Your SlideShare is downloading. ×
Integrating cloud stack with puppet
Integrating cloud stack with puppet
Integrating cloud stack with puppet
Integrating cloud stack with puppet
Integrating cloud stack with puppet
Integrating cloud stack with puppet
Integrating cloud stack with puppet
Integrating cloud stack with puppet
Integrating cloud stack with puppet
Integrating cloud stack with puppet
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Integrating cloud stack with puppet

2,247

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
2,247
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
36
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Your browser doesnt support the features required by impress.js, so you are presented with a simplifiedversion of this presentation.For the best experience please use the latest Chrome or Safari browser. Firefox 10 (to be released soon) willalso handle it. Integrating CloudStack With Puppet Jason Hancock jsnbyh@gmail.com @jsnby http://geek.jasonhancock.com May 2012Goals:Do NOT use Puppets auto­signingfeatureInstances receive all config via PuppetMinimize the number of CloudStacktemplatesNo manual intervention
  • 2. Translation:Make one API call to launch the VM,the automation takes over and putsthe box into production.Puppets auto certificate signingAllows you to automatically sign anycertificate from a given domainExposes a vulnerability becauseanyone can now connect and have acert signedWorking around auto­signing:We decided to seed a pre­signedcertificate into the templates. Ran intoa couple of issues though... /etc/puppet/puppet.conf on the client:
  • 3. [gn] aet .. . crnm =cmue0 etae opt01 nd_ae=fce oenm atr nd_aefc =fd oenm_at qn The n d _ a e o e n m  and n d _ a e f c  settings oenm_at were necessary because the Puppet client thought its node name was "compute001". Had to modify /etc/puppet/auth.conf on the Puppet master. Details about why and what to change found in issue 2128: #alwndst rtiv teronctlg lo oe o eree hi w aao #(etercniuain i hi ofgrto) #ah~^ctlg(^]) pt /aao/[/+$ #ehdfn mto id #lo $ alw 1 #Ti cag alw u t ueacmo hs hne los s o s omn #criiaears mlil nds etfct cos utpe oe. pt ~/aao/+ ah ctlg. alw* loEnable Puppet to run as soon as
  • 4. the box starts:Turn off splay!chkconfig Puppet on!Passing a $ : o e : r l  (and other facts)to Puppet.We use CloudStacks user­data tostore key=value pairs (up to 2KB) thatget loaded into facts on the clientCode to load user­data into facts isavailable on Github.Implementing $ : o e : r l  on thePuppet side.
  • 5. Everyone is a default node. We donthave to worry about adding nodes tosite.pp, conforming to a host namingconvention, or adding meta­data to anENC. Our simplified* site.pp: ipr ae mot bs nd dfut{ oe eal icuebs nld ae } *Irrelevant stuff omitted for clarity Excerpts from base.pp: casbs { ls ae .. . #Icue ta apyt almcie nlds ht pl o l ahns
  • 6. .. . #rl-pcfcicue oeseii nlds cs $:oe{ ae :rl oeoe:{ smrl icuesmrl nld oeoe } terl { ohroe: icueohroe nld terl } } }What about $ : n i o m n ? Dont :evrnetforget dev/qa/staging nodes!You can pass the environment thesame way we set $::role, by addinganother key/value pair to the user­data. There is a catch though...It is impossible to know during theplugin­sync stage what environment anode belongs to.
  • 7. The node will default to whateversspecified in puppet.conf (or toproduction if not specified).When is this a problem?When testing new facts/modules.Shifting gears...Lets talk aboutcleanup!You are using stored configurations toautomatically add nodes to Nagios(right?)But now were working in the cloud.So we destory/terminate that
  • 8. instance...And your phone is blowing up withNagios alertsCompare hosts in Puppets DB vs.hosts running in the cloud, removingany hosts from DB that are no longerrunning in the cloud.Removing from Puppets DB:Old way:puppetstoredconfigclean.rb <hostname>New way:puppet node clean <hostname>A script to callpuppetstoredconfigclean.rb based on
  • 9. whats running in a CloudStack cloudcan be found on github.That removed it from puppets DB.What about actually cleaning up theNagios host?I have another script that connects topuppets DB and removes any hostconfigurations from the nagios serverthat arent in the DB.There is a better way...(I just haventplayed with it yet)."puppet node clean" has an option toun­export any exported resources.Un­export the resources and let them
  • 10. clean themselves up!This presentation is available at:https://github.com/jasonhancock/presentation

×