Tame your Infrastructure with Puppet

6,909 views

Published on

Presented at LinuxFest Northwest 2009, this slideshow covers how to install and use puppet, types of implementations and more. Visit http://www.bitpusher.com/ for more about BitPusher.

0 Comments
5 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
6,909
On SlideShare
0
From Embeds
0
Number of Embeds
615
Actions
Shares
0
Downloads
214
Comments
0
Likes
5
Embeds 0
No embeds

No notes for slide
  • Tame your Infrastructure with Puppet

    1. 1. Tame your Infrastructure using Puppet Presented for Linux Fest Northwest 2009 by Mark Foster
    2. 2. Agenda <ul><li>Why Puppet? Pros / Cons / Suitability </li></ul><ul><li>Installation </li></ul><ul><li>Facter, Types and other constructs </li></ul><ul><li>Implementation </li></ul><ul><li>Scaling </li></ul><ul><li>Integration </li></ul><ul><li>Resources </li></ul>
    3. 3. What is Puppet <ul><li>Developed by Luke Kanies and Reductive Labs </li></ul><ul><li>Declarative language </li></ul><ul><li>Client / Server model </li></ul><ul><li>It lets you manage &quot;things&quot; from a central location </li></ul><ul><li>Packages (software) </li></ul><ul><li>Services (daemons) </li></ul><ul><li>Processes (think cron jobs) </li></ul><ul><li>Users & Groups </li></ul><ul><li>Arbitrary stuff </li></ul>
    4. 4. What is Puppet (2) <ul><li>Providers </li></ul><ul><ul><li>packaging (yum, rpm, apt, deb, dpkg, gem...) </li></ul></ul><ul><ul><li>users/group management (useradd/adduser, userdel, pw) </li></ul></ul><ul><li>Variables and Conditionals! </li></ul><ul><li>Ruby underneath, flexible, modular </li></ul><ul><li>Authenticated & authorized communication </li></ul>
    5. 5. Why Puppet? <ul><li>Traditional system administration is tedious </li></ul><ul><li>Sys admins must know/learn a # of O/S flavors </li></ul><ul><li>It's “better” - you'll never do system administration the same – think TiVo </li></ul>
    6. 6. Why not Puppet? <ul><li>Learning curve </li></ul><ul><li>You might have a established heterogeneous/legacy environment </li></ul><ul><li>You might be too lazy to get around to it </li></ul><ul><li>You're already using another mediation layer that does the job </li></ul>
    7. 7. Suitability cacti trac Bad Good nagios apache munin mysql ssh sudo ntp
    8. 8. Suitability, cont. <ul><li>Simple applications are easier to integrate </li></ul><ul><li>flat-file configurations help </li></ul><ul><li>fancy setup wizards work against puppet </li></ul><ul><li>web-based setups also </li></ul>
    9. 9. Puppet Components <ul><li>Server: puppetmasterd </li></ul><ul><ul><li>Listens on port 8140/tcp </li></ul></ul><ul><ul><li>runs as user “puppet” </li></ul></ul><ul><ul><li>Encrypted (SSL) communication </li></ul></ul><ul><ul><li>Certificate and thus authorization managed using puppetca command (or autoenroll) </li></ul></ul><ul><ul><li>integrated fileserver </li></ul></ul><ul><li>Clients: puppetd </li></ul><ul><ul><li>connects to puppetmaster every ½ hour </li></ul></ul><ul><ul><li>runs as user “root” </li></ul></ul>
    10. 10. Puppet Components (2) <ul><li>Puppet CA </li></ul><ul><ul><li>Command line utility to approve certificates </li></ul></ul><ul><ul><li>Must by run as root </li></ul></ul><ul><li>Facter </li></ul><ul><ul><li>runs on the client </li></ul></ul><ul><ul><li>basic name = value pairs (“Facts”) </li></ul></ul>
    11. 11. Installation <ul><li>Fedora / Red Hat / CentOS </li></ul><ul><ul><li>yum install puppet puppetmaster </li></ul></ul><ul><ul><li>Hint: use the EPEL repo </li></ul></ul><ul><li>Debian / Ubuntu </li></ul><ul><ul><li>aptitude install puppet puppetmaster </li></ul></ul><ul><ul><li>Hint: use backports on Etch </li></ul></ul><ul><li>Warning: versions < 0.24.x are to be avoided </li></ul>
    12. 12. Installation (gem) <ul><li>No package? No problem... Use a (ruby) gem </li></ul><ul><li>aptitude -y install lsb-release rubygems </li></ul><ul><li>gem install puppet -y </li></ul><ul><li>/var/lib/gems/1.8/bin/puppetd </li></ul>
    13. 13. Commands <ul><li>Puppet daemon control </li></ul><ul><li>/etc/init.d/puppetmaster start|stop|restart </li></ul><ul><li>/etc/init.d/puppet start </li></ul><ul><li>Puppetca </li></ul><ul><li>puppetca --list </li></ul><ul><li>puppetca --sign <client-hostname> </li></ul>
    14. 14. Commands (2) <ul><li>Debug </li></ul><ul><ul><li>Puppet master </li></ul></ul><ul><ul><li>sudo -u puppet </li></ul></ul><ul><ul><li>/usr/sbin/puppetmasterd </li></ul></ul><ul><ul><ul><li>--no-daemonize –verbose --debug </li></ul></ul></ul><ul><ul><li>Puppet client </li></ul></ul><ul><ul><li>sudo /usr/sbin/puppetd </li></ul></ul><ul><ul><ul><li>--no-daemonize --verbose --debug </li></ul></ul></ul>
    15. 15. Types: node node default { include someclass } node example-host inherits default { include anotherclass } node hostname inherits example-host { }
    16. 16. Types: File file { “/etc/resolv.conf”: owner => root, group => root, mode => 644, } file { &quot;/etc/ssl/certs/4bd04d2f.0&quot;: ensure => link, target => &quot;/etc/ssl/certs/bpca3.crt&quot; }
    17. 17. Types: File (2) file { “/etc/resolv.conf”: owner => root, group => root, mode => 644, source => “puppet:///files/etc/resolv.conf” } file { “/etc/resolv.conf”: owner => root, group => root, mode => 644, content => template(&quot; puppet:///files/etc/ resolv.conf.erb&quot;) , }
    18. 18. Types: Package package {“nscd”: ensure => installed }
    19. 19. Types: Service service {“nscd”: enable => true, ensure => running, }
    20. 20. Classes class { nscd: package {nscd: ensure => installed } service {nscd: enable => true, ensure => running, hasrestart => true, require => Package[nscd], } file {“/etc/nscd.conf”: source => “puppet:///files/etc/nscd.conf”, notify => Service[nscd], require => P ackage [nscd], } }
    21. 21. Defines define rFile ( $group=root,$owner=root,$mode=644, $replace=true,$links=manage ) { file{ $name: group=>$group, owner=>$owner, mode=>$mode, source=>[ &quot;puppet:///$domain/$hostname/$name&quot;, &quot;puppet:///$domain/$role/$name&quot;, &quot;puppet:///$domain/$name&quot;, &quot;puppet:///$site/$name&quot;, &quot;puppet:///global/$name&quot;], replace=>$replace, links=>$links } }
    22. 22. Plugins Facter.add(&quot;test1&quot;) do setcode do %x{/bin/hostname -f} end end
    23. 23. Modules <ul><li>Using modules is recommended approach </li></ul><ul><li>Organization of modules... </li></ul><ul><li>puppet/modules/ </li></ul><ul><li>puppet/modules/custom/ </li></ul>
    24. 24. Modules (2) <ul><li>Layout of a module (a look inside) </li></ul><ul><li>manifests/ </li></ul><ul><ul><li>init.pp </li></ul></ul><ul><li>files/ </li></ul><ul><li>templates/ </li></ul><ul><li>plugins/ </li></ul>
    25. 25. Rollout <ul><li>How will you deploy puppet? </li></ul><ul><ul><li>On new hosts only </li></ul></ul><ul><ul><li>Retrofit </li></ul></ul><ul><ul><li>All or some </li></ul></ul><ul><li>There is no one-size-fits-all strategy </li></ul><ul><li>Full-on adoption, limited retrofit or new hosts only </li></ul><ul><li>Combine with attrition and you can be fully “puppetized” real soon </li></ul><ul><li>Don't forget learning curve </li></ul>
    26. 26. Implementation <ul><li>“Bare bones” </li></ul><ul><ul><li>Default install (puppetmaster/webrick) </li></ul></ul><ul><ul><li>Suitable for smaller sites 1-20 hosts </li></ul></ul><ul><ul><li>RCS for revision control </li></ul></ul><ul><ul><li>flat file node control </li></ul></ul><ul><ul><li>monolithic (not multiple environments or sites) </li></ul></ul>
    27. 27. Implementation v2 Upgrades for scalability & performance <ul><li>WEBrick -> Mongrel </li></ul><ul><li>Mongrel cluster fronted by Apache (mod_balance), Nginx (fair) or HAProxy </li></ul><ul><li>Additional nodes w/ shared storage </li></ul><ul><li>Subversion or CVS or Git </li></ul><ul><li>Distributed puppetmasters (per site) </li></ul>
    28. 28. Implementation v2.1 Upgrades for manageability & integrity <ul><li>External node classification </li></ul><ul><ul><li>LDAP integration </li></ul></ul><ul><ul><li>Database integration </li></ul></ul><ul><ul><ul><li>Stored configuration (storeconfig) </li></ul></ul></ul><ul><li>Puppetshow </li></ul><ul><li>Puppet Recruiter </li></ul><ul><li>iClassify </li></ul><ul><ul><li>https://wiki.hjksolutions.com/display/IC/Home </li></ul></ul>
    29. 29. VCS Integration <ul><li>Subversion or CVS or Git </li></ul><ul><ul><li>pre/post commit hooks </li></ul></ul><ul><ul><li>svnspam </li></ul></ul><ul><ul><li>propset tags for $Id$ and $URL$ interpolation </li></ul></ul>
    30. 30. Database Integration <ul><li>SQLite, MySQL or PostgreSQL </li></ul><ul><li>storeconfig </li></ul><ul><ul><li>dumb name </li></ul></ul><ul><ul><li>put facts and other metadata into a database </li></ul></ul><ul><ul><li>Clean and easy to setup! </li></ul></ul><ul><ul><li>allows for naginator and external resources </li></ul></ul>
    31. 31. Database Integration
    32. 32. Resources <ul><li>Puppet home page http://reductivelabs.com/trac/puppet/ </li></ul><ul><li>BitPusher home page http://www.bitpusher.com/ </li></ul>

    ×