Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Do you know all of Puppet?

253 views

Published on

Talk given at DevOps Meetup Budapest prior to CraftConf 2017 about some Puppet Tip and Tricks that are old but mostly unknown.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Do you know all of Puppet?

  1. 1. Do you know all of Puppet? Julien Pivotto (@roidelapluie) Budapest DevOps Meetup April 23, 2017
  2. 2. $::user Julien Pivotto @roidelapluie on irc/github/twitter Puppet user since 2011 (Puppet 0.24) VoxPupuli member (& security officer)
  3. 3. inuits
  4. 4. Scope (Ab)using Puppet The Puppet community Puppet DSL tips and tricks
  5. 5. Why? Puppet present in lots of places There are lots of new exciting features But the puppet DSL has a strong trunk Many don't use all of its capacities
  6. 6. Using Puppet Creative Commons Attribution 2.0 https://www.flickr.com/photos/jimmcd/4859841581
  7. 7. Custom facts FACTER_bootstrap=true puppet agent ­­test Useful for 1-time facts, or overwriting existing facts (e.g ipaddress) without code.
  8. 8. Custom facts (scripts) ./mycustomscript datacenter=mydc
  9. 9. Custom facts (ruby) # Interrupt Remapping # http://www.novell.com/support/kb/doc.php?id=7014344 # https://access.redhat.com/site/solutions/110053 # https://access.redhat.com/site/solutions/722593 Facter.add("is_interrupt_remapping_broken") do   confine :kernel => "Linux"   setcode do     output = Facter::Util::Resolution.exec(     '/sbin/lspci ­nn | grep ­E     '8086:(340[36].*rev 13|3405.*rev     (12|13|22))'')     if output.nil? or output.empty?       result = false     else       result = true     end     result   end end
  10. 10. The Puppet resource face $ puppet resource file /home/u/.vimrc file { '/home/u/.vimrc':   ensure  => 'file',   content => '{md5}d414e9800998ecf8427e',   ctime   => '2017­04­25 11:01:05 +0100',   group   => '1000',   mode    => '0644',   mtime   => '2017­04­25 15:02:03 +0100',   owner   => '1000',   type    => 'file', } $ puppet resource file .hushlogin mode=0755
  11. 11. Pluginsync Im modules: lib/puppet/reports/prometheus.rb lib/augeas/lenses/tmpfiles.aug Share reports processors Share augeas lenses Share facts
  12. 12. Puppet as a CA Each Puppet agent has a certificate It is used and maintained It is easy to sign/generate e.g.: The foreman
  13. 13. Tooling for your laptop puppet parser validate Built into puppet find . -name "*.pp" -exec puppet parser validate + ";"
  14. 14. Style and Best practices Puppet-lint 2 Plugins: parameter_documentation roles_and_profiles package_ensure unquoted_string legacy_facts many more...
  15. 15. The community Creative Commons Attribution 2.0 https://www.flickr.com/photos/mrmystery/15868773733/
  16. 16. Puppet Modules Modules are awesome They have clear API's Easy to make code ready for everyone Sharing is part of lots of Puppet users mindset
  17. 17. The modules ecosystem Puppet Forge Github
  18. 18. Puppet is aging Lots of old, unmaintained modules Modules not Puppet 4 compatibles Modules untested Modules without maintainers
  19. 19. The world evolves fast Ruby versions, gems, change fast Keeping an up to date public CI (with travis) is hard But you don't need to change everymodules everyday ..
  20. 20. Vox Pupuli Creative Commons Attribution-ShareAlike 4.0 https://github.com/voxpupuli/logos
  21. 21. What is Vox Pupuli? Vox Pupuli is a community We are sysadmins/developers/... puppet users We share values Started in 2014
  22. 22. What do we do We share Puppet modules We maintain them, improve them We provide a nice home for Puppet modules
  23. 23. How We automate We are experts (we use those modules) We are an important group (98 people) We enforce our Code of Conduct
  24. 24. Join us (with or without code) Open Pull requests (we have 118 repos) Share your modules
  25. 25. Get in touch #voxpupuli on IRC voxpupuli http://github.com/voxpupuli voxpupuli@groups.io
  26. 26. The Puppet DSL Creative Commons Attribution 2.0 https://www.flickr.com/photos/mujitra/4421810399
  27. 27. The Puppet DSL Awareness of its potential Write less code Avoid bad patterns
  28. 28. The File resource file { '/etc/motd'   ensure  => file,   content => 'foobarbarfoofoobar', }
  29. 29. content => file() file { '/etc/motd':   ensure  => file,   content => file("${module_name}/motd"), } For small, text files (file content is in the catalog) Since Puppet 3.7.0
  30. 30. validate_cmd file { '/etc/corosync/corosync.conf':   ensure       => file,   validate_cmd => '/usr/sbin/corosync ­t %', } Verify the file before replacing it Since Puppet 3.5.0 Alternative in stdlib for older versions
  31. 31. show_diff file { '/etc/app/secrets':   content   => 'my secret content',   show_diff => false, } Since Puppet 3.2.1
  32. 32. replace file { '/etc/installtime':   content => template('date.erb'),   replace => no, } Since Puppet 0.19.0
  33. 33. backup file { '/etc/hosts':   content => template('hosts.erb'),   backup  => '.bak', } Since a very long time...
  34. 34. source file {   '/etc/issue.net':     source => '/etc/motd' } Since a very long time...
  35. 35. autorequires Don't do: file {   '/tmp': } file {   '/tmp/foo':     require => File['/tmp'], } because files auto-require their parents (and owners, groups...) Since Puppet 0.10.2
  36. 36. other autorequires Exec, Cron require their users Mount require its parents Exec requires its File[cwd]
  37. 37. other autodependencies resources types can implement autonotify and autosubscribe (this is used in puppet-corosync) Since Puppet 4.0.0
  38. 38. noop package {   'ntpd':     ensure => latest,     noop   => true, } noop is not only a global setting - it is also a metaparameter that can be applied to any resource Present since a very long time...
  39. 39. purging resources resources {   'cron':     purge => true,     noop  => true, } Present since Puppet 0.22.0 Present since 3.5.0 (for cron resources)
  40. 40. exec tries exec {   '/bin/wget 127.0.0.1':     tries     => 10,     try_sleep => 1, } Present since Puppet 2.6.0
  41. 41. arrays file {   '/usr/bin/sometimesexecutable':     mode => ['0755', '0644'], } Will accept both modes, and set 0755 if not matching. Can be used with most of the properties. Since Puppet 0.23.1
  42. 42. Requirements define foo::bar {   Package['foo'] ­> Foo::Bar[$name] } Is the same as: foo::bar {'barfoo':   require => Package['foo'], }
  43. 43. Aliases Instead of: file { "/tmp/foo/bar/bar.foo/foobar":   ensure => file, } service { 'barfoo':   require => File['/tmp/foo/bar/bar.foo/foobar'], }
  44. 44. Aliases Use: file {"/tmp/foo/bar/bar.foo/foobar":   ensure => file,   alias  => 'foobar', } service {'barfoo':   require => File['foobar'], } Since a very long time...
  45. 45. Loglevel exec {   '/bin/mybrokenexec':     loglevel => debug, } Since Puppet 0.23.1
  46. 46. Conclusion Creative Commons Attribution 2.0 https://www.flickr.com/photos/wwworks/6320539775/
  47. 47. Puppet Puppet is in the sysadmins basic tools now Tooling around it is great Very active and mature community Powerful DSL ; can handle many scenarios
  48. 48. Julien Pivotto roidelapluie roidelapluie@inuits.eu Inuits https://inuits.eu info@inuits.eu Contact

×