Uploaded on

Going from zero to Puppet by Pedro Pessoa, Operations Engineer at Server Density. …

Going from zero to Puppet by Pedro Pessoa, Operations Engineer at Server Density.

Abstract: Using out-of-the-box Puppet for non-sysadmin work - steps from going from no config management to managing 100 nodes and allowing non-sysadmin tasks to be performed.

Speaker Bio: Linux admin for 10+ years. Java/Python/C developer 12+ years. Ops engineer at http://www.serverdensity.com - a hosted server and website monitoring service. Currently processing 12TB+ per month into MongoDB running on dedicated and virtual instances.

www.serverdensity.com/puppetcamp/

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
514
On Slideshare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
5
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. From zero to Puppethttp://www.rankpop.com/you-need-to-start-structuring-your-blog-posts-asap/
  • 2. +15TB / mth+1bn docs /mth2-5k inserts/s @ 3ms10K RPM @ 140ms
  • 3. ServersHTTP Load Balancer – 5xApache - 14xBuild - 2xMongoDB - 19x data, 13x routing, 6x configuration, 6x arbiter,
  • 4. HTTP Load Balancer$globalIPs_array = split($globalIPs, ,)<% globalIPs_array.each do |globalIP| ­%>ListenHTTP        # primary public IP address        Address <%= globalIP %>        Port    80
  • 5. Apache
  • 6. Apachefile{ vhost:  path    =>  "/etc/apache2/sites­enabled/${::siteDomain}",  ensure  => file,  content => template(apache­php/vhost.erb),  notify  => Service[apache2],}
  • 7. Apache<VirtualHost *:80>ServerName <%= siteDomain %>DocumentRoot <%= documentRoot %>...        ErrorLog /var/log/apache2/error­<%= siteDomain %>.log<% if @requestLogging and requestLogging == "yes" %> CustomLog /var/log/apache2/access­<%= siteDomain %>.log vhost_combined<% end %><% if enableSSL == "yes" %><VirtualHost *:443>   SSLEngine OnSSLCertificateFile /var/www/ssl/<%= siteDomain %>.crtSSLCertificateKeyFile /var/www/ssl/<%= siteDomain %>.key...
  • 8. $excess_bagage = [                    "ppp",                    "bind9­host",                    "laptop­detect",                    "open­iscsi",                    "libnss3:i386"                  ]package{ $excess_bagage: ensure => purged,}
  • 9. exec{ ufw allow is­1:   command     => /usr/sbin/ufw allow from 184.173.178.67,   unless      => /usr/sbin/ufw status verbose | grep "184.173.178.67",}exec{ ufw enable:   command     => /usr/sbin/ufw enable,   unless      => /usr/sbin/ufw status | grep "Status: active",   Require     => [Exec[ufw allow is­1]],   notify      => Exec[ufw reload],}exec{ ufw reload:   command     => /usr/sbin/ufw reload,   require     => Exec[ufw enable],   refreshonly => true,}
  • 10. SSHfile{ sshd_config:   path    => /etc/ssh/sshd_config,   ensure  => file,   content  => template(sshd/sshd_config.erb),}Port 22Protocol 2AllowUsers david pessoa chris rob wesCompression yes...<% if @duoSecKey and @duoIntKey and @duoHost %> ForceCommand /usr/sbin/login_duo PermitTunnel no AllowTcpForwarding no<% end %>
  • 11. System updatesCANARIES="  aws­prod­apac­singapore­exm­a1  a2.wdc.sl  exm1.wdc.sl  mtx­web1.wdc.sl  sdapp­web1.wdc.sl  sdapi­web1.wdc.sl  "function canaries { echo "REMOVE *­web1.wdc.sl FROM ROTATION!" echo "press ENTER" read echo "have you REALLY removed *­web1.wdc.sl from rotation?" echo "press ENTER" read for i in $CANARIES do echo $i mco rpc puppetral ­I $i create type=exec                        title="/bin/bash ­c apt­get dist­upgrade ­y" done}
  • 12. System updatesfunction reboot_canaries { echo "REMOVE *­web1.wdc.sl FROM ROTATION!" echo "press ENTER" read echo "have you REALLY removed *­web1.wdc.sl from rotation?" echo "press ENTER" read for i in $CANARIES do echo $i mco rpc puppetral ­I $i create type=exec                        title="/bin/bash ­c reboot" echo "­­­­­­­­­­­­­­" done}
  • 13. What to Rebootmco rpc puppetral create type=exec    title="/bin/bash ­c ls /var/run/reboot­required"    | grep ­B 1  "Resource was created"    | grep ".sl" exm1.wdc.sl                                  Status: change from notrun to 0 failed:     /bin/bash ­c ls /var/run/reboot­required     returned 2 instead of one of [0] exm­md1a.wdc.sl                                Status: Resource was created    Resource: {"tags"=>["exec"],               "title"=>"/bin/bash ­c ls /var/run/reboot­required",               "type"=>"Exec",               "parameters"=>{:returns=>:notrun},               "exported"=>false}
  • 14. Live Management - Emergency# Metrics<%= metricsIP %> metrics­svc# Infrastructure services184.173.178.66  puppet...
  • 15. Live Management - Emergency
  • 16. Live Management - Emergency
  • 17. Live Management - Emergency
  • 18. Live Management - Emergency
  • 19. Pedro Pessoapessoa@serverdensity.comwww.serverdensity.com