Lab 8 - Configuration Management
Facilitator: Ethan Smith5 min read
- The Setting
- Aside: Installing Puppet on your student VM
- Your task, in plain English
- Hints (if you need them)
- Extra fun (completely optional)
You’re suddenly awoken by an alarm. Still drowsy from sleep, you check the time on your phone. 7:00am?? you think to yourself. No way. I don’t even have any 8ams. In fact, I haven’t woken up this early since… Looking back at your phone again, which you realize is now 2 times thicker and suddenly has a 3.5mm audio port, you check the year. You may have thought Berkeley was hell, but now you’ve traveled back in time for some true suffering: high school.
After getting dressed and lamenting your disastrous teenage fashion sense, you get a text message on your dumb phone. Sighing, you open it even though it’s going to cost you 10 cents.
FROM: 5cr1p7k1dd1337 MSG: w31c0m3 b4ck t0 h1ghsk00l. i h4v3 a t45k f0r j00: j00 mu5t 1n5ta11 th3 f0ll0w1ng 5cr1p7 0n 3v3ry c0mput3r 1n j00r sk00l by the 3nd 0f t0d4y, 0r j00l b3 5tuCk 5ever. j00r sk00l u535 puppet, s0 j00 c4n ju57 wr1t3 a m0dul3 f0r th15. F1l3s R @ https://github.com/0xcf/decal-labs 1n a8/
Rubbing your eyes, you try to understand 5cr1p7k1dd1337’s arcane runes once again:
Welcome back to high school. I have a task for you: you must install the following script on every computer in your school by the end of today, or you'll be stuck forever. Your school uses puppet, so you can just write a module for this. Files are in the decal-labs repo (https://github.com/0xcf/decal-labs) in the a8/ directory.
Great, you think to yourself, good thing I’m currently taking the best DeCal at UC Berkeley, the Linux SysAdmin DeCal! This is gonna be a piece of cake.
In order to save yourself from your circumstances, you’ll need to set up Puppet on your student VM so you can test your changes. Luckily, we’ve provided a snippet of code to install the Puppet agent. Run the following block of code on your VM:
wget https://apt.puppetlabs.com/puppet6-release-bionic.deb && \ sudo dpkg -i puppet6-release-bionic.deb && \ sudo apt-get update && \ sudo apt-get -y install puppet-agent
Puppet will automatically add itself to
PATH, but you may have to relog into
your VM for this to take effect. Afterwards, ensure you can run
and you should be good to go!
You need to write a puppet module that places a script
/usr/local/bin/ and sets up a cronjob to run the script repeatedly and append
its output to a file. Your module will need to install the dependencies for the
script and ensure that all of the pieces are installed correctly.
There are three main parts you’ll need to work on:
- Installing the packages the script depends on
- Placing the script in the right directory, and placing a file the script depends on in the right directory
- Setting up cronjob to run the script every 30 minutes and append its output to a file
We’ve provided skeleton code for you in the decal-labs repository in
a8, so make sure
git pull the latest version! The script
hack_everything is located in
The only file you need to change is in
We’ve included some hints and points to relevant documentation that will help you
complete this manifest.
Although we are only applying your manifest on one machine (your DeCal VM), you could, in theory, apply this module on thousands of machines that are connected to a puppet-master! How neat is that!
While you’re writing the manifest, there’s an easy way to check your syntax: you can
use the command
puppet parser validate hacking.pp.
Once you have completed your manifest, you can apply the changes to your system
with this command (assuming you cloned
decal-labs into $HOME):
sudo env "PATH=$PATH" puppet apply --modulepath=$HOME/decal-labs/a8/modules $HOME/decal-labs/a8/manifests/default.pp
Basically, we’re running puppet locally on the module we just created.
default.pp is just a file that includes the hacked module you’re editing,
and we need to be sure to include the path to the modules so puppet can find them.
The weird little
env part is due to a Debian security feature known as
which resets your
PATH when you run sudo. Since
puppet is not in this list of
default paths, running it with regular
sudo won’t work.
Once this is done, you should be able to run the command
(as the script is now in your path). Try it out!
- The skeleton code has links to relevant docs. You should clone/download the
decal-labsrepository if you haven’t already.
- Here is an example puppet manifest that might be helpful.
- More hints are available at live lab or by asking on #decal-general!
Using your knowledge of config management, you might like to try any of the following:
- Self-host something from awesome-selfhosted by writing a Puppet config file
- Try out another config management tool like Ansible and consider how they differ.
- Check out the OCF Puppet repository, and submit a PR!
Congratulations on finishing the lab!
To submit, upload
hacking.pp into the Gradescope submission. (You do not need to upload the rest of the files in the skeleton, just the one file!)
Providing feedback: Since the submission consists entirely of the single file upload, there is no dedicated feedback question. Please leave your comments in the bottom of
hacking.pp - there should be a section in the skeleton with more instructions. Thanks!