SlideShare a Scribd company logo

Puppet at Cisco for managing infrastructure

Download as PPTX, PDF
Puppet
Puppet

"Puppet for Production in WebEx" by Reinhardt Quelle, Cloud Services Architect, Cisco. Presentation Overview: Getting started with Puppet configuring an individual machine is straightforward. Managing a cluster of machines across multiple data centers, supporting upgrades while running a 7x24 service, and building for collaboration is significantly more challenging. The WebEx team will discuss the problems and some strategies they are using to manage this complexity. Speaker Bio: Reinhardt Quelle is a Cloud Services Architect in the Cloud Collaboration Applications group at Cisco, where he’s responsible for defining infrastructure architecture and deployment automation . His group manages thousands of servers across multiple data centers around the world serving multiple applications, including WebEx conferencing, to tens of millions of users. In prior roles, he’s worked extensively in SaaS operations, delivering diverse applications from email security through social media applications.

TechnologyEducation
1 of 32
Cisco Confidential© 2011 Cisco and/or its affiliates. All rights reserved. 1 Puppet at Cisco CCATG Aug 23, 2013 Reinhardt Quelle, Cloud Services Architect
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2 Millions of Meetings for 10s of Millions of Users totaling Billions of Minutes each month 7x24x365 Cisco Social WebEx Connect
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3 U S U K Indi a Australi a China Hong Kong Amsterdam Japa n ~ 7K Hosts ~ 8 Data Centers > 12 iPOPs Private Backbone
Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 4Cisco Confidential 4© 2011 Cisco and/or its affiliates. All rights reserved.
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9 Files Packages = Users Services … Etc.
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10 Manifests - nodes.pp - site.pp Classes, Modules =
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13 BaseOS_Hardening v1.1 ElasticSearch v0.20.6 JRE v1.7.0_25 BaseOS_Hardening v1.1 ElasticSearch v0.90.2-1 JRE v1.7.0_25 • Some systems can simply be knocked over the head and recreated with fresh versions • Others – notably most database servers – cannot; updates are performed in-place • “Big Bang” upgrades don’t often happen; we step methodically through groups of machines
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15 DC1 DC2 Multiple DC Pairs Multiple Clusters of each Service type • By Customer Class • By Lifecycle Stage • By Special Needs
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16 By DC Or by Node v1 v1 v2 v2 v1 v1 v2v2
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17 “Blueprints” or “Models” • JSON/YAML • TOSCA • CMDB * Orchestration • Fabric • SLiM • Mcollective
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18 Puppet Master Manifests & Modules DC1 DC2
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19 Puppet Master Manifests & Modules DC1 DC2 Guess when you’ll need to push infrastructure changes the most!
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20 Puppet Master Manifests & Modules DC1 DC2 Puppet Master Manifests & Modules
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21 Puppet Master Manifests & Modules DC1 DC2 Puppet Master Manifests & Modules
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22 WebEx Meetings WebEx Connect
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23 puppet apply -–modulepath=/opt/puppet_local --execute “include servertype::front-end” Manifests & Modules copy [/etc/puppet/*] to each node
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24 Manifests & Modules .rpm or .deb yum install app_pp_v1 && puppet apply …‟ private package repository
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25 ssh node81 „yum install app_pp_v1 && puppet apply …‟ fab dfw-frontends pp_apply:latest‟ Fabric Mcollective Salt Ansible
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26 • Application Stacks/Deployment are NOT Homogenous • The “right” solution for one stack not always right for another • Share as much as possible, but don’t force it • Tightly coupled systems are often rigid, brittle • Solving big, general problems is hard; small bites are easily digested “A foolish consistency is the hobgoblin of little minds” – Emerson
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27 • Every artifact (module, manifest, Hiera file) is checked into version control • Versions are packaged and released and should go through same promotion process as application code • All good coding practices apply Modular Well defined interfaces Tested Shared
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28 • Modules are the atomic packages of configuration • “Profiles” bundle modules into commonly used sets for ease of consumption: BaseOS JavaApp Tomcat App • A given machine has exactly one “ServerType” • Inspired by Chef’s “roles”, and similar to Craig Dunn’s Role/Profile/Modules • At the code level, these are actually all just modules
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29 • Build loosely coupled modules that can work together if installed together, but that can stand on own, too • Example: standard monit config includes /etc/monit/conf.d/* Application that wants to be monitored just drops file in this location • logrotate, collectd, apache, nginx, etc all support class elasticsarch { … if $monit::include_dir != undef { validate_absolute_path($monit::include_dir) file { "${monit::include_dir}/${monit_config_file_name}": ensure => present, content => template("elasticsearch/${monit_config_file_name}.erb"), notify => Service['monit'], } } }
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30 • The singleton ServerType defines which profiles and modules are included; structure and order • Puppet Librarian and its Puppetfile describe which version of a module is used, and where it comes from • After Puppet Librarian has run and downloaded all required assets, FPM is called upon to build the package • Dev cycle includes doing local builds/tests against Vagrant in both develpers personal machines as well as the Jenkin’s build farm • Upon successful build, packages are uploaded to repositories
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31 • Dependencies in Puppet, not RPM/DEB • Packaging works for deploying to Puppetmasters, too. • Modules are designed for transparency, simplicity: “4AM-proofing” • Composition usually trumps inheritance • Tim Bell and the CERN folks talk of “Pets” and “Cattle” You can only shoot a system in the head if you can create another at will • “Fried” or “Baked”? YES.
Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 36Cisco Confidential© 2011 Cisco and/or its affiliates. All rights reserved. 36

Recommended

Puppet day v1.1
Puppet day v1.1Puppet day v1.1
Puppet day v1.1Wojciech Dec
 
Nexus1000V on KVM and OpenStack Integration
Nexus1000V on KVM and OpenStack IntegrationNexus1000V on KVM and OpenStack Integration
Nexus1000V on KVM and OpenStack Integrationopenstackindia
 
SCAP and NETCONF
SCAP and NETCONFSCAP and NETCONF
SCAP and NETCONFc3i
 
IPv6 for Pentesters
IPv6 for PentestersIPv6 for Pentesters
IPv6 for PentestersNotSoSecure Global Services
 
Istio Cloud Native Online Series - Intro to Istio Security
Istio Cloud Native Online Series - Intro to Istio SecurityIstio Cloud Native Online Series - Intro to Istio Security
Istio Cloud Native Online Series - Intro to Istio SecurityMatt Baldwin
 
Down by the Docker
Down by the DockerDown by the Docker
Down by the DockerNotSoSecure Global Services
 
CDI and Seam 3: an Exciting New Landscape for Java EE Development
CDI and Seam 3: an Exciting New Landscape for Java EE DevelopmentCDI and Seam 3: an Exciting New Landscape for Java EE Development
CDI and Seam 3: an Exciting New Landscape for Java EE DevelopmentSaltmarch Media
 
Considerations for Operating An OpenStack Cloud
Considerations for Operating An OpenStack CloudConsiderations for Operating An OpenStack Cloud
Considerations for Operating An OpenStack CloudMark Voelker
 

Recommended

Puppet day v1.1
Puppet day v1.1Puppet day v1.1
Puppet day v1.1Wojciech Dec
 
Nexus1000V on KVM and OpenStack Integration
Nexus1000V on KVM and OpenStack IntegrationNexus1000V on KVM and OpenStack Integration
Nexus1000V on KVM and OpenStack Integrationopenstackindia
 
SCAP and NETCONF
SCAP and NETCONFSCAP and NETCONF
SCAP and NETCONFc3i
 
IPv6 for Pentesters
IPv6 for PentestersIPv6 for Pentesters
IPv6 for PentestersNotSoSecure Global Services
 
Istio Cloud Native Online Series - Intro to Istio Security
Istio Cloud Native Online Series - Intro to Istio SecurityIstio Cloud Native Online Series - Intro to Istio Security
Istio Cloud Native Online Series - Intro to Istio SecurityMatt Baldwin
 
Down by the Docker
Down by the DockerDown by the Docker
Down by the DockerNotSoSecure Global Services
 
CDI and Seam 3: an Exciting New Landscape for Java EE Development
CDI and Seam 3: an Exciting New Landscape for Java EE DevelopmentCDI and Seam 3: an Exciting New Landscape for Java EE Development
CDI and Seam 3: an Exciting New Landscape for Java EE DevelopmentSaltmarch Media
 
Considerations for Operating An OpenStack Cloud
Considerations for Operating An OpenStack CloudConsiderations for Operating An OpenStack Cloud
Considerations for Operating An OpenStack CloudMark Voelker
 
Nse 4 certification
Nse 4 certificationNse 4 certification
Nse 4 certificationOlsianGue
 
ROP ‘n’ ROLL, a peak into modern exploits
ROP ‘n’ ROLL, a peak into modern exploitsROP ‘n’ ROLL, a peak into modern exploits
ROP ‘n’ ROLL, a peak into modern exploitsAlexandre Moneger
 
Equifax cyber attack contained by containers
Equifax cyber attack contained by containersEquifax cyber attack contained by containers
Equifax cyber attack contained by containersAqua Security
 
Dev stacklabguide
Dev stacklabguideDev stacklabguide
Dev stacklabguideopenstackcisco
 
My sql 5.6 installation and upgradation steps in centos
My sql 5.6 installation and upgradation steps in centosMy sql 5.6 installation and upgradation steps in centos
My sql 5.6 installation and upgradation steps in centosPawan Kumar
 
How to Install & Configure Your Own Identity Manager GE
How to Install & Configure Your Own Identity Manager GEHow to Install & Configure Your Own Identity Manager GE
How to Install & Configure Your Own Identity Manager GEFIWARE
 
Modern apps with dcos
Modern apps with dcosModern apps with dcos
Modern apps with dcosSam Chen
 
Rolling upgrade OpenStack
Rolling upgrade OpenStackRolling upgrade OpenStack
Rolling upgrade OpenStackVietnam Open Infrastructure User Group
 
Multi-HV OpenStack - It's 2015 already, are we there yet?
Multi-HV OpenStack - It's 2015 already, are we there yet?Multi-HV OpenStack - It's 2015 already, are we there yet?
Multi-HV OpenStack - It's 2015 already, are we there yet?Dmitriy Novakovskiy
 
Juniper heartbleed bug
Juniper heartbleed bugJuniper heartbleed bug
Juniper heartbleed bugKappa Data
 
Compute Security - Container Security
Compute Security - Container SecurityCompute Security - Container Security
Compute Security - Container SecurityEng Teong Cheah
 
Code Factory avec GitLab CI et Rancher
Code Factory avec GitLab CI et RancherCode Factory avec GitLab CI et Rancher
Code Factory avec GitLab CI et RancherSUSE
 
Bringing ESX Deployments into native OpenStack OVSvApp
Bringing ESX Deployments into native OpenStack OVSvAppBringing ESX Deployments into native OpenStack OVSvApp
Bringing ESX Deployments into native OpenStack OVSvAppRomil Gupta
 
Applied Security for Containers, OW2con'18, June 7-8, 2018, Paris
Applied Security for Containers, OW2con'18, June 7-8, 2018, ParisApplied Security for Containers, OW2con'18, June 7-8, 2018, Paris
Applied Security for Containers, OW2con'18, June 7-8, 2018, ParisOW2
 
Linux Security, from Concept to Tooling
Linux Security, from Concept to ToolingLinux Security, from Concept to Tooling
Linux Security, from Concept to ToolingMichael Boelen
 
MySQL Cluster 8.0 tutorial text
MySQL Cluster 8.0 tutorial textMySQL Cluster 8.0 tutorial text
MySQL Cluster 8.0 tutorial textFrazer Clement
 
MySQL InnoDB Cluster / ReplicaSet - Tutorial
MySQL InnoDB Cluster / ReplicaSet - TutorialMySQL InnoDB Cluster / ReplicaSet - Tutorial
MySQL InnoDB Cluster / ReplicaSet - TutorialKenny Gryp
 
Mise en place d'un client VPN l2tp IPsec sous docker
Mise en place d'un client VPN l2tp IPsec sous dockerMise en place d'un client VPN l2tp IPsec sous docker
Mise en place d'un client VPN l2tp IPsec sous dockerNicolas Trauwaen
 
Mount10 india With Tridev Entertainment!
Mount10 india With Tridev Entertainment!Mount10 india With Tridev Entertainment!
Mount10 india With Tridev Entertainment!Rahul Masal
 
Virtual Networking Security - Perimeter Security
Virtual Networking Security - Perimeter SecurityVirtual Networking Security - Perimeter Security
Virtual Networking Security - Perimeter SecurityEng Teong Cheah
 
Praktische handvatten voor een private cloud implementatie
Praktische handvatten voor een private cloud implementatiePraktische handvatten voor een private cloud implementatie
Praktische handvatten voor een private cloud implementatieProact Netherlands B.V.
 
Considerations for Operating an OpenStack Cloud
Considerations for Operating an OpenStack CloudConsiderations for Operating an OpenStack Cloud
Considerations for Operating an OpenStack CloudAll Things Open
 

More Related Content

What's hot

Nse 4 certification
Nse 4 certificationNse 4 certification
Nse 4 certificationOlsianGue
 
ROP ‘n’ ROLL, a peak into modern exploits
ROP ‘n’ ROLL, a peak into modern exploitsROP ‘n’ ROLL, a peak into modern exploits
ROP ‘n’ ROLL, a peak into modern exploitsAlexandre Moneger
 
Equifax cyber attack contained by containers
Equifax cyber attack contained by containersEquifax cyber attack contained by containers
Equifax cyber attack contained by containersAqua Security
 
My sql 5.6 installation and upgradation steps in centos
My sql 5.6 installation and upgradation steps in centosMy sql 5.6 installation and upgradation steps in centos
My sql 5.6 installation and upgradation steps in centosPawan Kumar
 
How to Install & Configure Your Own Identity Manager GE
How to Install & Configure Your Own Identity Manager GEHow to Install & Configure Your Own Identity Manager GE
How to Install & Configure Your Own Identity Manager GEFIWARE
 
Modern apps with dcos
Modern apps with dcosModern apps with dcos
Modern apps with dcosSam Chen
 
Multi-HV OpenStack - It's 2015 already, are we there yet?
Multi-HV OpenStack - It's 2015 already, are we there yet?Multi-HV OpenStack - It's 2015 already, are we there yet?
Multi-HV OpenStack - It's 2015 already, are we there yet?Dmitriy Novakovskiy
 
Juniper heartbleed bug
Juniper heartbleed bugJuniper heartbleed bug
Juniper heartbleed bugKappa Data
 
Compute Security - Container Security
Compute Security - Container SecurityCompute Security - Container Security
Compute Security - Container SecurityEng Teong Cheah
 
Code Factory avec GitLab CI et Rancher
Code Factory avec GitLab CI et RancherCode Factory avec GitLab CI et Rancher
Code Factory avec GitLab CI et RancherSUSE
 
Bringing ESX Deployments into native OpenStack OVSvApp
Bringing ESX Deployments into native OpenStack OVSvAppBringing ESX Deployments into native OpenStack OVSvApp
Bringing ESX Deployments into native OpenStack OVSvAppRomil Gupta
 
Applied Security for Containers, OW2con'18, June 7-8, 2018, Paris
Applied Security for Containers, OW2con'18, June 7-8, 2018, ParisApplied Security for Containers, OW2con'18, June 7-8, 2018, Paris
Applied Security for Containers, OW2con'18, June 7-8, 2018, ParisOW2
 
Linux Security, from Concept to Tooling
Linux Security, from Concept to ToolingLinux Security, from Concept to Tooling
Linux Security, from Concept to ToolingMichael Boelen
 
MySQL Cluster 8.0 tutorial text
MySQL Cluster 8.0 tutorial textMySQL Cluster 8.0 tutorial text
MySQL Cluster 8.0 tutorial textFrazer Clement
 
MySQL InnoDB Cluster / ReplicaSet - Tutorial
MySQL InnoDB Cluster / ReplicaSet - TutorialMySQL InnoDB Cluster / ReplicaSet - Tutorial
MySQL InnoDB Cluster / ReplicaSet - TutorialKenny Gryp
 
Mise en place d'un client VPN l2tp IPsec sous docker
Mise en place d'un client VPN l2tp IPsec sous dockerMise en place d'un client VPN l2tp IPsec sous docker
Mise en place d'un client VPN l2tp IPsec sous dockerNicolas Trauwaen
 
Mount10 india With Tridev Entertainment!
Mount10 india With Tridev Entertainment!Mount10 india With Tridev Entertainment!
Mount10 india With Tridev Entertainment!Rahul Masal
 
Virtual Networking Security - Perimeter Security
Virtual Networking Security - Perimeter SecurityVirtual Networking Security - Perimeter Security
Virtual Networking Security - Perimeter SecurityEng Teong Cheah
 

What's hot (20)

Nse 4 certification
Nse 4 certificationNse 4 certification
Nse 4 certification
 
ROP ‘n’ ROLL, a peak into modern exploits
ROP ‘n’ ROLL, a peak into modern exploitsROP ‘n’ ROLL, a peak into modern exploits
ROP ‘n’ ROLL, a peak into modern exploits
 
Equifax cyber attack contained by containers
Equifax cyber attack contained by containersEquifax cyber attack contained by containers
Equifax cyber attack contained by containers
 
Dev stacklabguide
Dev stacklabguideDev stacklabguide
Dev stacklabguide
 
My sql 5.6 installation and upgradation steps in centos
My sql 5.6 installation and upgradation steps in centosMy sql 5.6 installation and upgradation steps in centos
My sql 5.6 installation and upgradation steps in centos
 
How to Install & Configure Your Own Identity Manager GE
How to Install & Configure Your Own Identity Manager GEHow to Install & Configure Your Own Identity Manager GE
How to Install & Configure Your Own Identity Manager GE
 
Modern apps with dcos
Modern apps with dcosModern apps with dcos
Modern apps with dcos
 
Rolling upgrade OpenStack
Rolling upgrade OpenStackRolling upgrade OpenStack
Rolling upgrade OpenStack
 
Multi-HV OpenStack - It's 2015 already, are we there yet?
Multi-HV OpenStack - It's 2015 already, are we there yet?Multi-HV OpenStack - It's 2015 already, are we there yet?
Multi-HV OpenStack - It's 2015 already, are we there yet?
 
Juniper heartbleed bug
Juniper heartbleed bugJuniper heartbleed bug
Juniper heartbleed bug
 
Compute Security - Container Security
Compute Security - Container SecurityCompute Security - Container Security
Compute Security - Container Security
 
Code Factory avec GitLab CI et Rancher
Code Factory avec GitLab CI et RancherCode Factory avec GitLab CI et Rancher
Code Factory avec GitLab CI et Rancher
 
Bringing ESX Deployments into native OpenStack OVSvApp
Bringing ESX Deployments into native OpenStack OVSvAppBringing ESX Deployments into native OpenStack OVSvApp
Bringing ESX Deployments into native OpenStack OVSvApp
 
Applied Security for Containers, OW2con'18, June 7-8, 2018, Paris
Applied Security for Containers, OW2con'18, June 7-8, 2018, ParisApplied Security for Containers, OW2con'18, June 7-8, 2018, Paris
Applied Security for Containers, OW2con'18, June 7-8, 2018, Paris
 
Linux Security, from Concept to Tooling
Linux Security, from Concept to ToolingLinux Security, from Concept to Tooling
Linux Security, from Concept to Tooling
 
MySQL Cluster 8.0 tutorial text
MySQL Cluster 8.0 tutorial textMySQL Cluster 8.0 tutorial text
MySQL Cluster 8.0 tutorial text
 
MySQL InnoDB Cluster / ReplicaSet - Tutorial
MySQL InnoDB Cluster / ReplicaSet - TutorialMySQL InnoDB Cluster / ReplicaSet - Tutorial
MySQL InnoDB Cluster / ReplicaSet - Tutorial
 
Mise en place d'un client VPN l2tp IPsec sous docker
Mise en place d'un client VPN l2tp IPsec sous dockerMise en place d'un client VPN l2tp IPsec sous docker
Mise en place d'un client VPN l2tp IPsec sous docker
 
Mount10 india With Tridev Entertainment!
Mount10 india With Tridev Entertainment!Mount10 india With Tridev Entertainment!
Mount10 india With Tridev Entertainment!
 
Virtual Networking Security - Perimeter Security
Virtual Networking Security - Perimeter SecurityVirtual Networking Security - Perimeter Security
Virtual Networking Security - Perimeter Security
 

Similar to Puppet at Cisco for managing infrastructure

Praktische handvatten voor een private cloud implementatie
Praktische handvatten voor een private cloud implementatiePraktische handvatten voor een private cloud implementatie
Praktische handvatten voor een private cloud implementatieProact Netherlands B.V.
 
Considerations for Operating an OpenStack Cloud
Considerations for Operating an OpenStack CloudConsiderations for Operating an OpenStack Cloud
Considerations for Operating an OpenStack CloudAll Things Open
 
Foreman-and-Puppet-for-Openstack-Audo-Deployment
Foreman-and-Puppet-for-Openstack-Audo-DeploymentForeman-and-Puppet-for-Openstack-Audo-Deployment
Foreman-and-Puppet-for-Openstack-Audo-Deploymentyating yang
 
OpenStack: Everything You Need to Know To Get Started
OpenStack: Everything You Need to Know To Get StartedOpenStack: Everything You Need to Know To Get Started
OpenStack: Everything You Need to Know To Get StartedAll Things Open
 
OpenStack: Everything You Need To Know to Get Started (ATO2014)
OpenStack: Everything You Need To Know to Get Started (ATO2014)OpenStack: Everything You Need To Know to Get Started (ATO2014)
OpenStack: Everything You Need To Know to Get Started (ATO2014)Mark Voelker
 
3 Years of Puppet at Cisco: The Secrets to Our Success - PuppetConf 2013
3 Years of Puppet at Cisco: The Secrets to Our Success - PuppetConf 20133 Years of Puppet at Cisco: The Secrets to Our Success - PuppetConf 2013
3 Years of Puppet at Cisco: The Secrets to Our Success - PuppetConf 2013Puppet
 
DEVNET-1148 Leveraging Cisco OpenStack Private Cloud for Developers
DEVNET-1148 Leveraging Cisco OpenStack Private Cloud for DevelopersDEVNET-1148 Leveraging Cisco OpenStack Private Cloud for Developers
DEVNET-1148 Leveraging Cisco OpenStack Private Cloud for DevelopersCisco DevNet
 
What's New in Grizzly & Deploying OpenStack with Puppet
What's New in Grizzly & Deploying OpenStack with PuppetWhat's New in Grizzly & Deploying OpenStack with Puppet
What's New in Grizzly & Deploying OpenStack with PuppetMark Voelker
 
NSO: Network Service Orchestrator enabled by Tail-f Hands-on Lab
NSO: Network Service Orchestrator enabled by Tail-f Hands-on LabNSO: Network Service Orchestrator enabled by Tail-f Hands-on Lab
NSO: Network Service Orchestrator enabled by Tail-f Hands-on LabCisco Canada
 
Microservices & Serverless Architecture Principles Applied - Cisco Live Orlan...
Microservices & Serverless Architecture Principles Applied - Cisco Live Orlan...Microservices & Serverless Architecture Principles Applied - Cisco Live Orlan...
Microservices & Serverless Architecture Principles Applied - Cisco Live Orlan...Cisco DevNet
 
Understanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NATUnderstanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NATCisco Russia
 
OpenStack + Cloud Foundry for the OpenStack Boston Meetup
OpenStack + Cloud Foundry for the OpenStack Boston MeetupOpenStack + Cloud Foundry for the OpenStack Boston Meetup
OpenStack + Cloud Foundry for the OpenStack Boston Meetupragss
 
Devicemgmt
DevicemgmtDevicemgmt
Devicemgmtxyxz
 
Cisco prime-nms-overview-hi-techdays deep dive
Cisco prime-nms-overview-hi-techdays deep diveCisco prime-nms-overview-hi-techdays deep dive
Cisco prime-nms-overview-hi-techdays deep divesolarisyougood
 
Cisco prime-nms-overview-hi-techdays deep dive
Cisco prime-nms-overview-hi-techdays deep diveCisco prime-nms-overview-hi-techdays deep dive
Cisco prime-nms-overview-hi-techdays deep divesolarisyougood
 

Similar to Puppet at Cisco for managing infrastructure (20)

Praktische handvatten voor een private cloud implementatie
Praktische handvatten voor een private cloud implementatiePraktische handvatten voor een private cloud implementatie
Praktische handvatten voor een private cloud implementatie
 
Considerations for Operating an OpenStack Cloud
Considerations for Operating an OpenStack CloudConsiderations for Operating an OpenStack Cloud
Considerations for Operating an OpenStack Cloud
 
Foreman-and-Puppet-for-Openstack-Audo-Deployment
Foreman-and-Puppet-for-Openstack-Audo-DeploymentForeman-and-Puppet-for-Openstack-Audo-Deployment
Foreman-and-Puppet-for-Openstack-Audo-Deployment
 
OpenStack: Everything You Need to Know To Get Started
OpenStack: Everything You Need to Know To Get StartedOpenStack: Everything You Need to Know To Get Started
OpenStack: Everything You Need to Know To Get Started
 
OpenStack: Everything You Need To Know to Get Started (ATO2014)
OpenStack: Everything You Need To Know to Get Started (ATO2014)OpenStack: Everything You Need To Know to Get Started (ATO2014)
OpenStack: Everything You Need To Know to Get Started (ATO2014)
 
Opensource tools for OpenStack IAAS
Opensource tools for OpenStack IAASOpensource tools for OpenStack IAAS
Opensource tools for OpenStack IAAS
 
5 cisco open_stack
5 cisco open_stack5 cisco open_stack
5 cisco open_stack
 
3 Years of Puppet at Cisco: The Secrets to Our Success - PuppetConf 2013
3 Years of Puppet at Cisco: The Secrets to Our Success - PuppetConf 20133 Years of Puppet at Cisco: The Secrets to Our Success - PuppetConf 2013
3 Years of Puppet at Cisco: The Secrets to Our Success - PuppetConf 2013
 
Ansible for networks
Ansible for networksAnsible for networks
Ansible for networks
 
DEVNET-1148 Leveraging Cisco OpenStack Private Cloud for Developers
DEVNET-1148 Leveraging Cisco OpenStack Private Cloud for DevelopersDEVNET-1148 Leveraging Cisco OpenStack Private Cloud for Developers
DEVNET-1148 Leveraging Cisco OpenStack Private Cloud for Developers
 
What's New in Grizzly & Deploying OpenStack with Puppet
What's New in Grizzly & Deploying OpenStack with PuppetWhat's New in Grizzly & Deploying OpenStack with Puppet
What's New in Grizzly & Deploying OpenStack with Puppet
 
Cisco DCACI
Cisco DCACICisco DCACI
Cisco DCACI
 
NSO: Network Service Orchestrator enabled by Tail-f Hands-on Lab
NSO: Network Service Orchestrator enabled by Tail-f Hands-on LabNSO: Network Service Orchestrator enabled by Tail-f Hands-on Lab
NSO: Network Service Orchestrator enabled by Tail-f Hands-on Lab
 
Microservices & Serverless Architecture Principles Applied - Cisco Live Orlan...
Microservices & Serverless Architecture Principles Applied - Cisco Live Orlan...Microservices & Serverless Architecture Principles Applied - Cisco Live Orlan...
Microservices & Serverless Architecture Principles Applied - Cisco Live Orlan...
 
Understanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NATUnderstanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NAT
 
OpenStack + Cloud Foundry for the OpenStack Boston Meetup
OpenStack + Cloud Foundry for the OpenStack Boston MeetupOpenStack + Cloud Foundry for the OpenStack Boston Meetup
OpenStack + Cloud Foundry for the OpenStack Boston Meetup
 
Devicemgmt
DevicemgmtDevicemgmt
Devicemgmt
 
Cisco prime-nms-overview-hi-techdays deep dive
Cisco prime-nms-overview-hi-techdays deep diveCisco prime-nms-overview-hi-techdays deep dive
Cisco prime-nms-overview-hi-techdays deep dive
 
Cisco prime-nms-overview-hi-techdays deep dive
Cisco prime-nms-overview-hi-techdays deep diveCisco prime-nms-overview-hi-techdays deep dive
Cisco prime-nms-overview-hi-techdays deep dive
 
ACI Hands-on Lab
ACI Hands-on LabACI Hands-on Lab
ACI Hands-on Lab
 

More from Puppet

Puppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepoPuppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepoPuppet
 
Puppetcamp r10kyaml
Puppetcamp r10kyamlPuppetcamp r10kyaml
Puppetcamp r10kyamlPuppet
 
2021 04-15 operational verification (with notes)
2021 04-15 operational verification (with notes)2021 04-15 operational verification (with notes)
2021 04-15 operational verification (with notes)Puppet
 
Puppet camp vscode
Puppet camp vscodePuppet camp vscode
Puppet camp vscodePuppet
 
Modules of the twenties
Modules of the twentiesModules of the twenties
Modules of the twentiesPuppet
 
Applying Roles and Profiles method to compliance code
Applying Roles and Profiles method to compliance codeApplying Roles and Profiles method to compliance code
Applying Roles and Profiles method to compliance codePuppet
 
KGI compliance as-code approach
KGI compliance as-code approachKGI compliance as-code approach
KGI compliance as-code approachPuppet
 
Enforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automationEnforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automationPuppet
 
Keynote: Puppet camp compliance
Keynote: Puppet camp complianceKeynote: Puppet camp compliance
Keynote: Puppet camp compliancePuppet
 
Automating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNowAutomating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNowPuppet
 
Puppet: The best way to harden Windows
Puppet: The best way to harden WindowsPuppet: The best way to harden Windows
Puppet: The best way to harden WindowsPuppet
 
Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020Puppet
 
Accelerating azure adoption with puppet
Accelerating azure adoption with puppetAccelerating azure adoption with puppet
Accelerating azure adoption with puppetPuppet
 
Puppet catalog Diff; Raphael Pinson
Puppet catalog Diff; Raphael PinsonPuppet catalog Diff; Raphael Pinson
Puppet catalog Diff; Raphael PinsonPuppet
 
ServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin ReeuwijkServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin ReeuwijkPuppet
 
Take control of your dev ops dumping ground
Take control of your dev ops dumping groundTake control of your dev ops dumping ground
Take control of your dev ops dumping groundPuppet
 
100% Puppet Cloud Deployment of Legacy Software
100% Puppet Cloud Deployment of Legacy Software100% Puppet Cloud Deployment of Legacy Software
100% Puppet Cloud Deployment of Legacy SoftwarePuppet
 
Puppet User Group
Puppet User GroupPuppet User Group
Puppet User GroupPuppet
 
Continuous Compliance and DevSecOps
Continuous Compliance and DevSecOpsContinuous Compliance and DevSecOps
Continuous Compliance and DevSecOpsPuppet
 
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick MaludyThe Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick MaludyPuppet
 

More from Puppet (20)

Puppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepoPuppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepo
 
Puppetcamp r10kyaml
Puppetcamp r10kyamlPuppetcamp r10kyaml
Puppetcamp r10kyaml
 
2021 04-15 operational verification (with notes)
2021 04-15 operational verification (with notes)2021 04-15 operational verification (with notes)
2021 04-15 operational verification (with notes)
 
Puppet camp vscode
Puppet camp vscodePuppet camp vscode
Puppet camp vscode
 
Modules of the twenties
Modules of the twentiesModules of the twenties
Modules of the twenties
 
Applying Roles and Profiles method to compliance code
Applying Roles and Profiles method to compliance codeApplying Roles and Profiles method to compliance code
Applying Roles and Profiles method to compliance code
 
KGI compliance as-code approach
KGI compliance as-code approachKGI compliance as-code approach
KGI compliance as-code approach
 
Enforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automationEnforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automation
 
Keynote: Puppet camp compliance
Keynote: Puppet camp complianceKeynote: Puppet camp compliance
Keynote: Puppet camp compliance
 
Automating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNowAutomating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNow
 
Puppet: The best way to harden Windows
Puppet: The best way to harden WindowsPuppet: The best way to harden Windows
Puppet: The best way to harden Windows
 
Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020
 
Accelerating azure adoption with puppet
Accelerating azure adoption with puppetAccelerating azure adoption with puppet
Accelerating azure adoption with puppet
 
Puppet catalog Diff; Raphael Pinson
Puppet catalog Diff; Raphael PinsonPuppet catalog Diff; Raphael Pinson
Puppet catalog Diff; Raphael Pinson
 
ServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin ReeuwijkServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin Reeuwijk
 
Take control of your dev ops dumping ground
Take control of your dev ops dumping groundTake control of your dev ops dumping ground
Take control of your dev ops dumping ground
 
100% Puppet Cloud Deployment of Legacy Software
100% Puppet Cloud Deployment of Legacy Software100% Puppet Cloud Deployment of Legacy Software
100% Puppet Cloud Deployment of Legacy Software
 
Puppet User Group
Puppet User GroupPuppet User Group
Puppet User Group
 
Continuous Compliance and DevSecOps
Continuous Compliance and DevSecOpsContinuous Compliance and DevSecOps
Continuous Compliance and DevSecOps
 
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick MaludyThe Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
 

Recently uploaded

Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 

Recently uploaded (20)

Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 

Puppet at Cisco for managing infrastructure

  • 1. Cisco Confidential© 2011 Cisco and/or its affiliates. All rights reserved. 1 Puppet at Cisco CCATG Aug 23, 2013 Reinhardt Quelle, Cloud Services Architect
  • 2. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2 Millions of Meetings for 10s of Millions of Users totaling Billions of Minutes each month 7x24x365 Cisco Social WebEx Connect
  • 3. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3 U S U K Indi a Australi a China Hong Kong Amsterdam Japa n ~ 7K Hosts ~ 8 Data Centers > 12 iPOPs Private Backbone
  • 4. Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 4Cisco Confidential 4© 2011 Cisco and/or its affiliates. All rights reserved.
  • 5. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
  • 6. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
  • 7. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
  • 8. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
  • 9. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9 Files Packages = Users Services … Etc.
  • 10. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10 Manifests - nodes.pp - site.pp Classes, Modules =
  • 11. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
  • 12. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
  • 13. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13 BaseOS_Hardening v1.1 ElasticSearch v0.20.6 JRE v1.7.0_25 BaseOS_Hardening v1.1 ElasticSearch v0.90.2-1 JRE v1.7.0_25 • Some systems can simply be knocked over the head and recreated with fresh versions • Others – notably most database servers – cannot; updates are performed in-place • “Big Bang” upgrades don’t often happen; we step methodically through groups of machines
  • 14. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
  • 15. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15 DC1 DC2 Multiple DC Pairs Multiple Clusters of each Service type • By Customer Class • By Lifecycle Stage • By Special Needs
  • 16. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16 By DC Or by Node v1 v1 v2 v2 v1 v1 v2v2
  • 17. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17 “Blueprints” or “Models” • JSON/YAML • TOSCA • CMDB * Orchestration • Fabric • SLiM • Mcollective
  • 18. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18 Puppet Master Manifests & Modules DC1 DC2
  • 19. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19 Puppet Master Manifests & Modules DC1 DC2 Guess when you’ll need to push infrastructure changes the most!
  • 20. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20 Puppet Master Manifests & Modules DC1 DC2 Puppet Master Manifests & Modules
  • 21. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21 Puppet Master Manifests & Modules DC1 DC2 Puppet Master Manifests & Modules
  • 22. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22 WebEx Meetings WebEx Connect
  • 23. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23 puppet apply -–modulepath=/opt/puppet_local --execute “include servertype::front-end” Manifests & Modules copy [/etc/puppet/*] to each node
  • 24. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24 Manifests & Modules .rpm or .deb yum install app_pp_v1 && puppet apply …‟ private package repository
  • 25. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25 ssh node81 „yum install app_pp_v1 && puppet apply …‟ fab dfw-frontends pp_apply:latest‟ Fabric Mcollective Salt Ansible
  • 26. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26 • Application Stacks/Deployment are NOT Homogenous • The “right” solution for one stack not always right for another • Share as much as possible, but don’t force it • Tightly coupled systems are often rigid, brittle • Solving big, general problems is hard; small bites are easily digested “A foolish consistency is the hobgoblin of little minds” – Emerson
  • 27. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27 • Every artifact (module, manifest, Hiera file) is checked into version control • Versions are packaged and released and should go through same promotion process as application code • All good coding practices apply Modular Well defined interfaces Tested Shared
  • 28. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28 • Modules are the atomic packages of configuration • “Profiles” bundle modules into commonly used sets for ease of consumption: BaseOS JavaApp Tomcat App • A given machine has exactly one “ServerType” • Inspired by Chef’s “roles”, and similar to Craig Dunn’s Role/Profile/Modules • At the code level, these are actually all just modules
  • 29. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29 • Build loosely coupled modules that can work together if installed together, but that can stand on own, too • Example: standard monit config includes /etc/monit/conf.d/* Application that wants to be monitored just drops file in this location • logrotate, collectd, apache, nginx, etc all support class elasticsarch { … if $monit::include_dir != undef { validate_absolute_path($monit::include_dir) file { "${monit::include_dir}/${monit_config_file_name}": ensure => present, content => template("elasticsearch/${monit_config_file_name}.erb"), notify => Service['monit'], } } }
  • 30. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30 • The singleton ServerType defines which profiles and modules are included; structure and order • Puppet Librarian and its Puppetfile describe which version of a module is used, and where it comes from • After Puppet Librarian has run and downloaded all required assets, FPM is called upon to build the package • Dev cycle includes doing local builds/tests against Vagrant in both develpers personal machines as well as the Jenkin’s build farm • Upon successful build, packages are uploaded to repositories
  • 31. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31 • Dependencies in Puppet, not RPM/DEB • Packaging works for deploying to Puppetmasters, too. • Modules are designed for transparency, simplicity: “4AM-proofing” • Composition usually trumps inheritance • Tim Bell and the CERN folks talk of “Pets” and “Cattle” You can only shoot a system in the head if you can create another at will • “Fried” or “Baked”? YES.
  • 32. Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 36Cisco Confidential© 2011 Cisco and/or its affiliates. All rights reserved. 36

Editor's Notes

  1. We don’t rely upon OS package management dependencies; these should be explicitly listed in Puppet manifests.Nothing precludes installing RPM containing Puppet config onto a puppet master; use “Environments” and yum --installrootModules are designed for transparency, simplicity: “4AM-proofing”Composition usually trumps inheritanceTim Bell and the CERN folks talk of “Pets” and “Cattle”You can only shoot a system in the head if you can create another at will“Fried” or “Baked”? YES. Even for systems which we launch from snapshots, the system has to come from version control.