 | "autoscaling:CreateAutoScalingGroup", 61 | "autoscaling:UpdateAutoScalingGroup", 62 | "autoscaling:DeleteAutoScalingGroup", 63 | "autoscaling:DescribeLaunchConfigurations", 64 | "autoscaling:CreateLaunchConfiguration", 65 | "autoscaling:DeleteLaunchConfiguration", 66 | "autoscaling:DescribePolicies", 67 | "autoscaling:PutScalingPolicy", 68 | "autoscaling:DeletePolicy", 69 | "cloudwatch:DescribeAlarms", 70 | "cloudwatch:PutMetricAlarm", 71 | "cloudwatch:DeleteAlarms", 72 | "route53:ListResourceRecordSets", 73 | "route53:ListHostedZones", 74 | "route53:ChangeResourceRecordSets", 75 | "route53:CreateHostedZone", 76 | "route53:DeleteHostedZone", 77 | "rds:CreateDBInstance", 78 | "rds:ModifyDBInstance", 79 | "rds:DeleteDBInstance", 80 | "rds:DescribeDBInstances", 81 | "rds:AuthorizeDBSecurityGroupIngress", 82 | "rds:DescribeDBSecurityGroups", 83 | "rds:CreateDBSecurityGroup", 84 | "rds:DeleteDBSecurityGroup", 85 | "rds:DescribeDBParameterGroups", 86 | "sqs:*" 87 | ], 88 | "Effect": "Allow", 89 | "Resource": "*" 90 | } 91 | ] 92 | } 93 | --------------------------------------------------------------------------------