• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Intro To Puppet.Key
 

Intro To Puppet.Key

on

  • 5,233 views

Intro to Puppet - Making Administration Sexy

Intro to Puppet - Making Administration Sexy

Statistics

Views

Total Views
5,233
Views on SlideShare
5,207
Embed Views
26

Actions

Likes
11
Downloads
0
Comments
1

1 Embed 26

http://www.slideshare.net 26

Accessibility

Categories

Upload Details

Uploaded via as Apple Keynote

Usage Rights

CC Attribution License

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel

11 of 1 previous next

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
  • why don't download?
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • admin 15 years, using puppet for almost 2 years. <br /> Originally called &#x201C;What it is and how can it make system administration less painful&#x201D; <br /> <br /> Conveys a better image and what immediately comes to mind is no other than:
  • This is not a sales pitch <br /> I will ask a marketing some marketing research at the end
  • Like to know my audience
  • Like to know my audience
  • Like to know my audience
  • Like to know my audience
  • Stone Age <br /> Modernize Administration like programming has in the past 20 years. <br /> Mention my story
  • One server relative easy to manage <br /> - one OS <br /> - mostly custom developed applications, few commercial or OSS apps to maintain and upgrade <br /> - monolith mainframe
  • Even worse, cloud based instances that only last a few hours
  • Like a blacksmith
  • no complex images <br /> repeatable installations
  • Puppet make administration a process than a manual task
  • puppetd run as a daemon or cron <br /> one puppetmaster <br /> each server is called a node
  • * You can change the runinterval <br /> * You can trigger runs through puppetrun, SIGUSR1, or puppetd --test
  • * You can change the runinterval <br /> * You can trigger runs through puppetrun, SIGUSR1, or puppetd --test
  • * You can change the runinterval <br /> * You can trigger runs through puppetrun, SIGUSR1, or puppetd --test
  • * You can change the runinterval <br /> * You can trigger runs through puppetrun, SIGUSR1, or puppetd --test
  • Idempotency is what allows us to manage a machine through its whole lifecycle <br /> term idempotent is used to describe methods or subroutine calls that can safely be called multiple times, as invoking the procedure a single time or multiple times results in the system maintaining the same state; i.e., after the method call all variables have the same value as they did before.
  • add/remove more resources as needed
  • resources <br /> title <br /> attributes <br /> ensures correctness (self healing)
  • resources <br /> title <br /> attributes <br /> ensures correctness (self healing)
  • resources <br /> title <br /> attributes <br /> ensures correctness (self healing)
  • resources <br /> title <br /> attributes <br /> ensures correctness (self healing)
  • resources <br /> title <br /> attributes <br /> ensures correctness (self healing)
  • resources <br /> title <br /> attributes <br /> ensures correctness (self healing)
  • resources <br /> title <br /> attributes <br /> ensures correctness (self healing)
  • resources <br /> title <br /> attributes <br /> ensures correctness (self healing)
  • Can develop your own custom Types
  • We&#x2019;re doing the same thing with different commands on different platforms
  • resources <br /> unique name for each resource
  • We&#x2019;ll come back to abstraction
  • This is shareable, releasable code. <br /> Classes are analogous with tags <br /> modules
  • OO <br /> inherits <br /> includes <br /> external nodes ie (LDAP)
  • And you don&#x2019;t even need to centralize it.
  • * Every connection is encrypted, and the only connection that isn&#x2019;t authenticated is the one that asks for a signed cert <br /> * Client certs <br /> * Autosign, manual sign, manual certificate generation <br /> * You don&#x2019;t even have to use it
  • use syslog-ng
  • development lifecycle
  • developed by one person, not active development, not client/server environment

Intro To Puppet.Key Intro To Puppet.Key Presentation Transcript

  • Intro to Puppet Making Administration Sexy Larry Ludwig Email: larry@brandorr.com Twitter: @lludwig Web: brandorr.com
  • Image from http://community.uaf.edu/~cde/wiki/uploads/ITSFuturama05/sexy-bill2.png
  • How many servers/VPS instances do you currently manage?
  • How many servers/VPS instances do you currently manage? • <25
  • How many servers/VPS instances do you currently manage? • <25 • >25 & <100
  • How many servers/VPS instances do you currently manage? • <25 • >25 & <100 • >100 & <250
  • How many servers/VPS instances do you currently manage? • <25 • >25 & <100 • >100 & <250 • 250+
  • The Evolution of Administration Image from http://www.wordinfo.info/words/images/evolution-man-computer.gif
  • The Evolution of Administration Image from http://www.wordinfo.info/words/images/evolution-man-computer.gif
  • From the Single Mainframe Computer Image from http://tvtropes.org/pmwiki/pub/images/monolith.jpg
  • To Today Many Virtual Servers Image from http://www.code-muse.com/blog/wp-content/uploads/2007/11/df20021001.jpg
  • What’s wrong with Administration Today?
  • What’s wrong with Administration Today? • Too many computers/services
  • What’s wrong with Administration Today? • Too many computers/services • Too many different operating systems
  • What’s wrong with Administration Today? • Too many computers/services • Too many different operating systems • Not enough time
  • What’s wrong with Administration Today? • Too many computers/services • Too many different operating systems • Not enough time • Mostly a manual process
  • What’s wrong with Administration Today? • Too many computers/services • Too many different operating systems • Not enough time • Mostly a manual process • No feedback loop - (work and boss)
  • What’s wrong with Administration Today? • Too many computers/services • Too many different operating systems • Not enough time • Mostly a manual process • No feedback loop - (work and boss) • Best practices are not shared
  • What’s wrong with Administration Today? • Too many computers/services • Too many different operating systems • Not enough time • Mostly a manual process • No feedback loop - (work and boss) • Best practices are not shared • Too much money lost when they fail
  • What’s wrong with Administration Today? • Too many computers/services • Too many different operating systems • Not enough time • Mostly a manual process • No feedback loop - (work and boss) • Best practices are not shared • Too much money lost when they fail
  • Not exactly modern Image from http://flickr.com/photos/silverwood/593965547/
  • In fact, they kinda suck Image from http://flickr.com/photos/jefframone/1426716646/
  • Sysadmin Programming Language Progression
  • Sysadmin Programming Language Progression • Assembly Language
  • Sysadmin Programming Language Progression • Assembly Language • High Level compiled languages (Cobol, C, C++)
  • Sysadmin Programming Language Progression • Assembly Language • High Level compiled languages (Cobol, C, C++) • Shell Scripting (bash, awk, sed, grep, etc.)
  • Sysadmin Programming Language Progression • Assembly Language • High Level compiled languages (Cobol, C, C++) • Shell Scripting (bash, awk, sed, grep, etc.) • High Level Interpreted (Perl and Python)
  • Sysadmin Programming Language Progression • Assembly Language • High Level compiled languages (Cobol, C, C++) • Shell Scripting (bash, awk, sed, grep, etc.) • High Level Interpreted (Perl and Python) • Administration Based Programming (CFEngine)
  • What’s Wrong With Existing Tools?
  • What’s Wrong With Existing Tools? • Monitoring is immature and requires far too much effort
  • What’s Wrong With Existing Tools? • Monitoring is immature and requires far too much effort • Few if any built-in feedback loops
  • What’s Wrong With Existing Tools? • Monitoring is immature and requires far too much effort • Few if any built-in feedback loops • Each tool is an independent
  • What’s Wrong With Existing Tools? • Monitoring is immature and requires far too much effort • Few if any built-in feedback loops • Each tool is an independent • All failures lead directly to human intervention
  • What’s Wrong With Existing Tools? • Monitoring is immature and requires far too much effort • Few if any built-in feedback loops • Each tool is an independent • All failures lead directly to human intervention • No sharing of best practices and a manual process prone to errors
  • What’s Wrong With Existing Tools? • Monitoring is immature and requires far too much effort • Few if any built-in feedback loops • Each tool is an independent • All failures lead directly to human intervention • No sharing of best practices and a manual process prone to errors • Security policies via documentation files
  • What is Puppet?
  • What is Puppet? • Puppet is a programming language that automates system administration
  • What is Puppet? • Puppet is a programming language that automates system administration • It’s the glue between resources and configuration files
  • What is Puppet? • Puppet is a programming language that automates system administration • It’s the glue between resources and configuration files • Allows for repeatable sysadmin best practices
  • Net Result • Servers are configured exactly how you specify • Code once, deploy many • Self documenting code • Allow for repeatable built machines • Allows for a constantly updated infrastructure
  • Puppet Features
  • Puppet Features • Open Source GPL license
  • Puppet Features • Open Source GPL license • Developed in Ruby language
  • Puppet Features • Open Source GPL license • Developed in Ruby language • Declarative language
  • Puppet Features • Open Source GPL license • Developed in Ruby language • Declarative language • Resource abstraction
  • Puppet Features • Open Source GPL license • Developed in Ruby language • Declarative language • Resource abstraction • client/server model - centralized management with downloadable resources
  • Puppet Features • Open Source GPL license • Developed in Ruby language • Declarative language • Resource abstraction • client/server model - centralized management with downloadable resources • Platform independent (supports many *nixes)
  • Puppet Features • Open Source GPL license • Developed in Ruby language • Declarative language • Resource abstraction • client/server model - centralized management with downloadable resources • Platform independent (supports many *nixes) • Relationships and execution order
  • Puppet Features • Open Source GPL license • Developed in Ruby language • Declarative language • Resource abstraction • client/server model - centralized management with downloadable resources • Platform independent (supports many *nixes) • Relationships and execution order • Can be used with servers and desktops
  • Puppet Features • Open Source GPL license • Developed in Ruby language • Declarative language • Resource abstraction • client/server model - centralized management with downloadable resources • Platform independent (supports many *nixes) • Relationships and execution order • Can be used with servers and desktops • Recipes “make it so” - ensures correctness and repeatable
  • Puppet Features • Open Source GPL license • Developed in Ruby language • Declarative language • Resource abstraction • client/server model - centralized management with downloadable resources • Platform independent (supports many *nixes) • Relationships and execution order • Can be used with servers and desktops • Recipes “make it so” - ensures correctness and repeatable • Not only for installs but to maintain and upgrade
  • O SSH
  • Net Effects
  • Your Infrastructure is a now a program
  • 10,000 ft Overview
  • Centralized Management
  • Each host gets a Resource Catalog
  • The Configuration Process
  • The Configuration Process 1. Retrieve resource catalog from central server
  • The Configuration Process 1. Retrieve resource catalog from central server 2. Determine resource order
  • The Configuration Process 1. Retrieve resource catalog from central server 2. Determine resource order 3. Check each resource in turn, fixing if necessary
  • The Configuration Process 1. Retrieve resource catalog from central server 2. Determine resource order 3. Check each resource in turn, fixing if necessary 4. Rinse and repeat, every 30 minutes
  • Transactions (for each resource)
  • Transactions (for each resource) 1. Retrieve current state (e.g., by querying dpkg db or doing a stat)
  • Transactions (for each resource) 1. Retrieve current state (e.g., by querying dpkg db or doing a stat) 2. Compare to desired state
  • Transactions (for each resource) 1. Retrieve current state (e.g., by querying dpkg db or doing a stat) 2. Compare to desired state 3. Fix, if necessary (or just log)
  • Configurations are idempotent
  • Configurations are idempotent
  • Idempotency allows management through the lifecycle
  • Resource sorting is done via dependencies Otherwise known as a ‘Resource Graph’
  • Abstraction
  • Portable Resources This:
  • Portable Resources This: Becomes:
  • Portable Resources This: Becomes:
  • Portable Resources This: Becomes:
  • Portable Resources This: Becomes:
  • Portable Resources This: Becomes:
  • What can you manage? • 40+ resource types • Users in NetInfo, useradd, pw and LDAP • Support for Debian, Ubuntu, Red Hat, Solaris, OS X, Gentoo, SuSE, FreeBSD, AIX, HP-UX and more (currently not Windows)
  • Built In Types • augeas • nagios_hostgroup • computer • nagios_service • cron • nagios_servicedependency • exec • nagios_serviceescalation • file • nagios_serviceextinfo • filebucket • nagios_servicegroup • group • nagios_timeperiod • host • notify • k5login • package • macauthorization • resources • mailalias • schedule • maillist • selmodule • mcx • service • mount • ssh_authorized_key • nagios_command • sshkey • nagios_contact • tidy • nagios_contactgroup • user • nagios_host • yumrepo • nagios_hostdependency • zfs • nagios_hostescalation • zone • nagios_hostextinfo • zpool
  • Reuse
  • Same concept, different code Debian
  • Same concept, different code Debian Red Hat
  • Portability and Naming
  • One solution per problem
  • Relationships
  • Relationships matter but are often implicit
  • Relationships matter but are often implicit Package
  • Relationships matter but are often implicit Configuration should get Package modifed after package installation Configuration
  • Relationships matter but are often implicit Configuration should get Package modifed after package installation Service should restart when Configuration configuration changes Service
  • Relationships matter
  • Classes provide Intent
  • Facter
  • What is Facter?
  • What is Facter? • Collects and display facts about the host
  • What is Facter? • Collects and display facts about the host • Integrated into puppet. Variables are inserted into Puppet recipes
  • What is Facter? • Collects and display facts about the host • Integrated into puppet. Variables are inserted into Puppet recipes • Can create custom facts
  • What is Facter? • Collects and display facts about the host • Integrated into puppet. Variables are inserted into Puppet recipes • Can create custom facts • Detects changes and updates variables
  • Sample Output
  • Configuration Files
  • How to manage configuration files?
  • How to manage configuration files? • Direct File
  • How to manage configuration files? • Direct File • Inline Template (erb - ruby template language)
  • How to manage configuration files? • Direct File • Inline Template (erb - ruby template language) • Augeas (new puppet type written by RedHat)
  • File Template source => [ “puppet:///nagios-nrpe/nrpe.${fqdn}.conf”, “puppet:///nagios-nrpe/nrpe.${hostname}.conf”, “puppet:///nagios-nrpe/nrpe.conf ],
  • erb config files content => $config_exim_setup ? { "antispam”=> template("directadmin-exim/exim.antispam.conf.erb"), "custom" => template("directadmin-exim/exim.${hostname}.conf.erb", default => template("directadmin-exim/exim.default.conf.erb"), }, exim.antispam.conf.erb ... <% if config_da_clamd == "true" -%> # enable clamav av_scanner = clamd:/var/run/clamav/clamd.sock <% end -%> ...
  • Augeas • New to Puppet (version 0.24.7) • Currently supports RH/CentOS? • Allows for line by line file editing augeas{"jboss_conf": context => "/files", changes => [ "set /etc/jbossas/jbossas.conf/JBOSS_IP $ipaddress", "set /etc/jbossas/jbossas.conf/JAVA_HOME /usr" ], load_path => "$/usr/share/jbossas/lenses", }
  • Node Classification
  • Puppet’s Internals
  • Puppet scales like HTTPS
  • All communication is via XMLRPC over HTTPS REST over HTTPS in 0.25.x
  • Uses SSL, and provides a Certificate Authority
  • Logs go to syslog (by default)
  • Pros and Cons
  • Pros • Forever changes the way you think about administration. Administration now follows a development lifecycle • Relationships • Make a consistent configuration that always works • External Node classification - (LDAP or external app) • Good open source community
  • Cons • Weak with complex configuration files (Augeas should help) • Scalability issues out of box (uses webrick by default) • Documentation is slightly lacking and wiki needs improvement • Memory pig (especially with 64 bit OSes) • Administration becomes system programming • Test test test! • Bad code, can have massive ripple effects
  • The Competition
  • Puppet vs. Capistrano • Primarily used for app deployment lifecycle (mostly RoR) • On top of SSH • No resource abstraction • similar to existing scripting
  • Puppet vs. Cfengine • Closed sourced • No resource abstraction • No ordering • No code reuse • Cfengine 3 is a much needed improvement
  • Puppet vs. Chef • Puppet uses an external DSL while Chef is Ruby based • Imperative (since is Ruby language) • Chef’s relationship ordering is top down (order of code matters) • No true dependency graph
  • Resources • http://puppet.reductivelabs.com/ • Source Code • Recipes • Wiki • Documentation • Bug Tracker • http://groups.google.com/group/puppet-users • “Pulling Strings with Puppet: Configuration Management Made Easy” - James Turnbull • ERB templates - http://www.ruby-doc.org/stdlib/libdoc/erb/rdoc/
  • NYC Puppet Group • http://groups.google.com/group/puppet-nyc • If demand supports it - monthly • A.D.D. Moment: Don’t forget about marketing research question
  • Questions?
  • After NYLUG TGI Fridays 8:30 PM 677 Lexington Avenue and 56th Street Second floor, Northeast corner.
  • Larry Ludwig Available for Puppet consulting services and best practices. In and out of the cloud Larry Ludwig Email: larry@brandorr.com Twitter: @lludwig Web: brandorr.com