SlideShare uma empresa Scribd logo

Our Puppet Story (GUUG FFG 2015)

DECK36
DECK36

Sharing some experience from our journey towards automation and config management.

Tecnologia
1 de 67
Baixar para ler offline
Our Puppet Story Martin Schütte March 26 2015
About DECK36 • Small team of engineers in Hamburg • Longstanding expertise in designing, implementing and operating complex web systems • Offering our expert knowledge in Design & Architecture & Engineering and Automation & Operation Slides online at: http://slideshare.net/deck36/
Common Problem
“We hired someone. How can we reproduce our dev environment?”
Vagrant
Vagrant Configuration tool for VMs and Provisioning. “Local cloud” • Self service • Instant provisioning • Cost efficient • Elastic • Pay per use
Vagrant VM Providers: • VirtualBox: “default”, works offline, ressource hungry • Docker: lightweight, requires Linux, good for testing • AWS EC2: remote VMs, good for automation (Jenkins) • Hyper-V, KVM, libvirt, ESXI, … Provisioning: • Shell script • Puppet, apply manifest or run agent • Chef, solo or client • Ansible playbooks • Docker containers
Vagrantfile example Vagrant.configure("2") do |config| config.vm.box = "my_vm_image" config.vm.box_url = "http://example.com/vm-image.box" config.vm.network :forwarded_port, guest: 80, host: 8080 config.vm.synced_folder "~/dev-htdocs", "/var/www/default", { :nfs => true } config.vm.provision :shell, :path => "vagrant_install_puppet_keys.sh" config.vm.provision :puppet_server, :puppet_server => "puppetmaster.example.org" end
“Synced folders are too slow.”
Synced Folders Shared folders, mounted from host into guest. Options: • VirtualBox slow! • NFS often the best choice • SMB for Windows support • rsync very different but efficient
“But our QA needs many VMs and their machines are slow.”
vagrant-aws Vagrant.configure("2") do |config| config.vm.box = "dummy" config.vm.provider :aws do |aws, override| aws.access_key_id = "YOUR KEY" # ... region = "eu-west-1" aws.ami = "ami-20414854" aws.tags = { 'Role' => 'TestVM', 'Net' => 'Devnet' } end end
Terraform resource "aws_instance" "appserver" { count = 4 ami = "${var.aws_ami}" instance_type = "${var.appserver_instance_type}" key_name = "${aws_key_pair.terraform.key_name}" tags { Name = "Test-Appserver-${count.index}" } } resource "aws_s3_bucket" "archive" { bucket = "testvm-app-archive" acl = "private" }
“How can we configure all those VMs?”
Puppet
Puppet • Configuration Management • Declarative: Resources and Dependencies • Modi: • puppet apply a given manifest • puppet agent to fetch config from puppetmaster • Versions: • 2.7 legacy • 3.7 “stable” • 4.0 release candidate
“How should we manage write access for multiple Ops/DevOps?”
git workflows • use git! • use git hooks • use per-user environments for easy testing • repos for testing/production
git hook: Syntax Check Git pre-commit hook with puppet-lint to syntax check Puppet, ERB templates, YAML files (http://github.com/gini/puppet-git-hooks) Example Output: $ git commit -m 'test' modules/graylog2/templates/server.conf.erb -:5: syntax error, unexpected $undefined ...rd_sha2 = "; _erbout.concat(( @ root_pwd_sha2 ).to_s); _erbo... ... ^ ERB syntax error in modules/graylog2/templates/server.conf.erb
environments • per user env + production ⇒ easy testing with puppet agent -t --environment=user Config File Environments (deprecated): puppet.conf [mschuette] modulepath = $confdir/environments/mschuette/modules manifest = $confdir/environments/mschuette/manifests/site.pp Directory Environments (Puppet >= 3.5.0): puppet.conf [main] environmentpath = $confdir/environments
environments Example: two servers for testing/production ..dev-master. prod-master. user1 .user2 . user3 . … . Dev/Test . Prod
r10k Map Git branches → Puppet environments with r10k deploy environment -p .. Puppet-Repo.git. dev-master . prod-master . user1 . … .. /etc/puppet/environments.  dev-master .  prod-master .  user1 . …
“But we cannot write and maintain all those modules.”
Puppet Forge
Puppetfile forge "https://forge.puppetlabs.com" mod 'puppetlabs/stdlib' mod 'saz/rsyslog', '3.4.0' mod 'puppetlabs/apache', :git => 'https://github.com/puppetlabs/puppetlabs-apache', :ref => '83401079053dca11d61945bd9beef9ecf7576cbf' # Ruby DSL, extensible with own functions # cf. http://www.lazyfrosch.de/2015/02/ # nifty-puppetfile-extension/ github 'jfryman', 'nginx', 'v0.2.2'
“How can we move on and puppetize our main servers?”
First steps on existing systems • Start small, then expand • Even few automated tasks may save a lot of time • 80/20 rule applies
Establish a new workflow • Add notification and QA (if wanted, e. g. with Gerrit), • Use etckeeper to track changes, • Define and document boundaries/responsibilities, • Add comments, point to real source of configuration: # managed by puppet -- editing is futile # template in git.example.com/provisioning.git ... • Run Puppet frequently
Puppetmaster vs. puppet apply Rule of thumb: use puppetmaster
Puppetmaster vs. puppet apply Rule of thumb: use puppetmaster Unless you want to build your own automation and reporting
“How do we use inventory and VM metadata in Puppet manifests?”
Facter Gather information from system. • standard values • extensible via Puppet plugins Example Output: # facter -p architecture => i386 operatingsystem => CentOS operatingsystemrelease => 5.5 ... ipaddress => 172.16.182.129 ...
stdlib facts.d • puppetlabs-stdlib reads facts from /etc/facter/facts.d • simple data inputs • e. g. ec2metadata, inventory lookup
stdlib facts.d • puppetlabs-stdlib reads facts from /etc/facter/facts.d • simple data inputs • e. g. ec2metadata, inventory lookup custom_facts.txt server_role=appserver server_env=staging
stdlib facts.d • puppetlabs-stdlib reads facts from /etc/facter/facts.d • simple data inputs • e. g. ec2metadata, inventory lookup custom_facts.sh #! /bin/sh which ec2metadata >/dev/null 2>&1 || exit 1 echo "ec2_ami_id=$(ec2metadata --ami-id)" echo "ec2_instance_id=$(ec2metadata --instance-id)" echo "ec2_instance_type=$(ec2metadata --instance-type)" echo "ec2_public_ipv4=$(ec2metadata --public-ipv4)" echo "ec2_public_hostname=$(ec2metadata --public-hostname)"
stdlib facts.d • puppetlabs-stdlib reads facts from /etc/facter/facts.d • simple data inputs • e. g. ec2metadata, inventory lookup custom_facts.py #!/usr/bin/env python from pyzabbix import ZabbixAPI zapi = ZabbixAPI(ZBX_URL) zapi.login(ZBX_USER, ZBX_PASSWORD) hosts = zapi.host.get(output="extend", selectInventory=True) # ... for k in hosts.inventory: print "%s=%s" % (k,data[k])
“There has to be a way to split modules and config parameters.”
Hiera
Hiera • banish top scope variables • use Hiera! • structure with roles & profiles
Without Hiera (Puppet 2.x legacy code) node "mydevd+.vagrantup.com" inherits basenode-vagrant { $vmEnv = "development" include sysadmin include ntp if $::fqdn = "mydev01.vagrantup.com" { class { 'vpn': version => latest, ca_crt => '...', usr_crt => '...', usr_key => '...', } } else { class { 'vpn': version => "2.3.2-7~bpo70+1", ca_crt => '...', usr_crt => '...', usr_key => '...', } } # ... }
Hiera & Puppet 2.x compatibility class vpn($version = hiera('vpn::version', 'present'), $ca_crt = hiera('vpn::ca_crt'), $usr_crt = hiera('vpn::usr_crt'), $usr_key = hiera('vpn::usr_key')) { package { 'openvpn': ensure => $version; } # ... } class { 'vpn': } # or "include vpn"
Puppet 3.x with Hiera site.pp hiera_include('include_classes', ['sysadmin']) node default { } profile_vpn.yaml include_classes: - ntp - vpn vpn::version: present vpn::ca_crt: ... vpn::usr_crt: ... vpn::usr_key: ...
“Our modules and manifests grow too complex. How can we structure them?”
Module Design Pattern: Roles & Profiles ..Resources from: Craig Dunn, Advanced Puppet Design
Module Design Pattern: Roles & Profiles ..Resources...... Components: Resource modelling ..... from: Craig Dunn, Advanced Puppet Design
Module Design Pattern: Roles & Profiles ..Resources...... Components: Resource modelling ...... Profiles: Implementation from: Craig Dunn, Advanced Puppet Design
Module Design Pattern: Roles & Profiles ..Resources...... Components: Resource modelling ...... Profiles: Implementation . Roles: Business Logic from: Craig Dunn, Advanced Puppet Design
Module Design Pattern: Roles & Profiles ..Resources...... Components: Resource modelling ...... Profiles: Implementation . Roles: Business Logic . Hiera: Data . Classifier from: Craig Dunn, Advanced Puppet Design
“What other pitfalls will we encounter?”
Puppet Problems • some tasks require two agent runs • apt-get upgrade and package dependencies • version mismatch between apt (or yum) and package • scoping and namespaces • exec is the new eval
Namespace problems # only works in Puppet >= 4.0, cf. PUP-1073 package { 'memcached': ensure => present, provider => apt, } package { 'memcached': ensure => present, provider => gem, }
exec tricks Both source and solution to a great many problems. You can do (and break) everything with exec and a shell script. But of course you should not.
exec tricks # pkg name collision exec { 'npm install -g less': creates => '/usr/lib/node_modules/npm/node_modules/less', } # abuse puppet as cron, and hide the change exec { 'zabbix_update.sh': command => 'false', onlyif => "/opt/zabbix_update.sh $api_url && false", logoutput => on_failure, }
“How can we monitor Puppet changes?”
Integration
Puppet Dashboard (Open Source)
Puppet Enterprise
The Foreman
External Monitoring
git hook: E-Mail Notification Git post-receive hook to notify team on push (http://git.kernel.org/cgit/git/git.git/tree/contrib/hooks/ post-receive-email?id=HEAD) Example E-Mail: - Log ---------------------------------------------- commit 5df04ee883b8de8a37bf0ac97eec068cd1f3a414 Author: N. N. <n.n@deck36.de> Date: Tue Jan 7 08:57:17 2014 +0000 fixed path to csync2 executable ---------------------------------------------------- Summary of changes: modules/user/files/etc/sudoers.d/support | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
“How do we coordinate a cluster restart?”
MCollective “multissh deluxe” AMQP client/server framework to • orchestrate actions • control puppet agents • run commands • query resources • … Alternatives: Ansible, serf, …
“Why do we still manually configure DNS and monitoring?”
Hooks to other systems • include in provisioning process • provide normative data as facts • register or update DNS name → e. g. Route 53 • update monitoring → e. g. Zabbix API • update loadbalancer → e. g. ELB or Consul
Questions? class presentation { package { 'questions': ensure => 'answered', } } Links: • Puppet Visual Index • Puppet Type Reference • Puppet Ask • Ger Apeldoorn: Manageable Puppet Infrastructure • Martin Alfke: Power of Puppet 4
Thank You

Recomendados

Django in the Real World
Django in the Real WorldDjango in the Real World
Django in the Real WorldJacob Kaplan-Moss
 
Puppet at Pinterest
Puppet at PinterestPuppet at Pinterest
Puppet at PinterestPuppet
 
Puppet at GitHub / ChatOps
Puppet at GitHub / ChatOpsPuppet at GitHub / ChatOps
Puppet at GitHub / ChatOpsPuppet
 
Regex Considered Harmful: Use Rosie Pattern Language Instead
Regex Considered Harmful: Use Rosie Pattern Language InsteadRegex Considered Harmful: Use Rosie Pattern Language Instead
Regex Considered Harmful: Use Rosie Pattern Language InsteadAll Things Open
 
Django for mobile applications
Django for mobile applicationsDjango for mobile applications
Django for mobile applicationsHassan Abid
 
We Are All Testers Now: The Testing Pyramid and Front-End Development
We Are All Testers Now: The Testing Pyramid and Front-End DevelopmentWe Are All Testers Now: The Testing Pyramid and Front-End Development
We Are All Testers Now: The Testing Pyramid and Front-End DevelopmentAll Things Open
 
Going to Mars with Groovy Domain-Specific Languages
Going to Mars with Groovy Domain-Specific LanguagesGoing to Mars with Groovy Domain-Specific Languages
Going to Mars with Groovy Domain-Specific LanguagesGuillaume Laforge
 
Introduction to Apache Ant
Introduction to Apache AntIntroduction to Apache Ant
Introduction to Apache AntShih-Hsiang Lin
 

Recomendados

Django in the Real World
Django in the Real WorldDjango in the Real World
Django in the Real WorldJacob Kaplan-Moss
 
Puppet at Pinterest
Puppet at PinterestPuppet at Pinterest
Puppet at PinterestPuppet
 
Puppet at GitHub / ChatOps
Puppet at GitHub / ChatOpsPuppet at GitHub / ChatOps
Puppet at GitHub / ChatOpsPuppet
 
Regex Considered Harmful: Use Rosie Pattern Language Instead
Regex Considered Harmful: Use Rosie Pattern Language InsteadRegex Considered Harmful: Use Rosie Pattern Language Instead
Regex Considered Harmful: Use Rosie Pattern Language InsteadAll Things Open
 
Django for mobile applications
Django for mobile applicationsDjango for mobile applications
Django for mobile applicationsHassan Abid
 
We Are All Testers Now: The Testing Pyramid and Front-End Development
We Are All Testers Now: The Testing Pyramid and Front-End DevelopmentWe Are All Testers Now: The Testing Pyramid and Front-End Development
We Are All Testers Now: The Testing Pyramid and Front-End DevelopmentAll Things Open
 
Going to Mars with Groovy Domain-Specific Languages
Going to Mars with Groovy Domain-Specific LanguagesGoing to Mars with Groovy Domain-Specific Languages
Going to Mars with Groovy Domain-Specific LanguagesGuillaume Laforge
 
Introduction to Apache Ant
Introduction to Apache AntIntroduction to Apache Ant
Introduction to Apache AntShih-Hsiang Lin
 
Buildr In Action @devoxx france 2012
Buildr In Action @devoxx france 2012Buildr In Action @devoxx france 2012
Buildr In Action @devoxx france 2012alexismidon
 
Nodejs Explained with Examples
Nodejs Explained with ExamplesNodejs Explained with Examples
Nodejs Explained with ExamplesGabriele Lana
 
Composable and streamable Play apps
Composable and streamable Play appsComposable and streamable Play apps
Composable and streamable Play appsYevgeniy Brikman
 
An introduction to maven gradle and sbt
An introduction to maven gradle and sbtAn introduction to maven gradle and sbt
An introduction to maven gradle and sbtFabio Fumarola
 
Immutable Deployments with AWS CloudFormation and AWS Lambda
Immutable Deployments with AWS CloudFormation and AWS LambdaImmutable Deployments with AWS CloudFormation and AWS Lambda
Immutable Deployments with AWS CloudFormation and AWS LambdaAOE
 
Rails Performance
Rails PerformanceRails Performance
Rails PerformanceWen-Tien Chang
 
Node.js vs Play Framework (with Japanese subtitles)
Node.js vs Play Framework (with Japanese subtitles)Node.js vs Play Framework (with Japanese subtitles)
Node.js vs Play Framework (with Japanese subtitles)Yevgeniy Brikman
 
Extending the Kube API
Extending the Kube APIExtending the Kube API
Extending the Kube APIStefan Schimanski
 
Ant
AntAnt
AntManav Prasad
 
Extending kubernetes with CustomResourceDefinitions
Extending kubernetes with CustomResourceDefinitionsExtending kubernetes with CustomResourceDefinitions
Extending kubernetes with CustomResourceDefinitionsStefan Schimanski
 
KubeCon EU 2018 – Sig API Machinery Deep Dive
KubeCon EU 2018 – Sig API Machinery Deep DiveKubeCon EU 2018 – Sig API Machinery Deep Dive
KubeCon EU 2018 – Sig API Machinery Deep DiveStefan Schimanski
 
Play Framework workshop: full stack java web app
Play Framework workshop: full stack java web appPlay Framework workshop: full stack java web app
Play Framework workshop: full stack java web appAndrew Skiba
 
Stop Worrying & Love the SQL - A Case Study
Stop Worrying & Love the SQL - A Case StudyStop Worrying & Love the SQL - A Case Study
Stop Worrying & Love the SQL - A Case StudyAll Things Open
 
The Play Framework at LinkedIn
The Play Framework at LinkedInThe Play Framework at LinkedIn
The Play Framework at LinkedInYevgeniy Brikman
 
Introduction to puppet
Introduction to puppetIntroduction to puppet
Introduction to puppetHabeeb Rahman
 
Superb Supervision of Short-lived Servers with Sensu
Superb Supervision of Short-lived Servers with SensuSuperb Supervision of Short-lived Servers with Sensu
Superb Supervision of Short-lived Servers with SensuPaul O'Connor
 
SBT Crash Course
SBT Crash CourseSBT Crash Course
SBT Crash CourseMichal Bigos
 
Eddystone Beacons - Physical Web - Giving a URL to All Objects
Eddystone Beacons - Physical Web - Giving a URL to All ObjectsEddystone Beacons - Physical Web - Giving a URL to All Objects
Eddystone Beacons - Physical Web - Giving a URL to All ObjectsJeff Prestes
 
Apache Ant
Apache AntApache Ant
Apache AntRajesh Kumar
 
Building Grails Plugins - Tips And Tricks
Building Grails Plugins - Tips And TricksBuilding Grails Plugins - Tips And Tricks
Building Grails Plugins - Tips And TricksMike Hugo
 
Our Puppet Story (Linuxtag 2014)
Our Puppet Story (Linuxtag 2014)Our Puppet Story (Linuxtag 2014)
Our Puppet Story (Linuxtag 2014)DECK36
 
Our Puppet Story – Patterns and Learnings (sage@guug, March 2014)
Our Puppet Story – Patterns and Learnings (sage@guug, March 2014)Our Puppet Story – Patterns and Learnings (sage@guug, March 2014)
Our Puppet Story – Patterns and Learnings (sage@guug, March 2014)DECK36
 

Mais conteúdo relacionado

Mais procurados

Buildr In Action @devoxx france 2012
Buildr In Action @devoxx france 2012Buildr In Action @devoxx france 2012
Buildr In Action @devoxx france 2012alexismidon
 
Nodejs Explained with Examples
Nodejs Explained with ExamplesNodejs Explained with Examples
Nodejs Explained with ExamplesGabriele Lana
 
Composable and streamable Play apps
Composable and streamable Play appsComposable and streamable Play apps
Composable and streamable Play appsYevgeniy Brikman
 
An introduction to maven gradle and sbt
An introduction to maven gradle and sbtAn introduction to maven gradle and sbt
An introduction to maven gradle and sbtFabio Fumarola
 
Immutable Deployments with AWS CloudFormation and AWS Lambda
Immutable Deployments with AWS CloudFormation and AWS LambdaImmutable Deployments with AWS CloudFormation and AWS Lambda
Immutable Deployments with AWS CloudFormation and AWS LambdaAOE
 
Node.js vs Play Framework (with Japanese subtitles)
Node.js vs Play Framework (with Japanese subtitles)Node.js vs Play Framework (with Japanese subtitles)
Node.js vs Play Framework (with Japanese subtitles)Yevgeniy Brikman
 
Extending kubernetes with CustomResourceDefinitions
Extending kubernetes with CustomResourceDefinitionsExtending kubernetes with CustomResourceDefinitions
Extending kubernetes with CustomResourceDefinitionsStefan Schimanski
 
KubeCon EU 2018 – Sig API Machinery Deep Dive
KubeCon EU 2018 – Sig API Machinery Deep DiveKubeCon EU 2018 – Sig API Machinery Deep Dive
KubeCon EU 2018 – Sig API Machinery Deep DiveStefan Schimanski
 
Play Framework workshop: full stack java web app
Play Framework workshop: full stack java web appPlay Framework workshop: full stack java web app
Play Framework workshop: full stack java web appAndrew Skiba
 
Stop Worrying & Love the SQL - A Case Study
Stop Worrying & Love the SQL - A Case StudyStop Worrying & Love the SQL - A Case Study
Stop Worrying & Love the SQL - A Case StudyAll Things Open
 
The Play Framework at LinkedIn
The Play Framework at LinkedInThe Play Framework at LinkedIn
The Play Framework at LinkedInYevgeniy Brikman
 
Introduction to puppet
Introduction to puppetIntroduction to puppet
Introduction to puppetHabeeb Rahman
 
Superb Supervision of Short-lived Servers with Sensu
Superb Supervision of Short-lived Servers with SensuSuperb Supervision of Short-lived Servers with Sensu
Superb Supervision of Short-lived Servers with SensuPaul O'Connor
 
Eddystone Beacons - Physical Web - Giving a URL to All Objects
Eddystone Beacons - Physical Web - Giving a URL to All ObjectsEddystone Beacons - Physical Web - Giving a URL to All Objects
Eddystone Beacons - Physical Web - Giving a URL to All ObjectsJeff Prestes
 
Building Grails Plugins - Tips And Tricks
Building Grails Plugins - Tips And TricksBuilding Grails Plugins - Tips And Tricks
Building Grails Plugins - Tips And TricksMike Hugo
 

Mais procurados (20)

Buildr In Action @devoxx france 2012
Buildr In Action @devoxx france 2012Buildr In Action @devoxx france 2012
Buildr In Action @devoxx france 2012
 
Nodejs Explained with Examples
Nodejs Explained with ExamplesNodejs Explained with Examples
Nodejs Explained with Examples
 
Composable and streamable Play apps
Composable and streamable Play appsComposable and streamable Play apps
Composable and streamable Play apps
 
An introduction to maven gradle and sbt
An introduction to maven gradle and sbtAn introduction to maven gradle and sbt
An introduction to maven gradle and sbt
 
Immutable Deployments with AWS CloudFormation and AWS Lambda
Immutable Deployments with AWS CloudFormation and AWS LambdaImmutable Deployments with AWS CloudFormation and AWS Lambda
Immutable Deployments with AWS CloudFormation and AWS Lambda
 
Rails Performance
Rails PerformanceRails Performance
Rails Performance
 
Node.js vs Play Framework (with Japanese subtitles)
Node.js vs Play Framework (with Japanese subtitles)Node.js vs Play Framework (with Japanese subtitles)
Node.js vs Play Framework (with Japanese subtitles)
 
Extending the Kube API
Extending the Kube APIExtending the Kube API
Extending the Kube API
 
Ant
AntAnt
Ant
 
Extending kubernetes with CustomResourceDefinitions
Extending kubernetes with CustomResourceDefinitionsExtending kubernetes with CustomResourceDefinitions
Extending kubernetes with CustomResourceDefinitions
 
KubeCon EU 2018 – Sig API Machinery Deep Dive
KubeCon EU 2018 – Sig API Machinery Deep DiveKubeCon EU 2018 – Sig API Machinery Deep Dive
KubeCon EU 2018 – Sig API Machinery Deep Dive
 
Play Framework workshop: full stack java web app
Play Framework workshop: full stack java web appPlay Framework workshop: full stack java web app
Play Framework workshop: full stack java web app
 
Stop Worrying & Love the SQL - A Case Study
Stop Worrying & Love the SQL - A Case StudyStop Worrying & Love the SQL - A Case Study
Stop Worrying & Love the SQL - A Case Study
 
The Play Framework at LinkedIn
The Play Framework at LinkedInThe Play Framework at LinkedIn
The Play Framework at LinkedIn
 
Introduction to puppet
Introduction to puppetIntroduction to puppet
Introduction to puppet
 
Superb Supervision of Short-lived Servers with Sensu
Superb Supervision of Short-lived Servers with SensuSuperb Supervision of Short-lived Servers with Sensu
Superb Supervision of Short-lived Servers with Sensu
 
SBT Crash Course
SBT Crash CourseSBT Crash Course
SBT Crash Course
 
Eddystone Beacons - Physical Web - Giving a URL to All Objects
Eddystone Beacons - Physical Web - Giving a URL to All ObjectsEddystone Beacons - Physical Web - Giving a URL to All Objects
Eddystone Beacons - Physical Web - Giving a URL to All Objects
 
Apache Ant
Apache AntApache Ant
Apache Ant
 
Building Grails Plugins - Tips And Tricks
Building Grails Plugins - Tips And TricksBuilding Grails Plugins - Tips And Tricks
Building Grails Plugins - Tips And Tricks
 

Semelhante a Our Puppet Story (GUUG FFG 2015)

Our Puppet Story (Linuxtag 2014)
Our Puppet Story (Linuxtag 2014)Our Puppet Story (Linuxtag 2014)
Our Puppet Story (Linuxtag 2014)DECK36
 
Our Puppet Story – Patterns and Learnings (sage@guug, March 2014)
Our Puppet Story – Patterns and Learnings (sage@guug, March 2014)Our Puppet Story – Patterns and Learnings (sage@guug, March 2014)
Our Puppet Story – Patterns and Learnings (sage@guug, March 2014)DECK36
 
Large-scaled Deploy Over 100 Servers in 3 Minutes
Large-scaled Deploy Over 100 Servers in 3 MinutesLarge-scaled Deploy Over 100 Servers in 3 Minutes
Large-scaled Deploy Over 100 Servers in 3 MinutesHiroshi SHIBATA
 
From SaltStack to Puppet and beyond...
From SaltStack to Puppet and beyond...From SaltStack to Puppet and beyond...
From SaltStack to Puppet and beyond...Yury Bushmelev
 
Apache Druid Auto Scale-out/in for Streaming Data Ingestion on Kubernetes
Apache Druid Auto Scale-out/in for Streaming Data Ingestion on KubernetesApache Druid Auto Scale-out/in for Streaming Data Ingestion on Kubernetes
Apache Druid Auto Scale-out/in for Streaming Data Ingestion on KubernetesDataWorks Summit
 
Can puppet help you run docker on a T2.Micro?
Can puppet help you run docker on a T2.Micro?Can puppet help you run docker on a T2.Micro?
Can puppet help you run docker on a T2.Micro?Neil Millard
 
Play Framework and Activator
Play Framework and ActivatorPlay Framework and Activator
Play Framework and ActivatorKevin Webber
 
Improving Operations Efficiency with Puppet
Improving Operations Efficiency with PuppetImproving Operations Efficiency with Puppet
Improving Operations Efficiency with PuppetNicolas Brousse
 
Packaging perl (LPW2010)
Packaging perl (LPW2010)Packaging perl (LPW2010)
Packaging perl (LPW2010)p3castro
 
Puppet Camp Silicon Valley 2015: How TubeMogul reached 10,000 Puppet Deployme...
Puppet Camp Silicon Valley 2015: How TubeMogul reached 10,000 Puppet Deployme...Puppet Camp Silicon Valley 2015: How TubeMogul reached 10,000 Puppet Deployme...
Puppet Camp Silicon Valley 2015: How TubeMogul reached 10,000 Puppet Deployme...Nicolas Brousse
 
Ansible benelux meetup - Amsterdam 27-5-2015
Ansible benelux meetup - Amsterdam 27-5-2015Ansible benelux meetup - Amsterdam 27-5-2015
Ansible benelux meetup - Amsterdam 27-5-2015Pavel Chunyayev
 
Nagios Conference 2014 - Mike Merideth - The Art and Zen of Managing Nagios w...
Nagios Conference 2014 - Mike Merideth - The Art and Zen of Managing Nagios w...Nagios Conference 2014 - Mike Merideth - The Art and Zen of Managing Nagios w...
Nagios Conference 2014 - Mike Merideth - The Art and Zen of Managing Nagios w...Nagios
 
What's new in Docker - InfraKit - Docker Meetup Berlin 2016
What's new in Docker - InfraKit - Docker Meetup Berlin 2016What's new in Docker - InfraKit - Docker Meetup Berlin 2016
What's new in Docker - InfraKit - Docker Meetup Berlin 2016Patrick Chanezon
 
Infrastructure testing with Molecule and TestInfra
Infrastructure testing with Molecule and TestInfraInfrastructure testing with Molecule and TestInfra
Infrastructure testing with Molecule and TestInfraTomislav Plavcic
 
Puppet at Bazaarvoice
Puppet at BazaarvoicePuppet at Bazaarvoice
Puppet at BazaarvoicePuppet
 
Игорь Фесенко "Direction of C# as a High-Performance Language"
Игорь Фесенко "Direction of C# as a High-Performance Language"Игорь Фесенко "Direction of C# as a High-Performance Language"
Игорь Фесенко "Direction of C# as a High-Performance Language"Fwdays
 
DjangoCon 2010 Scaling Disqus
DjangoCon 2010 Scaling DisqusDjangoCon 2010 Scaling Disqus
DjangoCon 2010 Scaling Disquszeeg
 
Strategies for Puppet code upgrade and refactoring
Strategies for Puppet code upgrade and refactoringStrategies for Puppet code upgrade and refactoring
Strategies for Puppet code upgrade and refactoringAlessandro Franceschi
 
Dependencies Managers in C/C++. Using stdcpp 2014
Dependencies Managers in C/C++. Using stdcpp 2014Dependencies Managers in C/C++. Using stdcpp 2014
Dependencies Managers in C/C++. Using stdcpp 2014biicode
 

Semelhante a Our Puppet Story (GUUG FFG 2015) (20)

Our Puppet Story (Linuxtag 2014)
Our Puppet Story (Linuxtag 2014)Our Puppet Story (Linuxtag 2014)
Our Puppet Story (Linuxtag 2014)
 
Our Puppet Story – Patterns and Learnings (sage@guug, March 2014)
Our Puppet Story – Patterns and Learnings (sage@guug, March 2014)Our Puppet Story – Patterns and Learnings (sage@guug, March 2014)
Our Puppet Story – Patterns and Learnings (sage@guug, March 2014)
 
Large-scaled Deploy Over 100 Servers in 3 Minutes
Large-scaled Deploy Over 100 Servers in 3 MinutesLarge-scaled Deploy Over 100 Servers in 3 Minutes
Large-scaled Deploy Over 100 Servers in 3 Minutes
 
From SaltStack to Puppet and beyond...
From SaltStack to Puppet and beyond...From SaltStack to Puppet and beyond...
From SaltStack to Puppet and beyond...
 
Apache Druid Auto Scale-out/in for Streaming Data Ingestion on Kubernetes
Apache Druid Auto Scale-out/in for Streaming Data Ingestion on KubernetesApache Druid Auto Scale-out/in for Streaming Data Ingestion on Kubernetes
Apache Druid Auto Scale-out/in for Streaming Data Ingestion on Kubernetes
 
Can puppet help you run docker on a T2.Micro?
Can puppet help you run docker on a T2.Micro?Can puppet help you run docker on a T2.Micro?
Can puppet help you run docker on a T2.Micro?
 
Play Framework and Activator
Play Framework and ActivatorPlay Framework and Activator
Play Framework and Activator
 
Improving Operations Efficiency with Puppet
Improving Operations Efficiency with PuppetImproving Operations Efficiency with Puppet
Improving Operations Efficiency with Puppet
 
Packaging perl (LPW2010)
Packaging perl (LPW2010)Packaging perl (LPW2010)
Packaging perl (LPW2010)
 
Puppet Camp Silicon Valley 2015: How TubeMogul reached 10,000 Puppet Deployme...
Puppet Camp Silicon Valley 2015: How TubeMogul reached 10,000 Puppet Deployme...Puppet Camp Silicon Valley 2015: How TubeMogul reached 10,000 Puppet Deployme...
Puppet Camp Silicon Valley 2015: How TubeMogul reached 10,000 Puppet Deployme...
 
Ansible benelux meetup - Amsterdam 27-5-2015
Ansible benelux meetup - Amsterdam 27-5-2015Ansible benelux meetup - Amsterdam 27-5-2015
Ansible benelux meetup - Amsterdam 27-5-2015
 
Nagios Conference 2014 - Mike Merideth - The Art and Zen of Managing Nagios w...
Nagios Conference 2014 - Mike Merideth - The Art and Zen of Managing Nagios w...Nagios Conference 2014 - Mike Merideth - The Art and Zen of Managing Nagios w...
Nagios Conference 2014 - Mike Merideth - The Art and Zen of Managing Nagios w...
 
What's new in Docker - InfraKit - Docker Meetup Berlin 2016
What's new in Docker - InfraKit - Docker Meetup Berlin 2016What's new in Docker - InfraKit - Docker Meetup Berlin 2016
What's new in Docker - InfraKit - Docker Meetup Berlin 2016
 
Infrastructure testing with Molecule and TestInfra
Infrastructure testing with Molecule and TestInfraInfrastructure testing with Molecule and TestInfra
Infrastructure testing with Molecule and TestInfra
 
Puppet at Bazaarvoice
Puppet at BazaarvoicePuppet at Bazaarvoice
Puppet at Bazaarvoice
 
Игорь Фесенко "Direction of C# as a High-Performance Language"
Игорь Фесенко "Direction of C# as a High-Performance Language"Игорь Фесенко "Direction of C# as a High-Performance Language"
Игорь Фесенко "Direction of C# as a High-Performance Language"
 
DjangoCon 2010 Scaling Disqus
DjangoCon 2010 Scaling DisqusDjangoCon 2010 Scaling Disqus
DjangoCon 2010 Scaling Disqus
 
Gradle
GradleGradle
Gradle
 
Strategies for Puppet code upgrade and refactoring
Strategies for Puppet code upgrade and refactoringStrategies for Puppet code upgrade and refactoring
Strategies for Puppet code upgrade and refactoring
 
Dependencies Managers in C/C++. Using stdcpp 2014
Dependencies Managers in C/C++. Using stdcpp 2014Dependencies Managers in C/C++. Using stdcpp 2014
Dependencies Managers in C/C++. Using stdcpp 2014
 

Último

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 

Último (20)

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 

Our Puppet Story (GUUG FFG 2015)

  • 1. Our Puppet Story Martin Schütte March 26 2015
  • 2.
  • 3. About DECK36 • Small team of engineers in Hamburg • Longstanding expertise in designing, implementing and operating complex web systems • Offering our expert knowledge in Design & Architecture & Engineering and Automation & Operation Slides online at: http://slideshare.net/deck36/
  • 5. “We hired someone. How can we reproduce our dev environment?”
  • 7. Vagrant Configuration tool for VMs and Provisioning. “Local cloud” • Self service • Instant provisioning • Cost efficient • Elastic • Pay per use
  • 8. Vagrant VM Providers: • VirtualBox: “default”, works offline, ressource hungry • Docker: lightweight, requires Linux, good for testing • AWS EC2: remote VMs, good for automation (Jenkins) • Hyper-V, KVM, libvirt, ESXI, … Provisioning: • Shell script • Puppet, apply manifest or run agent • Chef, solo or client • Ansible playbooks • Docker containers
  • 9. Vagrantfile example Vagrant.configure("2") do |config| config.vm.box = "my_vm_image" config.vm.box_url = "http://example.com/vm-image.box" config.vm.network :forwarded_port, guest: 80, host: 8080 config.vm.synced_folder "~/dev-htdocs", "/var/www/default", { :nfs => true } config.vm.provision :shell, :path => "vagrant_install_puppet_keys.sh" config.vm.provision :puppet_server, :puppet_server => "puppetmaster.example.org" end
  • 10. “Synced folders are too slow.”
  • 11. Synced Folders Shared folders, mounted from host into guest. Options: • VirtualBox slow! • NFS often the best choice • SMB for Windows support • rsync very different but efficient
  • 12. “But our QA needs many VMs and their machines are slow.”
  • 13. vagrant-aws Vagrant.configure("2") do |config| config.vm.box = "dummy" config.vm.provider :aws do |aws, override| aws.access_key_id = "YOUR KEY" # ... region = "eu-west-1" aws.ami = "ami-20414854" aws.tags = { 'Role' => 'TestVM', 'Net' => 'Devnet' } end end
  • 14. Terraform resource "aws_instance" "appserver" { count = 4 ami = "${var.aws_ami}" instance_type = "${var.appserver_instance_type}" key_name = "${aws_key_pair.terraform.key_name}" tags { Name = "Test-Appserver-${count.index}" } } resource "aws_s3_bucket" "archive" { bucket = "testvm-app-archive" acl = "private" }
  • 15. “How can we configure all those VMs?”
  • 17. Puppet • Configuration Management • Declarative: Resources and Dependencies • Modi: • puppet apply a given manifest • puppet agent to fetch config from puppetmaster • Versions: • 2.7 legacy • 3.7 “stable” • 4.0 release candidate
  • 18. “How should we manage write access for multiple Ops/DevOps?”
  • 19. git workflows • use git! • use git hooks • use per-user environments for easy testing • repos for testing/production
  • 20. git hook: Syntax Check Git pre-commit hook with puppet-lint to syntax check Puppet, ERB templates, YAML files (http://github.com/gini/puppet-git-hooks) Example Output: $ git commit -m 'test' modules/graylog2/templates/server.conf.erb -:5: syntax error, unexpected $undefined ...rd_sha2 = "; _erbout.concat(( @ root_pwd_sha2 ).to_s); _erbo... ... ^ ERB syntax error in modules/graylog2/templates/server.conf.erb
  • 21. environments • per user env + production ⇒ easy testing with puppet agent -t --environment=user Config File Environments (deprecated): puppet.conf [mschuette] modulepath = $confdir/environments/mschuette/modules manifest = $confdir/environments/mschuette/manifests/site.pp Directory Environments (Puppet >= 3.5.0): puppet.conf [main] environmentpath = $confdir/environments
  • 22. environments Example: two servers for testing/production ..dev-master. prod-master. user1 .user2 . user3 . … . Dev/Test . Prod
  • 23. r10k Map Git branches → Puppet environments with r10k deploy environment -p .. Puppet-Repo.git. dev-master . prod-master . user1 . … .. /etc/puppet/environments.  dev-master .  prod-master .  user1 . …
  • 24. “But we cannot write and maintain all those modules.”
  • 26. Puppetfile forge "https://forge.puppetlabs.com" mod 'puppetlabs/stdlib' mod 'saz/rsyslog', '3.4.0' mod 'puppetlabs/apache', :git => 'https://github.com/puppetlabs/puppetlabs-apache', :ref => '83401079053dca11d61945bd9beef9ecf7576cbf' # Ruby DSL, extensible with own functions # cf. http://www.lazyfrosch.de/2015/02/ # nifty-puppetfile-extension/ github 'jfryman', 'nginx', 'v0.2.2'
  • 27. “How can we move on and puppetize our main servers?”
  • 28. First steps on existing systems • Start small, then expand • Even few automated tasks may save a lot of time • 80/20 rule applies
  • 29. Establish a new workflow • Add notification and QA (if wanted, e. g. with Gerrit), • Use etckeeper to track changes, • Define and document boundaries/responsibilities, • Add comments, point to real source of configuration: # managed by puppet -- editing is futile # template in git.example.com/provisioning.git ... • Run Puppet frequently
  • 30. Puppetmaster vs. puppet apply Rule of thumb: use puppetmaster
  • 31. Puppetmaster vs. puppet apply Rule of thumb: use puppetmaster Unless you want to build your own automation and reporting
  • 32. “How do we use inventory and VM metadata in Puppet manifests?”
  • 33. Facter Gather information from system. • standard values • extensible via Puppet plugins Example Output: # facter -p architecture => i386 operatingsystem => CentOS operatingsystemrelease => 5.5 ... ipaddress => 172.16.182.129 ...
  • 34. stdlib facts.d • puppetlabs-stdlib reads facts from /etc/facter/facts.d • simple data inputs • e. g. ec2metadata, inventory lookup
  • 35. stdlib facts.d • puppetlabs-stdlib reads facts from /etc/facter/facts.d • simple data inputs • e. g. ec2metadata, inventory lookup custom_facts.txt server_role=appserver server_env=staging
  • 36. stdlib facts.d • puppetlabs-stdlib reads facts from /etc/facter/facts.d • simple data inputs • e. g. ec2metadata, inventory lookup custom_facts.sh #! /bin/sh which ec2metadata >/dev/null 2>&1 || exit 1 echo "ec2_ami_id=$(ec2metadata --ami-id)" echo "ec2_instance_id=$(ec2metadata --instance-id)" echo "ec2_instance_type=$(ec2metadata --instance-type)" echo "ec2_public_ipv4=$(ec2metadata --public-ipv4)" echo "ec2_public_hostname=$(ec2metadata --public-hostname)"
  • 37. stdlib facts.d • puppetlabs-stdlib reads facts from /etc/facter/facts.d • simple data inputs • e. g. ec2metadata, inventory lookup custom_facts.py #!/usr/bin/env python from pyzabbix import ZabbixAPI zapi = ZabbixAPI(ZBX_URL) zapi.login(ZBX_USER, ZBX_PASSWORD) hosts = zapi.host.get(output="extend", selectInventory=True) # ... for k in hosts.inventory: print "%s=%s" % (k,data[k])
  • 38. “There has to be a way to split modules and config parameters.”
  • 39. Hiera
  • 40. Hiera • banish top scope variables • use Hiera! • structure with roles & profiles
  • 41. Without Hiera (Puppet 2.x legacy code) node "mydevd+.vagrantup.com" inherits basenode-vagrant { $vmEnv = "development" include sysadmin include ntp if $::fqdn = "mydev01.vagrantup.com" { class { 'vpn': version => latest, ca_crt => '...', usr_crt => '...', usr_key => '...', } } else { class { 'vpn': version => "2.3.2-7~bpo70+1", ca_crt => '...', usr_crt => '...', usr_key => '...', } } # ... }
  • 42. Hiera & Puppet 2.x compatibility class vpn($version = hiera('vpn::version', 'present'), $ca_crt = hiera('vpn::ca_crt'), $usr_crt = hiera('vpn::usr_crt'), $usr_key = hiera('vpn::usr_key')) { package { 'openvpn': ensure => $version; } # ... } class { 'vpn': } # or "include vpn"
  • 43. Puppet 3.x with Hiera site.pp hiera_include('include_classes', ['sysadmin']) node default { } profile_vpn.yaml include_classes: - ntp - vpn vpn::version: present vpn::ca_crt: ... vpn::usr_crt: ... vpn::usr_key: ...
  • 44. “Our modules and manifests grow too complex. How can we structure them?”
  • 45. Module Design Pattern: Roles & Profiles ..Resources from: Craig Dunn, Advanced Puppet Design
  • 46. Module Design Pattern: Roles & Profiles ..Resources...... Components: Resource modelling ..... from: Craig Dunn, Advanced Puppet Design
  • 47. Module Design Pattern: Roles & Profiles ..Resources...... Components: Resource modelling ...... Profiles: Implementation from: Craig Dunn, Advanced Puppet Design
  • 48. Module Design Pattern: Roles & Profiles ..Resources...... Components: Resource modelling ...... Profiles: Implementation . Roles: Business Logic from: Craig Dunn, Advanced Puppet Design
  • 49. Module Design Pattern: Roles & Profiles ..Resources...... Components: Resource modelling ...... Profiles: Implementation . Roles: Business Logic . Hiera: Data . Classifier from: Craig Dunn, Advanced Puppet Design
  • 50. “What other pitfalls will we encounter?”
  • 51. Puppet Problems • some tasks require two agent runs • apt-get upgrade and package dependencies • version mismatch between apt (or yum) and package • scoping and namespaces • exec is the new eval
  • 52. Namespace problems # only works in Puppet >= 4.0, cf. PUP-1073 package { 'memcached': ensure => present, provider => apt, } package { 'memcached': ensure => present, provider => gem, }
  • 53. exec tricks Both source and solution to a great many problems. You can do (and break) everything with exec and a shell script. But of course you should not.
  • 54. exec tricks # pkg name collision exec { 'npm install -g less': creates => '/usr/lib/node_modules/npm/node_modules/less', } # abuse puppet as cron, and hide the change exec { 'zabbix_update.sh': command => 'false', onlyif => "/opt/zabbix_update.sh $api_url && false", logoutput => on_failure, }
  • 55. “How can we monitor Puppet changes?”
  • 61. git hook: E-Mail Notification Git post-receive hook to notify team on push (http://git.kernel.org/cgit/git/git.git/tree/contrib/hooks/ post-receive-email?id=HEAD) Example E-Mail: - Log ---------------------------------------------- commit 5df04ee883b8de8a37bf0ac97eec068cd1f3a414 Author: N. N. <n.n@deck36.de> Date: Tue Jan 7 08:57:17 2014 +0000 fixed path to csync2 executable ---------------------------------------------------- Summary of changes: modules/user/files/etc/sudoers.d/support | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
  • 62. “How do we coordinate a cluster restart?”
  • 63. MCollective “multissh deluxe” AMQP client/server framework to • orchestrate actions • control puppet agents • run commands • query resources • … Alternatives: Ansible, serf, …
  • 64. “Why do we still manually configure DNS and monitoring?”
  • 65. Hooks to other systems • include in provisioning process • provide normative data as facts • register or update DNS name → e. g. Route 53 • update monitoring → e. g. Zabbix API • update loadbalancer → e. g. ELB or Consul
  • 66. Questions? class presentation { package { 'questions': ensure => 'answered', } } Links: • Puppet Visual Index • Puppet Type Reference • Puppet Ask • Ger Apeldoorn: Manageable Puppet Infrastructure • Martin Alfke: Power of Puppet 4