SlideShare a Scribd company logo
1 of 44
Download to read offline
Workflow story –
theory versus practice
in Large Enterprises

Marcin Piebiak
Solutions Architect
Linux Polska Sp. z o.o.
1
What is it?
●

Resources

A lot of ready to use resources:
• user
• group
• host
• cron
• exec
• file
• package
• service
• ...

package { 'ssh':
ensure => 'installed',
name
=> 'openssh-server',
}
service { 'ssh':
ensure => 'running',
name
=> 'sshd',
require => Package['ssh'],
}

• Resources are building blocks.
• They can be combined to make larger components.
• Together they can model the expected state of your system.
2
What is it?
Resources
● Declarative language
●

package { 'ssh':
ensure => 'installed',
name
=> 'openssh-server',
}
service { 'ssh':
ensure => 'running',
name
=> 'sshd',
}

Rather than listing a series of steps to carry out
we can describe the desired final state only.
3
What is it?
Resources
● Declarative language
● Abstraction
●

package { 'ssh':
ensure => 'installed',
name
=> 'openssh-server',
}

root@debian ~]# apt-get install openssh-server
root@redhat ~]# yum install openssh-server

Resources in Puppet are
abstracted from
underlying providers.
4
What is it?
Resources
● Declarative language
● Abstraction
● Facts
●

Puppet uses facter to gather
information about the host system.
root@redhat ~]# facter
architecture => x86_64
domain => linuxpolska.pl
facterversion => 1.5.2
fqdn => redhat.linuxpolska.pl
hardwaremodel => x86_64
hostname => redhat
interfaces => eth0
ipaddress => 172.16.10.1
kernel => Linux
...

5

Custom Facts
Facter.add('role') do
setcode do
'cat /etc/role'
end
end
What is it?
Resources
● Declarative language
● Abstraction
● Facts
● Data separation
●

Puppet uses Hiera as its single source
of truth data abstraction layer.

$pkg_name = hiera('pkg_name')
package { 'apache':
ensure => 'installed',
name
=> $pkg_name,
}
Hiera uses Facter facts to determine
a hierarchy.
6

--:backends:
- yaml
:yaml:
:datadir:/etc/hiera
:hierarchy:
- %{fqdn}
- %{osfamily}
- %{environment}
- common
What is it?
Resources
● Declarative language
● Abstraction
● Facts
● Data separation
● Reusable code
●

class ssh (
$pkg_name = 'openssh-server',
$srv_name = 'sshd',
) {
package { 'ssh':
ensure => 'installed',
name
=> $pkg_name,
}

}
7

service {
ensure
enable
name
require
}

'ssh':
=> 'running',
=> 'true',
=> $srv_name,
=> Package['ssh'],

Classes define a
collection of
resources that
are managed
together as a
single unit.
What is it?
Resources
● Declarative language
● Abstraction
● Facts
● Data separation
● Reusable code
●

Classes are abstracted by modules:
ssh
├──
│
│
├──
│
└──

manifests
├── init.pp
└── server.pp
files
└── ssh_config
templates
└── sshd_config.erb

Modules are directories that contain your
configuration. They are designed to encapsulate all
of the components related to a given configuration in
a single folder hierarchy.
8
What is it?
Resources
● Declarative language
● Abstraction
● Facts
● Data separation
● Reusable code
●

If a more complex deployment is
needed, reusing existing classes
saves effort and reduces error.

9
What is it?
Resources
● Declarative language
● Abstraction
● Facts
● Data separation
● Reusable code
●

You own abstraction layers...
Profiles:
class profiles::application {
include tomcat
include mysql
include myapp
}
class profiles::base {
include ssh
include ntp
include users
}
Roles:
class role::webapp {
include profiles::base
include profiles::customapp
include profiles::test_tools
}
10
What is it?
Resources
● Declarative language
● Abstraction
● Facts
● Data separation
● Reusable code
● Supports many OS
●

Supported OS

11
What is it?
Resources
● Declarative language
● Abstraction
● Facts
● Data separation
● Reusable code
● Supports many OS
●

Big environment – no problem

Changes?
base/ntp.yaml
--ntp::local_servers:
- 192.168.0.45
+ - 192.168.0.1
12
What is it?
Resources
● Declarative language
● Abstraction
● Facts
● Data separation
● Reusable code
● Supports many OS
● Provisioning
● Orchestration
● Puppet Forge
● Live Management
● Environments
● Reporting
● Dry-run mode
●

And more...
VM/Cloud Provisioning
Live Management
Orchestration
MCollective
Environments
Dry-run mode
13

Reporting
Custom:
- types & providers
- facts
- functions
What is it?
Resources
● Declarative language
Thanks to these all superior features, ● Abstraction
Puppet is:
● Facts
- fast in deployment
● Data separation
- easy to use
- universal for a lot of operating systems ● Reusable code
● Supports many OS
- with unlimited possibilities
● Provisioning
- easy to expand
- flexible
● Orchestration
● Puppet Forge
● Live Management
● Environments
● Reporting
● Dry-run mode
●

14
In large enterprises like banks, telco, insurance, etc. those features
are not the most relevant.
Implementing Puppet in enterprises we must consider another
priority map, another mindset.

VS.

We must answer not trivial questions dealing
with the core IT Departments way of work.
15
So... everyone has
access to everything?!

VS.

16
So... can I destroy
the whole infrastructure
from one place?

VS.

17
Solution
Puppet master installation
on hardened system with
limited direct access.

tcp:8140

RBAC

tcp:443

tcp:22

ssh keys

For maintenance.
18
Solution
Release manager

Pull request

developer
developer

Fetch

Git as a communication
layer between developers
and puppet master.
19

developer
So... everyone now must
use puppet?!

VS.

20
Developers

Solution
Systems
administrators

Databases
administrators

Security
department

On beginning each department
can have own environments.
21
Each department can have
many environments and its
own idea how to organize
work with puppet.

Solution
Security
department

Integrator

Tests
integrator

dev
test
prod
Release
manager

22
Each department can have
many environments and its
own idea how to organize
work with puppet.

Solution
Security
department

Integrator

Tests
integrator
Release

v0.1

v0.2

dev
test
prod
commits

23

Release
manager
Developers

Solution
Systems
administrators

Databases
administrators

integrator
Security
department

After time some departments will start
working together in one environment.
24
Developers

Solution
Systems
administrators

Databases
administrators

integrator
Security
department
integrator

25
Developers

Solution
Systems
administrators

Databases
administrators

integrator
Security
department
integrator

At the end all departments will use
one environment.
26
How can I find out
who made what change
and who approved
this modification?

VS.

27
Using git we have:
● date
● author
● description

Solution
commit 220938c5a2e51ecd4166eb7d75d14974cbcff897
Author: Marcin Piebiak <mpp@linuxpolska.pl>
Date:
Fri Jul 5 11:27:43 2013 +0200
Description....

Person who approved
modifications.

Release

v0.1

dev
test
prod

28

v0.2

We can use git as a
place for history of the
infrastructure.
● git status
● git log
● git diff
commits
● git blame
Git history is cryptographically secured.
If I have a lot of
environments how can
I use them?

VS.

29
Solution
We can specify a set of
environments for each host to
use.

Database testing system, uses
three testing environments from
different departments.
tcp:8140

dev
test
prod

30
Great!
But... using command
line I can connect to
different environments!

VS.

31
Solution
We use imp module, to control
puppet agents behavior and
their access to environments.

puppet agent -t --environment
tcp:8140

32
Solution
puppet.conf
[main]
modulepath = /etc/puppetlabs/puppet/modules:/opt/puppet/share/puppet/modules
manifest
= /etc/puppetlabs/manifests/site.pp
[env_sec_prod]
modulepath = /var/lib/git/env_sec_prod/modules:/etc/puppetlabs/puppet/modules:/opt/puppet/share/puppet/modules
[env_sec_test]
modulepath = /var/lib/git/env_sec_test/modules:/etc/puppetlabs/puppet/modules:/opt/puppet/share/puppet/modules

/etc/puppetlabs/puppet/modules – place for modules from forge and well tested modules and module imp
/var/lib/git/$environment/modules – git repository for environment

/etc/puppetlabs/manifests/site.pp - common manifest for all environments

imp.yaml

site.pp
include imp
hiera_include('include')

33

--imp::environments:
env_sec_prod:
order: 'deny,allow'
deny: 'all'
allow:
- 'host1.linuxpolska.lab'
- 'www.*.linuxpolska.lab'
commiters:
- 'john.smith'
priority: 1
How can I audit
changes made in
the infrastructure?

VS.

34
Puppet reports

Solution

When nodes fetch their
configurations from the puppet
master, they send back
inventory data and a report of
their run.

puppet reports

Log collector
and analyzer.
35
How can puppet help
me with audit? How can
I recreate life cycle
of each host?

VS.

36
Solution

puppet reports
● puppet agents catalog
● hosts facts
● git diffs after commit
● hiera configuration for
each host
● filebuckets
● ...
●

Log collector
and analyzer.
37
Solution
file {'/etc/important':
ensure => 'file',
group => 'apache',
mode
=> '0660',
}
app

db

file {'/etc/important':
ensure => 'file',
user
=> 'root',
group => 'root',
mode
=> '0600',
}
system

security

If we have many environment there is always
risk of overwriting someone's changes.

Log collector
and analyzer.
38
How will the
modification in puppet
manifests
affect the whole
infrastructure?

VS.

39
Solution
Using log collector we can analyze the infrastructure modifications
before they get to production environment.
Report from puppet normal run.
Report from puppet dry-run.

v0.1

v0.2

dev
test
prod
commits

Log collector
and analyzer.
40
All changes are made
automatically? First I would
like to see what is
going to be changed.

VS.

41
How can we rollback
changes?

VS.

42
After we install
puppet will we know
everything about
the infrastructure?

VS.

43
THE END

Marcin Piebiak
Solutions Architect
Linux Polska Sp. z o.o.
44

More Related Content

What's hot

Lecture 3 Perl & FreeBSD administration
Lecture 3 Perl & FreeBSD administrationLecture 3 Perl & FreeBSD administration
Lecture 3 Perl & FreeBSD administrationMohammed Farrag
 
Lecture 6 Kernel Debugging + Ports Development
Lecture 6 Kernel Debugging + Ports DevelopmentLecture 6 Kernel Debugging + Ports Development
Lecture 6 Kernel Debugging + Ports DevelopmentMohammed Farrag
 
FreeBSD Jail Complete Example
FreeBSD Jail Complete ExampleFreeBSD Jail Complete Example
FreeBSD Jail Complete ExampleMohammed Farrag
 
Make container without_docker_6-overlay-network_1
Make container without_docker_6-overlay-network_1 Make container without_docker_6-overlay-network_1
Make container without_docker_6-overlay-network_1 Sam Kim
 
Efficient logging in multithreaded C++ server
Efficient logging in multithreaded C++ serverEfficient logging in multithreaded C++ server
Efficient logging in multithreaded C++ serverShuo Chen
 
Muduo network library
Muduo network libraryMuduo network library
Muduo network libraryShuo Chen
 
The TCP/IP stack in the FreeBSD kernel COSCUP 2014
The TCP/IP stack in the FreeBSD kernel COSCUP 2014The TCP/IP stack in the FreeBSD kernel COSCUP 2014
The TCP/IP stack in the FreeBSD kernel COSCUP 2014Kevin Lo
 
LISA15: systemd, the Next-Generation Linux System Manager
LISA15: systemd, the Next-Generation Linux System Manager LISA15: systemd, the Next-Generation Linux System Manager
LISA15: systemd, the Next-Generation Linux System Manager Alison Chaiken
 
CoreOS, or How I Learned to Stop Worrying and Love Systemd
CoreOS, or How I Learned to Stop Worrying and Love SystemdCoreOS, or How I Learned to Stop Worrying and Love Systemd
CoreOS, or How I Learned to Stop Worrying and Love SystemdRichard Lister
 
PuppetDB: Sneaking Clojure into Operations
PuppetDB: Sneaking Clojure into OperationsPuppetDB: Sneaking Clojure into Operations
PuppetDB: Sneaking Clojure into Operationsgrim_radical
 
Summit demystifying systemd1
Summit demystifying systemd1Summit demystifying systemd1
Summit demystifying systemd1Susant Sahani
 
도커 없이 컨테이너 만들기 5편 마운트 네임스페이스와 오버레이 파일시스템
도커 없이 컨테이너 만들기 5편 마운트 네임스페이스와 오버레이 파일시스템도커 없이 컨테이너 만들기 5편 마운트 네임스페이스와 오버레이 파일시스템
도커 없이 컨테이너 만들기 5편 마운트 네임스페이스와 오버레이 파일시스템Sam Kim
 
Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...
Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...
Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...Jérôme Petazzoni
 
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxConAnatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxConJérôme Petazzoni
 
Odoo command line interface
Odoo command line interfaceOdoo command line interface
Odoo command line interfaceJalal Zahid
 
도커 없이 컨테이너 만들기 4편 네트워크네임스페이스 (2)
도커 없이 컨테이너 만들기 4편 네트워크네임스페이스 (2)도커 없이 컨테이너 만들기 4편 네트워크네임스페이스 (2)
도커 없이 컨테이너 만들기 4편 네트워크네임스페이스 (2)Sam Kim
 
Docker - container and lightweight virtualization
Docker - container and lightweight virtualization Docker - container and lightweight virtualization
Docker - container and lightweight virtualization Sim Janghoon
 
Using Puppet on Linux, Windows, and Mac OSX
Using Puppet on Linux, Windows, and Mac OSXUsing Puppet on Linux, Windows, and Mac OSX
Using Puppet on Linux, Windows, and Mac OSXPuppet
 

What's hot (20)

Lecture 3 Perl & FreeBSD administration
Lecture 3 Perl & FreeBSD administrationLecture 3 Perl & FreeBSD administration
Lecture 3 Perl & FreeBSD administration
 
Lecture 6 Kernel Debugging + Ports Development
Lecture 6 Kernel Debugging + Ports DevelopmentLecture 6 Kernel Debugging + Ports Development
Lecture 6 Kernel Debugging + Ports Development
 
FreeBSD Jail Complete Example
FreeBSD Jail Complete ExampleFreeBSD Jail Complete Example
FreeBSD Jail Complete Example
 
Make container without_docker_6-overlay-network_1
Make container without_docker_6-overlay-network_1 Make container without_docker_6-overlay-network_1
Make container without_docker_6-overlay-network_1
 
Efficient logging in multithreaded C++ server
Efficient logging in multithreaded C++ serverEfficient logging in multithreaded C++ server
Efficient logging in multithreaded C++ server
 
Muduo network library
Muduo network libraryMuduo network library
Muduo network library
 
The TCP/IP stack in the FreeBSD kernel COSCUP 2014
The TCP/IP stack in the FreeBSD kernel COSCUP 2014The TCP/IP stack in the FreeBSD kernel COSCUP 2014
The TCP/IP stack in the FreeBSD kernel COSCUP 2014
 
LISA15: systemd, the Next-Generation Linux System Manager
LISA15: systemd, the Next-Generation Linux System Manager LISA15: systemd, the Next-Generation Linux System Manager
LISA15: systemd, the Next-Generation Linux System Manager
 
CoreOS, or How I Learned to Stop Worrying and Love Systemd
CoreOS, or How I Learned to Stop Worrying and Love SystemdCoreOS, or How I Learned to Stop Worrying and Love Systemd
CoreOS, or How I Learned to Stop Worrying and Love Systemd
 
PuppetDB: Sneaking Clojure into Operations
PuppetDB: Sneaking Clojure into OperationsPuppetDB: Sneaking Clojure into Operations
PuppetDB: Sneaking Clojure into Operations
 
Zurg part 1
Zurg part 1Zurg part 1
Zurg part 1
 
Summit demystifying systemd1
Summit demystifying systemd1Summit demystifying systemd1
Summit demystifying systemd1
 
도커 없이 컨테이너 만들기 5편 마운트 네임스페이스와 오버레이 파일시스템
도커 없이 컨테이너 만들기 5편 마운트 네임스페이스와 오버레이 파일시스템도커 없이 컨테이너 만들기 5편 마운트 네임스페이스와 오버레이 파일시스템
도커 없이 컨테이너 만들기 5편 마운트 네임스페이스와 오버레이 파일시스템
 
Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...
Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...
Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...
 
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxConAnatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
 
Odoo command line interface
Odoo command line interfaceOdoo command line interface
Odoo command line interface
 
도커 없이 컨테이너 만들기 4편 네트워크네임스페이스 (2)
도커 없이 컨테이너 만들기 4편 네트워크네임스페이스 (2)도커 없이 컨테이너 만들기 4편 네트워크네임스페이스 (2)
도커 없이 컨테이너 만들기 4편 네트워크네임스페이스 (2)
 
Docker - container and lightweight virtualization
Docker - container and lightweight virtualization Docker - container and lightweight virtualization
Docker - container and lightweight virtualization
 
Lecture1 Introduction
Lecture1  IntroductionLecture1  Introduction
Lecture1 Introduction
 
Using Puppet on Linux, Windows, and Mac OSX
Using Puppet on Linux, Windows, and Mac OSXUsing Puppet on Linux, Windows, and Mac OSX
Using Puppet on Linux, Windows, and Mac OSX
 

Similar to Workflow story: Theory versus practice in Large Enterprises

Developing IT infrastructures with Puppet
Developing IT infrastructures with PuppetDeveloping IT infrastructures with Puppet
Developing IT infrastructures with PuppetAlessandro Franceschi
 
Extending OpenShift Origin: Build Your Own Cartridge with Bill DeCoste of Red...
Extending OpenShift Origin: Build Your Own Cartridge with Bill DeCoste of Red...Extending OpenShift Origin: Build Your Own Cartridge with Bill DeCoste of Red...
Extending OpenShift Origin: Build Your Own Cartridge with Bill DeCoste of Red...OpenShift Origin
 
Inspection and maintenance tools (Linux / OpenStack)
Inspection and maintenance tools (Linux / OpenStack)Inspection and maintenance tools (Linux / OpenStack)
Inspection and maintenance tools (Linux / OpenStack)Gerard Braad
 
Our Puppet Story (Linuxtag 2014)
Our Puppet Story (Linuxtag 2014)Our Puppet Story (Linuxtag 2014)
Our Puppet Story (Linuxtag 2014)DECK36
 
Docker and-containers-for-development-and-deployment-scale12x
Docker and-containers-for-development-and-deployment-scale12xDocker and-containers-for-development-and-deployment-scale12x
Docker and-containers-for-development-and-deployment-scale12xrkr10
 
Docker and Containers for Development and Deployment — SCALE12X
Docker and Containers for Development and Deployment — SCALE12XDocker and Containers for Development and Deployment — SCALE12X
Docker and Containers for Development and Deployment — SCALE12XJérôme Petazzoni
 
Introduction to Docker at SF Peninsula Software Development Meetup @Guidewire
Introduction to Docker at SF Peninsula Software Development Meetup @GuidewireIntroduction to Docker at SF Peninsula Software Development Meetup @Guidewire
Introduction to Docker at SF Peninsula Software Development Meetup @GuidewiredotCloud
 
Linux 开源操作系统发展新趋势
Linux 开源操作系统发展新趋势Linux 开源操作系统发展新趋势
Linux 开源操作系统发展新趋势Anthony Wong
 
New Jersey Red Hat Users Group Presentation: Provisioning anywhere
New Jersey Red Hat Users Group Presentation: Provisioning anywhereNew Jersey Red Hat Users Group Presentation: Provisioning anywhere
New Jersey Red Hat Users Group Presentation: Provisioning anywhereRodrique Heron
 
SCM Puppet: from an intro to the scaling
SCM Puppet: from an intro to the scalingSCM Puppet: from an intro to the scaling
SCM Puppet: from an intro to the scalingStanislav Osipov
 
#OktoCampus - Workshop : An introduction to Ansible
#OktoCampus - Workshop : An introduction to Ansible#OktoCampus - Workshop : An introduction to Ansible
#OktoCampus - Workshop : An introduction to AnsibleCédric Delgehier
 
Using R on High Performance Computers
Using R on High Performance ComputersUsing R on High Performance Computers
Using R on High Performance ComputersDave Hiltbrand
 
Puppet for Developers
Puppet for DevelopersPuppet for Developers
Puppet for Developerssagarhere4u
 
Introduction to Docker (as presented at December 2013 Global Hackathon)
Introduction to Docker (as presented at December 2013 Global Hackathon)Introduction to Docker (as presented at December 2013 Global Hackathon)
Introduction to Docker (as presented at December 2013 Global Hackathon)Jérôme Petazzoni
 
A Fabric/Puppet Build/Deploy System
A Fabric/Puppet Build/Deploy SystemA Fabric/Puppet Build/Deploy System
A Fabric/Puppet Build/Deploy Systemadrian_nye
 
MINCS - containers in the shell script (Eng. ver.)
MINCS - containers in the shell script (Eng. ver.)MINCS - containers in the shell script (Eng. ver.)
MINCS - containers in the shell script (Eng. ver.)Masami Hiramatsu
 
June 2014 PDX PUG: Writing and Publishing Puppet Modules
June 2014 PDX PUG: Writing and Publishing Puppet Modules June 2014 PDX PUG: Writing and Publishing Puppet Modules
June 2014 PDX PUG: Writing and Publishing Puppet Modules Puppet
 

Similar to Workflow story: Theory versus practice in Large Enterprises (20)

Developing IT infrastructures with Puppet
Developing IT infrastructures with PuppetDeveloping IT infrastructures with Puppet
Developing IT infrastructures with Puppet
 
Extending OpenShift Origin: Build Your Own Cartridge with Bill DeCoste of Red...
Extending OpenShift Origin: Build Your Own Cartridge with Bill DeCoste of Red...Extending OpenShift Origin: Build Your Own Cartridge with Bill DeCoste of Red...
Extending OpenShift Origin: Build Your Own Cartridge with Bill DeCoste of Red...
 
One-Man Ops
One-Man OpsOne-Man Ops
One-Man Ops
 
Inspection and maintenance tools (Linux / OpenStack)
Inspection and maintenance tools (Linux / OpenStack)Inspection and maintenance tools (Linux / OpenStack)
Inspection and maintenance tools (Linux / OpenStack)
 
Our Puppet Story (Linuxtag 2014)
Our Puppet Story (Linuxtag 2014)Our Puppet Story (Linuxtag 2014)
Our Puppet Story (Linuxtag 2014)
 
Docker and-containers-for-development-and-deployment-scale12x
Docker and-containers-for-development-and-deployment-scale12xDocker and-containers-for-development-and-deployment-scale12x
Docker and-containers-for-development-and-deployment-scale12x
 
Docker and Containers for Development and Deployment — SCALE12X
Docker and Containers for Development and Deployment — SCALE12XDocker and Containers for Development and Deployment — SCALE12X
Docker and Containers for Development and Deployment — SCALE12X
 
Puppet quick start guide
Puppet quick start guidePuppet quick start guide
Puppet quick start guide
 
Adhocr T-dose 2012
Adhocr T-dose 2012Adhocr T-dose 2012
Adhocr T-dose 2012
 
Introduction to Docker at SF Peninsula Software Development Meetup @Guidewire
Introduction to Docker at SF Peninsula Software Development Meetup @GuidewireIntroduction to Docker at SF Peninsula Software Development Meetup @Guidewire
Introduction to Docker at SF Peninsula Software Development Meetup @Guidewire
 
Linux 开源操作系统发展新趋势
Linux 开源操作系统发展新趋势Linux 开源操作系统发展新趋势
Linux 开源操作系统发展新趋势
 
New Jersey Red Hat Users Group Presentation: Provisioning anywhere
New Jersey Red Hat Users Group Presentation: Provisioning anywhereNew Jersey Red Hat Users Group Presentation: Provisioning anywhere
New Jersey Red Hat Users Group Presentation: Provisioning anywhere
 
SCM Puppet: from an intro to the scaling
SCM Puppet: from an intro to the scalingSCM Puppet: from an intro to the scaling
SCM Puppet: from an intro to the scaling
 
#OktoCampus - Workshop : An introduction to Ansible
#OktoCampus - Workshop : An introduction to Ansible#OktoCampus - Workshop : An introduction to Ansible
#OktoCampus - Workshop : An introduction to Ansible
 
Using R on High Performance Computers
Using R on High Performance ComputersUsing R on High Performance Computers
Using R on High Performance Computers
 
Puppet for Developers
Puppet for DevelopersPuppet for Developers
Puppet for Developers
 
Introduction to Docker (as presented at December 2013 Global Hackathon)
Introduction to Docker (as presented at December 2013 Global Hackathon)Introduction to Docker (as presented at December 2013 Global Hackathon)
Introduction to Docker (as presented at December 2013 Global Hackathon)
 
A Fabric/Puppet Build/Deploy System
A Fabric/Puppet Build/Deploy SystemA Fabric/Puppet Build/Deploy System
A Fabric/Puppet Build/Deploy System
 
MINCS - containers in the shell script (Eng. ver.)
MINCS - containers in the shell script (Eng. ver.)MINCS - containers in the shell script (Eng. ver.)
MINCS - containers in the shell script (Eng. ver.)
 
June 2014 PDX PUG: Writing and Publishing Puppet Modules
June 2014 PDX PUG: Writing and Publishing Puppet Modules June 2014 PDX PUG: Writing and Publishing Puppet Modules
June 2014 PDX PUG: Writing and Publishing Puppet Modules
 

More from Puppet

Puppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepoPuppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepoPuppet
 
Puppetcamp r10kyaml
Puppetcamp r10kyamlPuppetcamp r10kyaml
Puppetcamp r10kyamlPuppet
 
2021 04-15 operational verification (with notes)
2021 04-15 operational verification (with notes)2021 04-15 operational verification (with notes)
2021 04-15 operational verification (with notes)Puppet
 
Puppet camp vscode
Puppet camp vscodePuppet camp vscode
Puppet camp vscodePuppet
 
Modules of the twenties
Modules of the twentiesModules of the twenties
Modules of the twentiesPuppet
 
Applying Roles and Profiles method to compliance code
Applying Roles and Profiles method to compliance codeApplying Roles and Profiles method to compliance code
Applying Roles and Profiles method to compliance codePuppet
 
KGI compliance as-code approach
KGI compliance as-code approachKGI compliance as-code approach
KGI compliance as-code approachPuppet
 
Enforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automationEnforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automationPuppet
 
Keynote: Puppet camp compliance
Keynote: Puppet camp complianceKeynote: Puppet camp compliance
Keynote: Puppet camp compliancePuppet
 
Automating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNowAutomating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNowPuppet
 
Puppet: The best way to harden Windows
Puppet: The best way to harden WindowsPuppet: The best way to harden Windows
Puppet: The best way to harden WindowsPuppet
 
Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020Puppet
 
Accelerating azure adoption with puppet
Accelerating azure adoption with puppetAccelerating azure adoption with puppet
Accelerating azure adoption with puppetPuppet
 
Puppet catalog Diff; Raphael Pinson
Puppet catalog Diff; Raphael PinsonPuppet catalog Diff; Raphael Pinson
Puppet catalog Diff; Raphael PinsonPuppet
 
ServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin ReeuwijkServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin ReeuwijkPuppet
 
Take control of your dev ops dumping ground
Take control of your  dev ops dumping groundTake control of your  dev ops dumping ground
Take control of your dev ops dumping groundPuppet
 
100% Puppet Cloud Deployment of Legacy Software
100% Puppet Cloud Deployment of Legacy Software100% Puppet Cloud Deployment of Legacy Software
100% Puppet Cloud Deployment of Legacy SoftwarePuppet
 
Puppet User Group
Puppet User GroupPuppet User Group
Puppet User GroupPuppet
 
Continuous Compliance and DevSecOps
Continuous Compliance and DevSecOpsContinuous Compliance and DevSecOps
Continuous Compliance and DevSecOpsPuppet
 
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick MaludyThe Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick MaludyPuppet
 

More from Puppet (20)

Puppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepoPuppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepo
 
Puppetcamp r10kyaml
Puppetcamp r10kyamlPuppetcamp r10kyaml
Puppetcamp r10kyaml
 
2021 04-15 operational verification (with notes)
2021 04-15 operational verification (with notes)2021 04-15 operational verification (with notes)
2021 04-15 operational verification (with notes)
 
Puppet camp vscode
Puppet camp vscodePuppet camp vscode
Puppet camp vscode
 
Modules of the twenties
Modules of the twentiesModules of the twenties
Modules of the twenties
 
Applying Roles and Profiles method to compliance code
Applying Roles and Profiles method to compliance codeApplying Roles and Profiles method to compliance code
Applying Roles and Profiles method to compliance code
 
KGI compliance as-code approach
KGI compliance as-code approachKGI compliance as-code approach
KGI compliance as-code approach
 
Enforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automationEnforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automation
 
Keynote: Puppet camp compliance
Keynote: Puppet camp complianceKeynote: Puppet camp compliance
Keynote: Puppet camp compliance
 
Automating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNowAutomating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNow
 
Puppet: The best way to harden Windows
Puppet: The best way to harden WindowsPuppet: The best way to harden Windows
Puppet: The best way to harden Windows
 
Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020
 
Accelerating azure adoption with puppet
Accelerating azure adoption with puppetAccelerating azure adoption with puppet
Accelerating azure adoption with puppet
 
Puppet catalog Diff; Raphael Pinson
Puppet catalog Diff; Raphael PinsonPuppet catalog Diff; Raphael Pinson
Puppet catalog Diff; Raphael Pinson
 
ServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin ReeuwijkServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin Reeuwijk
 
Take control of your dev ops dumping ground
Take control of your  dev ops dumping groundTake control of your  dev ops dumping ground
Take control of your dev ops dumping ground
 
100% Puppet Cloud Deployment of Legacy Software
100% Puppet Cloud Deployment of Legacy Software100% Puppet Cloud Deployment of Legacy Software
100% Puppet Cloud Deployment of Legacy Software
 
Puppet User Group
Puppet User GroupPuppet User Group
Puppet User Group
 
Continuous Compliance and DevSecOps
Continuous Compliance and DevSecOpsContinuous Compliance and DevSecOps
Continuous Compliance and DevSecOps
 
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick MaludyThe Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
 

Recently uploaded

Generative AI Use Cases and Applications.pdf
Generative AI Use Cases and Applications.pdfGenerative AI Use Cases and Applications.pdf
Generative AI Use Cases and Applications.pdfalexjohnson7307
 
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsContinuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsLeah Henrickson
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard37
 
الأمن السيبراني - ما لا يسع للمستخدم جهله
الأمن السيبراني - ما لا يسع للمستخدم جهلهالأمن السيبراني - ما لا يسع للمستخدم جهله
الأمن السيبراني - ما لا يسع للمستخدم جهلهMohamed Sweelam
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMKumar Satyam
 
State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!Memoori
 
WebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceWebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceSamy Fodil
 
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptxCyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptxMasterG
 
Oauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftOauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftshyamraj55
 
Design Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxDesign Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxFIDO Alliance
 
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...ScyllaDB
 
AI mind or machine power point presentation
AI mind or machine power point presentationAI mind or machine power point presentation
AI mind or machine power point presentationyogeshlabana357357
 
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...FIDO Alliance
 
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdfFrisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdfAnubhavMangla3
 
Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe中 央社
 
How to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfHow to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfdanishmna97
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc
 
ChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityVictorSzoltysek
 
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...ScyllaDB
 

Recently uploaded (20)

Generative AI Use Cases and Applications.pdf
Generative AI Use Cases and Applications.pdfGenerative AI Use Cases and Applications.pdf
Generative AI Use Cases and Applications.pdf
 
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsContinuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
Overview of Hyperledger Foundation
Overview of Hyperledger FoundationOverview of Hyperledger Foundation
Overview of Hyperledger Foundation
 
الأمن السيبراني - ما لا يسع للمستخدم جهله
الأمن السيبراني - ما لا يسع للمستخدم جهلهالأمن السيبراني - ما لا يسع للمستخدم جهله
الأمن السيبراني - ما لا يسع للمستخدم جهله
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDM
 
State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!
 
WebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceWebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM Performance
 
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptxCyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
 
Oauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftOauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoft
 
Design Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxDesign Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptx
 
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
 
AI mind or machine power point presentation
AI mind or machine power point presentationAI mind or machine power point presentation
AI mind or machine power point presentation
 
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
 
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdfFrisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
 
Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe
 
How to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfHow to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cf
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
 
ChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps Productivity
 
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
 

Workflow story: Theory versus practice in Large Enterprises

  • 1. Workflow story – theory versus practice in Large Enterprises Marcin Piebiak Solutions Architect Linux Polska Sp. z o.o. 1
  • 2. What is it? ● Resources A lot of ready to use resources: • user • group • host • cron • exec • file • package • service • ... package { 'ssh': ensure => 'installed', name => 'openssh-server', } service { 'ssh': ensure => 'running', name => 'sshd', require => Package['ssh'], } • Resources are building blocks. • They can be combined to make larger components. • Together they can model the expected state of your system. 2
  • 3. What is it? Resources ● Declarative language ● package { 'ssh': ensure => 'installed', name => 'openssh-server', } service { 'ssh': ensure => 'running', name => 'sshd', } Rather than listing a series of steps to carry out we can describe the desired final state only. 3
  • 4. What is it? Resources ● Declarative language ● Abstraction ● package { 'ssh': ensure => 'installed', name => 'openssh-server', } root@debian ~]# apt-get install openssh-server root@redhat ~]# yum install openssh-server Resources in Puppet are abstracted from underlying providers. 4
  • 5. What is it? Resources ● Declarative language ● Abstraction ● Facts ● Puppet uses facter to gather information about the host system. root@redhat ~]# facter architecture => x86_64 domain => linuxpolska.pl facterversion => 1.5.2 fqdn => redhat.linuxpolska.pl hardwaremodel => x86_64 hostname => redhat interfaces => eth0 ipaddress => 172.16.10.1 kernel => Linux ... 5 Custom Facts Facter.add('role') do setcode do 'cat /etc/role' end end
  • 6. What is it? Resources ● Declarative language ● Abstraction ● Facts ● Data separation ● Puppet uses Hiera as its single source of truth data abstraction layer. $pkg_name = hiera('pkg_name') package { 'apache': ensure => 'installed', name => $pkg_name, } Hiera uses Facter facts to determine a hierarchy. 6 --:backends: - yaml :yaml: :datadir:/etc/hiera :hierarchy: - %{fqdn} - %{osfamily} - %{environment} - common
  • 7. What is it? Resources ● Declarative language ● Abstraction ● Facts ● Data separation ● Reusable code ● class ssh ( $pkg_name = 'openssh-server', $srv_name = 'sshd', ) { package { 'ssh': ensure => 'installed', name => $pkg_name, } } 7 service { ensure enable name require } 'ssh': => 'running', => 'true', => $srv_name, => Package['ssh'], Classes define a collection of resources that are managed together as a single unit.
  • 8. What is it? Resources ● Declarative language ● Abstraction ● Facts ● Data separation ● Reusable code ● Classes are abstracted by modules: ssh ├── │ │ ├── │ └── manifests ├── init.pp └── server.pp files └── ssh_config templates └── sshd_config.erb Modules are directories that contain your configuration. They are designed to encapsulate all of the components related to a given configuration in a single folder hierarchy. 8
  • 9. What is it? Resources ● Declarative language ● Abstraction ● Facts ● Data separation ● Reusable code ● If a more complex deployment is needed, reusing existing classes saves effort and reduces error. 9
  • 10. What is it? Resources ● Declarative language ● Abstraction ● Facts ● Data separation ● Reusable code ● You own abstraction layers... Profiles: class profiles::application { include tomcat include mysql include myapp } class profiles::base { include ssh include ntp include users } Roles: class role::webapp { include profiles::base include profiles::customapp include profiles::test_tools } 10
  • 11. What is it? Resources ● Declarative language ● Abstraction ● Facts ● Data separation ● Reusable code ● Supports many OS ● Supported OS 11
  • 12. What is it? Resources ● Declarative language ● Abstraction ● Facts ● Data separation ● Reusable code ● Supports many OS ● Big environment – no problem Changes? base/ntp.yaml --ntp::local_servers: - 192.168.0.45 + - 192.168.0.1 12
  • 13. What is it? Resources ● Declarative language ● Abstraction ● Facts ● Data separation ● Reusable code ● Supports many OS ● Provisioning ● Orchestration ● Puppet Forge ● Live Management ● Environments ● Reporting ● Dry-run mode ● And more... VM/Cloud Provisioning Live Management Orchestration MCollective Environments Dry-run mode 13 Reporting Custom: - types & providers - facts - functions
  • 14. What is it? Resources ● Declarative language Thanks to these all superior features, ● Abstraction Puppet is: ● Facts - fast in deployment ● Data separation - easy to use - universal for a lot of operating systems ● Reusable code ● Supports many OS - with unlimited possibilities ● Provisioning - easy to expand - flexible ● Orchestration ● Puppet Forge ● Live Management ● Environments ● Reporting ● Dry-run mode ● 14
  • 15. In large enterprises like banks, telco, insurance, etc. those features are not the most relevant. Implementing Puppet in enterprises we must consider another priority map, another mindset. VS. We must answer not trivial questions dealing with the core IT Departments way of work. 15
  • 16. So... everyone has access to everything?! VS. 16
  • 17. So... can I destroy the whole infrastructure from one place? VS. 17
  • 18. Solution Puppet master installation on hardened system with limited direct access. tcp:8140 RBAC tcp:443 tcp:22 ssh keys For maintenance. 18
  • 19. Solution Release manager Pull request developer developer Fetch Git as a communication layer between developers and puppet master. 19 developer
  • 20. So... everyone now must use puppet?! VS. 20
  • 22. Each department can have many environments and its own idea how to organize work with puppet. Solution Security department Integrator Tests integrator dev test prod Release manager 22
  • 23. Each department can have many environments and its own idea how to organize work with puppet. Solution Security department Integrator Tests integrator Release v0.1 v0.2 dev test prod commits 23 Release manager
  • 27. How can I find out who made what change and who approved this modification? VS. 27
  • 28. Using git we have: ● date ● author ● description Solution commit 220938c5a2e51ecd4166eb7d75d14974cbcff897 Author: Marcin Piebiak <mpp@linuxpolska.pl> Date: Fri Jul 5 11:27:43 2013 +0200 Description.... Person who approved modifications. Release v0.1 dev test prod 28 v0.2 We can use git as a place for history of the infrastructure. ● git status ● git log ● git diff commits ● git blame Git history is cryptographically secured.
  • 29. If I have a lot of environments how can I use them? VS. 29
  • 30. Solution We can specify a set of environments for each host to use. Database testing system, uses three testing environments from different departments. tcp:8140 dev test prod 30
  • 31. Great! But... using command line I can connect to different environments! VS. 31
  • 32. Solution We use imp module, to control puppet agents behavior and their access to environments. puppet agent -t --environment tcp:8140 32
  • 33. Solution puppet.conf [main] modulepath = /etc/puppetlabs/puppet/modules:/opt/puppet/share/puppet/modules manifest = /etc/puppetlabs/manifests/site.pp [env_sec_prod] modulepath = /var/lib/git/env_sec_prod/modules:/etc/puppetlabs/puppet/modules:/opt/puppet/share/puppet/modules [env_sec_test] modulepath = /var/lib/git/env_sec_test/modules:/etc/puppetlabs/puppet/modules:/opt/puppet/share/puppet/modules /etc/puppetlabs/puppet/modules – place for modules from forge and well tested modules and module imp /var/lib/git/$environment/modules – git repository for environment /etc/puppetlabs/manifests/site.pp - common manifest for all environments imp.yaml site.pp include imp hiera_include('include') 33 --imp::environments: env_sec_prod: order: 'deny,allow' deny: 'all' allow: - 'host1.linuxpolska.lab' - 'www.*.linuxpolska.lab' commiters: - 'john.smith' priority: 1
  • 34. How can I audit changes made in the infrastructure? VS. 34
  • 35. Puppet reports Solution When nodes fetch their configurations from the puppet master, they send back inventory data and a report of their run. puppet reports Log collector and analyzer. 35
  • 36. How can puppet help me with audit? How can I recreate life cycle of each host? VS. 36
  • 37. Solution puppet reports ● puppet agents catalog ● hosts facts ● git diffs after commit ● hiera configuration for each host ● filebuckets ● ... ● Log collector and analyzer. 37
  • 38. Solution file {'/etc/important': ensure => 'file', group => 'apache', mode => '0660', } app db file {'/etc/important': ensure => 'file', user => 'root', group => 'root', mode => '0600', } system security If we have many environment there is always risk of overwriting someone's changes. Log collector and analyzer. 38
  • 39. How will the modification in puppet manifests affect the whole infrastructure? VS. 39
  • 40. Solution Using log collector we can analyze the infrastructure modifications before they get to production environment. Report from puppet normal run. Report from puppet dry-run. v0.1 v0.2 dev test prod commits Log collector and analyzer. 40
  • 41. All changes are made automatically? First I would like to see what is going to be changed. VS. 41
  • 42. How can we rollback changes? VS. 42
  • 43. After we install puppet will we know everything about the infrastructure? VS. 43
  • 44. THE END Marcin Piebiak Solutions Architect Linux Polska Sp. z o.o. 44