2.
Software defined infrastructure – perfect for
VCS
Configuration Management for servers
Declarative language written in Ruby DSL
Uses manifests to define server
configurations
Brings servers into a desired state and keeps
them there
Eliminates “snowflake” environments
3.
Puppet Modules
Self-contained bundles of code
Develop your own
Download from the Puppet Forge
(https://forge.puppetlabs.com/)
Contain manifests, files, templates and, ahem… tests
4.
Puppet Manifests
End in the .pp file extension
Each manifest in a puppet module should contain
one class or defined type
Define the set of resources
(packages, files, services) that the module
represents
Can contain logic
(conditionals, collections, functions, etc)
Are the source for the compiled catalog
5.
The catalog
Represents the DAG (directed acyclic graph) of
resources and the desired system state for a given
node
Is compiled from the set of modules’ manifests
defined for a given node
In master/agent puppet, compiled by the master
and applied on the agent node
Masterless puppet, compiled locally on node
Represented on disk as a YAML document
6.
7.
Need to upgrade Java version on tomcat6
vms
Get latest puppet code from vcs
Make the version change in my manifest
Simple change, it looks good to me
Commit my changes
8.
9. Oh no – Java was updated on my tomcat7 vms
too…. Wait, wat?!
Face Palm
FAIL!!
10.
11.
Puppet manifests are code
Improve consistency and predictability of
server provisioning
Well-defined tools (rspec-puppet, puppet
parser, puppet-lint, serverspec, vagrant, etc.)
Automatable
Complex, data-driven server configuration
Think of others and future you!
15.
rspec-puppet (http://rspec-puppet.com/)
Written by Tim Sharpe (https://github.com/rodjek)
rspec, extended to work with puppet
“unit tests” for puppet code
Designed to test the catalog
▪
▪
▪
▪
Tests at the module level, not system level
Verify resources are present and dependencies are met
Verify resources are configured as expected
Verify file content (even when using templates and hiera –
yes!)
puppetlabs-spec_helper (Rakefile, .fixtures.yml)
16.
rspec-puppet ruby gem
rspec-puppet-init
▪ Rakefile
▪ spec/spec_helper.rb
▪ spec/{classes,defines,functions,hosts,fixtures}
puppetlabs_spec_helper ruby gem
.fixtures.yml
Ideal for testing manifests referencing forge modules
Both gems work together to ease the burden of
boilerplate setup and configuration
31.
This is awesome, but we’re not done
Next level of testing is to perform a puppet
run on a test vm and verify all is good
We are ready for a server test – enter
serverspec
32.
Server Spec (http://serverspec.org/)
Designed to validate that a server is configured
appropriately after it’s been provisioned
Independent of
Puppet, Chef, CFEngine, SaltStack, etc.
Tests your servers’ actual state directly via ssh
▪ No server-side software or agents required!
33.
serverspec ruby gem
similar dsl as rspec, rspec-puppet
serverspec-init
spec dir
sample spec file
spec_helper.rb
Rakefile
34.
35.
36.
37. describe iptables do
it { should have_rule(‘-P INPUT ACCEPT’).with_table(‘mangle’).with_chain(‘INPUT’) }
end
describe port(2003) do
it { should be_listening.with(‘udp’) }
end
describe package(‘httpd’) do
it { should be_installed }
end
describe service(‘sshd’) do
it { should be_monitored_by(‘monit’) }
end
38.
39.
40.
We use Puppet Enterprise at TWC
Vagrantfile that auto installs and configures
Puppet Enterprise master and agent(s)
https://github.com/adrienthebo/vagrant-pe_build
Personal replica of production Puppet
Enterprise setup
Can apply any role to the agent and test the
server config
Destroy the agent vm when done
41.
“Create identical machine images for multiple
platforms from a single source configuration”
Supports all the main provisioners including Puppet
Can optionally create a vagrant box from the same
source configuration
Automatable and Testable
Extendable plugin architecture
Powerful option for any vm architecture, especially
cloud-based (internal and external)
Full of awesome
We will look at a manifest and what a catalog is in the next few slides
Bullet 1: resource graph and all the dependenciesBullet 2: a given node can have several modules defined for resources that need to be on that systemBullet 3: puppet source lives on master; agent has no puppet code.
This gives an idea of how validate the server is configured as expected. If time permits, we can demo thisNow we will shift focus