Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Tame your Infrastructure with Puppet

6,982 views

Published on

Presented at LinuxFest Northwest 2009, this slideshow covers how to install and use puppet, types of implementations and more. Visit http://www.bitpusher.com/ for more about BitPusher.

  • Be the first to comment

Tame your Infrastructure with Puppet

  1. 1. Tame your Infrastructure using Puppet Presented for Linux Fest Northwest 2009 by Mark Foster
  2. 2. Agenda <ul><li>Why Puppet? Pros / Cons / Suitability </li></ul><ul><li>Installation </li></ul><ul><li>Facter, Types and other constructs </li></ul><ul><li>Implementation </li></ul><ul><li>Scaling </li></ul><ul><li>Integration </li></ul><ul><li>Resources </li></ul>
  3. 3. What is Puppet <ul><li>Developed by Luke Kanies and Reductive Labs </li></ul><ul><li>Declarative language </li></ul><ul><li>Client / Server model </li></ul><ul><li>It lets you manage &quot;things&quot; from a central location </li></ul><ul><li>Packages (software) </li></ul><ul><li>Services (daemons) </li></ul><ul><li>Processes (think cron jobs) </li></ul><ul><li>Users & Groups </li></ul><ul><li>Arbitrary stuff </li></ul>
  4. 4. What is Puppet (2) <ul><li>Providers </li></ul><ul><ul><li>packaging (yum, rpm, apt, deb, dpkg, gem...) </li></ul></ul><ul><ul><li>users/group management (useradd/adduser, userdel, pw) </li></ul></ul><ul><li>Variables and Conditionals! </li></ul><ul><li>Ruby underneath, flexible, modular </li></ul><ul><li>Authenticated & authorized communication </li></ul>
  5. 5. Why Puppet? <ul><li>Traditional system administration is tedious </li></ul><ul><li>Sys admins must know/learn a # of O/S flavors </li></ul><ul><li>It's “better” - you'll never do system administration the same – think TiVo </li></ul>
  6. 6. Why not Puppet? <ul><li>Learning curve </li></ul><ul><li>You might have a established heterogeneous/legacy environment </li></ul><ul><li>You might be too lazy to get around to it </li></ul><ul><li>You're already using another mediation layer that does the job </li></ul>
  7. 7. Suitability cacti trac Bad Good nagios apache munin mysql ssh sudo ntp
  8. 8. Suitability, cont. <ul><li>Simple applications are easier to integrate </li></ul><ul><li>flat-file configurations help </li></ul><ul><li>fancy setup wizards work against puppet </li></ul><ul><li>web-based setups also </li></ul>
  9. 9. Puppet Components <ul><li>Server: puppetmasterd </li></ul><ul><ul><li>Listens on port 8140/tcp </li></ul></ul><ul><ul><li>runs as user “puppet” </li></ul></ul><ul><ul><li>Encrypted (SSL) communication </li></ul></ul><ul><ul><li>Certificate and thus authorization managed using puppetca command (or autoenroll) </li></ul></ul><ul><ul><li>integrated fileserver </li></ul></ul><ul><li>Clients: puppetd </li></ul><ul><ul><li>connects to puppetmaster every ½ hour </li></ul></ul><ul><ul><li>runs as user “root” </li></ul></ul>
  10. 10. Puppet Components (2) <ul><li>Puppet CA </li></ul><ul><ul><li>Command line utility to approve certificates </li></ul></ul><ul><ul><li>Must by run as root </li></ul></ul><ul><li>Facter </li></ul><ul><ul><li>runs on the client </li></ul></ul><ul><ul><li>basic name = value pairs (“Facts”) </li></ul></ul>
  11. 11. Installation <ul><li>Fedora / Red Hat / CentOS </li></ul><ul><ul><li>yum install puppet puppetmaster </li></ul></ul><ul><ul><li>Hint: use the EPEL repo </li></ul></ul><ul><li>Debian / Ubuntu </li></ul><ul><ul><li>aptitude install puppet puppetmaster </li></ul></ul><ul><ul><li>Hint: use backports on Etch </li></ul></ul><ul><li>Warning: versions < 0.24.x are to be avoided </li></ul>
  12. 12. Installation (gem) <ul><li>No package? No problem... Use a (ruby) gem </li></ul><ul><li>aptitude -y install lsb-release rubygems </li></ul><ul><li>gem install puppet -y </li></ul><ul><li>/var/lib/gems/1.8/bin/puppetd </li></ul>
  13. 13. Commands <ul><li>Puppet daemon control </li></ul><ul><li>/etc/init.d/puppetmaster start|stop|restart </li></ul><ul><li>/etc/init.d/puppet start </li></ul><ul><li>Puppetca </li></ul><ul><li>puppetca --list </li></ul><ul><li>puppetca --sign <client-hostname> </li></ul>
  14. 14. Commands (2) <ul><li>Debug </li></ul><ul><ul><li>Puppet master </li></ul></ul><ul><ul><li>sudo -u puppet </li></ul></ul><ul><ul><li>/usr/sbin/puppetmasterd </li></ul></ul><ul><ul><ul><li>--no-daemonize –verbose --debug </li></ul></ul></ul><ul><ul><li>Puppet client </li></ul></ul><ul><ul><li>sudo /usr/sbin/puppetd </li></ul></ul><ul><ul><ul><li>--no-daemonize --verbose --debug </li></ul></ul></ul>
  15. 15. Types: node node default { include someclass } node example-host inherits default { include anotherclass } node hostname inherits example-host { }
  16. 16. Types: File file { “/etc/resolv.conf”: owner => root, group => root, mode => 644, } file { &quot;/etc/ssl/certs/4bd04d2f.0&quot;: ensure => link, target => &quot;/etc/ssl/certs/bpca3.crt&quot; }
  17. 17. Types: File (2) file { “/etc/resolv.conf”: owner => root, group => root, mode => 644, source => “puppet:///files/etc/resolv.conf” } file { “/etc/resolv.conf”: owner => root, group => root, mode => 644, content => template(&quot; puppet:///files/etc/ resolv.conf.erb&quot;) , }
  18. 18. Types: Package package {“nscd”: ensure => installed }
  19. 19. Types: Service service {“nscd”: enable => true, ensure => running, }
  20. 20. Classes class { nscd: package {nscd: ensure => installed } service {nscd: enable => true, ensure => running, hasrestart => true, require => Package[nscd], } file {“/etc/nscd.conf”: source => “puppet:///files/etc/nscd.conf”, notify => Service[nscd], require => P ackage [nscd], } }
  21. 21. Defines define rFile ( $group=root,$owner=root,$mode=644, $replace=true,$links=manage ) { file{ $name: group=>$group, owner=>$owner, mode=>$mode, source=>[ &quot;puppet:///$domain/$hostname/$name&quot;, &quot;puppet:///$domain/$role/$name&quot;, &quot;puppet:///$domain/$name&quot;, &quot;puppet:///$site/$name&quot;, &quot;puppet:///global/$name&quot;], replace=>$replace, links=>$links } }
  22. 22. Plugins Facter.add(&quot;test1&quot;) do setcode do %x{/bin/hostname -f} end end
  23. 23. Modules <ul><li>Using modules is recommended approach </li></ul><ul><li>Organization of modules... </li></ul><ul><li>puppet/modules/ </li></ul><ul><li>puppet/modules/custom/ </li></ul>
  24. 24. Modules (2) <ul><li>Layout of a module (a look inside) </li></ul><ul><li>manifests/ </li></ul><ul><ul><li>init.pp </li></ul></ul><ul><li>files/ </li></ul><ul><li>templates/ </li></ul><ul><li>plugins/ </li></ul>
  25. 25. Rollout <ul><li>How will you deploy puppet? </li></ul><ul><ul><li>On new hosts only </li></ul></ul><ul><ul><li>Retrofit </li></ul></ul><ul><ul><li>All or some </li></ul></ul><ul><li>There is no one-size-fits-all strategy </li></ul><ul><li>Full-on adoption, limited retrofit or new hosts only </li></ul><ul><li>Combine with attrition and you can be fully “puppetized” real soon </li></ul><ul><li>Don't forget learning curve </li></ul>
  26. 26. Implementation <ul><li>“Bare bones” </li></ul><ul><ul><li>Default install (puppetmaster/webrick) </li></ul></ul><ul><ul><li>Suitable for smaller sites 1-20 hosts </li></ul></ul><ul><ul><li>RCS for revision control </li></ul></ul><ul><ul><li>flat file node control </li></ul></ul><ul><ul><li>monolithic (not multiple environments or sites) </li></ul></ul>
  27. 27. Implementation v2 Upgrades for scalability & performance <ul><li>WEBrick -> Mongrel </li></ul><ul><li>Mongrel cluster fronted by Apache (mod_balance), Nginx (fair) or HAProxy </li></ul><ul><li>Additional nodes w/ shared storage </li></ul><ul><li>Subversion or CVS or Git </li></ul><ul><li>Distributed puppetmasters (per site) </li></ul>
  28. 28. Implementation v2.1 Upgrades for manageability & integrity <ul><li>External node classification </li></ul><ul><ul><li>LDAP integration </li></ul></ul><ul><ul><li>Database integration </li></ul></ul><ul><ul><ul><li>Stored configuration (storeconfig) </li></ul></ul></ul><ul><li>Puppetshow </li></ul><ul><li>Puppet Recruiter </li></ul><ul><li>iClassify </li></ul><ul><ul><li>https://wiki.hjksolutions.com/display/IC/Home </li></ul></ul>
  29. 29. VCS Integration <ul><li>Subversion or CVS or Git </li></ul><ul><ul><li>pre/post commit hooks </li></ul></ul><ul><ul><li>svnspam </li></ul></ul><ul><ul><li>propset tags for $Id$ and $URL$ interpolation </li></ul></ul>
  30. 30. Database Integration <ul><li>SQLite, MySQL or PostgreSQL </li></ul><ul><li>storeconfig </li></ul><ul><ul><li>dumb name </li></ul></ul><ul><ul><li>put facts and other metadata into a database </li></ul></ul><ul><ul><li>Clean and easy to setup! </li></ul></ul><ul><ul><li>allows for naginator and external resources </li></ul></ul>
  31. 31. Database Integration
  32. 32. Resources <ul><li>Puppet home page http://reductivelabs.com/trac/puppet/ </li></ul><ul><li>BitPusher home page http://www.bitpusher.com/ </li></ul>

×