At the end of 2012 ESPN undertook an effort to modernize its deployment and maintenance of linux based platform services. ESPN faced a challenging problem in that hundreds of servers needed to be puppetized yet the largest cluster of identical servers was only eight servers. Therefore having a puppet environment that was flexible, consistent, simple to understand and data driven was critical to success. This session looks at the architectural decisions made by ESPN while performing a green field implementation of Puppet 3.0 and reflects on the resulting good and bad of those decisions.
Ben Schofield
Senior Application Architect, ESPN
Ben Schofield is the middleware architect for ESPN. With 11 years of IT experience working for Fortune 200 companies in the retail, insurance, financial and media industries, Ben has seen the good, bad and ugly of IT operations and management. He brings a unique perspective on how a well designed devops team with the right mind set can help large IT departments reduce costs and decrease time to market.
3. • Rapid growth
– Number of servers being provisioned
– New services being provided
• Manual configurations
• Drift
• Silos
• Traditional clouds not reasonable
5. • Push button configuration
• Self service for customers
• Visibility into state of configurations
– Reports
• Simplify knowledge transfer
• Data driven
• Elastic
• Build/rebuild a node at anytime
10. • Inherent Facts
– Facter
– Exists simply because the node exists.
• Derived Facts
– Business rules applied to inherent facts.
– Puppet custom facts
• Assigned Facts
– Exist because we deem it to be true.
– Top or node scoped variables
11. Assigned Facts
• espn_role
– Identifes the role class to be applied
• espn_cluster
– Identifies nodes in the cluster
• espn_env
– workstation, dev, test, qa, prod
• espn_owner
– change notifications
– security delegation
– licensing
13. Role
• Aligns with business and or IT needs
• Defines everything on a node
• Used for classification of nodes
• Exactly one role per node
• Includes profiles and releases
• espn_role
24. Resources
• The building blocks
• Everything managed is a resource
• Defined in modules, used by profiles
• Two resources never manage the same
configuration
25. Modules
• Isolate resources within the module
• Never reference another module
• No organizational specific logic
• init.pp is a minimal installer
• Reusability is key
26. R RR RR RR R
R RR RR RR R
R RR RR RR R
R RR RR RR R
R RR RR RR R
Resources by module
27. R RR RR RR R
R RR RR RR R
R RR RR RR R
R RR RR RR R
R RR RR RR R
Never cross modules
32. Release
• Special type of profile
• Knows how to install on top of a profile
• Deploys resources from an “artifact hash”
• Cleans up removed artifacts
• Driven by versioned release id
– espn_release_id
33. Artifact Hash
• Defines abstract resources in a release
• Contract between developers and
operational groups
• Profile agnostic
35. Example Release
Class release::studio_record{
artifact_hash = hiera(‘artifacts’,undef,”release/${espn_release_id}”)
#modify the artifact hash so it can be used with create_resources
#set organization specific parameters such URL’s to the artifact repo
resources {‘jboss7_datasource: purge => true,}
create_resources(jboss7_datasource, $artifact_hash[‘datasources’])
resources {‘jboss7_deployment: purge => true,}
create_resources(jboss7_deployment, $artifact_hash[‘applications’])
}
42. Observations
Decision
(Hypothesis)
Action
(Test)
Observe Orient Decide Act
Feedback
Feedback
Unfolding
Circumstances
Outside
Information
Unfolding
Interaction
With
Environment
Cultural
Traditions
Analysis &
Synthesis
Previous
Experience
New
Information
Genetic
Heritage
Feedback
Implicit
Guidance
& Control
Implicit
Guidance
& Control
43. OODA Loop
"Time is the dominant parameter. The
pilot who goes through the OODA cycle in
the shortest time prevails because his
opponent is caught responding to
situations that have already changed.“
Harry Hillaker (chief designer of the F-16)
44. Observations
Decision
(Hypothesis)
Action
(Test)
Observe Orient Decide Act
Feedback: Puppet runs on dev/test puppet environments
Feedback
Unfolding
Circumstances
Outside
Information
Unfolding
Interaction
With
Environment
Cultural
Traditions
Analysis &
Synthesis
Previous
Experience
New
Information
Genetic
Heritage
Feedback
Implicit
Guidance
& Control
Implicit
Guidance
& Control
45. Observations
Decision
(Hypothesis)
Action
(Test)
Observe Orient Decide Act
Feedback: Puppet runs on dev/test puppet environments
Feedback: (Test) Noop puppet run on production
Unfolding
Circumstances
Outside
Information
Unfolding
Interaction
With
Environment
Cultural
Traditions
Analysis &
Synthesis
Previous
Experience
New
Information
Genetic
Heritage
Feedback
Implicit
Guidance
& Control
Implicit
Guidance
& Control
47. Observations
Decision
(Hypothesis)
Action
(Test)
Observe Orient Decide Act
Feedback: Puppet runs on dev/test puppet environments
Feedback: (Test) Noop puppet run on production
Unfolding
Circumstances
Outside
Information
Unfolding
Interaction
With
Environment
Puppet
Dashboard
Cultural
Traditions
Analysis &
Synthesis
Previous
Experience
New
Information
Genetic
Heritage
Feedback: (Action) No-noop puppet run on production
Implicit
Guidance
& Control
Implicit
Guidance
& Control
48. Configuration Changes
• Always noop first
• Always target nodes with filters
• Always use tags
• Validate changes then apply –no-noop
mco puppet runonce
--no-noop
-C jboss-eap-6
--tag initscript --tag jboss-eap-6
49. Observations
Decision
(Hypothesis)
Action
(Test)
Observe Orient Decide Act
Feedback: Puppet runs on dev/test puppet environments
Feedback: (Test) Noop puppet run on production
Unfolding
Circumstances
Outside
Information
Cultural
Traditions
Analysis &
Synthesis
Previous
Experience
New
Information
Genetic
Heritage
Feedback: (Action) No-noop puppet run on production
Implicit Guidance & Control:
MCollective Agent Plugins
Implicit
Guidance
& Control
Unfolding
Interaction
With
Environment
Puppet
Dashboard
51. Do Differently?
• Implement MCollective first
– Security
– Sub-collectives
– Availability
• Plan for developer dashboards
• Implement Custom ENC
52. Nice to have?
• Puppet runs that span multiple nodes
– Allocate disk on node A, create shared
filesystem on node B
• Resources automatically tagged with
catalog unique identifiers
• Role based access control for
dashboard
Welcome everyone Ask for show of hands about managers and those looking to implement puppet for the first time. Timeline: Challenges Objectives Data Classification MCollective
1 new server per business day in that last 12 months Silos – request and wait processes
adhoc manual changes helps with troubleshooting return service activies apply changes to legacy servers without breaking them
How we wanted to use puppet initially IAAS not in scope Developed an ISO with kernel and puppet rpm’s to do kickstart provisioning which runs puppet auto
----- Meeting Notes (8/13/13 08:56) ----- adhoc manual changes helps with troubleshooting return service activies dynamic changed to elasticity ephemeral apply changes to legacy servers without breaking them
Talk about Data first and the Classification How we think about the data in terms of puppet How we apply the right data to the right nodes
Derived and assigned facts are not puppet terminology
Glance over this slide Will go into detail in the coming slides
How we apply resources
Classification from a bottom up perspective
----- Meeting Notes (8/13/13 08:56) ----- give example reit
Class parameters should be declared as defaults in hiera. They are added here for clarity. Not showing all the jboss resources used to configur secruity and common services
Jms queues and topic Any resource application server resource for example: virtual hosts
Releases can deploy same artifact hash to multiple different types of profiles. Allows swapping out vendor software
----- Meeting Notes (8/13/13 08:56) ----- put top down slide before this slide
Future plan is to add IAAS assigned facts to do provisioning and replace kickstart IAAS assigned facts Availability zones cpu/mem/disk
----- Meeting Notes (8/13/13 08:56) ----- missing arrows on this slide talk about devops team and dashboard