Porting Puppet to
OpenBSD
Jasper Lievisse Adriaanse
Engineering team, m:tier
Puppet Camp Berlin 2014
April 11th, 2014
Puppet Camp Berlin 2014
Agenda
●
Introduction
●
OpenBSD
●
General considerations
●
Puppet stack
●
Current challenges
●
Bes...
Puppet Camp Berlin 2014
Introduction
Puppet Camp Berlin 2014
Who?
●
Who am I?
●
Jasper Lievisse Adriaanse
– OpenBSD
– Puppet
– GNOME
●
OpenBSD developer since ...
Puppet Camp Berlin 2014
m:tier
Puppet Camp Berlin 2014
m:tier
●
Who are we?
●
OpenBSD developers
●
Breathe open source
●
Secure system architects
Puppet Camp Berlin 2014
m:tier
●
What do we do?
●
OpenBSD
●
Puppet
●
Zabbix
●
Bacula
●
Open Source Software consultancy /
...
Puppet Camp Berlin 2014
m:tier
●
But also
●
OpenBSD Long Term Support
●
Binary patches
●
Thin Client
●
GNOME for OpenBSD
●...
Puppet Camp Berlin 2014
OpenBSD
Puppet Camp Berlin 2014
OpenBSD
●
OpenBSD?
●
Unix-like, multi-platform operating system
●
Derived from 4.4BSD, NetBSD fork...
Puppet Camp Berlin 2014
OpenBSD
● Platforms
● 21 supported platforms
– from amd64to mvme88kto zaurus
Puppet Camp Berlin 2014
OpenBSD
Puppet Camp Berlin 2014
OpenBSD
Puppet Camp Berlin 2014
OpenBSD
Puppet Camp Berlin 2014
General considerations
or
“OpenBSD oddities”
Puppet Camp Berlin 2014
OpenBSD “oddities”
●
No root:root
●
instead root:wheel
● UID < 500
● vs. UID < 1000
●
package take...
Puppet Camp Berlin 2014
OpenBSD “oddities”
● The world isn't i386^Wamd64-only
● Stuck with Ruby 1.9
●
until exotic alphaan...
Puppet Camp Berlin 2014
Puppet stack
Puppet Camp Berlin 2014
Ruby
●
Ruby
●
Actually, Ruby was in a pretty good shape of
modern architectures...
●
...slightly l...
Puppet Camp Berlin 2014
libshadow
●
libshadow
●
enables usage of theuser's passwordproperty
●
didn't support non-Linux a f...
Puppet Camp Berlin 2014
Facter
●
Facter
●
Added OpenBSD support for various facts
●
New SSH key facts fored25519keys
●
Min...
Puppet Camp Berlin 2014
Puppet
●
Puppet
●
Package provider
– pkg.confsupport
– Features:
●
:purgeable
●
:install_options
●...
Puppet Camp Berlin 2014
Puppet
●
Puppet (cont.)
●
remountssupport for *BSD
●
SSHed25519key support to various types
Puppet Camp Berlin 2014
PuppetDB
●
PuppetDB
●
Path and shell command tweaks
●
OpenBSDrc.dscript
Puppet Camp Berlin 2014
mcollective
●
Puppet MCollective module
●
user/group/package made configurable
Puppet Camp Berlin 2014
Current challenges
Puppet Camp Berlin 2014
Challenges
●
package
●
ensure => 'latest'
Puppet Camp Berlin 2014
Challenges
●
service
● rc.d provider recently added
Puppet Camp Berlin 2014
Challenges
● Ruby > 1.9
● 3.5.x supports 2.1
● OpenBSD not ready yet
Puppet Camp Berlin 2014
Challenges
● Submit outstanding patches
● Facter
– Fix virtualfact
– Add swap{free,size}_mbfacts
●...
Puppet Camp Berlin 2014
Best practices
or,
low hanging fruit
Puppet Camp Berlin 2014
Best practices
● root group
Bad
group => 'root'
Good
group => 0
or
group => $root_group
Puppet Camp Berlin 2014
Best practices
● user/group names
Bad
user { 'activemq': … }
Good
user { $activemq_user: … }
Puppet Camp Berlin 2014
Best practices
● Package names
Bad
package { 'activemq': … }
Good
package { $package: … }
Puppet Camp Berlin 2014
Best practices
● No default fail in case
Bad
case $operatingsystem {
'RedHat': { $www = 'httpd' }
...
Puppet Camp Berlin 2014
Closing
Puppet Camp Berlin 2014
Thank you,
Eric Sorensen (ahpook)
Adrien Thebo (athebo)
Ken Barber (kbarber)
Puppet Camp Berlin 2014
Thank you!
mail: jasper@{openbsd,mtier}.org
www:www.mtier.org
twitter: @jasper_la / @mtierltd
Upcoming SlideShare
Loading in …5
×

Porting Puppet to OpenBSD

1,563 views

Published on

"Porting Puppet to OpenBSD" presented at Puppet Camp Berlin 2014 by Jasper Lievisse Adriaanse of m:tier

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,563
On SlideShare
0
From Embeds
0
Number of Embeds
81
Actions
Shares
0
Downloads
12
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Porting Puppet to OpenBSD

  1. 1. Porting Puppet to OpenBSD Jasper Lievisse Adriaanse Engineering team, m:tier Puppet Camp Berlin 2014 April 11th, 2014
  2. 2. Puppet Camp Berlin 2014 Agenda ● Introduction ● OpenBSD ● General considerations ● Puppet stack ● Current challenges ● Best practices ● Closing
  3. 3. Puppet Camp Berlin 2014 Introduction
  4. 4. Puppet Camp Berlin 2014 Who? ● Who am I? ● Jasper Lievisse Adriaanse – OpenBSD – Puppet – GNOME ● OpenBSD developer since 2006
  5. 5. Puppet Camp Berlin 2014 m:tier
  6. 6. Puppet Camp Berlin 2014 m:tier ● Who are we? ● OpenBSD developers ● Breathe open source ● Secure system architects
  7. 7. Puppet Camp Berlin 2014 m:tier ● What do we do? ● OpenBSD ● Puppet ● Zabbix ● Bacula ● Open Source Software consultancy / implementation
  8. 8. Puppet Camp Berlin 2014 m:tier ● But also ● OpenBSD Long Term Support ● Binary patches ● Thin Client ● GNOME for OpenBSD ● GNOME automounter for BSD – opensource.mtier.org
  9. 9. Puppet Camp Berlin 2014 OpenBSD
  10. 10. Puppet Camp Berlin 2014 OpenBSD ● OpenBSD? ● Unix-like, multi-platform operating system ● Derived from 4.4BSD, NetBSD fork ● Kernel + userland + documentation maintained together ● 3rd party applications available via the ports system ● Anoncvs, OpenSSH, OpenBGPD, OpenSMTPD strlcpy(3)/strlcat(3), etc ● Runs on many platforms...
  11. 11. Puppet Camp Berlin 2014 OpenBSD ● Platforms ● 21 supported platforms – from amd64to mvme88kto zaurus
  12. 12. Puppet Camp Berlin 2014 OpenBSD
  13. 13. Puppet Camp Berlin 2014 OpenBSD
  14. 14. Puppet Camp Berlin 2014 OpenBSD
  15. 15. Puppet Camp Berlin 2014 General considerations or “OpenBSD oddities”
  16. 16. Puppet Camp Berlin 2014 OpenBSD “oddities” ● No root:root ● instead root:wheel ● UID < 500 ● vs. UID < 1000 ● package takes “favors”
  17. 17. Puppet Camp Berlin 2014 OpenBSD “oddities” ● The world isn't i386^Wamd64-only ● Stuck with Ruby 1.9 ● until exotic alphaand hppaare fxed for 2.0 ● 2.1 is still miles away (mips64broken too)
  18. 18. Puppet Camp Berlin 2014 Puppet stack
  19. 19. Puppet Camp Berlin 2014 Ruby ● Ruby ● Actually, Ruby was in a pretty good shape of modern architectures... ● ...slightly less so onsparc64.
  20. 20. Puppet Camp Berlin 2014 libshadow ● libshadow ● enables usage of theuser's passwordproperty ● didn't support non-Linux a few years ago – did support non-Linux a few month ago ● free ride for us
  21. 21. Puppet Camp Berlin 2014 Facter ● Facter ● Added OpenBSD support for various facts ● New SSH key facts fored25519keys ● Minor *BSD-related cleanups
  22. 22. Puppet Camp Berlin 2014 Puppet ● Puppet ● Package provider – pkg.confsupport – Features: ● :purgeable ● :install_options ● :uninstall_options
  23. 23. Puppet Camp Berlin 2014 Puppet ● Puppet (cont.) ● remountssupport for *BSD ● SSHed25519key support to various types
  24. 24. Puppet Camp Berlin 2014 PuppetDB ● PuppetDB ● Path and shell command tweaks ● OpenBSDrc.dscript
  25. 25. Puppet Camp Berlin 2014 mcollective ● Puppet MCollective module ● user/group/package made configurable
  26. 26. Puppet Camp Berlin 2014 Current challenges
  27. 27. Puppet Camp Berlin 2014 Challenges ● package ● ensure => 'latest'
  28. 28. Puppet Camp Berlin 2014 Challenges ● service ● rc.d provider recently added
  29. 29. Puppet Camp Berlin 2014 Challenges ● Ruby > 1.9 ● 3.5.x supports 2.1 ● OpenBSD not ready yet
  30. 30. Puppet Camp Berlin 2014 Challenges ● Submit outstanding patches ● Facter – Fix virtualfact – Add swap{free,size}_mbfacts ● Puppet – UID < 1000 – Use passwd(1)for expiry
  31. 31. Puppet Camp Berlin 2014 Best practices or, low hanging fruit
  32. 32. Puppet Camp Berlin 2014 Best practices ● root group Bad group => 'root' Good group => 0 or group => $root_group
  33. 33. Puppet Camp Berlin 2014 Best practices ● user/group names Bad user { 'activemq': … } Good user { $activemq_user: … }
  34. 34. Puppet Camp Berlin 2014 Best practices ● Package names Bad package { 'activemq': … } Good package { $package: … }
  35. 35. Puppet Camp Berlin 2014 Best practices ● No default fail in case Bad case $operatingsystem { 'RedHat': { $www = 'httpd' } 'Debian': { $www = 'apache' } default: { $www = 'this-may-work-yay' } } Good case $operatingsystem { 'RedHat': { $www = 'httpd' } 'Debian': { $www = 'apache' } default: { fail('Unrecognized platform.') } }
  36. 36. Puppet Camp Berlin 2014 Closing
  37. 37. Puppet Camp Berlin 2014 Thank you, Eric Sorensen (ahpook) Adrien Thebo (athebo) Ken Barber (kbarber)
  38. 38. Puppet Camp Berlin 2014 Thank you! mail: jasper@{openbsd,mtier}.org www:www.mtier.org twitter: @jasper_la / @mtierltd

×