SlideShare a Scribd company logo
1 of 34
Download to read offline
Beyond Configuration
   Management
        a rant by
     Kris Buytaert
Kris Buytaert
●   I used to be a Dev, Then Became an Op,
●   Today I feel like a dev again
●   Senior Linux and Open Source Consultant
    @inuits.be
●   „Infrastructure Architect“
●   Building Clouds since before the Cloud
●   Surviving the 10th floor test
●   Co-Author of some books
●   Guest Editor at some sites
Today


●   About Puppet
●   About SIPX
●   Deploying SipX
●   ...
●   Running into troubles
Introduction 2 Puppet
Not quite a Muppet...

●   Did you really expect ? A tutorial ?
●   This is PuppetCamp !
SipXecs
As an example, but you'll come up with a zillion more cases
What is sipXecs ?
●   sipX ECS (Enterprise Communications Server)
●   Open Source voice over IP telephony server
●   Implementation of the Session Initiation Protocol (SIP)
●   IP based communications system (IP PBX)
●   Not unlike Asterisk
●   Development started in 1999
●   GNU Lesser General Public License (LGPL)
●   Commercial offering from eZuce Inc.
●   Designed around FreeSWITCH
●   Modular and highly scalable system
We don't know VOIP
●   External VOIP consultancy
    •   Hardware selection
    •   Codecs etc
    •   Scale out
●   Irc.freenode.org #sipx




●   s/don/didn/t
●   Don't buy the book
Installing sipxecs
●   Prebuilt ISO
●   Kickstart
●   Install scripts placed in .bashrc
●   Ncurses based
●   Lots of python scripts
●   Heavy GUI usage
Why not Just ?
●   Backup and Restore ?
    •   CDR Integration etc
●   Image ?


●   Productization
    •   Think 20-100 setups
    •   For different customers
    •   Different networks, different domains
So, that Python Script ?
●   Configures your network
●   Configures your dhcpd
●   Configures your dns
●   Configures your ntpd
●   Configures your tftp
●   Generates SSL stuff for you




                There's puppet modules for that !
SipXconfig
●   Is enabled by writing
“enabled” to /var/sipxdata/process-state/ConfigServer
●   The configuration and management server (sipXconfig)
    provides Web administration and user portals, Web services
    APIs, as well as all the abstraction logic to make using
    sipXecs as simple as it is. It provides centralized
    management of all the aspects of sipXecs, including
    installation, configuration, backup & restore, upgrade,
    troubleshooting and cluster management.
●   “Pushes” configs to other nodes

●   Should be rewritten in Puppet !
Configuring sipXecs
●   A couple of files


●   Some of them even obsoleted
●   Putting the SSL stuff in the right location
Everything is a funky SSL
problem
●   Sipx generates keys at install time
    •   Ca + keypairs per node
●   2nd node needs those keys
●   Copy to puppetmaster and transfer back to other nodes ?


●   Or generate on puppetmaster and redistribute ?


        => Generated on Puppetmaster
Adding a second node
●   <> clustering
●   <> high availability ( please don't start crying)


●   Create an entry in the management interface
●   Then repeat manual installation using ncurses


●   Or just do a wget to register it with the primary
class voip::sipx {
     sipx::netconfig {
                "sipx":
                ipaddress => $ip_address,
                netmask => $netmask;
           }
       if $nodename == 'sipx-a' {
           sipx::configserver{ "sipx": }
           sipx::staticcertdbca{ "$hostname": }
           sipx::staticcertdbnodes{ "SIPX-A.${platformdomainextension}":
                           clientname => "SIPX-A"; }
           sipx::staticcertdbnodes{ "SIPX-B.${platformdomainextension}":
                           clientname => "SIPX-B"; }
           include sipx::runmaster
      }
     else {
           include sipx::runslave
           sipx::register{ "$nodename":
                 clientname =>"${nodename}.${platformdomainextension}",
                 password =>"yourpw",}
      }
     sipx::supervisor { "$hostname":
                sipx_supervisor => "sipx-a.$platformdomainextension";
           }
     sipx::staticssl{ "$hostname": }
}
More complexity
                                       Or regular puppet ordering


●   Sipx requires PgSQL
●   You want PgSQL on an isolated LV
●   PgSQL configuration has to be done after it initialized a DB
●   SipX insist on starting PgSQL for you
class voip::storage {
  file {
       "/var/lib/pgsql":
                  ensure => directory;
 lvm::volume { "pgsql":
             vg => "systemvg",
             pv => "/dev/cciss/c0d0p2",
             fstype => "ext3",
                  size => "20G",
                  ensure => present,
 }
 mount { "/var/lib/pgsql":
       atboot => true,
       device => "/dev/systemvg/pgsql",
       ensure => mounted,
       fstype => "ext3",
       options => "defaults",
       require => [Logical_volume['pgsql'],File['/var/lib/pgsql']],
 }
}
class voip::pgsql {
        include postgres
        postgres::initdb { "sipx": }
        postgres::config{ "sipx":
                       listen => "*",
       postgres::hba { "sipx":
             allowedrules => [
                         "host SIPXCDR all   ${clientip}/32 trust",
                       ],
             }
}
include voip::storage

include voip::pgsql

include voip::sipx

   Class["voip::storage"] -> Class["voip::pgsql"] -> Class["voip::sipx"]
Manual config of the
services via the gui is still
        required :(
I want to
●   Automatically create my admin pw
●   Automatically add that second node
●   Automatically disable/ enable functions in the sipX server
    •   e.g conferencing, openfire
●   Add users/phones


●   There's an API !
●   Which only implements limited functionality , and no
    configuration
The Problem in General
●   3rd Party software
●   Network Devices (thnx Brice)
●   Appliances
●   Application Configuration Mgmt
Abusing Test Frameworks to
  configure services on a
          webgui
Screen scraping ?
(03:28:30 PM) lazyboy: y, you just need a form processing library, one that can read a form
values and allow you to post back your changes

(03:30:04 PM) lazyboy: the problem w/this method as you know is that it is constantly
breaking

(03:30:41 PM) sdog: yep .. whan you change the gui .. it will break ....

(03:30:45 PM) lazyboy: maybe we need a serverside abstraction layer, that does the
screenscraping and exports out a clean REST API

(03:31:13 PM) lazyboy: overtime, APIs go straight thru

(03:36:18 PM) lazyboy: so it's possible some of what you want to do is available w/not a lot
of screen scraping.
Cucumber
●   Looks extremely easy
    •   “Hey our manager could write these test”
●   Isn't
    •   Heavily under documented
    •   Best docs are in the RSpec book
    •   Online examples are mostly broken
●   Requires to write a lot of code
Apache Jmeter
●   Test tool
●   Load generation tool
●   Lets you record session by
    using a proxy
●   Only recent versions support
    SSL
Selenium
●   Firefox plugin
●   Replays your actions
    •   No need to write code
●   Can export to perl, php,
    ruby ..
    •   Which requires the a
        Selenium Remote Control
        Server
    •   Which launches Firefox
●   SSL Fun ahead
Alternatives
●   Sahi
    •   Similar to selenium
    •   Requires proxy
●   www::mechanize
●   Mechanize rubygem
●   Webtest
●   Your idea ?
Other Solutions
●   Use the java bindings
    •   Undocumented
    •   Will change


●   Sniff and Replay Traffic ?


●   Yours ?
I want an API
But
●   GUI's will change
    •   “Test will have to be rewriten”
●   SSL Keymanagement stays hell
●   This still is a one off approach
Conclusions
●   No good solution yet :(
●   Talk to your upstream supplier
    •   Vendor / project
●   Be patient
●   Show the good example
●   All bugs produced during this experience are on
        https://github.com/KrisBuytaert
So how would YOU solve this ?
Contact
Kris Buytaert Kris.Buytaert@inuits.be

Further Reading
@KrisBuytaert
http://www.krisbuytaert.be/blog/
http://www.inuits.be/
http://www.virtualization.com/
http://www.oreillygmt.com/


                       Inuits          Esquimaux
                       't Hemeltje     Kheops Business
                       Gemeentepark 2  Center
                       2930 Brasschaat Avenque Georges
                       891.514.231     Lemaître 54
                                       6041 Gosselies
                       +32 473 441 636 889.780.406

More Related Content

What's hot

Trevor McDonald - Nagios XI Under The Hood
Trevor McDonald  - Nagios XI Under The HoodTrevor McDonald  - Nagios XI Under The Hood
Trevor McDonald - Nagios XI Under The HoodNagios
 
Massively Scaled High Performance Web Services with PHP
Massively Scaled High Performance Web Services with PHPMassively Scaled High Performance Web Services with PHP
Massively Scaled High Performance Web Services with PHPDemin Yin
 
Ansible: How to Get More Sleep and Require Less Coffee
Ansible: How to Get More Sleep and Require Less CoffeeAnsible: How to Get More Sleep and Require Less Coffee
Ansible: How to Get More Sleep and Require Less CoffeeSarah Z
 
How To Set a Vagrant Development System
How To Set a Vagrant Development SystemHow To Set a Vagrant Development System
How To Set a Vagrant Development SystemPaul Bearne
 
Live deployment, ci, drupal
Live deployment, ci, drupalLive deployment, ci, drupal
Live deployment, ci, drupalAndrii Podanenko
 
Code review and automated testing for Puppet code
Code review and automated testing for Puppet codeCode review and automated testing for Puppet code
Code review and automated testing for Puppet codewzzrd
 
How to stay sane during your Vagrant journey
How to stay sane during your Vagrant journeyHow to stay sane during your Vagrant journey
How to stay sane during your Vagrant journeyJakub Wadolowski
 
Puppet Availability and Performance at 100K Nodes - PuppetConf 2014
Puppet Availability and Performance at 100K Nodes - PuppetConf 2014Puppet Availability and Performance at 100K Nodes - PuppetConf 2014
Puppet Availability and Performance at 100K Nodes - PuppetConf 2014Puppet
 
Build and deployment
Build and deploymentBuild and deployment
Build and deploymentWO Community
 
Laravel Poznań Meetup #12 - "Speed up web API with Laravel and Swoole using ...
 Laravel Poznań Meetup #12 - "Speed up web API with Laravel and Swoole using ... Laravel Poznań Meetup #12 - "Speed up web API with Laravel and Swoole using ...
Laravel Poznań Meetup #12 - "Speed up web API with Laravel and Swoole using ...HighSolutions Sp. z o.o.
 
SaltConf 2014: Safety with powertools
SaltConf 2014: Safety with powertoolsSaltConf 2014: Safety with powertools
SaltConf 2014: Safety with powertoolsThomas Jackson
 
Automated Infrastructure and Application Management
Automated Infrastructure and Application ManagementAutomated Infrastructure and Application Management
Automated Infrastructure and Application ManagementClark Everetts
 
Meetup C++ Floripa - Conan.io
Meetup C++ Floripa - Conan.ioMeetup C++ Floripa - Conan.io
Meetup C++ Floripa - Conan.ioUilian Ries
 

What's hot (20)

Trevor McDonald - Nagios XI Under The Hood
Trevor McDonald  - Nagios XI Under The HoodTrevor McDonald  - Nagios XI Under The Hood
Trevor McDonald - Nagios XI Under The Hood
 
Massively Scaled High Performance Web Services with PHP
Massively Scaled High Performance Web Services with PHPMassively Scaled High Performance Web Services with PHP
Massively Scaled High Performance Web Services with PHP
 
Vagrant presentation
Vagrant presentationVagrant presentation
Vagrant presentation
 
Ansible: How to Get More Sleep and Require Less Coffee
Ansible: How to Get More Sleep and Require Less CoffeeAnsible: How to Get More Sleep and Require Less Coffee
Ansible: How to Get More Sleep and Require Less Coffee
 
How To Set a Vagrant Development System
How To Set a Vagrant Development SystemHow To Set a Vagrant Development System
How To Set a Vagrant Development System
 
Ansible
AnsibleAnsible
Ansible
 
Node js
Node jsNode js
Node js
 
Live deployment, ci, drupal
Live deployment, ci, drupalLive deployment, ci, drupal
Live deployment, ci, drupal
 
Code review and automated testing for Puppet code
Code review and automated testing for Puppet codeCode review and automated testing for Puppet code
Code review and automated testing for Puppet code
 
How to stay sane during your Vagrant journey
How to stay sane during your Vagrant journeyHow to stay sane during your Vagrant journey
How to stay sane during your Vagrant journey
 
(Re)discover your AEM
(Re)discover your AEM(Re)discover your AEM
(Re)discover your AEM
 
Puppet Availability and Performance at 100K Nodes - PuppetConf 2014
Puppet Availability and Performance at 100K Nodes - PuppetConf 2014Puppet Availability and Performance at 100K Nodes - PuppetConf 2014
Puppet Availability and Performance at 100K Nodes - PuppetConf 2014
 
Vagrant For DevOps
Vagrant For DevOpsVagrant For DevOps
Vagrant For DevOps
 
Build and deployment
Build and deploymentBuild and deployment
Build and deployment
 
Laravel Poznań Meetup #12 - "Speed up web API with Laravel and Swoole using ...
 Laravel Poznań Meetup #12 - "Speed up web API with Laravel and Swoole using ... Laravel Poznań Meetup #12 - "Speed up web API with Laravel and Swoole using ...
Laravel Poznań Meetup #12 - "Speed up web API with Laravel and Swoole using ...
 
SaltConf 2014: Safety with powertools
SaltConf 2014: Safety with powertoolsSaltConf 2014: Safety with powertools
SaltConf 2014: Safety with powertools
 
Vagrant to-aws-flow
Vagrant to-aws-flowVagrant to-aws-flow
Vagrant to-aws-flow
 
Automated Infrastructure and Application Management
Automated Infrastructure and Application ManagementAutomated Infrastructure and Application Management
Automated Infrastructure and Application Management
 
Vagrant + Docker
Vagrant + DockerVagrant + Docker
Vagrant + Docker
 
Meetup C++ Floripa - Conan.io
Meetup C++ Floripa - Conan.ioMeetup C++ Floripa - Conan.io
Meetup C++ Floripa - Conan.io
 

Similar to Beyond Puppet

Automating complex infrastructures with Puppet
Automating complex infrastructures with PuppetAutomating complex infrastructures with Puppet
Automating complex infrastructures with PuppetKris Buytaert
 
Improving Operations Efficiency with Puppet
Improving Operations Efficiency with PuppetImproving Operations Efficiency with Puppet
Improving Operations Efficiency with PuppetNicolas Brousse
 
SCM Puppet: from an intro to the scaling
SCM Puppet: from an intro to the scalingSCM Puppet: from an intro to the scaling
SCM Puppet: from an intro to the scalingStanislav Osipov
 
Capistrano deploy Magento project in an efficient way
Capistrano deploy Magento project in an efficient wayCapistrano deploy Magento project in an efficient way
Capistrano deploy Magento project in an efficient waySylvain Rayé
 
Puppet Camp Silicon Valley 2015: How TubeMogul reached 10,000 Puppet Deployme...
Puppet Camp Silicon Valley 2015: How TubeMogul reached 10,000 Puppet Deployme...Puppet Camp Silicon Valley 2015: How TubeMogul reached 10,000 Puppet Deployme...
Puppet Camp Silicon Valley 2015: How TubeMogul reached 10,000 Puppet Deployme...Nicolas Brousse
 
Php Inside - confoo 2011 - Derick Rethans
Php Inside -  confoo 2011 - Derick RethansPhp Inside -  confoo 2011 - Derick Rethans
Php Inside - confoo 2011 - Derick RethansBachkoutou Toutou
 
Chef - Administration for programmers
Chef - Administration for programmersChef - Administration for programmers
Chef - Administration for programmersmrsabo
 
Docker and-containers-for-development-and-deployment-scale12x
Docker and-containers-for-development-and-deployment-scale12xDocker and-containers-for-development-and-deployment-scale12x
Docker and-containers-for-development-and-deployment-scale12xrkr10
 
Ansible Automation to Rule Them All
Ansible Automation to Rule Them AllAnsible Automation to Rule Them All
Ansible Automation to Rule Them AllTim Fairweather
 
How I hack on puppet modules
How I hack on puppet modulesHow I hack on puppet modules
How I hack on puppet modulesKris Buytaert
 
Monitoring your VM's at Scale
Monitoring your VM's at ScaleMonitoring your VM's at Scale
Monitoring your VM's at ScaleKris Buytaert
 
The Secrets of The FullStack Ninja - Part A - Session I
The Secrets of The FullStack Ninja - Part A - Session IThe Secrets of The FullStack Ninja - Part A - Session I
The Secrets of The FullStack Ninja - Part A - Session IOded Sagir
 
Setting up Notifications, Alerts & Webhooks with Flux v2 by Alison Dowdney
Setting up Notifications, Alerts & Webhooks with Flux v2 by Alison DowdneySetting up Notifications, Alerts & Webhooks with Flux v2 by Alison Dowdney
Setting up Notifications, Alerts & Webhooks with Flux v2 by Alison DowdneyWeaveworks
 
New Jersey Red Hat Users Group Presentation: Provisioning anywhere
New Jersey Red Hat Users Group Presentation: Provisioning anywhereNew Jersey Red Hat Users Group Presentation: Provisioning anywhere
New Jersey Red Hat Users Group Presentation: Provisioning anywhereRodrique Heron
 
Managing and Scaling Puppet - PuppetConf 2014
Managing and Scaling Puppet - PuppetConf 2014Managing and Scaling Puppet - PuppetConf 2014
Managing and Scaling Puppet - PuppetConf 2014Miguel Zuniga
 
Making Spinnaker Go @ Stitch Fix
Making Spinnaker Go @ Stitch FixMaking Spinnaker Go @ Stitch Fix
Making Spinnaker Go @ Stitch FixDiana Tkachenko
 
Deploying Kubernetes on GCP with Kubespray
Deploying Kubernetes on GCP with KubesprayDeploying Kubernetes on GCP with Kubespray
Deploying Kubernetes on GCP with KubesprayAltoros
 
Lightweight Virtualization with Linux Containers and Docker | YaC 2013
Lightweight Virtualization with Linux Containers and Docker | YaC 2013Lightweight Virtualization with Linux Containers and Docker | YaC 2013
Lightweight Virtualization with Linux Containers and Docker | YaC 2013dotCloud
 

Similar to Beyond Puppet (20)

Automating complex infrastructures with Puppet
Automating complex infrastructures with PuppetAutomating complex infrastructures with Puppet
Automating complex infrastructures with Puppet
 
Improving Operations Efficiency with Puppet
Improving Operations Efficiency with PuppetImproving Operations Efficiency with Puppet
Improving Operations Efficiency with Puppet
 
SCM Puppet: from an intro to the scaling
SCM Puppet: from an intro to the scalingSCM Puppet: from an intro to the scaling
SCM Puppet: from an intro to the scaling
 
Capistrano deploy Magento project in an efficient way
Capistrano deploy Magento project in an efficient wayCapistrano deploy Magento project in an efficient way
Capistrano deploy Magento project in an efficient way
 
Puppet Camp Silicon Valley 2015: How TubeMogul reached 10,000 Puppet Deployme...
Puppet Camp Silicon Valley 2015: How TubeMogul reached 10,000 Puppet Deployme...Puppet Camp Silicon Valley 2015: How TubeMogul reached 10,000 Puppet Deployme...
Puppet Camp Silicon Valley 2015: How TubeMogul reached 10,000 Puppet Deployme...
 
Php Inside - confoo 2011 - Derick Rethans
Php Inside -  confoo 2011 - Derick RethansPhp Inside -  confoo 2011 - Derick Rethans
Php Inside - confoo 2011 - Derick Rethans
 
Chef - Administration for programmers
Chef - Administration for programmersChef - Administration for programmers
Chef - Administration for programmers
 
Sprint 17
Sprint 17Sprint 17
Sprint 17
 
Docker and-containers-for-development-and-deployment-scale12x
Docker and-containers-for-development-and-deployment-scale12xDocker and-containers-for-development-and-deployment-scale12x
Docker and-containers-for-development-and-deployment-scale12x
 
The Accidental DBA
The Accidental DBAThe Accidental DBA
The Accidental DBA
 
Ansible Automation to Rule Them All
Ansible Automation to Rule Them AllAnsible Automation to Rule Them All
Ansible Automation to Rule Them All
 
How I hack on puppet modules
How I hack on puppet modulesHow I hack on puppet modules
How I hack on puppet modules
 
Monitoring your VM's at Scale
Monitoring your VM's at ScaleMonitoring your VM's at Scale
Monitoring your VM's at Scale
 
The Secrets of The FullStack Ninja - Part A - Session I
The Secrets of The FullStack Ninja - Part A - Session IThe Secrets of The FullStack Ninja - Part A - Session I
The Secrets of The FullStack Ninja - Part A - Session I
 
Setting up Notifications, Alerts & Webhooks with Flux v2 by Alison Dowdney
Setting up Notifications, Alerts & Webhooks with Flux v2 by Alison DowdneySetting up Notifications, Alerts & Webhooks with Flux v2 by Alison Dowdney
Setting up Notifications, Alerts & Webhooks with Flux v2 by Alison Dowdney
 
New Jersey Red Hat Users Group Presentation: Provisioning anywhere
New Jersey Red Hat Users Group Presentation: Provisioning anywhereNew Jersey Red Hat Users Group Presentation: Provisioning anywhere
New Jersey Red Hat Users Group Presentation: Provisioning anywhere
 
Managing and Scaling Puppet - PuppetConf 2014
Managing and Scaling Puppet - PuppetConf 2014Managing and Scaling Puppet - PuppetConf 2014
Managing and Scaling Puppet - PuppetConf 2014
 
Making Spinnaker Go @ Stitch Fix
Making Spinnaker Go @ Stitch FixMaking Spinnaker Go @ Stitch Fix
Making Spinnaker Go @ Stitch Fix
 
Deploying Kubernetes on GCP with Kubespray
Deploying Kubernetes on GCP with KubesprayDeploying Kubernetes on GCP with Kubespray
Deploying Kubernetes on GCP with Kubespray
 
Lightweight Virtualization with Linux Containers and Docker | YaC 2013
Lightweight Virtualization with Linux Containers and Docker | YaC 2013Lightweight Virtualization with Linux Containers and Docker | YaC 2013
Lightweight Virtualization with Linux Containers and Docker | YaC 2013
 

More from Kris Buytaert

Years of (not) learning , from devops to devoops
Years of (not) learning , from devops to devoopsYears of (not) learning , from devops to devoops
Years of (not) learning , from devops to devoopsKris Buytaert
 
Observability will not fix your Broken Monitoring ,Ignite
Observability will not fix your Broken Monitoring ,IgniteObservability will not fix your Broken Monitoring ,Ignite
Observability will not fix your Broken Monitoring ,IgniteKris Buytaert
 
Infrastructure as Code Patterns
Infrastructure as Code PatternsInfrastructure as Code Patterns
Infrastructure as Code PatternsKris Buytaert
 
From devoops to devops 13 years of (not) learning
From devoops to devops 13 years of (not) learningFrom devoops to devops 13 years of (not) learning
From devoops to devops 13 years of (not) learningKris Buytaert
 
Pipeline all the Dashboards as Code
Pipeline all the Dashboards as CodePipeline all the Dashboards as Code
Pipeline all the Dashboards as CodeKris Buytaert
 
Help , My Datacenter is on fire
Help , My Datacenter is on fireHelp , My Datacenter is on fire
Help , My Datacenter is on fireKris Buytaert
 
Devops is Dead, Long live Devops
Devops is Dead, Long live DevopsDevops is Dead, Long live Devops
Devops is Dead, Long live DevopsKris Buytaert
 
10 years of #devopsdays, but what have we really learned ?
10 years of #devopsdays, but what have we really learned ? 10 years of #devopsdays, but what have we really learned ?
10 years of #devopsdays, but what have we really learned ? Kris Buytaert
 
Continuous Infrastructure First
Continuous Infrastructure FirstContinuous Infrastructure First
Continuous Infrastructure FirstKris Buytaert
 
Is there a Future for devops ?
Is there a Future for devops   ? Is there a Future for devops   ?
Is there a Future for devops ? Kris Buytaert
 
10 Years of #devopsdays weirdness
10 Years of #devopsdays weirdness10 Years of #devopsdays weirdness
10 Years of #devopsdays weirdnessKris Buytaert
 
ADDO 2019: Looking back at over 10 years of Devops
ADDO 2019:    Looking back at over 10 years of DevopsADDO 2019:    Looking back at over 10 years of Devops
ADDO 2019: Looking back at over 10 years of DevopsKris Buytaert
 
Can we fix dev-oops ?
Can we fix dev-oops ?Can we fix dev-oops ?
Can we fix dev-oops ?Kris Buytaert
 
Continuous Infrastructure First Ignite Edition
Continuous Infrastructure First  Ignite EditionContinuous Infrastructure First  Ignite Edition
Continuous Infrastructure First Ignite EditionKris Buytaert
 
Continuous Infrastructure First
Continuous Infrastructure FirstContinuous Infrastructure First
Continuous Infrastructure FirstKris Buytaert
 
Open Source Monitoring in 2019
Open Source Monitoring in 2019 Open Source Monitoring in 2019
Open Source Monitoring in 2019 Kris Buytaert
 
Migrating to Puppet 5
Migrating to Puppet 5Migrating to Puppet 5
Migrating to Puppet 5Kris Buytaert
 
Repositories as Code
Repositories as CodeRepositories as Code
Repositories as CodeKris Buytaert
 
Devops is a Security Requirement
Devops is a Security RequirementDevops is a Security Requirement
Devops is a Security RequirementKris Buytaert
 

More from Kris Buytaert (20)

Years of (not) learning , from devops to devoops
Years of (not) learning , from devops to devoopsYears of (not) learning , from devops to devoops
Years of (not) learning , from devops to devoops
 
Observability will not fix your Broken Monitoring ,Ignite
Observability will not fix your Broken Monitoring ,IgniteObservability will not fix your Broken Monitoring ,Ignite
Observability will not fix your Broken Monitoring ,Ignite
 
Infrastructure as Code Patterns
Infrastructure as Code PatternsInfrastructure as Code Patterns
Infrastructure as Code Patterns
 
From devoops to devops 13 years of (not) learning
From devoops to devops 13 years of (not) learningFrom devoops to devops 13 years of (not) learning
From devoops to devops 13 years of (not) learning
 
Pipeline all the Dashboards as Code
Pipeline all the Dashboards as CodePipeline all the Dashboards as Code
Pipeline all the Dashboards as Code
 
Help , My Datacenter is on fire
Help , My Datacenter is on fireHelp , My Datacenter is on fire
Help , My Datacenter is on fire
 
GitOps , done Right
GitOps , done RightGitOps , done Right
GitOps , done Right
 
Devops is Dead, Long live Devops
Devops is Dead, Long live DevopsDevops is Dead, Long live Devops
Devops is Dead, Long live Devops
 
10 years of #devopsdays, but what have we really learned ?
10 years of #devopsdays, but what have we really learned ? 10 years of #devopsdays, but what have we really learned ?
10 years of #devopsdays, but what have we really learned ?
 
Continuous Infrastructure First
Continuous Infrastructure FirstContinuous Infrastructure First
Continuous Infrastructure First
 
Is there a Future for devops ?
Is there a Future for devops   ? Is there a Future for devops   ?
Is there a Future for devops ?
 
10 Years of #devopsdays weirdness
10 Years of #devopsdays weirdness10 Years of #devopsdays weirdness
10 Years of #devopsdays weirdness
 
ADDO 2019: Looking back at over 10 years of Devops
ADDO 2019:    Looking back at over 10 years of DevopsADDO 2019:    Looking back at over 10 years of Devops
ADDO 2019: Looking back at over 10 years of Devops
 
Can we fix dev-oops ?
Can we fix dev-oops ?Can we fix dev-oops ?
Can we fix dev-oops ?
 
Continuous Infrastructure First Ignite Edition
Continuous Infrastructure First  Ignite EditionContinuous Infrastructure First  Ignite Edition
Continuous Infrastructure First Ignite Edition
 
Continuous Infrastructure First
Continuous Infrastructure FirstContinuous Infrastructure First
Continuous Infrastructure First
 
Open Source Monitoring in 2019
Open Source Monitoring in 2019 Open Source Monitoring in 2019
Open Source Monitoring in 2019
 
Migrating to Puppet 5
Migrating to Puppet 5Migrating to Puppet 5
Migrating to Puppet 5
 
Repositories as Code
Repositories as CodeRepositories as Code
Repositories as Code
 
Devops is a Security Requirement
Devops is a Security RequirementDevops is a Security Requirement
Devops is a Security Requirement
 

Recently uploaded

Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...BookNet Canada
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...Karmanjay Verma
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Landscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfLandscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfAarwolf Industries LLC
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
WomenInAutomation2024: AI and Automation for eveyone
WomenInAutomation2024: AI and Automation for eveyoneWomenInAutomation2024: AI and Automation for eveyone
WomenInAutomation2024: AI and Automation for eveyoneUiPathCommunity
 
Digital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentDigital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentMahmoud Rabie
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructureitnewsafrica
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Karmanjay Verma
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Kaya Weers
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxAna-Maria Mihalceanu
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 

Recently uploaded (20)

Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Landscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfLandscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdf
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
WomenInAutomation2024: AI and Automation for eveyone
WomenInAutomation2024: AI and Automation for eveyoneWomenInAutomation2024: AI and Automation for eveyone
WomenInAutomation2024: AI and Automation for eveyone
 
Digital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentDigital Tools & AI in Career Development
Digital Tools & AI in Career Development
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance Toolbox
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 

Beyond Puppet

  • 1. Beyond Configuration Management a rant by Kris Buytaert
  • 2. Kris Buytaert ● I used to be a Dev, Then Became an Op, ● Today I feel like a dev again ● Senior Linux and Open Source Consultant @inuits.be ● „Infrastructure Architect“ ● Building Clouds since before the Cloud ● Surviving the 10th floor test ● Co-Author of some books ● Guest Editor at some sites
  • 3. Today ● About Puppet ● About SIPX ● Deploying SipX ● ... ● Running into troubles
  • 5. Not quite a Muppet... ● Did you really expect ? A tutorial ? ● This is PuppetCamp !
  • 6. SipXecs As an example, but you'll come up with a zillion more cases
  • 7. What is sipXecs ? ● sipX ECS (Enterprise Communications Server) ● Open Source voice over IP telephony server ● Implementation of the Session Initiation Protocol (SIP) ● IP based communications system (IP PBX) ● Not unlike Asterisk ● Development started in 1999 ● GNU Lesser General Public License (LGPL) ● Commercial offering from eZuce Inc. ● Designed around FreeSWITCH ● Modular and highly scalable system
  • 8. We don't know VOIP ● External VOIP consultancy • Hardware selection • Codecs etc • Scale out ● Irc.freenode.org #sipx ● s/don/didn/t ● Don't buy the book
  • 9. Installing sipxecs ● Prebuilt ISO ● Kickstart ● Install scripts placed in .bashrc ● Ncurses based ● Lots of python scripts ● Heavy GUI usage
  • 10. Why not Just ? ● Backup and Restore ? • CDR Integration etc ● Image ? ● Productization • Think 20-100 setups • For different customers • Different networks, different domains
  • 11. So, that Python Script ? ● Configures your network ● Configures your dhcpd ● Configures your dns ● Configures your ntpd ● Configures your tftp ● Generates SSL stuff for you There's puppet modules for that !
  • 12. SipXconfig ● Is enabled by writing “enabled” to /var/sipxdata/process-state/ConfigServer ● The configuration and management server (sipXconfig) provides Web administration and user portals, Web services APIs, as well as all the abstraction logic to make using sipXecs as simple as it is. It provides centralized management of all the aspects of sipXecs, including installation, configuration, backup & restore, upgrade, troubleshooting and cluster management. ● “Pushes” configs to other nodes ● Should be rewritten in Puppet !
  • 13. Configuring sipXecs ● A couple of files ● Some of them even obsoleted ● Putting the SSL stuff in the right location
  • 14. Everything is a funky SSL problem ● Sipx generates keys at install time • Ca + keypairs per node ● 2nd node needs those keys ● Copy to puppetmaster and transfer back to other nodes ? ● Or generate on puppetmaster and redistribute ? => Generated on Puppetmaster
  • 15. Adding a second node ● <> clustering ● <> high availability ( please don't start crying) ● Create an entry in the management interface ● Then repeat manual installation using ncurses ● Or just do a wget to register it with the primary
  • 16. class voip::sipx { sipx::netconfig { "sipx": ipaddress => $ip_address, netmask => $netmask; } if $nodename == 'sipx-a' { sipx::configserver{ "sipx": } sipx::staticcertdbca{ "$hostname": } sipx::staticcertdbnodes{ "SIPX-A.${platformdomainextension}": clientname => "SIPX-A"; } sipx::staticcertdbnodes{ "SIPX-B.${platformdomainextension}": clientname => "SIPX-B"; } include sipx::runmaster } else { include sipx::runslave sipx::register{ "$nodename": clientname =>"${nodename}.${platformdomainextension}", password =>"yourpw",} } sipx::supervisor { "$hostname": sipx_supervisor => "sipx-a.$platformdomainextension"; } sipx::staticssl{ "$hostname": } }
  • 17. More complexity Or regular puppet ordering ● Sipx requires PgSQL ● You want PgSQL on an isolated LV ● PgSQL configuration has to be done after it initialized a DB ● SipX insist on starting PgSQL for you
  • 18. class voip::storage { file { "/var/lib/pgsql": ensure => directory; lvm::volume { "pgsql": vg => "systemvg", pv => "/dev/cciss/c0d0p2", fstype => "ext3", size => "20G", ensure => present, } mount { "/var/lib/pgsql": atboot => true, device => "/dev/systemvg/pgsql", ensure => mounted, fstype => "ext3", options => "defaults", require => [Logical_volume['pgsql'],File['/var/lib/pgsql']], } } class voip::pgsql { include postgres postgres::initdb { "sipx": } postgres::config{ "sipx": listen => "*", postgres::hba { "sipx": allowedrules => [ "host SIPXCDR all ${clientip}/32 trust", ], } }
  • 19. include voip::storage include voip::pgsql include voip::sipx Class["voip::storage"] -> Class["voip::pgsql"] -> Class["voip::sipx"]
  • 20. Manual config of the services via the gui is still required :(
  • 21. I want to ● Automatically create my admin pw ● Automatically add that second node ● Automatically disable/ enable functions in the sipX server • e.g conferencing, openfire ● Add users/phones ● There's an API ! ● Which only implements limited functionality , and no configuration
  • 22. The Problem in General ● 3rd Party software ● Network Devices (thnx Brice) ● Appliances ● Application Configuration Mgmt
  • 23. Abusing Test Frameworks to configure services on a webgui
  • 24. Screen scraping ? (03:28:30 PM) lazyboy: y, you just need a form processing library, one that can read a form values and allow you to post back your changes (03:30:04 PM) lazyboy: the problem w/this method as you know is that it is constantly breaking (03:30:41 PM) sdog: yep .. whan you change the gui .. it will break .... (03:30:45 PM) lazyboy: maybe we need a serverside abstraction layer, that does the screenscraping and exports out a clean REST API (03:31:13 PM) lazyboy: overtime, APIs go straight thru (03:36:18 PM) lazyboy: so it's possible some of what you want to do is available w/not a lot of screen scraping.
  • 25. Cucumber ● Looks extremely easy • “Hey our manager could write these test” ● Isn't • Heavily under documented • Best docs are in the RSpec book • Online examples are mostly broken ● Requires to write a lot of code
  • 26. Apache Jmeter ● Test tool ● Load generation tool ● Lets you record session by using a proxy ● Only recent versions support SSL
  • 27. Selenium ● Firefox plugin ● Replays your actions • No need to write code ● Can export to perl, php, ruby .. • Which requires the a Selenium Remote Control Server • Which launches Firefox ● SSL Fun ahead
  • 28. Alternatives ● Sahi • Similar to selenium • Requires proxy ● www::mechanize ● Mechanize rubygem ● Webtest ● Your idea ?
  • 29. Other Solutions ● Use the java bindings • Undocumented • Will change ● Sniff and Replay Traffic ? ● Yours ?
  • 30. I want an API
  • 31. But ● GUI's will change • “Test will have to be rewriten” ● SSL Keymanagement stays hell ● This still is a one off approach
  • 32. Conclusions ● No good solution yet :( ● Talk to your upstream supplier • Vendor / project ● Be patient ● Show the good example ● All bugs produced during this experience are on https://github.com/KrisBuytaert
  • 33. So how would YOU solve this ?
  • 34. Contact Kris Buytaert Kris.Buytaert@inuits.be Further Reading @KrisBuytaert http://www.krisbuytaert.be/blog/ http://www.inuits.be/ http://www.virtualization.com/ http://www.oreillygmt.com/ Inuits Esquimaux 't Hemeltje Kheops Business Gemeentepark 2 Center 2930 Brasschaat Avenque Georges 891.514.231 Lemaître 54 6041 Gosselies +32 473 441 636 889.780.406