SlideShare uma empresa Scribd logo

John Adams Puppet Camp 2010

Puppet
Puppet
1 de 37
Baixar para ler offline
Puppet at High Scale John Adams, Twitter
First, the bad news! (*) (*) We’re on 0.25.4. Things may be different now.
Problems Sort of idempotent Ruby file transfer is inefficient Minimize use of recursion (home dirs, etc.) Single run is non-deterministic Order matters if order is specified Not specifying dependency order creates out of order delivery
Working Together Puppet is great with a small team Management is hard with a large number of admins Unforeseen interactions between changes No simple means of review
Security Anyone who can check into the tree can kill production with simple mistakes SVN access is effectively root equivalent Divergence from desired configuration through use of chattr +i puppetmanagedfile You can’t chattr +i with broken fingers.
Puppet DSL Puppet DSL not Ruby enough Stated as a plus, but really a minus when most engineers expect Ruby Incomplete conditionals in the DSL
Cron Removing configuration for a cron job leaves the cronjob behind Need to specify ensure => absent If you forget the command with absent, duplicate cronjob entries can occur The vestigal tail of these “ensure absent” lines end up living in the config long after they are needed
Cron + NTP NTP synchronizes the system time Cron granularity is one second Performance regression if you make puppet install many jobs across different modules, on the same zero second Introduce random delays before jobs sleep $(($RANDOM % 60)); do_something...
Test and “Canary” No facility in puppet for testing Monolithic design Controlled Deploys are preferable to “full change” Use representative machines first Push to cluster when everything works.
Machine Database Node membership to classes, and the nodes themselves in a puppet configuration are not well exposed. Once entered, parsing is the only option to retrieve the machine list and associated “roles” from the SVN tree. ldapnodes is a possible solution here.
Node Class Changes Still an unsolved problem Removing class definition from a node leaves all of the configuration from the class behind Have to re-kickstart the host to get to a base state
Why Puppet?(*) (*) the good news!
Configuration Management Our world is changing. The end of the “Systems Administrator” The beginning of “DevOps”
Configuration Management Consistent edits Trackable Changes Consistent ability to Rebuild Find Variance
DevOps Stop Wasting Time Start Delivering Great Ops Software Stop administering individual machines.
DevOps Puppet definitions are code Incorporate Cross-functional skills. Build a bridge between your developers and the ops team.
Let’s fix This.
Change Process initial Generate Review. HEAD commit Ad-hoc tests.
Change Process HEAD test integrate ~10% of hosts Watch for failures! TEST Test Integration
Change Process HEAD TEST production integrate 100% Production Final Review
Change Process HEAD cherry pick TEST (bypass) Production No Review.
Testing / Staging A test infrastructure is needed to ensure that updates don’t kill production People make mistakes Treat the puppet config as if it were code
Security Restrict access to SVN tree itself (through ACLs) Create a concept of an OWNER for each module and manifest subdir; restrict access. Enforce ownership during SVN checkin Enforce a proper review process
SVN can be smarter Post-Commit checks BIND (Verify zones, DNS, SOA++) A mistake here is a full site outage Verify puppet config Create Reviewboard Entries
puppet-util A script on each box to select the current branch Set the branch (by modifying facter fact + config) Show current branch Enable or Disable puppetd in emergencies or ad-hoc testing
=
Reviewboard www.reviewboard.org Visualize and centralize change Keep teams informed Prevent Unknown Interactions
User Security Distrust puppet for creating user accounts Build them from an LDAP infrastructure Base package connects to LDAP and creates users based on group and machine role You still have to deal with RPMs creating system users
Machine Database No machine database in puppet We used Django, MySQL, but you could use LDAP Role membership imported to DB by parsing existing puppet definitions and special variables in the node stanza
Ad hoc scripting No facility in puppet for immediate execution of command on many hosts SSH in a loop is not a solution at scale Threaded SSH system through our own tool Uses Paraminko open source (Python) see also: func
Multiple Instances Three complete puppetmasterd instances on each puppet master machine, on different ports, pointed to different SVN branches HEAD TEST PRODUCTION
Handling many clients Distribute: the SVN tree (eliminate the SPOF) Use more puppet servers Rsync manifests, then run puppet Selectively update hosts (func)
Puppet Web Server Don’t run WEBRick (script/server) - too slow Unicorn (best choice) Passenger (mod_rails) mongrel?
Distributed Puppet SVN PM PM PM host host host host host host host host host host host host host host host
Distributed Puppet Too many clients eventually overwhelm the Master You must deploy more hosts Distribute cron jobs Randomize start times Distribute the master itself
Questions?

Recomendados

Austin Web Architecture
Austin Web ArchitectureAustin Web Architecture
Austin Web Architecturejoaquincasares
 
Roll Your Own ServerTemplates
Roll Your Own ServerTemplatesRoll Your Own ServerTemplates
Roll Your Own ServerTemplatesRightScale
 
Pietro Di Bello, Paolo D'Incau - Continuous Delivery su progetti Java: cosa a...
Pietro Di Bello, Paolo D'Incau - Continuous Delivery su progetti Java: cosa a...Pietro Di Bello, Paolo D'Incau - Continuous Delivery su progetti Java: cosa a...
Pietro Di Bello, Paolo D'Incau - Continuous Delivery su progetti Java: cosa a...Codemotion
 
Immutable infrastructure with Docker and containers (GlueCon 2015)
Immutable infrastructure with Docker and containers (GlueCon 2015)Immutable infrastructure with Docker and containers (GlueCon 2015)
Immutable infrastructure with Docker and containers (GlueCon 2015)Jérôme Petazzoni
 
Kloud
KloudKloud
KloudPankaj Kaushal
 
Puppet Development Workflow
Puppet Development WorkflowPuppet Development Workflow
Puppet Development WorkflowJeffery Smith
 
DevOps Fest 2020. immutable infrastructure as code. True story.
DevOps Fest 2020. immutable infrastructure as code. True story.DevOps Fest 2020. immutable infrastructure as code. True story.
DevOps Fest 2020. immutable infrastructure as code. True story.Vlad Fedosov
 
Orchestration for the rest of us
Orchestration for the rest of usOrchestration for the rest of us
Orchestration for the rest of usJérôme Petazzoni
 

Recomendados

Austin Web Architecture
Austin Web ArchitectureAustin Web Architecture
Austin Web Architecturejoaquincasares
 
Roll Your Own ServerTemplates
Roll Your Own ServerTemplatesRoll Your Own ServerTemplates
Roll Your Own ServerTemplatesRightScale
 
Pietro Di Bello, Paolo D'Incau - Continuous Delivery su progetti Java: cosa a...
Pietro Di Bello, Paolo D'Incau - Continuous Delivery su progetti Java: cosa a...Pietro Di Bello, Paolo D'Incau - Continuous Delivery su progetti Java: cosa a...
Pietro Di Bello, Paolo D'Incau - Continuous Delivery su progetti Java: cosa a...Codemotion
 
Immutable infrastructure with Docker and containers (GlueCon 2015)
Immutable infrastructure with Docker and containers (GlueCon 2015)Immutable infrastructure with Docker and containers (GlueCon 2015)
Immutable infrastructure with Docker and containers (GlueCon 2015)Jérôme Petazzoni
 
Kloud
KloudKloud
KloudPankaj Kaushal
 
Puppet Development Workflow
Puppet Development WorkflowPuppet Development Workflow
Puppet Development WorkflowJeffery Smith
 
DevOps Fest 2020. immutable infrastructure as code. True story.
DevOps Fest 2020. immutable infrastructure as code. True story.DevOps Fest 2020. immutable infrastructure as code. True story.
DevOps Fest 2020. immutable infrastructure as code. True story.Vlad Fedosov
 
Orchestration for the rest of us
Orchestration for the rest of usOrchestration for the rest of us
Orchestration for the rest of usJérôme Petazzoni
 
Devel::NYTProf v3 - 200908 (OUTDATED, see 201008)
Devel::NYTProf v3 - 200908 (OUTDATED, see 201008)Devel::NYTProf v3 - 200908 (OUTDATED, see 201008)
Devel::NYTProf v3 - 200908 (OUTDATED, see 201008)Tim Bunce
 
Docker and Puppet — Puppet Camp L.A. — SCALE12X
Docker and Puppet — Puppet Camp L.A. — SCALE12XDocker and Puppet — Puppet Camp L.A. — SCALE12X
Docker and Puppet — Puppet Camp L.A. — SCALE12XJérôme Petazzoni
 
Update on Virtualization in Debian
Update on Virtualization in DebianUpdate on Virtualization in Debian
Update on Virtualization in DebianHenning Sprang
 
Introduction to Puppet Scripting
Introduction to Puppet ScriptingIntroduction to Puppet Scripting
Introduction to Puppet ScriptingAchieve Internet
 
Automating Dev Environment - Introduction to Docker and Chef
Automating Dev Environment - Introduction to Docker and ChefAutomating Dev Environment - Introduction to Docker and Chef
Automating Dev Environment - Introduction to Docker and Chefkamalikamj
 
Hudson at FISL 2009
Hudson at FISL 2009Hudson at FISL 2009
Hudson at FISL 2009Arun Gupta
 
Corwin on Containers
Corwin on ContainersCorwin on Containers
Corwin on ContainersCorwin Brown
 
"Yahoo! JAPAN の Kubernetes-as-a-Service" で加速するアプリケーション開発
"Yahoo! JAPAN の Kubernetes-as-a-Service" で加速するアプリケーション開発"Yahoo! JAPAN の Kubernetes-as-a-Service" で加速するアプリケーション開発
"Yahoo! JAPAN の Kubernetes-as-a-Service" で加速するアプリケーション開発Yahoo!デベロッパーネットワーク
 
Puppet for SysAdmins
Puppet for SysAdminsPuppet for SysAdmins
Puppet for SysAdminsPuppet
 
Zend Server - OSI Days
Zend Server - OSI DaysZend Server - OSI Days
Zend Server - OSI Days10n Software, LLC
 
CukeUp! 2012: Michael Nacos on Just enough infrastructure for product develop...
CukeUp! 2012: Michael Nacos on Just enough infrastructure for product develop...CukeUp! 2012: Michael Nacos on Just enough infrastructure for product develop...
CukeUp! 2012: Michael Nacos on Just enough infrastructure for product develop...Skills Matter Talks
 
Testing for Ops: Going Beyond the Manifest - PuppetConf 2013
Testing for Ops: Going Beyond the Manifest - PuppetConf 2013Testing for Ops: Going Beyond the Manifest - PuppetConf 2013
Testing for Ops: Going Beyond the Manifest - PuppetConf 2013Puppet
 
Docker - fast dev faster testing
Docker - fast dev faster testingDocker - fast dev faster testing
Docker - fast dev faster testingGuilherme Pires
 
Bootstrapping Puppet and Application Deployment - PuppetConf 2013
Bootstrapping Puppet and Application Deployment - PuppetConf 2013Bootstrapping Puppet and Application Deployment - PuppetConf 2013
Bootstrapping Puppet and Application Deployment - PuppetConf 2013Puppet
 
1 DevOp vs 1.000 servers - Amazon EC2 and Chef automation intro
1 DevOp vs 1.000 servers - Amazon EC2 and Chef automation intro1 DevOp vs 1.000 servers - Amazon EC2 and Chef automation intro
1 DevOp vs 1.000 servers - Amazon EC2 and Chef automation introThomas Lobinger
 
Scaling and Distributing
Scaling and DistributingScaling and Distributing
Scaling and DistributingDima Malenko
 
Puppet - Configuration Management Made Eas(ier)
Puppet - Configuration Management Made Eas(ier)Puppet - Configuration Management Made Eas(ier)
Puppet - Configuration Management Made Eas(ier)Aaron Bernstein
 
Building Cloud Tools for Netflix with Jenkins
Building Cloud Tools for Netflix with JenkinsBuilding Cloud Tools for Netflix with Jenkins
Building Cloud Tools for Netflix with JenkinsGareth Bowles
 
Improving Engineering Processes using Hudson - Spark IT 2010
Improving Engineering Processes using Hudson - Spark IT 2010Improving Engineering Processes using Hudson - Spark IT 2010
Improving Engineering Processes using Hudson - Spark IT 2010Arun Gupta
 
Oscon 2012 tdd_cassandra
Oscon 2012 tdd_cassandraOscon 2012 tdd_cassandra
Oscon 2012 tdd_cassandrazznate
 
Scalable Systems Management with Puppet
Scalable Systems Management with PuppetScalable Systems Management with Puppet
Scalable Systems Management with PuppetPuppet
 
Distributed monitoring at Hyves- Puppet
Distributed monitoring at Hyves- PuppetDistributed monitoring at Hyves- Puppet
Distributed monitoring at Hyves- PuppetPuppet
 

Mais conteúdo relacionado

Mais procurados

Devel::NYTProf v3 - 200908 (OUTDATED, see 201008)
Devel::NYTProf v3 - 200908 (OUTDATED, see 201008)Devel::NYTProf v3 - 200908 (OUTDATED, see 201008)
Devel::NYTProf v3 - 200908 (OUTDATED, see 201008)Tim Bunce
 
Docker and Puppet — Puppet Camp L.A. — SCALE12X
Docker and Puppet — Puppet Camp L.A. — SCALE12XDocker and Puppet — Puppet Camp L.A. — SCALE12X
Docker and Puppet — Puppet Camp L.A. — SCALE12XJérôme Petazzoni
 
Update on Virtualization in Debian
Update on Virtualization in DebianUpdate on Virtualization in Debian
Update on Virtualization in DebianHenning Sprang
 
Introduction to Puppet Scripting
Introduction to Puppet ScriptingIntroduction to Puppet Scripting
Introduction to Puppet ScriptingAchieve Internet
 
Automating Dev Environment - Introduction to Docker and Chef
Automating Dev Environment - Introduction to Docker and ChefAutomating Dev Environment - Introduction to Docker and Chef
Automating Dev Environment - Introduction to Docker and Chefkamalikamj
 
Hudson at FISL 2009
Hudson at FISL 2009Hudson at FISL 2009
Hudson at FISL 2009Arun Gupta
 
Corwin on Containers
Corwin on ContainersCorwin on Containers
Corwin on ContainersCorwin Brown
 
"Yahoo! JAPAN の Kubernetes-as-a-Service" で加速するアプリケーション開発
"Yahoo! JAPAN の Kubernetes-as-a-Service" で加速するアプリケーション開発"Yahoo! JAPAN の Kubernetes-as-a-Service" で加速するアプリケーション開発
"Yahoo! JAPAN の Kubernetes-as-a-Service" で加速するアプリケーション開発Yahoo!デベロッパーネットワーク
 
Puppet for SysAdmins
Puppet for SysAdminsPuppet for SysAdmins
Puppet for SysAdminsPuppet
 
CukeUp! 2012: Michael Nacos on Just enough infrastructure for product develop...
CukeUp! 2012: Michael Nacos on Just enough infrastructure for product develop...CukeUp! 2012: Michael Nacos on Just enough infrastructure for product develop...
CukeUp! 2012: Michael Nacos on Just enough infrastructure for product develop...Skills Matter Talks
 
Testing for Ops: Going Beyond the Manifest - PuppetConf 2013
Testing for Ops: Going Beyond the Manifest - PuppetConf 2013Testing for Ops: Going Beyond the Manifest - PuppetConf 2013
Testing for Ops: Going Beyond the Manifest - PuppetConf 2013Puppet
 
Docker - fast dev faster testing
Docker - fast dev faster testingDocker - fast dev faster testing
Docker - fast dev faster testingGuilherme Pires
 
Bootstrapping Puppet and Application Deployment - PuppetConf 2013
Bootstrapping Puppet and Application Deployment - PuppetConf 2013Bootstrapping Puppet and Application Deployment - PuppetConf 2013
Bootstrapping Puppet and Application Deployment - PuppetConf 2013Puppet
 
1 DevOp vs 1.000 servers - Amazon EC2 and Chef automation intro
1 DevOp vs 1.000 servers - Amazon EC2 and Chef automation intro1 DevOp vs 1.000 servers - Amazon EC2 and Chef automation intro
1 DevOp vs 1.000 servers - Amazon EC2 and Chef automation introThomas Lobinger
 
Scaling and Distributing
Scaling and DistributingScaling and Distributing
Scaling and DistributingDima Malenko
 
Puppet - Configuration Management Made Eas(ier)
Puppet - Configuration Management Made Eas(ier)Puppet - Configuration Management Made Eas(ier)
Puppet - Configuration Management Made Eas(ier)Aaron Bernstein
 
Building Cloud Tools for Netflix with Jenkins
Building Cloud Tools for Netflix with JenkinsBuilding Cloud Tools for Netflix with Jenkins
Building Cloud Tools for Netflix with JenkinsGareth Bowles
 
Improving Engineering Processes using Hudson - Spark IT 2010
Improving Engineering Processes using Hudson - Spark IT 2010Improving Engineering Processes using Hudson - Spark IT 2010
Improving Engineering Processes using Hudson - Spark IT 2010Arun Gupta
 
Oscon 2012 tdd_cassandra
Oscon 2012 tdd_cassandraOscon 2012 tdd_cassandra
Oscon 2012 tdd_cassandrazznate
 

Mais procurados (20)

Devel::NYTProf v3 - 200908 (OUTDATED, see 201008)
Devel::NYTProf v3 - 200908 (OUTDATED, see 201008)Devel::NYTProf v3 - 200908 (OUTDATED, see 201008)
Devel::NYTProf v3 - 200908 (OUTDATED, see 201008)
 
Docker and Puppet — Puppet Camp L.A. — SCALE12X
Docker and Puppet — Puppet Camp L.A. — SCALE12XDocker and Puppet — Puppet Camp L.A. — SCALE12X
Docker and Puppet — Puppet Camp L.A. — SCALE12X
 
Update on Virtualization in Debian
Update on Virtualization in DebianUpdate on Virtualization in Debian
Update on Virtualization in Debian
 
Introduction to Puppet Scripting
Introduction to Puppet ScriptingIntroduction to Puppet Scripting
Introduction to Puppet Scripting
 
Automating Dev Environment - Introduction to Docker and Chef
Automating Dev Environment - Introduction to Docker and ChefAutomating Dev Environment - Introduction to Docker and Chef
Automating Dev Environment - Introduction to Docker and Chef
 
Hudson at FISL 2009
Hudson at FISL 2009Hudson at FISL 2009
Hudson at FISL 2009
 
Corwin on Containers
Corwin on ContainersCorwin on Containers
Corwin on Containers
 
"Yahoo! JAPAN の Kubernetes-as-a-Service" で加速するアプリケーション開発
"Yahoo! JAPAN の Kubernetes-as-a-Service" で加速するアプリケーション開発"Yahoo! JAPAN の Kubernetes-as-a-Service" で加速するアプリケーション開発
"Yahoo! JAPAN の Kubernetes-as-a-Service" で加速するアプリケーション開発
 
Puppet for SysAdmins
Puppet for SysAdminsPuppet for SysAdmins
Puppet for SysAdmins
 
Zend Server - OSI Days
Zend Server - OSI DaysZend Server - OSI Days
Zend Server - OSI Days
 
CukeUp! 2012: Michael Nacos on Just enough infrastructure for product develop...
CukeUp! 2012: Michael Nacos on Just enough infrastructure for product develop...CukeUp! 2012: Michael Nacos on Just enough infrastructure for product develop...
CukeUp! 2012: Michael Nacos on Just enough infrastructure for product develop...
 
Testing for Ops: Going Beyond the Manifest - PuppetConf 2013
Testing for Ops: Going Beyond the Manifest - PuppetConf 2013Testing for Ops: Going Beyond the Manifest - PuppetConf 2013
Testing for Ops: Going Beyond the Manifest - PuppetConf 2013
 
Docker - fast dev faster testing
Docker - fast dev faster testingDocker - fast dev faster testing
Docker - fast dev faster testing
 
Bootstrapping Puppet and Application Deployment - PuppetConf 2013
Bootstrapping Puppet and Application Deployment - PuppetConf 2013Bootstrapping Puppet and Application Deployment - PuppetConf 2013
Bootstrapping Puppet and Application Deployment - PuppetConf 2013
 
1 DevOp vs 1.000 servers - Amazon EC2 and Chef automation intro
1 DevOp vs 1.000 servers - Amazon EC2 and Chef automation intro1 DevOp vs 1.000 servers - Amazon EC2 and Chef automation intro
1 DevOp vs 1.000 servers - Amazon EC2 and Chef automation intro
 
Scaling and Distributing
Scaling and DistributingScaling and Distributing
Scaling and Distributing
 
Puppet - Configuration Management Made Eas(ier)
Puppet - Configuration Management Made Eas(ier)Puppet - Configuration Management Made Eas(ier)
Puppet - Configuration Management Made Eas(ier)
 
Building Cloud Tools for Netflix with Jenkins
Building Cloud Tools for Netflix with JenkinsBuilding Cloud Tools for Netflix with Jenkins
Building Cloud Tools for Netflix with Jenkins
 
Improving Engineering Processes using Hudson - Spark IT 2010
Improving Engineering Processes using Hudson - Spark IT 2010Improving Engineering Processes using Hudson - Spark IT 2010
Improving Engineering Processes using Hudson - Spark IT 2010
 
Oscon 2012 tdd_cassandra
Oscon 2012 tdd_cassandraOscon 2012 tdd_cassandra
Oscon 2012 tdd_cassandra
 

Destaque

Scalable Systems Management with Puppet
Scalable Systems Management with PuppetScalable Systems Management with Puppet
Scalable Systems Management with PuppetPuppet
 
Distributed monitoring at Hyves- Puppet
Distributed monitoring at Hyves- PuppetDistributed monitoring at Hyves- Puppet
Distributed monitoring at Hyves- PuppetPuppet
 
Love / Hate Puppet (Puppet Gotchas)
Love / Hate Puppet (Puppet Gotchas)Love / Hate Puppet (Puppet Gotchas)
Love / Hate Puppet (Puppet Gotchas)Puppet
 
Keynote Puppet Camp San Francisco 2010
Keynote Puppet Camp San Francisco 2010Keynote Puppet Camp San Francisco 2010
Keynote Puppet Camp San Francisco 2010Puppet
 
Puppet Modules: An Holistic Approach - Alessandro Franceschi of Lab42 - Puppe...
Puppet Modules: An Holistic Approach - Alessandro Franceschi of Lab42 - Puppe...Puppet Modules: An Holistic Approach - Alessandro Franceschi of Lab42 - Puppe...
Puppet Modules: An Holistic Approach - Alessandro Franceschi of Lab42 - Puppe...Puppet
 
Integrating cloud stack with puppet
Integrating cloud stack with puppetIntegrating cloud stack with puppet
Integrating cloud stack with puppetPuppet
 

Destaque (6)

Scalable Systems Management with Puppet
Scalable Systems Management with PuppetScalable Systems Management with Puppet
Scalable Systems Management with Puppet
 
Distributed monitoring at Hyves- Puppet
Distributed monitoring at Hyves- PuppetDistributed monitoring at Hyves- Puppet
Distributed monitoring at Hyves- Puppet
 
Love / Hate Puppet (Puppet Gotchas)
Love / Hate Puppet (Puppet Gotchas)Love / Hate Puppet (Puppet Gotchas)
Love / Hate Puppet (Puppet Gotchas)
 
Keynote Puppet Camp San Francisco 2010
Keynote Puppet Camp San Francisco 2010Keynote Puppet Camp San Francisco 2010
Keynote Puppet Camp San Francisco 2010
 
Puppet Modules: An Holistic Approach - Alessandro Franceschi of Lab42 - Puppe...
Puppet Modules: An Holistic Approach - Alessandro Franceschi of Lab42 - Puppe...Puppet Modules: An Holistic Approach - Alessandro Franceschi of Lab42 - Puppe...
Puppet Modules: An Holistic Approach - Alessandro Franceschi of Lab42 - Puppe...
 
Integrating cloud stack with puppet
Integrating cloud stack with puppetIntegrating cloud stack with puppet
Integrating cloud stack with puppet
 

Semelhante a John Adams Puppet Camp 2010

A Fabric/Puppet Build/Deploy System
A Fabric/Puppet Build/Deploy SystemA Fabric/Puppet Build/Deploy System
A Fabric/Puppet Build/Deploy Systemadrian_nye
 
Puppet At Twitter - Puppet Camp Silicon Valley
Puppet At Twitter - Puppet Camp Silicon ValleyPuppet At Twitter - Puppet Camp Silicon Valley
Puppet At Twitter - Puppet Camp Silicon ValleyPuppet
 
Jenkins talk at Silicon valley DevOps meetup
Jenkins talk at Silicon valley DevOps meetupJenkins talk at Silicon valley DevOps meetup
Jenkins talk at Silicon valley DevOps meetupCloudBees
 
Cloud-powered Continuous Integration and Deployment architectures - Jinesh Varia
Cloud-powered Continuous Integration and Deployment architectures - Jinesh VariaCloud-powered Continuous Integration and Deployment architectures - Jinesh Varia
Cloud-powered Continuous Integration and Deployment architectures - Jinesh VariaAmazon Web Services
 
Icinga Director and vSphereDB - how they play together - Icinga Camp Zurich 2019
Icinga Director and vSphereDB - how they play together - Icinga Camp Zurich 2019Icinga Director and vSphereDB - how they play together - Icinga Camp Zurich 2019
Icinga Director and vSphereDB - how they play together - Icinga Camp Zurich 2019Icinga
 
Capistrano, Puppet, and Chef
Capistrano, Puppet, and ChefCapistrano, Puppet, and Chef
Capistrano, Puppet, and ChefDavid Benjamin
 
Working Effectively With Legacy Perl Code
Working Effectively With Legacy Perl CodeWorking Effectively With Legacy Perl Code
Working Effectively With Legacy Perl Codeerikmsp
 
Writing & Sharing Great Modules on the Puppet Forge
Writing & Sharing Great Modules on the Puppet ForgeWriting & Sharing Great Modules on the Puppet Forge
Writing & Sharing Great Modules on the Puppet ForgePuppet
 
Care and Feeding of Large Web Applications
Care and Feeding of Large Web ApplicationsCare and Feeding of Large Web Applications
Care and Feeding of Large Web ApplicationsPerrin Harkins
 
Introduction to LAVA Workload Scheduler
Introduction to LAVA Workload SchedulerIntroduction to LAVA Workload Scheduler
Introduction to LAVA Workload SchedulerNopparat Nopkuat
 
Herding cats in the Cloud
Herding cats in the CloudHerding cats in the Cloud
Herding cats in the CloudDewey Sasser
 
Zero to tested
Zero to testedZero to tested
Zero to testedMagenTys
 
Things You MUST Know Before Deploying OpenStack: Bruno Lago, Catalyst IT
Things You MUST Know Before Deploying OpenStack: Bruno Lago, Catalyst ITThings You MUST Know Before Deploying OpenStack: Bruno Lago, Catalyst IT
Things You MUST Know Before Deploying OpenStack: Bruno Lago, Catalyst ITOpenStack
 
The "Holy Grail" of Dev/Ops
The "Holy Grail" of Dev/OpsThe "Holy Grail" of Dev/Ops
The "Holy Grail" of Dev/OpsErik Osterman
 
Infrastructure Automation with Chef & Ansible
Infrastructure Automation with Chef & AnsibleInfrastructure Automation with Chef & Ansible
Infrastructure Automation with Chef & Ansiblewajrcs
 
Puppet overview
Puppet overviewPuppet overview
Puppet overviewjoshbeard
 
KubeCon EU 2016: Leveraging ephemeral namespaces in a CI/CD pipeline
KubeCon EU 2016: Leveraging ephemeral namespaces in a CI/CD pipelineKubeCon EU 2016: Leveraging ephemeral namespaces in a CI/CD pipeline
KubeCon EU 2016: Leveraging ephemeral namespaces in a CI/CD pipelineKubeAcademy
 
Automating Perl deployments with Hudson
Automating Perl deployments with HudsonAutomating Perl deployments with Hudson
Automating Perl deployments with Hudsonnachbaur
 

Semelhante a John Adams Puppet Camp 2010 (20)

A Fabric/Puppet Build/Deploy System
A Fabric/Puppet Build/Deploy SystemA Fabric/Puppet Build/Deploy System
A Fabric/Puppet Build/Deploy System
 
Puppet At Twitter - Puppet Camp Silicon Valley
Puppet At Twitter - Puppet Camp Silicon ValleyPuppet At Twitter - Puppet Camp Silicon Valley
Puppet At Twitter - Puppet Camp Silicon Valley
 
Jenkins talk at Silicon valley DevOps meetup
Jenkins talk at Silicon valley DevOps meetupJenkins talk at Silicon valley DevOps meetup
Jenkins talk at Silicon valley DevOps meetup
 
Cloud-powered Continuous Integration and Deployment architectures - Jinesh Varia
Cloud-powered Continuous Integration and Deployment architectures - Jinesh VariaCloud-powered Continuous Integration and Deployment architectures - Jinesh Varia
Cloud-powered Continuous Integration and Deployment architectures - Jinesh Varia
 
Icinga Director and vSphereDB - how they play together - Icinga Camp Zurich 2019
Icinga Director and vSphereDB - how they play together - Icinga Camp Zurich 2019Icinga Director and vSphereDB - how they play together - Icinga Camp Zurich 2019
Icinga Director and vSphereDB - how they play together - Icinga Camp Zurich 2019
 
Capistrano, Puppet, and Chef
Capistrano, Puppet, and ChefCapistrano, Puppet, and Chef
Capistrano, Puppet, and Chef
 
Working Effectively With Legacy Perl Code
Working Effectively With Legacy Perl CodeWorking Effectively With Legacy Perl Code
Working Effectively With Legacy Perl Code
 
Writing & Sharing Great Modules on the Puppet Forge
Writing & Sharing Great Modules on the Puppet ForgeWriting & Sharing Great Modules on the Puppet Forge
Writing & Sharing Great Modules on the Puppet Forge
 
Care and Feeding of Large Web Applications
Care and Feeding of Large Web ApplicationsCare and Feeding of Large Web Applications
Care and Feeding of Large Web Applications
 
North east user group tour
North east user group tourNorth east user group tour
North east user group tour
 
Introduction to LAVA Workload Scheduler
Introduction to LAVA Workload SchedulerIntroduction to LAVA Workload Scheduler
Introduction to LAVA Workload Scheduler
 
Herding cats in the Cloud
Herding cats in the CloudHerding cats in the Cloud
Herding cats in the Cloud
 
Zero to tested
Zero to testedZero to tested
Zero to tested
 
Things You MUST Know Before Deploying OpenStack: Bruno Lago, Catalyst IT
Things You MUST Know Before Deploying OpenStack: Bruno Lago, Catalyst ITThings You MUST Know Before Deploying OpenStack: Bruno Lago, Catalyst IT
Things You MUST Know Before Deploying OpenStack: Bruno Lago, Catalyst IT
 
The "Holy Grail" of Dev/Ops
The "Holy Grail" of Dev/OpsThe "Holy Grail" of Dev/Ops
The "Holy Grail" of Dev/Ops
 
Infrastructure Automation with Chef & Ansible
Infrastructure Automation with Chef & AnsibleInfrastructure Automation with Chef & Ansible
Infrastructure Automation with Chef & Ansible
 
Puppet overview
Puppet overviewPuppet overview
Puppet overview
 
KubeCon EU 2016: Leveraging ephemeral namespaces in a CI/CD pipeline
KubeCon EU 2016: Leveraging ephemeral namespaces in a CI/CD pipelineKubeCon EU 2016: Leveraging ephemeral namespaces in a CI/CD pipeline
KubeCon EU 2016: Leveraging ephemeral namespaces in a CI/CD pipeline
 
Automating Perl deployments with Hudson
Automating Perl deployments with HudsonAutomating Perl deployments with Hudson
Automating Perl deployments with Hudson
 
One-Man Ops
One-Man OpsOne-Man Ops
One-Man Ops
 

Mais de Puppet

Puppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepoPuppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepoPuppet
 
Puppetcamp r10kyaml
Puppetcamp r10kyamlPuppetcamp r10kyaml
Puppetcamp r10kyamlPuppet
 
2021 04-15 operational verification (with notes)
2021 04-15 operational verification (with notes)2021 04-15 operational verification (with notes)
2021 04-15 operational verification (with notes)Puppet
 
Puppet camp vscode
Puppet camp vscodePuppet camp vscode
Puppet camp vscodePuppet
 
Modules of the twenties
Modules of the twentiesModules of the twenties
Modules of the twentiesPuppet
 
Applying Roles and Profiles method to compliance code
Applying Roles and Profiles method to compliance codeApplying Roles and Profiles method to compliance code
Applying Roles and Profiles method to compliance codePuppet
 
KGI compliance as-code approach
KGI compliance as-code approachKGI compliance as-code approach
KGI compliance as-code approachPuppet
 
Enforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automationEnforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automationPuppet
 
Keynote: Puppet camp compliance
Keynote: Puppet camp complianceKeynote: Puppet camp compliance
Keynote: Puppet camp compliancePuppet
 
Automating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNowAutomating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNowPuppet
 
Puppet: The best way to harden Windows
Puppet: The best way to harden WindowsPuppet: The best way to harden Windows
Puppet: The best way to harden WindowsPuppet
 
Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020Puppet
 
Accelerating azure adoption with puppet
Accelerating azure adoption with puppetAccelerating azure adoption with puppet
Accelerating azure adoption with puppetPuppet
 
Puppet catalog Diff; Raphael Pinson
Puppet catalog Diff; Raphael PinsonPuppet catalog Diff; Raphael Pinson
Puppet catalog Diff; Raphael PinsonPuppet
 
ServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin ReeuwijkServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin ReeuwijkPuppet
 
Take control of your dev ops dumping ground
Take control of your dev ops dumping groundTake control of your dev ops dumping ground
Take control of your dev ops dumping groundPuppet
 
100% Puppet Cloud Deployment of Legacy Software
100% Puppet Cloud Deployment of Legacy Software100% Puppet Cloud Deployment of Legacy Software
100% Puppet Cloud Deployment of Legacy SoftwarePuppet
 
Puppet User Group
Puppet User GroupPuppet User Group
Puppet User GroupPuppet
 
Continuous Compliance and DevSecOps
Continuous Compliance and DevSecOpsContinuous Compliance and DevSecOps
Continuous Compliance and DevSecOpsPuppet
 
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick MaludyThe Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick MaludyPuppet
 

Mais de Puppet (20)

Puppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepoPuppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepo
 
Puppetcamp r10kyaml
Puppetcamp r10kyamlPuppetcamp r10kyaml
Puppetcamp r10kyaml
 
2021 04-15 operational verification (with notes)
2021 04-15 operational verification (with notes)2021 04-15 operational verification (with notes)
2021 04-15 operational verification (with notes)
 
Puppet camp vscode
Puppet camp vscodePuppet camp vscode
Puppet camp vscode
 
Modules of the twenties
Modules of the twentiesModules of the twenties
Modules of the twenties
 
Applying Roles and Profiles method to compliance code
Applying Roles and Profiles method to compliance codeApplying Roles and Profiles method to compliance code
Applying Roles and Profiles method to compliance code
 
KGI compliance as-code approach
KGI compliance as-code approachKGI compliance as-code approach
KGI compliance as-code approach
 
Enforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automationEnforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automation
 
Keynote: Puppet camp compliance
Keynote: Puppet camp complianceKeynote: Puppet camp compliance
Keynote: Puppet camp compliance
 
Automating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNowAutomating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNow
 
Puppet: The best way to harden Windows
Puppet: The best way to harden WindowsPuppet: The best way to harden Windows
Puppet: The best way to harden Windows
 
Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020
 
Accelerating azure adoption with puppet
Accelerating azure adoption with puppetAccelerating azure adoption with puppet
Accelerating azure adoption with puppet
 
Puppet catalog Diff; Raphael Pinson
Puppet catalog Diff; Raphael PinsonPuppet catalog Diff; Raphael Pinson
Puppet catalog Diff; Raphael Pinson
 
ServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin ReeuwijkServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin Reeuwijk
 
Take control of your dev ops dumping ground
Take control of your dev ops dumping groundTake control of your dev ops dumping ground
Take control of your dev ops dumping ground
 
100% Puppet Cloud Deployment of Legacy Software
100% Puppet Cloud Deployment of Legacy Software100% Puppet Cloud Deployment of Legacy Software
100% Puppet Cloud Deployment of Legacy Software
 
Puppet User Group
Puppet User GroupPuppet User Group
Puppet User Group
 
Continuous Compliance and DevSecOps
Continuous Compliance and DevSecOpsContinuous Compliance and DevSecOps
Continuous Compliance and DevSecOps
 
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick MaludyThe Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
 

John Adams Puppet Camp 2010

  • 1. Puppet at High Scale John Adams, Twitter
  • 2. First, the bad news! (*) (*) We’re on 0.25.4. Things may be different now.
  • 3. Problems Sort of idempotent Ruby file transfer is inefficient Minimize use of recursion (home dirs, etc.) Single run is non-deterministic Order matters if order is specified Not specifying dependency order creates out of order delivery
  • 4. Working Together Puppet is great with a small team Management is hard with a large number of admins Unforeseen interactions between changes No simple means of review
  • 5. Security Anyone who can check into the tree can kill production with simple mistakes SVN access is effectively root equivalent Divergence from desired configuration through use of chattr +i puppetmanagedfile You can’t chattr +i with broken fingers.
  • 6. Puppet DSL Puppet DSL not Ruby enough Stated as a plus, but really a minus when most engineers expect Ruby Incomplete conditionals in the DSL
  • 7. Cron Removing configuration for a cron job leaves the cronjob behind Need to specify ensure => absent If you forget the command with absent, duplicate cronjob entries can occur The vestigal tail of these “ensure absent” lines end up living in the config long after they are needed
  • 8. Cron + NTP NTP synchronizes the system time Cron granularity is one second Performance regression if you make puppet install many jobs across different modules, on the same zero second Introduce random delays before jobs sleep $(($RANDOM % 60)); do_something...
  • 9. Test and “Canary” No facility in puppet for testing Monolithic design Controlled Deploys are preferable to “full change” Use representative machines first Push to cluster when everything works.
  • 10. Machine Database Node membership to classes, and the nodes themselves in a puppet configuration are not well exposed. Once entered, parsing is the only option to retrieve the machine list and associated “roles” from the SVN tree. ldapnodes is a possible solution here.
  • 11. Node Class Changes Still an unsolved problem Removing class definition from a node leaves all of the configuration from the class behind Have to re-kickstart the host to get to a base state
  • 13. Configuration Management Our world is changing. The end of the “Systems Administrator” The beginning of “DevOps”
  • 14. Configuration Management Consistent edits Trackable Changes Consistent ability to Rebuild Find Variance
  • 15. DevOps Stop Wasting Time Start Delivering Great Ops Software Stop administering individual machines.
  • 16. DevOps Puppet definitions are code Incorporate Cross-functional skills. Build a bridge between your developers and the ops team.
  • 18. Change Process initial Generate Review. HEAD commit Ad-hoc tests.
  • 19. Change Process HEAD test integrate ~10% of hosts Watch for failures! TEST Test Integration
  • 20. Change Process HEAD TEST production integrate 100% Production Final Review
  • 21. Change Process HEAD cherry pick TEST (bypass) Production No Review.
  • 22. Testing / Staging A test infrastructure is needed to ensure that updates don’t kill production People make mistakes Treat the puppet config as if it were code
  • 23. Security Restrict access to SVN tree itself (through ACLs) Create a concept of an OWNER for each module and manifest subdir; restrict access. Enforce ownership during SVN checkin Enforce a proper review process
  • 24. SVN can be smarter Post-Commit checks BIND (Verify zones, DNS, SOA++) A mistake here is a full site outage Verify puppet config Create Reviewboard Entries
  • 25. puppet-util A script on each box to select the current branch Set the branch (by modifying facter fact + config) Show current branch Enable or Disable puppetd in emergencies or ad-hoc testing
  • 26. =
  • 27.
  • 28. Reviewboard www.reviewboard.org Visualize and centralize change Keep teams informed Prevent Unknown Interactions
  • 29. User Security Distrust puppet for creating user accounts Build them from an LDAP infrastructure Base package connects to LDAP and creates users based on group and machine role You still have to deal with RPMs creating system users
  • 30. Machine Database No machine database in puppet We used Django, MySQL, but you could use LDAP Role membership imported to DB by parsing existing puppet definitions and special variables in the node stanza
  • 31. Ad hoc scripting No facility in puppet for immediate execution of command on many hosts SSH in a loop is not a solution at scale Threaded SSH system through our own tool Uses Paraminko open source (Python) see also: func
  • 32. Multiple Instances Three complete puppetmasterd instances on each puppet master machine, on different ports, pointed to different SVN branches HEAD TEST PRODUCTION
  • 33. Handling many clients Distribute: the SVN tree (eliminate the SPOF) Use more puppet servers Rsync manifests, then run puppet Selectively update hosts (func)
  • 34. Puppet Web Server Don’t run WEBRick (script/server) - too slow Unicorn (best choice) Passenger (mod_rails) mongrel?
  • 35. Distributed Puppet SVN PM PM PM host host host host host host host host host host host host host host host
  • 36. Distributed Puppet Too many clients eventually overwhelm the Master You must deploy more hosts Distribute cron jobs Randomize start times Distribute the master itself

Notas do Editor