SlideShare a Scribd company logo

Lessons Learned in the OSUOSL Puppet Migration

Puppet
Puppet

The OSU Open Source Lab has used CFengine 2 over the past ten years and the code has exploded towards over 14,000 lines of code. We had set out to migrate to Puppet over four years ago and still haven't completed the process. We have made several mistakes over that time and this session will discuss some of the do's and don'ts of what we learned along the way. We are finally down a path where we can make the transition and want to share our experiences. This session will also be helpful for those in the middle of a major puppet upgrade. Lance Albertson Director, OSU Open Soruce Lab Lance Albertson is the Director for the Oregon State University Open Source Lab (OSUOSL) and has been involved with the Gentoo Linux project as a developer and package maintainer since 2003. Since joining the OSUOSL in 2007, Lance has managed all of the hosting activities that the OSL provides for nearly 160 high-profile open source projects. He was recently promoted to Director in early 2013 after being the Lead Systems Administration and Architect since 2007. In his free time he helps organize Beaver BarCamp and plays trumpet in a local jazz group The Infallible Collective. He holds a B.A. in Agriculture Technology Management from Kansas State University, where he minored in Agronomy and Computer Science.

TechnologySpiritual
1 of 24
Download to read offline
Lessons Learned in the OSUOSL Puppet Migration Lance Albertson Director lance@osuosl.org @ramereth
Session Summary ● OSL team environment overview ● Brief OSL systems architecture history ● CFEngine environment & stats ● Initial Puppet environments ● Git repo all the things! ● Modules strategy ● Deployment/migration strategy ● Future Plans Lessons Learned in the OSUOSL Puppet Migration Lance Albertson | lance@osuosl.org | @ramereth
OSL Team Environment ● 2 FTE Sysadmins, 1 FTE developer ● 6-10 student sysadmins ● 4-6 student devs ● Student productivity / turnover ● Multiple on-going projects ● Incoming tickets keeps us busy ● Domain knowledge is mostly on me* * I'm bad at documentation Lessons Learned in the OSUOSL Puppet Migration Lance Albertson | lance@osuosl.org | @ramereth
OSL Team Environment Systems weekly team meeting Lessons Learned in the OSUOSL Puppet Migration Lance Albertson | lance@osuosl.org | @ramereth
OSL Systems History ● Started out on Debian ('03-'05) ● Switched to Gentoo Hardened ('05-'12) ○ Gentoo devs on staff (mostly me) ○ Wanted the grsec/PaX features ● Started deploying CentOS 5 ('08+) ● All new deployments CentOS 6 ('12+) ○ EOL schedule worked best for us ● CFEngine 2 for config management ● Some mixed CFEngine/puppet env. Lessons Learned in the OSUOSL Puppet Migration Lance Albertson | lance@osuosl.org | @ramereth
CFengine Environment ● Manages all package installs & upgrades ● 180 "Services" ● 174 Package classes ● 113 cf. files ● 19,500 lines of raw cf files ● 14,700 lines actual code ● 1490 lines in cf.classes alone ● 24,300 commits (9,100 are mine alone) Lessons Learned in the OSUOSL Puppet Migration Lance Albertson | lance@osuosl.org | @ramereth
CFengine Environment ● "Do all the things in cfengine" ● A lot of hacked logic because its CF 2 ● Not very dynamic for our needs ● No way to delegate access to projects ● Upgrade path to CF 3 would be a nightmare ● Works very well for our Gentoo hosts Lessons Learned in the OSUOSL Puppet Migration Lance Albertson | lance@osuosl.org | @ramereth
Reason for choosing Puppet ● Liked its goals and approach overall ● Proximity to Puppet Labs (PDX) ● Lots of sharable modules and code ● Excellent community ● Very sysadmin focused ● Lots of progress in its feature set ○ Razor, Puppet Enterprise, Foreman, etc Lessons Learned in the OSUOSL Puppet Migration Lance Albertson | lance@osuosl.org | @ramereth
Puppet Migration Strategy ● Avoid mixed cfengine / puppet environments at all cost ○ Either all cfengine or all puppet ● Convert all CentOS hosts first ○ Easy transition ● Rebuild, Retire, rethink Architecture ○ Same basic architecture since 2005 Lessons Learned in the OSUOSL Puppet Migration Lance Albertson | lance@osuosl.org | @ramereth
The Beginnings ● Planning in early 2010 ● Summer of 2010 initial implementation ● Student project ● Used code from example42 ● Single git repo (#1) for everything ● Gentoo Puppet issues ○ No concept of use flags, keywords, etc ○ Package dependencies are hell Lessons Learned in the OSUOSL Puppet Migration Lance Albertson | lance@osuosl.org | @ramereth
Git repo all the things! - 2010 ● Fall 2010 - Git repo #2 created ● Split into repos based on projects ○ Try to solve the delegation problem ○ Manifests were done in an ugly way ○ Didn't use submodules but a simple script to keep things in sync - i.e. non-standard ● Repo is in production still today ○ Drupal Project has their own module repo ○ They use it to manage their services primarily ○ We run CFengine along-side puppet on Drupal Project machines - YUCK! Lessons Learned in the OSUOSL Puppet Migration Lance Albertson | lance@osuosl.org | @ramereth
Git repo all the things! - 2011 ● Summer 2011 Repo #3 created ● 2-3 students started it again ● Partnered with PSU CAT team ● Repo for every module, and submodule everything ● Nightmare management of the super-repo ● Very confusing to new students ● Deployed it on all the student workstations to test ○ Now its instance #2 that was running in production at the time Lessons Learned in the OSUOSL Puppet Migration Lance Albertson | lance@osuosl.org | @ramereth
Git repo all the things! - 2011 ● Summer 2011 ● Added basic puppet syntax checking commit hook ● Implemented puppet-sync ○ https://github.com/pdxcat/puppet-sync ○ A script to synchronize you manifests from a GIT repository to your Puppet master. ● This helped but the submodules produced so much rage face Lessons Learned in the OSUOSL Puppet Migration Lance Albertson | lance@osuosl.org | @ramereth
Git repo all the things! - 2012 ● Summer 2012 ○ I take a crack at fixing the repo mess ● Repo #4 is created with a slightly saner approach ● Still using submodules, but much less ● Refactored a bunch of code ● Did take a look at mr for repo management ● Never went into production, kind of forgotten Lessons Learned in the OSUOSL Puppet Migration Lance Albertson | lance@osuosl.org | @ramereth
“puppet-simple” repo - 2012 ● Fall 2012 - "Lets get this right for real" ● Very simplified multi-repo layout (K.I.S.S.) ● Single repo ● Directory layout: ○ dist/ - internal modules ○ libs/modules - public or internal->public modules ○ site/ - site specific modules ■ site/os - OS specific module ■ site/role - Role specific module ● Submodules for libs/* Lessons Learned in the OSUOSL Puppet Migration Lance Albertson | lance@osuosl.org | @ramereth
Repo Recap ● #1 Single git repo - deprecated ● #2 Multi-repos w/o submodules - prod (Drupal) ● #3 Multi-repos w/ submodules - deprecated ● #4 Multi-repos w/ submodules (Lance refactor) ○ never used ● #5 puppet-simple - prod (workstations) Lessons Learned in the OSUOSL Puppet Migration Lance Albertson | lance@osuosl.org | @ramereth
Lessons learned from the repos ● K.I.S.S. from the start ● Submodules produces a lot of rage face ● Pick something and stick with it the best you can ● Flexibility is nice, but don't need it in the beginning ● Try to use community modules when possible Lessons Learned in the OSUOSL Puppet Migration Lance Albertson | lance@osuosl.org | @ramereth
Chef Experiment - 2013 ● Wait, I thought this was a Puppet migration talk? ● Decided to take another look at Chef ● Testing on a small set of new machine environments ● Has its own set of issues and problems ○ Fixed some initial workflow problems we had with puppet ● Jury is still out ● “Yay” for three config management envs! </sarcasm> Lessons Learned in the OSUOSL Puppet Migration Lance Albertson | lance@osuosl.org | @ramereth
Current status of migration ● Workstations on new "simple" repo ● Building base modules (80% finished) ○ Importing some from the other repos, refactoring, cleaning up ○ Using community modules (mysql, concat, etc) ● Importing OSL site specific magic ○ Converting CFengine-isms into Puppet ○ Try and undo really hacked up code and processes ● Testing and more testing Lessons Learned in the OSUOSL Puppet Migration Lance Albertson | lance@osuosl.org | @ramereth
Testing Environment ● Vagrant and more vagrant ○ Build standard cfengine-ized basebox ○ Run new modules to see changes ● Future Plans ○ RSpec testing on modules ○ Jenkins CI environment of some kind ● Projects' access ○ Give them an environment to test major changes ● Needs a lot of work Lessons Learned in the OSUOSL Puppet Migration Lance Albertson | lance@osuosl.org | @ramereth
Current Migration Strategy ● Finish base puppet modules ○ Build other modules as needed ● Deploy application service management ○ Services not currently managed by CFengine ○ Will run in parallel with CFengine ● Convert all current CentOS 5/6 hosts one-by-one ● Gentoo -> CentOS Migration ○ Rebuilt as CentOS 6 under puppet ○ Retired, re-architected, etc Lessons Learned in the OSUOSL Puppet Migration Lance Albertson | lance@osuosl.org | @ramereth
Future Plans ● Publish OSL modules ● Delegation to projects ○ Allow projects to check out their puppet config ○ Integrated testing, merging, etc ○ Less work on our staff long term ● Use other tools ○ Deploy Foreman (or something similar like PE) ○ Try out Puppet Enterprise ○ Look into PuppetDB, MCollective, Hiera, etc Lessons Learned in the OSUOSL Puppet Migration Lance Albertson | lance@osuosl.org | @ramereth
Conclusion Takeaways ● Dedicate someone on the conversion ○ Maintain consistency, less context switching ● Use K.I.S.S. principle as much as possible ● Target specific hosts as examples for conversion ○ Do test deploys with vagrant ● Use "brick and mortar" philosophy ○ Try and keep site specific code out of the modules the best you can Lessons Learned in the OSUOSL Puppet Migration Lance Albertson | lance@osuosl.org | @ramereth
Questions? Lance Albertson lance@osuosl.org @ramereth http://osuosl.org http://lancealbertson.com Follow OSUOSL @osuosl | fb.com/OSUOSL G+ "Open Source Lab" This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License. Copyright 2013

Recommended

Testing for Ops: Going Beyond the Manifest - PuppetConf 2013
Testing for Ops: Going Beyond the Manifest - PuppetConf 2013Testing for Ops: Going Beyond the Manifest - PuppetConf 2013
Testing for Ops: Going Beyond the Manifest - PuppetConf 2013Puppet
 
Boxen: AATFT
Boxen: AATFTBoxen: AATFT
Boxen: AATFTPuppet
 
The Puppet Community: Current State and Future Plans
The Puppet Community: Current State and Future PlansThe Puppet Community: Current State and Future Plans
The Puppet Community: Current State and Future PlansPuppet
 
Interview Quiz w/o Server
Interview Quiz w/o ServerInterview Quiz w/o Server
Interview Quiz w/o ServerCliff Chao-kuan Lu
 
What we Learned Implementing Puppet at Backstop
What we Learned Implementing Puppet at BackstopWhat we Learned Implementing Puppet at Backstop
What we Learned Implementing Puppet at BackstopPuppet
 
Puppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepoPuppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepoPuppet
 
Puppetcamp r10kyaml
Puppetcamp r10kyamlPuppetcamp r10kyaml
Puppetcamp r10kyamlPuppet
 
2021 04-15 operational verification (with notes)
2021 04-15 operational verification (with notes)2021 04-15 operational verification (with notes)
2021 04-15 operational verification (with notes)Puppet
 

Recommended

Testing for Ops: Going Beyond the Manifest - PuppetConf 2013
Testing for Ops: Going Beyond the Manifest - PuppetConf 2013Testing for Ops: Going Beyond the Manifest - PuppetConf 2013
Testing for Ops: Going Beyond the Manifest - PuppetConf 2013Puppet
 
Boxen: AATFT
Boxen: AATFTBoxen: AATFT
Boxen: AATFTPuppet
 
The Puppet Community: Current State and Future Plans
The Puppet Community: Current State and Future PlansThe Puppet Community: Current State and Future Plans
The Puppet Community: Current State and Future PlansPuppet
 
Interview Quiz w/o Server
Interview Quiz w/o ServerInterview Quiz w/o Server
Interview Quiz w/o ServerCliff Chao-kuan Lu
 
What we Learned Implementing Puppet at Backstop
What we Learned Implementing Puppet at BackstopWhat we Learned Implementing Puppet at Backstop
What we Learned Implementing Puppet at BackstopPuppet
 
Puppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepoPuppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepoPuppet
 
Puppetcamp r10kyaml
Puppetcamp r10kyamlPuppetcamp r10kyaml
Puppetcamp r10kyamlPuppet
 
2021 04-15 operational verification (with notes)
2021 04-15 operational verification (with notes)2021 04-15 operational verification (with notes)
2021 04-15 operational verification (with notes)Puppet
 
Puppet camp vscode
Puppet camp vscodePuppet camp vscode
Puppet camp vscodePuppet
 
Modules of the twenties
Modules of the twentiesModules of the twenties
Modules of the twentiesPuppet
 
Applying Roles and Profiles method to compliance code
Applying Roles and Profiles method to compliance codeApplying Roles and Profiles method to compliance code
Applying Roles and Profiles method to compliance codePuppet
 
KGI compliance as-code approach
KGI compliance as-code approachKGI compliance as-code approach
KGI compliance as-code approachPuppet
 
Enforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automationEnforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automationPuppet
 
Keynote: Puppet camp compliance
Keynote: Puppet camp complianceKeynote: Puppet camp compliance
Keynote: Puppet camp compliancePuppet
 
Automating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNowAutomating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNowPuppet
 
Puppet: The best way to harden Windows
Puppet: The best way to harden WindowsPuppet: The best way to harden Windows
Puppet: The best way to harden WindowsPuppet
 
Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020Puppet
 
Accelerating azure adoption with puppet
Accelerating azure adoption with puppetAccelerating azure adoption with puppet
Accelerating azure adoption with puppetPuppet
 
Puppet catalog Diff; Raphael Pinson
Puppet catalog Diff; Raphael PinsonPuppet catalog Diff; Raphael Pinson
Puppet catalog Diff; Raphael PinsonPuppet
 
ServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin ReeuwijkServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin ReeuwijkPuppet
 
Take control of your dev ops dumping ground
Take control of your dev ops dumping groundTake control of your dev ops dumping ground
Take control of your dev ops dumping groundPuppet
 
100% Puppet Cloud Deployment of Legacy Software
100% Puppet Cloud Deployment of Legacy Software100% Puppet Cloud Deployment of Legacy Software
100% Puppet Cloud Deployment of Legacy SoftwarePuppet
 
Puppet User Group
Puppet User GroupPuppet User Group
Puppet User GroupPuppet
 
Continuous Compliance and DevSecOps
Continuous Compliance and DevSecOpsContinuous Compliance and DevSecOps
Continuous Compliance and DevSecOpsPuppet
 
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick MaludyThe Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick MaludyPuppet
 
ServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin ReeuwijkServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin ReeuwijkPuppet
 
Puppet in k8s, Miroslav Hadzhiev
Puppet in k8s, Miroslav HadzhievPuppet in k8s, Miroslav Hadzhiev
Puppet in k8s, Miroslav HadzhievPuppet
 
Bolt on Windows - James Pogran
Bolt on Windows - James PogranBolt on Windows - James Pogran
Bolt on Windows - James PogranPuppet
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 

More Related Content

More from Puppet

Puppet camp vscode
Puppet camp vscodePuppet camp vscode
Puppet camp vscodePuppet
 
Modules of the twenties
Modules of the twentiesModules of the twenties
Modules of the twentiesPuppet
 
Applying Roles and Profiles method to compliance code
Applying Roles and Profiles method to compliance codeApplying Roles and Profiles method to compliance code
Applying Roles and Profiles method to compliance codePuppet
 
KGI compliance as-code approach
KGI compliance as-code approachKGI compliance as-code approach
KGI compliance as-code approachPuppet
 
Enforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automationEnforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automationPuppet
 
Keynote: Puppet camp compliance
Keynote: Puppet camp complianceKeynote: Puppet camp compliance
Keynote: Puppet camp compliancePuppet
 
Automating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNowAutomating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNowPuppet
 
Puppet: The best way to harden Windows
Puppet: The best way to harden WindowsPuppet: The best way to harden Windows
Puppet: The best way to harden WindowsPuppet
 
Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020Puppet
 
Accelerating azure adoption with puppet
Accelerating azure adoption with puppetAccelerating azure adoption with puppet
Accelerating azure adoption with puppetPuppet
 
Puppet catalog Diff; Raphael Pinson
Puppet catalog Diff; Raphael PinsonPuppet catalog Diff; Raphael Pinson
Puppet catalog Diff; Raphael PinsonPuppet
 
ServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin ReeuwijkServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin ReeuwijkPuppet
 
Take control of your dev ops dumping ground
Take control of your dev ops dumping groundTake control of your dev ops dumping ground
Take control of your dev ops dumping groundPuppet
 
100% Puppet Cloud Deployment of Legacy Software
100% Puppet Cloud Deployment of Legacy Software100% Puppet Cloud Deployment of Legacy Software
100% Puppet Cloud Deployment of Legacy SoftwarePuppet
 
Puppet User Group
Puppet User GroupPuppet User Group
Puppet User GroupPuppet
 
Continuous Compliance and DevSecOps
Continuous Compliance and DevSecOpsContinuous Compliance and DevSecOps
Continuous Compliance and DevSecOpsPuppet
 
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick MaludyThe Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick MaludyPuppet
 
ServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin ReeuwijkServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin ReeuwijkPuppet
 
Puppet in k8s, Miroslav Hadzhiev
Puppet in k8s, Miroslav HadzhievPuppet in k8s, Miroslav Hadzhiev
Puppet in k8s, Miroslav HadzhievPuppet
 
Bolt on Windows - James Pogran
Bolt on Windows - James PogranBolt on Windows - James Pogran
Bolt on Windows - James PogranPuppet
 

More from Puppet (20)

Puppet camp vscode
Puppet camp vscodePuppet camp vscode
Puppet camp vscode
 
Modules of the twenties
Modules of the twentiesModules of the twenties
Modules of the twenties
 
Applying Roles and Profiles method to compliance code
Applying Roles and Profiles method to compliance codeApplying Roles and Profiles method to compliance code
Applying Roles and Profiles method to compliance code
 
KGI compliance as-code approach
KGI compliance as-code approachKGI compliance as-code approach
KGI compliance as-code approach
 
Enforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automationEnforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automation
 
Keynote: Puppet camp compliance
Keynote: Puppet camp complianceKeynote: Puppet camp compliance
Keynote: Puppet camp compliance
 
Automating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNowAutomating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNow
 
Puppet: The best way to harden Windows
Puppet: The best way to harden WindowsPuppet: The best way to harden Windows
Puppet: The best way to harden Windows
 
Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020
 
Accelerating azure adoption with puppet
Accelerating azure adoption with puppetAccelerating azure adoption with puppet
Accelerating azure adoption with puppet
 
Puppet catalog Diff; Raphael Pinson
Puppet catalog Diff; Raphael PinsonPuppet catalog Diff; Raphael Pinson
Puppet catalog Diff; Raphael Pinson
 
ServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin ReeuwijkServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin Reeuwijk
 
Take control of your dev ops dumping ground
Take control of your dev ops dumping groundTake control of your dev ops dumping ground
Take control of your dev ops dumping ground
 
100% Puppet Cloud Deployment of Legacy Software
100% Puppet Cloud Deployment of Legacy Software100% Puppet Cloud Deployment of Legacy Software
100% Puppet Cloud Deployment of Legacy Software
 
Puppet User Group
Puppet User GroupPuppet User Group
Puppet User Group
 
Continuous Compliance and DevSecOps
Continuous Compliance and DevSecOpsContinuous Compliance and DevSecOps
Continuous Compliance and DevSecOps
 
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick MaludyThe Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
 
ServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin ReeuwijkServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin Reeuwijk
 
Puppet in k8s, Miroslav Hadzhiev
Puppet in k8s, Miroslav HadzhievPuppet in k8s, Miroslav Hadzhiev
Puppet in k8s, Miroslav Hadzhiev
 
Bolt on Windows - James Pogran
Bolt on Windows - James PogranBolt on Windows - James Pogran
Bolt on Windows - James Pogran
 

Recently uploaded

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 

Recently uploaded (20)

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 

Lessons Learned in the OSUOSL Puppet Migration

  • 1. Lessons Learned in the OSUOSL Puppet Migration Lance Albertson Director lance@osuosl.org @ramereth
  • 2. Session Summary ● OSL team environment overview ● Brief OSL systems architecture history ● CFEngine environment & stats ● Initial Puppet environments ● Git repo all the things! ● Modules strategy ● Deployment/migration strategy ● Future Plans Lessons Learned in the OSUOSL Puppet Migration Lance Albertson | lance@osuosl.org | @ramereth
  • 3. OSL Team Environment ● 2 FTE Sysadmins, 1 FTE developer ● 6-10 student sysadmins ● 4-6 student devs ● Student productivity / turnover ● Multiple on-going projects ● Incoming tickets keeps us busy ● Domain knowledge is mostly on me* * I'm bad at documentation Lessons Learned in the OSUOSL Puppet Migration Lance Albertson | lance@osuosl.org | @ramereth
  • 4. OSL Team Environment Systems weekly team meeting Lessons Learned in the OSUOSL Puppet Migration Lance Albertson | lance@osuosl.org | @ramereth
  • 5. OSL Systems History ● Started out on Debian ('03-'05) ● Switched to Gentoo Hardened ('05-'12) ○ Gentoo devs on staff (mostly me) ○ Wanted the grsec/PaX features ● Started deploying CentOS 5 ('08+) ● All new deployments CentOS 6 ('12+) ○ EOL schedule worked best for us ● CFEngine 2 for config management ● Some mixed CFEngine/puppet env. Lessons Learned in the OSUOSL Puppet Migration Lance Albertson | lance@osuosl.org | @ramereth
  • 6. CFengine Environment ● Manages all package installs & upgrades ● 180 "Services" ● 174 Package classes ● 113 cf. files ● 19,500 lines of raw cf files ● 14,700 lines actual code ● 1490 lines in cf.classes alone ● 24,300 commits (9,100 are mine alone) Lessons Learned in the OSUOSL Puppet Migration Lance Albertson | lance@osuosl.org | @ramereth
  • 7. CFengine Environment ● "Do all the things in cfengine" ● A lot of hacked logic because its CF 2 ● Not very dynamic for our needs ● No way to delegate access to projects ● Upgrade path to CF 3 would be a nightmare ● Works very well for our Gentoo hosts Lessons Learned in the OSUOSL Puppet Migration Lance Albertson | lance@osuosl.org | @ramereth
  • 8. Reason for choosing Puppet ● Liked its goals and approach overall ● Proximity to Puppet Labs (PDX) ● Lots of sharable modules and code ● Excellent community ● Very sysadmin focused ● Lots of progress in its feature set ○ Razor, Puppet Enterprise, Foreman, etc Lessons Learned in the OSUOSL Puppet Migration Lance Albertson | lance@osuosl.org | @ramereth
  • 9. Puppet Migration Strategy ● Avoid mixed cfengine / puppet environments at all cost ○ Either all cfengine or all puppet ● Convert all CentOS hosts first ○ Easy transition ● Rebuild, Retire, rethink Architecture ○ Same basic architecture since 2005 Lessons Learned in the OSUOSL Puppet Migration Lance Albertson | lance@osuosl.org | @ramereth
  • 10. The Beginnings ● Planning in early 2010 ● Summer of 2010 initial implementation ● Student project ● Used code from example42 ● Single git repo (#1) for everything ● Gentoo Puppet issues ○ No concept of use flags, keywords, etc ○ Package dependencies are hell Lessons Learned in the OSUOSL Puppet Migration Lance Albertson | lance@osuosl.org | @ramereth
  • 11. Git repo all the things! - 2010 ● Fall 2010 - Git repo #2 created ● Split into repos based on projects ○ Try to solve the delegation problem ○ Manifests were done in an ugly way ○ Didn't use submodules but a simple script to keep things in sync - i.e. non-standard ● Repo is in production still today ○ Drupal Project has their own module repo ○ They use it to manage their services primarily ○ We run CFengine along-side puppet on Drupal Project machines - YUCK! Lessons Learned in the OSUOSL Puppet Migration Lance Albertson | lance@osuosl.org | @ramereth
  • 12. Git repo all the things! - 2011 ● Summer 2011 Repo #3 created ● 2-3 students started it again ● Partnered with PSU CAT team ● Repo for every module, and submodule everything ● Nightmare management of the super-repo ● Very confusing to new students ● Deployed it on all the student workstations to test ○ Now its instance #2 that was running in production at the time Lessons Learned in the OSUOSL Puppet Migration Lance Albertson | lance@osuosl.org | @ramereth
  • 13. Git repo all the things! - 2011 ● Summer 2011 ● Added basic puppet syntax checking commit hook ● Implemented puppet-sync ○ https://github.com/pdxcat/puppet-sync ○ A script to synchronize you manifests from a GIT repository to your Puppet master. ● This helped but the submodules produced so much rage face Lessons Learned in the OSUOSL Puppet Migration Lance Albertson | lance@osuosl.org | @ramereth
  • 14. Git repo all the things! - 2012 ● Summer 2012 ○ I take a crack at fixing the repo mess ● Repo #4 is created with a slightly saner approach ● Still using submodules, but much less ● Refactored a bunch of code ● Did take a look at mr for repo management ● Never went into production, kind of forgotten Lessons Learned in the OSUOSL Puppet Migration Lance Albertson | lance@osuosl.org | @ramereth
  • 15. “puppet-simple” repo - 2012 ● Fall 2012 - "Lets get this right for real" ● Very simplified multi-repo layout (K.I.S.S.) ● Single repo ● Directory layout: ○ dist/ - internal modules ○ libs/modules - public or internal->public modules ○ site/ - site specific modules ■ site/os - OS specific module ■ site/role - Role specific module ● Submodules for libs/* Lessons Learned in the OSUOSL Puppet Migration Lance Albertson | lance@osuosl.org | @ramereth
  • 16. Repo Recap ● #1 Single git repo - deprecated ● #2 Multi-repos w/o submodules - prod (Drupal) ● #3 Multi-repos w/ submodules - deprecated ● #4 Multi-repos w/ submodules (Lance refactor) ○ never used ● #5 puppet-simple - prod (workstations) Lessons Learned in the OSUOSL Puppet Migration Lance Albertson | lance@osuosl.org | @ramereth
  • 17. Lessons learned from the repos ● K.I.S.S. from the start ● Submodules produces a lot of rage face ● Pick something and stick with it the best you can ● Flexibility is nice, but don't need it in the beginning ● Try to use community modules when possible Lessons Learned in the OSUOSL Puppet Migration Lance Albertson | lance@osuosl.org | @ramereth
  • 18. Chef Experiment - 2013 ● Wait, I thought this was a Puppet migration talk? ● Decided to take another look at Chef ● Testing on a small set of new machine environments ● Has its own set of issues and problems ○ Fixed some initial workflow problems we had with puppet ● Jury is still out ● “Yay” for three config management envs! </sarcasm> Lessons Learned in the OSUOSL Puppet Migration Lance Albertson | lance@osuosl.org | @ramereth
  • 19. Current status of migration ● Workstations on new "simple" repo ● Building base modules (80% finished) ○ Importing some from the other repos, refactoring, cleaning up ○ Using community modules (mysql, concat, etc) ● Importing OSL site specific magic ○ Converting CFengine-isms into Puppet ○ Try and undo really hacked up code and processes ● Testing and more testing Lessons Learned in the OSUOSL Puppet Migration Lance Albertson | lance@osuosl.org | @ramereth
  • 20. Testing Environment ● Vagrant and more vagrant ○ Build standard cfengine-ized basebox ○ Run new modules to see changes ● Future Plans ○ RSpec testing on modules ○ Jenkins CI environment of some kind ● Projects' access ○ Give them an environment to test major changes ● Needs a lot of work Lessons Learned in the OSUOSL Puppet Migration Lance Albertson | lance@osuosl.org | @ramereth
  • 21. Current Migration Strategy ● Finish base puppet modules ○ Build other modules as needed ● Deploy application service management ○ Services not currently managed by CFengine ○ Will run in parallel with CFengine ● Convert all current CentOS 5/6 hosts one-by-one ● Gentoo -> CentOS Migration ○ Rebuilt as CentOS 6 under puppet ○ Retired, re-architected, etc Lessons Learned in the OSUOSL Puppet Migration Lance Albertson | lance@osuosl.org | @ramereth
  • 22. Future Plans ● Publish OSL modules ● Delegation to projects ○ Allow projects to check out their puppet config ○ Integrated testing, merging, etc ○ Less work on our staff long term ● Use other tools ○ Deploy Foreman (or something similar like PE) ○ Try out Puppet Enterprise ○ Look into PuppetDB, MCollective, Hiera, etc Lessons Learned in the OSUOSL Puppet Migration Lance Albertson | lance@osuosl.org | @ramereth
  • 23. Conclusion Takeaways ● Dedicate someone on the conversion ○ Maintain consistency, less context switching ● Use K.I.S.S. principle as much as possible ● Target specific hosts as examples for conversion ○ Do test deploys with vagrant ● Use "brick and mortar" philosophy ○ Try and keep site specific code out of the modules the best you can Lessons Learned in the OSUOSL Puppet Migration Lance Albertson | lance@osuosl.org | @ramereth
  • 24. Questions? Lance Albertson lance@osuosl.org @ramereth http://osuosl.org http://lancealbertson.com Follow OSUOSL @osuosl | fb.com/OSUOSL G+ "Open Source Lab" This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License. Copyright 2013