Your SlideShare is downloading. ×
Puppet Camp 2012
Puppet Camp 2012
Puppet Camp 2012
Puppet Camp 2012
Puppet Camp 2012
Puppet Camp 2012
Puppet Camp 2012
Puppet Camp 2012
Puppet Camp 2012
Puppet Camp 2012
Puppet Camp 2012
Puppet Camp 2012
Puppet Camp 2012
Puppet Camp 2012
Puppet Camp 2012
Puppet Camp 2012
Puppet Camp 2012
Puppet Camp 2012
Puppet Camp 2012
Puppet Camp 2012
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Puppet Camp 2012

591

Published on

Going from zero to Puppet by Pedro Pessoa, Operations Engineer at Server Density. …

Going from zero to Puppet by Pedro Pessoa, Operations Engineer at Server Density.

Abstract: Using out-of-the-box Puppet for non-sysadmin work - steps from going from no config management to managing 100 nodes and allowing non-sysadmin tasks to be performed.

Speaker Bio: Linux admin for 10+ years. Java/Python/C developer 12+ years. Ops engineer at http://www.serverdensity.com - a hosted server and website monitoring service. Currently processing 12TB+ per month into MongoDB running on dedicated and virtual instances.

www.serverdensity.com/puppetcamp/

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
591
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
6
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. From zero to Puppethttp://www.rankpop.com/you-need-to-start-structuring-your-blog-posts-asap/
  • 2. +15TB / mth+1bn docs /mth2-5k inserts/s @ 3ms10K RPM @ 140ms
  • 3. ServersHTTP Load Balancer – 5xApache - 14xBuild - 2xMongoDB - 19x data, 13x routing, 6x configuration, 6x arbiter,
  • 4. HTTP Load Balancer$globalIPs_array = split($globalIPs, ,)<% globalIPs_array.each do |globalIP| ­%>ListenHTTP        # primary public IP address        Address <%= globalIP %>        Port    80
  • 5. Apache
  • 6. Apachefile{ vhost:  path    =>  "/etc/apache2/sites­enabled/${::siteDomain}",  ensure  => file,  content => template(apache­php/vhost.erb),  notify  => Service[apache2],}
  • 7. Apache<VirtualHost *:80>ServerName <%= siteDomain %>DocumentRoot <%= documentRoot %>...        ErrorLog /var/log/apache2/error­<%= siteDomain %>.log<% if @requestLogging and requestLogging == "yes" %> CustomLog /var/log/apache2/access­<%= siteDomain %>.log vhost_combined<% end %><% if enableSSL == "yes" %><VirtualHost *:443>   SSLEngine OnSSLCertificateFile /var/www/ssl/<%= siteDomain %>.crtSSLCertificateKeyFile /var/www/ssl/<%= siteDomain %>.key...
  • 8. $excess_bagage = [                    "ppp",                    "bind9­host",                    "laptop­detect",                    "open­iscsi",                    "libnss3:i386"                  ]package{ $excess_bagage: ensure => purged,}
  • 9. exec{ ufw allow is­1:   command     => /usr/sbin/ufw allow from 184.173.178.67,   unless      => /usr/sbin/ufw status verbose | grep "184.173.178.67",}exec{ ufw enable:   command     => /usr/sbin/ufw enable,   unless      => /usr/sbin/ufw status | grep "Status: active",   Require     => [Exec[ufw allow is­1]],   notify      => Exec[ufw reload],}exec{ ufw reload:   command     => /usr/sbin/ufw reload,   require     => Exec[ufw enable],   refreshonly => true,}
  • 10. SSHfile{ sshd_config:   path    => /etc/ssh/sshd_config,   ensure  => file,   content  => template(sshd/sshd_config.erb),}Port 22Protocol 2AllowUsers david pessoa chris rob wesCompression yes...<% if @duoSecKey and @duoIntKey and @duoHost %> ForceCommand /usr/sbin/login_duo PermitTunnel no AllowTcpForwarding no<% end %>
  • 11. System updatesCANARIES="  aws­prod­apac­singapore­exm­a1  a2.wdc.sl  exm1.wdc.sl  mtx­web1.wdc.sl  sdapp­web1.wdc.sl  sdapi­web1.wdc.sl  "function canaries { echo "REMOVE *­web1.wdc.sl FROM ROTATION!" echo "press ENTER" read echo "have you REALLY removed *­web1.wdc.sl from rotation?" echo "press ENTER" read for i in $CANARIES do echo $i mco rpc puppetral ­I $i create type=exec                        title="/bin/bash ­c apt­get dist­upgrade ­y" done}
  • 12. System updatesfunction reboot_canaries { echo "REMOVE *­web1.wdc.sl FROM ROTATION!" echo "press ENTER" read echo "have you REALLY removed *­web1.wdc.sl from rotation?" echo "press ENTER" read for i in $CANARIES do echo $i mco rpc puppetral ­I $i create type=exec                        title="/bin/bash ­c reboot" echo "­­­­­­­­­­­­­­" done}
  • 13. What to Rebootmco rpc puppetral create type=exec    title="/bin/bash ­c ls /var/run/reboot­required"    | grep ­B 1  "Resource was created"    | grep ".sl" exm1.wdc.sl                                  Status: change from notrun to 0 failed:     /bin/bash ­c ls /var/run/reboot­required     returned 2 instead of one of [0] exm­md1a.wdc.sl                                Status: Resource was created    Resource: {"tags"=>["exec"],               "title"=>"/bin/bash ­c ls /var/run/reboot­required",               "type"=>"Exec",               "parameters"=>{:returns=>:notrun},               "exported"=>false}
  • 14. Live Management - Emergency# Metrics<%= metricsIP %> metrics­svc# Infrastructure services184.173.178.66  puppet...
  • 15. Live Management - Emergency
  • 16. Live Management - Emergency
  • 17. Live Management - Emergency
  • 18. Live Management - Emergency
  • 19. Pedro Pessoapessoa@serverdensity.comwww.serverdensity.com

×