Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Puppet Systems Infrastructure Construction Kit

A presentation of PSICK, a Puppet control repo and a module to speedup the setup of a smart and extensible infrastructure.

  • Login to see the comments

  • Be the first to like this

Puppet Systems Infrastructure Construction Kit

  1. 1. Puppet Systems Infrastructure Construction Kit Alessandro Franceschi
  2. 2. Puppet masters' dilemmas
  3. 3. Make sense of the whole: Language, resources, classes, modules, facts, variables, templates, hiera... Decide how to classify nodes Manage configurations variety Find and integrate existing modules:
 Try, integrate, use, wrap.
 Adapt, fight, fork.
 Or write from them scratch. Design Hiera hierarchies. What's data.
 How's data.
 Who uses data. Puppet masters' dilemmas
  4. 4. 10 years of public Puppet ramblings
  5. 5. 2008 Example(42) Puppet infrastructures
 First set of example42 modules 2010 Puppi 2010 Example42 NextGen modules 2012 Puppet Playground 2014 Tiny Puppet 2016 Reusable control-repo 2017 PSICK module and control-repo 10 years of public
 Puppet ramblings
  6. 6. A state of the (current) art
 Puppet control-repo An Infrastructure
 Puppet module Requires Puppet 4.6 or later Usable (cherry picking single elements) by:
 - Puppet Beginners who can cope with just [YAML] data over DSL
 - Experienced Sysadmins who know how to configure their files - Puppet Experts interested in radically alternative approaches to Puppet dilemmas
  7. 7. A control-repo with psick powers

  8. 8. Support for Linux, Windows [and...]
 Toolset for the Puppet developer
 Multi OS Puppet installer
 CI with GitLab, Travis, Jenkins
 Sample hiera datasets 
 Docker image building
 Testing local code on containers
 Testing local code on Vagrant VMs
 Multiple configurable Vagrant env
 Multi OS Vagrant boxes
 Automatic control-repo docs
 Noop and no-noop management
 Control-repo spec tests
 Control-repo integration tests
 Quick Puppet Enterprise test env
 Fabric integration [...] A control-repo with
 psick powers
  9. 9. An Infrastructure puppet module

  10. 10. What is an Infrastructure module?! Install: puppet module install example42/psick Usage: include psick Nothing is done by default.
 Everything is configured via Hiera. It has 3 opt-in functions:
 - classification
 - base profiles for common use cases
 - tp profiles for [any] application An Infrastructure
 puppet module
  11. 11. Classification with psick module
  12. 12. Phased classification:
 [firstrun] -> pre -> base -> profiles
 Hiera deep merge lookup to OS dependent hashes
 with the classes to include in each phase psick::enable_firstrun: true #Def: false
 aws_sdk: psick::aws::sdk
 hostname: psick::hostname
 repo: psick::repo
 users: psick::users
 mail: psick::postfix::tp
 ssh: psick::openssh
 sudo: psick::sudo
 network: network
 hosts: psick::hosts::resource
 features: psick::windows::features
 registry: psick::windows::registry Classification with psick
  13. 13. psick profiles
  14. 14. Ready for use and cherry pick profiles to manage common system and applications configurations. Alternative to dedicated modules psick::profiles::linux_classes:
 time: psick::time
 psick::time::servers: - A partial list of base profiles for common settings: - psick::hosts - Manage /etc/hosts - psick::motd - Manage /etc/motd and /etc/issue - psick::nfs - Manage NFS client and server - psick::sudo - Manage sudo configuration - psick::sysctl - Manage sysctl settings - psick::firewall - Manage firewalling - psick::openssh - tp profile and keygen define - psick::hardening - Manage system hardening - psick::network - Manage networking - psick::puppet - Manage Puppet components - psick::users - Manage users - psick::time - Manage time and timezones A list of application specific profiles: - psick::ansible - Manage Ansible installation - psick::aws - Manage AWS client tools and VPC setup - psick::bolt - Manage Bolt installation - psick::docker - Docker installation and build tools - psick::foreman - Foreman installation - psick::git - Git installation and configuration - psick::gitlab - GitLab installation and config - psick::mariadb - Manage Mariadb - psick::mysql - Manage Mysql - psick::mongo - Manage Mongo - psick::php - Manage php and modules - psick::oracle - Manage Oracle prereq and setup - psick::sensu - Manage Sensu psick profiles
  15. 15. Tiny Puppet and tp profiles
  16. 16. Standard set of profiles to manage applications with Tiny Puppet (tp). 
 web: psick::apache::tp
 psick::apache::tp::resources_hash: tp::conf: base_dir: conf template: psick/apache/vh.conf.erb options_hash: ServerName: ServerAlias: - AddDefaultCharset: ISO-8859-1 apache::deny_git.conf: base_dir: conf source: puppet:///modules/psick/ apache/deny_git.conf tp::dir: vcsrepo: git source: git@git:alvagante/osk.git path: /var/www/html/ Tiny Puppet and tp profiles
  17. 17. demo
  18. 18. Start to play around git clone cd psick
 bin/ # To install latest Puppet agent 
 bin/ # Installs required gems and runs r10k cd vagrant/environment/<env>/
 vagrant status [vm]
 vagrant up [vm]
 vi ../../../hieradata/* ...
 vagrant provision [vm] Work on a new control-repo based on psick git clone cd psick ./psick create cd /path/to/yournew_control-repop git status vi ...
 git add [...] demo
  19. 19. Explore the control-repo # The first manifest parsed by Puppet server
 manifests/site.pp # r10k Puppetfile and directory for public modules
 Puppetfile modules/ # Sample Hiera configuration file and data directory hiera.yaml hieradata/ # Directory with different Vagrant environments vagrant/ 
 # Tools for various tasks (used in dev and CI) bin/ # CI integration .gitlab-ci.yml Jenkinsfile .travis.yml # Control repo spec tests spec/ Gemfile Rakefile # Local profiles site/ demo
  20. 20. Test local code with Vagrant • Multiple Vagrant environments ls -l vagrant/environments/ • Each one customisable via config.yaml cd vagrant/environments/ostest
 vi config.yaml • Start the Vagrant VM you want host $ cd vagrant/environments/ostest
 host $ vagrant status
 host $ vagrant up • Test your code and data host $ vi ../../../hieradata/nodes/
 host $ vagrant ssh
 vm $ sudo su -
 vm # /vagrant_puppet/bin/ demo
  21. 21. Where to customise • Psick control-repo is just the starting point for a greenfield modern Puppet setup • Define a way to set your nodes defining variables (the ones used in hiera.yaml) • Decide how to manage classification • For each element to configure choose:
 1 - Use a public module (add it to Puppetfile)
 2 - Use a psick profile
 3 - Write a custom profile (add to Puppetfile or directly in site/ profile/) • Review hiera.yaml logic and customise data in hieradata/ • Customise your Vagrant environments • Customise CI pipelines
  22. 22. PSICK the control-repo The psick Puppet module Interested? Weekly Puppet Tips Graphics: