Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Puppet configuration management

Quick overview of puppet and hiera

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all
  • Be the first to comment

  • Be the first to like this

Puppet configuration management

  1. 1. Puppet Configuration Management Credit: Miki Yoshihito https://flic.kr/p/7JNRuf
  2. 2. # whoami • Simon Hanmer – IT Consultant – Sysadmin, Infrastructure architect, server wrangler.
  3. 3. Overview • Infrastructure as code! • Describe the configuration using some ‘language’ – Deploy predictably – Deploy rapidly – Deploy often
  4. 4. Overview • Puppet – Deploy (first installations) – Enforce (Prevent changes) – Audit (Report changes) • Like many tools, two versions – Open source, free as in beer – Enterprise – self hosted, with support (about $100 per node per year)
  5. 5. Overview • Typically used to configure hosts with installed OS, but can provision – Bare metal – Virtual – Cloud – Even non-server (F5 for example)
  6. 6. Deployment Models • Standalone – Single server enforcing own configuration • Distributed – Master servers (single or multiple) – Clients – Secure – servers have to be registered with masters and can only see their own configurations, communications encrypted with SSL. • Can run as single-shot or at regular intervals
  7. 7. Architecture Puppet Server Puppet Client Facts (information about client) Manifests Puppet Client
  8. 8. Facter [simon@webconfig ~]$ facter > facter.txt architecture => x86_64 blockdevice_sda_model => VBOX HARDDISK blockdevice_sda_size => 8589934592 blockdevice_sda_vendor => ATA dhcp_servers => {"system"=>"10.0.3.2", "enp0s8"=>"10.0.3.2"} domain => lrn2.co.uk fqdn => webconfig.lrn2.co.uk hostname => webconfig interfaces => enp0s3,enp0s8,lo ipaddress => 192.168.56.20 ipaddress_enp0s3 => 192.168.56.20 ipaddress_enp0s8 => 10.0.3.15 ipaddress_lo => 127.0.0.1 is_virtual => true kernel => Linux kernelmajversion => 3.10 kernelrelease => 3.10.0-229.4.2.el7.x86_64 kernelversion => 3.10.0 macaddress => 08:00:27:4c:0a:12 macaddress_enp0s3 => 08:00:27:4c:0a:12 macaddress_enp0s8 => 08:00:27:70:b2:a7 memoryfree => 1.13 GB memoryfree_mb => 1155.09 memorysize => 1.28 GB memorysize_mb => 1310.63 operatingsystem => CentOS operatingsystemmajrelease => 7 operatingsystemrelease => 7.1.1503 os => {"name"=>"CentOS", "family"=>"RedHat", "release"=>{"major"=>"7", "minor"=>"1", "full"=>"7.1.1503"}} osfamily => RedHat physicalprocessorcount => 1 processor0 => Intel(R) Core(TM) i7-4600U CPU @ 2.10GHz processorcount => 1 processors => {"models"=>["Intel(R) Core(TM) i7- 4600U CPU @ 2.10GHz"], "count"=>1, "physicalcount"=>1} selinux => true selinux_enforced => true selinux_policyversion => 28 timezone => BST uniqueid => a8c01438 virtual => virtualbox
  9. 9. Process flow facter node classifier hiera puppet
  10. 10. Hiera • Remember ‘Infrastructure as code’? – Most people start hard-coding configuration – Lots of duplication – Separate code and config – Repo’s (tip: separate code & config) – Encrypt sensitive data • Hiera to the rescue!
  11. 11. Hiera • Hierarchy • Decreasing specialisation of information • Definitions override those lower in hierarchy, so /hosts/somehost.com would override /production • Common definitions can be pushed further down the hierarchy which leads to less duplication :hierarchy: − "hosts/%{::fqdn}" − "environment/%{::environment}/%{::operatingsytem}" − "domain/%{::domain}" − "os/%{::operatingsystem}" − "environment/%{::environment}" − common
  12. 12. Hiera • Uses YAML or JSON files • Start with classes classes: − component::webserver − component::mysql_server − component::git_repos − component::wordpress − cron
  13. 13. Hiera • Then data web::vhosts blog.anotherwordpress.com-ssl: servername: blog.anotherwordpress.com port: 443 docroot: /var/www/blog.anotherwordpress.com override: all ssl: true ssl_cert: /etc/ssl/certs/real_lfa.crt wordpress: blog.anotherwordpress.com: docroot: /var/www/blog.anotherwordpress.com db_name: blog db_host: localhost db_user: blog_dba db_password: ENC[PKCS7,mIIBeQYaKoZIhvcNAQc+oIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJ KoZIhvcNAQEBBQAEggEAD2Z15kvHip4y22WRm+aa+VCpXa08rKYxxMzEJNdGR9RpdEARXMcUhn uTeSdf/uDtk4QICN6D/yhEaoG6TotShlLQv2q1uNIeUyf9HHpuvdBwYgQkz1bSES5+alDh/X9H 7IQdtcosNPM4L+2QGb8rygNOTAREALPasswordptH8cN7EDKjLuye4JiNoAKk22mxYTZCuvwq2 88HnSB/4Tn2iOyT+Ms3mjzOJ2RYYviMcD6BlmDpqbp2iG6iUILbvTzowNjJY9ijCIZISEyQMbx fTDBGeaaPrTomdNxpOX4/xEGUGgv7GFYTHMW4hDMHaJF/l8Y+mfBS9WlHKb+9Pb9iDA8Bgkqhk iG9w0BBwEwHQYJYIZIAWUDBAEqBBDKy7nvaZxyXwXO5cSjZXXwgBC9dNAU19EFHVTZiCoBKDAk ]
  14. 14. Puppet resources • Dozen or so built-in resource types • and define your own • Enforce ordering – i.e. install package before enabling service • cron • exec • file • group • host • interface • mailalias • package • router • ssh_authorized_key • user • vlan + others
  15. 15. Puppet Module class component::wordpress { user { 'wordpress' : ensure => present } $wordpress = hiera_hash('wordpress') create_resources(wordpress_site, $wordpress) } # define wordpress resource type define wordpress_site($variables_go_here) { wordpress::instance { "wordpress_$site" : install_dir => $docroot, wp_owner => apache, wp_group => apache, version => 'latest', db_host => $db_host, db_name => $db_name, db_user => $db_user, db_password => $db_password, create_db => true, create_db_user => true } apache::vhost { $site: port => '80', docroot => $docroot, docroot_owner => apache, docroot_group => apache, docroot_mode => '0777' } }
  16. 16. Pros Cons • Free or paid support although I’ve seen puppetlabs employees deliver free support through community • Established (2005) but regular updates • Deploy to bare metal, VMs or cloud • open source modules via forge.puppetlabs.com – both PuppetLabs and individuals • Good documentation – online and printed books • Language is declarative, so by default order of implementation isn’t guaranteed • Default deployment can only handle 10s of nodes, but easy to scale this (using Passenger)
  17. 17. What next? • puppetlabs.com – Downloads – Documentation – Training VMs • forge.puppetlabs.com – Module repository

×