Luc Suryo - Puppet on EC2

Puppet in EC2An implementation By Luc Suryo February 8, 2011

About Me• An Unix and Operation guy since ’77• Been doing Linux since ’92• Been doing Puppet since Nov ’10 (pretty newbie)• contact luc@suryo.com• Works at http://friend.ly

Goal• Able to launch and maintain an instance with minimal effort• Better and centralized change control

Choice• Puppet, it’s mature and past experience• Build and maintenance AMI with predeﬁnes and preinstalled software to minimize Puppet’s run time• Security using EC2 and allowing auto signing

AMI & Puppet• AMI has all software installed but not activated nor conﬁgured• Puppet controls what piece of software is activated and how it is to conﬁgured

Puppet Class the Idea• Each package is split into 4 parts• Software• Services• Control and Conﬁgure• Monitor (if applicable)

Class package• Make sure the software is installed• Does not deﬁne nor controls the service class ntp::package { $ntp_uid_gid = "ntp" case $operatingsystem { "centos" : { $packages_list = [ "ntp" ] } "ubuntu" : { $packages_list = [ "ntp", "ntpdate" ] } } package { $packages_list : ensure => "installed", } }

Class Service• Controls service, make sure the service is in the correct state class ntp::service { service { "ntp::service" : name => $operatingsystem ? { "centos" => "ntpd", "ubuntu" => "ntp", }, enable => "true", ensure => "running", } }

Control and Configure • Controls, restart • Configures, configures files define ntp::ntp_conf ( $network = , $ntpservers ) { file { "/etc/ntp.conf" : mode => 0444, owner => root, group => root, content => template ("ntp/etc/ntp.conf.erb"), } } define ntp::restart () { Exec { logoutput => "on_failure", path => [ "/bin", "/usr/bin", "/sbin", "/usr/sbin", "/usr/local/bin", "/usr/local/sbin" ], } exec { "ntp_restart" : command => $operatingsystem ? { "centos" => "/etc/init.d/ntpd restart", "ubuntu" => "/etc/init.d/ntp restart", }, subscribe => File [ "/etc/ntp.conf" ], refreshonly => "true", } }

Monitor • Nagios or/and Munin to monitor serviceclass ntp::munin { enable_munin_plugin { [ “ntp_kernel_err”, “ntp_kernel_pll_freq”, “ ntp_kernel_pll_off”,“ntp_offset” ] : }}class ntp::nagios { enable_nagios_service { “ntp” : }}

class fly::ntp { include ntp::package include ntp::munin include ntp::nagios case $hostname { # NTP Server "puppet", : { $ntpservers => "us.pool.ntp.org" } # NTP Client default : { $ntpservers => [ "10.168.101.111" ] } } ntp::ntp_conf { "fly-ntp" : $ntpservers => $ntpservers } case $hostname { "base" : { service { "ntp" : name => $operatingsystem ? { "centos" => "ntpd", "ubuntu" => "ntp", }, enable => "false", ensure => "stopped", } } default : { include ntp::service ntp::restart { "fly-ntp" : } } }}

• Know and accepted issues and risk• = package update ; amount and time• Always can be improved... and thanks for coming

http://puppetlabs.com	2963
http://www.puppetlabs.com	1008
http://puppetlabs.iron-point.com	18
http://puppetdev.iron-point.com	1
http://translate.googleusercontent.com	1
http://192.168.1.100	1

Luc Suryo - Puppet on EC2

by Puppet Labs on Feb 14, 2011

Accessibility

Categories

Tags

Upload Details

Usage Rights

6 Embeds 3,992

Statistics

Luc Suryo - Puppet on EC2 — Presentation Transcript