Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Linux Desktop Automation

676 views

Published on

How a micro team managed 800 desktops with Puppet and RabbitMQ

Published in: Technology
  • Be the first to comment

Linux Desktop Automation

  1. 1. Linux Desktop Automation
  2. 2. Rui Lapa Senior Linux System Administrator Me Outsourcer Freelancer
  3. 3. Linux NewbiesJunior SysAdmin2010-04 2013-07 2014-09 Team Micro Team Almost 6 years Senior SysAdmin 2014-122009-02
  4. 4. Central Farm Solutions 3 Different LAN and Internet Laptops Local Stations 800x
  5. 5. 17x 2x IBM HS2120x Servers Production/Tests and Support Real and Virtual Web DB DNS Cloning Local Mirror Radius VPN Wi-Fi Print Monitoring Deployment Automation LB Desktops ...
  6. 6. Work Station Users View Desktop Applications
  7. 7. Work Station Help Desk View Shared 5x Service Desk 5x Field Support Applications Settings Manager
  8. 8. Work Station Virtual View System Administrator Operating System? Applications Settings Operating System
  9. 9. Work Station Real View System Administrator Total management Applications Settings Operating System Updates Global Changes Inventory Validation User Profile Security Remote Access Network Profile Operation Automation Monitoring 3ª Line Help Desk Administration Solution Architect Engineering Project Management <
  10. 10. Total Management Zero Cost Open Source Clone Lapa? Applications Settings Operating System Updates Global Changes Inventory Validation User Profile Security Remote Access Network Profile Operation Automation Monitoring 3ª Line Help Desk Administration Solution Architect Engineering Project Management
  11. 11. DevOps Development Operation DEV OPS
  12. 12. Puppet Why? Help! Settings Operating System - Unix/Windows - Equipment Access Control (Certificates) - Team Access Control (Role Based Access Control) - Puppet Forge - Easy Learning - Rules are interpreted in Runtime based on programmable Facts
  13. 13. Puppet Forge Apt Puppet Labs Settings Operating System > puppet module install puppetlabs-apt </etc/puppet>/modules/trusty/manifests/apt.pp class trusty::apt { class { '::apt': always_apt_update => false, disable_keys => undef, purge_sources_list => true, purge_sources_list_d => false, purge_preferences_d => false } apt::key { 'puppetlabs': key => '4BD6EC30', key_server => 'keyserver.ubuntu.com', } apt::source { 'puppetlabs-trusty': location => 'http://mirror/puppetlabs', release => 'trusty', repos => 'main dependencies', key => '4BD6EC30', key_server => 'keyserver.ubuntu.com', include_src => false, } }
  14. 14. Puppet Example 1 Ubuntu Trusty Settings Operating System class trusty::postfix { package { 'postfix': ensure => latest } file { '/etc/mailname': notify => Service['postfix'], content => "$::fqdnn", require => Package['postfix'], } file { '/etc/postfix/main.cf': ensure => present, mode => '0644', owner => root, group => root, content => template('trusty/postfix/main.cf'), notify => Service['postfix'], require => Package['postfix'], } service { 'postfix': ensure => running, enable => true, require => Package['postfix'], provider => init, subscribe => [ Package['postfix'], File['/etc/postfix/main.cf'], File['/etc/aliases'] ] } }
  15. 15. Puppet Example 2 Common Settings Operating System define model_ppd( $ppd ) { file { "/etc/cups/provision/ppd/${title}.ppd": ensure => present, mode => '0644', owner => lp, group => lp, source => "puppet:///modules/common/cups/ppd/$ {ppd}", require => File['/etc/cups/provision/ppd/'] } } class common::cups_update_ppd { file { '/etc/cups/provision/': ensure => directory, mode => '0755', owner => lp, group => lp, } file { '/etc/cups/provision/ppd/': ensure => directory, mode => '0755', owner => lp, group => lp, require => File['/etc/cups/provision/'] } model_ppd { 'bizhub36': ppd => 'bizhub36.ppd', } }
  16. 16. Puppet File System GIT Devs DEV Settings Operating System
  17. 17. Puppet puppet_node_classifier History Puppet – Dashboard – History common::users common::java trusty::firefox radius::freeradius ... OPS Settings Operating System
  18. 18. Puppet Classification DB Portal / Provision Server – Model/Function/Image Vivo PC - Trusty - 20140808 Vivo PC - Trusty - 20141208 Asus P52F - 20140710 PuppetMaster - 20140809 Radius - 20131001 ... Puppet – Models NN N + N + Filtro Nome (“serverp.*, serverd{2}", "serverp*, !serverp01", ".*, !serverp01”) Puppet – Class common::users common::java trusty::firefox radius::freeradius ... DEV OPS Settings Operating System
  19. 19. DevOps Actions More Help? DEV OPS
  20. 20. DevOps Development Operation Applications Settings - Cluster e HA - Web UI - Authentication and Authorization - Message with TTL - Multiple Client Programming Languages - AMQP, STOMP, MQTT, HTTP ...
  21. 21. RabbitMQ Comparison Other MQs Applications Settings RabbitMQ is one of the leading implementation of the AMQP protocol (along with Apache Qpid). Therefore, it implements a broker architecture, meaning that messages are queued on a central node before being sent to clients. This approach makes RabbitMQ very easy to use and deploy, because advanced scenarios like routing, load balancing or persistent message queuing are supported in just a few lines of code. However, it also makes it less scalable and “slower” because the central node adds latency and message envelopes are quite big. ZeroMQ is a very lightweight messaging system specially designed for high throughput/low latency scenarios like the one you can find in the financial world. Zmq supports many advanced messaging scenarios but contrary to RabbitMQ, you’ll have to implement most of them yourself by combining various pieces of the framework (e.g : sockets and devices). Zmq is very flexible but you’ll have to study the 80 pages or so of the guide (which I recommend reading for anybody writing distributed system, even if you don’t use Zmq) before being able to do anything more complicated that sending messages between 2 peers. ActiveMQ is in the middle ground. Like Zmq, it can be deployed with both broker and P2P topologies. Like RabbitMQ, it’s easier to implement advanced scenarios but usually at the cost of raw performance. It’s the Swiss army knife of messaging :-). Finally, all 3 products: • Have client APIs for the most common languages (C++, Java, .Net, Python, Php, Ruby, …) • Have strong documentation • Are actively supported (Source: http://stackoverflow.com/questions/731233/activemq-or-rabbitmq-or-zeromq-or)
  22. 22. RabbitMQ Automations INPUT Portal / Provision Applications Settings Actions Inventory DNS Update Help Desk
  23. 23. RabbitMQ Automations OUTPUT Portal / Provision Applications Settings Actions Passwords Expire Notification User Profile - Drives - Printers - Applications Messages Update local NSS OPS
  24. 24. RabbitMQ Retries and status MySQL Table Portal / Provision MQ - Tasks Task Target Correlation ID Body Reply Status Retries Expire Author Applications Settings DEV
  25. 25. DevOps Help Desk More Help? DEV OPS Help Desk
  26. 26. RabbitMQ Automations OUTPUT Portal / Provision Applications Settings Actions Profile Recreation Application Kill Backup e Restore Help Desk
  27. 27. DevOps Development Operation Applications Settings Operating System
  28. 28. Portal / Provision Applications Settings Operating System Knowledge Centralized and Shared History and Inventory
  29. 29. Help Desk Cloning Updates Help Desk
  30. 30. PXE Cloning Rsync + Automation + Inventory Linux e Windows (Mac + Image + Prefix) → Nome Linux/Windows Images ISOs OPS Help Desk
  31. 31. Custom Packages Official Mirrors Images Mirror Servers Updates Mirror Images DEV OPS
  32. 32. Puppet Code Review GIT Admins DEV Settings Operating System Code Review
  33. 33. Automations Old Not fully updated/migrated
  34. 34. Active Directory Logon Scripts Name Email Company Department Account Expiration Date Password Expiration Date Logon Scripts Printers Drives Rede Quota Configured Quota Usada Provision NFS Data Origin AD + Logons NFS
  35. 35. Active Directory NIS UID GID Shell Home Provision Data Destination MySQL + SFU Unix Attributes
  36. 36. Printing - Provision - Printers BD → GIT → Puppet Manual Admins Portal / Provision Printer Brand Model Location IP Mac PPD File Default Settings
  37. 37. Radius Radius Wi-Fi WPA2-PEAP e TLS Portal / Provision Mac Address Authorization User / Hostname Email Email Sent Email When Mac Mac Manufacturer VLAN Authorization Author AD
  38. 38. “Insanity: doing the same thing over and over again and expecting different results ”
  39. 39. Name Rui Lapa Email rui.lapa@ruilapa.net Thank you

×