Tame your Infrastructure with Puppet

Tame your Infrastructure using Puppet Presented for Linux Fest Northwest 2009 by Mark Foster

Agenda
Why Puppet? Pros / Cons / Suitability
Installation
Facter, Types and other constructs
Implementation
Scaling
Integration
Resources

What is Puppet
Developed by Luke Kanies and Reductive Labs
Declarative language
Client / Server model
It lets you manage "things" from a central location
Packages (software)
Services (daemons)
Processes (think cron jobs)
Users & Groups
Arbitrary stuff

What is Puppet (2)
Providers
packaging (yum, rpm, apt, deb, dpkg, gem...)
users/group management (useradd/adduser, userdel, pw)
Variables and Conditionals!
Ruby underneath, flexible, modular
Authenticated & authorized communication

Why Puppet?
Traditional system administration is tedious
Sys admins must know/learn a # of O/S flavors
It's “better” - you'll never do system administration the same – think TiVo

Why not Puppet?
Learning curve
You might have a established heterogeneous/legacy environment
You might be too lazy to get around to it
You're already using another mediation layer that does the job

Suitability cacti trac Bad Good nagios apache munin mysql ssh sudo ntp

Suitability, cont.
Simple applications are easier to integrate
flat-file configurations help
fancy setup wizards work against puppet
web-based setups also

Puppet Components
Server: puppetmasterd
Listens on port 8140/tcp
runs as user “puppet”
Encrypted (SSL) communication
Certificate and thus authorization managed using puppetca command (or autoenroll)
integrated fileserver
Clients: puppetd
connects to puppetmaster every ½ hour
runs as user “root”

Puppet Components (2)
Puppet CA
Command line utility to approve certificates
Must by run as root
Facter
runs on the client
basic name = value pairs (“Facts”)

Installation
Fedora / Red Hat / CentOS
yum install puppet puppetmaster
Hint: use the EPEL repo
Debian / Ubuntu
aptitude install puppet puppetmaster
Hint: use backports on Etch
Warning: versions < 0.24.x are to be avoided

Installation (gem)
No package? No problem... Use a (ruby) gem
aptitude -y install lsb-release rubygems
gem install puppet -y
/var/lib/gems/1.8/bin/puppetd

Commands
Puppet daemon control
/etc/init.d/puppetmaster start|stop|restart
/etc/init.d/puppet start
Puppetca
puppetca --list
puppetca --sign <client-hostname>

Commands (2)
Debug
Puppet master
sudo -u puppet
/usr/sbin/puppetmasterd
--no-daemonize –verbose --debug
Puppet client
sudo /usr/sbin/puppetd
--no-daemonize --verbose --debug

Types: node node default { include someclass } node example-host inherits default { include anotherclass } node hostname inherits example-host { }

Types: File file { “/etc/resolv.conf”: owner => root, group => root, mode => 644, } file { "/etc/ssl/certs/4bd04d2f.0": ensure => link, target => "/etc/ssl/certs/bpca3.crt" }

Types: File (2) file { “/etc/resolv.conf”: owner => root, group => root, mode => 644, source => “puppet:///files/etc/resolv.conf” } file { “/etc/resolv.conf”: owner => root, group => root, mode => 644, content => template(" puppet:///files/etc/ resolv.conf.erb") , }

Types: Package package {“nscd”: ensure => installed }

Types: Service service {“nscd”: enable => true, ensure => running, }

Classes class { nscd: package {nscd: ensure => installed } service {nscd: enable => true, ensure => running, hasrestart => true, require => Package[nscd], } file {“/etc/nscd.conf”: source => “puppet:///files/etc/nscd.conf”, notify => Service[nscd], require => P ackage [nscd], } }

Defines define rFile ( $group=root,$owner=root,$mode=644, $replace=true,$links=manage ) { file{ $name: group=>$group, owner=>$owner, mode=>$mode, source=>[ "puppet:///$domain/$hostname/$name", "puppet:///$domain/$role/$name", "puppet:///$domain/$name", "puppet:///$site/$name", "puppet:///global/$name"], replace=>$replace, links=>$links } }

Plugins Facter.add("test1") do setcode do %x{/bin/hostname -f} end end

Modules
Using modules is recommended approach
Organization of modules...
puppet/modules/
puppet/modules/custom/

Modules (2)
Layout of a module (a look inside)
manifests/
init.pp
files/
templates/
plugins/

Rollout
How will you deploy puppet?
On new hosts only
Retrofit
All or some
There is no one-size-fits-all strategy
Full-on adoption, limited retrofit or new hosts only
Combine with attrition and you can be fully “puppetized” real soon
Don't forget learning curve

Implementation
“Bare bones”
Default install (puppetmaster/webrick)
Suitable for smaller sites 1-20 hosts
RCS for revision control
flat file node control
monolithic (not multiple environments or sites)

Implementation v2 Upgrades for scalability & performance
WEBrick -> Mongrel
Mongrel cluster fronted by Apache (mod_balance), Nginx (fair) or HAProxy
Additional nodes w/ shared storage
Subversion or CVS or Git
Distributed puppetmasters (per site)

Implementation v2.1 Upgrades for manageability & integrity
External node classification
LDAP integration
Database integration
Stored configuration (storeconfig)
Puppetshow
Puppet Recruiter
iClassify
https://wiki.hjksolutions.com/display/IC/Home

VCS Integration
Subversion or CVS or Git
pre/post commit hooks
svnspam
propset tags for $Id$ and $URL$ interpolation

Database Integration
SQLite, MySQL or PostgreSQL
storeconfig
dumb name
put facts and other metadata into a database
Clean and easy to setup!
allows for naginator and external resources

Database Integration

Resources
Puppet home page http://reductivelabs.com/trac/puppet/
BitPusher home page http://www.bitpusher.com/

http://blog.bitpusher.com	424
http://openerpappliance.com	97
http://opensourceconsulting.wordpress.com	33
http://www.slideshare.net	26
http://bitpusher.com	8
http://webcache.googleusercontent.com	1
http://translate.googleusercontent.com	1

Tame your Infrastructure with Puppet

by delimiter

Accessibility

Categories

Upload Details

Usage Rights

7 Embeds 590

Statistics

Tame your Infrastructure with Puppet Webinar Transcript