Puppet, profile picture
Uploaded byPuppet
PDF, PPTX4,058 views

Puppet at Google

This document summarizes Gordon Rowell's talk about Puppet deployment at Google. Puppet is used to manage internal laptops, desktops, and servers but not customer-facing infrastructure. It manages "lots" of Mac/Ubuntu nodes and "tens" of Puppet servers deployed across globally distributed virtual IPs. Scaling Puppet at Google involves deploying redundant server clusters with Anycast routing clients to the nearest cluster. Load balancing challenges include ensuring enough capacity and routing if clusters fail. Thundering herds of nodes checking in simultaneously and releasing new OS and addon versions on different tracks also create Puppet challenges.

Embed presentation

Download as PDF, PPTX
Puppet at Google Gordon Rowell Puppet Camp Sydney 2013 gordonr@google.com
Non-Goals Not here to to talk about ● Hiring practices ● Release schedules ● Puppet configs ● Monitoring ● Compliance ● Auditing ● ... See also Jason Wright's talk from PuppetConf 2011
Background Puppet at Google is offered as an infrastructure service ● Run by a Site Reliability Engineering (SRE) team ● Customers are OS teams ● Does not manage Google's customer facing infrastructure (search, Gmail, etc.)! ● Manages internal laptops, desktops and servers
How Many Nodes? Clients: ● "Lots" of Mac desktops and laptops ● "Lots" of Ubuntu desktops, laptops and servers ● "Some" others Servers: ● "Tens" of puppet config servers ● "Units" of puppet CAs ● Deployed in five globally distributed VIPs ● Clients use Anycast to find closest "server"
Scaling is fun ● We don't deploy "a server" ○ Servers break, power fails ○ Clients/DNS need to be reconfigured ● We don't deploy "a cluster" ○ Networks break, servers break, power fails ○ Clients/DNS need to be reconfigured ● We deploy redundant clusters ○ Attempt to send clients to nearest serving cluster ○ Anycast means unified client configuration
Load balancing is fun Do you have enough capacity? ● How many backends do you need? ● What happens if half of your backends lose power? ● What about when half are already out for repairs? How do you send clients to the right cluster? ● Client configuration ● DNS round-robin (simple global load balancing) ● DNS views (give best answer for client IP) ● Anycast (portable IP, routed to "nearest" cluster) ● Consider: DNS views plus Anycast
Anycast is fun ● Anycast is "coarse-grain" load balancing ○ It normally sends traffic to closest serving cluster ● Networks break ○ Physical issues ○ Routing issues ○ Configuration issues ○ VIP load balancer bugs ● All clients could be sent to the same cluster ○ Be ready for that ○ Can a single cluster handle worldwide traffic? ○ What do you do if you can't?
Puppet problems: Thundering herds ● "Lots" + "lots" + "some" == "thundering herds" ● What if they all want to do a puppet run? ● What about every hour? ● What about every five minutes? ● Masterless puppet is being considered
Puppet problems: Release tracks ● OS releases have unstable, testing, stable branches ○ Maintained by OS platform teams ● Addons also have unstable, testing, stable branches ○ Maintained by service owners ● Using different tracks for OS and addons is hard ○ However, that's common - testing a new addon release ○ Puppet's global namespace is part of the problem
Puppet problems: Namespaces ● Lots of developers moving fast == conflicts ● Conflicts mean surprises ● Qualify everything ● Testing with rspec-puppet helps to catch issues early
Questions? Gordon Rowell gordonr@google.com

More Related Content

PDF
DevOps Incident Handling - Making friends not enemies.
byServer Density
 
ODP
From Test to Live with Rex
byJan Gehring
 
PDF
Git+jenkins+rex presentation
byDwi Sasongko Supriyadi
 
PPTX
The Road to Kubernetes
byDeniz Zoeteman
 
ODP
Rex - Lightning Talk yapc.eu 2013
byJan Gehring
 
PDF
OSMC 2013 | Zabbix: A Practical Demo by Rihards Olups
byNETWAYS
 
PDF
Hadoop Demystified + Automation Smackdown! Austin JUG June 24 2014
bydatafundamentals
 
PDF
Dokku your own heroku 21
byAmoniac OÜ
 
DevOps Incident Handling - Making friends not enemies.
byServer Density
 
From Test to Live with Rex
byJan Gehring
 
Git+jenkins+rex presentation
byDwi Sasongko Supriyadi
 
The Road to Kubernetes
byDeniz Zoeteman
 
Rex - Lightning Talk yapc.eu 2013
byJan Gehring
 
OSMC 2013 | Zabbix: A Practical Demo by Rihards Olups
byNETWAYS
 
Hadoop Demystified + Automation Smackdown! Austin JUG June 24 2014
bydatafundamentals
 
Dokku your own heroku 21
byAmoniac OÜ
 

What's hot

PDF
Dokku - your own heroku
byAleksandr Simonov
 
PDF
Clack: glue for web apps
byfukamachi
 
PDF
Scaling Humans - BigPanda's Fabulous ChatOps Adventure - Erik Zaadi, BigPanda...
byDevOpsDays Tel Aviv
 
PPTX
Linux – routing and firewall for beginners v 1.0
bySriram Narayanan
 
PPTX
Rsyslog version naming (v8.6.0+)
byRainer Gerhards
 
PDF
Woo: Writing a fast web server
byfukamachi
 
PPTX
ASP.NET Core - Phillosophies, Processes and Tooling
by💻 Spencer Schneidenbach
 
PDF
Woo: Writing a fast web server @ ELS2015
byfukamachi
 
PDF
Laravel workshop
byJasper Frumau
 
PPTX
Antifragility and testing for distributed systems failure
byDiUS
 
PPTX
BuildStuff 2019: Let me handle that for you... Why you need a reverse proxy
byElton Stoneman
 
PDF
Immutable infrastructure with Boxfuse
byLars Östling
 
PDF
Reach the next level with PowerShell
byJaap Brasser
 
PDF
Rapid CQ deployments by Jakub Wadolowski
byAEM HUB
 
PPTX
Devops With Boxfuse and Shippable
byAndrew Schwabe
 
PDF
Manage your infrastructure with PowerShell
byJaap Brasser
 
PPTX
Continous Delivery with CQ
byolibur
 
PPTX
Can i Get C# for Free ?
byWelly Tambunan
 
PPTX
Nagios Conference 2014 - James Clark - Nagios Cool Tips and Tricks
byNagios
 
PDF
Devops and Immutable infrastructure - Cloud Expo 2015 NYC
byJohn Willis
 
Dokku - your own heroku
byAleksandr Simonov
 
Clack: glue for web apps
byfukamachi
 
Scaling Humans - BigPanda's Fabulous ChatOps Adventure - Erik Zaadi, BigPanda...
byDevOpsDays Tel Aviv
 
Linux – routing and firewall for beginners v 1.0
bySriram Narayanan
 
Rsyslog version naming (v8.6.0+)
byRainer Gerhards
 
Woo: Writing a fast web server
byfukamachi
 
ASP.NET Core - Phillosophies, Processes and Tooling
by💻 Spencer Schneidenbach
 
Woo: Writing a fast web server @ ELS2015
byfukamachi
 
Laravel workshop
byJasper Frumau
 
Antifragility and testing for distributed systems failure
byDiUS
 
BuildStuff 2019: Let me handle that for you... Why you need a reverse proxy
byElton Stoneman
 
Immutable infrastructure with Boxfuse
byLars Östling
 
Reach the next level with PowerShell
byJaap Brasser
 
Rapid CQ deployments by Jakub Wadolowski
byAEM HUB
 
Devops With Boxfuse and Shippable
byAndrew Schwabe
 
Manage your infrastructure with PowerShell
byJaap Brasser
 
Continous Delivery with CQ
byolibur
 
Can i Get C# for Free ?
byWelly Tambunan
 
Nagios Conference 2014 - James Clark - Nagios Cool Tips and Tricks
byNagios
 
Devops and Immutable infrastructure - Cloud Expo 2015 NYC
byJohn Willis
 

Viewers also liked

PDF
The NBN Puppet Journey
byPuppet
 
PDF
State of the Puppet Community (Jan 2013)
byPuppet
 
PDF
Scala Abide: A lint tool for Scala
byIulian Dragos
 
PDF
Relational Databases are Evolving To Support New Data Capabilities
byEDB
 
PDF
Your Code is Wrong
bynathanmarz
 
PPTX
Why Spark?
byÁlvaro Agea Herradón
 
PDF
IMCSummit 2015 - Day 2 IT Business Track - 4 Myths about In-Memory Databases ...
byIn-Memory Computing Summit
 
PDF
The Need for Async @ ScalaWorld
byKonrad Malawski
 
PDF
SCM Puppet: from an intro to the scaling
byStanislav Osipov
 
PDF
Delivering Meaning In Near-Real Time At High Velocity In Massive Scale with A...
byHelena Edelson
 
PPTX
Purely Functional Data Structures in Scala
byVladimir Kostyukov
 
PDF
Monadic Java
byMario Fusco
 
PDF
NewSQL overview, Feb 2015
byIvan Glushkov
 
PDF
The Newest in Session Types
byRoland Kuhn
 
PPT
Scala Days San Francisco
byMartin Odersky
 
PDF
Espresso: LinkedIn's Distributed Data Serving Platform (Paper)
byAmy W. Tang
 
PDF
Functional Programming Patterns (BuildStuff '14)
byScott Wlaschin
 
PDF
Concurrency: The Good, The Bad and The Ugly
bylegendofklang
 
PPTX
Introduction to Puppet Enterprise
byPuppet
 
The NBN Puppet Journey
byPuppet
 
State of the Puppet Community (Jan 2013)
byPuppet
 
Scala Abide: A lint tool for Scala
byIulian Dragos
 
Relational Databases are Evolving To Support New Data Capabilities
byEDB
 
Your Code is Wrong
bynathanmarz
 
Why Spark?
byÁlvaro Agea Herradón
 
IMCSummit 2015 - Day 2 IT Business Track - 4 Myths about In-Memory Databases ...
byIn-Memory Computing Summit
 
The Need for Async @ ScalaWorld
byKonrad Malawski
 
SCM Puppet: from an intro to the scaling
byStanislav Osipov
 
Delivering Meaning In Near-Real Time At High Velocity In Massive Scale with A...
byHelena Edelson
 
Purely Functional Data Structures in Scala
byVladimir Kostyukov
 
Monadic Java
byMario Fusco
 
NewSQL overview, Feb 2015
byIvan Glushkov
 
The Newest in Session Types
byRoland Kuhn
 
Scala Days San Francisco
byMartin Odersky
 
Espresso: LinkedIn's Distributed Data Serving Platform (Paper)
byAmy W. Tang
 
Functional Programming Patterns (BuildStuff '14)
byScott Wlaschin
 
Concurrency: The Good, The Bad and The Ugly
bylegendofklang
 
Introduction to Puppet Enterprise
byPuppet
 

Similar to Puppet at Google

PPTX
Managing and Scaling Puppet - PuppetConf 2014
byPuppet
 
PPTX
Managing and Scaling Puppet - PuppetConf 2014
byMiguel Zuniga
 
KEY
Keynote Puppet Camp San Francisco 2010
byPuppet
 
ODP
Puppet slides for intelligrape
bySharad Aggarwal
 
PDF
20111110 how puppet-fits_into_your_existing_infrastructure_and_change_managem...
bygarrett honeycutt
 
PDF
State of Puppet London
byPuppet
 
PDF
State of Puppet - London
byPuppet
 
PDF
Creating a mature puppet system
byrkhatibi
 
PDF
Creating a Mature Puppet System
byPuppet
 
PDF
Puppet Camp CERN Geneva
bySteve Traylen
 
PDF
Puppet Camp Tokyo 2014: Keynote
byPuppet
 
PDF
Puppet Camp Melbourne 2014: Puppet and a DevOps Journey (Beginner)
byPuppet
 
PPTX
State of Puppet - Puppet Camp Silicon Valley 2014
byPuppet
 
PPTX
Puppet Camp Silicon Valley 2015: How TubeMogul reached 10,000 Puppet Deployme...
byNicolas Brousse
 
PPTX
Integrating Puppet with RightScale: Customer Q&A
byRightScale
 
PPTX
Puppetizing Your Organization
byRobert Nelson
 
PDF
R.I. Pienaar - Puppet Camp 2010
byPuppet
 
PDF
Building scalable applications while scaling your infrastructure by rhommel l...
byPuppet
 
PDF
Integrating Puppet and Gitolite for sysadmins cooperations
byLuca Mazzaferro
 
PDF
Puppet camp london nov 2014 slides (1)
byPuppet
 
Managing and Scaling Puppet - PuppetConf 2014
byPuppet
 
Managing and Scaling Puppet - PuppetConf 2014
byMiguel Zuniga
 
Keynote Puppet Camp San Francisco 2010
byPuppet
 
Puppet slides for intelligrape
bySharad Aggarwal
 
20111110 how puppet-fits_into_your_existing_infrastructure_and_change_managem...
bygarrett honeycutt
 
State of Puppet London
byPuppet
 
State of Puppet - London
byPuppet
 
Creating a mature puppet system
byrkhatibi
 
Creating a Mature Puppet System
byPuppet
 
Puppet Camp CERN Geneva
bySteve Traylen
 
Puppet Camp Tokyo 2014: Keynote
byPuppet
 
Puppet Camp Melbourne 2014: Puppet and a DevOps Journey (Beginner)
byPuppet
 
State of Puppet - Puppet Camp Silicon Valley 2014
byPuppet
 
Puppet Camp Silicon Valley 2015: How TubeMogul reached 10,000 Puppet Deployme...
byNicolas Brousse
 
Integrating Puppet with RightScale: Customer Q&A
byRightScale
 
Puppetizing Your Organization
byRobert Nelson
 
R.I. Pienaar - Puppet Camp 2010
byPuppet
 
Building scalable applications while scaling your infrastructure by rhommel l...
byPuppet
 
Integrating Puppet and Gitolite for sysadmins cooperations
byLuca Mazzaferro
 
Puppet camp london nov 2014 slides (1)
byPuppet
 

More from Puppet

PPTX
Puppet Community Day: Planning the Future Together
byPuppet
 
PPTX
The Evolution of Puppet: Key Changes and Modernization Tips
byPuppet
 
PPTX
Can You Help Me Upgrade to Puppet 8? Tips, Tools & Best Practices for Your Up...
byPuppet
 
PPTX
Bolt Dynamic Inventory: Making Puppet Easier
byPuppet
 
PPTX
Customizing Reporting with the Puppet Report Processor
byPuppet
 
PPTX
Puppet at ConfigMgmtCamp 2025 Sponsor Deck
byPuppet
 
PPTX
The State of Puppet in 2025: A Presentation from Developer Relations Lead Dav...
byPuppet
 
PPTX
Let Red be Red and Green be Green: The Automated Workflow Restarter in GitHub...
byPuppet
 
PDF
Puppet camp2021 testing modules and controlrepo
byPuppet
 
PPTX
Puppetcamp r10kyaml
byPuppet
 
PDF
2021 04-15 operational verification (with notes)
byPuppet
 
PPTX
Puppet camp vscode
byPuppet
 
PDF
Modules of the twenties
byPuppet
 
PDF
Applying Roles and Profiles method to compliance code
byPuppet
 
PPTX
KGI compliance as-code approach
byPuppet
 
PDF
Enforce compliance policy with model-driven automation
byPuppet
 
PDF
Keynote: Puppet camp compliance
byPuppet
 
PPTX
Automating it management with Puppet + ServiceNow
byPuppet
 
PPTX
Puppet: The best way to harden Windows
byPuppet
 
PPTX
Simplified Patch Management with Puppet - Oct. 2020
byPuppet
 
Puppet Community Day: Planning the Future Together
byPuppet
 
The Evolution of Puppet: Key Changes and Modernization Tips
byPuppet
 
Can You Help Me Upgrade to Puppet 8? Tips, Tools & Best Practices for Your Up...
byPuppet
 
Bolt Dynamic Inventory: Making Puppet Easier
byPuppet
 
Customizing Reporting with the Puppet Report Processor
byPuppet
 
Puppet at ConfigMgmtCamp 2025 Sponsor Deck
byPuppet
 
The State of Puppet in 2025: A Presentation from Developer Relations Lead Dav...
byPuppet
 
Let Red be Red and Green be Green: The Automated Workflow Restarter in GitHub...
byPuppet
 
Puppet camp2021 testing modules and controlrepo
byPuppet
 
Puppetcamp r10kyaml
byPuppet
 
2021 04-15 operational verification (with notes)
byPuppet
 
Puppet camp vscode
byPuppet
 
Modules of the twenties
byPuppet
 
Applying Roles and Profiles method to compliance code
byPuppet
 
KGI compliance as-code approach
byPuppet
 
Enforce compliance policy with model-driven automation
byPuppet
 
Keynote: Puppet camp compliance
byPuppet
 
Automating it management with Puppet + ServiceNow
byPuppet
 
Puppet: The best way to harden Windows
byPuppet
 
Simplified Patch Management with Puppet - Oct. 2020
byPuppet
 

Recently uploaded

PPTX
Tech Trends 2026: AI Agents, Quantum Computing, Robotics & Cybersecurity
byridwansassman
 
PDF
Preserve workload integrity during cross-architecture migration
byPrincipled Technologies
 
PPTX
GenerationAI Paris 2025 | AI in Tech: Beyond Expectations, Into Execution
byapidays
 
PDF
Session 1/5: Enhancing Automation with Screenplay & Business Rules
bysuhanisingh58689
 
PDF
final.pdf
byomarbishtawi04
 
PDF
From Artificial Intelligence to African Intelligence: Transforming Research &...
byMoses Kemibaro
 
PPTX
CTO Strategy OS 2026: The Tech, AI & Cloud Playbook Boards Want
byridwansassman
 
PDF
GenerationAI_Paris_2025_Architecting_Intelligence.pdf
byapidays
 
PPTX
Celonis Optimizing your future with process
bydevjeremyappleyard
 
PDF
Agent to agent service discovery using HashiCorp Consul and Vault
byBram Vogelaar
 
PDF
How AI Can Help Platform Engineers Build Better Platforms
byAll Things Open
 
PDF
Odoo Implementation Checklist: A Strategic ERP Blueprint for Business-Ready D...
byBANIBRO IT SOLUTION
 
PDF
HOW TO OVERCOME THE THREATS OF ARTIFICIAL INTELLIGENCE AGAINST HUMANITY.pdf
byFaga1939
 
PDF
How does MES(Manufacturing Execution System) work?
byakipii ogaoga
 
PPTX
Automation Without Apprentices: How AI Challenges the Open Source Way
byIcinga
 
PDF
GTM-and-Sales-Plan for a cyber security product
byAshish Jangir
 
PDF
apidays New York 2025 | AI in Application Security
byapidays
 
PDF
UiPath Modern Automation Playbook -Session 2
bysuhanisingh58689
 
PDF
20260212 Security-JAWS activity results for 2025 and activity goals for 2026
byTyphon 666
 
PDF
From Hallucinations to High-Confidence AI with Data Enrichment.pdf
byPrecisely
 
Tech Trends 2026: AI Agents, Quantum Computing, Robotics & Cybersecurity
byridwansassman
 
Preserve workload integrity during cross-architecture migration
byPrincipled Technologies
 
GenerationAI Paris 2025 | AI in Tech: Beyond Expectations, Into Execution
byapidays
 
Session 1/5: Enhancing Automation with Screenplay & Business Rules
bysuhanisingh58689
 
final.pdf
byomarbishtawi04
 
From Artificial Intelligence to African Intelligence: Transforming Research &...
byMoses Kemibaro
 
CTO Strategy OS 2026: The Tech, AI & Cloud Playbook Boards Want
byridwansassman
 
GenerationAI_Paris_2025_Architecting_Intelligence.pdf
byapidays
 
Celonis Optimizing your future with process
bydevjeremyappleyard
 
Agent to agent service discovery using HashiCorp Consul and Vault
byBram Vogelaar
 
How AI Can Help Platform Engineers Build Better Platforms
byAll Things Open
 
Odoo Implementation Checklist: A Strategic ERP Blueprint for Business-Ready D...
byBANIBRO IT SOLUTION
 
HOW TO OVERCOME THE THREATS OF ARTIFICIAL INTELLIGENCE AGAINST HUMANITY.pdf
byFaga1939
 
How does MES(Manufacturing Execution System) work?
byakipii ogaoga
 
Automation Without Apprentices: How AI Challenges the Open Source Way
byIcinga
 
GTM-and-Sales-Plan for a cyber security product
byAshish Jangir
 
apidays New York 2025 | AI in Application Security
byapidays
 
UiPath Modern Automation Playbook -Session 2
bysuhanisingh58689
 
20260212 Security-JAWS activity results for 2025 and activity goals for 2026
byTyphon 666
 
From Hallucinations to High-Confidence AI with Data Enrichment.pdf
byPrecisely
 

Puppet at Google

  • 1.
    Puppet at Google Gordon Rowell Puppet Camp Sydney 2013 gordonr@google.com
  • 2.
    Non-Goals Not here toto talk about ● Hiring practices ● Release schedules ● Puppet configs ● Monitoring ● Compliance ● Auditing ● ... See also Jason Wright's talk from PuppetConf 2011
  • 3.
    Background Puppet at Googleis offered as an infrastructure service ● Run by a Site Reliability Engineering (SRE) team ● Customers are OS teams ● Does not manage Google's customer facing infrastructure (search, Gmail, etc.)! ● Manages internal laptops, desktops and servers
  • 4.
    How Many Nodes? Clients: ● "Lots" of Mac desktops and laptops ● "Lots" of Ubuntu desktops, laptops and servers ● "Some" others Servers: ● "Tens" of puppet config servers ● "Units" of puppet CAs ● Deployed in five globally distributed VIPs ● Clients use Anycast to find closest "server"
  • 5.
    Scaling is fun ●We don't deploy "a server" ○ Servers break, power fails ○ Clients/DNS need to be reconfigured ● We don't deploy "a cluster" ○ Networks break, servers break, power fails ○ Clients/DNS need to be reconfigured ● We deploy redundant clusters ○ Attempt to send clients to nearest serving cluster ○ Anycast means unified client configuration
  • 6.
    Load balancing isfun Do you have enough capacity? ● How many backends do you need? ● What happens if half of your backends lose power? ● What about when half are already out for repairs? How do you send clients to the right cluster? ● Client configuration ● DNS round-robin (simple global load balancing) ● DNS views (give best answer for client IP) ● Anycast (portable IP, routed to "nearest" cluster) ● Consider: DNS views plus Anycast
  • 7.
    Anycast is fun ●Anycast is "coarse-grain" load balancing ○ It normally sends traffic to closest serving cluster ● Networks break ○ Physical issues ○ Routing issues ○ Configuration issues ○ VIP load balancer bugs ● All clients could be sent to the same cluster ○ Be ready for that ○ Can a single cluster handle worldwide traffic? ○ What do you do if you can't?
  • 8.
    Puppet problems: Thunderingherds ● "Lots" + "lots" + "some" == "thundering herds" ● What if they all want to do a puppet run? ● What about every hour? ● What about every five minutes? ● Masterless puppet is being considered
  • 9.
    Puppet problems: Releasetracks ● OS releases have unstable, testing, stable branches ○ Maintained by OS platform teams ● Addons also have unstable, testing, stable branches ○ Maintained by service owners ● Using different tracks for OS and addons is hard ○ However, that's common - testing a new addon release ○ Puppet's global namespace is part of the problem
  • 10.
    Puppet problems: Namespaces ●Lots of developers moving fast == conflicts ● Conflicts mean surprises ● Qualify everything ● Testing with rspec-puppet helps to catch issues early
  • 11.
    Questions? Gordon Rowell gordonr@google.com