Using PuppetAlex Su2011/12/26               Classification 2012/4/3   Copyright 2009 Trend Micro Inc.   1
What is a system admin?Trend Micro                   Copyright 2009 Trend Micro Inc.Confidential
Don‟t look at me...    I wasn‟t the last one to touch it...Trend Micro                         Copyright 2009 Trend Micro ...
One Goal:    Revolutionize    System    AdministrationTrend Micro          Copyright 2009 Trend Micro Inc.Confidential
An Analogy                         Programming                                  SysAdmin         Low-level,         Assemb...
This  apt-get install openssh-server  vi /etc/ssh/sshd_config  /etc/init.d/ssh start Becomes  package { ssh: ensure => ins...
Puppet Quick Overview    • Stop administrating your environment and start developing it...    • Re-usable code for managin...
Trend Micro    Copyright 2009 Trend Micro Inc.Confidential
Trend Micro    Copyright 2009 Trend Micro Inc.Confidential
Puppet Module StructureTrend Micro             Copyright 2009 Trend Micro Inc.Confidential
A Partial List of Puppet types           Packages       •   Supports 30 different package providers                       ...
Nagios ‘Type’ Support       Nagios Service   @@nagios_service {                          "load_check_${hostname}":        ...
Trend Micro    Copyright 2009 Trend Micro Inc.Confidential
Trend Micro    Copyright 2009 Trend Micro Inc.Confidential
Sample site.pp   import "environment"   import "util"   import "constants"   import "bases"   import "nodes"   # global de...
Classes vs. Modules   • Why use the classes directory and the modules     directory?   • Classes are more global and usual...
Sample hadoop master class  class hadoop-master {     include kerberoskdc     include authclient     include ldapserver   ...
Sample module init.pp   class resolv {      file { "resolv.conf":          path => "/etc/resolv.conf",          content =>...
apt-get install openssh-server  vi /etc/ssh/sshd_config  /etc/init.d/ssh start                       Configuration should  ...
package { ssh: ensure => installed }  file { sshd_config:            name => “/etc/ssh/sshd_config”,            source => ...
What is a template?   • Puppet templates are flat files containing Embedded Ruby     (ERB) variables   • hadoop/conf/hadoo...
What is a node?  • Node definitions look just like classes, including supporting inheritance,    but they are special in t...
Puppet Network Overview    •   Configuration allows for manual synchronizations or a set increment    •   Client or server ...
Every Client:   • Retrieve resource catalog from central server   • Determine resource order   • Check each resource in tu...
Every Resource:   • Retrieve current state (e.g., by querying dpkg db or     doing a stat)   • Compare to desired state   ...
tail –f /var/log/messageTrend Micro                Copyright 2009 Trend Micro Inc.Confidential
TM-Puppet                                  /etc/puppet    auth.conf       files/                manifests/                ...
Reference    • Deployment Tools    • ERB - Ruby TemplatingTrend Micro                   Copyright 2009 Trend Micro Inc.Con...
Questions?  Classification 2012/4/3   Copyright 2009 Trend Micro Inc. 29
THANK YOU!  Classification 2012/4/3   Copyright 2009 Trend Micro Inc. 30
Upcoming SlideShare
Loading in...5
×

Using puppet

1,144

Published on

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,144
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
28
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Using puppet

  1. 1. Using PuppetAlex Su2011/12/26 Classification 2012/4/3 Copyright 2009 Trend Micro Inc. 1
  2. 2. What is a system admin?Trend Micro Copyright 2009 Trend Micro Inc.Confidential
  3. 3. Don‟t look at me... I wasn‟t the last one to touch it...Trend Micro Copyright 2009 Trend Micro Inc.Confidential
  4. 4. One Goal: Revolutionize System AdministrationTrend Micro Copyright 2009 Trend Micro Inc.Confidential
  5. 5. An Analogy Programming SysAdmin Low-level, Assembly commands non-portable and files Abstract, Java / Python / Ruby Resources portableTrend Micro Copyright 2009 Trend Micro Inc.Confidential
  6. 6. This apt-get install openssh-server vi /etc/ssh/sshd_config /etc/init.d/ssh start Becomes package { ssh: ensure => installed } file { sshd_config: name => “/etc/ssh/sshd_config”, source => “puppet://server/apps/ssh/sshd } service { sshd: ensure => running, }Trend Micro Copyright 2009 Trend Micro Inc.Confidential
  7. 7. Puppet Quick Overview • Stop administrating your environment and start developing it... • Re-usable code for managing your software & configurations • Provides a Domain Specific Language (DSL) to script with – Classes, conditionals, selectors, variables, basic math, etc. • Supports Linux, Solaris, BSD, OS X; Windows in process!Trend Micro Copyright 2009 Trend Micro Inc.Confidential
  8. 8. Trend Micro Copyright 2009 Trend Micro Inc.Confidential
  9. 9. Trend Micro Copyright 2009 Trend Micro Inc.Confidential
  10. 10. Puppet Module StructureTrend Micro Copyright 2009 Trend Micro Inc.Confidential
  11. 11. A Partial List of Puppet types Packages • Supports 30 different package providers • Abstracted for your OS automatically • Specify „installed‟, „absent‟, or „latest‟ for desired state • Change from „installed‟ to „latest‟ and deploy for quick Upgrade Services • Supports 10 different „init‟ frameworks • Control whether a service starts on boot or is required to be running always • A service can be notified to restart if a configuration file has been changed Files/Directories • Specify ownership & permissions • Load content from „files/‟, „templates/‟ or custom strings • Create symlinks • Supports 5 types to verify a file checksum • Purge a directory of files not „maintained‟Trend Micro Copyright 2009 Trend Micro Inc.Confidential
  12. 12. Nagios ‘Type’ Support Nagios Service @@nagios_service { "load_check_${hostname}": service_description => "Load Averages", check_command => "load_check!3!5", host_name => "$fqdn", use => "generic-service"; } Nagios Service @@nagios_servicegroup { Group "apache_servers": alias => "Apache Servers"; } Nagios Host @@nagios_host { $fqdn: ensure => present, hostgroups => "ldap", use => "generic-host"; } Nagios Host @@nagios_hostgroup { Group "load_balancers": alias => "Load Balancers"; }Trend Micro Copyright 2009 Trend Micro Inc.Confidential
  13. 13. Trend Micro Copyright 2009 Trend Micro Inc.Confidential
  14. 14. Trend Micro Copyright 2009 Trend Micro Inc.Confidential
  15. 15. Sample site.pp import "environment" import "util" import "constants" import "bases" import "nodes" # global defaults Exec { path => "/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbi n:/usr/bin:/root/bin" }Trend Micro Copyright 2009 Trend Micro Inc.Confidential
  16. 16. Classes vs. Modules • Why use the classes directory and the modules directory? • Classes are more global and usually contain many different modules • Modules are the smallest unit of measure that Puppet builds fromTrend Micro Copyright 2009 Trend Micro Inc.Confidential
  17. 17. Sample hadoop master class class hadoop-master { include kerberoskdc include authclient include ldapserver include hadoop include hbase include pig } class pig { # install packages $packagelist = ["hadoop-pig"] # install packages package { base_pig_rpms: ensure => installed, name => $packagelist, } }Trend Micro Copyright 2009 Trend Micro Inc.Confidential
  18. 18. Sample module init.pp class resolv { file { "resolv.conf": path => "/etc/resolv.conf", content => template("resolv/conf/resolv.conf.erb"), owner => root, group => root, mode => 644, ensure => file, } file { "hosts": path => "/etc/hosts", content => template("resolv/conf/hosts.erb"), owner => root, group => root, mode => 644, ensure => file, } }Trend Micro Copyright 2009 Trend Micro Inc.Confidential
  19. 19. apt-get install openssh-server vi /etc/ssh/sshd_config /etc/init.d/ssh start Configuration should get modified after Package package installation Service should restart when configuration changes Configuration ServiceTrend Micro Copyright 2009 Trend Micro Inc.Confidential
  20. 20. package { ssh: ensure => installed } file { sshd_config: name => “/etc/ssh/sshd_config”, source => “puppet://server/apps/ssh/sshd, after => Package[ssh] } service { sshd: ensure => running, subscribe => [Package[ssh], File[sshd_config]] }Trend Micro Copyright 2009 Trend Micro Inc.Confidential
  21. 21. What is a template? • Puppet templates are flat files containing Embedded Ruby (ERB) variables • hadoop/conf/hadoop-metrics.properties.erb <% if ganglia_hosts.length > 0 %> dfs.class=org.apache.hadoop.metrics.ganglia.GangliaContext31 dfs.period=10 dfs.servers=<% ganglia_hosts.each do |host| -%><%= host %> <% end -%> <% end %> • resolv/conf/hosts.erb <% ip_host_map.each do |ip,hosts| -%> <%= ip %> <%= hosts %> <% end -%>Trend Micro Copyright 2009 Trend Micro Inc.Confidential
  22. 22. What is a node? • Node definitions look just like classes, including supporting inheritance, but they are special in that when a node (a managed computer running the Puppet client) connects to the Puppet master daemon. • nodes.pp node tm5-master.client.tw.trendnet.org inherits hadoop_master {} or node tm5-master.client.tw.trendnet.org { include kerberoskdc include authclient include ldapserver include hadoop include hbase include pig }Trend Micro Copyright 2009 Trend Micro Inc.Confidential
  23. 23. Puppet Network Overview • Configuration allows for manual synchronizations or a set increment • Client or server initiated synchronizations • Client/Server configuration leverages a Certificate Authority (CA) on the • Puppet Master to sign client certificates to verify authenticity • Transmissions of all data between a master & client are encryptedTrend Micro Copyright 2009 Trend Micro Inc.Confidential
  24. 24. Every Client: • Retrieve resource catalog from central server • Determine resource order • Check each resource in turn, fixing if necessary • Rinse and repeat, every 30 minutesTrend Micro Copyright 2009 Trend Micro Inc.Confidential
  25. 25. Every Resource: • Retrieve current state (e.g., by querying dpkg db or doing a stat) • Compare to desired state • Fix, if necessary (or just log)Trend Micro Copyright 2009 Trend Micro Inc.Confidential
  26. 26. tail –f /var/log/messageTrend Micro Copyright 2009 Trend Micro Inc.Confidential
  27. 27. TM-Puppet /etc/puppet auth.conf files/ manifests/ modules/ autosign.conf byhost/ bases.pp hadoop/ puppet.conf host1/ nodes.pp manifests/ init.pp host2/ site.pp host3/ util.pp templates/ hbase/ pig/Trend Micro Copyright 2009 Trend Micro Inc.Confidential
  28. 28. Reference • Deployment Tools • ERB - Ruby TemplatingTrend Micro Copyright 2009 Trend Micro Inc.Confidential
  29. 29. Questions? Classification 2012/4/3 Copyright 2009 Trend Micro Inc. 29
  30. 30. THANK YOU! Classification 2012/4/3 Copyright 2009 Trend Micro Inc. 30
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×