Integrating cloud stack with puppet
Upcoming SlideShare
Loading in...5
×
 

Integrating cloud stack with puppet

on

  • 2,884 views

 

Statistics

Views

Total Views
2,884
Views on SlideShare
2,874
Embed Views
10

Actions

Likes
0
Downloads
34
Comments
0

2 Embeds 10

http://puppetlabs.com 9
https://puppetlabs.com 1

Accessibility

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Integrating cloud stack with puppet Integrating cloud stack with puppet Document Transcript

  • Your browser doesnt support the features required by impress.js, so you are presented with a simplifiedversion of this presentation.For the best experience please use the latest Chrome or Safari browser. Firefox 10 (to be released soon) willalso handle it. Integrating CloudStack With Puppet Jason Hancock jsnbyh@gmail.com @jsnby http://geek.jasonhancock.com May 2012Goals:Do NOT use Puppets auto­signingfeatureInstances receive all config via PuppetMinimize the number of CloudStacktemplatesNo manual intervention
  • Translation:Make one API call to launch the VM,the automation takes over and putsthe box into production.Puppets auto certificate signingAllows you to automatically sign anycertificate from a given domainExposes a vulnerability becauseanyone can now connect and have acert signedWorking around auto­signing:We decided to seed a pre­signedcertificate into the templates. Ran intoa couple of issues though... /etc/puppet/puppet.conf on the client:
  • [gn] aet .. . crnm =cmue0 etae opt01 nd_ae=fce oenm atr nd_aefc =fd oenm_at qn The n d _ a e o e n m  and n d _ a e f c  settings oenm_at were necessary because the Puppet client thought its node name was "compute001". Had to modify /etc/puppet/auth.conf on the Puppet master. Details about why and what to change found in issue 2128: #alwndst rtiv teronctlg lo oe o eree hi w aao #(etercniuain i hi ofgrto) #ah~^ctlg(^]) pt /aao/[/+$ #ehdfn mto id #lo $ alw 1 #Ti cag alw u t ueacmo hs hne los s o s omn #criiaears mlil nds etfct cos utpe oe. pt ~/aao/+ ah ctlg. alw* loEnable Puppet to run as soon as
  • the box starts:Turn off splay!chkconfig Puppet on!Passing a $ : o e : r l  (and other facts)to Puppet.We use CloudStacks user­data tostore key=value pairs (up to 2KB) thatget loaded into facts on the clientCode to load user­data into facts isavailable on Github.Implementing $ : o e : r l  on thePuppet side.
  • Everyone is a default node. We donthave to worry about adding nodes tosite.pp, conforming to a host namingconvention, or adding meta­data to anENC. Our simplified* site.pp: ipr ae mot bs nd dfut{ oe eal icuebs nld ae } *Irrelevant stuff omitted for clarity Excerpts from base.pp: casbs { ls ae .. . #Icue ta apyt almcie nlds ht pl o l ahns
  • .. . #rl-pcfcicue oeseii nlds cs $:oe{ ae :rl oeoe:{ smrl icuesmrl nld oeoe } terl { ohroe: icueohroe nld terl } } }What about $ : n i o m n ? Dont :evrnetforget dev/qa/staging nodes!You can pass the environment thesame way we set $::role, by addinganother key/value pair to the user­data. There is a catch though...It is impossible to know during theplugin­sync stage what environment anode belongs to.
  • The node will default to whateversspecified in puppet.conf (or toproduction if not specified).When is this a problem?When testing new facts/modules.Shifting gears...Lets talk aboutcleanup!You are using stored configurations toautomatically add nodes to Nagios(right?)But now were working in the cloud.So we destory/terminate that
  • instance...And your phone is blowing up withNagios alertsCompare hosts in Puppets DB vs.hosts running in the cloud, removingany hosts from DB that are no longerrunning in the cloud.Removing from Puppets DB:Old way:puppetstoredconfigclean.rb <hostname>New way:puppet node clean <hostname>A script to callpuppetstoredconfigclean.rb based on
  • whats running in a CloudStack cloudcan be found on github.That removed it from puppets DB.What about actually cleaning up theNagios host?I have another script that connects topuppets DB and removes any hostconfigurations from the nagios serverthat arent in the DB.There is a better way...(I just haventplayed with it yet)."puppet node clean" has an option toun­export any exported resources.Un­export the resources and let them
  • clean themselves up!This presentation is available at:https://github.com/jasonhancock/presentation