Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
SO I WROTE A MANIFEST…
What next?
Ryan Armstrong
@cavaliercoder
cavaliercoder
cavaliercoder.com
WHAT TO AUTOMATE FIRST?
We shouldn’t be looking at each local
area and trying to trim it. We should
be trying to optimize the whole
system
- Eliya...
Project Start
Server build
request
Change Mgmt Server build QA
Firewallrequest Change Mgmt
Database
request
Storage
assess...
Man Machine
Method Measure
Ryan Armstrong
@cavaliercoder
cavaliercoder
cavaliercoder.com
# install IIS core
package { ‘IIS-CommonHttpFeatures’ :
ensure => present,
}
THE METHOD
Install the IIS Web server feature...
THE MEASURE
THE MACHINE
Ryan Armstrong
@cavaliercoder
cavaliercoder
cavaliercoder.com
THE MAN?
OR WOMAN #WWCODE
Ryan Armstrong
@cavaliercoder
cavaliercoder
cavaliercoder.com
Any improvements made anywhere
besides the bottleneck are an
illusion.
- Gene Kim
Ryan Armstrong
@cavaliercoder
cavalierco...
Project Start
Server build
request
Change Mgmt Server build QA
Firewallrequest Change Mgmt
Database
request
Storage
assess...
SOURCE CONTROL
Ryan Armstrong
@cavaliercoder
cavaliercoder
cavaliercoder.com
Ryan Armstrong
@cavaliercoder
cavaliercoder
cavaliercoder.com
Bug:
Doc shot
Branch: Fix
Doc shooting
Tag: Doc alive
Bug:
M...
HTTPS://WWW.ATLASSIAN.COM/GIT/
HTTP://ROGERDUDLER.GITHUB.IO/GIT-GUIDE/
Ryan Armstrong
@cavaliercoder
cavaliercoder
cavalie...
TYING MODULES TOGETHER
Ryan Armstrong
@cavaliercoder
cavaliercoder
cavaliercoder.com
IIS 8.5
MVC
.Net
Choco
Backup
agent
A...
ROLES AND PROFILES
Ryan Armstrong
@cavaliercoder
cavaliercoder
cavaliercoder.com
- org/ # ‘org’ module
- .git/ # git datab...
ROLES
(BUSINESS LAYER)
• Apply directly to a host (one per host)
• Assigned in site.pp or ENC
• May only contain profiles
...
PROFILES
(IMPLEMENTATION LAYER)
• Only applied via Roles
• Contains resources
• May accept parameters from hiera
• Paramet...
RESOURCES
(COMPONENT LAYER)
• Declared with define for repeating an implementation on a node
E.g. User accounts
• Only app...
DATA
• Applied via hiera
• Only used when default parameter values are invalid
• Target parameters in Profiles and externa...
ROLES AND PROFILES
• https://puppetlabs.com/presentations/designing-puppet-rolesprofiles-pattern
• http://www.craigdunn.or...
MOVING FROM DEV TO PROD
Needs:
• Isolate landscapes using Puppet “Environments”
• Definitive state for each environment
• ...
R10K DYNAMIC ENVIRONMENTS
• Puppet Environments reduced to one Git repo: r10k-control
r10k-control
GitLab
R10K DYNAMIC ENVIRONMENTS
• Puppet Environments reduced to one Git repo: r10k-control
• Each Environment becomes one git b...
R10K DYNAMIC ENVIRONMENTS
• Puppet Environments reduced to one Git repo: r10k-control
• Each Environment becomes one git b...
R10K DYNAMIC ENVIRONMENTS
• Puppet Environments reduced to one Git repo: r10k-control
• Each Environment becomes one git b...
Dev Maste r
Dev Test Prod
r10k
GitLab
Prod Maste r
Dev Test Prod
r10k
Dev Test Prod
r10k-control
Puppetfile Puppetfile Pup...
QUE?
Ryan Armstrong
@cavaliercoder
cavaliercoder
cavaliercoder.com
So I Wrote a Manifest
Upcoming SlideShare
Loading in …5
×

So I Wrote a Manifest

1,996 views

Published on

Puppet Camp Melbourne 2015 by Ryan Armstrong of Kinetic IT

Published in: Technology
  • Be the first to comment

So I Wrote a Manifest

  1. 1. SO I WROTE A MANIFEST… What next? Ryan Armstrong @cavaliercoder cavaliercoder cavaliercoder.com
  2. 2. WHAT TO AUTOMATE FIRST?
  3. 3. We shouldn’t be looking at each local area and trying to trim it. We should be trying to optimize the whole system - Eliyahu M. Goldratt Ryan Armstrong @cavaliercoder cavaliercoder cavaliercoder.com
  4. 4. Project Start Server build request Change Mgmt Server build QA Firewallrequest Change Mgmt Database request Storage assessment Security assessment Firewall implementation Server build Presentation layer request App install QA Cap/Av assessment Change Mgmt Storage provisioning Storage request Change mgmt Database provisioning Load Balancer request Change mgmt LB Config provisioning Config mgmt Rev. Proxy config provisioing Ryan Armstrong @cavaliercoder cavaliercoder cavaliercoder.com
  5. 5. Man Machine Method Measure Ryan Armstrong @cavaliercoder cavaliercoder cavaliercoder.com
  6. 6. # install IIS core package { ‘IIS-CommonHttpFeatures’ : ensure => present, } THE METHOD Install the IIS Web server feature by navigating to Control Panel, Programs, Turn Windows Features on or off. Drill down to Internet Information Services, World Wide Web Services and tick Common HTTP Features. Click OK, OK. Validate the install by navigating to Administrative Tools, Services and ensure the World Wide Web service is started. Secondly open a web browser and navigate to http://localhost and ensure the IIS Welcome page is displayed. Ryan Armstrong @cavaliercoder cavaliercoder cavaliercoder.com
  7. 7. THE MEASURE
  8. 8. THE MACHINE Ryan Armstrong @cavaliercoder cavaliercoder cavaliercoder.com
  9. 9. THE MAN? OR WOMAN #WWCODE Ryan Armstrong @cavaliercoder cavaliercoder cavaliercoder.com
  10. 10. Any improvements made anywhere besides the bottleneck are an illusion. - Gene Kim Ryan Armstrong @cavaliercoder cavaliercoder cavaliercoder.com
  11. 11. Project Start Server build request Change Mgmt Server build QA Firewallrequest Change Mgmt Database request Storage assessment Security assessment Firewall implementation Server build Presentation layer request App install QA Cap/Av assessment Change Mgmt Storage provisioning Storage request Change mgmt Database provisioning Load Balancer request Change mgmt LB Config provisioning Config mgmt Rev. Proxy config provisioing Ryan Armstrong @cavaliercoder cavaliercoder cavaliercoder.com
  12. 12. SOURCE CONTROL Ryan Armstrong @cavaliercoder cavaliercoder cavaliercoder.com
  13. 13. Ryan Armstrong @cavaliercoder cavaliercoder cavaliercoder.com Bug: Doc shot Branch: Fix Doc shooting Tag: Doc alive Bug: McFly Jr Jailed Tag: I’m OUT Griff Branch: Where we’re going… Branch: Almanac Bug: Biff rich! Branch: Took that guys wallet Tag: Almanac burned Release v1.0.0
  14. 14. HTTPS://WWW.ATLASSIAN.COM/GIT/ HTTP://ROGERDUDLER.GITHUB.IO/GIT-GUIDE/ Ryan Armstrong @cavaliercoder cavaliercoder cavaliercoder.com
  15. 15. TYING MODULES TOGETHER Ryan Armstrong @cavaliercoder cavaliercoder cavaliercoder.com IIS 8.5 MVC .Net Choco Backup agent AV Agent SQL Server Log stash Zabbix agent WSUS httpd MySQL Bamboo agent Vmware tools Active MQ IIS 8.5 Java RE HA Proxy Tomcat Elastic Search PHP Redis
  16. 16. ROLES AND PROFILES Ryan Armstrong @cavaliercoder cavaliercoder cavaliercoder.com - org/ # ‘org’ module - .git/ # git database (hidden) - manifests/ - roles/ - my_app.pp # class org::role::my_app - profiles/ - iis85.pp # class org::profile::iis85 - mvc_net.pp # class org::profile::mvcnet - my_app.pp # class org::profile::my_app - resources/ - service_account.pp # define org::resources::service_account - ...
  17. 17. ROLES (BUSINESS LAYER) • Apply directly to a host (one per host) • Assigned in site.pp or ENC • May only contain profiles • Accepts no parameters # standard configuration for custom # MVC.Net application class org::roles::my_app { include ::org::profiles::iis85 include ::org::profiles::dotnet45 include ::org::profiles::mvc_net include ::org::profiles::my_app }
  18. 18. PROFILES (IMPLEMENTATION LAYER) • Only applied via Roles • Contains resources • May accept parameters from hiera • Parameters are defined with site specific defaults # standard IIS 8.5 configuration class org::profiles::iis85 ( $log_mount = ‘log_serverlogs’, ) { package { ‘IIS-CommonHttpFeatures’ : ensure => present, } ...
  19. 19. RESOURCES (COMPONENT LAYER) • Declared with define for repeating an implementation on a node E.g. User accounts • Only applied via Profiles • Complex resources should become their own module • Rarely used Ryan Armstrong @cavaliercoder cavaliercoder cavaliercoder.com # standard local service account define org::resources::svc_account ( $username = undef, $password = undef, ) { user { $username : ensure => present, password => $password, } ...
  20. 20. DATA • Applied via hiera • Only used when default parameter values are invalid • Target parameters in Profiles and external modules org::profiles::iis85::log_path: logs01logs org::profiles::my_app::database_server: myapp-db01 org::profiles::my_app::database_username: myapp org::profiles::my_app::database_password: P@ssw0Rd321
  21. 21. ROLES AND PROFILES • https://puppetlabs.com/presentations/designing-puppet-rolesprofiles-pattern • http://www.craigdunn.org/2012/05/239/ • http://garylarizza.com/blog/2014/02/17/puppet-workflow-part-2/ • http://sysadvent.blogspot.co.uk/2012/12/day-13-configuration-management-as- legos.html
  22. 22. MOVING FROM DEV TO PROD Needs: • Isolate landscapes using Puppet “Environments” • Definitive state for each environment • Module versions • Hiera data • Node classification (site.pp) • Import modules from multiple sources • Automation + audit trail please
  23. 23. R10K DYNAMIC ENVIRONMENTS • Puppet Environments reduced to one Git repo: r10k-control r10k-control GitLab
  24. 24. R10K DYNAMIC ENVIRONMENTS • Puppet Environments reduced to one Git repo: r10k-control • Each Environment becomes one git branch Dev Test Prod r10k-control GitLab
  25. 25. R10K DYNAMIC ENVIRONMENTS • Puppet Environments reduced to one Git repo: r10k-control • Each Environment becomes one git branch • Definitive list of module versions captured in a Puppetfile Dev Test Prod r10k-control Puppetfile Puppetfile Puppetfile GitLab
  26. 26. R10K DYNAMIC ENVIRONMENTS • Puppet Environments reduced to one Git repo: r10k-control • Each Environment becomes one git branch • Definitive list of module versions captured in a Puppetfile • Run r10k deploy environment -p to sync environments Dev Test Prod r10k-control Puppetfile Puppetfile Puppetfile GitLab
  27. 27. Dev Maste r Dev Test Prod r10k GitLab Prod Maste r Dev Test Prod r10k Dev Test Prod r10k-control Puppetfile Puppetfile Puppetfile Module s Prod Se rvers Te st Serve rsDev Serve rs
  28. 28. QUE? Ryan Armstrong @cavaliercoder cavaliercoder cavaliercoder.com

×