Puppet for Sys Admins


Published on

"Puppet for Sys Admins" by Stephen Wallace of ICE at Puppet Camp Melbourne 2013.

Published in: Technology
No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Puppet for Sys Admins

  1. 1. Puppet for Sysadmins PuppetCamp 2013 – MelbourneDownload from – http://www.icesystems.com.au/puppet
  2. 2. Och Aye The Noo! (oh yes, right now!)Stephen Wallace20 years experiencePredom *nix / sysadmin backgroundSenior management - teams up to 20Large heavily integrated systemsHealth, Online Gaming, RecruitmentICE Systems 18 mths....one of the Puppet go to guysstephen.wallace@icesystems.com.auLinkedin: http://au.linkedin.com/in/stephenwallace
  3. 3. Who am I talking to? Sysadmin Operations management Nae sayers? ...and the Puppet newbs …and why should you listen?
  4. 4. Spot the challenge!An extract from my Linkedin profile(au.linkedin.com/in/stephenwallace) Harvey Nash, Database Administrator, London Hays Personnel Services, IT Manager ANZ, Sydney Saffron Consulting, Unix/Linux Consultant, Sydney Corporate Express, Business Systems Manager, Sydney NHS, Unix Services Manager, Glasgow Casino.com, Technical Operations Manager, Gibraltar Healthecare Aust, IT Operations Manager, Sydney ICE Systems, Solution Architect, Sydney
  5. 5. Puppet ...forNon-proggies : 101 PuppetCamp 2013 - Sydney
  6. 6. Begin with the end in mind“Would you tell me, please, which way I ought to go from here?”“That depends a good deal on where you want to get to“, said thecat.“I don’t much care where”, said Alice.“Then it doesn’t matter which way you go”, said the cat.(Alices Adventures in Wonderland, chapter 6) ...the importance of goals
  7. 7. Goals! Talkers Doers (AKA Management) (You know who you are) Availability Scalability Supportability Predictability AgilityKeepTheCostsDownAbility! …and Cloudability
  8. 8. Goals for doers? Reusable wins.....everybody listening? Fix stuff once Reduce support workload, so can finally get to that more interesting project stuff! Monitoring....that someone else maintains :) Documentation...ditto Weekends / sleep Pub by 5 (past 4 preferably)
  9. 9. Goals for everybody?
  10. 10. Recent Engagements Research-centric academic institution Publishing / media company Insurance brokerage Ecommerce / magazine Commonalities Small teams No opex budget # Users / power users up Provisioning demands up Diversity up Ratio of dev lead : ops lead initiatives....... 3:1
  11. 11. What I did NOT need! ...a neckbeard, ..or, an Apple Macbook
  12. 12. What I DID need• A paradigm shift ALSO…Willingness to learn Willingness to collaborate
  13. 13. Times are a Changin Installing a new web server...Then (with a cast of 1000s) Now...via templatesRack n stack Launch hypervisor or AWS Management ConsoleInstall and lock down o/s Choose your templatePass to application / web Click a buttonteamPass to database teamConfigure some monitoringDraw some diagrams ndocument.Test, and transition thruchangemanagement...fingerscrossed....and with Puppet, it can get a bit easier!
  14. 14. Initial reaction to the word...“Devops”...The objection is rarely the objection!“We are not proggies, were sys admins”Keep Calm, ...and Carry On
  15. 15. “Proggie syntax is WAY too hard...”Ops boys and girls love scripting...right?Puppet can write Puppet code! puppet resource user...handy! puppet resource - types (lots of fun for all the family) ...and theres lots of “inspirational” stuff from the Forge ( http://forge.puppetlabs.com )!  puppet module search mysql (gem install puppet-module)
  16. 16. Building a module, the easy wayA simple manifest`puppet resource service ssh` - outputs validsyntaxA module`puppet module generate x-blah` - Rename moduledir and make sure this is reflected in the class name inmanifests/init.pp and tests/init.ppA classalready in the `tests` directory.Puppet apply -v ./init.pp --noop
  17. 17. Native tools for syntax checkingpuppet parser validate blah.pp
  18. 18. Syntax Highlighting ToolsPut a bit of colour in your life...vim-puppetsyntastic - similar
  19. 19. There will still be a few sceptics
  20. 20. Geppetto Have a look! Self contained IDE Syntax examples with mouseover Autocorrects stuff! Integrates with source control Integrates into CI Integrates with the Forge!
  21. 21. A question of style?
  22. 22. Finding this all a bit testing?Rspec-puppet - why test your modules,using yet another language?Check it out...http://rspec-puppet.com/
  23. 23. Hiera! How can it benefit the ops crowd?  A simple pluggable, hierarchical database  Included with Puppet Enterprise, gem install for opensource  Allows data to be separated from code  Cleaner, more supportable manifests
  24. 24. How does Hiera work?HTTP VS APACHE2?hiera.conf…you know conf files...right?!:hierarchy: - nodes/%{fqdn} - %{operatingsystem} - common:backends: - yaml:yaml: :datadir: /etc/puppetlabs/hieradataroot@hpmini:~# facter operatingsystemUbunturoot@hpmini:/etc/puppetlabs/hieradata/Ubuntu# cat common.yamlwebserver: apache2
  25. 25. Hiera syntax You either do this...centos, redhat, oel, oraclelinux, linux: { $supported = true Or this… $webserver = [ "apache2" ] $webserver = hiera(webserver,httpd) $svc_name = "apache2" if $webserver != nil { $config = "/etc/apache2/httpd.conf" package { $webserver: if $::operatingsystemrelease =~ /^5/ { ensure => present $config_tpl = httpd.conf.el.erb } } elsif $::operatingsystemrelease =~ /^6/ { $config_tpl = httpd.conf.el6.erb } else { fail("the webserver module doesnt know what template to use for your $ {::operatingsystemrelease}")
  26. 26. Augeus! Love those conf files... $defaultrunlevel = hiera(defaultrunlevel,3) augeas { "runlevel": context => "/files/etc/inittab", changes => [ "set id/runlevels $ {defaultrunlevel}", ], }root@hpmini:/etc/puppetlabs/hieradata/production# grep defaultrunlevel common.yamldefaultrunlevel: 3
  27. 27. Ruby – Not that scary Deep breath...  yum install blah.rpm (familiar?)  apt-get install stuff  ...gem install puppet-lint (!)
  28. 28. Provisioning - libvirt, EC2, RHEV - Oracle VirtualboxPuppet’s • Razor. Growing popularity • AWS & VMWare!
  29. 29. MCollectiveBenefits?• How many of my machines are running RHEL 6.1?• How many are running a particular release of a software package?• Monitor all of my servers for a resource level?Mcollective can help manage, monitor, control Puppet, collect performance and inventory data...so...so...check it out!
  30. 30. The Holy TrinityIT Ops Management Challenges Responding toProductivity and Efficiency Business Needs Configuration Drift Lack of Visibility
  31. 31. What its like in the trenches Application Application Systems Application DatabaseService Desk Support Developer Administrator Developer AdministratorLog call. The Java Stop working Stop what Manual DBA analyzesconsole says monitoring on new code to they’re doing to investigation audit logseverything is tools don’t troubleshoot. identify and establishes not which points green. show anything Need gather application to bad query. either. Call the production production logs problem. developer. logs! for developer. NowEscalate. Escalate. Escalate. Respond Escalate. what? .
  32. 32. Monitoring detects theservice outage - Nagios
  33. 33. Root Cause Analysis - Splunk• IT Operations review monitoring info, and feed relevant details into Splunk for event correlation over all enterprise devicesA config file has been manually updated….badly, causing the outage
  34. 34. Fix It Once!• Write a manifest to manage the files and fix the issue• Maybe use Puppet to write the Nagios cfg “Exported resources” / templates• Monitoring = green lights
  35. 35. But were an enterprise shop...Puppets not quite there yet, Shirley?Client side• Ruby brush n scrub up. Load reduced.• Good install supportServer side• PuppetDB• Phusion Passenger• ActiveMQ• REST API
  36. 36. Reinvent yourself every 2 years New tools?!…but we’remaking too much progress! Devops person?
  37. 37. Training helpsPuppet FundamentalsProductive in a day, or two Certification program Puppet Professional + Puppet Developer -> Puppet Master
  38. 38. Any other useful stuff?• What about DR? (Dont forget your certs!)• Automated doco? • /etc/puppet/modules/ssh/manifests# puppet doc ./init.pp• Dependency diagrams • dot -Tpng /var/opt/lib/pe- puppet/state/graphs/resources.dot -o /tmp/configuration.pngStill sounds risky? --noop!Even the CAB will like you!
  39. 39. Puppet Enterprise, why do people choose it?Many of the tools are pre-compiledLow stress, upgradable solutionCeiling install...peace of mindDashboardMcollectiveCloud Provisioner - AWS & VMWareSupportable :)So what your next step?
  40. 40. Start small, and KISS! “A journey of a 1000 miles...” A.N. Other Smart Person Just start! Download the training VM Do the tutorials Use the Forge for inspiration! Use Google Groups – puppet-users@googlegroups.com to start ...then puppet-dev@ when confidence starts to grow Use the supporting toolsets Use –noop! Derisk n smile Padding on the right shoulder might also be useful...
  41. 41. “Were not proggies... were sys admins!”Plenty of options available to thesysadmins who does not retool... or
  42. 42. ReferencesLearn Puppet in small chunks...http://info.puppetlabs.com/download-pdfs.htmlhttp://forge.puppetlabs.com/http://docs.puppetlabs.com/guides/tools.htmlpuppet-rspec - Easy intro http://puppetlabs.com/blog/the-next-generation-of-puppet-module-testing/http://theforeman.org/, http://www.vagrantup.com/http://cloudsmith.github.com/geppetto/ Puppet for sysadmins...