SlideShare a Scribd company logo

De-centralise and conquer: Masterless Puppet in a dynamic environment

Sam Bashton
Sam Bashton

A talk by Sam Bashton, Bashton Ltd, presented at PuppetCamp London 2013. How we use Puppet within Amazon Web Services http://www.bashton.com/

Technology
1 of 38
Download to read offline
De-centralise and Conquer Masterless Puppet in a Dynamic Environment Sam Bashton, Bashton Ltd
Who am I? ● Linux guy since Slackware, floppy disks and root + boot ● Using Puppet since 2007 ● Run a company Manchester, North West England
Our Environments ● We provide outsourced ops for other companies ● High traffic environments ● Most are now on Amazon Web Services ● #1 reason for moving to AWS? The ability to scale on demand
Server instances, single day
How we use Puppet ● No Puppetmaster ● Puppet manifests and modules distributed to all machines
What's wrong with standard Puppet? ● Pets vs Cattle ● Standard Puppet configuration assumes that servers are pets, not cattle
What's wrong with standard Puppet? ● Standard Puppetmaster/Puppet Client configuration makes assumptions about environments ○ Machine creation is a manual operation ■ Sign certs ○ No in-built mechanism to automatically clean up old machines
What's wrong with standard Puppet? ● Puppetmaster is a single point of failure ● When servers are pets, this isn't too much of a problem ○ Existing servers continue to work, but not any updates
What's wrong with standard Puppet? ● When servers are auto-scaling cattle, new instances can appear at any time ● New instances require config to become operational ● Configuration requires Puppet
What's wrong with standard Puppet? ● Our environments span multiple data centres ('availability zones') ● Imagine a data centre fails ● New instances get auto-provisioned to replace missing capacity ● But these instances need the Puppetmaster ● ..which was in the failed AZ
What's wrong with standard Puppet? ● Resource contention ● Even when Puppetmaster isn't in the failed zone, multiple concurrent connections slow things down
What's wrong with standard Puppet? ● None of these problems are insurmountable ● We could have configured a Puppetmaster a cluster of Puppetmasters for our needs ○ With autosign ○ and some sort of certificate distribution mechanism ○ uuid certificate names ○ And a mechanism for cleaning up old machines
Meanwhile, on the other side of the room... ● Another team was evaluating Pulp ● Provides yum repository management ● To be used for managing security updates and deploying application code http://pulpproject.org/
Pulp ● Allows cloning of repos, copying packages between repos ● Allows us to push packages to clients ○ Uses qpid message queue ● Has 'content distribution servers' for easy replication + clustering
How we deploy code ● Everything managed via the Jenkins continuous integration server ● Jenkins uses Pulp to install code on remote machines
How we deploy code ● Jenkins fetches code from source control (git) ● An RPM is built ● Tests are run ● The RPM is added to the relevant Pulp repository ● RPM installed on the target machine(s)
How we deploy code ● Jenkins also manages deployment lifecycle ● 'Promoted Builds' plugin used to install previously built RPMs on staging ● Promoted Builds plugin then used to install the same RPMs on live once testing is complete
Deploying configuration as code ● Idea: Why not just build an RPM of our Puppet manifests + modules? ● Have puppet apply as part of the % postinst
Deploying configuration as code ● Allowed us to reuse our existing code deployment infrastructure ● Manage configuration deployment from Jenkins
How we deploy configuration ● Puppet manifests and modules are checked into git ● Jenkins builds configuration into an RPM ● Jenkins promoted builds plugin applies the updates to environments via Pulp
Our system architecture ● Quite AWS specific ● Concepts could be applied to other clouds ○ Once they catch up in terms of toolsets..
Separation of Roles ● CloudFormation - defines infrastructure ● Puppet manages configuration ● Pulp manages package versions ○ Pulp in turn managed via Jenkins for custom repos
Instance Provisioning ● Minimal images used ● cloud-init the only addition beyond standard CentOS install ● cloud-init allows us to specify script to be run at boot
Puppet bootstrap ● cloud-init script adds local Puppet yum repo and installs the Puppet configuration RPM ● Installing the RPM installs Puppet and applies the configuration
Machine metadata ● cloud-init also sets some variables in /etc/environment ● $HOST_TYPE - the type of machine this is, eg web, cache
Machine metadata ● Also set facts to be used by facter, eg RDS database hostname ○ Values from CloudFormation ● $FACTER_DBHOST set via cloud-init too, eg /root/.my.cnf
Defining machine roles ● For each machine type there is a manifest /etc/puppet/manifests/$HOST_TYPE.pp ● This file looks something like this: node default { import global ... }
Building the RPM ● Puppet manifests and modules are all packed into an RPM ● Owner set to root, mode 600 ● %postinst creates an at job set for now + 1 minute to run puppet apply
Deploying configuration
Free wins!
Free wins ● Greater control over the timing of Puppet runs ● Improved visibility - for ops and devs ● Configuration changes now have to be deployed to testing/staging first
More free wins ● Puppet configs now have a version ● Easy to find config version on the machine itself ● Config changelogs accessible on every machine ○ (Git changelog added to RPM)
Cheap wins
Cheap wins ● Jenkins performs syntax checks with puppet parser validate ● Jenkins also runs puppet-lint on manifests
Cheap wins ● Config change required for new code? ○ Make the Puppet RPM version a dependency
The downsides ● Puppet manifests and modules on all machines ○ Potentially a security issue? ● No reporting*
Alternative implementations ● Don't want to use Pulp? ● Could do basically the same thing with yum s3 plugin https://github.com/jbraeuer/yum-s3-plugin
Questions? Comments? Sam Bashton sam@bashton.com Twitter: @bashtoni

Recommended

Continuously-Integrated Puppet in a Dynamic Environment
Continuously-Integrated Puppet in a Dynamic EnvironmentContinuously-Integrated Puppet in a Dynamic Environment
Continuously-Integrated Puppet in a Dynamic EnvironmentPuppet
 
Masterless puppet
Masterless puppetMasterless puppet
Masterless puppetJesus Nunez
 
PuppetCamp Sydney 2012 - Building a Multimaster Environment
PuppetCamp Sydney 2012 - Building a Multimaster EnvironmentPuppetCamp Sydney 2012 - Building a Multimaster Environment
PuppetCamp Sydney 2012 - Building a Multimaster EnvironmentGreg Cockburn
 
Experiences from Running Masterless Puppet - PuppetConf 2014
Experiences from Running Masterless Puppet - PuppetConf 2014Experiences from Running Masterless Puppet - PuppetConf 2014
Experiences from Running Masterless Puppet - PuppetConf 2014Puppet
 
Running at Scale: Practical Performance Tuning with Puppet - PuppetConf 2013
Running at Scale: Practical Performance Tuning with Puppet - PuppetConf 2013Running at Scale: Practical Performance Tuning with Puppet - PuppetConf 2013
Running at Scale: Practical Performance Tuning with Puppet - PuppetConf 2013Puppet
 
Puppet Camp LA 2015: Server Management with Puppet on AWS for a fast-growing ...
Puppet Camp LA 2015: Server Management with Puppet on AWS for a fast-growing ...Puppet Camp LA 2015: Server Management with Puppet on AWS for a fast-growing ...
Puppet Camp LA 2015: Server Management with Puppet on AWS for a fast-growing ...Puppet
 
Foreman in Your Data Center :OSDC 2015
Foreman in Your Data Center :OSDC 2015Foreman in Your Data Center :OSDC 2015
Foreman in Your Data Center :OSDC 2015Stephen Benjamin
 
High availability for puppet - 2016
High availability for puppet - 2016High availability for puppet - 2016
High availability for puppet - 2016Zack Smith
 

Recommended

Continuously-Integrated Puppet in a Dynamic Environment
Continuously-Integrated Puppet in a Dynamic EnvironmentContinuously-Integrated Puppet in a Dynamic Environment
Continuously-Integrated Puppet in a Dynamic EnvironmentPuppet
 
Masterless puppet
Masterless puppetMasterless puppet
Masterless puppetJesus Nunez
 
PuppetCamp Sydney 2012 - Building a Multimaster Environment
PuppetCamp Sydney 2012 - Building a Multimaster EnvironmentPuppetCamp Sydney 2012 - Building a Multimaster Environment
PuppetCamp Sydney 2012 - Building a Multimaster EnvironmentGreg Cockburn
 
Experiences from Running Masterless Puppet - PuppetConf 2014
Experiences from Running Masterless Puppet - PuppetConf 2014Experiences from Running Masterless Puppet - PuppetConf 2014
Experiences from Running Masterless Puppet - PuppetConf 2014Puppet
 
Running at Scale: Practical Performance Tuning with Puppet - PuppetConf 2013
Running at Scale: Practical Performance Tuning with Puppet - PuppetConf 2013Running at Scale: Practical Performance Tuning with Puppet - PuppetConf 2013
Running at Scale: Practical Performance Tuning with Puppet - PuppetConf 2013Puppet
 
Puppet Camp LA 2015: Server Management with Puppet on AWS for a fast-growing ...
Puppet Camp LA 2015: Server Management with Puppet on AWS for a fast-growing ...Puppet Camp LA 2015: Server Management with Puppet on AWS for a fast-growing ...
Puppet Camp LA 2015: Server Management with Puppet on AWS for a fast-growing ...Puppet
 
Foreman in Your Data Center :OSDC 2015
Foreman in Your Data Center :OSDC 2015Foreman in Your Data Center :OSDC 2015
Foreman in Your Data Center :OSDC 2015Stephen Benjamin
 
High availability for puppet - 2016
High availability for puppet - 2016High availability for puppet - 2016
High availability for puppet - 2016Zack Smith
 
Lifecycle Management with Foreman
Lifecycle Management with ForemanLifecycle Management with Foreman
Lifecycle Management with ForemanJulien Pivotto
 
Monitoring of OpenNebula installations
Monitoring of OpenNebula installationsMonitoring of OpenNebula installations
Monitoring of OpenNebula installationsNETWAYS
 
Puppet Camp Sydney 2015: Puppet and AWS is easy right.....?
Puppet Camp Sydney 2015: Puppet and AWS is easy right.....? Puppet Camp Sydney 2015: Puppet and AWS is easy right.....?
Puppet Camp Sydney 2015: Puppet and AWS is easy right.....? Puppet
 
OpenNebulaConf 2016 - LAB ONE - Vagrant running on OpenNebula? by Florian Heigl
OpenNebulaConf 2016 - LAB ONE - Vagrant running on OpenNebula? by Florian HeiglOpenNebulaConf 2016 - LAB ONE - Vagrant running on OpenNebula? by Florian Heigl
OpenNebulaConf 2016 - LAB ONE - Vagrant running on OpenNebula? by Florian HeiglOpenNebula Project
 
Puppet managed loadays
Puppet managed loadaysPuppet managed loadays
Puppet managed loadaysYankee Nemoy
 
OpenNebulaConf2018 - 5 Things We Wish We Knew Before Deploying OpenNebula in ...
OpenNebulaConf2018 - 5 Things We Wish We Knew Before Deploying OpenNebula in ...OpenNebulaConf2018 - 5 Things We Wish We Knew Before Deploying OpenNebula in ...
OpenNebulaConf2018 - 5 Things We Wish We Knew Before Deploying OpenNebula in ...OpenNebula Project
 
OpenNebula Conf 2014 | Lightning talk: OpenNebula at Etnetera by Jan Horacek
OpenNebula Conf 2014 | Lightning talk: OpenNebula at Etnetera by Jan HoracekOpenNebula Conf 2014 | Lightning talk: OpenNebula at Etnetera by Jan Horacek
OpenNebula Conf 2014 | Lightning talk: OpenNebula at Etnetera by Jan HoracekNETWAYS
 
Auto infra with_foreman_katello
Auto infra with_foreman_katelloAuto infra with_foreman_katello
Auto infra with_foreman_katelloSachin Ghai
 
Full Stack Automation with Katello & The Foreman
Full Stack Automation with Katello & The ForemanFull Stack Automation with Katello & The Foreman
Full Stack Automation with Katello & The ForemanWeston Bassler
 
Monitoring your VM's at Scale
Monitoring your VM's at ScaleMonitoring your VM's at Scale
Monitoring your VM's at ScaleKris Buytaert
 
OpenNebula 5.4 Hands-on Tutorial
OpenNebula 5.4 Hands-on TutorialOpenNebula 5.4 Hands-on Tutorial
OpenNebula 5.4 Hands-on TutorialOpenNebula Project
 
Making your first contribution to Foreman
Making your first contribution to ForemanMaking your first contribution to Foreman
Making your first contribution to ForemanDominic Cleal
 
How to deploy a Java application on Google App engine Flexible environment
How to deploy a Java application on Google App engine Flexible environmentHow to deploy a Java application on Google App engine Flexible environment
How to deploy a Java application on Google App engine Flexible environmentMichelantonio Trizio
 
How Can OpenNebula Fit Your Needs: A European Project Feedback
How Can OpenNebula Fit Your Needs: A European Project FeedbackHow Can OpenNebula Fit Your Needs: A European Project Feedback
How Can OpenNebula Fit Your Needs: A European Project FeedbackNETWAYS
 
Nuget updater
Nuget updaterNuget updater
Nuget updaterMark Jordan
 
Puppet Provisioning Vagrant Virtual Machine
Puppet Provisioning Vagrant Virtual MachinePuppet Provisioning Vagrant Virtual Machine
Puppet Provisioning Vagrant Virtual MachineArpit Aggarwal
 
How can OpenNebula fit your needs - OpenNebulaConf 2013
How can OpenNebula fit your needs - OpenNebulaConf 2013 How can OpenNebula fit your needs - OpenNebulaConf 2013
How can OpenNebula fit your needs - OpenNebulaConf 2013 Maxence Dunnewind
 
Order from chaos: automating monitoring configuration
Order from chaos: automating monitoring configurationOrder from chaos: automating monitoring configuration
Order from chaos: automating monitoring configurationSensu Inc.
 
Puppet Availability and Performance at 100K Nodes - PuppetConf 2014
Puppet Availability and Performance at 100K Nodes - PuppetConf 2014Puppet Availability and Performance at 100K Nodes - PuppetConf 2014
Puppet Availability and Performance at 100K Nodes - PuppetConf 2014Puppet
 
Deploying Rails App To Ubuntu Server
Deploying Rails App To Ubuntu ServerDeploying Rails App To Ubuntu Server
Deploying Rails App To Ubuntu ServerJosh Dvir
 
ContainerCon - Test Driven Infrastructure
ContainerCon - Test Driven InfrastructureContainerCon - Test Driven Infrastructure
ContainerCon - Test Driven InfrastructureYury Tsarev
 
Deploying software at Scale
Deploying software at ScaleDeploying software at Scale
Deploying software at ScaleKris Buytaert
 

More Related Content

What's hot

Lifecycle Management with Foreman
Lifecycle Management with ForemanLifecycle Management with Foreman
Lifecycle Management with ForemanJulien Pivotto
 
Monitoring of OpenNebula installations
Monitoring of OpenNebula installationsMonitoring of OpenNebula installations
Monitoring of OpenNebula installationsNETWAYS
 
Puppet Camp Sydney 2015: Puppet and AWS is easy right.....?
Puppet Camp Sydney 2015: Puppet and AWS is easy right.....? Puppet Camp Sydney 2015: Puppet and AWS is easy right.....?
Puppet Camp Sydney 2015: Puppet and AWS is easy right.....? Puppet
 
OpenNebulaConf 2016 - LAB ONE - Vagrant running on OpenNebula? by Florian Heigl
OpenNebulaConf 2016 - LAB ONE - Vagrant running on OpenNebula? by Florian HeiglOpenNebulaConf 2016 - LAB ONE - Vagrant running on OpenNebula? by Florian Heigl
OpenNebulaConf 2016 - LAB ONE - Vagrant running on OpenNebula? by Florian HeiglOpenNebula Project
 
Puppet managed loadays
Puppet managed loadaysPuppet managed loadays
Puppet managed loadaysYankee Nemoy
 
OpenNebulaConf2018 - 5 Things We Wish We Knew Before Deploying OpenNebula in ...
OpenNebulaConf2018 - 5 Things We Wish We Knew Before Deploying OpenNebula in ...OpenNebulaConf2018 - 5 Things We Wish We Knew Before Deploying OpenNebula in ...
OpenNebulaConf2018 - 5 Things We Wish We Knew Before Deploying OpenNebula in ...OpenNebula Project
 
OpenNebula Conf 2014 | Lightning talk: OpenNebula at Etnetera by Jan Horacek
OpenNebula Conf 2014 | Lightning talk: OpenNebula at Etnetera by Jan HoracekOpenNebula Conf 2014 | Lightning talk: OpenNebula at Etnetera by Jan Horacek
OpenNebula Conf 2014 | Lightning talk: OpenNebula at Etnetera by Jan HoracekNETWAYS
 
Auto infra with_foreman_katello
Auto infra with_foreman_katelloAuto infra with_foreman_katello
Auto infra with_foreman_katelloSachin Ghai
 
Full Stack Automation with Katello & The Foreman
Full Stack Automation with Katello & The ForemanFull Stack Automation with Katello & The Foreman
Full Stack Automation with Katello & The ForemanWeston Bassler
 
Monitoring your VM's at Scale
Monitoring your VM's at ScaleMonitoring your VM's at Scale
Monitoring your VM's at ScaleKris Buytaert
 
OpenNebula 5.4 Hands-on Tutorial
OpenNebula 5.4 Hands-on TutorialOpenNebula 5.4 Hands-on Tutorial
OpenNebula 5.4 Hands-on TutorialOpenNebula Project
 
Making your first contribution to Foreman
Making your first contribution to ForemanMaking your first contribution to Foreman
Making your first contribution to ForemanDominic Cleal
 
How to deploy a Java application on Google App engine Flexible environment
How to deploy a Java application on Google App engine Flexible environmentHow to deploy a Java application on Google App engine Flexible environment
How to deploy a Java application on Google App engine Flexible environmentMichelantonio Trizio
 
How Can OpenNebula Fit Your Needs: A European Project Feedback
How Can OpenNebula Fit Your Needs: A European Project FeedbackHow Can OpenNebula Fit Your Needs: A European Project Feedback
How Can OpenNebula Fit Your Needs: A European Project FeedbackNETWAYS
 
Puppet Provisioning Vagrant Virtual Machine
Puppet Provisioning Vagrant Virtual MachinePuppet Provisioning Vagrant Virtual Machine
Puppet Provisioning Vagrant Virtual MachineArpit Aggarwal
 
How can OpenNebula fit your needs - OpenNebulaConf 2013
How can OpenNebula fit your needs - OpenNebulaConf 2013 How can OpenNebula fit your needs - OpenNebulaConf 2013
How can OpenNebula fit your needs - OpenNebulaConf 2013 Maxence Dunnewind
 
Order from chaos: automating monitoring configuration
Order from chaos: automating monitoring configurationOrder from chaos: automating monitoring configuration
Order from chaos: automating monitoring configurationSensu Inc.
 
Puppet Availability and Performance at 100K Nodes - PuppetConf 2014
Puppet Availability and Performance at 100K Nodes - PuppetConf 2014Puppet Availability and Performance at 100K Nodes - PuppetConf 2014
Puppet Availability and Performance at 100K Nodes - PuppetConf 2014Puppet
 
Deploying Rails App To Ubuntu Server
Deploying Rails App To Ubuntu ServerDeploying Rails App To Ubuntu Server
Deploying Rails App To Ubuntu ServerJosh Dvir
 

What's hot (20)

Lifecycle Management with Foreman
Lifecycle Management with ForemanLifecycle Management with Foreman
Lifecycle Management with Foreman
 
Monitoring of OpenNebula installations
Monitoring of OpenNebula installationsMonitoring of OpenNebula installations
Monitoring of OpenNebula installations
 
Puppet Camp Sydney 2015: Puppet and AWS is easy right.....?
Puppet Camp Sydney 2015: Puppet and AWS is easy right.....? Puppet Camp Sydney 2015: Puppet and AWS is easy right.....?
Puppet Camp Sydney 2015: Puppet and AWS is easy right.....?
 
OpenNebulaConf 2016 - LAB ONE - Vagrant running on OpenNebula? by Florian Heigl
OpenNebulaConf 2016 - LAB ONE - Vagrant running on OpenNebula? by Florian HeiglOpenNebulaConf 2016 - LAB ONE - Vagrant running on OpenNebula? by Florian Heigl
OpenNebulaConf 2016 - LAB ONE - Vagrant running on OpenNebula? by Florian Heigl
 
Puppet managed loadays
Puppet managed loadaysPuppet managed loadays
Puppet managed loadays
 
OpenNebulaConf2018 - 5 Things We Wish We Knew Before Deploying OpenNebula in ...
OpenNebulaConf2018 - 5 Things We Wish We Knew Before Deploying OpenNebula in ...OpenNebulaConf2018 - 5 Things We Wish We Knew Before Deploying OpenNebula in ...
OpenNebulaConf2018 - 5 Things We Wish We Knew Before Deploying OpenNebula in ...
 
OpenNebula Conf 2014 | Lightning talk: OpenNebula at Etnetera by Jan Horacek
OpenNebula Conf 2014 | Lightning talk: OpenNebula at Etnetera by Jan HoracekOpenNebula Conf 2014 | Lightning talk: OpenNebula at Etnetera by Jan Horacek
OpenNebula Conf 2014 | Lightning talk: OpenNebula at Etnetera by Jan Horacek
 
Auto infra with_foreman_katello
Auto infra with_foreman_katelloAuto infra with_foreman_katello
Auto infra with_foreman_katello
 
Full Stack Automation with Katello & The Foreman
Full Stack Automation with Katello & The ForemanFull Stack Automation with Katello & The Foreman
Full Stack Automation with Katello & The Foreman
 
Monitoring your VM's at Scale
Monitoring your VM's at ScaleMonitoring your VM's at Scale
Monitoring your VM's at Scale
 
OpenNebula 5.4 Hands-on Tutorial
OpenNebula 5.4 Hands-on TutorialOpenNebula 5.4 Hands-on Tutorial
OpenNebula 5.4 Hands-on Tutorial
 
Making your first contribution to Foreman
Making your first contribution to ForemanMaking your first contribution to Foreman
Making your first contribution to Foreman
 
How to deploy a Java application on Google App engine Flexible environment
How to deploy a Java application on Google App engine Flexible environmentHow to deploy a Java application on Google App engine Flexible environment
How to deploy a Java application on Google App engine Flexible environment
 
How Can OpenNebula Fit Your Needs: A European Project Feedback
How Can OpenNebula Fit Your Needs: A European Project FeedbackHow Can OpenNebula Fit Your Needs: A European Project Feedback
How Can OpenNebula Fit Your Needs: A European Project Feedback
 
Nuget updater
Nuget updaterNuget updater
Nuget updater
 
Puppet Provisioning Vagrant Virtual Machine
Puppet Provisioning Vagrant Virtual MachinePuppet Provisioning Vagrant Virtual Machine
Puppet Provisioning Vagrant Virtual Machine
 
How can OpenNebula fit your needs - OpenNebulaConf 2013
How can OpenNebula fit your needs - OpenNebulaConf 2013 How can OpenNebula fit your needs - OpenNebulaConf 2013
How can OpenNebula fit your needs - OpenNebulaConf 2013
 
Order from chaos: automating monitoring configuration
Order from chaos: automating monitoring configurationOrder from chaos: automating monitoring configuration
Order from chaos: automating monitoring configuration
 
Puppet Availability and Performance at 100K Nodes - PuppetConf 2014
Puppet Availability and Performance at 100K Nodes - PuppetConf 2014Puppet Availability and Performance at 100K Nodes - PuppetConf 2014
Puppet Availability and Performance at 100K Nodes - PuppetConf 2014
 
Deploying Rails App To Ubuntu Server
Deploying Rails App To Ubuntu ServerDeploying Rails App To Ubuntu Server
Deploying Rails App To Ubuntu Server
 

Similar to De-centralise and conquer: Masterless Puppet in a dynamic environment

ContainerCon - Test Driven Infrastructure
ContainerCon - Test Driven InfrastructureContainerCon - Test Driven Infrastructure
ContainerCon - Test Driven InfrastructureYury Tsarev
 
Deploying software at Scale
Deploying software at ScaleDeploying software at Scale
Deploying software at ScaleKris Buytaert
 
SCM Puppet: from an intro to the scaling
SCM Puppet: from an intro to the scalingSCM Puppet: from an intro to the scaling
SCM Puppet: from an intro to the scalingStanislav Osipov
 
Red Hat Satellite 6 - Automation with Puppet
Red Hat Satellite 6 - Automation with PuppetRed Hat Satellite 6 - Automation with Puppet
Red Hat Satellite 6 - Automation with PuppetMichael Lessard
 
Export pdf with puppeteer
Export pdf with puppeteerExport pdf with puppeteer
Export pdf with puppeteerKnoldus Inc.
 
Puppet Camp Seattle 2014: Docker and Puppet: 1+1=3
Puppet Camp Seattle 2014: Docker and Puppet: 1+1=3 Puppet Camp Seattle 2014: Docker and Puppet: 1+1=3
Puppet Camp Seattle 2014: Docker and Puppet: 1+1=3 Puppet
 
TechWiseTV Workshop: Open NX-OS and Devops with Puppet Labs
TechWiseTV Workshop: Open NX-OS and Devops with Puppet LabsTechWiseTV Workshop: Open NX-OS and Devops with Puppet Labs
TechWiseTV Workshop: Open NX-OS and Devops with Puppet LabsRobb Boyd
 
Linux host orchestration with Foreman, Puppet and Gitlab
Linux host orchestration with Foreman, Puppet and GitlabLinux host orchestration with Foreman, Puppet and Gitlab
Linux host orchestration with Foreman, Puppet and GitlabBen Tullis
 
High Available Drupal
High Available DrupalHigh Available Drupal
High Available DrupalBram Vogelaar
 
Jenkinsconf Presentation - Advance jenkins management with multiple projects.
Jenkinsconf Presentation - Advance jenkins management with multiple projects.Jenkinsconf Presentation - Advance jenkins management with multiple projects.
Jenkinsconf Presentation - Advance jenkins management with multiple projects.Ohad Basan
 
Puppet Camp Silicon Valley 2015: How TubeMogul reached 10,000 Puppet Deployme...
Puppet Camp Silicon Valley 2015: How TubeMogul reached 10,000 Puppet Deployme...Puppet Camp Silicon Valley 2015: How TubeMogul reached 10,000 Puppet Deployme...
Puppet Camp Silicon Valley 2015: How TubeMogul reached 10,000 Puppet Deployme...Nicolas Brousse
 
Instant LAMP Stack with Vagrant and Puppet
Instant LAMP Stack with Vagrant and PuppetInstant LAMP Stack with Vagrant and Puppet
Instant LAMP Stack with Vagrant and PuppetPatrick Lee
 
Developing and Testing with Enhanced Oscar
Developing and Testing with Enhanced OscarDeveloping and Testing with Enhanced Oscar
Developing and Testing with Enhanced OscarJeff Scelza
 
Puppet Camp Denver 2015: Developing and Testing with Enhanced Oscar
Puppet Camp Denver 2015: Developing and Testing with Enhanced OscarPuppet Camp Denver 2015: Developing and Testing with Enhanced Oscar
Puppet Camp Denver 2015: Developing and Testing with Enhanced OscarPuppet
 
Configuration Management - Finding the tool to fit your needs
Configuration Management - Finding the tool to fit your needsConfiguration Management - Finding the tool to fit your needs
Configuration Management - Finding the tool to fit your needsSaltStack
 
IT Automation with Puppet Enterprise
IT Automation with Puppet EnterpriseIT Automation with Puppet Enterprise
IT Automation with Puppet EnterpriseAnuchit Chalothorn
 
Creating a Mature Puppet System
Creating a Mature Puppet SystemCreating a Mature Puppet System
Creating a Mature Puppet SystemPuppet
 

Similar to De-centralise and conquer: Masterless Puppet in a dynamic environment (20)

ContainerCon - Test Driven Infrastructure
ContainerCon - Test Driven InfrastructureContainerCon - Test Driven Infrastructure
ContainerCon - Test Driven Infrastructure
 
Deploying software at Scale
Deploying software at ScaleDeploying software at Scale
Deploying software at Scale
 
SCM Puppet: from an intro to the scaling
SCM Puppet: from an intro to the scalingSCM Puppet: from an intro to the scaling
SCM Puppet: from an intro to the scaling
 
Red Hat Satellite 6 - Automation with Puppet
Red Hat Satellite 6 - Automation with PuppetRed Hat Satellite 6 - Automation with Puppet
Red Hat Satellite 6 - Automation with Puppet
 
Export pdf with puppeteer
Export pdf with puppeteerExport pdf with puppeteer
Export pdf with puppeteer
 
Puppet Camp Seattle 2014: Docker and Puppet: 1+1=3
Puppet Camp Seattle 2014: Docker and Puppet: 1+1=3 Puppet Camp Seattle 2014: Docker and Puppet: 1+1=3
Puppet Camp Seattle 2014: Docker and Puppet: 1+1=3
 
TechWiseTV Workshop: Open NX-OS and Devops with Puppet Labs
TechWiseTV Workshop: Open NX-OS and Devops with Puppet LabsTechWiseTV Workshop: Open NX-OS and Devops with Puppet Labs
TechWiseTV Workshop: Open NX-OS and Devops with Puppet Labs
 
Linux host orchestration with Foreman, Puppet and Gitlab
Linux host orchestration with Foreman, Puppet and GitlabLinux host orchestration with Foreman, Puppet and Gitlab
Linux host orchestration with Foreman, Puppet and Gitlab
 
Kubernetes 101
Kubernetes 101Kubernetes 101
Kubernetes 101
 
High Available Drupal
High Available DrupalHigh Available Drupal
High Available Drupal
 
Chef vs puppet
Chef vs puppetChef vs puppet
Chef vs puppet
 
Jenkinsconf Presentation - Advance jenkins management with multiple projects.
Jenkinsconf Presentation - Advance jenkins management with multiple projects.Jenkinsconf Presentation - Advance jenkins management with multiple projects.
Jenkinsconf Presentation - Advance jenkins management with multiple projects.
 
Puppet Camp Silicon Valley 2015: How TubeMogul reached 10,000 Puppet Deployme...
Puppet Camp Silicon Valley 2015: How TubeMogul reached 10,000 Puppet Deployme...Puppet Camp Silicon Valley 2015: How TubeMogul reached 10,000 Puppet Deployme...
Puppet Camp Silicon Valley 2015: How TubeMogul reached 10,000 Puppet Deployme...
 
Instant LAMP Stack with Vagrant and Puppet
Instant LAMP Stack with Vagrant and PuppetInstant LAMP Stack with Vagrant and Puppet
Instant LAMP Stack with Vagrant and Puppet
 
Project Atomic-Nulecule
Project Atomic-NuleculeProject Atomic-Nulecule
Project Atomic-Nulecule
 
Developing and Testing with Enhanced Oscar
Developing and Testing with Enhanced OscarDeveloping and Testing with Enhanced Oscar
Developing and Testing with Enhanced Oscar
 
Puppet Camp Denver 2015: Developing and Testing with Enhanced Oscar
Puppet Camp Denver 2015: Developing and Testing with Enhanced OscarPuppet Camp Denver 2015: Developing and Testing with Enhanced Oscar
Puppet Camp Denver 2015: Developing and Testing with Enhanced Oscar
 
Configuration Management - Finding the tool to fit your needs
Configuration Management - Finding the tool to fit your needsConfiguration Management - Finding the tool to fit your needs
Configuration Management - Finding the tool to fit your needs
 
IT Automation with Puppet Enterprise
IT Automation with Puppet EnterpriseIT Automation with Puppet Enterprise
IT Automation with Puppet Enterprise
 
Creating a Mature Puppet System
Creating a Mature Puppet SystemCreating a Mature Puppet System
Creating a Mature Puppet System
 

Recently uploaded

Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontologyjohnbeverley2021
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxRemote DBA Services
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityWSO2
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 

Recently uploaded (20)

Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 

De-centralise and conquer: Masterless Puppet in a dynamic environment

  • 1. De-centralise and Conquer Masterless Puppet in a Dynamic Environment Sam Bashton, Bashton Ltd
  • 2. Who am I? ● Linux guy since Slackware, floppy disks and root + boot ● Using Puppet since 2007 ● Run a company Manchester, North West England
  • 3. Our Environments ● We provide outsourced ops for other companies ● High traffic environments ● Most are now on Amazon Web Services ● #1 reason for moving to AWS? The ability to scale on demand
  • 5. How we use Puppet ● No Puppetmaster ● Puppet manifests and modules distributed to all machines
  • 6. What's wrong with standard Puppet? ● Pets vs Cattle ● Standard Puppet configuration assumes that servers are pets, not cattle
  • 7. What's wrong with standard Puppet? ● Standard Puppetmaster/Puppet Client configuration makes assumptions about environments ○ Machine creation is a manual operation ■ Sign certs ○ No in-built mechanism to automatically clean up old machines
  • 8. What's wrong with standard Puppet? ● Puppetmaster is a single point of failure ● When servers are pets, this isn't too much of a problem ○ Existing servers continue to work, but not any updates
  • 9. What's wrong with standard Puppet? ● When servers are auto-scaling cattle, new instances can appear at any time ● New instances require config to become operational ● Configuration requires Puppet
  • 10. What's wrong with standard Puppet? ● Our environments span multiple data centres ('availability zones') ● Imagine a data centre fails ● New instances get auto-provisioned to replace missing capacity ● But these instances need the Puppetmaster ● ..which was in the failed AZ
  • 11. What's wrong with standard Puppet? ● Resource contention ● Even when Puppetmaster isn't in the failed zone, multiple concurrent connections slow things down
  • 12. What's wrong with standard Puppet? ● None of these problems are insurmountable ● We could have configured a Puppetmaster a cluster of Puppetmasters for our needs ○ With autosign ○ and some sort of certificate distribution mechanism ○ uuid certificate names ○ And a mechanism for cleaning up old machines
  • 13. Meanwhile, on the other side of the room... ● Another team was evaluating Pulp ● Provides yum repository management ● To be used for managing security updates and deploying application code http://pulpproject.org/
  • 14. Pulp ● Allows cloning of repos, copying packages between repos ● Allows us to push packages to clients ○ Uses qpid message queue ● Has 'content distribution servers' for easy replication + clustering
  • 15. How we deploy code ● Everything managed via the Jenkins continuous integration server ● Jenkins uses Pulp to install code on remote machines
  • 16. How we deploy code ● Jenkins fetches code from source control (git) ● An RPM is built ● Tests are run ● The RPM is added to the relevant Pulp repository ● RPM installed on the target machine(s)
  • 17. How we deploy code ● Jenkins also manages deployment lifecycle ● 'Promoted Builds' plugin used to install previously built RPMs on staging ● Promoted Builds plugin then used to install the same RPMs on live once testing is complete
  • 18. Deploying configuration as code ● Idea: Why not just build an RPM of our Puppet manifests + modules? ● Have puppet apply as part of the % postinst
  • 19. Deploying configuration as code ● Allowed us to reuse our existing code deployment infrastructure ● Manage configuration deployment from Jenkins
  • 20. How we deploy configuration ● Puppet manifests and modules are checked into git ● Jenkins builds configuration into an RPM ● Jenkins promoted builds plugin applies the updates to environments via Pulp
  • 21. Our system architecture ● Quite AWS specific ● Concepts could be applied to other clouds ○ Once they catch up in terms of toolsets..
  • 22. Separation of Roles ● CloudFormation - defines infrastructure ● Puppet manages configuration ● Pulp manages package versions ○ Pulp in turn managed via Jenkins for custom repos
  • 23. Instance Provisioning ● Minimal images used ● cloud-init the only addition beyond standard CentOS install ● cloud-init allows us to specify script to be run at boot
  • 24. Puppet bootstrap ● cloud-init script adds local Puppet yum repo and installs the Puppet configuration RPM ● Installing the RPM installs Puppet and applies the configuration
  • 25. Machine metadata ● cloud-init also sets some variables in /etc/environment ● $HOST_TYPE - the type of machine this is, eg web, cache
  • 26. Machine metadata ● Also set facts to be used by facter, eg RDS database hostname ○ Values from CloudFormation ● $FACTER_DBHOST set via cloud-init too, eg /root/.my.cnf
  • 27. Defining machine roles ● For each machine type there is a manifest /etc/puppet/manifests/$HOST_TYPE.pp ● This file looks something like this: node default { import global ... }
  • 28. Building the RPM ● Puppet manifests and modules are all packed into an RPM ● Owner set to root, mode 600 ● %postinst creates an at job set for now + 1 minute to run puppet apply
  • 31. Free wins ● Greater control over the timing of Puppet runs ● Improved visibility - for ops and devs ● Configuration changes now have to be deployed to testing/staging first
  • 32. More free wins ● Puppet configs now have a version ● Easy to find config version on the machine itself ● Config changelogs accessible on every machine ○ (Git changelog added to RPM)
  • 34. Cheap wins ● Jenkins performs syntax checks with puppet parser validate ● Jenkins also runs puppet-lint on manifests
  • 35. Cheap wins ● Config change required for new code? ○ Make the Puppet RPM version a dependency
  • 36. The downsides ● Puppet manifests and modules on all machines ○ Potentially a security issue? ● No reporting*
  • 37. Alternative implementations ● Don't want to use Pulp? ● Could do basically the same thing with yum s3 plugin https://github.com/jbraeuer/yum-s3-plugin
  • 38. Questions? Comments? Sam Bashton sam@bashton.com Twitter: @bashtoni