Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code
•Download as PPTX, PDF•
1 like•742 views
And
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code
Similar to Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code (20)
More from Puppet
More from Puppet (20)
Recently uploaded
Recently uploaded (20)
Puppet Camp Seattle 2014: Puppet: Cloud Infrastructure as Code
- 1. Cloud Infrastructure as Code Andrew Parker Puppet Labs @aparker42
- 2. In 1889
- 6. Eureka !
- 8. Herman, grows a Mustache
- 10. Automation makes IT better!
- 22. Puppet A language and infrastructure
- 23. Puppet Resources • Describes the desired configuration state of individual elements of the system being managed user { 'henrik': # A user named 'henrik' ensure => present, # should exist shell => '/bin/bash' # with this shell }
- 24. Puppet Resources package{ 'apache2': # A packaged named 'apache2' ensure => present # should be installed }
- 25. Puppet Language • The Puppet Language has constructs to – compose sets of resources into classes – define order of operations on resources – define custom resources
- 26. Common Pattern; Package, File, Service class webserver { package{ 'apache2': ensure => present } file { '/etc/apache2/apache2.conf': content => template('apache2/apache2.erb'), require => Package['apache2'] } service { 'apache2': ensure => running, subscribe => File['/etc/apache2/apache2.conf'] } }
- 27. Presto – a Web Server • Now we can build a webserver with this: node kermit.example.com { include webserver }
- 28. Infra == Code == Text
- 29. Infra == Code == Text
- 30. Infra == Code == Text
- 32. Cloud Infrastructure (as Code)
- 33. Turtles All The Way Down
- 34. Turtles All The Way Down Cloud
- 35. Google Compute Engine • Express infrastructure as – VM Instances – Networks – Firewalls – Disks
- 36. Build your own? puppet module install puppetlabs-gce_compute
- 37. A Disk gce_disk { 'mydisk': ensure => present, size_gb => '2' }
- 38. A Network gce_network { 'mynetwork': ensure => present, gateway => '10.0.1.1', range => '10.0.1.0/24' }
- 39. An Instance gce_instance { 'myinstance': ensure => present, zone => 'us-central1-a', machine => 'n1-standard-1', image => "${images}/ubuntu-12-04-v20120621" }
- 40. New Pattern; Network, Firewall, (Disk), Instance class app_stack { gce_network { 'appnet': ensure => present, range => '10.0.1.0/24' } -> gce_firewall { 'webhttp': ensure => present, allow => 'tcp:80', network => 'appnet' } -> gce_instance { 'server1': ensure => present, network => 'appnet' } }
- 41. Turtles All The Way Down Application Cloud
- 42. Modules & Classes gce_instance { 'myinstance': ensure => present, . . . modules => [ 'puppetlabs-mysql', 'martasd/mediawiki', . . . ], enc_classes => { mediawiki => {server_name => "$gce_external_ip"} } }
- 43. Turtles All The Way Down Puppet Cloud
- 44. Setting up a master gce_instance { 'pe-master': ensure => present, . . . startupscript => ‘puppet-enterprise.sh’, metadata => { ‘pe_role’ => ‘master’, ‘pe_version’ => ‘3.6.1’ } } gce_instance { ‘agent-1’: ensure => present, . . . startupscript => ‘puppet-enterprise.sh’, metadata => { ‘pe_role’ => ‘agent’, ‘pe_version’ => ‘3.6.1’, ‘pe_master’ => ‘pe-master’ } }
- 45. Turtles All The Way Down Application Puppet Cloud
- 46. Security 90s Style Master Agent Agent
- 47. Autosign # Whether (and how) to autosign certificate requests. # This setting # is only relevant on a puppet master acting as a # certificate authority (CA). # # Valid values are true (autosigns all certificate # requests; not recommended), # false (disables autosigning certificates), or the # absolute path to a file. [master] autosign = true
- 48. Autosign # Whether (and how) to autosign certificate requests. # This setting # is only relevant on a puppet master acting as a # certificate authority (CA). # # Valid values are true (autosigns all certificate # requests; not recommended), # false (disables autosigning certificates), or the # absolute path to a file. [master] autosign = $confdir/autosign.conf
- 49. Autosign # Whether (and how) to autosign certificate requests. # This setting # is only relevant on a puppet master acting as a # certificate authority (CA). # # Valid values are true (autosigns all certificate # requests; not recommended), # false (disables autosigning certificates), or the # absolute path to a file. [master] autosign = $confdir/my_autosign trusted_node_data = true [agent] csr_attributes = $confdir/csr_attributes.yaml
- 50. Autosign # Produce attributes for the csr based on instance metadata MD="http://metadata/computeMetadata/v1/instance" INSTANCE=$(curl -fs -H "Metadata-Flavor: Google" $MD/zone) NAME=$(curl -fs -H "Metadata-Flavor: Google" $MD/attributes/puppet_instancename) UUID=$(curl -fs -H "Metadata-Flavor: Google" $MD/id) cat > $PUPPET_DIR/csr_attributes.yaml <<END
- 51. Autosign # Produce attributes for the csr based on instance metadata MD="http://metadata/computeMetadata/v1/instance" INSTANCE=$(curl -fs -H "Metadata-Flavor: Google" $MD/zone) NAME=$(curl -fs -H "Metadata-Flavor: Google" $MD/attributes/puppet_instancename) UUID=$(curl -fs -H "Metadata-Flavor: Google" $MD/id) cat > $PUPPET_DIR/csr_attributes.yaml <<END
- 52. Trust your data Master Agent CSR Certificate Facts/Certificate Catalog
- 53. Why do this? • How fast can you change? • How frequent? • At what cost? • What is your level of automation?
- 54. So what became of Herman Hollerith?
- 56. So what became of Herman Hollerith?
- 57. So what became of Herman Hollerith?
- 58. Questions ?
- 59. Puppetize!
Editor's Notes
- Like to take you back – before Cloud, and to a time when Infrastructure meant Railroads. More precisely, I like to take you back to 1889.
- The first number of Wall Street Journal was published, and all business news thereafter was printed on pink paper. In April, only a few days apart, Charlie Chaplin, and Adolf Hitler were born. The Eiffel Tower was inaugurated and served as the entrance to the 1889 Paris World's Fair. Seattle Burned Down in the great fire and was rebuilt...on floor lower than the current street level. The Nintendo Company is formed, publishing HANA FUDA Playing Cards. Harry Nyquist is born 26 juni - I Norge införs 7-årig skolplikt. Det fastslås även att den norska folkskolan skall benämnas "folkeskole" och inte "allmueskole" 12 oktober - Gillis Bildt avgår som svensk statsminister och efterträds av Gustaf Åkerhielm.[3] Dette året utvandrer omkring 29 000 nordmenn til USA. Dette er det største antall utvandringer registrert i ett enkelt år
- But more specifically, lets start with Herman, on one specific morning in 1889. That morning when Herman woke up… he had not slept well as he was mulling on a problem. Every 10 years the United States performs a census enumerating the population. Herman's problem this morning was that United States Census office where Herman worked as a stati stic ian needed to do more with less. The census of 1880 had so many questions that it took about 8 years to count and publish the results from the 50 million population. And for the upcoming census there were going to be even more questions and the population had grown to 63 million (as they were about to find out). Estimates were that it would take 13 years to tabulate the data. ----- drop the rest 1889 – An Electric Tabulating System 1890 The United States decennial census (enumerating the population every 10 years) – the next is 2020
- This morning, Herman had a train to catch. It was incredibly busy. And Herman found it hard to concentrate.
- This man changed everything
- Herman was intrigued by the cuts made in his ticket – and he had an idea !
- And this is what Herman Invented – a card on which the answers to the census questions could be recorded by punching holes. Herman wasn’t the first to have the idea of punching holes into a card. It had been used for a long time to control looms and music players, but Herman had the novel idea of putting it to use for data. At this point we could go off on a long tangent of data as code and code as data....but let’s try to keep our eye on the prize. Herman realized that In order to punch the holes and then be able to read the answers – someone had to invent the machinery to do so, and then build and supply these machines. So what did Herman do?
- Considers a neck beard, but decides on a stylish mustache – now that he is about to start his own business building hardware…
- He named his invention "The tabulating machine". It was a huge success – the 1890 census was finished in under 1 year with far fewer staff – more than a 10x performance boost. So what has this got to do with Clouds-Infrastructure as Code ?
- The simple moral of the story is THAT WITH THE RIGHT TOOLS YOU CAN DO THINGS FASTER AND MORE ACCURATELY. Not only should you be automating IT, but also automating the making of the automation LETS FAST FORWARD
- Do you really build something like this manually ? You would be surprised to amount of companies that maintain infrastructure at this scale with technology where a Tabulating Machine would be high tech! (I am told this picture is from Google)
- This is also google – we can only guess at the level of automation
- Or how long it takes to get anything deployed – or improved in this infrastructure.
- Maybe your manually hacked system infrastructure isn't as bad as this? Imagine what it looks like on the inside – is this a secure system? So what are you going to do?
- LETS MOVE TO THE CLOUD ! Now you have a new set of problems. Just because you can't see the wiring and the boxes does not mean that the complexities went away. ALL THOSE CABLES ARE NOW INSTRUCTIONS TO A COMPUTER – OUR INFRASTRUCTURE HAS BECOME CODE ! Now your infrastructure only exists because you provided instructions to a computer.
- Code is naturally something we write down so we don't forget – so we can follow the instructions later… On velum of course
- Everyone in IT is known for their penmanship and writing skills.
- And sometimes people collaborate and integrate all their favorite scripts.
- nhaggggghhhhhhhh uuuuhhhhhhhh As everyone can see, this cat is suffering from a complexity overdose.
- COMPLEXITY OVERDOSE….
- Let’s start over How would (or should) you do this now?
- THE BEST PRACTICES FROM SOFTWARE DEVELOPMENT version control review of changes
- THE BEST PRACTICES FROM SOFTWARE DEVELOPMENT testing
- THE BEST PRACTICES FROM SOFTWARE DEVELOPMENT build tools artifacts
- Wait a second...back up! I started out with the promise of getting away from all of those cables and other hardware into the promised land of the cloud. What does that have to do with files and packages and web servers? Let’s think about it a little. What is the cloud?
- Let’s think about it a little. What is the cloud? Ok, that question may be unanswerable. Let’s stick to something more concrete. What is EC2 or GCE? They are APIs to create resources. And we have resources that hold other resources!
- So let’s start at the bottom of this stack. At the layer we’ll call “Cloud”...because well, that is what we are talking about.
- The GCE module is really well documented, so I won’t rehash everything here.
- The next level up is what we are going to do on those instances. There are two ways we can approach this. Mastered or masterless. Let’s take a look at masterless first.
- This will make sure that we have an instance, it will install puppet, those modules, and then apply those classes. If that is all that we wanted to do, then we would be done. However life isn’t often that simple and we need some more central control, or there is information that we can’t put on every instance (for security purposes).
- Lets take a different path this time. Instead of going straight for software on the instance, let’s setup a management infrastructure. The GCE module makes this pretty easy since it has some scripts built into it to install puppet agents and puppet master (open source as well as PE).
- The GCE module makes this pretty easy since it has some scripts built into it to install puppet agents and puppet master (open source as well as PE).
- Once you have your puppet master infrastructure all set up, you can now start controlling those GCE instances by deploying manifests to your master and using the PE classifier to classify your nodes (instances).
- 1890s that is. Look, this software is written in portland. They really are living the dream of the 90s. What’s the situation? Well, say you are like a lot of organizations and you have part of your infrastructure out in the cloud and part of it in datacenters you control. So how do you handle this?
- This will make sure that we have an instance, it will install puppet, those modules, and then apply those classes. If that is all that we wanted to do, then we would be done. However life isn’t often that simple and we need some more central control, or there is information that we can’t put on every instance (for security purposes).
- This will make sure that we have an instance, it will install puppet, those modules, and then apply those classes. If that is all that we wanted to do, then we would be done. However life isn’t often that simple and we need some more central control, or there is information that we can’t put on every instance (for security purposes).
- This will make sure that we have an instance, it will install puppet, those modules, and then apply those classes. If that is all that we wanted to do, then we would be done. However life isn’t often that simple and we need some more central control, or there is information that we can’t put on every instance (for security purposes).
- This is cribbed from the gce_compute module. It has this built in, but you can built out your own based on how this works. The basic idea is that there is a source of truth that you can trust. By passing through some known information the master can now know that it is communicating with one of your real instances and can automatically let it into the system!
- This is cribbed from the gce_compute module. It has this built in, but you can built out your own based on how this works. The basic idea is that there is a source of truth that you can trust. By passing through some known information the master can now know that it is communicating with one of your real instances and can automatically let it into the system! Custom attributes are only part of the certificate request. Extension requests will be preserved as part of the signed certificate.
- This is cribbed from the gce_compute module. It has this built in, but you can built out your own based on how this works. The basic idea is that there is a source of truth that you can trust. By passing through some known information the master can now know that it is communicating with one of your real instances and can automatically let it into the system!
- Why did Herman start making his machines? Because he needed to keep up with the change in his country. Automation got him there.
- People didn’t like that there were only 63 million people. They wanted it to be 65 million. The New York Herald: SLIPSHOD WORK HAS SPOILED THE CENSUS MISMANAGEMENT THE RULE The number was right. And his machines were used for the next 2 censuses and in various other countries around the world.
- Eventually his company started to merge with competitors.
- That company eventually became known as “Business International Machines”....no....”International Business Machines”
- … AND BECAME A HIPSTER!