Stephen Johnson's talk on "Love / Hate Puppet (Puppet Gotchas)" from Puppet Camp Melbourne 2013.

1. Love / Hate Puppet
Stephen Johnson
Stephen@puppetlabs.com

2. Background
• Puppetlabs employ for a a year
• I have been using Puppet since 0.24
• Currently working on the hiera_debug and
rseencfile projects

3. What is this
• Its not a puppet bashing
• Interesting Puppet behavior
• What i love about puppet

4. Interesting Behavior
• Type Casting
• Type Equality
• Inconsistencies
• Scoping

5. Type Casting (FTW)
• $wibble = “3” (String)
• $wibble2 = “2” (String)
• $wtf = $wibble + wibble2 ?

6. Int

7. Type Equality
• $wibble = '3'
• $wibble2 = '2'
• $wibble3 = $wibble + $wibble2
• $wibbletest = 5
• is $wibble3 == $wibbletest

8. Yes

9. Type Equality 2
• $wibble = ‘true’
• $wibble2 = true
• is $wibble == $wibble2

10. No

11. Type Equality 3
• $wibble = 0
• $wibble2 = -1
• are they equal to true

12. Yes

13. Totally Confused Now

15. Type Equality
• There are many many more
• Be careful with data lookups from hiera

16. Inconsistencies
• Noop on a class

17. Noop on class
• class{'testtwo': noop => true ;}
• All the resources are noop surely

18. The code

19. The output

21. Scoping
• Thank good for 3.0
• Removing dynamic scoping

22. 2.7
• Dynamic scoping is very very very
dangerous
• Always use full scoped values

23. 3.0
• It has been removed
• Full scope variables

24. Facts
• Top level variables
• Do not trust them as sent from client
• Dont use if $::hostname ==
• Export FACTER_hostname=‘puppetmaster’
• puppet agent -t
• See my blog on thatbytes.co.uk

25. Is not all bad
• All languages have interesting behavior
• Look at the famous “WAT’ talk from Gary
Bernhardt
• www.destroyallsoftware.com/talks/wat

26. What i love
• Exported Resources
• Puppet
• Hiera

27. Exported Resources
• Nagios is so hard to setup all those config
files
• Dns is so hard we have to track all those ip
address

28. Nagios Automated
• Nagios
node
webserver
{
@@file
{
"/etc/nagios/conf.d/$::fqdn.apachecheck.conf":
content
=>
"nagios
check
stuff
n",
tag
=>
"nagioscheck",
}
}
node
nagiosmachine
{
File
<<|
tag
==
'nagioscheck'
|>>
}

29. Export the resource
• @@file
{
"/etc/nagios/conf.d/$::fqdn.apachecheck.conf":
content
=>
template(‘apache/nagioscheck.erb’),
tag
=>
"nagioscheck",
}
• Tagged with nagioscheck
• Have a apache::nagios class ?

30. Collect the resource
File
<<|
tag
==
'nagioscheck'
|>>
• Using the tag previously
• In your nagios::server class

31. How does that work
• Puppetdb
• Stores configs
• Scalable
• AWESOMENESS

32. Puppet
• Automation
• Abstraction
• Repeatable
• Reportable
• AWESOMEABLE

33. Puppet gets you
Knowledge
• Version controlled infrastructure
• Convergence
• Reporting
• Query-ability
• Removing the snowflakes

34. Hiera
• Puppet modules without hard-coded data
are easily shared and more re-usable
• Infrastructure configuration can be
managed without needing to edit Puppet
code
• The data problem

35. Bad Data
if ( $::environment == ‘dev’ ) {
$ntpserver = ‘192.168.2.1’
} else {
if ( $::fqdn == ‘host4.mycorp.com’) {
$ntpserver = ‘127.0.0.1’
} else {
$ntpserver = ‘213.21.6.4’
}
}

36. Good Data
$ntpserver = hiera(‘ntpserver’)
:hierarchy:
- %{operatingsystem}
- %{environment}
- %{fqdn}
- common

37. Remove Data from
Code
• Hiera uses information to determine a
hierarchy
• Top down hierarchy for overriding
configuration values based on roles,
environments, locations.... or anything else
• And do this without any coding!

38. Puppet 3.0
• Hiera is integrated into the core product
• Introduces data mapping for parameterized classes
• Backwards compatible

39. Hiera_Debug

40. Hiera
• What where the variables
• How looked the variables up

41. Debug File

42. Learn more
• git://github.com/nfagerlund/evil-made-
manifest.git