Tame your Infrastructure  using Puppet Presented for Linux Fest Northwest 2009 by Mark Foster
Agenda <ul><li>Why Puppet? Pros / Cons / Suitability </li></ul><ul><li>Installation </li></ul><ul><li>Facter, Types and ot...
What is Puppet <ul><li>Developed by Luke Kanies and Reductive Labs </li></ul><ul><li>Declarative language </li></ul><ul><l...
What is Puppet (2) <ul><li>Providers </li></ul><ul><ul><li>packaging (yum, rpm, apt, deb, dpkg, gem...) </li></ul></ul><ul...
Why Puppet? <ul><li>Traditional system administration is tedious </li></ul><ul><li>Sys admins must know/learn a # of O/S f...
Why  not  Puppet? <ul><li>Learning curve </li></ul><ul><li>You might have a established heterogeneous/legacy environment <...
Suitability cacti trac Bad Good nagios apache munin mysql ssh sudo ntp
Suitability, cont. <ul><li>Simple applications are easier to integrate </li></ul><ul><li>flat-file configurations help </l...
Puppet Components <ul><li>Server: puppetmasterd </li></ul><ul><ul><li>Listens on port 8140/tcp </li></ul></ul><ul><ul><li>...
Puppet Components (2) <ul><li>Puppet CA </li></ul><ul><ul><li>Command line utility to approve certificates </li></ul></ul>...
Installation <ul><li>Fedora / Red Hat / CentOS </li></ul><ul><ul><li>yum install puppet puppetmaster </li></ul></ul><ul><u...
Installation (gem) <ul><li>No package? No problem... Use a (ruby) gem </li></ul><ul><li>aptitude -y install lsb-release ru...
Commands <ul><li>Puppet daemon control </li></ul><ul><li>/etc/init.d/puppetmaster start|stop|restart </li></ul><ul><li>/et...
Commands (2) <ul><li>Debug </li></ul><ul><ul><li>Puppet master </li></ul></ul><ul><ul><li>sudo -u puppet </li></ul></ul><u...
Types: node node default {  include someclass } node example-host inherits default { include anotherclass } node hostname ...
Types: File file { “/etc/resolv.conf”: owner => root, group => root, mode => 644, } file { &quot;/etc/ssl/certs/4bd04d2f.0...
Types: File (2) file { “/etc/resolv.conf”: owner => root, group => root, mode => 644, source => “puppet:///files/etc/resol...
Types: Package package {“nscd”: ensure => installed }
Types: Service service {“nscd”: enable => true, ensure => running, }
Classes class { nscd: package {nscd: ensure => installed } service {nscd: enable => true, ensure => running, hasrestart =>...
Defines define rFile ( $group=root,$owner=root,$mode=644,  $replace=true,$links=manage ) { file{ $name: group=>$group, own...
Plugins Facter.add(&quot;test1&quot;) do setcode do %x{/bin/hostname -f} end end
Modules <ul><li>Using  modules is recommended approach </li></ul><ul><li>Organization of modules... </li></ul><ul><li>pupp...
Modules (2) <ul><li>Layout of a module (a look inside) </li></ul><ul><li>manifests/ </li></ul><ul><ul><li>init.pp </li></u...
Rollout <ul><li>How will you deploy puppet? </li></ul><ul><ul><li>On new hosts only </li></ul></ul><ul><ul><li>Retrofit </...
Implementation <ul><li>“Bare bones” </li></ul><ul><ul><li>Default install (puppetmaster/webrick) </li></ul></ul><ul><ul><l...
Implementation v2 Upgrades for scalability & performance <ul><li>WEBrick -> Mongrel </li></ul><ul><li>Mongrel cluster fron...
Implementation v2.1 Upgrades for manageability & integrity <ul><li>External node classification </li></ul><ul><ul><li>LDAP...
VCS Integration <ul><li>Subversion or CVS or Git </li></ul><ul><ul><li>pre/post commit hooks </li></ul></ul><ul><ul><li>sv...
Database Integration <ul><li>SQLite, MySQL or PostgreSQL </li></ul><ul><li>storeconfig </li></ul><ul><ul><li>dumb name </l...
Database Integration
Resources <ul><li>Puppet home page   http://reductivelabs.com/trac/puppet/   </li></ul><ul><li>BitPusher home page   http:...
Upcoming SlideShare
Loading in …5
×

Tame your Infrastructure with Puppet

6,736 views
6,652 views

Published on

Presented at LinuxFest Northwest 2009, this slideshow covers how to install and use puppet, types of implementations and more. Visit http://www.bitpusher.com/ for more about BitPusher.

0 Comments
5 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
6,736
On SlideShare
0
From Embeds
0
Number of Embeds
613
Actions
Shares
0
Downloads
213
Comments
0
Likes
5
Embeds 0
No embeds

No notes for slide
  • Tame your Infrastructure with Puppet

    1. 1. Tame your Infrastructure using Puppet Presented for Linux Fest Northwest 2009 by Mark Foster
    2. 2. Agenda <ul><li>Why Puppet? Pros / Cons / Suitability </li></ul><ul><li>Installation </li></ul><ul><li>Facter, Types and other constructs </li></ul><ul><li>Implementation </li></ul><ul><li>Scaling </li></ul><ul><li>Integration </li></ul><ul><li>Resources </li></ul>
    3. 3. What is Puppet <ul><li>Developed by Luke Kanies and Reductive Labs </li></ul><ul><li>Declarative language </li></ul><ul><li>Client / Server model </li></ul><ul><li>It lets you manage &quot;things&quot; from a central location </li></ul><ul><li>Packages (software) </li></ul><ul><li>Services (daemons) </li></ul><ul><li>Processes (think cron jobs) </li></ul><ul><li>Users & Groups </li></ul><ul><li>Arbitrary stuff </li></ul>
    4. 4. What is Puppet (2) <ul><li>Providers </li></ul><ul><ul><li>packaging (yum, rpm, apt, deb, dpkg, gem...) </li></ul></ul><ul><ul><li>users/group management (useradd/adduser, userdel, pw) </li></ul></ul><ul><li>Variables and Conditionals! </li></ul><ul><li>Ruby underneath, flexible, modular </li></ul><ul><li>Authenticated & authorized communication </li></ul>
    5. 5. Why Puppet? <ul><li>Traditional system administration is tedious </li></ul><ul><li>Sys admins must know/learn a # of O/S flavors </li></ul><ul><li>It's “better” - you'll never do system administration the same – think TiVo </li></ul>
    6. 6. Why not Puppet? <ul><li>Learning curve </li></ul><ul><li>You might have a established heterogeneous/legacy environment </li></ul><ul><li>You might be too lazy to get around to it </li></ul><ul><li>You're already using another mediation layer that does the job </li></ul>
    7. 7. Suitability cacti trac Bad Good nagios apache munin mysql ssh sudo ntp
    8. 8. Suitability, cont. <ul><li>Simple applications are easier to integrate </li></ul><ul><li>flat-file configurations help </li></ul><ul><li>fancy setup wizards work against puppet </li></ul><ul><li>web-based setups also </li></ul>
    9. 9. Puppet Components <ul><li>Server: puppetmasterd </li></ul><ul><ul><li>Listens on port 8140/tcp </li></ul></ul><ul><ul><li>runs as user “puppet” </li></ul></ul><ul><ul><li>Encrypted (SSL) communication </li></ul></ul><ul><ul><li>Certificate and thus authorization managed using puppetca command (or autoenroll) </li></ul></ul><ul><ul><li>integrated fileserver </li></ul></ul><ul><li>Clients: puppetd </li></ul><ul><ul><li>connects to puppetmaster every ½ hour </li></ul></ul><ul><ul><li>runs as user “root” </li></ul></ul>
    10. 10. Puppet Components (2) <ul><li>Puppet CA </li></ul><ul><ul><li>Command line utility to approve certificates </li></ul></ul><ul><ul><li>Must by run as root </li></ul></ul><ul><li>Facter </li></ul><ul><ul><li>runs on the client </li></ul></ul><ul><ul><li>basic name = value pairs (“Facts”) </li></ul></ul>
    11. 11. Installation <ul><li>Fedora / Red Hat / CentOS </li></ul><ul><ul><li>yum install puppet puppetmaster </li></ul></ul><ul><ul><li>Hint: use the EPEL repo </li></ul></ul><ul><li>Debian / Ubuntu </li></ul><ul><ul><li>aptitude install puppet puppetmaster </li></ul></ul><ul><ul><li>Hint: use backports on Etch </li></ul></ul><ul><li>Warning: versions < 0.24.x are to be avoided </li></ul>
    12. 12. Installation (gem) <ul><li>No package? No problem... Use a (ruby) gem </li></ul><ul><li>aptitude -y install lsb-release rubygems </li></ul><ul><li>gem install puppet -y </li></ul><ul><li>/var/lib/gems/1.8/bin/puppetd </li></ul>
    13. 13. Commands <ul><li>Puppet daemon control </li></ul><ul><li>/etc/init.d/puppetmaster start|stop|restart </li></ul><ul><li>/etc/init.d/puppet start </li></ul><ul><li>Puppetca </li></ul><ul><li>puppetca --list </li></ul><ul><li>puppetca --sign <client-hostname> </li></ul>
    14. 14. Commands (2) <ul><li>Debug </li></ul><ul><ul><li>Puppet master </li></ul></ul><ul><ul><li>sudo -u puppet </li></ul></ul><ul><ul><li>/usr/sbin/puppetmasterd </li></ul></ul><ul><ul><ul><li>--no-daemonize –verbose --debug </li></ul></ul></ul><ul><ul><li>Puppet client </li></ul></ul><ul><ul><li>sudo /usr/sbin/puppetd </li></ul></ul><ul><ul><ul><li>--no-daemonize --verbose --debug </li></ul></ul></ul>
    15. 15. Types: node node default { include someclass } node example-host inherits default { include anotherclass } node hostname inherits example-host { }
    16. 16. Types: File file { “/etc/resolv.conf”: owner => root, group => root, mode => 644, } file { &quot;/etc/ssl/certs/4bd04d2f.0&quot;: ensure => link, target => &quot;/etc/ssl/certs/bpca3.crt&quot; }
    17. 17. Types: File (2) file { “/etc/resolv.conf”: owner => root, group => root, mode => 644, source => “puppet:///files/etc/resolv.conf” } file { “/etc/resolv.conf”: owner => root, group => root, mode => 644, content => template(&quot; puppet:///files/etc/ resolv.conf.erb&quot;) , }
    18. 18. Types: Package package {“nscd”: ensure => installed }
    19. 19. Types: Service service {“nscd”: enable => true, ensure => running, }
    20. 20. Classes class { nscd: package {nscd: ensure => installed } service {nscd: enable => true, ensure => running, hasrestart => true, require => Package[nscd], } file {“/etc/nscd.conf”: source => “puppet:///files/etc/nscd.conf”, notify => Service[nscd], require => P ackage [nscd], } }
    21. 21. Defines define rFile ( $group=root,$owner=root,$mode=644, $replace=true,$links=manage ) { file{ $name: group=>$group, owner=>$owner, mode=>$mode, source=>[ &quot;puppet:///$domain/$hostname/$name&quot;, &quot;puppet:///$domain/$role/$name&quot;, &quot;puppet:///$domain/$name&quot;, &quot;puppet:///$site/$name&quot;, &quot;puppet:///global/$name&quot;], replace=>$replace, links=>$links } }
    22. 22. Plugins Facter.add(&quot;test1&quot;) do setcode do %x{/bin/hostname -f} end end
    23. 23. Modules <ul><li>Using modules is recommended approach </li></ul><ul><li>Organization of modules... </li></ul><ul><li>puppet/modules/ </li></ul><ul><li>puppet/modules/custom/ </li></ul>
    24. 24. Modules (2) <ul><li>Layout of a module (a look inside) </li></ul><ul><li>manifests/ </li></ul><ul><ul><li>init.pp </li></ul></ul><ul><li>files/ </li></ul><ul><li>templates/ </li></ul><ul><li>plugins/ </li></ul>
    25. 25. Rollout <ul><li>How will you deploy puppet? </li></ul><ul><ul><li>On new hosts only </li></ul></ul><ul><ul><li>Retrofit </li></ul></ul><ul><ul><li>All or some </li></ul></ul><ul><li>There is no one-size-fits-all strategy </li></ul><ul><li>Full-on adoption, limited retrofit or new hosts only </li></ul><ul><li>Combine with attrition and you can be fully “puppetized” real soon </li></ul><ul><li>Don't forget learning curve </li></ul>
    26. 26. Implementation <ul><li>“Bare bones” </li></ul><ul><ul><li>Default install (puppetmaster/webrick) </li></ul></ul><ul><ul><li>Suitable for smaller sites 1-20 hosts </li></ul></ul><ul><ul><li>RCS for revision control </li></ul></ul><ul><ul><li>flat file node control </li></ul></ul><ul><ul><li>monolithic (not multiple environments or sites) </li></ul></ul>
    27. 27. Implementation v2 Upgrades for scalability & performance <ul><li>WEBrick -> Mongrel </li></ul><ul><li>Mongrel cluster fronted by Apache (mod_balance), Nginx (fair) or HAProxy </li></ul><ul><li>Additional nodes w/ shared storage </li></ul><ul><li>Subversion or CVS or Git </li></ul><ul><li>Distributed puppetmasters (per site) </li></ul>
    28. 28. Implementation v2.1 Upgrades for manageability & integrity <ul><li>External node classification </li></ul><ul><ul><li>LDAP integration </li></ul></ul><ul><ul><li>Database integration </li></ul></ul><ul><ul><ul><li>Stored configuration (storeconfig) </li></ul></ul></ul><ul><li>Puppetshow </li></ul><ul><li>Puppet Recruiter </li></ul><ul><li>iClassify </li></ul><ul><ul><li>https://wiki.hjksolutions.com/display/IC/Home </li></ul></ul>
    29. 29. VCS Integration <ul><li>Subversion or CVS or Git </li></ul><ul><ul><li>pre/post commit hooks </li></ul></ul><ul><ul><li>svnspam </li></ul></ul><ul><ul><li>propset tags for $Id$ and $URL$ interpolation </li></ul></ul>
    30. 30. Database Integration <ul><li>SQLite, MySQL or PostgreSQL </li></ul><ul><li>storeconfig </li></ul><ul><ul><li>dumb name </li></ul></ul><ul><ul><li>put facts and other metadata into a database </li></ul></ul><ul><ul><li>Clean and easy to setup! </li></ul></ul><ul><ul><li>allows for naginator and external resources </li></ul></ul>
    31. 31. Database Integration
    32. 32. Resources <ul><li>Puppet home page http://reductivelabs.com/trac/puppet/ </li></ul><ul><li>BitPusher home page http://www.bitpusher.com/ </li></ul>

    ×