Puppet @ Seat

Seat Internet Factory Tech Talk 5

Tempus fugitSetup. Conﬁgure. Deploy. Troubleshoot. Fix.

Panta reiEmails. Tickets. Calls. Meetings.

Malatemporacurruntcat /etc/issueDebian 4

Errarehumanum est...rm /var/log/messages

perseverareautemdiabolicumchmod -R 777 ; su nobody ; rm -rf .

Alea iacta estHope driven release management.

Devs Versus OpsD: Can you copy /ldap/dritchie/spes.war to prod? O: Open a Ticket.

O temporao mores!Big efforts for small outputs

Spes ultima dea Have you heard about this Puppet thing?

Repetitia iuvantMachines automate better

GratisOpenSource from www.puppetlabs.com

Cui prodest? Source: www.puppetlabs.com

Divide et imperaMany Puppet nodes One Puppet Master

package { openssh-server:Status Quo } ensure => present, before => File[/etc/ssh/sshd_config],“A declarative language to describe file { /etc/ssh/sshd_config:system status” ensure => file, mode => 600, source => /root/learning-manifests/sshd_config, } service { sshd: ensure => running, enable => true, subscribe => File[/etc/ssh/sshd_config], }

Veni vidi vici puppet apply

DeusExMachina# This File is Managed by Puppet

Mater semper certa est, pater nunquam O: Who changed that ﬁle?!info: Filebucket[/var/lib/puppet/clientbucket]: Adding /etc/resolv.conf(d7fbc1695489ce896d30b7b04d72887c)info: //test/File[/etc/resolv.conf]: Filebucketed /etc/resolv.conf to main with sumd7fbc1695489ce896d30b7b04d72887cnotice: //test/File[/etc/resolv.conf]/content: content changed {md5}d7fbc1695489ce896d30b7b04d72887c to {md5}958836dd057fdbb33597d688cc6d28a2

Ex novoProvision from scratch.

DoctumdocesInfrastructure as code

Scripta manent,verba volantsvn ci -m “Ticket #777”

FactotumP: I manage. Almost everything.

Ignorantia legisnon excusatOnce you Puppettize, you Puppettize

Sperimentazione iniziata nel 2010Implementazione sistematica su nuovi server da Ottobre 2010Conversione / Upgrade sistemi esistenti in corso.Produzione a Rozzano - Sistemi gestiti: 167 (growing):- Pagine Bianche- Banners- E-Commerce, Scioppy- Tools PL, Iglu, Spysite, Routing, Fotocontest, Iglu ...- Sistemi infrastrutturali (Dns, Syslog, Deploy, Ldap (soon) )- Sistemi di monitoring (Nagios, Munin)Disaster Recovery - Sistemi gestiti: 34:- Pagine Gialle (Intera ﬁliera)- Sistemi infrastrutturali (Dns, Syslog, Deploy, Ldap)- Sistemi di monitoring (Nagios, Munin)

# Base nodenode basenode { $dns_servers = ["192.168.39.42","192.168.39.43"] $syslog_server = "syslog-1.pgol.com" $type = "prod" # We assume that most of nodes are of prod(ution) type. $users_auth = "ldap" # By default we want ldap auth[...]}# Rozzano Production sitenode rozzano inherits basenode { $site = "rozzano" $ntp_server = ["ntp1.pgol.com","ntp2.pgol.com"]}node rozzano-dmz inherits rozzano { $zone = "dmz" $users_auth = "local" # No ldap auth for users in DMZ servers}node rozzano-erog inherits rozzano { $zone = "erog"}# Disaster recovery Sitenode dr inherits basenode { $site = "dr" $dns_servers = ["192.168.50.10","192.168.50.11"][...]

# FRONTEND BIANCO # CLUSTER CASSANDRA DEVnode fep-pbit-1 inherits rozzano-erog { node dev-cassandra-1b inherits rozzano- include role_fep-pbit erog {} ! $type = "dev" ! include role_cassandranode fep-pbit-2 inherits rozzano-erog { } include role_fep-pbit [...]} # CLUSTER CASSANDRA TEST[...] node test-cassandra-1 inherits rozzano- erog {node test-pbit-1 inherits rozzano-erog { ! $type = "test" $type = "test" ! include role_cassandra include role_fep-pbit }} [...][...] # CLUSTER CASSANDRA PROD node cassandra-1 inherits rozzano-erog { ! include role_cassandra } [...] node cassandra-5 inherits rozzano-erog { ! $has_batch = "true" ! include role_cassandra }

class general { include distro include profile include puppet include motd include users include openssh include hosts include resolver include monit include sudo include snmpd include nrpe include munin include rsync include basedirs case $operatingsystem { ubuntu,debian: { # Moduli attualmente funzionanti solo su Ubuntu/Debian include exim include openntpd include apt include rsyslog include unattended-upgrades include hardware } centos,redhat: { include yum } default: { } }}

class role_fep-pbit { $role="fep-pbit" include general include nfs::client::fep-pbit include apache include apache::seat::fep-pbit include php::pear include php::dev include php::oci8 include apache::spidertrap apache::module { "rewrite": } apache::module { "proxy": templatefile => "proxy.conf.erb" } php::module { "gd": } php::pear::module { "apc": } php::pear::module { "XML_Serializer": use_package => "no" } php::pecl::config { "http_proxy": value => "$proxy_server" } [...] # Monitoring include monitor::seat::url_fep-pbit # Deploy puppi::project::files { "fep-pbit": source => "http://deploy.${domain}/fep-pbit/deploylist.txt", [...] }}

class apache::monitor { # Port monitoring monitor::port { "apache_${apache::params::protocol}_${apache::params::port}": protocol => "${apache::params::protocol}", port => "${apache::params::port}", target => "${apache::params::monitor_target_real}", enable => "${apache::params::monitor_port_enable}", tool => "${monitor_tool}", } # Process monitoring monitor::process { "apache_process": process => "${apache::params::processname}", service => "${apache::params::servicename}", pidfile => "${apache::params::pidfile}", enable => "${apache::params::monitor_process_enable}", tool => "${monitor_tool}", } [...]}

$monitor="yes"$monitor_tool=["monit","nagios","puppi",”munin”]

class monitor::seat::url_fep-pbit {# 1240 monitor::url { "Url-1240_PREFFISSI_INTERNAZIONALI": url => "http://1240.paginebianche.it/execute.cgi?ts=9&cb=18&btt=1&nz=CANADA&l=it", port => 80, target => "${fqdn}", pattern => 01139, enable => "true", tool => "${monitor_tool}", } monitor::url { "Url-1240_RICERCA_LOCALITA_E_CAP_PER_PREFISSO": url => "http://1240.paginebianche.it/execute.cgi?ts=19&cb=18&btt=1&prefisso=0744&l=it", port => 80, target => "${fqdn}", pattern => Terni, enable => "true", tool => "${monitor_tool}", } [...]}

root@fep-pbit-1:~# puppi checkHost check: 50-Url-1240_PREFFISSI_INTERNAZIONALI [ OK ]HTTP OK: HTTP/1.1 200 OK - 25285 bytes in 0.193 second response time |time=0.192856s;;;0.000000 size=25285B;;;0Host check: 50-Url-1240_RICERCA_LOCALITA_E_CAP_PER_PREFISSO[ OK ]HTTP OK: HTTP/1.1 200 OK - 12417 bytes in 0.071 second response time |time=0.070648s;;;0.000000 size=12417B;;;0Host check: 50-Url-1240_RICERCA_LOCALITA_PER_CAP [ OK ]HTTP OK: HTTP/1.1 200 OK - 12641 bytes in 0.048 second response time |time=0.048381s;;;0.000000 size=12641B;;;0[...]Host check: 50-Mount__store_www.paginebianche.it_doc_root_g[ OK ]/store/www.paginebianche.it/doc_root/gclight is mounted! Type is nfsHost check: 50-apache_process [ OK ]PROCS OK: 540 processes with command name apache2Host check: 50-apache_tcp_80 [ OK ]TCP OK - 0.000 second response time on port 80|time=0.000250s;;;0.000000;10.000000Host check: 50-openssh_process [ OK ]PROCS OK: 3 processes with command name sshdHost check: 50-openssh_tcp_22 [ OK ]TCP OK - 0.000 second response time on port 22|time=0.000151s;;;0.000000;10.000000

root@metaportali-mpc:~# puppi deploy configuratorPuppi setup: 00-configurator-RuntimeConfig-Initialization [ OK ]Deploy: 10-configurator-Run_PRE-Checks [ OK ][...]Deploy: 20-configurator-Retrieve_WAR [ OK ]Deploy: 30-configurator-Backup_existing_WAR [ OK ]Deploy: 36-configurator-Disable_extra_services [ OK ][...]Deploy: 37-configurator-Check_undeploy [ OK ]Deploy: 38-configurator-Service_stop [ OK ][...]Deploy: 39-configurator-Run_Custom_PreDeploy_Script [ OK ]Deploy: 40-configurator-Deploy_WAR [ OK ]Deploy: 42-configurator-Service_start [ OK ][...]Deploy: 43-configurator-Check_deploy [ OK ]Deploy: 44-configurator-Enable_extra_services [ OK ][...]Deploy: 80-configurator-Run_POST-Checks [ OK ][...]Reporting: 20-configurator-Mail_Notification [ OK ]REPORT FOR PUPPI - STATUS OKSummary of operations is: /var/log/puppi/configurator/20110303-145104/summaryDetails are in: /var/log/puppi/configurator/20110303-145104/Temporary workdir has been: /tmp/puppi/configurator/ (Will be rewritten at the next puppi run)Runtime config file is: /tmp/puppi/configurator/configFiles have been archived in: /var/lib/puppi/archive/configurator/20110303-145104

root@fep-pbit-1:~# puppi rollback fep-pbitPuppi setup: 00-fep-pbit-RuntimeConfig-Initialization [ OK ]Choose deploy to rollback:total 24drwxr-xr-x 2 root root 4096 2011-02-17 17:25 20110217-172418drwxr-xr-x 2 root root 4096 2011-02-24 17:18 20110224-171656drwxr-xr-x 2 root root 4096 2011-02-28 16:54 20110228-165323drwxr-xr-x 2 root root 4096 2011-03-01 17:01 20110301-170009drwxr-xr-x 2 root root 4096 2011-03-01 17:13 20110301-171339drwxr-xr-x 2 root root 4096 2011-03-01 17:16 20110301-171607lrwxrwxrwx 1 root root 47 2011-03-01 17:16 latest -> /var/lib/puppi/archive/fep-pbit/20110301-171607[...]

class role_mpc-metaportale { $role="mpc-metaportale"[...] puppi::project::war { "configurator": source => "http://deploy.pgol.com/mpc-metaportale/configurator.war", user => "www-data", init_script => "tomcat-mpc", predeploy_customcommand => "rm -rf /store/tomcat/mpc/webapps/*", predeploy_user => "root", predeploy_priority => "39", deploy_root => "/store/tomcat/mpc/webapps", report_email => "release_engineering@seat.it,webdesign@paginegialle.it", enable => "true", disable_services => "monit puppet", } root@metaportali-mpc:~# puppi deploy configurator} Puppi setup: 00-configurator-RuntimeConfig-Initialization [ OK ] Deploy: 10-configurator-Run_PRE-Checks [ OK ] [...] Deploy: 20-configurator-Retrieve_WAR [ OK ] Deploy: 30-configurator-Backup_existing_WAR [ OK ] Deploy: 36-configurator-Disable_extra_services [ OK ] [...] Deploy: 37-configurator-Check_undeploy [ OK ] Deploy: 38-configurator-Service_stop [ OK ] [...] Deploy: 39-configurator-Run_Custom_PreDeploy_Script [ OK ] Deploy: 40-configurator-Deploy_WAR [ OK ] Deploy: 42-configurator-Service_start [ OK ] [...] Deploy: 43-configurator-Check_deploy [ OK ] Deploy: 44-configurator-Enable_extra_services [ OK ] [...] Deploy: 80-configurator-Run_POST-Checks [ OK ] [...] Reporting: 20-configurator-Mail_Notification [ OK ] REPORT FOR PUPPI - STATUS OK Summary of operations is: /var/log/puppi/configurator/20110303-145104/summary [...]

Faster Setups Do ut des Tested codeQuick Scalability Url based checksDeployment Agility Site Aware conﬁgurationsTesting Environment Standardized deploy requests

In medio stat virtus Share needs, constraints, knowledge and skills

Hicmanebimus optime Cooperation is fun

Full Infrastructure AutomationUniﬁed Infrastructure Reporting Per aspera ad astraSelf Service Release ManagementAutoTesting Release Workﬂow Add here your wildest (IT) dream...

ad maiora Graphics: www.tatlin.net

http://coderwall.com	20
http://www.linkedin.com	4
http://twitter.com	1
http://www.unscatter.com	1
http://www.example42.com	1

Puppet @ Seat

by Alessandro Franceschi

Accessibility

Categories

Upload Details

Usage Rights

5 Embeds 27

Statistics

Puppet @ Seat Presentation Transcript