1.
Phil Zimmerman phil.zimmerman@twcable.com
https://twitter.com/phil_zimmerman

2.






Software defined infrastructure – perfect for
VCS
Configuration Management for servers
Declarative language written in Ruby DSL
Uses manifests to define server
configurations
Brings servers into a desired state and keeps
them there
Eliminates “snowflake” environments

3.

Puppet Modules
 Self-contained bundles of code
 Develop your own
 Download from the Puppet Forge
(https://forge.puppetlabs.com/)
 Contain manifests, files, templates and, ahem… tests

4.

Puppet Manifests
 End in the .pp file extension
 Each manifest in a puppet module should contain
one class or defined type
 Define the set of resources
(packages, files, services) that the module
represents
 Can contain logic
(conditionals, collections, functions, etc)
 Are the source for the compiled catalog

5.

The catalog
 Represents the DAG (directed acyclic graph) of




resources and the desired system state for a given
node
Is compiled from the set of modules’ manifests
defined for a given node
In master/agent puppet, compiled by the master
and applied on the agent node
Masterless puppet, compiled locally on node
Represented on disk as a YAML document

6.





Need to upgrade Java version on tomcat6
vms
Get latest puppet code from vcs
Make the version change in my manifest
Simple change, it looks good to me
Commit my changes

7.
Oh no – Java was updated on my tomcat7 vms
too…. Wait, wat?!
 Face Palm

FAIL!!

8.






Puppet manifests are code
Improve consistency and predictability of
server provisioning
Well-defined tools (rspec-puppet, puppet
parser, puppet-lint, serverspec, vagrant, etc.)
Automatable
Complex, data-driven server configuration
Think of others and future you!

9.







Syntax Checking
Static Analysis
Unit Tests (rspec-puppet)
Configure Jenkins to Run These
Vagrant
Server-spec
Packer

10.
puppet parser validate
-make sure the manifests will generate a
catalog

11.
puppet-lint
-make sure we adhere to the puppet
style guide

12.

rspec-puppet (http://rspec-puppet.com/)




Written by Tim Sharpe (https://github.com/rodjek)
rspec, extended to work with puppet
“unit tests” for puppet code
Designed to test the catalog
▪
▪
▪
▪
Tests at the module level, not system level
Verify resources are present and dependencies are met
Verify resources are configured as expected
Verify file content (even when using templates and hiera –
yes!)
 puppetlabs-spec_helper (Rakefile, .fixtures.yml)

13.

rspec-puppet ruby gem
 rspec-puppet-init
▪ Rakefile
▪ spec/spec_helper.rb
▪ spec/{classes,defines,functions,hosts,fixtures}

puppetlabs_spec_helper ruby gem
 .fixtures.yml
 Ideal for testing manifests referencing forge modules

Both gems work together to ease the burden of
boilerplate setup and configuration

14.
Test that the sshd package is installed

15.
Make sure sshd_config file is present with
desired attributes:

16.
Ensure sshd_config has certain entries:

17.
Verify sshd service is enabled and running with
proper resource dependencies in place:

18.

Parameterized class
 let(:params) { {:foo => ‘abc’, :bar => ‘xyz’} }

Specify values for facter facts
 let(:facts) { {:operatingsystem =>
‘CentOS’, :ipaddress => ‘192.168.33.10’} }

Specify fqdn for a node
 let(:node) { ‘puppet-test-01.lab.webapps.rr.com’ }

19.
hiera-puppet-helper gem

20.



This is awesome, but we’re not done
Next level of testing is to perform a puppet
run on a test vm and verify all is good
We are ready for a server test – enter
serverspec

21.

Server Spec (http://serverspec.org/)
 Designed to validate that a server is configured
appropriately after it’s been provisioned
 Independent of
Puppet, Chef, CFEngine, SaltStack, etc.
 Tests your servers’ actual state directly via ssh
▪ No server-side software or agents required!

22.



serverspec ruby gem
similar dsl as rspec, rspec-puppet
serverspec-init
 spec dir
 sample spec file
 spec_helper.rb
 Rakefile

23.
describe iptables do
it { should have_rule(‘-P INPUT ACCEPT’).with_table(‘mangle’).with_chain(‘INPUT’) }
end
describe port(2003) do
it { should be_listening.with(‘udp’) }
end
describe package(‘httpd’) do
it { should be_installed }
end
describe service(‘sshd’) do
it { should be_monitored_by(‘monit’) }
end

24.


We use Puppet Enterprise at TWC
Vagrantfile that auto installs and configures
Puppet Enterprise master and agent(s)
 https://github.com/adrienthebo/vagrant-pe_build



Personal replica of production Puppet
Enterprise setup
Can apply any role to the agent and test the
server config
Destroy the agent vm when done

25.







“Create identical machine images for multiple
platforms from a single source configuration”
Supports all the main provisioners including Puppet
Can optionally create a vagrant box from the same
source configuration
Automatable and Testable
Extendable plugin architecture
Powerful option for any vm architecture, especially
cloud-based (internal and external)
Full of awesome

26.

Miscellaneous Links





http://www.slideshare.net/PuppetLabs/stephen-connolly
http://www.slideshare.net/PuppetLabs/automated-puppet-testing-puppetcampchicago-12-scott-nottingham
https://github.com/adrienthebo/vagrant-pe_build
https://github.com/puppetlabs/rspec-system
Vim Tools

Syntastic (https://github.com/scrooloose/syntastic)
▪

Vim-puppet (https://github.com/rodjek/vim-puppet)
▪
▪

Checks syntax and displays errors to the user
Syntax highlighting
Style checking
Cool Tool Links



Vagrant - http://www.vagrantup.com
Packer - http://www.packer.io
Stackhammer - http://www.cloudsmith.com