Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Puppet for Everybody! - Federated and Hierarchical Puppet Enterprise - PuppetConf 2014

1,701 views

Published on

Puppet for Everybody! - Federated and Hierarchical Puppet Enterprise - Chris Bowles, University of Texas at Austin

Published in: Technology
  • Be the first to comment

Puppet for Everybody! - Federated and Hierarchical Puppet Enterprise - PuppetConf 2014

  1. 1. Puppet for Everybody! Federated and Hierarchical Puppet Enterprise Chris Bowles, Senior Systems Administrator University of Texas at Austin
  2. 2. Puppet for Everybody? Absolutely! • Development • Operations • Management source: http://goo.gl/Mjr0dy
  3. 3. Continuum of Expertise Novice • Puppet Console • Variables Medium • Hiera Expert • Code • Custom Facts • Custom Functions
  4. 4. UT Puppet Canon • Inclusive • Secure by Default • Federation
  5. 5. UT Puppet Toolset UT Puppet Community Nested Configs Puppet Enterprise Code/Data Federation
  6. 6. UT Puppet Community UT Puppet Community Nested Configs Puppet Enterprise Code/Data Federation
  7. 7. UT Puppet Culture • Module Coding Standards • Module Documentation Standards • Power to the People
  8. 8. Puppet Console • Classes • Console Groups (role/profile) • Console Variables Configured Server! Module CodeHieraExpert UT Puppet Diagram Novice
  9. 9. Nested Configs UT Puppet (standards, culture) Nested Configs Puppet Enterprise Code/Data Federation
  10. 10. Nesting: Roles/Profiles • Wiki server configurationsRoles • Apache configurationsProfiles • Secure by default • standardized • configurable BASE
  11. 11. Minifigure Metaphor • Default “torso” provided • Configurable: can change the color of the cowl (black or very, very dark grey) • Role/Profile: Can choose the head and arms, cape, etc… From: https://www.flickr.com/photos/spielbrick/8201894577
  12. 12. Nest all the things! • Groups • Variables • hiera? (yup, more on that later)
  13. 13. Puppet Console • Nested groups • role/profile • assign classes & variables to nodes Configured Server! Module CodeHieraExpert Roadmap: Console Nesting Novice
  14. 14. Nested Console Groups source: http://goo.gl/tUdl5U
  15. 15. Nested Console Groups BASE profile_apache role_wiki wiki-01 secure defaults Apache configs Wiki configs Node-specific configs
  16. 16. Nesting (from the node POV) Contains Classes/Variables from: Node wiki-01 BASE profile_apache role_wiki
  17. 17. Don’t forget the Blog! Node-level Roles Profiles Secure Defaults BASE profile_apache role_blog blog-01 blog-02 role_wiki wiki-01 wiki-02 • Configurations come from nested groups • No repetition!
  18. 18. What’s in a name (prefix)? Role Profile Top BASE profile_apache role_blog role_wiki Puppet Console will display: (alphabetical) •BASE •profile_apache •role_blog •role_wiki
  19. 19. Console Building Blocks! source: http://goo.gl/CHwab0
  20. 20. BASE: BASE group
  21. 21. Profile: profile_apache group
  22. 22. Role: role_wiki group
  23. 23. Node: wiki-01.puppetconf.com
  24. 24. Puppet Console components • Classes • Variables • Group(s) • Nodes ssh $::ssh_port BASE, Profile_apache, role_wiki wiki-01
  25. 25. Class Inheritance (immutable) BASE assigns: ssh profile_apache inherits: ssh assigns: apache role_wiki inherits: ssh, apache node Inherits: ssh, apache
  26. 26. Variable Inheritance (child wins) BASE N/A profile_apache http_port = 80 role_blog N/A blog-01 http_port= 80 role_wiki http_port = 8080 wiki-01 http_port= 8080
  27. 27. All together now! source: http://goo.gl/K91CJA
  28. 28. wiki-01 (annotated) Variable overrides from role_wiki group Group membership and source(s) Classes: combined from nested groups
  29. 29. Puppet Console • Console Groups (role/profile) • Console Variables Configured Server! Module Code HieraExpert Roadmap: Hiera Nesting Novice
  30. 30. Hiera: for complex variables key: value key2: value2 • Arrays • Hashes source: http://goo.gl/ge45I1 Think  backend data mapping
  31. 31. Nested Groups => Hiera paths BASE N/A profile_apache profile = apache role_wiki role = wiki wiki-01 Inherits: profile,role ./ ./apache/ ./apache/wiki/
  32. 32. Nesting Hiera w/ group variables Role(s) • ./$profile/$role Profile(s) • ./$profile/ BASE • ./ (no variable) $profile $role Broad to Specific
  33. 33. Hiera.yaml – specific to broad Specific to Broad --- :backends: - yaml :hierarchy: - '%{profile}/%{role}/common' - '%{profile}/common' - 'common' :logger: console :yaml: :datadir: /etc/puppetlabs/puppet/hieradata
  34. 34. Hiera.yaml – specific to broad Specific to Broad --- :backends: - yaml :hierarchy: - '%{profile}/%{role}/common' - '%{profile}/common' - 'common' :logger: console :yaml: :datadir: /etc/puppetlabs/puppet/hieradata
  35. 35. Putting it together "Denslow's Humpty Dumpty 1904" by William Wallace Denslow – Library of Congress [1]. Licensed under Public domain via Wikimedia Commons – http://commons.wikimedia.org/wiki/File:Denslow%27s_Humpty_Dumpty_1904.jpg
  36. 36. Console => Hiera Nested Console Groups Hiera profile_apache profile = apache Role_wiki role = wiki ./apache/ ./apache/wiki/ wiki-01 node profile= apache, role= wiki BASE none ./ Hiera search order 1. ./apache/wiki/common.yaml 2. ./apache/common.yaml 3. ./common.yaml
  37. 37. Advanced Hiera Usage • “This data is exactly what I need… almost” • firewall, sudoers • +1 • Check out: – hiera_hash – hiera_array
  38. 38. Code/Data Separation UT Puppet (standards, culture) Nested Configs Puppet Enterprise Code/Data Federation
  39. 39. Code/Data Federation Wiki source Apache source BASE source Puppet Server
  40. 40. Code Federation puppet.conf modulepath= /opt/puppet/modules/base: /opt/puppet/modules/apache: /opt/puppet/modules/wiki: BASE Repo Apache Repo Wiki Repo VCSREPO Separate sources enable role separation via ACLs
  41. 41. Data Federation • ./hieradata/ = ./common.yaml ./apache/common.yaml ./apache/wiki/common.yaml BASE Repo Apache Repo Wiki Repo VCSREPO Separate ACLs for Hiera data as well
  42. 42. A peek into the future… source: http://goo.gl/9GwKyQ
  43. 43. Git Workflow • Instead of this… • 1 git repo / module Core SVN repo (modules) Apache SVN repo (modules) Head (production) branch Non-production branches (created as needed)
  44. 44. CI/CD • r10k push deployments (faster!) • Puppet Environments defined by code (Puppetfile) • Automated Testing/Deployment Git repos r10k Puppet
  45. 45. Takeaways • Puppet Enterprise can be: – Inclusive – Secure by Default – Highly Federated • Nurture your Puppet community • Nest your configs!
  46. 46. Thanks! Any Questions? • Slide deck available from PuppetLabs • UT Puppet Architecturehttps://wikis.utexas.edu/x/OreZAw • Contact information: – Chris Bowles • Email: cbowles@austin.utexas.edu • Twitter: @cbowlesUT Puppet Man, Sulayman Bowles 2014

×