Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Puppet Camp DC 2014: Manage Heterogeneous Systems with Puppet (Beginner)


Published on

Puppet Camp DC 2014:"Manage Heterogeneous Systems with Puppet" (Beginner) by Phil Fenstermacher, The College of William & Mary

Published in: Technology, Spiritual

Puppet Camp DC 2014: Manage Heterogeneous Systems with Puppet (Beginner)

  1. 1. Managing Heterogeneous Systems with Puppet PhilFenstermacher
  2. 2. Heterogeneous? Lots of variance across whatwe run VMs/BareMetal OperatingSystems Baseline Configurations Whatwe can reasonablymanage
  3. 3. <me> Systems/Operations Engineer College of William &Mary Puppetingfor ~3 years </me>
  4. 4. You? UsingPuppet? Write Modules? Higher Education?
  5. 5. When to start listening 1. Whytalk aboutthis? 2. IdentifyingSystems 3. AssigningResources 4. KeepingitManageable 5. Afew extras
  6. 6. Higher Education ITsupports our product— notapartof it Supportlots of things on campus mostlyfrom one ITdepartment Multi-tennantNetwork E-Mail ERP Systems Health/CounselingCenter (HIPAA) Athletics (Ticketing, eligibility, etc.) Telephone Police (including911) ID Card Systems Allthatacademic stuff too
  7. 7. Why talk about heterogeneity? It's noteasyobvious. ButPuppetis reallygood at(helpingyou do) it Companies gettinginto Puppetfor heterogeneous support ConstantContact(March 16, 2011) Dell(December 4, 2013)
  8. 8. Puppet abstracts differences We don'thave to figure outthe apt-getvs. yum puppetabstracts reallycommon things
  9. 9. Puppet can't magically handle all differences httpd-develvs. apache2-dev
  10. 10. Identifying Systems facter hiera Environments ExternalNode Classifier (ENC)
  11. 11. facter Provides information aboutsystem Tells whatyou need to know to decide apache2 or httpd $package=$::osfamily?{ 'Debian'=>'apache2', default =>'httpd', }
  12. 12. hiera :hierarchy: -"%{::clientcert}" -"%{::osfamily}" #RedHat.yaml -"virtual_%{::virtual}"#virtual_vmware.yaml -"%{::custom_fact}" #cluster_01.yaml Can merge alltogether $ntp_servers=hiera_array('ntp_servers')#AnarrayofallNTPservers, #includingthespecial #cluster_01servers hiera_include('classes') #Includeclassesmergedfromalllevels, #globalthroughhostspecific. Or pullthe firstmatching $webserver=hiera('webserver')#$::osfamilysaysthisishttpd
  13. 13. Environments if$::environment=='production'{ #(Almost)Everythinginproduction }elsif$::environment=='testing'{ #(Almost)Everythingintesting }
  14. 14. External Node Classifier Assign Information Outside of Puppet Declare Classes Assign GlobalVariables* SetEnvironments *Manifestsstillhavetoknowwhattodowiththis
  15. 15. Then what? Gettingfrom variables to resources
  16. 16. Good Coding (Thingsthathavebitus)
  17. 17. Avoid Manifests Conditionals Tend to getunmanageable as manifests grow
  18. 18. Modules don't use hiera() Atleastnotnow Lethierasupplydatato classes hiera() inside amodule isn'tportable
  19. 19. Avoid re-inventing things Check the forge If somethingis established — tryusingit If itdoesn'tquite do whatyou need — tryforkingit Send back apullrequestif you can
  20. 20. Model your modules after others puppetlabs/apache and puppetlabs/ntp supportalotof OSes Code samples of handlingmultiple OSes
  21. 21. Write Versatile Modules Don'tassume your use case is the use case Avoid giantconditionalblocks Write everythinglike it's goingto be open sourced
  22. 22. Write Tests spec tests seems simple – buttheycan preventbigerrors Especiallyusefulfor testingpotentialchanges Beaker tests are greatfor testingcross platform stuff
  23. 23. Other Heterogeneous Wins Exported Resources mcollective filters @@f5_node{$::fqdn: addresses =>[$::ipaddress], connection_limit =>100, session_enabled_state=>'STATE_ENABLED', } $mcopuppetrunall5-Fosfamily=Debian-Cmysql::server
  24. 24. Just Suggestions Heterogeneityalreadymeans things are alittle different Our manifests and modules break these rules We also use node inheritence Noteverythingcan be handled byjustchangingsome resource parameters package{'puppetlabs-release': ensure =>present, provider=>$provider, source =>$uri, }
  25. 25. Thank You Questions?