Puppet Conf 2012 - Managing Network Devices with Puppet

4,283 views

Published on

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
4,283
On SlideShare
0
From Embeds
0
Number of Embeds
15
Actions
Shares
0
Downloads
48
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Puppet Conf 2012 - Managing Network Devices with Puppet

  1. 1. Managing Network Devices Nan Liu // Sept. 27, 2012Monday, September 17, 12
  2. 2. Network Devices • Why Puppet? • Puppet Device • Load Balancer Demo • Developing Devices (Advanced)Monday, September 17, 12
  3. 3. Application Deployment • Server + Puppet • ??? • Profit!Monday, September 17, 12
  4. 4. Missing Step? • Linking Application ServicesMonday, September 17, 12
  5. 5. #puppetize • Network Device + PuppetMonday, September 17, 12
  6. 6. Puppet Proxy Agent • Certificates • Retrieves Device Plugins • Retrieves Device Catalog • Connects to Device • Apply Device Resources • Reports to MasterMonday, September 17, 12
  7. 7. Proxy Agent • Workflow Device Proxy Agent Puppet Master Device Cert Plugins Device Connect Custom Facts Compile Catalog (functions) Apply Catalog Device resource puppet report Report? Report Procesor FinishMonday, September 17, 12
  8. 8. Commands • facter • puppet resource • puppet apply (maybe) • puppet deviceMonday, September 17, 12
  9. 9. Device.conf • $confdir/device.conf: [node1_name] type <device_type> url <protocol://username:password@url/> [node2_name] type <device_type> url <protocol://username:password@url/>Monday, September 17, 12
  10. 10. Device $vardir • $vardir(/var/lib/puppet /var/opt/lib/pe-puppet) # tree ./devices └── f5.puppetlabs.lan ├── client_yaml ├── facts ├── ssl └── stateMonday, September 17, 12
  11. 11. Puppet Resource • Abstraction (Type/Provider) • Declarative (Language) • Idempotent (Enforcement)Monday, September 17, 12
  12. 12. Manifest v.s. GUI f5_pool { apt.puppetlabs.com:   ensure => present,   action_on_service_down => SERVICE_DOWN_ACTION_NONE,   allow_nat_state => STATE_ENABLED,   allow_snat_state => STATE_ENABLED,   client_ip_tos => 65535,   client_link_qos => 65535,   gateway_failsafe_unit_id => 0,   lb_method => LB_METHOD_ROUND_ROBIN,   member => {10.10.0.22:8080 => {...}, 10.10.0.23:8080 => {...}, 10.10.0.24:80 => {...}},   minimum_active_member => 0,   minimum_up_member => 0,   minimum_up_member_action => HA_ACTION_FAILOVER,   minimum_up_member_enabled_state => STATE_DISABLED,   monitor_association => {...},   server_ip_tos => 65535,   server_link_qos => 65535,   simple_timeout => 0,   slow_ramp_time => 10, }Monday, September 17, 12
  13. 13. Manifests = Text • Version Control • Auditing • WorkflowMonday, September 17, 12
  14. 14. Resource Demo • export FACTER_url=https://admin:admin@f5/ • puppet resource f5_*Monday, September 17, 12
  15. 15. Web Module • web::site definition: define web::site (   $port = 80, # F5 pool member settings:   $connection_limit = 0,   $dynamic_ratio = 1,   $priority = 0,   $ratio = 1 ) { # setup web service. }Monday, September 17, 12
  16. 16. Web Server Nodes • webservers nodes: node /^webserver21/ {   web::site { apt.puppetlabs.com:     port => 8080,   } } node /^webserver22/ {   web::site { apt.puppetlabs.com:     port => 80,     connection_limit => 100,   }   web::site { yum.puppetlabs.com:     port => 8080,   } }Monday, September 17, 12
  17. 17. Composing Services • Network Device = Nodes node f5.puppetlabs.lan { f5_virtualserver { apt.puppetlabs.com:    ...   }   f5_pool { apt.puppetlabs.com:   ...   }   f5_monitor { apt.puppetlabs.com:    ...   } }Monday, September 17, 12
  18. 18. Problem? • f5_pool member ip address:Monday, September 17, 12
  19. 19. Export Resources? • ONLY export/collect resources. f5_pool { apt.puppetlabs.com:   ensure => present,   lb_method => LB_METHOD_ROUND_ROBIN,   member => { 10.10.0.22:8080 => {},                  10.10.0.23:8081 => {},             10.10.0.24:80 => {},   }, } • f5_poolmember ?Monday, September 17, 12
  20. 20. Resources Meta Type • Puppet Resources: resources { f5_poolmember:   purge => true, } • Does not support Resource subset =/ purge poolmember in pool ‘X’ ?Monday, September 17, 12
  21. 21. Query Puppet DB • ruby-puppetdb: https://github.com/ripienaar/ruby-puppetdb • puppetdb query: https://github.com/dalen/puppet- puppetdbqueryMonday, September 17, 12
  22. 22. Puppet Catalog • Puppet Catalog = Resources + Relationship • Facts + Manifests => compilation => Catalog Facts Agent MasterMonday, September 17, 12
  23. 23. Puppet Catalog • Puppet Catalog = Resources + Relationship • Facts + Manifests => compilation => Catalog Facts Agent MasterMonday, September 17, 12
  24. 24. Puppet Catalog • Puppet Catalog = Resources + Relationship • Facts + Manifests => compilation => Catalog Agent MasterMonday, September 17, 12
  25. 25. Puppet Catalog • Puppet Catalog = Resources + Relationship • Facts + Manifests => compilation => Catalog Agent MasterMonday, September 17, 12
  26. 26. Puppet Catalog • Puppet Catalog = Resources + Relationship • Facts + Manifests => compilation => Catalog Agent MasterMonday, September 17, 12
  27. 27. Puppet Catalog • Puppet Catalog = Resources + Relationship • Facts + Manifests => compilation => Catalog Catalog Agent MasterMonday, September 17, 12
  28. 28. Puppet Catalog • Puppet Catalog = Resources + Relationship • Facts + Manifests => compilation => Catalog Catalog Agent MasterMonday, September 17, 12
  29. 29. Puppet DB • Stores all client catalogs Master Puppet DB Web Server 1 Web Server 2Monday, September 17, 12
  30. 30. Puppet DB • Stores all client catalogs Master Puppet DB Web Server 1 Web Server 2Monday, September 17, 12
  31. 31. Puppet DB • Stores all client catalogs Master Puppet DB Web Server 1 Web Server 2Monday, September 17, 12
  32. 32. Puppet DB • Stores all client catalogs Master Puppet DB Web Server 1 Web Server 2Monday, September 17, 12
  33. 33. Puppet DB • Stores all client catalogs Master Puppet DB Web Server 1 Web Server 2Monday, September 17, 12
  34. 34. web::loadbalancer define web::loadbalancer (   $site = $name, $address, $port = 80 ) {   f5_virtualserver { $name:     ensure => present,     connection_limit => 0,     default_pool_name => $name,     destination => "${address}:${port}",     require => F5_pool[$name],   } # $member = ???   f5_pool { $name:     ensure => present,     lb_method => LB_METHOD_ROUND_ROBIN,     member => $member,   } }Monday, September 17, 12
  35. 35. Query Puppet DB • puppet query resource --query=Class[web::server] --filter=Web::Site[apt.puppetlabs.com] --render-as yaml "Web::Site[apt.puppetlabs.com]": - parameters: port: "8080" nodes: - webserver22 - webserver23 - parameters: port: "80" connection_limit: "100" nodes: - webserver24Monday, September 17, 12
  36. 36. Pool Member $ip_facts = query_facts(ipaddress, Class[web::server]) $websites = query_resources(Class[web::server], "Web::Site[${site}]") $member = web_poolmember($ip_facts, $websites) • Results { "10.0.2.24:80" => { "connection_limit" => "0",  "ratio" => "1",     "priority" => "3", "dynamic_ratio" => "1" },   "10.0.2.22:8080" => { "connection_limit" => "0", "ratio" => "1",     "priority" => "1",     "dynamic_ratio" => "1"} }Monday, September 17, 12
  37. 37. Device Node • F5 node: node f5.puppetlabs.lan {   web::loadbalancer { apt.puppetlabs.com:     address => 192.168.1.200,   }   web::loadbalancer { yum.puppetlabs.com:     address => 192.168.1.201,   }   web::loadbalancer { download.puppetlabs.com:     address => 192.168.1.202,   } }Monday, September 17, 12
  38. 38. Demo • Update web::site deployment • Update F5 LoadbalancerMonday, September 17, 12
  39. 39. Developing Devices • WARNING: Recommend developing regular Puppet Type/Provider first. Recommend developing regular Puppet Type/Provider first. Recommend developing regular Puppet Type/Provider first. Recommend developing regular Puppet Type/Provider first. ... • Puppet Type/Provider Session (Dan)Monday, September 17, 12
  40. 40. Developing Devices • Transport • Facter • Type • Provider (retrieve/set)Monday, September 17, 12
  41. 41. Transport • device.conf [node_name] type <device_type> url <protocol://username:password@url/> • telnet • ssh • iControl (SOAP) • (netconf)Monday, September 17, 12
  42. 42. Initialize Device • puppet/util/network_device.rb class Puppet::Util::NetworkDevice   ...   def self.init(device)     require "puppet/util/network_device/#{device.provider}/device"     @current = Puppet::Util::NetworkDevice. const_get(device.provider.capitalize). const_get(:Device).new(device.url)   rescue => detail     raise "Cant load #{device.provider} for #{device.name}: #{detail}"   end endMonday, September 17, 12
  43. 43. device.rb • puppet/util/network_device/<type>/device.rb class Puppet::Util::NetworkDevice::Juniper   attr_accessor :url, :transport   def initialize(url)     @url = URI.parse(url)     @transport = Puppet::Util::NetworkDevice::Transport::Juniper.new     end   end   def facts     @facts ||= Puppet::Util::NetworkDevice::Transport::Juniper::facts.new(@transport)     @facts.retrieve   end endMonday, September 17, 12
  44. 44. Device Facts • puppet/util/network_device/<type>/facts.rbMonday, September 17, 12
  45. 45. Type • apply_to_all • apply_to_host • apply_to_device Puppet::Type.newtype(:f5_monitor) do   @doc = "Manage F5 monitor."   apply_to_device   ensurable   ...   newproperty(:template_state) do     desc "The monitor templates enabled/disabled states."     newvalues(/^STATE_(DISABLED|ENABLED)$/)   end endMonday, September 17, 12
  46. 46. Provider • ssh/telnet: output = transport.command(sh interface) • Access custom transport:   def self.transport     if Facter.value(:url) then       Puppet.debug "F5: connecting via facter url."       @device ||= Puppet::Util::NetworkDevice::F5::Device.new(Facter.value(:url))     else       @device ||= Puppet::Util::NetworkDevice.current       raise Puppet::Error, "Error Msg..." unless @device     end     @tranport = @device.transport   endMonday, September 17, 12
  47. 47. Testing • Puppet Resource (self.instances) • Puppet Apply (apply_to_host)Monday, September 17, 12
  48. 48. Future • Software defined infrastructure • Systems (Google Compute Engine as Resource) • Application (puppet agent) • Network (puppet device)Monday, September 17, 12
  49. 49. Questions?Monday, September 17, 12
  50. 50. Thank you for attendingMonday, September 17, 12

×