Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

PuppetConf. 2016: Puppet Best Practices: Roles & Profiles – Gary Larizza, Puppet

1,165 views

Published on

Here are the slides from Gary Larizza's PuppetConf 2016 presentation called Puppet Best Practices: Roles and Profiles. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa

Published in: Technology
  • Be the first to comment

PuppetConf. 2016: Puppet Best Practices: Roles & Profiles – Gary Larizza, Puppet

  1. 1. “Best Practices”- Roles & Profiles Gary Larizza
  2. 2. Knowing your Role(s) …and your Profile(s)
  3. 3. Best Practice-ish: Roles & Profiles 9
  4. 4. class profile::jenkins { $jenkins_port = hiera(’jenkins_port’) $java_dist = hiera(’java_dist’) $java_version = hiera(’java_version’) class { ’::jenkins’: install_java => false, port => $jenkins_port, } class { ’::java’: distribution => $java_dist, version => $java_version, before => Class[‘jenkins’], } }
  5. 5. class role::ci_server { include profile::jenkins include profile::myorg include profile::hubot }
  6. 6. 1.Lots of tech 2.Lots of terms 3.Lots of variations
  7. 7. “Best Practices” (i.e. “Some people do this - not me, but some people…”)
  8. 8. CS-STANDARDS
  9. 9. CS-STANDARDS
  10. 10. Best Practice-ish: Roles & Profiles 16 ● Focus on having a “complexity escalation path” ● Module in Control Repo? Module in its own Repo? ● Package in profile::mycorp::packages -> package in its own module ● Team interoperability and comprehension ● i.e. “Do we need a profile for simple, one-module tech?” ● Minimize magic Your Standard
  11. 11. Profile(s)(to s or not to s…)
  12. 12. Best Practice-ish: Roles & Profiles 18 ● In the Control Repo ● Escalation: Separate module ● Escalation: Separate module for each profile Profiles - storage
  13. 13. Best Practice-ish: Roles & Profiles 18 ● In the Control Repo ● Escalation: Separate module ● Escalation: Separate module for each profile Profiles - storage
  14. 14. Best Practice-ish: Roles & Profiles 18 ● In the Control Repo ● Escalation: Separate module ● Escalation: Separate module for each profile Profiles - storage
  15. 15. Best Practice-ish: Roles & Profiles 19 ● Name the module “profile” ● Or “profiles” ● Or “lamp” ● (i.e. It doesn’t matter because I don’t work with you) ●Escalation: prepend each profile module ●wrapper_apache ●profile_apache Profiles - naming
  16. 16. Best Practice-ish: Roles & Profiles 20 ● Name each profile according to tech ● profile::{nginx,apache} ● Escalation: May extend to implementation if it makes sense ● profile::ssh::{server,client} Profiles - naming
  17. 17. Best Practice-ish: Roles & Profiles 21 Profiles may be parameterized to provide an API to the implementation Profiles - usage
  18. 18. Best Practice-ish: Roles & Profiles 22 Limit resource-style declaration of a profile Profiles - usage class { ‘profile::ntp’: } include profile::ntp
  19. 19. Best Practice-ish: Roles & Profiles 23 Profiles may declare other profiles Profiles - usage
  20. 20. Best Practice-ish: Roles & Profiles 24 ●Only site-specific resources declared in profiles ●Certificates ●Credentials ●Customizations Profiles - usage
  21. 21. Best Practice-ish: Roles & Profiles 26 Profiles may be platform-based Profiles - usage ● profile::windows::iis ● profile::linux::ntp ● profile::osx::loginwindow
  22. 22. Best Practice-ish: Roles & Profiles 27 Profiles may be single-point-of-entry Profiles - usage profile::dns_nameservers -> profile::dns_nameservers::{linux,windows}
  23. 23. Roles(and if we don’t get no tolls…)
  24. 24. Best Practice-ish: Roles & Profiles 29 Roles - naming sfnetdevap12-01
  25. 25. Best Practice-ish: Roles & Profiles 30 Roles - naming sfnetdevap12-01
  26. 26. Best Practice-ish: Roles & Profiles 31 Roles - naming sfnetdevap12-01
  27. 27. Best Practice-ish: Roles & Profiles 32 Roles - naming sfnetdevap12-01
  28. 28. Best Practice-ish: Roles & Profiles 33 Roles - naming sfnetdevap12-01
  29. 29. Best Practice-ish: Roles & Profiles 34 Roles - naming sfnetdevap12-01
  30. 30. Best Practice-ish: Roles & Profiles 35 Roles - naming role::app_server
  31. 31. Best Practice-ish: Roles & Profiles 36 Roles are named according to type Roles - naming
  32. 32. Best Practice-ish: Roles & Profiles 37 Roles may be namespaced for clarity Roles - naming ● role::app_server::pci ● These names are to assist YOU
  33. 33. Best Practice-ish: Roles & Profiles 38 Roles - storage ● In the Control Repo ● Single ‘role’ module ● Escalation: Separate module ● Escalation: Separate module for each role
  34. 34. Best Practice-ish: Roles & Profiles 40 Can roles contain conditional logic? Roles - naming ● If Windows then IIS profile, if Linux then JBoss ● Separate roles per platform ● What’s more important to track/visualize?
  35. 35. Best Practice-ish: Roles & Profiles 41 Can roles be inherited? Roles - naming
  36. 36. Best Practice-ish: Roles & Profiles 42 Summary DO WHAT CAUSES LESS FRICTION BETWEEN TEAMS AND IS EASY TO FOLLOW!
  37. 37. Best Practice-ish: Roles & Profiles 43 Questions?
  38. 38. Best Practice-ish: Roles & Profiles 44 Summary ●Everything is terrible ●No one is happy

×