titre sur 1 ou 2 lignes maximum - inriased.bordeaux.inria.fr/seminars/puppet_20140715.pdf · why...
TRANSCRIPT
Florent Paillot (SESI) 15 Juiillet 2014 - 1
Puppet Quand les serveurs deviennent des marionnettes
Mardi du dev
Summary
15 Juillet 2014 Florent Paillot (SESI) - 2
• What is Puppet ?
• Why Puppet ?
• Resource Abstration Layer
• Puppet language
• Modules
• Architecture
• Reporting
Summary
15 Juillet 2014 Florent Paillot (SESI) - 3
• * What is Puppet ?
• Why Puppet ?
• Resource Abstration Layer
• Puppet language
• Modules
• Architecture
• Reporting
What is Puppet
Florent Paillot (SESI) - 4
• Software Configuration Management system
• Written in Ruby
• Free software (Apache 2.0)
• Current version 3.6
• PuppetLabs since 2005
• Cross platform (Linux, Unix, Windows)
15 Juillet 2014
Summary
15 Juillet 2014 Florent Paillot (SESI) - 5
• What is Puppet ?
• * Why Puppet ?
• Resource Abstration Layer
• Puppet language
• Modules
• Architecture
• Reporting
Why Puppet ?
Florent Paillot (SESI) - 6
• Simplify the majority of the technical tasks
• The sysadmin work is written as code
• Configuration homogeneity
• Massive deployments/modifications become easy
15 Juillet 2014
Why Puppet ?
Florent Paillot (SESI) - 7
• Pets vs Cattle
• DevOps
• Continuous deployment/integration
• Other products : cfengine, chef, ansible
Summary
15 Juillet 2014 Florent Paillot (SESI) - 8
• What is Puppet ?
• Why Puppet ?
• * Resource Abstration Layer
• Puppet language
• Modules
• Architecture
• Reporting
Resource Abstraction Layer
Florent Paillot (SESI) - 9
• High level resources :
o Some types : package, service, file, user
o Providers : fulfillment of resources
o Package provider : yum, apt, pip, gem
• Available resources types :
o Puppet built-in
o 3rd party
15 Juillet 2014
Resource Abstraction Layer
Florent Paillot (SESI) - 10
augeas
computer
cron
exec
file
filebucket
group
host
interface
k5login
macauthorization
mailalias
maillist
mcx
mount
nagios_command
nagios_contact
nagios_contactgroup
nagios_hostdependency
nagios_hostescalation
nagios_hostextinfo
nagios_hostgroup
nagios_service
nagios_servicedependency
nagios_serviceescalation
nagios_serviceextinfo
nagios_servicegroup
nagios_timeperiod
notify
package
resources
router
schedule
scheduled_task
selboolean
puppet resource --type
15 Juillet 2014
Resource Abstraction Layer
Florent Paillot (SESI) - 11
user ==== Manage users. This type is mostly built to manage system users, so it is lacking some features useful for managing normal users. [..] Parameters ---------- allowdupe, attribute_membership, attributes, auth_membership, auths, comment, ensure, expiry, forcelocal, gid, groups, home, ia_load_module, iterations, key_membership, keys, managehome, membership, name, [...] Providers --------- aix, directoryservice, hpuxuseradd, ldap, pw, user_role_add, useradd, windows_adsi
puppet describe -s user
15 Juillet 2014
Resource Abstraction Layer
Florent Paillot (SESI) - 12
user { 'puppet':
ensure => 'present',
comment => 'Puppet',
gid => '52',
home => '/var/lib/puppet',
password => '!!',
password_max_age => '-1',
password_min_age => '-1',
shell => '/sbin/nologin',
uid => '52',
}
puppet resource user puppet
15 Juillet 2014
Summary
15 Juillet 2014 Florent Paillot (SESI) - 13
• What is Puppet ?
• Why Puppet ?
• Resource Abstration Layer
• * Puppet language
• Modules
• Architecture
• Reporting
Puppet language
Florent Paillot (SESI) - 14
• Declarative, Domain Specific Language
o Describe the desired state of the system by declaring
resources
o Ruby DSL is supported for complex logic
• Programs are called manifests
• A manifest is compiled into a catalog
15 Juillet 2014
Puppet language : concepts
Florent Paillot (SESI) - 15
• Nodes
• Classes
• Ordering (Run-stages)
• Variables, conditionnals
• Dependency relationship
• Tags
• Facts
15 Juillet 2014
Puppet language : nodes
Florent Paillot (SESI) - 16
node ‘myserver1‘ {
include classY
}
node ‘myserver2‘ {
include classX
}
15 Juillet 2014
• A block of code in one node’s catalog
Puppet language : classes
Florent Paillot (SESI) - 17
• Block of code to group resources
• Inheritances
• Parameters and variables
• Singleton
15 Juillet 2014
Puppet language : define
Florent Paillot (SESI) - 18 15 Juillet 2014
• Blocks of Puppet code that can be evaluated multiple
times with different parameters Inheritances
• Once defined, they act like a new resource type
Puppet language : define
Florent Paillot (SESI) - 19 15 Juillet 2014
define apache::vhost ($port, $docroot, $servername = $title, $vhost_name = '*')
{
include apache # contains Package['httpd'] and Service['httpd']
include apache::params # contains common config settings
$vhost_dir = $apache::params::vhost_dir
file { "${vhost_dir}/${servername}.conf":
content => template('apache/vhost-default.conf.erb'),
# This template can access all of the parameters and variables from above.
owner => 'www',
group => 'www',
mode => '644',
require => Package['httpd'],
notify => Service['httpd'],
}
}
Puppet language : variables/conditionnals
Florent Paillot (SESI) - 20
• Variable names are prefixed with a $
• Assignment :
15 Juillet 2014
$content = "some content\n"
• Resolution :
file {'/tmp/testing':
ensure => file,
content => $content, }
Puppet language : variables/conditionnals
Florent Paillot (SESI) - 21
15 Juillet 2014
case $operatingsystem {
centos, redhat: { $service_name = 'ntpd' }
debian, ubuntu: { $service_name = 'ntp' }
}
• Conditionnal statement : if, unless, case, selector
Puppet language : facts
Florent Paillot (SESI) - 22
• System information, available as « global variables »
in manifests
15 Juillet 2014
[machine ~]$facter
architecture => x86_64
augeasversion => 0.9.0
facterversion => 1.6.17
hardwareisa => x86_64
hardwaremodel => x86_64
is_virtual => true
kernel => Linux
kernelmajversion => 2.6
kernelrelease => 2.6.32-
279.19.1.el6.x86_64
kernelversion => 2.6.32
lsbdistcodename => Final
lsbdistdescription => CentOS
release 6.3 (Final)
lsbdistid => CentOS
lsbdistrelease => 6.3
Summary
15 Juillet 2014 Florent Paillot (SESI) - 23
• What is Puppet ?
• Why Puppet ?
• Resource Abstration Layer
• Puppet language
• * Modules
• Architecture
• Reporting
Puppet language : modules
Florent Paillot (SESI) - 24
• Self-contained bundles of code and data
• Nearly all puppet manifests belong in module
15 Juillet 2014
<MODULE NAME>
- manifests
- files
- templates
- lib
- facts.d
- tests
- spec
Summary
15 Juillet 2014 Florent Paillot (SESI) - 25
• What is Puppet ?
• Why Puppet ?
• Resource Abstration Layer
• Puppet language
• Modules
• * Architecture
• Reporting
Architecture
Florent Paillot (SESI) - 26
• Pull-based agent/master mode
• REST API
• Master stores manifests
• Agent requests its catalog from the master
• Client-Master encryption (integrated PKI)
15 Juillet 2014
Standalone VS Agent-Server
Florent Paillot (SESI) - 27 15 Juillet 2014
Summary
15 Juillet 2014 Florent Paillot (SESI) - 28
• What is Puppet ?
• Why Puppet ?
• Resource Abstration Layer
• Puppet language
• Modules
• Architecture
• * Reporting
Reporting
Florent Paillot (SESI) - 29
• Agent can be configured to send reports at the end of
every configuration run :
o Logs
o Resources change, exec time
• Local logs
• Puppet Dashboard for graphic reports
Reporting : nagios/RRD integration
Florent Paillot (SESI) - 30 15 Juillet 2014
Questions ?
Florent Paillot (SESI) - 31