Puppet camp europe 2011 hackability

Wireless • Any “BvB Hotspot...” network • New browser page • User: bvbhotspot Password: berlag33Friday, May 13, 2011

puppet labsFriday, May 13, 2011

Making Puppet More Hackable Luke Kanies luke@puppetlabs.comFriday, May 13, 2011

Question AuthorityFriday, May 13, 2011

Puppet LabsFriday, May 13, 2011

Puppet Labs • 40 employeesFriday, May 13, 2011

Puppet Labs • 40 employees • Fantastic investors and board membersFriday, May 13, 2011

Puppet Labs • 40 employees • Fantastic investors and board members • I’m still CEOFriday, May 13, 2011

Puppet 2.7Friday, May 13, 2011

Apache LicenseFriday, May 13, 2011

FacesFriday, May 13, 2011

Static CompilerFriday, May 13, 2011

Certiﬁcate APIFriday, May 13, 2011

Deterministic Ordering For otherwise unrelated resourcesFriday, May 13, 2011

Enhanced Graph ManagementFriday, May 13, 2011

Puppet EnterpriseFriday, May 13, 2011

Always based on full releasesFriday, May 13, 2011

Looking for PartnersFriday, May 13, 2011

PE 1.1 - 5/11 • MCollective • RHEL 4/5/6, SLES, SolarisFriday, May 13, 2011

PE 1.2 - 6/11 • Discovery • ProvisioningFriday, May 13, 2011

Q3 • Full Windows support • 2.7 base • Change Lifecycle ManagementFriday, May 13, 2011

Faces, Hackability, and MarketingFriday, May 13, 2011

Puppet is diﬀerent, but not in straightforward waysFriday, May 13, 2011

AwkwardFriday, May 13, 2011

I wanted to tell The Story of WhyFriday, May 13, 2011

A bit of history: CfengineFriday, May 13, 2011

I had no control • Stuckwith whatever application logic it shipped with • Core components were mandatoryFriday, May 13, 2011

Do Not Question • Why is this file here? • What requires this package? • What will happen if I change this file? • Do these classes conflict?Friday, May 13, 2011

Not ExtensibleFriday, May 13, 2011

“Puppet is Diﬀerent”Friday, May 13, 2011

Easily extensible, everywhere A quick count shows 10 kinds of extensibilityFriday, May 13, 2011

The Puppet world • Facts • Resources • Catalogs • Edges • EventsFriday, May 13, 2011

Questions can be asked of every artifact • Is this ﬁle being managed? • What happens if I restart this service? • Who requires this package? • Did my service restart? • Were there any failures?Friday, May 13, 2011

Data > Code • Caching • Validation • Implementation Independence • IntegrationFriday, May 13, 2011

"Exec[createrepo-PM-RHEL5-noarch]" The Graph Matters "Yumrepo[PM-RHEL5-x86_64]" "Package[postgresql-server]" "Postgres::Role[puppet]" "Package[thttpd]" "File[/var/www/thttpd/html/yum-PM-RHEL5-x86_64]" "File[/var/www/thttpd/html/yum-PM-RHEL5-noarch]" "Exec[rsync-rpmdir-PM-RHEL5-x86_64]" "Exec[rsync-rpmdir-PM-RHEL5-noarch]" "Exec[createrepo-PM-RHEL5-x86_64]" "Yumrepo[PM-RHEL5-noarch]"Friday, May 13, 2011

An Aside: The CompetitionFriday, May 13, 2011

AFAIK, Puppet is the only tool that provides: • A complete list of every resource managed in your entire infrastructure • A complete list of every dependency in your entire infrastructure • A complete list of every single change that’s ever happened in your entire infrastructure • With full run simulation and inspection ...all in a queryable, storable, cacheable wayFriday, May 13, 2011

Progress? •Declarative •Code runs on Cfengine client •Implicit •Imperative dependencies •Code runs on Chef client •Implicit dependencies •Declarative Puppet •Only data on clients, no code •Explicit dependenciesFriday, May 13, 2011

How do we talk about this? Market this?Friday, May 13, 2011

“Puppet is Model-Driven”Friday, May 13, 2011

Procedural Code Catalog Compile Apply ReportFriday, May 13, 2011

Model-driven Compile Apply Code Catalog Report It’s the artifacts that matterFriday, May 13, 2011

Policy CMDB Remedy Complian Compile Apply Code Catalog Report LDAP CMDB NagiosFriday, May 13, 2011

No one knows what ‘model driven’ meansFriday, May 13, 2011

“Puppet is hackable” Props to Nick FagerlandFriday, May 13, 2011

But it wasn’t really trueFriday, May 13, 2011

You could *program* it, but not hack it like a sysadmin wouldFriday, May 13, 2011

Really: Encapsulated, modular and data- drivenFriday, May 13, 2011

Unfortunately the applications hard-code our logic • Download plugins • Upload Facts • Download Catalog • Apply Catalog • Send ReportFriday, May 13, 2011

Other application world- views exist • Only update catalogs during maintenance windows • Push catalog updates • Send fact updates 10x as often as puppet runs • Combine multiple catalogs on the client side and run them together • Compile catalogs for hundreds of hosts and compare them • Manually view catalog diffs before deployingFriday, May 13, 2011

It doesn’t make sense to extend the core apps with this logicFriday, May 13, 2011

And doing it yourself is too hard with current toolsFriday, May 13, 2011

So we should expose everything and let you build what you wantFriday, May 13, 2011

Functions • Compiler • Transactions • Network • Indirector • Parser • RALFriday, May 13, 2011

Data • Facts • Catalog • Reports • Resource Types (AST and RAL) • Nodes • CertiﬁcatesFriday, May 13, 2011

InterfacesFriday, May 13, 2011

Puppet FacesFriday, May 13, 2011

A framework for exposing, combining, and extending core Puppet functions and data typesFriday, May 13, 2011

A collection of Faces that does this in Ruby and on the CLIFriday, May 13, 2011

Good: It directly exposes Puppet internals in a hackable wayFriday, May 13, 2011

Bad: It directly exposes Puppet internalsFriday, May 13, 2011

Examples • puppet catalog find <host> • puppet facts upload • puppet certificate sign <host> • puppet file find <sum>Friday, May 13, 2011

Easily extensible • puppet conﬁg info <name> • puppet catalog select <host> <type> • puppet ﬁle diff <sum> <sum> • puppet node clean <name> • puppet catalog diff <host> <host>Friday, May 13, 2011

What we’re working onFriday, May 13, 2011

Team and CommunityFriday, May 13, 2011

Flattening the on-rampFriday, May 13, 2011

Ad-hoc ToolingFriday, May 13, 2011

Cross-Node ApplicationsFriday, May 13, 2011

DatabasesFriday, May 13, 2011

Change LifecycleFriday, May 13, 2011

Questions?Friday, May 13, 2011

Puppet camp europe 2011 hackability

by Puppet Labs

Accessibility

Categories

Upload Details

Usage Rights

3 Embeds 8

Statistics

Puppet camp europe 2011 hackability Presentation Transcript

http://lanyrd.com	4
https://twitter.com	2
http://translate.googleusercontent.com	2