Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Puppet & Small 
Infrastructures 
Rachel Andrew 
@rachelandrew
edgeofmyseat.com
grabaperch.com
Why would a small business use 
Puppet?
• My background 
• Learning Puppet and initial challenges 
• Our current use of Puppet 
• Why Puppet for small businesses ...
This is my job. 
• writer 
• tech support person 
• bookkeeper 
• HR 
• filler in of baffling 
forms from the 
government ...
Back in my day …
Pre-Puppet 
• Infrastructure consisted of a bunch of VPS 
boxes hosted at Memset 
• Configured at different times 
• Some ...
Initial setup would be documented 
but configuration would drift over 
time as we updated, installed and 
fixed things.
“If it ain’t broke, don’t fix it”
Getting Started with Puppet
Puppet or Chef?
https://docs.puppetlabs.com/learning/
https://puppetlabs.com/learn
“By starting small and getting good at 
automating one discrete task, you can 
establish a foundation for bigger 
automati...
Ideas for small tasks 
• cron jobs 
• users 
• ssh keys 
• vhosts 
• specific config files - 
for example a 
common php.in...
Installing 
packages 
package { "sudo": 
ensure => "installed" 
}
Using Puppet to 
create cron jobs. 
cron {‘my_cron_job’: 
command => "php /home/sites/mysite/public_html/ 
perch/core/sche...
Adding standard 
files. 
file {'/etc/php5/apache2/php.ini': 
ensure => file, 
source => 'puppet:///modules/hosting/php.ini...
Don’t wait until you have time to 
rebuild everything. Who ever has 
time to rebuild everything?
Not Invented Here.
Is there an existing, well supported 
module that does this job?
https://forge.puppetlabs.com/supported
Managing Third Party Modules
Dependencies will bite you.
“Puppet describes the end-state of the 
machine, and NOT the order that it’s 
(Puppet) going to take you to that 
state” 
...
Where we are now.
• A Puppet Master, PuppetDB is on the same 
box 
• Three webservers 
• The “demo server”, also a webserver but of 
interes...
Webservers 
• Puppetlabs Apache, MySQL 
• modules/hosting = a module I’ve written than 
wraps up standard things used on w...
Discovering Hiera made Puppet 
make sense to me.
A common.yaml 
file holds 
information 
common to all 
servers. For 
example user 
accounts. 
--- 
users: 
rachel: 
commen...
Information 
specific to one 
server is held in 
node specific 
YAML files. 
eg: vhosts and 
MySQL 
databases. 
--- 
apach...
The hiera.yaml 
file. 
--- 
:backends: 
- yaml 
:logger: console 
:yaml: 
:datadir: /etc/puppet/hiera 
:hierarchy: 
- "%{:...
hiera_hash gives 
an array of users, 
hosts and 
databases from 
the node specific 
YAML. 
I can use that in 
create_resou...
“When you come up with a solution 
using create_resources(), I challenge 
you to draw up another solution using 
Puppet co...
Hiera and the demo server.
Standard CMS demos allow 
everyone access to one install 
which is “refreshed” periodically.
We wanted to give everyone a clean 
demo all of their own.
Hiera can have 
multiple 
backends 
defined. 
Hiera can use 
json as well as 
YAML. 
--- 
:backends: 
- yaml 
- json 
:log...
deploy.pp 
• create a home directory 
• grab the site files tarball and untar into the home directory 
• get the relevant ...
• json Hiera backend is the source of truth for 
Puppet as to what sites should be running 
• could deploy to multiple ser...
Start small with Puppet, but be 
aware of non-obvious problems 
that Puppet can help solve.
I use Vagrant and Puppet to test 
and build the site packages locally.
Why should small business and 
small infrastructures consider 
Puppet?
Disaster Recovery
Small companies 
• often don’t need hugely redundant 
infrastructures 
• having sites offline for a few hours not critical...
Before Puppet 
• Rebuilding our infrastructure would have 
involved us “trying to remember” what went 
where. 
• Just gett...
With Puppet 
• Configuration for each server is held in code, 
and in an external git repo 
• Checkout the modules onto a ...
A good test - can you restore any 
of your servers into a local VM?
How do we do that thing again?
Puppet allows us to document 
processes by way of manifests.
The git commit history gives me 
additional information as to why 
something is configured that way.
Please look after this server.
Get an expert up to speed quickly
Ensure knowledge isn’t lost when 
someone leaves the company
Small businesses are often far 
more exposed than large ones to 
losing knowledge when a key 
person leaves.
Easier audits and compliance
“It is generally acceptable to show the 
Puppet modules to the auditor to 
demonstrate what settings are 
applied to the P...
Speed of setting up new servers
Puppet means I don’t need to spend 
time and energy remembering how 
to do things on our servers.
Moving hosting or to new servers 
within a hosting company
Getting “stuck” on terrible hosting 
is a real issue for small businesses
Being Puppetized makes moving 
the entire infrastructure seem far 
less scary.
Modules from the Forge
Modules show best practice ways 
of achieving tasks.
The Puppet Community
“We like nice people way better than 
mean ones!” 
https://docs.puppetlabs.com/community/community_guidelines.html
Thank you 
http://rachelandrew.co.uk/presentations/puppet 
@rachelandrew
Using Puppet in Small Infrastructures
Using Puppet in Small Infrastructures
Upcoming SlideShare
Loading in …5
×

Using Puppet in Small Infrastructures

1,862 views

Published on

I presented these slides at Puppet Camp in London on November 17th and then at our local DevOps meetup in Bristol on November 19th 2014.

Published in: Technology
  • Be the first to comment

Using Puppet in Small Infrastructures

  1. 1. Puppet & Small Infrastructures Rachel Andrew @rachelandrew
  2. 2. edgeofmyseat.com
  3. 3. grabaperch.com
  4. 4. Why would a small business use Puppet?
  5. 5. • My background • Learning Puppet and initial challenges • Our current use of Puppet • Why Puppet for small businesses with a handful of servers?
  6. 6. This is my job. • writer • tech support person • bookkeeper • HR • filler in of baffling forms from the government • PHP developer • front-end web developer • marketer • sales person • public speaker • … ops person.
  7. 7. Back in my day …
  8. 8. Pre-Puppet • Infrastructure consisted of a bunch of VPS boxes hosted at Memset • Configured at different times • Some set up by me, some by Drew • Neither of us understood the setups done by the other • No real handle on what was installed where
  9. 9. Initial setup would be documented but configuration would drift over time as we updated, installed and fixed things.
  10. 10. “If it ain’t broke, don’t fix it”
  11. 11. Getting Started with Puppet
  12. 12. Puppet or Chef?
  13. 13. https://docs.puppetlabs.com/learning/
  14. 14. https://puppetlabs.com/learn
  15. 15. “By starting small and getting good at automating one discrete task, you can establish a foundation for bigger automation projects.” http://puppetlabs.com/blog/get-more-agile-learn-how-to-automate-one-small- thing-with-puppet-enterprise
  16. 16. Ideas for small tasks • cron jobs • users • ssh keys • vhosts • specific config files - for example a common php.ini • packages or settings you configure on all servers as standard
  17. 17. Installing packages package { "sudo": ensure => "installed" }
  18. 18. Using Puppet to create cron jobs. cron {‘my_cron_job’: command => "php /home/sites/mysite/public_html/ perch/core/scheduled/run.php secret", user => root, minute => [1,31], }
  19. 19. Adding standard files. file {'/etc/php5/apache2/php.ini': ensure => file, source => 'puppet:///modules/hosting/php.ini', notify => Service["apache2"], }
  20. 20. Don’t wait until you have time to rebuild everything. Who ever has time to rebuild everything?
  21. 21. Not Invented Here.
  22. 22. Is there an existing, well supported module that does this job?
  23. 23. https://forge.puppetlabs.com/supported
  24. 24. Managing Third Party Modules
  25. 25. Dependencies will bite you.
  26. 26. “Puppet describes the end-state of the machine, and NOT the order that it’s (Puppet) going to take you to that state” http://garylarizza.com/blog/2014/10/19/on-dependencies-and-order/
  27. 27. Where we are now.
  28. 28. • A Puppet Master, PuppetDB is on the same box • Three webservers • The “demo server”, also a webserver but of interesting configuration • PuppetBoard and Scout to see what is happening in Puppet and for monitoring
  29. 29. Webservers • Puppetlabs Apache, MySQL • modules/hosting = a module I’ve written than wraps up standard things used on webservers • make use of hiera for site, database and user values
  30. 30. Discovering Hiera made Puppet make sense to me.
  31. 31. A common.yaml file holds information common to all servers. For example user accounts. --- users: rachel: comment: "Rachel Andrew" shell: "/bin/bash" home: "/home/rachel" managehome: "true" groups: ['admin','www-admin'] drew: comment: "Drew McLellan" shell: "/bin/bash" home: "/home/drew" managehome: "true" groups: ['admin','www-admin'] ssh_keys: rachel_ssh: user: "rachel" type: "rsa" key: "AAAABB[...]" drew_ssh: user: "drew" type: "rsa" key: "AAAABB[...]"
  32. 32. Information specific to one server is held in node specific YAML files. eg: vhosts and MySQL databases. --- apache_vhosts: example.co.uk: port: '8080' docroot: '/home/sites/example/public_html' docroot_group: 'www-admin' servername: 'example.co.uk' serveraliases: ['example.com'] test.co.uk: port: '8080' docroot: '/home/sites/test/public_html' docroot_group: 'www-admin' servername: 'test.co.uk' serveraliases: ['test.com'] mysql_db: db_a: user: 'user_a' password: 'xxxxx' grant: ['all'] db_b: user: 'user_b' password: 'xxxxx' grant: ['all']
  33. 33. The hiera.yaml file. --- :backends: - yaml :logger: console :yaml: :datadir: /etc/puppet/hiera :hierarchy: - "%{::fqdn}" - common
  34. 34. hiera_hash gives an array of users, hosts and databases from the node specific YAML. I can use that in create_resources within manifests. $sites = hiera_hash('apache_vhosts') create_resources('apache::vhost',$sites) $db = hiera_hash('mysql_db') create_resources('mysql::db',$db)
  35. 35. “When you come up with a solution using create_resources(), I challenge you to draw up another solution using Puppet code in a Puppet manifest” http://garylarizza.com/blog/2014/10/24/puppet-workflows-4-using-hiera-in-anger/
  36. 36. Hiera and the demo server.
  37. 37. Standard CMS demos allow everyone access to one install which is “refreshed” periodically.
  38. 38. We wanted to give everyone a clean demo all of their own.
  39. 39. Hiera can have multiple backends defined. Hiera can use json as well as YAML. --- :backends: - yaml - json :logger: console :yaml: :datadir: /etc/puppet/hiera :json: :datadir: /etc/puppet/hiera :hierarchy: - '%{fqdn}' - common
  40. 40. deploy.pp • create a home directory • grab the site files tarball and untar into the home directory • get the relevant SQL dump • grab the config file and replace out db details • create a database using the import file • create a vhost • execute a script to notify Air Traffic Control the site is ready
  41. 41. • json Hiera backend is the source of truth for Puppet as to what sites should be running • could deploy to multiple servers by writing multiple json files one for each node • can deploy different versions of Perch - for example to allow someone to try out a beta • currently deploying and tearing down 50 or 60 sites per day. It just works.
  42. 42. Start small with Puppet, but be aware of non-obvious problems that Puppet can help solve.
  43. 43. I use Vagrant and Puppet to test and build the site packages locally.
  44. 44. Why should small business and small infrastructures consider Puppet?
  45. 45. Disaster Recovery
  46. 46. Small companies • often don’t need hugely redundant infrastructures • having sites offline for a few hours not critical • … as long as everything can be restored.
  47. 47. Before Puppet • Rebuilding our infrastructure would have involved us “trying to remember” what went where. • Just getting servers reinstalled would have taken a long time. • Then we would have had to reconfigure every site, every SSH key, one at a time.
  48. 48. With Puppet • Configuration for each server is held in code, and in an external git repo • Checkout the modules onto a new Puppet Master • Spin up new servers and run Puppet which would create all resources - sites, keys etc. • We could then import any data such as MySQL backups
  49. 49. A good test - can you restore any of your servers into a local VM?
  50. 50. How do we do that thing again?
  51. 51. Puppet allows us to document processes by way of manifests.
  52. 52. The git commit history gives me additional information as to why something is configured that way.
  53. 53. Please look after this server.
  54. 54. Get an expert up to speed quickly
  55. 55. Ensure knowledge isn’t lost when someone leaves the company
  56. 56. Small businesses are often far more exposed than large ones to losing knowledge when a key person leaves.
  57. 57. Easier audits and compliance
  58. 58. “It is generally acceptable to show the Puppet modules to the auditor to demonstrate what settings are applied to the PCI servers.” http://blog.bluemalkin.net/pci-compliance-tips-for-sys-admins/
  59. 59. Speed of setting up new servers
  60. 60. Puppet means I don’t need to spend time and energy remembering how to do things on our servers.
  61. 61. Moving hosting or to new servers within a hosting company
  62. 62. Getting “stuck” on terrible hosting is a real issue for small businesses
  63. 63. Being Puppetized makes moving the entire infrastructure seem far less scary.
  64. 64. Modules from the Forge
  65. 65. Modules show best practice ways of achieving tasks.
  66. 66. The Puppet Community
  67. 67. “We like nice people way better than mean ones!” https://docs.puppetlabs.com/community/community_guidelines.html
  68. 68. Thank you http://rachelandrew.co.uk/presentations/puppet @rachelandrew

×