Implementing Puppet at a South American Government Agency, Challenges and Solutions - PuppetConf 2014
in a South American government agency
Who am I?
•Systems Engineering mgr @ Edrans!
•Puppet instructor for Spanish-speaking
• Linux and friends!
• Graphs and metrics!
What does Edrans do?
• Infrastructure consulting!
• Software development!
• Puppetlabs Partner in Argentina
• Healthcare provider for retirees & pensioners!
• Free, government-run service!
• Created in 1971!
• Country-wide coverage!
• Complex array of services offered
• More than 4.5 million members!
• 120 health care centers!
• 700 offices!
• 80+ service stacks
All this with a tech platform team of ~20 people
(including extended coverage: 6 am to 10 pm weekdays)
• Improve the quality of internal and external services!
• Fast turnaround on infrastructure requests!
• Reliability: 99.95% Uptime for critical services!
• Optimize Human and technological resources
App Provisioning: Clone of “golden” VMs
- Very fast!
- Absolutely identical configuration for each app server (at first, anyway)
- Usually a VM in use in some environment!
- Lots of cruft carried over: logs, residual temp files, etc!
- Had to go in and change IP addresses, etc by hand
• VMware High Availability!
• Satellite to provision OS and publish
• Puppet Enterprise for configuration
● PE Multimaster Setup!
o Different teams manage different configs!
o Each environment is isolated from the other!
o Cleared most security concerns (less
o Single master for tracking and licensing!
o Per-environment hiera configuration
• 80 different critical applications!
• java, php, custom frameworks!
• Jenkins for Build and Deploy!
• Migration by stages:!
1. Puppetize the app!
4. Load Testing / Staging!
Other fun facts
• F5 BigIP Integration!
• Mcollective mainly for Puppet runs and
service management (restricted to console
• IP Addresses tracked by “hand” but now
configured during OS build
• Work with the bureaucracy, not against it!
• Puppet training!
• Visibility visibility visibility