• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Virtualization and automation of library software/machines + Puppet
 

Virtualization and automation of library software/machines + Puppet

on

  • 1,202 views

 

Statistics

Views

Total Views
1,202
Views on SlideShare
1,202
Embed Views
0

Actions

Likes
0
Downloads
0
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

CC Attribution License

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Virtualization and automation of library software/machines + Puppet Virtualization and automation of library software/machines + Puppet Presentation Transcript

    • Introduction 2• Virtualization – What is it? – Hands-on lab• Automation – How do you mean? – Hands-on lab• Puppet – Manipulating – Hands-on lab• Questions?
    • Virtualization: What is it? 3• Stand alone server – Host & Guest• Dedicated Server – Guest => Virtual Machine – Host => Actual machine• Benefits – Less physical machines – Easy to move
    • Virtualization: What is it? 4• Virtualization today: – VMware -> vsphere – Microsoft -> Hyper-V – Redhat -> RHEV – VMware player http://www.vmware.com/products/player/ – VMware esxi http://www.vmware.com/products/vsphere-hypervisor/overview.html – VirtualBox http://www.virtualbox.org/ – KVM http://www.linux-kvm.org/page/Main_Page – Xen http://www.xen.org/
    • Virtualization: Hands-on lab 5
    • Virtualization: Hands-on lab 6
    • Virtualization: Hands-on lab 7
    • Virtualization: Hands-on lab 8
    • Virtualization: Hands-on lab 9
    • Virtualization: Hands-on lab 10
    • Virtualization: Hands-on lab 11
    • Automation: How do you mean? 12• Installing OS – > insert disc, choose options, configure root, etc… – > Login, create users, configure server –>…• Automation = install steps written in file – Kickstart – Preseed
    • Automation: How do you mean? 13• Creating kickstart file – Set language, keyboard, timezone, root password, network, … lang en_US langsupport en_US.UTF-8 keyboard us timezone --utc Europe/Brussels rootpw *** text skipx install cdrom zerombr bootloader --location=mbr network --bootproto=dhcp key XXXXXXXXXXXXXXXX• Hard disc formating clearpart --all --initlabel part /boot --fstype ext3 --size=150 --ondisk=sda part / --fstype=ext3 --size=1024 --ondisk=sda part swap --size=7644 --ondisk=sda part pv.6 --size=0 --grow --ondisk=sda volgroup vg00 --pesize=32768 pv.6 logvol /var/log --fstype ext3 --name=varlog --vgname=vg00 --size=2048
    • Automation: How do you mean? 14• Hard disc – Additional partition exlibris (35GB) clearpart --all --initlabel part /boot --fstype ext3 --size=150 --ondisk=sda part / --fstype=ext3 --size=1024 --ondisk=sda part swap --size=4096 --ondisk=sda part pv.6 --size=0 --grow --ondisk=sda volgroup vg00 --pesize=32768 pv.6 logvol /var/log --fstype ext3 --name=varlog --vgname=vg00 --size=2048 logvol /var --fstype ext3 --name=var --vgname=vg00 --size=1536 logvol /tmp --fstype ext3 --name=tmp --vgname=vg00 --size=5120 logvol /opt --fstype ext3 --name=opt --vgname=vg00 --size=1024 logvol /usr --fstype ext3 --name=usr --vgname=vg00 --size=4096 logvol /home --fstype ext3 --name=home --vgname=vg00 --size=512 logvol /exlibris --fstype ext3 --name=exlibris --vgname=vg00 --size=35840• End script auth --useshadow --enablemd5 selinux --disabled firewall --enabled --ssh firstboot --disabled reboot --eject
    • Automation: How do you mean? 15• Add packages repo --name=epel --baseurl=http://dl.fedoraproject.org/pub/epel/5/x86_64/ %packages @core epel-release-5-4 screen ruby puppet• Post – Define hostname, register with RedHat, set puppetmaster %post --log=/root/postinstall.log # set hostname to the dns one IP=`ifconfig eth0 | grep "addr:" | cut -d: -f2 | cut -d -f1` HOSTNAME=`nslookup $IP | grep "name =" | cut -d= -f2 | sed s/.(.*)./1/` SHORTHOSTNAME=`nslookup $IP | grep "name =" | cut -d= -f2 | sed s/.(.*)./1/ | cut -d. -f1` # replace the hostname in the network configuration grep -v "HOSTNAME" /etc/sysconfig/network > /tmp/network echo "HOSTNAME=${HOSTNAME}" >> /tmp/network cp /tmp/network /etc/sysconfig/network echo "${IP} ${HOSTNAME} ${SHORTHOSTNAME}" >> /etc/hosts rhnreg_ks --profilename=${HOSTNAME} --activationkey=XXXXXXXXXXXXX
    • Automation: How do you mean? 16• Users and SSH – Add user, disable root-ssh-login, config port ssh, update system # Create user install useradd --uid 900 install # Set passwd for user install echo "***" | passwd --stdin install # Disable ssh rootlogin sed -e s/^#PermitRootLoginsyes$/PermitRootLogin no/ < /etc/ssh/sshd_config > /tmp/sshd_config # Use port 22000 as default sed -e s/^#Ports22$/Port 22000/ < /tmp/sshd_config > /tmp/sshd_config2 mv /tmp/sshd_config2 /etc/ssh/sshd_config rm /tmp/sshd_config # Open non default port 22000 for ssh sed -e s/--dports22/--dport 22000/ < /etc/sysconfig/iptables > /tmp/iptables mv /tmp/iptables /etc/sysconfig/iptables /usr/bin/yum clean all /usr/bin/yum -y update /usr/bin/yum clean all
    • Automation: Hands-on lab 17• Try to create SFX-installation - Packages /usr/bin/yum -y install glibc unixODBC unixODBC-devel e2fsprogs-libs expat libxml2 zlib libxslt libgcrypt libgpg-error krb5-libs keyutils-libs libselinux libsepol gmp pcre libaio gdbm libstdc++ ncurses bzip2-libs /usr/bin/yum clean all #Disable selinux echo 0 > /selinux/enforce #stop iptables /etc/init.d/iptables stop #disable iptables /sbin/chkconfig --level 2345 iptables off – Sfx-installer can extract only • ./sfx_version_4_linux64_installer.run --confirm – Sfx-installer can run without disclaimer • ./starter.sh nodisclaimer
    • Automation: Hands-on lab 18• Sfx-installer can extract only• Sfx-installer can run without disclaimer
    • Automation: Hands-on lab 19• Sfx-installer can use auto answer-file – Sfx-installer can extract only – Sfx-installer can run without disclaimer
    • Automation: Hands-on lab 20• How to do this? mkdir -m777 /exlibris/ftp_from_exlibris cd /exlibris/ftp_from_exlibris wget http://sartre.ugent.be/bt/sfx_version_4_linux64_installer.run‘ chmod a+x sfx_version_4_linux64_installer.run /bin/echo “LICENSE-SFXGLB41" > license.txt /bin/echo “LICENSE-SFXLCL41" >> license.txt /bin/echo “LICENSE-SFXTST41" >> license.txt # extract sfx_installer echo "y" > answer.txt echo "n" >> answer.txt ./sfx_version_4_linux64_installer.run --confirm < answer.txt #start installer cd build echo "y" > answer.txt echo "3410" >> answer.txt echo "n" >> answer.txt ./starter.sh nodisclaimer < answer.txt # Set passwd for users sfx echo "***" | passwd --stdin sfxglb41 echo "***" | passwd --stdin sfxlcl41 echo "***" | passwd --stdin sfxtst41
    • Automation: Hands-on lab 21• Finishing script # Add port 80 for browsing sed -e s/^Listens3410$/Listen 80nListen 3410/ < /exlibris/sfx_ver/sfx4_1/proxy/conf/httpd.conf > /tmp/httpproxy.conf mv /tmp/httpproxy.conf /exlibris/sfx_ver/sfx4_1/proxy/conf/httpd.conf # Open the port in the firewall sed /23000/i-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -- dport 80 -j ACCEPT < /etc/sysconfig/iptables > /tmp/iptables sed /23000/i-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -- dport 3410 -j ACCEPT < /tmp/iptables > /etc/sysconfig/iptables #Enable back iptables /sbin/chkconfig --level 2345 iptables on
    • Automation: Hands-on lab 22
    • Automation: Hands-on lab 23
    • Virtualization: Hands-on lab 24
    • Puppet: Manipulating 25• Automation software• DSL Language written in Ruby• Client / server oriented• Repeatable processes• Abstraction layers
    • Puppet: Manipulating 26• Abstraction layers? – Package managers | User management | Services Apt, dpkg, yum, rpm, pkg, … | useradd, adduser, dscl, …
    • Puppet: Manipulating 27• Server structure ‒ puppet/ ‒ manifests/ ‒ environments / ‒ production / ‒ modules / ‒ [a-z][a-z0-9_]* / ‒ files / ‒ manifests / ‒ init.pp ‒ templates / ‒ tests / ‒ manifests / ‒ nodes.pp ‒ development /
    • Puppet: Manipulating 28• Nodes.pp node HOSTNAME { include apache; class { ntp: enable => false; } apache::vhost { personal_site: port => 80, docroot => /var/www/personal, options => Indexes MultiViews‘; } }• Module – [a-z][a-z0-9_]* (except main, settings)
    • Puppet: Manipulating 29 ‒modules /• init.pp ‒[a-z][a-z0-9_]* / ‒files / – Class-name same as module ‒service.conf ‒manifests / ‒init.pp• otherclass.pp ‒otherclass.pp ‒templates / – my_module::otherclass ‒template.erb ‒tests /• files/service.conf – puppet:///modules/my_module/service.conf• templates/template.erb – template(my_module/template.erb)
    • Puppet: Manipulating 30• Built-in resources: – file file { ‘/exlibris’: ensure => directory, mode => 777, group => exlibris; } file {‘/exlibris/ftp_from_exlibris/build/answer.txt’: ensure => present, content => "yn3410nn", require => Exec["extract_sfx"]; } file { ‘/exlibris’: ensure => directory, mode => 777, group => exlibris; ‘/exlibris/ftp_from_exlibris/build/answer.txt’: ensure => present, content => "yn3410nn", require => Exec["extract_sfx"]; }
    • Puppet: Manipulating 31 – package package { ‘glibc’: ensure => ‘installed’; ‘unixODBC’: ensure => ‘installed’; ‘unixODBC-devel’ ensure => ‘latest’; ‘gdbm.i686’: ensure => ‘2.2.16-6’;}Package { ensure => ‘installed’ }$package2install = [ ‘glibc’, ‘unixODBC’, ‘unixODBC-devel’, ‘gdbm.i686’ ]package { $package2install: } – exec exec { ‘download_installer’: command => ‘./sfx_version_4_linux64_installer.run --confirm < answer.txt’, cwd => ‘/exlibris/ftp_from_exlibris’, creates => ‘/exlibris/ftp_from_exlibris/build’, require => File[‘/exlibris/ftp_from_exlibris’];}
    • Puppet: Manipulating 32 – user & groupuser { ‘ca20c800’: ensure => ‘present’, group { ‘ca20c800’: comment => ‘Comment for user’, ensure => ‘present’, uid => ‘600’, gid => ‘600’; gid => ‘600’, } membership => minimum, shell => ‘/bin/bash’, home => ‘/home/$title", require => Group[$title], password => ‘***’; } – ± 40 different resource types • cron • mount • yumrepo
    • Puppet: Hands-on lab 33• Sfx & puppet class sfx { Package { ensure => "installed"} $package2install = [ "glibc", "unixODBC-devel", "e2fsprogs- libs", "unixODBC", "expat", "libxml2", "zlib", "libxslt", "libgcrypt", "libgpg- error", "krb5-libs", "keyutils- libs", "libselinux", "libsepol", "gmp", "pcre.i686", "pcre.x86_64", "libaio", " gdbm.i686", "gdbm.x86_64", "libstdc++", "ncurses", "bzip2-libs.i686", "bzip2- libs.x86_64" ] package { $package2install: } concat::fragment { "/etc/sysconfig/iptables.sfx.server": target => "/etc/sysconfig/iptables", source => puppet:///modules/sfx/iptables.server, order => 200, }
    • Puppet: Hands-on lab 34• Sfx & puppet file { ‘/exlibris’: ensure => directory, group => exlibris; ‘/exlibris/ftp_from_exlibris’: ensure => directory, group => exlibris, mode => 777, require => File[‘/exlibris’]; ‘/exlibris/ftp_from_exlibris/answer.txt’: ensure => present, content => ‘ynn’, ‘/exlibris/ftp_from_exlibris/build/answer.txt’: ensure => present, content => ‘yn3410nn’, require => Exec[‘extract_sfx"]; }
    • Puppet: Hands-on lab 35• Sfx & puppet exec { "download_installer": command => "/usr/bin/wget http://sartre.ugent.be/bt/sfx_version_4_linux64_installer.run -O sfx_version_4_linux64_installer.run; /bin/chmod a+x sfx_version_4_linux64_installer.run", cwd => "/exlibris/ftp_from_exlibris", creates => "/exlibris/ftp_from_exlibris/sfx_version_4_linux64_installer.run", require => File["/exlibris/ftp_from_exlibris"]; "get_license": command => "/usr/bin/wget http://lib.ugent.be/files/elag2012/${hostname}.license -O license.txt", cwd => "/exlibris/ftp_from_exlibris", creates => "/exlibris/ftp_from_exlibris/license.txt", require => File["/exlibris/ftp_from_exlibris"]; "extract_sfx": command => "./sfx_version_4_linux64_installer.run --confirm < answer.txt", cwd => "/exlibris/ftp_from_exlibris", creates => "/exlibris/ftp_from_exlibris/build", require => File["/exlibris/ftp_from_exlibris/answer.txt"]; "installing_sfx": command => "/etc/init.d/iptables stop; /sbin/chkconfig --level 2345 iptables off; ./starter.sh nodisclaimer < answer.txt", cwd => "/exlibris/ftp_from_exlibris/build", creates => "/exlibris/sfx_ver", timeout => "1800", require => File["/exlibris/ftp_from_exlibris/build/answer.txt"]; }
    • Puppet: Hands-on lab 36• Server node node ca20c802 { class { basenode:; vmware::tools:; selinux::disable:; exlibris:; sfx:; icinga: nrpe_allowed_hosts => ‘x.x.x.x; icinga::plugins::checksfx: perfdata => true; } }
    • Puppet: Hands-on lab 37• Sfx-class class exlibris { realize User_create[exlibris] realize User_create[ca20c801] realize User_create[ca20c802] realize User_create[ca20c803] realize User_create[ca20c804] concat::fragment { "/etc/sysconfig/iptables.exlibris.server": target => "/etc/sysconfig/iptables", source => puppet:///modules/exlibris/iptables.server, order => 150, } }
    • Questions? 38 • Questions? http://www.vmware.com http://fedoraproject.org/wiki/Anaconda/Kickstart http://www.puppetlabs.com  Omar.Reygaert@UGent.be