Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Puppet Systems Infrastructure Construction Kit

A presentation of PSICK, a Puppet control repo and a module to speedup the setup of a smart and extensible infrastructure.

  • Login to see the comments

  • Be the first to like this

Puppet Systems Infrastructure Construction Kit

  1. 1. Puppet Systems Infrastructure Construction Kit Alessandro Franceschi
 @alvagante
  2. 2. Puppet masters' dilemmas
  3. 3. Make sense of the whole: Language, resources, classes, modules, facts, variables, templates, hiera... Decide how to classify nodes Manage configurations variety Find and integrate existing modules:
 Try, integrate, use, wrap.
 Adapt, fight, fork.
 Or write from them scratch. Design Hiera hierarchies. What's data.
 How's data.
 Who uses data. Puppet masters' dilemmas
  4. 4. 10 years of public Puppet ramblings
  5. 5. 2008 Example(42) Puppet infrastructures
 First set of example42 modules 2010 Puppi 2010 Example42 NextGen modules 2012 Puppet Playground 2014 Tiny Puppet 2016 Reusable control-repo 2017 PSICK module and control-repo 10 years of public
 Puppet ramblings
  6. 6. A state of the (current) art
 Puppet control-repo
 github.com/example42/psick An Infrastructure
 Puppet module
 github.com/example42/puppet-psick Requires Puppet 4.6 or later Usable (cherry picking single elements) by:
 - Puppet Beginners who can cope with just [YAML] data over DSL
 - Experienced Sysadmins who know how to configure their files - Puppet Experts interested in radically alternative approaches to Puppet dilemmas
  7. 7. A control-repo with psick powers

  8. 8. Support for Linux, Windows [and...]
 Toolset for the Puppet developer
 Multi OS Puppet installer
 CI with GitLab, Travis, Jenkins
 Sample hiera datasets 
 Docker image building
 Testing local code on containers
 Testing local code on Vagrant VMs
 Multiple configurable Vagrant env
 Multi OS Vagrant boxes
 Automatic control-repo docs
 Noop and no-noop management
 Control-repo spec tests
 Control-repo integration tests
 Quick Puppet Enterprise test env
 Fabric integration [...] A control-repo with
 psick powers
 github.com/example42/psick
  9. 9. An Infrastructure puppet module

  10. 10. What is an Infrastructure module?! Install: puppet module install example42/psick Usage: include psick Nothing is done by default.
 Everything is configured via Hiera. It has 3 opt-in functions:
 - classification
 - base profiles for common use cases
 - tp profiles for [any] application An Infrastructure
 puppet module
 github.com/example42/puppet-psick
  11. 11. Classification with psick module
  12. 12. Phased classification:
 [firstrun] -> pre -> base -> profiles
 
 Hiera deep merge lookup to OS dependent hashes
 with the classes to include in each phase psick::enable_firstrun: true #Def: false
 psick::firstrun::linux_classes:
 aws_sdk: psick::aws::sdk
 psick::firstrun::windows_classes:
 hostname: psick::hostname
 
 psick::pre::linux_classes:
 repo: psick::repo
 users: psick::users
 psick::base::linux_classes:
 mail: psick::postfix::tp
 ssh: psick::openssh
 sudo: psick::sudo
 network: network
 
 psick::pre::windows_classes:
 hosts: psick::hosts::resource
 psick::base::windows_classes:
 features: psick::windows::features
 registry: psick::windows::registry Classification with psick
  13. 13. psick profiles
  14. 14. Ready for use and cherry pick profiles to manage common system and applications configurations. Alternative to dedicated modules psick::profiles::linux_classes:
 time: psick::time
 
 psick::time::servers: - pool.ntp.org A partial list of base profiles for common settings: - psick::hosts - Manage /etc/hosts - psick::motd - Manage /etc/motd and /etc/issue - psick::nfs - Manage NFS client and server - psick::sudo - Manage sudo configuration - psick::sysctl - Manage sysctl settings - psick::firewall - Manage firewalling - psick::openssh - tp profile and keygen define - psick::hardening - Manage system hardening - psick::network - Manage networking - psick::puppet - Manage Puppet components - psick::users - Manage users - psick::time - Manage time and timezones A list of application specific profiles: - psick::ansible - Manage Ansible installation - psick::aws - Manage AWS client tools and VPC setup - psick::bolt - Manage Bolt installation - psick::docker - Docker installation and build tools - psick::foreman - Foreman installation - psick::git - Git installation and configuration - psick::gitlab - GitLab installation and config - psick::mariadb - Manage Mariadb - psick::mysql - Manage Mysql - psick::mongo - Manage Mongo - psick::php - Manage php and modules - psick::oracle - Manage Oracle prereq and setup - psick::sensu - Manage Sensu psick profiles
  15. 15. Tiny Puppet and tp profiles
  16. 16. Standard set of profiles to manage applications with Tiny Puppet (tp). 
 psick::profiles::linux_classes:
 web: psick::apache::tp
 
 psick::apache::tp::resources_hash: tp::conf: apache::openkills.info.conf: base_dir: conf template: psick/apache/vh.conf.erb options_hash: ServerName: openskills.info ServerAlias: - openskills.info AddDefaultCharset: ISO-8859-1 apache::deny_git.conf: base_dir: conf source: puppet:///modules/psick/ apache/deny_git.conf tp::dir: apache::openskills.info: vcsrepo: git source: git@git:alvagante/osk.git path: /var/www/html/openskills.info Tiny Puppet and tp profiles
  17. 17. demo
  18. 18. Start to play around git clone https://github.com/example42/psick cd psick
 bin/puppet_install.sh # To install latest Puppet agent 
 bin/puppet_setup.sh # Installs required gems and runs r10k cd vagrant/environment/<env>/
 vagrant status [vm]
 vagrant up [vm]
 vi ../../../hieradata/* ...
 vagrant provision [vm] Work on a new control-repo based on psick git clone https://github.com/example42/psick cd psick ./psick create cd /path/to/yournew_control-repop git status vi ...
 git add [...] demo
  19. 19. Explore the control-repo # The first manifest parsed by Puppet server
 manifests/site.pp # r10k Puppetfile and directory for public modules
 Puppetfile modules/ # Sample Hiera configuration file and data directory hiera.yaml hieradata/ # Directory with different Vagrant environments vagrant/ 
 # Tools for various tasks (used in dev and CI) bin/ # CI integration .gitlab-ci.yml Jenkinsfile .travis.yml # Control repo spec tests spec/ Gemfile Rakefile # Local profiles site/ demo
  20. 20. Test local code with Vagrant • Multiple Vagrant environments ls -l vagrant/environments/ • Each one customisable via config.yaml cd vagrant/environments/ostest
 vi config.yaml • Start the Vagrant VM you want host $ cd vagrant/environments/ostest
 host $ vagrant status
 host $ vagrant up centos7.ostest.psick.io • Test your code and data host $ vi ../../../hieradata/nodes/ centos7.ostest.psick.io.yaml
 host $ vagrant ssh centos7.ostest.psick.io
 vm $ sudo su -
 vm # /vagrant_puppet/bin/papply.sh demo
  21. 21. Where to customise • Psick control-repo is just the starting point for a greenfield modern Puppet setup • Define a way to set your nodes defining variables (the ones used in hiera.yaml) • Decide how to manage classification • For each element to configure choose:
 1 - Use a public module (add it to Puppetfile)
 2 - Use a psick profile
 3 - Write a custom profile (add to Puppetfile or directly in site/ profile/) • Review hiera.yaml logic and customise data in hieradata/ • Customise your Vagrant environments • Customise CI pipelines
  22. 22. PSICK the control-repo github.com/example42/psick The psick Puppet module github.com/example42/puppet-psick
 forge.puppet.com/example42/psick Interested? Weekly Puppet Tips
 example42.com/blog Graphics: tatlin.net

×