2. Hello
• Craig Dunn
• Puppet user since 2008
• Previously worked for Puppet Labs
• Founder of Enviatics
• IT automation engineer and trainer
• Based in Spain but work anywhere
Friday, 11 April 14
3. My talk
• Avoiding pain
• Writing good modules
• Challenges of codebase design
• Roles / Profiles
Friday, 11 April 14
13. Danger Signs
• Resources being declared in two modules
• You don’t know where your
implementation “fits”
• Lot’s of logic at a node level
• Repetition and duplication
• The if statement is your go-to-guy
Friday, 11 April 14
17. Catastrophic Signs
ensure_resource(‘package’,‘httpd’,{‘ensure’
=> ‘installed’})
if function_defined_with_params(["#{type}[#{item}]", params])
Puppet.debug("Resource #{type}[#{item}] not created because it already exists")
else
Puppet::Parser::Functions.function(:create_resources)
function_create_resources([type.capitalize, { item => params }])
end
Friday, 11 April 14
18. World ending signs
• You use parser=future in production
• You aren’t regretting it yet
• You then implemented order=manifest
Friday, 11 April 14
20. Stop thinking about
what it looks like
• Break everything down into components
• Granularity is the key
• Think about what it actually is
Friday, 11 April 14
32. You are gonna share
your s**t aren’t you?
Friday, 11 April 14
33. Sharing is not just
pull requests
• Share your ideas in blog posts
• What worked? What didn’t?
• Discuss and collaborate on mailing lists
• IRC
Friday, 11 April 14
34. Making sharing easier
• Data separation (Hiera)
• Allow the user flexibility of implementation
Friday, 11 April 14
35. defaults params pattern
• Use a parameterized class
• Default from an inherited class
• Allow the user to decide implementation
Friday, 11 April 14
37. defaults pattern
class apache {
$packagename=‘httpd’
$docroot=’/var/www’
$listenaddr=‘10.0.1.12’
$servername=‘myweb.foo.com’
package { $packagename:
ensure => installed,
}
.....
In-module
private data
No way to override
Friday, 11 April 14
50. Node-level logic
• Risks duplication and repetition
• No guarantee of consistency
• Pseudo nodes and inheritance trees will get
messy, fast.
• TMI!
Friday, 11 April 14
51. Thinking beyond the
module....
• Puppet is a code base
• You need an effective framework
• Gluing everything together
Friday, 11 April 14
53. Profiles
• Wrapper classes implementing component
modules
• Define a logical technology stack
• But just one!
Friday, 11 April 14
54. Profiles
class profile::blog {
User <| group == ‘webadmins’ |>
class { ‘::mysql::server’: }
class { ‘::mysql::bindings’:
php_enable => true,
}
class { ‘::wordpress’:
install_dir => ‘/var/www/wp’,
}
}
Friday, 11 April 14
55. Profiles
• Component modules manage the resources
• Profiles provide a layer of implementation
Friday, 11 April 14
59. Lessons learned
• Granularity is good
• Don’t assume business logic will directly
translate to technology
• Abstraction is awesome.... but that’s
nothing new....
Friday, 11 April 14
60. Abstraction is a core
principle of coding
• Implementation is abstracted by methods
• Methods abstracted by classes and modules
• They are abstracted with libraries
• Puppet is code!
Friday, 11 April 14
61. Puppet is all about
abstraction
• Providers are abstracted by types
• Resources are abstracted by classes
• Classes are abstracted by modules
Friday, 11 April 14
62. Puppet is all about
abstraction
• Providers are abstracted by types
• Resources are abstracted by classes
• Classes are abstracted by modules
•Modules are abstracted by profiles
Friday, 11 April 14
63. Focussing on
Abstraction
• We’ve turned business logic into a
technology stack
• Can we translate that back into business
logic?
• Why would we even want to do that?
Friday, 11 April 14
64. Introducing roles
• Translate to business logic
• Identify the function of a server in human
terms
• We never said business logic was a bad
thing
Friday, 11 April 14
66. Think about the users
Meet John, Susan and Bill.
Friday, 11 April 14
67. John is a Sysadmin
• Wants to ensure all servers have kernel
hardening, NTP and SSH Server installed
• Wants to manage what packages, services,
files and other resources
• Is responsible for maintaining all the
components of a any type of server
Friday, 11 April 14
68. Susan is an application
specialist
• Cares that a the node has Wordpress and
MySQL implemented properly
• She probably doesn’t care about how
sudoers is configured
Friday, 11 April 14
69. Bill is an IT manager
• Bill cares that the server is an ACME App
server
• He probably doesn’t understand what
sudoers is
Friday, 11 April 14
70. What do they care
about?
• John cares about modelling all resources
• Susan cares about the technology stack
• Bill cares about the business logic
Friday, 11 April 14
71. In Puppet
• Resource modelling is done in component
modules
• The technology stack is defined in profiles
• Where do we represent the business logic
for Bill?
Friday, 11 April 14
72. Roles
• Represent business logic, not technology
• Define a set of technology stacks (profiles)
that make up the logical role
• Allow the business to manage how the
infrastructure looks without defining
what it is
Friday, 11 April 14
73. A node can only have
one role
• A role can include as many profiles as
required to define itself
• If a node requires two roles, it has by
definition become a new role
Friday, 11 April 14
74. A node can only have
one role
• A role can include as many profiles as
required to define itself
• If a node requires two roles, it has by
definition become a new role
• Something couldn’t be a lion and a
kangaroo at the same time!
Friday, 11 April 14
81. Role classes
class role::acme {
include profiles::security
include profiles::users
include profiles::networking
include profiles::blog
}
This is a “acme” server
Friday, 11 April 14
82. Terminology
• Profiles and Roles are Puppet modules
• They are not special
• Everything is a module
Friday, 11 April 14
83. Classification
• Assigning classes to a node
• You can classify within Puppet code
(site.pp)
• You can use an External Node Classifier
(ENC)
Friday, 11 April 14
84. Classification
• You can classify your nodes however you
want
• Puppet Dashboard
• Enterprise Console
• Foreman
• Site.pp
• Custom script
Friday, 11 April 14
91. Data Separation
• Use parameterized classes
• Hiera data bindings
• Component modules and profiles can look
up data from Hiera
• Roles should NOT
Friday, 11 April 14
92. Roles and Profiles
for DevOps
• Full props to Laurent Bernaille from D2SI
• Achieving Continuous Delivery and Devops
with Puppet
• Puppet Camp Paris, 2014.
Friday, 11 April 14
93. Roles and Profiles
for DevOps
• Using roles and profiles makes it easier for
developers and ops to all collaborate on
Puppet
• Developers write profiles for the their apps
• Ops write profiles for their infrastructure
• Roles encompass all of them
Friday, 11 April 14
96. Key benefits
• Reduced node-level logic to a role.
• Gain the ability to be flexible with
implementation
• Business logic improves managability by
non-Puppet users
• Edge cases are now easy to solve
Friday, 11 April 14
98. This is not the way to
design Puppet... It’s a
way.
Friday, 11 April 14
99. Can I implement this
design without roles?
Friday, 11 April 14
100. Can I implement this
design without roles?
• Yes.
• You lose the layer of abstraction that
exposes business logic
Friday, 11 April 14
101. Can my roles be
defined in my ENC?
Friday, 11 April 14
102. Can my roles be
defined in my ENC?
• Yes.
• Keeping it in code makes it versionable
Friday, 11 April 14
103. Can’t I just use Hiera
to define profiles?
Friday, 11 April 14
104. Can’t I just use Hiera
to define profiles?
• Technically yes.
• You lose the flexibility to implement code
logic in profiles and it may become
restrictive
Friday, 11 April 14
108. The fundamental
concepts....
• Abstraction, abstraction, abstraction
• Decoupling business logic, implementation
and resource modelling.
• Separating data and code
Friday, 11 April 14
109. The fundamental
concepts....
• Abstraction, abstraction, abstraction
• Decoupling business logic, implementation
and resource modelling.
• Separating data and code
• Reducing node-level complexity
Friday, 11 April 14
111. Danke. Questions?
• Follow me at @crayfishX
• Bug me on Freenode: crayfishx
In memory of Giles Constant, who spent many nights debating Puppet design patterns with me over copious amounts of beer
and helped me on my journey of discovery learning how to implement Puppet properly. R.I.P
Friday, 11 April 14