Puppet NBLUG 2008-09

1,719
-1

Published on

Slides for talk I gave about puppet to NBLUG in September 2009.

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,719
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
59
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • My License: http://creativecommons.org/licenses/by-sa/3.0/ -- not all included images fall under that; check links

    Image: http://flickr.com/photos/victornuno/544763827/
  • What is system administration?
    Supporting Customers. Services, not computers. Invisible when done right.
    Ideal SysAdmin: lazy
    http://www.sysadminday.com/whatsysadmin.html

    Photo from: http://flickr.com/photos/emzee/139794246/
  • What is system administration?
    Supporting Customers. Services, not computers. Invisible when done right.
    Ideal SysAdmin: lazy
    http://www.sysadminday.com/whatsysadmin.html

    Photo from: http://flickr.com/photos/emzee/139794246/
  • It was okay to hand-craft; you only had one computer. One computer was all you needed.

    Image From: http://ftp.arl.mil/ftp/historic-computers/
  • Later, maybe more computers. Maybe 2 to have a highly-available cluster or to have one to test with and one to use for “production”

    Image from: http://hampage.hu/vax/kepek/VAXft3000.jpg -- originally from HP
  • The Old Ways
    Hand-crafted. Do every step by hand.
    Image From: http://flickr.com/photos/oaspetele_de_piatra/2680418274/
  • In that environment, it makes sense to hand-manage each system with care.

    Image: Niece, Kaylei Rose
  • Later, maybe more computers. Maybe 2 to have a highly-available cluster or to have one to test with and one to use for “production”.
    95 Unix servers, 27 of them are VMs. 54+ puppet managed. Total server population: ~150 (?)
  • Later, maybe more computers. Maybe 2 to have a highly-available cluster or to have one to test with and one to use for “production”.
    95 Unix servers, 27 of them are VMs. 54+ puppet managed. Total server population: ~150 (?)
  • Later, maybe more computers. Maybe 2 to have a highly-available cluster or to have one to test with and one to use for “production”.
    95 Unix servers, 27 of them are VMs. 54+ puppet managed. Total server population: ~150 (?)
  • Later, maybe more computers. Maybe 2 to have a highly-available cluster or to have one to test with and one to use for “production”.
    95 Unix servers, 27 of them are VMs. 54+ puppet managed. Total server population: ~150 (?)
  • Later, maybe more computers. Maybe 2 to have a highly-available cluster or to have one to test with and one to use for “production”.
    95 Unix servers, 27 of them are VMs. 54+ puppet managed. Total server population: ~150 (?)
  • As you go from 2 to many, one obvious technique: the golden master.
    By hand: work that system to perfection. Then copy up to an image server.

    Image From: http://flickr.com/photos/chitrasudar/2558214472/
  • Then clone your images from the golden master to all of your systems.
    Great for computer labs
    Ghost. Or even kickstart
  • Then clone your images from the golden master to all of your systems.
    Great for computer labs
    Ghost. Or even kickstart
  • But what if you need to make something different?
    4 web servers
    1 DB Server.
    Add a slimmed down image for Virtual machine
    Now you need to make at DB server for a VM?

    How? You have 4 images of the whole OS on a hard drive somewhere, but how do you merge 2 sets of changes together?
  • But what if you need to make something different?
    4 web servers
    1 DB Server.
    Add a slimmed down image for Virtual machine
    Now you need to make at DB server for a VM?

    How? You have 4 images of the whole OS on a hard drive somewhere, but how do you merge 2 sets of changes together?
  • But what if you need to make something different?
    4 web servers
    1 DB Server.
    Add a slimmed down image for Virtual machine
    Now you need to make at DB server for a VM?

    How? You have 4 images of the whole OS on a hard drive somewhere, but how do you merge 2 sets of changes together?
  • http://flickr.com/photos/thaths/1392403911/
    http://flickr.com/photos/odalaigh/2331571735/
    http://flickr.com/photos/chitrasudar/2558214472/
  • http://flickr.com/photos/eschipul/2403443144/
  • http://flickr.com/photos/yersinia/464036939/
  • http://flickr.com/photos/travel_aficionado/2266607520/
  • Fundamental Issue: You want your systems as alike as possible (makes life easier), but you also need to make them different from each other in specific ways.
  • Puppet is a way to automatically manage your systems.
  • Puppet lets you be lazier
    making the computers do all of the work
    BEING documentation

    http://friendfeed.com/e/d6e342f7-d768-ce43-5529-eef2166cabc3/puppetmasterd-People-are-finally-figuring-out/?service=twitter
  • An Analogy
    “A HighLevelLanguage is a ProgrammingLanguage that supports system development at a high LevelOfAbstraction, thereby freeing the developer from keeping in his head lots of details that are irrelevant to the problem at hand.” -- http://c2.com/cgi/wiki?HighLevelLanguage
  • An Analogy
    “A HighLevelLanguage is a ProgrammingLanguage that supports system development at a high LevelOfAbstraction, thereby freeing the developer from keeping in his head lots of details that are irrelevant to the problem at hand.” -- http://c2.com/cgi/wiki?HighLevelLanguage
  • An Analogy
    “A HighLevelLanguage is a ProgrammingLanguage that supports system development at a high LevelOfAbstraction, thereby freeing the developer from keeping in his head lots of details that are irrelevant to the problem at hand.” -- http://c2.com/cgi/wiki?HighLevelLanguage
  • An Analogy
    “A HighLevelLanguage is a ProgrammingLanguage that supports system development at a high LevelOfAbstraction, thereby freeing the developer from keeping in his head lots of details that are irrelevant to the problem at hand.” -- http://c2.com/cgi/wiki?HighLevelLanguage
  • An Analogy
    “A HighLevelLanguage is a ProgrammingLanguage that supports system development at a high LevelOfAbstraction, thereby freeing the developer from keeping in his head lots of details that are irrelevant to the problem at hand.” -- http://c2.com/cgi/wiki?HighLevelLanguage
  • Probably in response to programmers who still wanted to write Assembly
  • “Puppet is a declarative language for expressing system configuration, a client and server for distributing it, and a library for realizing the configuration.”
    New Way to Think: Instead of automating current techniques (files and commands), Puppet reframes the problem.
  • “Puppet is a declarative language for expressing system configuration, a client and server for distributing it, and a library for realizing the configuration.”
    New Way to Think: Instead of automating current techniques (files and commands), Puppet reframes the problem.
  • “Puppet is a declarative language for expressing system configuration, a client and server for distributing it, and a library for realizing the configuration.”
    New Way to Think: Instead of automating current techniques (files and commands), Puppet reframes the problem.
  • “Puppet is a declarative language for expressing system configuration, a client and server for distributing it, and a library for realizing the configuration.”
    New Way to Think: Instead of automating current techniques (files and commands), Puppet reframes the problem.
  • Declarative: You say what you want, not how to do it. nouns, not verbs.
    Semantic: Code has meaning.
    Reproducible: Repeat and get the same results
    Shareable: give to a friend. Or find modules on the internet and use them
    Maintainable
    Extensible: not all that terribly hard to write Resource Types and Providers. Also: define.
  • Declarative: You say what you want, not how to do it. nouns, not verbs.
    Semantic: Code has meaning.
    Reproducible: Repeat and get the same results
    Shareable: give to a friend. Or find modules on the internet and use them
    Maintainable
    Extensible: not all that terribly hard to write Resource Types and Providers. Also: define.
  • Declarative: You say what you want, not how to do it. nouns, not verbs.
    Semantic: Code has meaning.
    Reproducible: Repeat and get the same results
    Shareable: give to a friend. Or find modules on the internet and use them
    Maintainable
    Extensible: not all that terribly hard to write Resource Types and Providers. Also: define.
  • Declarative: You say what you want, not how to do it. nouns, not verbs.
    Semantic: Code has meaning.
    Reproducible: Repeat and get the same results
    Shareable: give to a friend. Or find modules on the internet and use them
    Maintainable
    Extensible: not all that terribly hard to write Resource Types and Providers. Also: define.
  • Declarative: You say what you want, not how to do it. nouns, not verbs.
    Semantic: Code has meaning.
    Reproducible: Repeat and get the same results
    Shareable: give to a friend. Or find modules on the internet and use them
    Maintainable
    Extensible: not all that terribly hard to write Resource Types and Providers. Also: define.
  • Declarative: You say what you want, not how to do it. nouns, not verbs.
    Semantic: Code has meaning.
    Reproducible: Repeat and get the same results
    Shareable: give to a friend. Or find modules on the internet and use them
    Maintainable
    Extensible: not all that terribly hard to write Resource Types and Providers. Also: define.
  • Old: commands and files. New: resources.
    Problems with old way: doesn’t happen at install time. Doesn’t happen if system is unavailable. Doesn’t fix itself (yum/apt server down, typo, broken later, etc). Ugly.
    Could put into install script (kickstart, etc), but then what about later when want to change systems?
    Manage same code twice? Put into an RPM or .DEB? (funky when modifying config files)

    same thing applies to “clusterssh”
  • Old: commands and files. New: resources.
    Problems with old way: doesn’t happen at install time. Doesn’t happen if system is unavailable. Doesn’t fix itself (yum/apt server down, typo, broken later, etc). Ugly.
    Could put into install script (kickstart, etc), but then what about later when want to change systems?
    Manage same code twice? Put into an RPM or .DEB? (funky when modifying config files)

    same thing applies to “clusterssh”
  • Old: commands and files. New: resources.
    Problems with old way: doesn’t happen at install time. Doesn’t happen if system is unavailable. Doesn’t fix itself (yum/apt server down, typo, broken later, etc). Ugly.
    Could put into install script (kickstart, etc), but then what about later when want to change systems?
    Manage same code twice? Put into an RPM or .DEB? (funky when modifying config files)

    same thing applies to “clusterssh”
  • Old: commands and files. New: resources.
    Problems with old way: doesn’t happen at install time. Doesn’t happen if system is unavailable. Doesn’t fix itself (yum/apt server down, typo, broken later, etc). Ugly.
    Could put into install script (kickstart, etc), but then what about later when want to change systems?
    Manage same code twice? Put into an RPM or .DEB? (funky when modifying config files)

    same thing applies to “clusterssh”
  • Old: commands and files. New: resources.
    Problems with old way: doesn’t happen at install time. Doesn’t happen if system is unavailable. Doesn’t fix itself (yum/apt server down, typo, broken later, etc). Ugly.
    Could put into install script (kickstart, etc), but then what about later when want to change systems?
    Manage same code twice? Put into an RPM or .DEB? (funky when modifying config files)

    same thing applies to “clusterssh”
  • Old: commands and files. New: resources.
    Problems with old way: doesn’t happen at install time. Doesn’t happen if system is unavailable. Doesn’t fix itself (yum/apt server down, typo, broken later, etc). Ugly.
    Could put into install script (kickstart, etc), but then what about later when want to change systems?
    Manage same code twice? Put into an RPM or .DEB? (funky when modifying config files)
  • Old: commands and files. New: resources.
    Problems with old way: doesn’t happen at install time. Doesn’t happen if system is unavailable. Doesn’t fix itself (yum/apt server down, typo, broken later, etc). Ugly.
    Could put into install script (kickstart, etc), but then what about later when want to change systems?
    Manage same code twice? Put into an RPM or .DEB? (funky when modifying config files)
  • Old: commands and files. New: resources.
    Problems with old way: doesn’t happen at install time. Doesn’t happen if system is unavailable. Doesn’t fix itself (yum/apt server down, typo, broken later, etc). Ugly.
    Could put into install script (kickstart, etc), but then what about later when want to change systems?
    Manage same code twice? Put into an RPM or .DEB? (funky when modifying config files)
  • Old: commands and files. New: resources.
    Problems with old way: doesn’t happen at install time. Doesn’t happen if system is unavailable. Doesn’t fix itself (yum/apt server down, typo, broken later, etc). Ugly.
    Could put into install script (kickstart, etc), but then what about later when want to change systems?
    Manage same code twice? Put into an RPM or .DEB? (funky when modifying config files)
  • Old: commands and files. New: resources.
    Problems with old way: doesn’t happen at install time. Doesn’t happen if system is unavailable. Doesn’t fix itself (yum/apt server down, typo, broken later, etc). Ugly.
    Could put into install script (kickstart, etc), but then what about later when want to change systems?
    Manage same code twice? Put into an RPM or .DEB? (funky when modifying config files)
  • Let’s build this up a bit
    Restart the box and puppet starts exim (instead of coming up on its own)
  • require <-> after
    subscribe <-> notify
  • hasstatus
    hasrestart
    start, stop, restart, status, pattern
  • groupadd: groupadd, netinfo, etc.
  • command (namevar)
    creates, onlyif, unless, refreshonly
    returns, user, group, timeout, environment, cwd,
  • I would never do this. I think this would work. Might not get a report, since could kill puppet before it’s done with stuff...
  • Like a virtual method in some object-oriented languages.

    Can only manage a resource in one place: this is a kind of workaround.
  • Requires database backend
    sqlite by default
    MySQL or something else required to scale
  • >>>>>>>>>>>>>>>>> STAND >>>>>>>>>>>>>>>>>>>>>>>>>>>
    http://commons.wikimedia.org/wiki/Image:Leontopithecus.rosalia-03-ZOO.Dvur.Kralove.jpg
  • Puppet NBLUG 2008-09

    1. 1. Managing systems with Puppet NBLUG Sept 9, 2008 Eric Eisenhart http://eric.eisenhart.name/
    2. 2. System Administration
    3. 3. System Administration
    4. 4. System Administration “We will encourage you to develop the three great virtues of a programmer: laziness, impatience, and hubris.” --Larry Wall, Programming Perl
    5. 5. One Computer Image From: http://ftp.arl.mil/ftp/historic-computers/
    6. 6. Two Computers Image From http://flickr.com/photos/arthur_pewty/2703897757/
    7. 7. Hand- Crafted
    8. 8. Individually Maintained
    9. 9. Many Computers
    10. 10. Many Computers
    11. 11. Many Computers
    12. 12. Many Computers
    13. 13. Many Computers
    14. 14. Gold Master
    15. 15. Clone
    16. 16. Clone
    17. 17. Clone
    18. 18. Alter
    19. 19. Alter
    20. 20. Alter
    21. 21. Alter ? ?
    22. 22. Multiple Masters?
    23. 23. Change by Hand?
    24. 24. What do you do next time?
    25. 25. Reproducible Process
    26. 26. Same But Different
    27. 27. What is Puppet?
    28. 28. Lazy Puppeteers People are finally figuring out puppet and how it gets you to the pub by 4pm. Note that I've been at this pub since 2pm. -- Jorge Castro
    29. 29. An Analogy
    30. 30. An Analogy
    31. 31. An Analogy Programming SysAdmin Low Level, commands and Assembly Non-Portable, files Some Abstraction, Portability Possible C Cfengine Abstract, Perl, Python, Puppet Portable Ruby
    32. 32. An Analogy Programming SysAdmin Low Level, commands and Assembly Non-Portable, files Some Abstraction, Portability Possible C Cfengine Abstract, Perl, Python, Puppet Portable Ruby
    33. 33. An Analogy Programming SysAdmin Low Level, commands and Assembly Non-Portable, files Some Abstraction, Portability Possible C Cfengine Abstract, Perl, Python, Puppet Portable Ruby
    34. 34. An Analogy Programming SysAdmin Low Level, commands and Assembly Non-Portable, files Some Abstraction, Portability Possible C Cfengine Abstract, Perl, Python, Puppet Portable Ruby
    35. 35. “the most damaging phrase in the language is: `We've always done it this way.’” -- Grace Hopper (developer of the first compiler)
    36. 36. Puppet
    37. 37. Puppet Language
    38. 38. Puppet Language Client & Server
    39. 39. Puppet Language Client & Server Resource Abstraction
    40. 40. Puppet Language Client & Server Resource Abstraction New Way To Think
    41. 41. Puppet Language
    42. 42. Puppet Language Declarative
    43. 43. Puppet Language Declarative Semantic
    44. 44. Puppet Language Declarative Semantic Reproducible
    45. 45. Puppet Language Declarative Semantic Reproducible Shareable
    46. 46. Puppet Language Declarative Semantic Reproducible Shareable Maintainable
    47. 47. Puppet Language Declarative Semantic Reproducible Shareable Maintainable Extensible
    48. 48. Old Way: Kickstart tricks %post if grep -q "release 5" /etc/redhat-release then INSTALL="yum -y install" else INSTALL="up2date-nox" fi $INSTALL exim curl https://master/exim/exim.conf > /etc/exim/exim.conf chkconfig exim on
    49. 49. Old Way: Package tricks Requires: exim %post curl https://master/exim/exim.conf > /etc/exim/exim.conf chkconfig exim on service exim restart %triggerin -- exim curl https://master/exim/exim.conf > /etc/exim/exim.conf service exim restart
    50. 50. Old Way: ssh in a for loop for h in eximbox1 eximbox2 eximbox3; do ssh $h ‘ grep “release 4” /etc/redhat-release && up2date exim grep “release 5” /etc/redhat-release && yum install exim’ scp exim/exim.conf $h:/etc/exim/exim.conf ssh $h /etc/init.d/exim start done
    51. 51. for h in eximbox1 eximbox2 eximbox3; do ssh $h ‘ grep “release 4” /etc/redhat-release && up2date exim grep “release 5” /etc/redhat-release && yum install exim’ scp exim/exim.conf $h:/etc/exim/exim.conf ssh $h /etc/init.d/exim start done node eximbox1, eximbox2, eximbox3 { package { exim: ensure => installed } file { “/etc/exim/exim.conf”: source => “puppet:///exim/exim.conf” } service { exim: ensure => running } }
    52. 52. Old Way: ssh in a for loop Server Client Client Client Client Client Client
    53. 53. Old Way: ssh in a for loop Client Server Client Client Client Client Client
    54. 54. Old Way: ssh in a for loop Client Server Client Client Client Client
    55. 55. Client & Server Server Client
    56. 56. Client & Server Code Server Client
    57. 57. Client & Server Code Server Client
    58. 58. Client & Server Code Server Facts Client
    59. 59. Client & Server Code Server Compile Facts Client
    60. 60. Client & Server Code Server Compile Config Facts Client
    61. 61. Client & Server Code Server Compile Config Facts Run Client
    62. 62. Client & Server Code Server Compile Files Config Facts Run Client
    63. 63. Client & Server Code Server Compile Files Config Report Facts Run Client
    64. 64. Client & Server Code Server Compile Files Config Report Facts Run Sleep Client
    65. 65. Client & Server Code Server Compile Files Config Report Facts Run Sleep Client
    66. 66. Clients & Server Code Server Client Client Client Client Client Client
    67. 67. Expanded Old Way for h in eximbox1 eximbox2 eximbox3; do ssh $h ‘ grep “release 4” /etc/redhat-release && up2date exim grep “release 5” /etc/redhat-release && yum install exim’ scp exim/exim.conf $h:/etc/exim/exim.conf ssh $h /etc/init.d/exim start done
    68. 68. for h in eximbox1 eximbox2 eximbox3; do ssh $h ‘ grep “release 4” /etc/redhat-release && up2date exim grep “release 5” /etc/redhat-release && yum install exim’ scp exim/exim.conf $h:/etc/exim/exim.conf ssh $h /etc/init.d/exim start done node eximbox1, eximbox2, eximbox3 { package { exim: ensure => installed } file { “/etc/exim/exim.conf”: source => “puppet:///exim/exim.conf” } service { exim: ensure => running } }
    69. 69. for h in eximbox1 eximbox2 eximbox3; do ssh root@$h chkconfig exim on done service { exim: ensure => running, enable => true }
    70. 70. package { exim: ensure => installed } file { “exim.conf”: source => “puppet:///exim/exim.conf”, name => “/etc/exim/exim.conf”, require => Package[exim] } service { exim: ensure => running, enable => true, subscribe => [ File[“exim.conf”], Package[exim] ] }
    71. 71. class exim { include spamassassin::client package { exim: ... } file { “exim.conf”: ... } service { “exim”: ...} } class spamassassin { class server { ... } class client { ... } }
    72. 72. node eximbox1, eximbox2 { include exim } node eximbox3 { include exim include spamassassin::server } node spambox { include spamassassin::server }
    73. 73. Client
    74. 74. Client • Collect Facts
    75. 75. Client • Collect Facts • Send Facts
    76. 76. Client • Collect Facts • Send Facts • Receive Configuration
    77. 77. Client • Collect Facts • Send Facts • Receive Configuration • Sort Configuration
    78. 78. Client • Collect Facts • Send Facts • Receive Configuration • Sort Configuration • For Each Resource:
    79. 79. Client • Collect Facts • Send Facts • Receive Configuration • Sort Configuration • For Each Resource: • Check Current State
    80. 80. Client • Collect Facts • Send Facts • Receive Configuration • Sort Configuration • For Each Resource: • Check Current State • Run Required Transactions
    81. 81. Client • Collect Facts • Send Facts • Receive Configuration • Sort Configuration • For Each Resource: • Check Current State • Run Required Transactions • Send Report
    82. 82. Server
    83. 83. Server • Compiler
    84. 84. Server • Compiler • Fileserver
    85. 85. Server • Compiler • Fileserver • Certificate Authority
    86. 86. Server • Compiler • Fileserver • Certificate Authority • Report Handler
    87. 87. Library
    88. 88. Library • Resource Types
    89. 89. Library • Resource Types • Providers
    90. 90. Library • Resource Types • Providers • Resource Abstraction Layer
    91. 91. Resource Abstraction Layer
    92. 92. Resource Abstraction Layer Resource Types
    93. 93. Resource Abstraction Layer Resource Types Providers
    94. 94. Resource Abstraction Layer Resource Types Package Providers
    95. 95. Resource Abstraction Layer Resource Types Package Providers dpkg rpm ports apt yum sun
    96. 96. Resource Abstraction Layer Resource Types Package Service Providers dpkg rpm ports apt yum sun
    97. 97. Resource Abstraction Layer Resource Types Package Service Providers dpkg rpm ports init SMF apt yum sun redhat debian
    98. 98. service { iptables: ensure => running, hasstatus => true, }
    99. 99. host { example: ip => “192.168.7.4”, alias => [“monkey”, “tamarin”] }
    100. 100. file { “/nfs”: ensure => directory; “/nfs/example”: ensure => directory; “/nfs/example/foo”: ensure => directory; }
    101. 101. file { “/nfs”: ensure => directory; “/nfs/example”: ensure => directory; “/nfs/example/foo”: ensure => directory; } file { [ “/nfs”, “/nfs/example”, “/nfs/example/foo” ]: ensure => directory; }
    102. 102. $nfsopts = “vers=3,tcp,intr,hard” mount { "/nfs/example/foo": atboot => true, device => "example:/foo", ensure => "mounted", fstype => "nfs", options => $nfsopts, dump => "0", pass => "0", require => [ Host[example], File["/nfs/example/foo"] ] }
    103. 103. group { monkeys: ensure => present } group { eric: ensure => present } user { eric: ensure => present, comment => “Eric Eisenhart”, managehome => true, groups => [monkeys, admin], before => Group[eric], require => Group[monkeys] }
    104. 104. mailalias { root: recipient => “eric@nblug.org”, }
    105. 105. cron { logrotate: command => “/usr/sbin/logrotate”, user => root, hour => 2, minute => 0, }
    106. 106. exec { “make stuff”: cwd => “/nfs/example/foo”, creates => “/nfs/example/foo/stuff”, require => Mount[“/nfs/example/foo”] }
    107. 107. Conditionals case $operatingsystem { sunos: { include solaris } redhat: { include redhat } }
    108. 108. Conditionals case $operatingsystem { sunos: { include solaris } redhat: { include redhat } } file { “/example”: owner => $operatingsystem ? { sunos => “adm”, redhat => “bin”, }, mode => 0755, owner => root }
    109. 109. Conditionals include yoursite::${operatingsystem} case $operatingsystem { sunos: { include solaris } redhat: { include redhat } } file { “/example”: owner => $operatingsystem ? { sunos => “adm”, redhat => “bin”, }, mode => 0755, owner => root }
    110. 110. Mutually Assured Resurrection $cron = $operatingsystem ? { redhat => “crond”, debian => “cron” } service { cron: name => $cron, ensure => running, } cron { “restart-puppet”: command => “pgrep puppetd || service puppetd restart”, minute => 0, }
    111. 111. Scary package { “kernel”: ensure => latest, notify => Exec[reboot] } exec { “reboot”: refreshonly => true, } Think carefully before using this example
    112. 112. Virtual Resources
    113. 113. Virtual Resources class users { @user { eric: ... } } class sysadmins { include users realize( User[eric] ) } class workstation { include users realize( User[eric] ) }
    114. 114. Exported Resources
    115. 115. Exported Resources class ssh::knownhosts { @@sshkey { $hostname: type => rsa, key => $sshrsakey } Sshkey <<| name != $hostname |>> }
    116. 116. define virtualhost ( $ensure = present, $aliases = [], $path = “/var/www/html/hosts/$hostname” ) { file { “/etc/httpd/conf.d/vh-$name.conf”: content => template(“vhost.erb”), notify => Service[“httpd”], ensure => $ensure } file { $path: ensure => directory } } virtualhost { “nblug.org”: aliases => [“www.nblug.org”] }
    117. 117. Templates <VirtualHost> ServerName <%= hostname %> <% aliases.each do |name| -%> ServerAlias <%= name %> <% end -%> DocumentRoot <%= path %> CustomLog /var/log/httpd/<%= name %>.log ErrorLog /var/log/httpd/<%= name %>.err </VirtualHost>
    118. 118. Modules # cd /etc/puppet/modules/bind/ # find . | grep -v CVS ./README ./manifests ./manifests/init.pp ./manifests/special.pp ./templates ./templates/named.conf.erb ./files ./files/named.root ./files/named.local
    119. 119. ¿ Live Demo ?
    120. 120. Future • More native types and providers • Puppet Common Modules • augeas integration: augeas { "grub timeout": context => "/files/etc/grub.conf", changes => "set timeout 30" } • Test Frameworks?
    121. 121. Questions
    122. 122. End • Puppet: http://puppet.reductivelabs.com/ • More: http://delicious.com/freiheit/puppet • Pulling Strings With Puppet: http://xrl.us/oqpb4 (amazon) • Alternatives: • cfengine (automating the old ways) • Bcfg2 (XML) • LCFG (less OS support) • $$$$ • Me: http://eric.eisenhart.name/ • slide:ology: http://slideology.com/
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×