11 Ways to Hack Puppet for Fun and Productivity - Luke Kanies - Velocity 2012

11 Ways to hackPuppet for Fun and Luke Kanies Founder and CEO, Puppet Labs Founder of Puppet @puppetmasterd luke@puppetlabs.com

Puppet Deploy 1,800 machines in 2 hoursMobile Phone vs. 25 machines per day with HP Investors Company Opsware Scaled from 0 to over 10,000 servers in 2 months without training 287 servers per SysAdmin vs. 19 for BMC BladeLogic Over 50,000 systems managed by PuppetFinancial Entertainment Technology Defense Web

Built for you

Great Design http://www.encorbio.com/Album/pages/ChkNFH-neuron1.htm

Conﬁguration Platform

FearEmbarrassment SSH

More great sysadmins Programmers Sysadmins 5000 Assembly Scripts Ruby, Java,Millions Puppet PHP, C

Incremental Investment Fully Automated Infrastructure Whole machines Multiple services AwesomenessOne ﬁle Investment

Why use Puppet?

Scale at speed

Availability

Security

Auditability

Golden image?Image from http://www.ﬂickr.com/photos/fungep/2516767121/sizes/

Puppet: A brief introduction

A language for conﬁguration speciﬁcation

Resource Abstractioncomputer packagecron portfile resourcesgroup routerhost serviceinterface sshkeyk5login stagemailalias usermaillist vcsrepomcx vlanmount yumrepo

Cross PlatformRed Hat SolarisFedora OS X WindowsDebian AIX CiscoUbuntu HP-UXCentOS OpenBSD F5 SuSE FreeBSD

Workﬂow 1 Deﬁne: With Puppets declarative language you design a graph of relationships between resources within reusable modules. These modules define your infrastructure in its desired state. E R AG VE CO SE EA CR IN ND E A I T E R AT4 Report: Puppet Dashboard reports 2 Simulate: With this resource track relationships between graph, Puppet is unique in itscomponents and all changes, allowing ability to simulate deployments, enablingyou to keep up with security and you to test changes without disruptioncompliance mandates. And with the to your infrastructure.open API you can integrate Puppet withthird party monitoring tools. CURRENT 3 Enforce: Puppet compares your STATE system to the desired state as you define it, and automatically enforces it DESIRED STATE to the desired state ensuring your system is in compliance.

Change Propagation Node 1 Facts The node sends normalized data about itself to the Puppet Master. SSL secure 2 Catalog Puppet uses the Facts to encryption compile a Catalog that on all data specifies how the node transport should be configured.Report 3The nodereports backto Puppetindicating theconfiguration iscomplete, whichis visible in the PuppetPuppet Dashboard. Master 4 Report Collector (Puppet or 3rd party tool) Report can also send data to third party tools.

domain => local Automatic Inventoryfacterversion => 1.5.8fqdn => sliver.localhardwaremodel => i386hostname => sliverinterfaces => lo0,gif0,stf0,en0,en1,fw0,vmnet1,vboxnet0ipaddress => 192.168.174.1ipaddress_lo0 => 127.0.0.1ipaddress_vmnet1 => 192.168.174.1kernel => Darwinkernelmajversion => 10.6kernelrelease => 10.6.0macosx_productname => Mac OS Xmacosx_productversion => 10.6.6netmask => 255.255.255.0netmask_lo0 => 255.0.0.0netmask_vmnet1 => 255.255.255.0network_lo0 => 127.0.0.0network_vmnet1 => 192.168.174.0operatingsystem => Darwinoperatingsystemrelease => 10.6.0path => /opt/local/bin:/opt/local/sbin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/binps => ps auxwwwpuppetversion => 2.6.4rubysitedir => /opt/local/lib/ruby/site_ruby/1.8timezone => PSTuptime => 1 dayrubyversion => 1.8.7sp_bus_speed => 1.07 GHz

Centralized, Serverless, or Puppet Dashboard Puppet Module Forge 3rd Party Systems Data Modules MCollective handles Puppet Master orchestration Facter Facter Facter Puppet Agent Puppet Agent Puppet Agent NODE NODE NODE

Scales like HTTPS2 known 50k node sitesMultiple 30k node sites Tens of 3k node sites

Built as a platform

Model-based hackability• Hosts• Inventory data • IP, hostname, platform, etc.• Resource lists• Resource dependencies• Change events

Puppet Facesca keycatalog mancertificate nodecertificate_request parsercertificate_revocation_list pluginconfig reportfacts resourcefile resource_typehelp status

MCollective:Infrastructure message bus

Puppet Forge404 free, reusable modules

Hacking Puppet forFun and Productivity

QuestionAuthority

Model-based Hackability

Exampleshttps://github.com/lak/velocity_2012-Hacking_Puppet https://github.com/puppetlabs/puppetlabs-stdlib/

Hack #1: Puppet as you ~/.puppet/puppet.conf

Editing ﬁles as youCode:Result:

Simpler versionCode:Result:

Client/serverCode:Server: (and lots more text)Client:

Hack #2: Curl speaksPuppet:Curl:

Hack #3: Data, and lots of it

Data Node 1 Facts The node sends normalized data about itself to the Puppet Master. SSL secure 2 Catalog Puppet uses the Facts to encryption compile a Catalog that on all data specifies how the node transport should be configured.Report 3The nodereports backto Puppetindicating theconfiguration iscomplete, whichis visible in the PuppetPuppet Dashboard. Master 4 Report Collector (Puppet or 3rd party tool) Report can also send data to third party tools.

#3.1: Catalog

Catalog as JSON{ "data": { "edges": [ { "source": "Stage[main]", "target": "Class[Settings]" }, { "source": "Stage[main]", "target": "Class[main]" }, { "source": "Class[main]", "target": "File[/tmp/local_file]" } ], "resources": [ { "type": "Class", "exported": false, "title": "Settings", "tags": [ "class", "settings" ] },

So?Control separately:Resource list:Code:

#3.2: Facts

Every host, automatically

#3.3: Reports

EveryChange

Node Fact ResourceDependency Change

Hack #4: Static Compiler

Checksum vs. URLBefore:After:

Normal data ﬂows

Static compiler, run 1

Static compiler, run 2

Hack #5: conﬁg_versionDefault:After:

Extensions

Hack #6: Report http://puppetlabs.com/blog/when-puppet-reports-part-1/https://github.com/jamtur01/puppet-growl/blob/master/lib/puppet/reports/growl.rb

Hack #7: Functionhttps://github.com/puppetlabs/puppetlabs-stdlib/blob/master/lib/puppet/parser/ functions/ﬂatten.rb

Hack #8: Facthttps://github.com/puppetlabs/puppetlabs-stdlib/blob/master/lib/facter/ root_home.rb

#9 and #10: Types and ProvidersExamples from http://www.kartar.net/2010/02/puppet-types-and-providers-are-easy/

Exec in Puppet

Native resource

Native resources areExec:Native:

Resource Type

Resource Provider

Hack #11: Face https://github.com/puppetlabs/puppet/blob/2.7rc/lib/puppet/face/conﬁg.rb

Setuphttps://github.com/puppetlabs/puppet/blob/2.7rc/lib/puppet/face/conﬁg.rb

actualwork.com https://github.com/puppetlabs/puppet/blob/2.7rc/lib/puppet/face/conﬁg.rb

Summary

Conﬁgurable

Controllable Node 1 Facts The node sends normalized data about itself to the Puppet Master. SSL secure 2 Catalog Puppet uses the Facts to encryption compile a Catalog that on all data specifies how the node transport should be configured.Report 3The nodereports backto Puppetindicating theconfiguration iscomplete, whichis visible in the PuppetPuppet Dashboard. Master 4 Report Collector (Puppet or 3rd party tool) Report can also send data to third party tools.

Node Fact ResourceDependency Change

Hackable

Questions?

http://puppetlabs.com	726
http://lanyrd.com	66
http://drupal-dev.puppetlabs.com	18
http://eventifier.co	13
https://twitter.com	11
http://www.puppetlabs.com	3
https://puppetlabs.com	1

11 Ways to Hack Puppet for Fun and Productivity - Luke Kanies - Velocity 2012

by Puppet Labs on Jun 26, 2012

Accessibility

Categories

Upload Details

Usage Rights

7 Embeds 838

Statistics

11 Ways to Hack Puppet for Fun and Productivity - Luke Kanies - Velocity 2012 Presentation Transcript