Puppet NBLUG 2008-09
Upcoming SlideShare
Loading in...5
×
 

Puppet NBLUG 2008-09

on

  • 2,088 views

Slides for talk I gave about puppet to NBLUG in September 2009.

Slides for talk I gave about puppet to NBLUG in September 2009.

Statistics

Views

Total Views
2,088
Views on SlideShare
2,085
Embed Views
3

Actions

Likes
1
Downloads
58
Comments
0

2 Embeds 3

http://www.linkedin.com 2
http://www.slideshare.net 1

Accessibility

Upload Details

Uploaded via as Apple Keynote

Usage Rights

CC Attribution-NonCommercial-ShareAlike LicenseCC Attribution-NonCommercial-ShareAlike LicenseCC Attribution-NonCommercial-ShareAlike License

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • My License: http://creativecommons.org/licenses/by-sa/3.0/ -- not all included images fall under that; check links <br /> <br /> Image: http://flickr.com/photos/victornuno/544763827/
  • What is system administration? <br /> Supporting Customers. Services, not computers. Invisible when done right. <br /> Ideal SysAdmin: lazy <br /> http://www.sysadminday.com/whatsysadmin.html <br /> <br /> Photo from: http://flickr.com/photos/emzee/139794246/
  • What is system administration? <br /> Supporting Customers. Services, not computers. Invisible when done right. <br /> Ideal SysAdmin: lazy <br /> http://www.sysadminday.com/whatsysadmin.html <br /> <br /> Photo from: http://flickr.com/photos/emzee/139794246/
  • It was okay to hand-craft; you only had one computer. One computer was all you needed. <br /> <br /> Image From: http://ftp.arl.mil/ftp/historic-computers/
  • Later, maybe more computers. Maybe 2 to have a highly-available cluster or to have one to test with and one to use for &#x201C;production&#x201D; <br /> <br /> Image from: http://hampage.hu/vax/kepek/VAXft3000.jpg -- originally from HP
  • The Old Ways <br /> Hand-crafted. Do every step by hand. <br /> Image From: http://flickr.com/photos/oaspetele_de_piatra/2680418274/
  • In that environment, it makes sense to hand-manage each system with care. <br /> <br /> Image: Niece, Kaylei Rose
  • Later, maybe more computers. Maybe 2 to have a highly-available cluster or to have one to test with and one to use for &#x201C;production&#x201D;. <br /> 95 Unix servers, 27 of them are VMs. 54+ puppet managed. Total server population: ~150 (?)
  • Later, maybe more computers. Maybe 2 to have a highly-available cluster or to have one to test with and one to use for &#x201C;production&#x201D;. <br /> 95 Unix servers, 27 of them are VMs. 54+ puppet managed. Total server population: ~150 (?)
  • Later, maybe more computers. Maybe 2 to have a highly-available cluster or to have one to test with and one to use for &#x201C;production&#x201D;. <br /> 95 Unix servers, 27 of them are VMs. 54+ puppet managed. Total server population: ~150 (?)
  • Later, maybe more computers. Maybe 2 to have a highly-available cluster or to have one to test with and one to use for &#x201C;production&#x201D;. <br /> 95 Unix servers, 27 of them are VMs. 54+ puppet managed. Total server population: ~150 (?)
  • Later, maybe more computers. Maybe 2 to have a highly-available cluster or to have one to test with and one to use for &#x201C;production&#x201D;. <br /> 95 Unix servers, 27 of them are VMs. 54+ puppet managed. Total server population: ~150 (?)
  • As you go from 2 to many, one obvious technique: the golden master. <br /> By hand: work that system to perfection. Then copy up to an image server. <br /> <br /> Image From: http://flickr.com/photos/chitrasudar/2558214472/
  • Then clone your images from the golden master to all of your systems. <br /> Great for computer labs <br /> Ghost. Or even kickstart
  • Then clone your images from the golden master to all of your systems. <br /> Great for computer labs <br /> Ghost. Or even kickstart
  • But what if you need to make something different? <br /> 4 web servers <br /> 1 DB Server. <br /> Add a slimmed down image for Virtual machine <br /> Now you need to make at DB server for a VM? <br /> <br /> How? You have 4 images of the whole OS on a hard drive somewhere, but how do you merge 2 sets of changes together?
  • But what if you need to make something different? <br /> 4 web servers <br /> 1 DB Server. <br /> Add a slimmed down image for Virtual machine <br /> Now you need to make at DB server for a VM? <br /> <br /> How? You have 4 images of the whole OS on a hard drive somewhere, but how do you merge 2 sets of changes together?
  • But what if you need to make something different? <br /> 4 web servers <br /> 1 DB Server. <br /> Add a slimmed down image for Virtual machine <br /> Now you need to make at DB server for a VM? <br /> <br /> How? You have 4 images of the whole OS on a hard drive somewhere, but how do you merge 2 sets of changes together?
  • http://flickr.com/photos/thaths/1392403911/ <br /> http://flickr.com/photos/odalaigh/2331571735/ <br /> http://flickr.com/photos/chitrasudar/2558214472/
  • http://flickr.com/photos/eschipul/2403443144/
  • http://flickr.com/photos/yersinia/464036939/
  • http://flickr.com/photos/travel_aficionado/2266607520/
  • Fundamental Issue: You want your systems as alike as possible (makes life easier), but you also need to make them different from each other in specific ways.
  • Puppet is a way to automatically manage your systems.
  • Puppet lets you be lazier <br /> making the computers do all of the work <br /> BEING documentation <br /> <br /> http://friendfeed.com/e/d6e342f7-d768-ce43-5529-eef2166cabc3/puppetmasterd-People-are-finally-figuring-out/?service=twitter
  • An Analogy <br /> &#x201C;A HighLevelLanguage is a ProgrammingLanguage that supports system development at a high LevelOfAbstraction, thereby freeing the developer from keeping in his head lots of details that are irrelevant to the problem at hand.&#x201D; -- http://c2.com/cgi/wiki?HighLevelLanguage
  • An Analogy <br /> &#x201C;A HighLevelLanguage is a ProgrammingLanguage that supports system development at a high LevelOfAbstraction, thereby freeing the developer from keeping in his head lots of details that are irrelevant to the problem at hand.&#x201D; -- http://c2.com/cgi/wiki?HighLevelLanguage
  • An Analogy <br /> &#x201C;A HighLevelLanguage is a ProgrammingLanguage that supports system development at a high LevelOfAbstraction, thereby freeing the developer from keeping in his head lots of details that are irrelevant to the problem at hand.&#x201D; -- http://c2.com/cgi/wiki?HighLevelLanguage
  • An Analogy <br /> &#x201C;A HighLevelLanguage is a ProgrammingLanguage that supports system development at a high LevelOfAbstraction, thereby freeing the developer from keeping in his head lots of details that are irrelevant to the problem at hand.&#x201D; -- http://c2.com/cgi/wiki?HighLevelLanguage
  • An Analogy <br /> &#x201C;A HighLevelLanguage is a ProgrammingLanguage that supports system development at a high LevelOfAbstraction, thereby freeing the developer from keeping in his head lots of details that are irrelevant to the problem at hand.&#x201D; -- http://c2.com/cgi/wiki?HighLevelLanguage
  • Probably in response to programmers who still wanted to write Assembly
  • &#x201C;Puppet is a declarative language for expressing system configuration, a client and server for distributing it, and a library for realizing the configuration.&#x201D; <br /> New Way to Think: Instead of automating current techniques (files and commands), Puppet reframes the problem.
  • &#x201C;Puppet is a declarative language for expressing system configuration, a client and server for distributing it, and a library for realizing the configuration.&#x201D; <br /> New Way to Think: Instead of automating current techniques (files and commands), Puppet reframes the problem.
  • &#x201C;Puppet is a declarative language for expressing system configuration, a client and server for distributing it, and a library for realizing the configuration.&#x201D; <br /> New Way to Think: Instead of automating current techniques (files and commands), Puppet reframes the problem.
  • &#x201C;Puppet is a declarative language for expressing system configuration, a client and server for distributing it, and a library for realizing the configuration.&#x201D; <br /> New Way to Think: Instead of automating current techniques (files and commands), Puppet reframes the problem.
  • Declarative: You say what you want, not how to do it. nouns, not verbs. <br /> Semantic: Code has meaning. <br /> Reproducible: Repeat and get the same results <br /> Shareable: give to a friend. Or find modules on the internet and use them <br /> Maintainable <br /> Extensible: not all that terribly hard to write Resource Types and Providers. Also: define.
  • Declarative: You say what you want, not how to do it. nouns, not verbs. <br /> Semantic: Code has meaning. <br /> Reproducible: Repeat and get the same results <br /> Shareable: give to a friend. Or find modules on the internet and use them <br /> Maintainable <br /> Extensible: not all that terribly hard to write Resource Types and Providers. Also: define.
  • Declarative: You say what you want, not how to do it. nouns, not verbs. <br /> Semantic: Code has meaning. <br /> Reproducible: Repeat and get the same results <br /> Shareable: give to a friend. Or find modules on the internet and use them <br /> Maintainable <br /> Extensible: not all that terribly hard to write Resource Types and Providers. Also: define.
  • Declarative: You say what you want, not how to do it. nouns, not verbs. <br /> Semantic: Code has meaning. <br /> Reproducible: Repeat and get the same results <br /> Shareable: give to a friend. Or find modules on the internet and use them <br /> Maintainable <br /> Extensible: not all that terribly hard to write Resource Types and Providers. Also: define.
  • Declarative: You say what you want, not how to do it. nouns, not verbs. <br /> Semantic: Code has meaning. <br /> Reproducible: Repeat and get the same results <br /> Shareable: give to a friend. Or find modules on the internet and use them <br /> Maintainable <br /> Extensible: not all that terribly hard to write Resource Types and Providers. Also: define.
  • Declarative: You say what you want, not how to do it. nouns, not verbs. <br /> Semantic: Code has meaning. <br /> Reproducible: Repeat and get the same results <br /> Shareable: give to a friend. Or find modules on the internet and use them <br /> Maintainable <br /> Extensible: not all that terribly hard to write Resource Types and Providers. Also: define.
  • Old: commands and files. New: resources. <br /> Problems with old way: doesn&#x2019;t happen at install time. Doesn&#x2019;t happen if system is unavailable. Doesn&#x2019;t fix itself (yum/apt server down, typo, broken later, etc). Ugly. <br /> Could put into install script (kickstart, etc), but then what about later when want to change systems? <br /> Manage same code twice? Put into an RPM or .DEB? (funky when modifying config files) <br /> <br /> same thing applies to &#x201C;clusterssh&#x201D;
  • Old: commands and files. New: resources. <br /> Problems with old way: doesn&#x2019;t happen at install time. Doesn&#x2019;t happen if system is unavailable. Doesn&#x2019;t fix itself (yum/apt server down, typo, broken later, etc). Ugly. <br /> Could put into install script (kickstart, etc), but then what about later when want to change systems? <br /> Manage same code twice? Put into an RPM or .DEB? (funky when modifying config files) <br /> <br /> same thing applies to &#x201C;clusterssh&#x201D;
  • Old: commands and files. New: resources. <br /> Problems with old way: doesn&#x2019;t happen at install time. Doesn&#x2019;t happen if system is unavailable. Doesn&#x2019;t fix itself (yum/apt server down, typo, broken later, etc). Ugly. <br /> Could put into install script (kickstart, etc), but then what about later when want to change systems? <br /> Manage same code twice? Put into an RPM or .DEB? (funky when modifying config files) <br /> <br /> same thing applies to &#x201C;clusterssh&#x201D;
  • Old: commands and files. New: resources. <br /> Problems with old way: doesn&#x2019;t happen at install time. Doesn&#x2019;t happen if system is unavailable. Doesn&#x2019;t fix itself (yum/apt server down, typo, broken later, etc). Ugly. <br /> Could put into install script (kickstart, etc), but then what about later when want to change systems? <br /> Manage same code twice? Put into an RPM or .DEB? (funky when modifying config files) <br /> <br /> same thing applies to &#x201C;clusterssh&#x201D;
  • Old: commands and files. New: resources. <br /> Problems with old way: doesn&#x2019;t happen at install time. Doesn&#x2019;t happen if system is unavailable. Doesn&#x2019;t fix itself (yum/apt server down, typo, broken later, etc). Ugly. <br /> Could put into install script (kickstart, etc), but then what about later when want to change systems? <br /> Manage same code twice? Put into an RPM or .DEB? (funky when modifying config files) <br /> <br /> same thing applies to &#x201C;clusterssh&#x201D;
  • Old: commands and files. New: resources. <br /> Problems with old way: doesn&#x2019;t happen at install time. Doesn&#x2019;t happen if system is unavailable. Doesn&#x2019;t fix itself (yum/apt server down, typo, broken later, etc). Ugly. <br /> Could put into install script (kickstart, etc), but then what about later when want to change systems? <br /> Manage same code twice? Put into an RPM or .DEB? (funky when modifying config files)
  • Old: commands and files. New: resources. <br /> Problems with old way: doesn&#x2019;t happen at install time. Doesn&#x2019;t happen if system is unavailable. Doesn&#x2019;t fix itself (yum/apt server down, typo, broken later, etc). Ugly. <br /> Could put into install script (kickstart, etc), but then what about later when want to change systems? <br /> Manage same code twice? Put into an RPM or .DEB? (funky when modifying config files)
  • Old: commands and files. New: resources. <br /> Problems with old way: doesn&#x2019;t happen at install time. Doesn&#x2019;t happen if system is unavailable. Doesn&#x2019;t fix itself (yum/apt server down, typo, broken later, etc). Ugly. <br /> Could put into install script (kickstart, etc), but then what about later when want to change systems? <br /> Manage same code twice? Put into an RPM or .DEB? (funky when modifying config files)
  • Old: commands and files. New: resources. <br /> Problems with old way: doesn&#x2019;t happen at install time. Doesn&#x2019;t happen if system is unavailable. Doesn&#x2019;t fix itself (yum/apt server down, typo, broken later, etc). Ugly. <br /> Could put into install script (kickstart, etc), but then what about later when want to change systems? <br /> Manage same code twice? Put into an RPM or .DEB? (funky when modifying config files)
  • Old: commands and files. New: resources. <br /> Problems with old way: doesn&#x2019;t happen at install time. Doesn&#x2019;t happen if system is unavailable. Doesn&#x2019;t fix itself (yum/apt server down, typo, broken later, etc). Ugly. <br /> Could put into install script (kickstart, etc), but then what about later when want to change systems? <br /> Manage same code twice? Put into an RPM or .DEB? (funky when modifying config files)
  • Let&#x2019;s build this up a bit <br /> Restart the box and puppet starts exim (instead of coming up on its own)
  • require after <br /> subscribe notify
  • hasstatus <br /> hasrestart <br /> start, stop, restart, status, pattern
  • groupadd: groupadd, netinfo, etc.
  • command (namevar) <br /> creates, onlyif, unless, refreshonly <br /> returns, user, group, timeout, environment, cwd,
  • I would never do this. I think this would work. Might not get a report, since could kill puppet before it&#x2019;s done with stuff...
  • Like a virtual method in some object-oriented languages. <br /> <br /> Can only manage a resource in one place: this is a kind of workaround.
  • Requires database backend <br /> sqlite by default <br /> MySQL or something else required to scale
  • >>>>>>>>>>>>>>>>> STAND >>>>>>>>>>>>>>>>>>>>>>>>>>> <br /> http://commons.wikimedia.org/wiki/Image:Leontopithecus.rosalia-03-ZOO.Dvur.Kralove.jpg

Puppet NBLUG 2008-09 Puppet NBLUG 2008-09 Presentation Transcript

  • Managing systems with Puppet NBLUG Sept 9, 2008 Eric Eisenhart http://eric.eisenhart.name/
  • System Administration
  • System Administration
  • System Administration “We will encourage you to develop the three great virtues of a programmer: laziness, impatience, and hubris.” --Larry Wall, Programming Perl
  • One Computer Image From: http://ftp.arl.mil/ftp/historic-computers/
  • Two Computers Image From http://flickr.com/photos/arthur_pewty/2703897757/
  • Hand- Crafted
  • Individually Maintained
  • Many Computers
  • Many Computers
  • Many Computers
  • Many Computers
  • Many Computers
  • Gold Master
  • Clone
  • Clone
  • Clone
  • Alter
  • Alter
  • Alter
  • Alter ? ?
  • Multiple Masters?
  • Change by Hand?
  • What do you do next time?
  • Reproducible Process
  • Same But Different
  • What is Puppet?
  • Lazy Puppeteers People are finally figuring out puppet and how it gets you to the pub by 4pm. Note that I've been at this pub since 2pm. -- Jorge Castro
  • An Analogy
  • An Analogy
  • An Analogy Programming SysAdmin Low Level, commands and Assembly Non-Portable, files Some Abstraction, Portability Possible C Cfengine Abstract, Perl, Python, Puppet Portable Ruby
  • An Analogy Programming SysAdmin Low Level, commands and Assembly Non-Portable, files Some Abstraction, Portability Possible C Cfengine Abstract, Perl, Python, Puppet Portable Ruby
  • An Analogy Programming SysAdmin Low Level, commands and Assembly Non-Portable, files Some Abstraction, Portability Possible C Cfengine Abstract, Perl, Python, Puppet Portable Ruby
  • An Analogy Programming SysAdmin Low Level, commands and Assembly Non-Portable, files Some Abstraction, Portability Possible C Cfengine Abstract, Perl, Python, Puppet Portable Ruby
  • “the most damaging phrase in the language is: `We've always done it this way.’” -- Grace Hopper (developer of the first compiler)
  • Puppet
  • Puppet Language
  • Puppet Language Client & Server
  • Puppet Language Client & Server Resource Abstraction
  • Puppet Language Client & Server Resource Abstraction New Way To Think
  • Puppet Language
  • Puppet Language Declarative
  • Puppet Language Declarative Semantic
  • Puppet Language Declarative Semantic Reproducible
  • Puppet Language Declarative Semantic Reproducible Shareable
  • Puppet Language Declarative Semantic Reproducible Shareable Maintainable
  • Puppet Language Declarative Semantic Reproducible Shareable Maintainable Extensible
  • Old Way: Kickstart tricks %post if grep -q "release 5" /etc/redhat-release then INSTALL="yum -y install" else INSTALL="up2date-nox" fi $INSTALL exim curl https://master/exim/exim.conf > /etc/exim/exim.conf chkconfig exim on
  • Old Way: Package tricks Requires: exim %post curl https://master/exim/exim.conf > /etc/exim/exim.conf chkconfig exim on service exim restart %triggerin -- exim curl https://master/exim/exim.conf > /etc/exim/exim.conf service exim restart
  • Old Way: ssh in a for loop for h in eximbox1 eximbox2 eximbox3; do ssh $h ‘ grep “release 4” /etc/redhat-release && up2date exim grep “release 5” /etc/redhat-release && yum install exim’ scp exim/exim.conf $h:/etc/exim/exim.conf ssh $h /etc/init.d/exim start done
  • for h in eximbox1 eximbox2 eximbox3; do ssh $h ‘ grep “release 4” /etc/redhat-release && up2date exim grep “release 5” /etc/redhat-release && yum install exim’ scp exim/exim.conf $h:/etc/exim/exim.conf ssh $h /etc/init.d/exim start done node eximbox1, eximbox2, eximbox3 { package { exim: ensure => installed } file { “/etc/exim/exim.conf”: source => “puppet:///exim/exim.conf” } service { exim: ensure => running } }
  • Old Way: ssh in a for loop Server Client Client Client Client Client Client
  • Old Way: ssh in a for loop Client Server Client Client Client Client Client
  • Old Way: ssh in a for loop Client Server Client Client Client Client
  • Client & Server Server Client
  • Client & Server Code Server Client
  • Client & Server Code Server Client
  • Client & Server Code Server Facts Client
  • Client & Server Code Server Compile Facts Client
  • Client & Server Code Server Compile Config Facts Client
  • Client & Server Code Server Compile Config Facts Run Client
  • Client & Server Code Server Compile Files Config Facts Run Client
  • Client & Server Code Server Compile Files Config Report Facts Run Client
  • Client & Server Code Server Compile Files Config Report Facts Run Sleep Client
  • Client & Server Code Server Compile Files Config Report Facts Run Sleep Client
  • Clients & Server Code Server Client Client Client Client Client Client
  • Expanded Old Way for h in eximbox1 eximbox2 eximbox3; do ssh $h ‘ grep “release 4” /etc/redhat-release && up2date exim grep “release 5” /etc/redhat-release && yum install exim’ scp exim/exim.conf $h:/etc/exim/exim.conf ssh $h /etc/init.d/exim start done
  • for h in eximbox1 eximbox2 eximbox3; do ssh $h ‘ grep “release 4” /etc/redhat-release && up2date exim grep “release 5” /etc/redhat-release && yum install exim’ scp exim/exim.conf $h:/etc/exim/exim.conf ssh $h /etc/init.d/exim start done node eximbox1, eximbox2, eximbox3 { package { exim: ensure => installed } file { “/etc/exim/exim.conf”: source => “puppet:///exim/exim.conf” } service { exim: ensure => running } }
  • for h in eximbox1 eximbox2 eximbox3; do ssh root@$h chkconfig exim on done service { exim: ensure => running, enable => true }
  • package { exim: ensure => installed } file { “exim.conf”: source => “puppet:///exim/exim.conf”, name => “/etc/exim/exim.conf”, require => Package[exim] } service { exim: ensure => running, enable => true, subscribe => [ File[“exim.conf”], Package[exim] ] }
  • class exim { include spamassassin::client package { exim: ... } file { “exim.conf”: ... } service { “exim”: ...} } class spamassassin { class server { ... } class client { ... } }
  • node eximbox1, eximbox2 { include exim } node eximbox3 { include exim include spamassassin::server } node spambox { include spamassassin::server }
  • Client
  • Client • Collect Facts
  • Client • Collect Facts • Send Facts
  • Client • Collect Facts • Send Facts • Receive Configuration
  • Client • Collect Facts • Send Facts • Receive Configuration • Sort Configuration
  • Client • Collect Facts • Send Facts • Receive Configuration • Sort Configuration • For Each Resource:
  • Client • Collect Facts • Send Facts • Receive Configuration • Sort Configuration • For Each Resource: • Check Current State
  • Client • Collect Facts • Send Facts • Receive Configuration • Sort Configuration • For Each Resource: • Check Current State • Run Required Transactions
  • Client • Collect Facts • Send Facts • Receive Configuration • Sort Configuration • For Each Resource: • Check Current State • Run Required Transactions • Send Report
  • Server
  • Server • Compiler
  • Server • Compiler • Fileserver
  • Server • Compiler • Fileserver • Certificate Authority
  • Server • Compiler • Fileserver • Certificate Authority • Report Handler
  • Library
  • Library • Resource Types
  • Library • Resource Types • Providers
  • Library • Resource Types • Providers • Resource Abstraction Layer
  • Resource Abstraction Layer
  • Resource Abstraction Layer Resource Types
  • Resource Abstraction Layer Resource Types Providers
  • Resource Abstraction Layer Resource Types Package Providers
  • Resource Abstraction Layer Resource Types Package Providers dpkg rpm ports apt yum sun
  • Resource Abstraction Layer Resource Types Package Service Providers dpkg rpm ports apt yum sun
  • Resource Abstraction Layer Resource Types Package Service Providers dpkg rpm ports init SMF apt yum sun redhat debian
  • service { iptables: ensure => running, hasstatus => true, }
  • host { example: ip => “192.168.7.4”, alias => [“monkey”, “tamarin”] }
  • file { “/nfs”: ensure => directory; “/nfs/example”: ensure => directory; “/nfs/example/foo”: ensure => directory; }
  • file { “/nfs”: ensure => directory; “/nfs/example”: ensure => directory; “/nfs/example/foo”: ensure => directory; } file { [ “/nfs”, “/nfs/example”, “/nfs/example/foo” ]: ensure => directory; }
  • $nfsopts = “vers=3,tcp,intr,hard” mount { "/nfs/example/foo": atboot => true, device => "example:/foo", ensure => "mounted", fstype => "nfs", options => $nfsopts, dump => "0", pass => "0", require => [ Host[example], File["/nfs/example/foo"] ] }
  • group { monkeys: ensure => present } group { eric: ensure => present } user { eric: ensure => present, comment => “Eric Eisenhart”, managehome => true, groups => [monkeys, admin], before => Group[eric], require => Group[monkeys] }
  • mailalias { root: recipient => “eric@nblug.org”, }
  • cron { logrotate: command => “/usr/sbin/logrotate”, user => root, hour => 2, minute => 0, }
  • exec { “make stuff”: cwd => “/nfs/example/foo”, creates => “/nfs/example/foo/stuff”, require => Mount[“/nfs/example/foo”] }
  • Conditionals case $operatingsystem { sunos: { include solaris } redhat: { include redhat } }
  • Conditionals case $operatingsystem { sunos: { include solaris } redhat: { include redhat } } file { “/example”: owner => $operatingsystem ? { sunos => “adm”, redhat => “bin”, }, mode => 0755, owner => root }
  • Conditionals include yoursite::${operatingsystem} case $operatingsystem { sunos: { include solaris } redhat: { include redhat } } file { “/example”: owner => $operatingsystem ? { sunos => “adm”, redhat => “bin”, }, mode => 0755, owner => root }
  • Mutually Assured Resurrection $cron = $operatingsystem ? { redhat => “crond”, debian => “cron” } service { cron: name => $cron, ensure => running, } cron { “restart-puppet”: command => “pgrep puppetd || service puppetd restart”, minute => 0, }
  • Scary package { “kernel”: ensure => latest, notify => Exec[reboot] } exec { “reboot”: refreshonly => true, } Think carefully before using this example
  • Virtual Resources
  • Virtual Resources class users { @user { eric: ... } } class sysadmins { include users realize( User[eric] ) } class workstation { include users realize( User[eric] ) }
  • Exported Resources
  • Exported Resources class ssh::knownhosts { @@sshkey { $hostname: type => rsa, key => $sshrsakey } Sshkey <<| name != $hostname |>> }
  • define virtualhost ( $ensure = present, $aliases = [], $path = “/var/www/html/hosts/$hostname” ) { file { “/etc/httpd/conf.d/vh-$name.conf”: content => template(“vhost.erb”), notify => Service[“httpd”], ensure => $ensure } file { $path: ensure => directory } } virtualhost { “nblug.org”: aliases => [“www.nblug.org”] }
  • Templates <VirtualHost> ServerName <%= hostname %> <% aliases.each do |name| -%> ServerAlias <%= name %> <% end -%> DocumentRoot <%= path %> CustomLog /var/log/httpd/<%= name %>.log ErrorLog /var/log/httpd/<%= name %>.err </VirtualHost>
  • Modules # cd /etc/puppet/modules/bind/ # find . | grep -v CVS ./README ./manifests ./manifests/init.pp ./manifests/special.pp ./templates ./templates/named.conf.erb ./files ./files/named.root ./files/named.local
  • ¿ Live Demo ?
  • Future • More native types and providers • Puppet Common Modules • augeas integration: augeas { "grub timeout": context => "/files/etc/grub.conf", changes => "set timeout 30" } • Test Frameworks?
  • Questions
  • End • Puppet: http://puppet.reductivelabs.com/ • More: http://delicious.com/freiheit/puppet • Pulling Strings With Puppet: http://xrl.us/oqpb4 (amazon) • Alternatives: • cfengine (automating the old ways) • Bcfg2 (XML) • LCFG (less OS support) • $$$$ • Me: http://eric.eisenhart.name/ • slide:ology: http://slideology.com/