• Stars
    star
    142
  • Rank 258,495 (Top 6 %)
  • Language
    Ruby
  • License
    Apache License 2.0
  • Created about 9 years ago
  • Updated 3 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Your gateway drug to automated infrastructure testing with Puppet

Onceover

The gateway drug to automated infrastructure testing with Puppet

Onceover is a tool to automatically run basic tests on an entire Puppet control repository.

It includes automatic parsing of the Puppetfile, environment.conf and others in order to stop silly mistakes ever reaching your Puppet Master!

New in v3.19.1: I've reversed the decision to have onceover use site.pp in the same way Puppet does. From now on your manifest setting in environment.conf will be ignored and your site.pp will only be used if you explicitly set the manifest option in the CLI or config file.

Build Status Build status

Table of Contents

Overview

This gem provides a toolset for testing Puppet control repository (ie. Repos used with r10k).

The main purpose of this project is to provide a set of tools to help smooth out the process of setting up and running rspec-puppet tests for a controlrepo.

Due to the fact that controlrepos are fairly standardised in nature it seemed ridiculous that you would need to set up the same testing framework that we would normally use within a module for a controlrepo. This is because at this level we are normally just running very basic tests that cover a lot of code. It would also mean that we would need to essentially duplicated our Puppetfile into a .fixtures.yml file, along with a few other things.

This toolset requires some configuration before it can be used so definitely read that section before getting started.

Quick Start

Note: This assumes you are inside the root of your control-repo.

  1. Add onceover to your Gemfile:

    gem 'onceover'
  2. Run Bundler to install onceover

    bundle install
  3. Set up your configuration

    bundle exec onceover init
  4. Run your spec tests!

    bundle exec onceover run spec

Configuration

This project uses one main config file to determine what Puppet classes we should be testing and how: onceover.yaml.

As onceover tests Puppet classes, it need sets of facts to compile the Puppet code against, these are stored in factsets.

onceover.yaml

Usually located at spec/onceover.yaml, this path could be overrided with environment variable: ONCEOVER_YAML.

Hopefully this config file will be fairly self explanatory once you see it, but basically this is the place where we define what classes we want to test and the factsets that we want to test them against.

Main settings

  • classes

    A list (array) of classes that we want to test

    Classes are specified as string or regular expressions. The recommended setting to have a good coverage is /^role::/ if you use roles and profiles method and if you dont, you should.

  • nodes

    A list (array) of nodes that we want to test against.

    The nodes that we list here map directly to a factset, e.g. Debian-7.8-64

  • node_groups

    An hash of named node groups.

    We can create groups by simply specifying an array of nodes to be in the group, or use the subtractive include/exclude syntax.

    Note: A node group named all_nodes is automatically created by onceover.

    Important: The names used for the actual class_groups and node_groups must be unique.

  • class_groups

    An hash of named class groups.

    We can create groups by simply specifying an array of classes (string or regexp) to be in the group, or use the subtractive include/exclude syntax.

    Note: A class group named all_classes is automatically created by onceover.

    Important: The names used for the actual class_groups and node_groups must be unique.

  • test_matrix

    An array of hashes with the following format:

      - {nodes_to_test}: # The name of a node or node group
          classes: '{classes_to_test}' # the name of a class or
          tests: '{all_tests|acceptance|spec}' # acceptance deprecated/broken, set to spec
          {valid_option}: {value} # See below

    Valid options:

    • tags

      Default: nil

      One or many tags that tests in this group should be tagged with. This allows you to run only certain tests using the --tags command line parameter.

Advanced settings

  • functions

    Default: nil

    In this section we can add functions that we want to mock when running spec tests.

    Each function takes the returns arguments, e.g.

    functions:
      puppetdb_query:
        returns: []
  • before

    Default: nil

    A block to run before each spec test.

    For example, this can be used when the functions to stub are conditional, the following stub function x if the OS is windows, stub function y if the fact java_installed is true.

    Note: The facts are available through the node_facts hash and the trusted facts as trusted_facts.

    Example:

    before:
      - "Puppet::Util::Platform.stubs(:'windows?').returns(node_facts['kernel'] == 'windows')"
  • after

    Default: nil

    A block to run after each spec test.

    Note: The facts are available through the node_facts hash and the trusted facts as trusted_facts.

    Exmaple:

    after:
      - "puts 'Test finished running'"
  • include_spec_files

    Default: [**/*]

    Glob to select additionnal files to be run during onceover spec tests.

    Default is to select all files located in the repo spec directory, usually spec/. If you have some RSpec tests that depend on a different RSpec configuration than onceover or want, for example, to have a different job in your CI to run your own unit tests, you can use this option to select which spec files to run during onceover spec tests.

  • opts

    Default: {}

    This setting overrides defaults for the Onceover::Controlrepo class' opts hash.

    Example:

    opts:
      :facts_dirs:                           # Remember: `opts` keys are symbols!
        - 'spec/factsets'                    # Limit factsets to files in this repository
      :debug: true                           # Set the `logger.level` to debug
      :profile_regex: '^(profile|site)::'    # Profiles include a legacy module named `site::`
      :facts_files:                          # Factset filenames use the extension`.facts` instead of `.json`
        - 'spec/factsets/*.facts'
      :manifest: 'manifests/site.pp'         # Manifest to use while compiling (nil by default)

Include/Exclude syntax

This can be used with either node_groups or class_groups and allows us to save some time by using existing groups to create new ones e.g.

node_groups:
  windows_nodes: # This has to be defined first
    - sevrer2008r2
    - server2012r2
  non_windows:
    include: 'all_nodes' # Start with all nodes
    exclude: 'windows_nodes' # Then remove the windows ones from that list

It's important to note that in order to reference a group using the include/exclude syntax is has to have been defined already i.e. it has to come above the group that references it

Examples

Minimal
classes:
  - /^role::/

nodes:
  - Debian-10-amd64

test_matrix:
  - all_nodes:
      classes: 'all_classes'
      tests: 'spec'
Advanced

In the example below we have referred to centos6a and centos7b in all of our tests as they are in all_nodes, non_windows_servers and centos_severs. However we have left the more specific references to last. This is because entries in the test_matrix will override entries above them if applicable. Meaning that we are still only testing each class on the two Centos servers once (Because the gem does de-duplication before running the tests), but also making sure we run roles::frontend_webserver twice before checking for idempotency.

A full example:

classes:
  - 'roles::backend_dbserver'
  - 'roles::frontend_webserver'
  - 'roles::load_balancer'
  - 'roles::syd_f5_load_balancer'
  - 'roles::windows_server'
  - '/^role/'                     # Note that this regex format requires `/`

nodes:
  - centos6a
  - centos7b
  - server2008r2a
  - ubuntu1404a
  - ubuntu1604a

node_groups:
  centos_severs:
    - centos6a
    - centos7b
  ubuntu_servers:
    - ubuntu1404a
    - ubuntu1604a
  non_windows_servers:
    include: 'all_nodes'
    exclude: 'server2008r2a'

class_groups:
  windows_roles:
    - 'roles::windows_server'
    - 'roles::backend_dbserver'
    - '/^roles::win/'
  non_windows_roles:
    include: 'all_classes'
    exclude: 'windows_roles'

test_matrix:
  - all_nodes:
      classes: 'all_classes'
      tests: 'spec'
  - non_windows_servers:
      classes: 'non_windows_roles'
  - ubuntu_servers:
      classes: 'all_classes'
      tests: 'spec'
  - centos_severs:
      classes: 'roles::frontend_webserver'
      tests: 'spec'
      runs_before_idempotency: 2
      tags:
        - 'frontend'

functions:
  query_resources:
    returns: []
  profile::custom_function:
    returns: ["one", "two"]

opts:
  :facts_dirs:
    - spec/factsets
  :profile_regex: '^(profile|site)::'   # Note that this regex _doesn't_ use `/`

Factsets

Factsets are used by the onceover gem to generate spec tests, which compile a given class against a certain set of facts.

This gem comes with a few pre-canned factsets, these are listed under the nodes sections of onceover.yaml when you run onceover init.

You can, and its a good pratice, add your own factsets by putting them in spec/factsets/*.json.

To generate these factsets all we need to do is log onto a real machine that has puppet installed and run:

puppet facts > fact_set_name.json

Its recommended to run this on each of the types of nodes that you run in your infrastructure to have good coverage.

If you are using Trusted Facts or Trusted External Data and can use the PE client tools you can generate a factset which contains this information by running:

puppet facts --terminus puppetdb > fact_set_name.json

or

puppet facts --terminus puppetdb <node certname> > fact_set_name.json

Factsets are named based on their filename, i.e. myfactset in onceover.yaml refers spec/factsets/myfactset.json

Trusted Facts

You can add trusted facts to the factsets by creating a new section called trusted:

{
  "name": "node.puppetlabs.net",
  "trusted": {
    "pp_role": "agent",
    "pp_datacenter": "puppet",
  },
  "values": {
    "aio_agent_build": "1.10.4",
    "aio_agent_version": "1.10.4",
    "architecture": "x86_64",

Notice that the extensions part is implied. The first fact in that example translates to $trusted['extensions']['pp_role'] in Puppet code.

Alternatively, if you generated your factset using the PE client tools your trusted facts will be nested under the values hash. For example:

{
  "name": "node.puppetlabs.net",
  "values": {
    "aio_agent_build": "1.10.4",
    "aio_agent_version": "1.10.4",
    "architecture": "x86_64",
    "trusted": {
      "extensions": {
        "pp_role": "agent",
        "pp_datacenter": "puppet"
      }
    }

In this case, you're all set and onceover will auto-magically pick those up for you.

Note: The top level trusted hash takes precidence over the trusted[extensions] hash nested under values. Meaning that if you have any specified at the top level, any nested ones will not be considered. So pick ONE method and stick with that.

Trusted External Data

Note: This feature requires rspec-puppet >= 2.8.0.

You can add trusted external data to the factsets by creating a new section called trusted_external:

{
  "name": "node.puppetlabs.net",
  "trusted_external": {
    "example_forager": {
      "globalRegion": "EMEA",
      "serverOwner": "John Doe"
    }
  },
  "values": {
    "aio_agent_build": "1.10.4",
    "aio_agent_version": "1.10.4",
    "architecture": "x86_64",

Notice that the external part is implied, though the foragers name will still need to be provided. The first fact in that example translates to $trusted['external']['example_forager']['globalRegion'] in Puppet code.

Alternatively, if you generated your factset using the PE client tools your trusted external data will be nested under the values hash. For example:

{
  "name": "node.puppetlabs.net",
  "values": {
    "aio_agent_build": "1.10.4",
    "aio_agent_version": "1.10.4",
    "architecture": "x86_64",
    "trusted": {
      "external": {
        "example_forager": {
          "globalRegion": "EMEA",
          "serverOwner": "John Doe"
        }
      }
    }

In this case, you're all set and onceover will auto-magically pick those up for you.

Note: The top level trusted_external hash takes precidence over the trusted[external] hash nested under values. Meaning that if you have any specified at the top level, any nested ones will not be considered. So pick ONE method and stick with that.

Hiera

If you have hiera data inside your controlrepo (or somewhere else) onceover can be configured to use it. It is however worth noting the hiera.yaml file that you currently use may not be applicable for testing right away. For example; if you are using hiera-eyaml I recommend creating a hiera.yaml purely for testing that simply uses the yaml backend, meaning that you don't need to provide the private keys to the testing machines.

It is also worth noting that any hiera hierarchies that are based on custom facts will not work unless those facts are part of your factsets. Trusted facts will also not work at all as the catalogs are being compiled without the node's certificate. In these instances it may be worth creating a hierarchy level that simply includes dummy data for testing purposes in order to avoid hiera lookup errors.

Puppetfile

Organisations often reference modules from their own git servers in the Puppetfile, like this:

mod "puppetlabs-apache",
  :git => "https://git.megacorp.com/pup/puppetlabs-apache.git",
  :tag => "v5.4.0"

Under the hood, onceover uses r10k to download the modules in your Puppetfile. If you get errors downloading modules from git, its because r10k's call to your underlying git command has failed. onceover tells you the command that r10k tried to run, so if you get an error like this:

INFO     -> Updating module /Users/dylan/control-repo/.onceover/etc/puppetlabs/code/environments
/production/modules/apache
ERROR    -> Command exited with non-zero exit code:
Command: git --git-dir /Users/dylan/.r10k/git/ssh---git.megacorp.com-pup-puppetlabs_apache.git fetch origin --prune
Stderr:
ssh_askpass: exec(/usr/bin/ssh-askpass): No such file or directory
Host key verification failed.

fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
Exit code: 128

Then the approach to debug it would be to run the command that Onceover suggested:

git --git-dir /Users/dylan/.r10k/git/ssh---git.megacorp.com-pup-puppetlabs_apache.git fetch origin --prune

In this case, running the command interactively gives us a prompt to add the server to our ~/.ssh/known_hosts file, which fixes the problem permanently:

$ git --git-dir /Users/dylan/.r10k/git/ssh---git.megacorp.com-pup-puppetlabs_apache.git fetch origin --prune
The authenticity of host 'git.megacorp.com (123.456.789.101)' can't be established.
...
Warning: Permanently added 'git.megacorp.com,123.456.789.101' (RSA) to the list of known hosts.

The other way to resolve this would have been to install the ssh_askpass program, but this can spam the screen with modal dialogs on some platforms.

r10k configuration

If you have custom r10k config that you want to use, place the r10k.yaml file in one of the following locations:

  • {repo root}/r10k.yaml
  • {repo root}/spec/r10k.yaml

A good use of this is enabling multi threading by creating the following in r10k.yaml:

# spec/r10k.yaml
---
pool_size: 20

Creating the config file

If your hiera.yaml is version 4 or 5 and lives in the root of the controlrepo (as it should), Onceover will pick this up automatically. If you would like to make changes to this file for testing purposes, create a copy under spec/hiera.yaml. Onceover will use this version of the hiera config file first if it exists.

Setting the datadir

Hiera Version Config File Location Required datadir
3 spec folder relative to the root of the repo e.g. data
4 deprecated Root of repo relative to the root of the repo e.g. data
4 deprecated spec folder relative to the spec folder e.g. ../data
5 Root of repo relative to the root of the repo e.g. data
5 spec folder relative to the spec folder e.g. ../data

hiera-eyaml

If you are using the hiera-eyaml backend there are some modifications that you will need to make in order to ensure that things actually work. Remember that when onceover compiles catalogs it is actually using hiera with your config file to do the lookups on the host that is running the tests, meaning that the hiera-eyaml gem will need to be present (put it in your Gemfile), as will the keys in the correct location, otherwise hiera will fail to load them. This is really not a great situation as you don't want to be distributing your private keys

Recommended Solution: I recommend that if you are using hiera-eyaml (which you probably should be) that you do the following:

  1. Duplicate your hiera.yaml file so that there is a copy in the spec/ directory
  2. Change the datadir setting as described above
  3. Remove the eyaml backend entirely and just use the base yaml backend. For hiera 5 this will look like:
---
version: 5
defaults:
  datadir: "../data"
  data_hash: yaml_data

This means that for testing, hiera will just return the encrypted string for anything that is encrypted using eyaml. This usually isn't a problem for catalog compilation and will allow tests to pass.

Spec testing

Once you have your onceover.yaml and factsets set up you are ready to go with spec testing.

To run the tests:

onceover run spec

This will do the following things:

  1. Create a temporary directory under .onceover
  2. Clone all repos in the Puppetfile into the temporary directory
  3. Generate tests that use rspec-puppet
  4. Run the tests

Adding your own spec tests

When using this gem adding your own spec tests is exactly the same as if you were to add them to a module, simply create them under spec/{classes,defines,etc.} in the Controlrepo and they will be run like normal, along with all of the it { should compile } tests.

Exposing Puppet output

If you want to see Puppet's output, you can set the SHOW_PUPPET_OUTPUT environment variable to true, eg:

SHOW_PUPPET_OUTPUT=true onceover run spec

Using workarounds

There may be situations where you cannot test everything that is in your puppet code, some common reasons for this include:

  • Code is destined for a Puppet Master but the VM image is not a Puppet Master which means we can't restart certain services etc.
  • A file is being pulled from somewhere that is only accessible in production
  • Something is trying to connect to something else that does not exist

Fear not! There is a solution for this, it's also a good way to practice writing nasty puppet code. For this exact purpose I have added the ability for onceover to include extra bits of code in the tests to fix things like this. All you need to do is put a file/s containing puppet code here:

spec/pre_conditions/*.pp

What this will do is it will take any puppet code from any files it finds in that directory and have it executed alongside the code that you are actually testing. For example if we are testing some code that notifies the pe-puppetserver service, but are not managing that service in our code because it is managed by the PE module that ships with Puppet Enterprise the following code will fail:

file { '/etc/puppetlabs/puppet/puppet.conf':
  ensure  => file,
  content => '#nothing',
  notify  => Service['pe-puppetserver'], # This will fail without the PE module!
}

To fix this we can add the service to the pre_conditions to make sure that our catalogs can compile e.g.

# spec/pre_conditions/services.pp
service { 'pe-puppetserver':
  ensure => 'running',
}

You can also mock out defined resources or types that you cannot gain access to easily, such as puppet_enterprise::mcollective::client:

  define puppet_enterprise::mcollective::client (
    $activemq_brokers,
    $logfile     = '/var/log',
    $create_user = true,
  ) {

  }

or

  define pe_ini_setting (
    $ensure  = present,
    $path,
    $section,
    $setting,
    $value,
  ) {
  }

Resource collectors are likely to come in handy here too. They allow you to override values of resources that match given criteria. This way we can override things for the sake of testing without having to change the code.

NOTE: If you want to access the class or factset that onceover is running against just use the $onceover_class and $onceover_node variables respectively.

Extra Tooling

Plugins

Onceover now allows for plugins. To use a plugin simply install a gem with a name that starts with onceover- and onceover will activate it.

Useful plugins:

If you want to write your own plugin, take a look at onceover-helloworld to help you get started.

Inspecting and updating the Puppetfile

Onceover comes with some extra commands for interacting with the Puppetfile in useful ways. These are:

onceover show puppetfile

This will display all the current versions of all modules that are in the Puppetfile alongside the latest versions and whether or not they are out of date. This is a useful took for making sure your modules don't get too stale.

onceover update puppetfile

This takes your Puppetfile and actually modifies all of the module versions in there to the latest versions and saves the file. This is useful for setting up automated Puppetfile updates, just get Jenkins or Bamboo to:

  1. Check out the Controlrepo
  2. Run onceover to get a passing baseline
  3. Update the Puppetfile with the latest versions of all modules
  4. Run Onceover again
  5. Create a pull request if all tests pass

Overriding Onceover's Templates

Onceover uses templates to create a bunch of files in the .onceover directory, these templates can be modified if required. To do this create your own custom template with the same name os the original in the spec/templates/ directory and it will be used in preference to the default template. e.g. spec/templates/spec_helper.rb.erb

Accessing Onceover in a traditional RSpec test

If you would like to use onceover.yaml to manage which tests you want to run, but want more than just it { should_compile } tests to be run you can write you own as follows:

# spec/classes/role_spec.rb
require 'spec_helper'
require 'onceover/controlrepo'
require 'helpers/shared_examples'

Onceover::Controlrepo.new.spec_tests do |class_name, node_name, facts, trusted_facts, trusted_external_data, pre_conditions|
  describe class_name do
    context "on #{node_name}" do
      let(:facts) { facts }
      let(:trusted_facts) { trusted_facts }
      let(:trusted_external_data) { trusted_external_data }
      let(:pre_condition) { pre_conditions }

      it_behaves_like 'soe'
    end
  end
end

This will use the soe shared example on all of the tests that are configured in your onceover.yaml including any pre_conditions that you have set up.

Note: Onceover will automatically run any extra Rspec tests that it finds in the normal directories spec/{classes,defines,unit,functions,hosts,integration,types} so you can easily use auto-generated spec tests in conjunction with your own Rspec tests.

Accessing fact sets in a traditional RSpec test

We can access all of our fact sets using Onceover::Controlrepo.facts. Normally it would be implemented something like this:

Onceover::Controlrepo.facts.each do |facts|
  context "on #{facts['fqdn']}" do
    let(:facts) { facts }
    it { should compile }
  end
end

Other (possibly less useful) methods

The following code will test all roles that onceover can find (ignoring the ones configured in onceover.yaml) on all nodes in native rspec:

require 'spec_helper'
require 'onceover/controlrepo'
Onceover::Controlrepo.roles.each do |role|
  describe role do
    Onceover::Controlrepo.facts.each do |facts|
      context "on #{facts['fqdn']}" do
        let(:facts) { facts }
        it { should compile }
      end
    end
  end
end

This will iterate over each role in the controlrepo and test that it compiles with each set of facts.

The same can also be done with profiles just by using the profiles method instead:

require 'spec_helper'
require 'onceover'
Onceover::Controlrepo.profiles.each do |profile|
  describe profile do
    Onceover::Controlrepo.facts.each do |facts|
      context "on #{facts['fqdn']}" do
        let(:facts) { facts }
        it { should compile }
      end
    end
  end
end

It is not limited to just doing simple "It should compile" tests. You can put any tests you want in here.

Also since the profiles, roles and facts methods simply return arrays, you can iterate over them however you would like i.e. you could write a different set of tests for each profile and then just use the facts method to run those tests on every fact set.

Filtering

You can also filter your fact sets based on the value of any fact, including structured facts. (It will drill down into nested hashes and match those too, it's not just a dumb equality match)

Just pass a hash to the facts method and it will return only the fact sets with facts that match the hash e.g. Testing a certain profile on against only your Windows fact sets:

require 'spec_helper'
require 'onceover'

describe 'profile::windows_appserver' do
  Onceover::Controlrepo.facts({
    'kernel' => 'windows'
    }).each do |facts|
    context "on #{facts['fqdn']}" do
      let(:facts) { facts }
      it { should compile }
    end
  end
end

Extra Configuration

You can modify the regexes that the gem uses to filter classes that it finds into roles and profiles. Just set up a Controlrepo object and pass regexes to the below settings.

repo = Onceover::Controlrepo.new()
repo.role_regex = /.*/ # Tells the class how to find roles, will be applied to repo.classes
repo.profile_regex = /.*/ # Tells the class how to find profiles, will be applied to repo.classes

Note that you will need to call the roles and profiles methods on the object you just instantiated, not the main class e.g. repo.roles not Onceover::Controlrepo.roles

Ruby Warnings

When running onceover with --debug you will see ruby warnings in your test output such as warning: constant ::Fixnum is deprecated. This is because when running without --debug onceover sets the RUBYOPT environment variable to -W0 during the run. If you would like to run in debug mode but still want to suppress ruby warnings, simply run the following command before your tests:

export RUBYOPT='-W0'

It is also worth noting if you want to use RUBYOPT for some other reason when testing you will need to use --debug to stop it being clobbered by onceover.

Rake tasks

I have included a couple of little rake tasks to help get you started with testing your control repos. Set them up by adding this to your Rakefile

require 'onceover/rake_tasks'

The tasks are as follows:

generate_fixtures

bundle exec rake generate_fixtures

This task will go though your Puppetfile, grab all of the modules in there and convert them into a .fixtures.yml file. (You only need this if you are writing your own custom spec tests) It will also take the environment.conf file into account, check to see if you have any relative pathed directories and also include them into the .fixtures.yml as symlinks. e.g. If your files look like this:

Puppetfile

forge "http://forgeapi.puppetlabs.com"

# Modules from the Puppet Forge
mod "puppetlabs/stdlib", "4.6.0"
mod "puppetlabs/apache", "1.5.0"

environment.conf

modulepath = site:modules:$basemodulepath
environment_timeout = 0

Then the .fixtures.yml file that this rake task will create will look like this:

---
fixtures:
  symlinks:
    profiles: site/profiles
    roles: site/roles
  forge_modules:
    stdlib:
      repo: puppetlabs/stdlib
      ref: 4.6.0
    apache:
      repo: puppetlabs/apache
      ref: 1.5.0

Notice that the symlinks are not the ones that we provided in environment.conf? This is because the rake task will go into each of directories, find the modules and create a symlink for each of them (This is what rspec expects).

Developing Onceover

Install gem dependencies:

bundle install

Clone the submodules

git submodule init && git submodule update --recursive

Execute tests

bundle exec rake

Contributors

Cheers to all of those who helped out:

  • @jessereynolds
  • @op-ct
  • @GeoffWilliams
  • @beergeek
  • @jairojunior
  • @natemccurdy
  • @aardvark
  • @Mandos
  • @Nekototori
  • @LMacchi
  • @tabakhase
  • @binford2k
  • @raphink
  • @tequeter
  • @alexjfisher
  • @smortex
  • @16c7x
  • @neomilium
  • @chlawren

More Repositories

1

json-schema

Ruby JSON Schema Validator
Ruby
1,447
star
2

puppetboard

Web frontend for PuppetDB
Python
698
star
3

hiera-eyaml

A backend for Hiera that provides per-value asymmetric encryption of sensitive data
Ruby
528
star
4

puppet-nginx

Puppet Module to manage NGINX on various UNIXes
Ruby
468
star
5

puppet-elasticsearch

Elasticsearch Puppet module
Ruby
406
star
6

beaker

Puppet Acceptance Testing Harness
Ruby
368
star
7

puppet-jenkins

Puppet module for Jenkins
Ruby
276
star
8

puppet-python

Puppet module for installing and managing Python, pip, virtualenvs and Gunicorn virtual hosts.
Ruby
197
star
9

puppet-logstash

Puppet module to manage Logstash
Puppet
192
star
10

puppet-rabbitmq

RabbitMQ Puppet Module
Ruby
174
star
11

puppet-mcollective

MCollective Server and Client Puppet Module
Ruby
122
star
12

puppet-consul

A Puppet Module to Manage Consul
Ruby
120
star
13

puppet-openvpn

OpenVPN module for puppet including client config/cert creation
Ruby
113
star
14

puppet-nodejs

Puppet module to install nodejs and global npm packages
Ruby
112
star
15

modulesync

Synchronize common files across your Git repositories.
Ruby
101
star
16

vagrant-librarian-puppet

A Vagrant plugin to install Puppet modules using Librarian-Puppet.
Ruby
101
star
17

puppet-r10k

Setup and configure r10k for use with git based environments in puppet
Ruby
98
star
18

pypuppetdb

Python library for working with the PuppetDB API
Python
93
star
19

puppet-mongodb

mongodb installation
Ruby
92
star
20

puppet-ghostbuster

👻 Dead code detector for Puppet
Ruby
89
star
21

puppet-letsencrypt

A Puppet module to install the Letsencrypt client and request certificates.
Ruby
86
star
22

puppet-php

Generic Puppet module to manage PHP on many platforms
Puppet
85
star
23

puppet-mode

Edit Puppet manifests with GNU Emacs 24
Emacs Lisp
77
star
24

puppet-gitlab

Puppet module to manage Gitlab (Omnibus)
Puppet
74
star
25

puppet-postfix

Puppet postfix module
HTML
72
star
26

puppet-collectd

Collectd module for Puppet
Ruby
70
star
27

puppet-syntax

Syntax checks for Puppet manifests and templates
Ruby
68
star
28

puppet-blacksmith

Ruby Gem with Puppet Module utilities
Ruby
68
star
29

puppet-network

Types and providers to manage network interfaces
Ruby
68
star
30

puppet-augeasproviders

Alternative Augeas-based providers for Puppet
Ruby
65
star
31

puppet-system

Manage Linux system resources and services from hiera configuration
Puppet
64
star
32

puppet-jira

Atlassian JIRA Puppet Module
Ruby
61
star
33

puppet-prometheus

Puppet module for prometheus
Puppet
60
star
34

puppet-archive

Compressed archive file download and extraction with native types/providers for Windows and Unix
Ruby
59
star
35

beaker-rspec

beaker-rspec is a bridge between the puppet acceptance test harness
Ruby
58
star
36

rspec-puppet-facts

Simplify your unit tests by looping on every supported Operating System and populating facts.
Ruby
58
star
37

puppet-puppetboard

Puppet module to install and manage puppetboard
Puppet
53
star
38

puppet-staging

⛔️ Deprecated in favor of puppet-archive
Ruby
51
star
39

puppet-pxe

Puppet module for deploying a PXE boot server
Puppet
49
star
40

hiera-eyaml-gpg

GPG encryption backend for the hiera-eyaml module
Ruby
49
star
41

puppet-systemd

Puppet module to manage systemd
Ruby
49
star
42

puppet-selinux

Puppet Module to manage SELinux on RHEL machines
Ruby
49
star
43

puppet-keepalived

Puppet Module to manage Keepalived
Ruby
48
star
44

puppet-prometheus_reporter

A prometheus Puppet reports exporter for Puppet
Ruby
48
star
45

puppet-iis

Module to mange IIS with Puppet
Ruby
46
star
46

puppet-corosync

Sets up and manages Corosync.
Ruby
45
star
47

puppet-dhcp

Puppet module for deploying dhcp
Ruby
42
star
48

puppet-epel

Setup/configure EPEL (extra repository for enterprise linux) with Puppet
Ruby
41
star
49

puppet-redis

Puppet Module to manage Redis
Ruby
40
star
50

puppet-openssl

Puppet OpenSSL module
Ruby
39
star
51

puppet-pkgng

A Puppet package provider for FreeBSD's PkgNG package manager.
Ruby
39
star
52

puppet-firewalld

Puppet module for managing firewalld
Ruby
39
star
53

puppet-splunk

Manage Splunk servers and forwarders using Puppet
Ruby
39
star
54

puppet-rundeck

Module for managing the installatation and configuration of the rundeck orchestration tool
Ruby
38
star
55

puppet-openldap

Manage OpenLDAP with Puppet
Ruby
35
star
56

puppet-vmwaretools

Puppet module to manage VMware Operating System Specific Packages for VMware tools installation.
Puppet
35
star
57

puppet-snmp

Puppet module to manage Net-SNMP.
Ruby
34
star
58

puppet-unattended_upgrades

Unattended-upgrades for APT
Ruby
33
star
59

puppet-dnsquery

DNS query functions for Puppet
Ruby
32
star
60

puppet-hiera

Hiera hierarchy module for templating `hiera.yaml`
Ruby
32
star
61

puppet-kafka

The kafka module for managing the installation and configuration of Apache Kafka
Puppet
30
star
62

puppet-fail2ban

This module installs, configures and manages the Fail2ban service.
Ruby
30
star
63

ra10ke

Rake tasks related to R10K and Puppetfile
Ruby
29
star
64

puppet-wildfly

Puppet module to install, configure and manage Wildfly (8/9/10+), JBoss EAP (6.1+/7.0+) and some Wildfly based products like apiman, Keycloak and Infinispan.
Ruby
29
star
65

puppet-windowsfeature

Library that uses ServerAdministration api that comes with Windows Server 2008 and Windows Server 2012 to add / remove windows features
Ruby
29
star
66

puppet-catalog-diff-viewer

A viewer for the puppet-catalog-diff tool
JavaScript
28
star
67

puppet-unbound

Puppet module for deploying the swiss-army of DNS, Unbound
Ruby
28
star
68

metadata-json-lint

Tool to check the validity of Puppet metadata.json files
Ruby
27
star
69

hiera-file

File backend for Hiera
Ruby
26
star
70

puppet-vault_lookup

Ruby
25
star
71

puppetdb-ruby

Ruby client library for interacting with PuppetDB API
Ruby
24
star
72

puppet-alternatives

Manage Debian alternatives links
Ruby
24
star
73

puppet-telegraf

A Puppet module for installing and configuring InfluxData's Telegraf
Ruby
24
star
74

puppet-healthcheck

Puppet resources to evaluate the health and status of things.
Ruby
22
star
75

puppet-puppetserver

Puppet module for puppetserver
Ruby
21
star
76

puppet-confluence

A puppet module to install confluence
Ruby
20
star
77

puppet-drbd

Basic module for configuring active-passive drbd resources
Puppet
20
star
78

puppet-stash

A puppet module to install atlassian stash
Ruby
19
star
79

puppet-kmod

manage kernel module with puppet
Ruby
18
star
80

puppet-mrepo

Puppet module for creating and managing RPM based repository mirrors.
Puppet
17
star
81

puppet-ssh_keygen

Generation of ssh keys with ssh-keygen
Ruby
17
star
82

puppet-windows_firewall

puppet module for configuring the windows firewall
Ruby
17
star
83

puppet-nomad

Puppet module for managing Nomad
Ruby
16
star
84

puppet-gluster

Create and manage Gluster pools, volumes, and mounts
Ruby
16
star
85

puppet-kibana

Kibana Puppet module by Elastic.
Ruby
16
star
86

puppet-filemapper

Map files to puppet resources and back
Ruby
15
star
87

puppet-proxysql

Puppet module to configure ProxySQL
Ruby
15
star
88

puppet-cron

Puppet module to manage cron jobs via /etc/cron.d
Ruby
14
star
89

puppet-tea

Puppet 4.6 Types: Abstracted & Extracted
Ruby
14
star
90

puppet-ca_cert

A puppet module for managing (non-system) CA certificates.
Ruby
14
star
91

puppet-minecraft

Puppet - Minecraft: Separately maintained fork of brannan's puppet-module-minecraft
Ruby
14
star
92

puppet-chrony

Puppet module for Chrony with Systemd
Ruby
13
star
93

puppet-smokeping

Puppet module to install and configure smokeping. Including target and slave definition
Puppet
13
star
94

puppet-cassandra

Installs Cassandra & DataStax Agent on RHEL/Ubuntu/Debian.
Ruby
13
star
95

puppet-googleauthenticator

Google-authenticator module for Puppet
Puppet
13
star
96

puppet-bareos

Puppet Module to manage bareos
Puppet
13
star
97

puppet-misp

This module installs and configures MISP (Malware Information Sharing Platform)
HTML
13
star
98

puppet_webhook

Sinatra-based application that triggers puppet-related commands from VCS Webhook calls
Ruby
13
star
99

puppet-extlib

This module provides functions that are out of scope for stdlib.
Ruby
13
star
100

puppet-gitlab_ci_runner

Module to mange gitlab CI runners. Extracted from https://github.com/voxpupuli/puppet-gitlab
Ruby
13
star