SlideShare uma empresa Scribd logo

Puppeting in a Highly Regulated Industry

Puppet
Puppet

"Puppeting in a Highly Regulated Industry" by Marinus Damm of PGE at Puppet Camp Portland 2014.

TecnologiaNegócios
1 de 31
Baixar para ler offline
Puppe%ng   in  a     Highly  Regulated  Industry   Marinus  Damm   marinus.damm@pgn.com  
Every  business  is  regulated…   •  Labor  regs                minimum  wage,  paid  sick  leave,  hours  and  breaks   •  Money  regs                income  tax  withholding,  accoun%ng  prac%ces  (SOX)   •  Safety  regs              protec%ve  equipment,  training,  repor%ng  accidents   •  Licensing  regs                  business  license,  HAZMAT,  serving  liquor  
“Highly  Regulated”   as  it  pertains  to  system  administra#on   Ac#ve  Monitoring   Level  of  Detail  of  regs  
Ac#ve  Monitoring   Level  of  Detail  of  regs   Is  a  Policy  in  place?         Are  Procedures  to  implement  that  in  place?         Do  employees  receive  Training  on  P&P?         Can  you  Prove  that  P&P  are  followed?  
Ac#ve  Monitoring   Level  of  Detail  of  regs   •  •  •  •  •  Separa%on  of  du%es   Data  access   System  access  %meouts   Least  privilege   Passwords   •  “Passwords  shall  be  at  least  eight  characters  in  length,  and  shall   include  at  least  one  uppercase  character,  one  lowercase  character,   one  numeral,  and  one  special  character.”  
Who  Is  The  Boss?   FERC:  Federal  Energy  Regulatory  Commission     and  its  designee         NERC:  North  American  Electric  Reliability  Corp.    
Power  Flow   to  Congress   to  FERC   to  NERC   United States Constitution   Art. 1, Sec. 8 “to regulate commerce among the several states” Do  this,  or  else.   Or  else  what?      $$  Fines,  baby…  fines.    
Power  Surge   •  Used  to  be  that  NERC  made  sugges%ons  only     •  As  electric  power  suppliers  were  deregulated,   the  need  for  predictable  delivery  increased     •  In  2006,  FERC  designated  NERC  as  the  na%onal   ‘Electric  Reliability  Organiza%on’         •  NERC’s  sugges%ons  are  now  Standards.    
How  Can  Companies  Get  On  Track?   Obviously  all  these  NERC  P&Ps  will            massively  increase  produc%vity….    or  not     So  how  do  we  deal  with  the  new  strictures?       à  We  need  a  framework!   Anybody  got  one?    
Coincidentally,  on  a  Parallel  Track…     Aber  the  …  excesses  …  of  the  dot-­‐com  era,  the   business  side  wanted  to  rein  in  IT   Information Technology Infrastructure Library (ITIL)
Two  Tracks  Align   •  The  FERC  Reliability  Standards,  plus   •  The  MBAs’  counteradack  on  Techies                                                                                                              gave  us     *            CHANGE  MANAGEMENT  
Change  Management   The objective of change management ... is to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes to control IT infrastructure, in order to minimize the number and impact of any related incidents upon service. from  the  wikipedia  ar#cle      
Simplified  Example  of  Change  Flow   1.  2.  3.  4.  5.  6.  7.  8.  9.  Sysadmin  writes  proposal  for  new  sehng   Different  sysadmin  or  manager  agrees   Sysdmin  becomes  Change  Owner,  engages  CM  tool:   Describe  business  effects  of  doing/not  doing   Iden%fy  systems/services/apps/users  affected   Design  the  procedure  (including  verifica%on  and  backout  plan)   Design  and  execute  a  test  plan   Change  Owner  schedules  %me  for  change   Every  affected  IT  group  assesses  change  impact   Every  affected  system/service/app/user  reviews  change  and  authorizes   Change  Board  considers  all  imminent  changes,  weighs  risks  and   conflicts,  approves  change  for  implementa%on   Change  Owner  executes  procedure  at  scheduled  %me   Change  Owner  completes  change  record  
And  that's  just  for  the  kiddie  systems   The  systems  handling  the  power  grid  proper  are  a  whole  'nuther  animal.    
Ques%ons?  Correc%ons?  
Why  do  we  puppet  the  way  we  do?   Power History Accountability
Why  do  we  puppet  the  way  we  do?   Power History Accountability
Why  do  we  puppet  the  way  we  do?   Power History Accountability
PGE  –  PEC   (Puppet  Enterprise  Components)   puppet  master   hdp   unk   puppet  console   DB   webservice   dev   puppet  db   tst   prd   webservice   database   All  three  are  VMs,  2  cores/8GB  ram,  RHEL  
PGE  –  Puppet  Environments   Every  node  is  in  one  and  only  one  environment.       The  puppetmaster  has  three  parallel  directory  structures:        /etc/puppetlabs/puppet/environments/[dev|tst|prd] unk   dev       The  directories  are  all  clones  of  a  single  git  repo,  and  pull   from  that  remote  repo  for  manifest  and  module  updates.   tst   prd  
PGE  -­‐  Promo%on   dev  –      80  or  so  systems      deploy,  then  watch  puppet  reports  to  verify        what’s  changing...        and  that  things  don’t  keep  changing.                                     tst  –      around  100  systems    Collect  ‘test  results’  for  inclusion  in  the  Change         dev   tst   change  management  bar   prd  –    around  120  systems    Several  new  or  revised  modules  are  promoted        as  a  single  change  –  an  ‘OS  Release’   prd  
PGE  -­‐  Keeping  Tabs  With  Custom  Facts   •  third-­‐party  sobware     •  locate  inconsistency     •  feed  our  manifests  and  templates  
PGE  -­‐  Custom  Facts  Defined   # synergy_status.rb Facter.add("synergy_installed") do setcode do File.executable?("/usr/bin/syninfo") end end Facter.add("synergy_joined") do confine :synergy_installed => true setcode do domain = Facter::Util::Resolution.exec(‘syninfo --domain') domain.eql?(“it.pgn.com") end end Facter.add("synergy_status") do setcode do if Facter.value(:synergy_installed) if Facter.value(:synergy_joined) Facter::Util::Resolution.exec(‘syninfo --mode') else "Not_Joined" end else "Not_Installed" end end end
PGE  -­‐  Custom  Facts  Realized   synergy_installed => true synergy_joined => true synergy_status => connected These  are  reportable/searchable  via  PuppetDB.  
PGE  -­‐  Custom  Facts  Available   #!/bin/bash FACT=$1 VALUE=$2 curl -X GET -H "Accept: application/json" --cacert /home/marinus/puppetInventory/ca.pem --cert /home/marinus/puppetInventory/cert.pem --key /home/marinus/puppetInventory/private.pem 'https://puppetdb:8081/v2/facts/'${FACT} --data-urlencode 'query=["not", ["=", "value", "'${VALUE}'"]]' Just  show  me  systems  where  Synergy  is  not  ‘connected’:            /facts_without_value.sh synergy_status connected
PGE  -­‐  Really  Simple  Modules   •  A  few  module-­‐level  variables      probably  set  from  facts  or  literals,  not  computed     •  A  File  resource      usually  a  .conf  file     •  A  Service  resource      subscribed  to  the  file  resource  
PGE  -­‐  Really  Similar  Modules   •  If  you’ve  seen  one,  you’ve  seen  ‘em  all     •  Every  file’s  content  comes  from  a  template      even  if  there’s  no  variability     •  puppet-­‐lint      helps  us  enforce  textual  appearance    
PGE  –  Common  Module  Layout   class synergy { if $::synergy_installed != 'true' { warning('This node does not have Synergy installed') } else { $os = $::operatingsystem $filegroup = $os ? { /AIX/ => 'system', /RedHat/ => 'root', default => 'unk', } File { ensure => file, mode => '0644', owner => 'root', group => $filegroup, } file { '/etc/synergy/gid.ignore': content => template ("synergy/gid.ignore.${os}.erb"), } file { '/etc/synergy/synergy.conf': content => template ("synergy/synergy.conf.${os}.erb"), } service { 'synergy': ensure => running, enable => true, subscribe => File['/etc/synergy/synergy.conf'], } } }
coda   Puppet  Enterprise     gives  us  Power    lets  us  deal  with  our  History    eases  Accountability   Marinus  Damm   marinus.damm@pgn.com  
PGE  Service  Territory   St. Helens PGE SERVICE TERRITORY 30 Scapoose 26 Banks North Plains 5 30 Fairview 47 84 26 84 10 Milwaukie Tigard King City Scholls YAMHILL CO Tualatin Carlton 47 99W Dayton 212 Sandy 219 26 Eagle Creek 26 Zigzag 211 99E Government Camp Estacada Canby Barlow 26 HOOD RIVER CO WASCO CO Aurora St. Paul 224 Mulino 99E Hubbard 18 99W Brightwood 211 Oregon City Willsonville 26 224 213 MARION CO YAMHILL CO Lafayette McMinnville YAMHILL CO Newberg Dundee Carver West Linn 5 99W MULTNOMAH CO CLACKAMAS CO Johnson City 43 205 Yamhill VE R CO MA H CO Boring Lake Oswego Rivergrove 47 219 Happy Valley 205 217 WASHINGTON CO NO 99E Beaverton 210 T UL 219 84 30 26 10 Gaston Troutdale Gresham RI Portland 8 Wood Village M 405 OD Hillsboro 8 Cornelius HO Forest Grove 221 Colton 211 Woodburn 211 5 AC CO A M KA O N C MA 18 Willamina Molalla CL Amity Sheridan RI 213 Gervais S O Mt. Angel Grand Ronde 99E 214 213 Marquam Scotts Mills Keizer 22 Silverton 221 213 99W 22 Salem 5 214 WASHINGTON COUNTY 214 MULTNOMAH COUNTY YAMHILL COUNTY Counties Columbia CLACKAMAS COUNTY Washington Multnomah POLK COUNTY MARION COUNTY Yamhill Clackamas Marion Polk Turner •  About  a  million  points  of  delivery   •  1400  servers  (Windows  &  UNIX)   •  Sixty  people  in  IT  Infrastructure            …  and  nice  benefits  
Puppeting in a Highly Regulated Industry

Recomendados

Raid Data Recovery Whitepaper
Raid Data Recovery WhitepaperRaid Data Recovery Whitepaper
Raid Data Recovery Whitepaperjacob ekker
 
Delivering Operational Intelligence at NAB with Splunk, Gartner Symposium ITX...
Delivering Operational Intelligence at NAB with Splunk, Gartner Symposium ITX...Delivering Operational Intelligence at NAB with Splunk, Gartner Symposium ITX...
Delivering Operational Intelligence at NAB with Splunk, Gartner Symposium ITX...Splunk
 
Puppet Camp Tokyo 2014: Why we stopped using Puppet Agent Daemon
Puppet Camp Tokyo 2014: Why we stopped using Puppet Agent Daemon Puppet Camp Tokyo 2014: Why we stopped using Puppet Agent Daemon
Puppet Camp Tokyo 2014: Why we stopped using Puppet Agent Daemon Puppet
 
Puppetconf2011 small
Puppetconf2011 smallPuppetconf2011 small
Puppetconf2011 smallPuppet
 
State of Puppet
State of PuppetState of Puppet
State of PuppetPuppet
 
Puppet: State of the Community 2012
Puppet: State of the Community 2012Puppet: State of the Community 2012
Puppet: State of the Community 2012Puppet
 
Dave Anderson of Ammeon at PuppetCamp Dublin '12
Dave Anderson of Ammeon at PuppetCamp Dublin '12Dave Anderson of Ammeon at PuppetCamp Dublin '12
Dave Anderson of Ammeon at PuppetCamp Dublin '12Puppet
 
Puppet Camp Berlin 2014 Closing Keynote: Next steps for doing more awesome th...
Puppet Camp Berlin 2014 Closing Keynote: Next steps for doing more awesome th...Puppet Camp Berlin 2014 Closing Keynote: Next steps for doing more awesome th...
Puppet Camp Berlin 2014 Closing Keynote: Next steps for doing more awesome th...Puppet
 

Recomendados

Raid Data Recovery Whitepaper
Raid Data Recovery WhitepaperRaid Data Recovery Whitepaper
Raid Data Recovery Whitepaperjacob ekker
 
Delivering Operational Intelligence at NAB with Splunk, Gartner Symposium ITX...
Delivering Operational Intelligence at NAB with Splunk, Gartner Symposium ITX...Delivering Operational Intelligence at NAB with Splunk, Gartner Symposium ITX...
Delivering Operational Intelligence at NAB with Splunk, Gartner Symposium ITX...Splunk
 
Puppet Camp Tokyo 2014: Why we stopped using Puppet Agent Daemon
Puppet Camp Tokyo 2014: Why we stopped using Puppet Agent Daemon Puppet Camp Tokyo 2014: Why we stopped using Puppet Agent Daemon
Puppet Camp Tokyo 2014: Why we stopped using Puppet Agent Daemon Puppet
 
Puppetconf2011 small
Puppetconf2011 smallPuppetconf2011 small
Puppetconf2011 smallPuppet
 
State of Puppet
State of PuppetState of Puppet
State of PuppetPuppet
 
Puppet: State of the Community 2012
Puppet: State of the Community 2012Puppet: State of the Community 2012
Puppet: State of the Community 2012Puppet
 
Dave Anderson of Ammeon at PuppetCamp Dublin '12
Dave Anderson of Ammeon at PuppetCamp Dublin '12Dave Anderson of Ammeon at PuppetCamp Dublin '12
Dave Anderson of Ammeon at PuppetCamp Dublin '12Puppet
 
Puppet Camp Berlin 2014 Closing Keynote: Next steps for doing more awesome th...
Puppet Camp Berlin 2014 Closing Keynote: Next steps for doing more awesome th...Puppet Camp Berlin 2014 Closing Keynote: Next steps for doing more awesome th...
Puppet Camp Berlin 2014 Closing Keynote: Next steps for doing more awesome th...Puppet
 
Design Summit - Advanced policy state management - John Hardy
Design Summit - Advanced policy state management - John HardyDesign Summit - Advanced policy state management - John Hardy
Design Summit - Advanced policy state management - John HardyManageIQ
 
IRJET- Smart Tracking System for Healthcare Monitoring using GSM/GPS
IRJET- Smart Tracking System for Healthcare Monitoring using GSM/GPSIRJET- Smart Tracking System for Healthcare Monitoring using GSM/GPS
IRJET- Smart Tracking System for Healthcare Monitoring using GSM/GPSIRJET Journal
 
IRJET- A Review on Aluminium (LM 25) Reinforced with Boron Carbide (B4C) & Tu...
IRJET- A Review on Aluminium (LM 25) Reinforced with Boron Carbide (B4C) & Tu...IRJET- A Review on Aluminium (LM 25) Reinforced with Boron Carbide (B4C) & Tu...
IRJET- A Review on Aluminium (LM 25) Reinforced with Boron Carbide (B4C) & Tu...IRJET Journal
 
Automating IT Analytics to Optimize Service Delivery and Cost at Safeway - A ...
Automating IT Analytics to Optimize Service Delivery and Cost at Safeway - A ...Automating IT Analytics to Optimize Service Delivery and Cost at Safeway - A ...
Automating IT Analytics to Optimize Service Delivery and Cost at Safeway - A ...TeamQuest Corporation
 
Monitoring IAAS & PAAS Solutions
Monitoring IAAS & PAAS SolutionsMonitoring IAAS & PAAS Solutions
Monitoring IAAS & PAAS SolutionsColloquium
 
Openstack Cloud Management and Automation Using Red Hat Cloudforms 4.0
Openstack Cloud Management and Automation Using Red Hat Cloudforms 4.0Openstack Cloud Management and Automation Using Red Hat Cloudforms 4.0
Openstack Cloud Management and Automation Using Red Hat Cloudforms 4.0Prasad Mukhedkar
 
Implementing Vulnerability Management
Implementing Vulnerability Management Implementing Vulnerability Management
Implementing Vulnerability Management Argyle Executive Forum
 
Policy Guided Fulfillmentof Murano Applications
Policy Guided Fulfillmentof Murano ApplicationsPolicy Guided Fulfillmentof Murano Applications
Policy Guided Fulfillmentof Murano Applicationsrpospisil
 
Large Data Management Strategies
Large Data Management StrategiesLarge Data Management Strategies
Large Data Management StrategiesSalesforce Developers
 
VMworld 2013: Gaining Insight in Meditech with vCenter Operations Management ...
VMworld 2013: Gaining Insight in Meditech with vCenter Operations Management ...VMworld 2013: Gaining Insight in Meditech with vCenter Operations Management ...
VMworld 2013: Gaining Insight in Meditech with vCenter Operations Management ...VMworld
 
Asp Abstracts, Sample Copy 15+ Abstracts
Asp Abstracts, Sample Copy 15+ AbstractsAsp Abstracts, Sample Copy 15+ Abstracts
Asp Abstracts, Sample Copy 15+ Abstractsncct
 
Operations: Production Readiness
Operations: Production ReadinessOperations: Production Readiness
Operations: Production ReadinessAmazon Web Services
 
Brighttalk brining it all together - final
Brighttalk brining it all together - finalBrighttalk brining it all together - final
Brighttalk brining it all together - finalAndrew White
 
Start Up Austin 2017: Production Preview - How to Stop Bad Things From Happening
Start Up Austin 2017: Production Preview - How to Stop Bad Things From HappeningStart Up Austin 2017: Production Preview - How to Stop Bad Things From Happening
Start Up Austin 2017: Production Preview - How to Stop Bad Things From HappeningAmazon Web Services
 
About IT Analyzer
About IT AnalyzerAbout IT Analyzer
About IT Analyzerguest8464ae
 
Regain Control Thanks To Prometheus
Regain Control Thanks To PrometheusRegain Control Thanks To Prometheus
Regain Control Thanks To PrometheusEtienne Coutaud
 
Monitoring Clusters and Load Balancers
Monitoring Clusters and Load BalancersMonitoring Clusters and Load Balancers
Monitoring Clusters and Load BalancersPrince JabaKumar
 
Normal accidents and outpatient surgeries
Normal accidents and outpatient surgeriesNormal accidents and outpatient surgeries
Normal accidents and outpatient surgeriesJonathan Creasy
 
Brighttalk high scale low touch and other bedtime stories - final
Brighttalk high scale low touch and other bedtime stories - finalBrighttalk high scale low touch and other bedtime stories - final
Brighttalk high scale low touch and other bedtime stories - finalAndrew White
 
Puppet Camp Atlanta 2014: Keynote
Puppet Camp Atlanta 2014: Keynote Puppet Camp Atlanta 2014: Keynote
Puppet Camp Atlanta 2014: Keynote Puppet
 
Puppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepoPuppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepoPuppet
 
Puppetcamp r10kyaml
Puppetcamp r10kyamlPuppetcamp r10kyaml
Puppetcamp r10kyamlPuppet
 

Mais conteúdo relacionado

Semelhante a Puppeting in a Highly Regulated Industry

Design Summit - Advanced policy state management - John Hardy
Design Summit - Advanced policy state management - John HardyDesign Summit - Advanced policy state management - John Hardy
Design Summit - Advanced policy state management - John HardyManageIQ
 
IRJET- Smart Tracking System for Healthcare Monitoring using GSM/GPS
IRJET- Smart Tracking System for Healthcare Monitoring using GSM/GPSIRJET- Smart Tracking System for Healthcare Monitoring using GSM/GPS
IRJET- Smart Tracking System for Healthcare Monitoring using GSM/GPSIRJET Journal
 
IRJET- A Review on Aluminium (LM 25) Reinforced with Boron Carbide (B4C) & Tu...
IRJET- A Review on Aluminium (LM 25) Reinforced with Boron Carbide (B4C) & Tu...IRJET- A Review on Aluminium (LM 25) Reinforced with Boron Carbide (B4C) & Tu...
IRJET- A Review on Aluminium (LM 25) Reinforced with Boron Carbide (B4C) & Tu...IRJET Journal
 
Automating IT Analytics to Optimize Service Delivery and Cost at Safeway - A ...
Automating IT Analytics to Optimize Service Delivery and Cost at Safeway - A ...Automating IT Analytics to Optimize Service Delivery and Cost at Safeway - A ...
Automating IT Analytics to Optimize Service Delivery and Cost at Safeway - A ...TeamQuest Corporation
 
Monitoring IAAS & PAAS Solutions
Monitoring IAAS & PAAS SolutionsMonitoring IAAS & PAAS Solutions
Monitoring IAAS & PAAS SolutionsColloquium
 
Openstack Cloud Management and Automation Using Red Hat Cloudforms 4.0
Openstack Cloud Management and Automation Using Red Hat Cloudforms 4.0Openstack Cloud Management and Automation Using Red Hat Cloudforms 4.0
Openstack Cloud Management and Automation Using Red Hat Cloudforms 4.0Prasad Mukhedkar
 
Implementing Vulnerability Management
Implementing Vulnerability Management Implementing Vulnerability Management
Implementing Vulnerability Management Argyle Executive Forum
 
Policy Guided Fulfillmentof Murano Applications
Policy Guided Fulfillmentof Murano ApplicationsPolicy Guided Fulfillmentof Murano Applications
Policy Guided Fulfillmentof Murano Applicationsrpospisil
 
VMworld 2013: Gaining Insight in Meditech with vCenter Operations Management ...
VMworld 2013: Gaining Insight in Meditech with vCenter Operations Management ...VMworld 2013: Gaining Insight in Meditech with vCenter Operations Management ...
VMworld 2013: Gaining Insight in Meditech with vCenter Operations Management ...VMworld
 
Asp Abstracts, Sample Copy 15+ Abstracts
Asp Abstracts, Sample Copy 15+ AbstractsAsp Abstracts, Sample Copy 15+ Abstracts
Asp Abstracts, Sample Copy 15+ Abstractsncct
 
Operations: Production Readiness
Operations: Production ReadinessOperations: Production Readiness
Operations: Production ReadinessAmazon Web Services
 
Brighttalk brining it all together - final
Brighttalk brining it all together - finalBrighttalk brining it all together - final
Brighttalk brining it all together - finalAndrew White
 
Start Up Austin 2017: Production Preview - How to Stop Bad Things From Happening
Start Up Austin 2017: Production Preview - How to Stop Bad Things From HappeningStart Up Austin 2017: Production Preview - How to Stop Bad Things From Happening
Start Up Austin 2017: Production Preview - How to Stop Bad Things From HappeningAmazon Web Services
 
About IT Analyzer
About IT AnalyzerAbout IT Analyzer
About IT Analyzerguest8464ae
 
Regain Control Thanks To Prometheus
Regain Control Thanks To PrometheusRegain Control Thanks To Prometheus
Regain Control Thanks To PrometheusEtienne Coutaud
 
Monitoring Clusters and Load Balancers
Monitoring Clusters and Load BalancersMonitoring Clusters and Load Balancers
Monitoring Clusters and Load BalancersPrince JabaKumar
 
Normal accidents and outpatient surgeries
Normal accidents and outpatient surgeriesNormal accidents and outpatient surgeries
Normal accidents and outpatient surgeriesJonathan Creasy
 
Brighttalk high scale low touch and other bedtime stories - final
Brighttalk high scale low touch and other bedtime stories - finalBrighttalk high scale low touch and other bedtime stories - final
Brighttalk high scale low touch and other bedtime stories - finalAndrew White
 
Puppet Camp Atlanta 2014: Keynote
Puppet Camp Atlanta 2014: Keynote Puppet Camp Atlanta 2014: Keynote
Puppet Camp Atlanta 2014: Keynote Puppet
 

Semelhante a Puppeting in a Highly Regulated Industry (20)

Design Summit - Advanced policy state management - John Hardy
Design Summit - Advanced policy state management - John HardyDesign Summit - Advanced policy state management - John Hardy
Design Summit - Advanced policy state management - John Hardy
 
IRJET- Smart Tracking System for Healthcare Monitoring using GSM/GPS
IRJET- Smart Tracking System for Healthcare Monitoring using GSM/GPSIRJET- Smart Tracking System for Healthcare Monitoring using GSM/GPS
IRJET- Smart Tracking System for Healthcare Monitoring using GSM/GPS
 
IRJET- A Review on Aluminium (LM 25) Reinforced with Boron Carbide (B4C) & Tu...
IRJET- A Review on Aluminium (LM 25) Reinforced with Boron Carbide (B4C) & Tu...IRJET- A Review on Aluminium (LM 25) Reinforced with Boron Carbide (B4C) & Tu...
IRJET- A Review on Aluminium (LM 25) Reinforced with Boron Carbide (B4C) & Tu...
 
Automating IT Analytics to Optimize Service Delivery and Cost at Safeway - A ...
Automating IT Analytics to Optimize Service Delivery and Cost at Safeway - A ...Automating IT Analytics to Optimize Service Delivery and Cost at Safeway - A ...
Automating IT Analytics to Optimize Service Delivery and Cost at Safeway - A ...
 
Monitoring IAAS & PAAS Solutions
Monitoring IAAS & PAAS SolutionsMonitoring IAAS & PAAS Solutions
Monitoring IAAS & PAAS Solutions
 
Openstack Cloud Management and Automation Using Red Hat Cloudforms 4.0
Openstack Cloud Management and Automation Using Red Hat Cloudforms 4.0Openstack Cloud Management and Automation Using Red Hat Cloudforms 4.0
Openstack Cloud Management and Automation Using Red Hat Cloudforms 4.0
 
Implementing Vulnerability Management
Implementing Vulnerability Management Implementing Vulnerability Management
Implementing Vulnerability Management
 
Policy Guided Fulfillmentof Murano Applications
Policy Guided Fulfillmentof Murano ApplicationsPolicy Guided Fulfillmentof Murano Applications
Policy Guided Fulfillmentof Murano Applications
 
Large Data Management Strategies
Large Data Management StrategiesLarge Data Management Strategies
Large Data Management Strategies
 
VMworld 2013: Gaining Insight in Meditech with vCenter Operations Management ...
VMworld 2013: Gaining Insight in Meditech with vCenter Operations Management ...VMworld 2013: Gaining Insight in Meditech with vCenter Operations Management ...
VMworld 2013: Gaining Insight in Meditech with vCenter Operations Management ...
 
Asp Abstracts, Sample Copy 15+ Abstracts
Asp Abstracts, Sample Copy 15+ AbstractsAsp Abstracts, Sample Copy 15+ Abstracts
Asp Abstracts, Sample Copy 15+ Abstracts
 
Operations: Production Readiness
Operations: Production ReadinessOperations: Production Readiness
Operations: Production Readiness
 
Brighttalk brining it all together - final
Brighttalk brining it all together - finalBrighttalk brining it all together - final
Brighttalk brining it all together - final
 
Start Up Austin 2017: Production Preview - How to Stop Bad Things From Happening
Start Up Austin 2017: Production Preview - How to Stop Bad Things From HappeningStart Up Austin 2017: Production Preview - How to Stop Bad Things From Happening
Start Up Austin 2017: Production Preview - How to Stop Bad Things From Happening
 
About IT Analyzer
About IT AnalyzerAbout IT Analyzer
About IT Analyzer
 
Regain Control Thanks To Prometheus
Regain Control Thanks To PrometheusRegain Control Thanks To Prometheus
Regain Control Thanks To Prometheus
 
Monitoring Clusters and Load Balancers
Monitoring Clusters and Load BalancersMonitoring Clusters and Load Balancers
Monitoring Clusters and Load Balancers
 
Normal accidents and outpatient surgeries
Normal accidents and outpatient surgeriesNormal accidents and outpatient surgeries
Normal accidents and outpatient surgeries
 
Brighttalk high scale low touch and other bedtime stories - final
Brighttalk high scale low touch and other bedtime stories - finalBrighttalk high scale low touch and other bedtime stories - final
Brighttalk high scale low touch and other bedtime stories - final
 
Puppet Camp Atlanta 2014: Keynote
Puppet Camp Atlanta 2014: Keynote Puppet Camp Atlanta 2014: Keynote
Puppet Camp Atlanta 2014: Keynote
 

Mais de Puppet

Puppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepoPuppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepoPuppet
 
Puppetcamp r10kyaml
Puppetcamp r10kyamlPuppetcamp r10kyaml
Puppetcamp r10kyamlPuppet
 
2021 04-15 operational verification (with notes)
2021 04-15 operational verification (with notes)2021 04-15 operational verification (with notes)
2021 04-15 operational verification (with notes)Puppet
 
Puppet camp vscode
Puppet camp vscodePuppet camp vscode
Puppet camp vscodePuppet
 
Modules of the twenties
Modules of the twentiesModules of the twenties
Modules of the twentiesPuppet
 
Applying Roles and Profiles method to compliance code
Applying Roles and Profiles method to compliance codeApplying Roles and Profiles method to compliance code
Applying Roles and Profiles method to compliance codePuppet
 
KGI compliance as-code approach
KGI compliance as-code approachKGI compliance as-code approach
KGI compliance as-code approachPuppet
 
Enforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automationEnforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automationPuppet
 
Keynote: Puppet camp compliance
Keynote: Puppet camp complianceKeynote: Puppet camp compliance
Keynote: Puppet camp compliancePuppet
 
Automating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNowAutomating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNowPuppet
 
Puppet: The best way to harden Windows
Puppet: The best way to harden WindowsPuppet: The best way to harden Windows
Puppet: The best way to harden WindowsPuppet
 
Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020Puppet
 
Accelerating azure adoption with puppet
Accelerating azure adoption with puppetAccelerating azure adoption with puppet
Accelerating azure adoption with puppetPuppet
 
Puppet catalog Diff; Raphael Pinson
Puppet catalog Diff; Raphael PinsonPuppet catalog Diff; Raphael Pinson
Puppet catalog Diff; Raphael PinsonPuppet
 
ServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin ReeuwijkServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin ReeuwijkPuppet
 
Take control of your dev ops dumping ground
Take control of your dev ops dumping groundTake control of your dev ops dumping ground
Take control of your dev ops dumping groundPuppet
 
100% Puppet Cloud Deployment of Legacy Software
100% Puppet Cloud Deployment of Legacy Software100% Puppet Cloud Deployment of Legacy Software
100% Puppet Cloud Deployment of Legacy SoftwarePuppet
 
Puppet User Group
Puppet User GroupPuppet User Group
Puppet User GroupPuppet
 
Continuous Compliance and DevSecOps
Continuous Compliance and DevSecOpsContinuous Compliance and DevSecOps
Continuous Compliance and DevSecOpsPuppet
 
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick MaludyThe Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick MaludyPuppet
 

Mais de Puppet (20)

Puppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepoPuppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepo
 
Puppetcamp r10kyaml
Puppetcamp r10kyamlPuppetcamp r10kyaml
Puppetcamp r10kyaml
 
2021 04-15 operational verification (with notes)
2021 04-15 operational verification (with notes)2021 04-15 operational verification (with notes)
2021 04-15 operational verification (with notes)
 
Puppet camp vscode
Puppet camp vscodePuppet camp vscode
Puppet camp vscode
 
Modules of the twenties
Modules of the twentiesModules of the twenties
Modules of the twenties
 
Applying Roles and Profiles method to compliance code
Applying Roles and Profiles method to compliance codeApplying Roles and Profiles method to compliance code
Applying Roles and Profiles method to compliance code
 
KGI compliance as-code approach
KGI compliance as-code approachKGI compliance as-code approach
KGI compliance as-code approach
 
Enforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automationEnforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automation
 
Keynote: Puppet camp compliance
Keynote: Puppet camp complianceKeynote: Puppet camp compliance
Keynote: Puppet camp compliance
 
Automating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNowAutomating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNow
 
Puppet: The best way to harden Windows
Puppet: The best way to harden WindowsPuppet: The best way to harden Windows
Puppet: The best way to harden Windows
 
Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020
 
Accelerating azure adoption with puppet
Accelerating azure adoption with puppetAccelerating azure adoption with puppet
Accelerating azure adoption with puppet
 
Puppet catalog Diff; Raphael Pinson
Puppet catalog Diff; Raphael PinsonPuppet catalog Diff; Raphael Pinson
Puppet catalog Diff; Raphael Pinson
 
ServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin ReeuwijkServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin Reeuwijk
 
Take control of your dev ops dumping ground
Take control of your dev ops dumping groundTake control of your dev ops dumping ground
Take control of your dev ops dumping ground
 
100% Puppet Cloud Deployment of Legacy Software
100% Puppet Cloud Deployment of Legacy Software100% Puppet Cloud Deployment of Legacy Software
100% Puppet Cloud Deployment of Legacy Software
 
Puppet User Group
Puppet User GroupPuppet User Group
Puppet User Group
 
Continuous Compliance and DevSecOps
Continuous Compliance and DevSecOpsContinuous Compliance and DevSecOps
Continuous Compliance and DevSecOps
 
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick MaludyThe Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
 

Último

Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 

Último (20)

Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 

Puppeting in a Highly Regulated Industry

  • 1. Puppe%ng   in  a     Highly  Regulated  Industry   Marinus  Damm   marinus.damm@pgn.com  
  • 2. Every  business  is  regulated…   •  Labor  regs                minimum  wage,  paid  sick  leave,  hours  and  breaks   •  Money  regs                income  tax  withholding,  accoun%ng  prac%ces  (SOX)   •  Safety  regs              protec%ve  equipment,  training,  repor%ng  accidents   •  Licensing  regs                  business  license,  HAZMAT,  serving  liquor  
  • 3. “Highly  Regulated”   as  it  pertains  to  system  administra#on   Ac#ve  Monitoring   Level  of  Detail  of  regs  
  • 4. Ac#ve  Monitoring   Level  of  Detail  of  regs   Is  a  Policy  in  place?         Are  Procedures  to  implement  that  in  place?         Do  employees  receive  Training  on  P&P?         Can  you  Prove  that  P&P  are  followed?  
  • 5. Ac#ve  Monitoring   Level  of  Detail  of  regs   •  •  •  •  •  Separa%on  of  du%es   Data  access   System  access  %meouts   Least  privilege   Passwords   •  “Passwords  shall  be  at  least  eight  characters  in  length,  and  shall   include  at  least  one  uppercase  character,  one  lowercase  character,   one  numeral,  and  one  special  character.”  
  • 6. Who  Is  The  Boss?   FERC:  Federal  Energy  Regulatory  Commission     and  its  designee         NERC:  North  American  Electric  Reliability  Corp.    
  • 7. Power  Flow   to  Congress   to  FERC   to  NERC   United States Constitution   Art. 1, Sec. 8 “to regulate commerce among the several states” Do  this,  or  else.   Or  else  what?      $$  Fines,  baby…  fines.    
  • 8. Power  Surge   •  Used  to  be  that  NERC  made  sugges%ons  only     •  As  electric  power  suppliers  were  deregulated,   the  need  for  predictable  delivery  increased     •  In  2006,  FERC  designated  NERC  as  the  na%onal   ‘Electric  Reliability  Organiza%on’         •  NERC’s  sugges%ons  are  now  Standards.    
  • 9. How  Can  Companies  Get  On  Track?   Obviously  all  these  NERC  P&Ps  will            massively  increase  produc%vity….    or  not     So  how  do  we  deal  with  the  new  strictures?       à  We  need  a  framework!   Anybody  got  one?    
  • 10. Coincidentally,  on  a  Parallel  Track…     Aber  the  …  excesses  …  of  the  dot-­‐com  era,  the   business  side  wanted  to  rein  in  IT   Information Technology Infrastructure Library (ITIL)
  • 11. Two  Tracks  Align   •  The  FERC  Reliability  Standards,  plus   •  The  MBAs’  counteradack  on  Techies                                                                                                              gave  us     *            CHANGE  MANAGEMENT  
  • 12. Change  Management   The objective of change management ... is to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes to control IT infrastructure, in order to minimize the number and impact of any related incidents upon service. from  the  wikipedia  ar#cle      
  • 13. Simplified  Example  of  Change  Flow   1.  2.  3.  4.  5.  6.  7.  8.  9.  Sysadmin  writes  proposal  for  new  sehng   Different  sysadmin  or  manager  agrees   Sysdmin  becomes  Change  Owner,  engages  CM  tool:   Describe  business  effects  of  doing/not  doing   Iden%fy  systems/services/apps/users  affected   Design  the  procedure  (including  verifica%on  and  backout  plan)   Design  and  execute  a  test  plan   Change  Owner  schedules  %me  for  change   Every  affected  IT  group  assesses  change  impact   Every  affected  system/service/app/user  reviews  change  and  authorizes   Change  Board  considers  all  imminent  changes,  weighs  risks  and   conflicts,  approves  change  for  implementa%on   Change  Owner  executes  procedure  at  scheduled  %me   Change  Owner  completes  change  record  
  • 14. And  that's  just  for  the  kiddie  systems   The  systems  handling  the  power  grid  proper  are  a  whole  'nuther  animal.    
  • 16. Why  do  we  puppet  the  way  we  do?   Power History Accountability
  • 17. Why  do  we  puppet  the  way  we  do?   Power History Accountability
  • 18. Why  do  we  puppet  the  way  we  do?   Power History Accountability
  • 19. PGE  –  PEC   (Puppet  Enterprise  Components)   puppet  master   hdp   unk   puppet  console   DB   webservice   dev   puppet  db   tst   prd   webservice   database   All  three  are  VMs,  2  cores/8GB  ram,  RHEL  
  • 20. PGE  –  Puppet  Environments   Every  node  is  in  one  and  only  one  environment.       The  puppetmaster  has  three  parallel  directory  structures:        /etc/puppetlabs/puppet/environments/[dev|tst|prd] unk   dev       The  directories  are  all  clones  of  a  single  git  repo,  and  pull   from  that  remote  repo  for  manifest  and  module  updates.   tst   prd  
  • 21. PGE  -­‐  Promo%on   dev  –      80  or  so  systems      deploy,  then  watch  puppet  reports  to  verify        what’s  changing...        and  that  things  don’t  keep  changing.                                     tst  –      around  100  systems    Collect  ‘test  results’  for  inclusion  in  the  Change         dev   tst   change  management  bar   prd  –    around  120  systems    Several  new  or  revised  modules  are  promoted        as  a  single  change  –  an  ‘OS  Release’   prd  
  • 22. PGE  -­‐  Keeping  Tabs  With  Custom  Facts   •  third-­‐party  sobware     •  locate  inconsistency     •  feed  our  manifests  and  templates  
  • 23. PGE  -­‐  Custom  Facts  Defined   # synergy_status.rb Facter.add("synergy_installed") do setcode do File.executable?("/usr/bin/syninfo") end end Facter.add("synergy_joined") do confine :synergy_installed => true setcode do domain = Facter::Util::Resolution.exec(‘syninfo --domain') domain.eql?(“it.pgn.com") end end Facter.add("synergy_status") do setcode do if Facter.value(:synergy_installed) if Facter.value(:synergy_joined) Facter::Util::Resolution.exec(‘syninfo --mode') else "Not_Joined" end else "Not_Installed" end end end
  • 24. PGE  -­‐  Custom  Facts  Realized   synergy_installed => true synergy_joined => true synergy_status => connected These  are  reportable/searchable  via  PuppetDB.  
  • 25. PGE  -­‐  Custom  Facts  Available   #!/bin/bash FACT=$1 VALUE=$2 curl -X GET -H "Accept: application/json" --cacert /home/marinus/puppetInventory/ca.pem --cert /home/marinus/puppetInventory/cert.pem --key /home/marinus/puppetInventory/private.pem 'https://puppetdb:8081/v2/facts/'${FACT} --data-urlencode 'query=["not", ["=", "value", "'${VALUE}'"]]' Just  show  me  systems  where  Synergy  is  not  ‘connected’:            /facts_without_value.sh synergy_status connected
  • 26. PGE  -­‐  Really  Simple  Modules   •  A  few  module-­‐level  variables      probably  set  from  facts  or  literals,  not  computed     •  A  File  resource      usually  a  .conf  file     •  A  Service  resource      subscribed  to  the  file  resource  
  • 27. PGE  -­‐  Really  Similar  Modules   •  If  you’ve  seen  one,  you’ve  seen  ‘em  all     •  Every  file’s  content  comes  from  a  template      even  if  there’s  no  variability     •  puppet-­‐lint      helps  us  enforce  textual  appearance    
  • 28. PGE  –  Common  Module  Layout   class synergy { if $::synergy_installed != 'true' { warning('This node does not have Synergy installed') } else { $os = $::operatingsystem $filegroup = $os ? { /AIX/ => 'system', /RedHat/ => 'root', default => 'unk', } File { ensure => file, mode => '0644', owner => 'root', group => $filegroup, } file { '/etc/synergy/gid.ignore': content => template ("synergy/gid.ignore.${os}.erb"), } file { '/etc/synergy/synergy.conf': content => template ("synergy/synergy.conf.${os}.erb"), } service { 'synergy': ensure => running, enable => true, subscribe => File['/etc/synergy/synergy.conf'], } } }
  • 29. coda   Puppet  Enterprise     gives  us  Power    lets  us  deal  with  our  History    eases  Accountability   Marinus  Damm   marinus.damm@pgn.com  
  • 30. PGE  Service  Territory   St. Helens PGE SERVICE TERRITORY 30 Scapoose 26 Banks North Plains 5 30 Fairview 47 84 26 84 10 Milwaukie Tigard King City Scholls YAMHILL CO Tualatin Carlton 47 99W Dayton 212 Sandy 219 26 Eagle Creek 26 Zigzag 211 99E Government Camp Estacada Canby Barlow 26 HOOD RIVER CO WASCO CO Aurora St. Paul 224 Mulino 99E Hubbard 18 99W Brightwood 211 Oregon City Willsonville 26 224 213 MARION CO YAMHILL CO Lafayette McMinnville YAMHILL CO Newberg Dundee Carver West Linn 5 99W MULTNOMAH CO CLACKAMAS CO Johnson City 43 205 Yamhill VE R CO MA H CO Boring Lake Oswego Rivergrove 47 219 Happy Valley 205 217 WASHINGTON CO NO 99E Beaverton 210 T UL 219 84 30 26 10 Gaston Troutdale Gresham RI Portland 8 Wood Village M 405 OD Hillsboro 8 Cornelius HO Forest Grove 221 Colton 211 Woodburn 211 5 AC CO A M KA O N C MA 18 Willamina Molalla CL Amity Sheridan RI 213 Gervais S O Mt. Angel Grand Ronde 99E 214 213 Marquam Scotts Mills Keizer 22 Silverton 221 213 99W 22 Salem 5 214 WASHINGTON COUNTY 214 MULTNOMAH COUNTY YAMHILL COUNTY Counties Columbia CLACKAMAS COUNTY Washington Multnomah POLK COUNTY MARION COUNTY Yamhill Clackamas Marion Polk Turner •  About  a  million  points  of  delivery   •  1400  servers  (Windows  &  UNIX)   •  Sixty  people  in  IT  Infrastructure            …  and  nice  benefits