puppet in the enterprise
TRANSCRIPT
![Page 2: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/2.jpg)
Example Fileshttps://github.com/uphillian/lisa2014
Latest versionhttp://goo.gl/G0TLfJ
If you see something,say something!
Google Comments enabled
![Page 3: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/3.jpg)
Seriously, Trust Me...Animations Are Good things
Watch in Presentation Mode!
![Page 4: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/4.jpg)
PuppetConf 2013Mastering Puppet
Puppet Cookbook 4*
Me
![Page 5: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/5.jpg)
Email server
![Page 6: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/6.jpg)
time shift configuration configuration
management"Tend the flock, not the sheep"
-- Me
![Page 7: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/7.jpg)
The Puppet Problem
![Page 8: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/8.jpg)
The Puppet Problem
system administrators❏ scripts❏ pipes/redirection❏ lazy
developers❏ objects❏ code reuse❏ lazy
![Page 9: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/9.jpg)
Puppet Problem
system administrators
developers
![Page 10: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/10.jpg)
node
package
package
package
package
package
package
user
user
user
user
group
group
group
serviceservice
service
service
service
file
file
file
![Page 11: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/11.jpg)
package
package
package
package
package
package
user
user
user
user
group
group
group
serviceservice
serviceservice
service
file
file
file
module
module
module
![Page 12: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/12.jpg)
classes modules nodes
![Page 13: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/13.jpg)
Roles and Profiles
modules
modules
profile
profile
noderole
![Page 14: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/14.jpg)
Roles and Profiles and Exceptions
modules
modules
profile
profile
noderole
ENC HieraCMDBLDAP
![Page 15: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/15.jpg)
Goal
node thx1138 { class { 'role::drupal7': }}
![Page 16: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/16.jpg)
The Puppet Problem
❏ Minimize exceptions❏ if else if else if else if else if else❏ case
❏ case❏ case
❏ case
![Page 17: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/17.jpg)
Hiera
Separating data from codeTechniques:
❏ Parameterized classes❏ hiera_include❏ fact based hierarchy
But first...custom facts
![Page 18: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/18.jpg)
Why?❏ facts are loaded and defined early in
catalog compilation❏ facts can be used in hiera hierarchy❏ facts can be used as selectors in case
statements
custom facts
![Page 19: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/19.jpg)
Two methods:❏ external facts
❏❏❏ (chmod +x)
❏ custom facts❏
custom facts
![Page 20: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/20.jpg)
External facts:❏ simpler to write❏ unavailable for first catalog
compile❏ cannot use facts
custom facts
http://bluehawk.monmouth.edu/~rclayton/web-pages/s11-503/recursion.jpg
![Page 21: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/21.jpg)
custom facts
written in rubycan access previously defined factspuppet 3+ ⇒ automatically sync'ed
![Page 22: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/22.jpg)
Parameterized Classes
❏ class accepts parameters(arguments)
![Page 23: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/23.jpg)
Parameterized Classes
When?❏ Include without modification:
❏
❏
❏ Include with modification❏
![Page 24: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/24.jpg)
parameterized class
![Page 25: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/25.jpg)
Automatic Parameter lookup
requires puppet 3+
![Page 26: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/26.jpg)
Hierarchy
where the node lives
geography/ip/timezone
/etc/hieradata/cunning/ pst.yaml cmt.yaml est.yaml
pst.yaml
![Page 27: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/27.jpg)
hiera_include
hiera_include('lookupkey','notfound')
❏ Lookup 'lookupkey' in hiera❏ include each class listed in 'lookupkey'
❏ if nothing found, include 'notfound'❏ call hiera_include from site.pp
site.pp
![Page 28: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/28.jpg)
fact based hierarchy
hiera.yaml
![Page 29: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/29.jpg)
fact based hierarchy
hiera.yaml
/hieradata
/is_virtual
true.yaml
false.yaml
common.yaml
site.pp…
…
true.yaml
virtual_machine/manifests/init.pp
notfound/manifests/init.pp
![Page 30: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/30.jpg)
fact based hierarchy - custom fact
hiera.yaml
/hieradata
/custom_fact
this.yaml
that.yaml
another.yaml
![Page 31: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/31.jpg)
Centralized or Not?
![Page 32: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/32.jpg)
Centralized/Decentralized
![Page 33: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/33.jpg)
Decentralized
puppet apply
role node
![Page 34: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/34.jpg)
Centralized
puppet agent
Scaling
![Page 35: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/35.jpg)
Scaling
What is the most important thing to remember about puppet?
Puppet is a web service.Puppet is a web service on port 8140Puppet is an SSL web service on port 8140
![Page 36: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/36.jpg)
Scaling
REST APIhttps://puppet:8140/environment/resource/key
![Page 37: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/37.jpg)
Scaling
![Page 38: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/38.jpg)
Scaling
❏❏❏
![Page 39: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/39.jpg)
Scaling/apache
…
![Page 40: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/40.jpg)
Scaling: does it actually work?
Demo 1:VM
- proxy- passenger- puppetdb / postgresql
![Page 41: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/41.jpg)
Infrastructure as CodeSoftware as a ServicePlatform as a Service
![Page 42: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/42.jpg)
developmentcontinuous integrationrefactoring
buzzword something
workflow
![Page 43: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/43.jpg)
Workflow
Decentralized:❏ create machine❏ install puppet❏ apply role❏ download code❏ puppet apply
Centralized:❏ create machine❏ install puppet❏ apply role❏ puppet agent
![Page 44: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/44.jpg)
Hardware
physical
virtual
![Page 45: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/45.jpg)
Virtual Hardware
virtual
local
cloud
![Page 46: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/46.jpg)
Bootstrapping
Decentralized:❏ create machine❏ install puppet
(bootstrap)❏ apply role❏ download code❏ puppet apply
Centralized:❏ create machine❏ install puppet
(bootstrap)❏ apply role❏ puppet agent
![Page 47: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/47.jpg)
Bootstrapping
Install Puppet❏
❏
❏ install puppetlabs apt source❏
❏ install puppetlabs yum repo❏ tar file❏ port/brew install puppet
![Page 48: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/48.jpg)
Bootstrapping
Apply role❏ hiera
❏ ENCCMDB lookupLDAP lookup
❏ node definitionsite.pp
← doesn't scale well
![Page 49: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/49.jpg)
Bootstrapping
ensure puppet running❏ agent: service❏ apply: cron taskinstall puppet
![Page 50: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/50.jpg)
Workflow - creation
❏ Provision (VM/Physical)❏ Bootstrap puppet
❏ Assign role to node❏ Apply puppet (agent or apply)
❏ ensure puppet installed properly❏ ensure puppet running (service or cron task)
❏ Register node❏ monitoring / nagios
![Page 51: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/51.jpg)
Workflow - deletion
❏ Decommission (VM/Physical)❏ Remove role assignment
❏ hiera/enc/ldap❏ Delete from Reports
(foreman/console)❏ De-register node
❏ monitoring / nagios
![Page 52: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/52.jpg)
Workflow
Maximize return on investment:1. install puppet early2. apply bootstrap.pp manifest3. ***4. profit
![Page 53: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/53.jpg)
Scaling
![Page 54: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/54.jpg)
Workflow
OSTeam
ApplicationTeam
MiddlewareTeam
InfoSecTeam
![Page 55: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/55.jpg)
Workflow
OSTeam
ApplicationTeam
MiddlewareTeam
InfoSecTeam
automated workflow
![Page 56: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/56.jpg)
Workflow (code)
❏ Push code to masters❏ Branches
❏ Code promotion❏ Environments❏ Purge old
❏ Hieradata
![Page 57: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/57.jpg)
❏ defacto source code control for puppet
❏ integrates into workflow❏ cheap branches❏ hooks
![Page 58: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/58.jpg)
Git Hookshttp://goo.gl/dg5TVw
![Page 59: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/59.jpg)
❏ Branch is a reference❏ references are hashes❏ branches are cheap
![Page 60: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/60.jpg)
❏ branch == environment❏ directory environments (3.6+)
❏ directory with is the environment
![Page 61: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/61.jpg)
directory environments
branch
branch
![Page 62: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/62.jpg)
❏ repository 101❏ remote / origin❏ bare repos
gitserver
puppetworker
puppetworker
puppetworker
![Page 63: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/63.jpg)
❏ hooks❏ many hooks, two useful here:
❏
separate who can do what❏
push code
![Page 64: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/64.jpg)
❏ puppet-synchttps://github.com/pdxcat/puppet-sync
❏ pull down a single git repo
puppet-sync
gitserver
puppetworker
puppetworker
puppetworker
![Page 65: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/65.jpg)
puppet-sync
![Page 66: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/66.jpg)
puppet-sync
![Page 67: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/67.jpg)
Up to here
● single git repository● clone to each master (worker/CA)● automated
![Page 68: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/68.jpg)
❏ multiple git repositories❏ librarian-puppet❏ r10k
Workflow
![Page 69: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/69.jpg)
Puppetfile
![Page 70: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/70.jpg)
r10k
https://github.com/adrienthebo/r10k❏ Uses Puppetfile❏ local cache❏ Configuration file: r10k.yaml
r10k.yaml
![Page 71: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/71.jpg)
r10kr10k.yaml
/var/lib/git/puppet.git
Puppetfile
dist, local, ours
![Page 72: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/72.jpg)
r10k
deploy using r10k
even better
![Page 73: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/73.jpg)
r10k post-receive (git hook)
![Page 74: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/74.jpg)
r10k Workflow
master repository
Puppetfile
ModulesModules
forge
git github
![Page 75: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/75.jpg)
r10k Workflow
master repository
"He who controls the spice controls the
universe"Baron Vladimir Harkonnen
![Page 76: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/76.jpg)
r10k Workflow
One repository per moduleModules included by Puppetfiler10k repo controls everything
![Page 77: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/77.jpg)
hiera
hieradata is in git alsogithook pushes hiera codehiera = exceptions add modules/profiles to a node
![Page 78: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/78.jpg)
hieradata - multiple teams
multiple backends OS Team ⇒ JSON App Team ⇒ YAML WebGui ⇒ Database
You can still use an ENC too.
![Page 79: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/79.jpg)
Goal
node thx1138 { class { 'role::drupal7': }}
![Page 80: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/80.jpg)
Real Goal
code
modulepath
automated
datahieradata
automated
code
data
"If you are editing code in /etc/puppet, you are doing it
wrong." - Me
![Page 81: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/81.jpg)
Bootable ISO
tutorial.htmlDemo 2, 3 and 4
![Page 83: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/83.jpg)
Summary
Create a workflow/lifecycle for nodesCreate a workflow for code hieradataSeparate data from code: hieracreate a class hierarchy: roles/profilescentralize or decentralize: scaleKISS
![Page 84: Puppet in the Enterprise](https://reader034.vdocuments.net/reader034/viewer/2022051522/58a301501a28aba27f8bb44d/html5/thumbnails/84.jpg)
Questions?Comments?