DECK36, profile picture
Uploaded byDECK36
1,664 views

Our Puppet Story – Patterns and Learnings (sage@guug, March 2014)

The document discusses the use of Puppet and Vagrant for creating stable, reproducible environments for software development. It covers various aspects including configuration management, VM provisioning, and automation practices, drawing on the author's experience as a system automation engineer. Key tools, configurations, and best practices in using Puppet and Vagrant for efficient operations and testing are detailed throughout the text.

Embed presentation

Downloaded 16 times
Our Puppet Story – Patterns and Learnings Martin Schütte March 27 2014
1. Intro 2. Vagrant 3. Puppet Intro Dashboard & PE Facter & Hiera git Problems Misc
1. Intro 2. Vagrant 3. Puppet Intro Dashboard & PE Facter & Hiera git Problems Misc
About DECK36 • Small team of 7 engineers • Longstanding expertise in designing, implementing and operating complex web systems • Developing own data intelligence-focused tools and web services • Offering our expert knowledge in Automation & Operation, Architecture & Engineering, Analytics & Data Logistics
About me • System Automation Engineer • Puppet Certified Professional 2013 • martin.schuette@deck36.de
The Problem
The Goal Stable and reproducible environment for a Software. … environment for new developer, … test config changes, … clean package build env, … preconfigured demo box. But also quickly deployable, and centrally managed with current software versions.
1. Intro 2. Vagrant 3. Puppet Intro Dashboard & PE Facter & Hiera git Problems Misc
Vagrant Configuration tool for VMs and Provisioning. “Local cloud” • Self service • Instant provisioning • Cost efficient • Elastic • Pay per use
Vagrant VM Providers: • VirtualBox: “default”, works offline, ressource hungry • Docker: lightweight, requires Linux, good for testing • AWS EC2: remote VMs, good for automation (Jenkins) Provisioning: • Shell script • Puppet, apply manifest or run agent • Chef, solo or client • Ansible playbooks • Salt states • Docker containers
VeeWee definition Veewee::Definition.declare({ :iso_file => "debian-wheezy-DI-b4-amd64-netinst.iso", :disk_size => '40560', :disk_format => 'VDI', :cpu_count => '2', :memory_size => '3192', :boot_wait => "10", :boot_cmd_sequence => [ '<Esc>', 'install ', 'preseed/url=http://%IP%:%PORT%/preseed.cfg ', 'debconf/frontend=noninteractive ', '<Enter>' ], :postinstall_files => [ "base.sh", "vagrant.sh", "customize-puppet.sh", ... ], ... })
Vagrantfile Vagrant.configure("2") do |config| config.vm.box = "graylog2" config.vm.box_url = "http://vagrantboxes.footballradar.com/wheezy64.box" config.vm.provider "virtualbox" do |v| v.memory = 1024 end config.vm.provision :puppet do |puppet| puppet.manifest_file = "graylog2.pp" puppet.module_path = "modules" end config.vm.network :forwarded_port, guest: 9000, host: 9000 config.vm.network :forwarded_port, guest: 80, host: 8080 config.vm.network :forwarded_port, guest: 12201, host: 12201, protocol: 'udp' config.vm.network :forwarded_port, guest: 12201, host: 12201, protocol: 'tcp' config.vm.network :forwarded_port, guest: 12900, host: 12900 end
Multi-VM Vagrantfile Vagrant.configure("2") do |config| # VM 1: appserver config.vm.define :app do |app| app.vm.hostname = "testbox.example.org" app.vm.network :forwarded_port, host: 8080, guest: 80 app.vm.synced_folder ".", "/home/vagrant/files" end # VM 2: DB server config.vm.define :db do |db| db.vm.hostname = "db.example.org" db.vm.provider :virtualbox do |vb| vb.customize ["modifyvm", :id, "--cpus", "2"] end end # Box & Provisioning config.vm.box = "precise64" config.vm.provision :shell, :path => "vagrant_install_puppet_keys.sh" config.vm.provision :puppet_server, :puppet_server => "puppetmaster.example.org" end
vagrant-aws Vagrant.configure("2") do |config| config.vm.box = "dummy" config.vm.provider :aws do |aws, override| aws.access_key_id = "YOUR KEY" aws.secret_access_key = "YOUR SECRET KEY" aws.keypair_name = "KEYPAIR NAME" region = "eu-west-1" aws.ami = "ami-20414854" aws.tags = { 'Role' => 'TestVM', 'Net' => 'Devnet' } end end
Synced Folders Shared folders, mounted from host into guest. Options: • VirtualBox • NFS • SMB • rsync
Synced Folders src: Mitchell Hashimoto, Comparing Filesystem Performance in Virtual Machines
1. Intro 2. Vagrant 3. Puppet Intro Dashboard & PE Facter & Hiera git Problems Misc
Puppet • Configuration Management • Declarative: Resources and Dependencies
Puppet Puppet Agent execution: 1. Create catalog: • read manifest • gather resources • ensure order 2. Apply for each resource: • query state • change to desired state
Syntax class vpn($version = 'present', $ca_crt, $usr_crt, $usr_key) { package { 'openvpn': ensure => $version; } file { "/etc/openvpn/client.key": ensure => file, mode => '0600', content => $usr_key; require => Package['openvpn'], notify => Service['openvpn']; "/etc/openvpn/client.conf": ensure => file, source => "puppet:///modules/vpn/client.conf", require => Package['openvpn'], notify => Service['openvpn']; } service { 'openvpn': ensure => running, require => Package['openvpn'], } }
Syntax class vpn($version = 'present', $ca_crt, $usr_crt, $usr_key) { package { 'openvpn': ensure => $version; } -> file { "/etc/openvpn/client.key": ensure => file, mode => '0600', content => $usr_key; "/etc/openvpn/client.conf": ensure => file, source => "puppet:///modules/vpn/client.conf"; } ~> service { 'openvpn': ensure => running, } }
Relationships Class[Vpn] Package[openvpn] File[/etc/openvpn/client.key] File[/etc/openvpn/client.conf] Service[openvpn]
Puppet Module Layout module_name • manifests Puppet code (classes/defines) - init.pp - subclass.pp • files static files • templates .erb templates • lib ruby plugins (custom types/facts) • tests usage examples for manifests • spec spec tests for libs
Puppet Dashboard
External Monitoring
stdlib facts.d • simple data input • e. g. ec2metadata, inventory lookup custom_facts.sh #! /bin/sh which ec2metadata >/dev/null 2>&1 || exit 1 echo "ec2_ami_id=$(ec2metadata --ami-id)" echo "ec2_instance_id=$(ec2metadata --instance-id)" echo "ec2_instance_type=$(ec2metadata --instance-type)" echo "ec2_public_ipv4=$(ec2metadata --public-ipv4)" echo "ec2_public_hostname=$(ec2metadata --public-hostname)"
Hiera • banish top scope variables • use Hiera! • structure with roles & profiles
node definitions vs. Hiera site.pp node "mydev.vagrantup.com" inherits basenode-vagrant { $vmEnv = "development" include sysadmin include ntp include vagrant include user::vagrant include mysqlserver include redisserver # ... }
node definitions vs. Hiera site.pp hiera_include('include_classes', ['sysadmin']) node default { } role_elasticsearch.yaml include_classes: - elasticsearch - elasticsearch::plugins - zabbix::helper::elasticsearch elasticsearch::clustername: "mycluster" elasticsearch::client: false elasticsearch::heapsize: "768m"
hiera.yaml :hierarchy: - node/%{fqdn} - vm/netenv_role_%{puppet_netenv}_%{puppet_role} - vm/role_%{puppet_role} - vm/netenv_%{puppet_netenv} - domain_%{domain} - common :backends: - yaml :logger: console :yaml: :datadir: "/etc/puppet/environments/%{environment}/"
Example lookup fqdn = dev.pod1.org domain = pod1.org puppet_role = dev puppet_netenv = vagrant ⇒ Lookup in: 1. node/dev.pod1.org.yaml 2. vm/netenv_role_vagrant_dev.yaml 3. vm/role_dev.yaml 4. vm/netenv_vagrant.yaml 5. domain_pod1.org.yaml 6. common.yaml
Hiera & Puppet 2.x compatibility class vpn($version = hiera('vpn::version', 'present'), $ca_crt = hiera('vpn::ca_crt'), $usr_crt = hiera('vpn::usr_crt'), $usr_key = hiera('vpn::usr_key')) { package { 'openvpn': ensure => $version; } # ... }
git workflow • use git! • use git hooks • use per-user environments for easy testing • repos for testing/production
git hook: Syntax Check Git pre-commit hook with puppet-lint to syntax check Puppet, ERB templates, YAML files (http://github.com/gini/puppet-git-hooks) Example Output: $ git commit -m 'test' modules/graylog2/templates/server.conf.erb -:5: syntax error, unexpected $undefined ...rd_sha2 = "; _erbout.concat(( @ root_pwd_sha2 ).to_s); _erbo... ... ^ ERB syntax error in modules/graylog2/templates/server.conf.erb
git hook: E-Mail Notification Git post-receive hook to notify team on push (http://git.kernel.org/cgit/git/git.git/tree/contrib/hooks/ post-receive-email?id=HEAD) Example E-Mail: - Log ---------------------------------------------- commit 5df04ee883b8de8a37bf0ac97eec068cd1f3a414 Author: N. N. <n.n@deck36.de> Date: Tue Jan 7 08:57:17 2014 +0000 fixed path to csync2 executable ---------------------------------------------------- Summary of changes: modules/user/files/etc/sudoers.d/support | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
environments • per user env + production ⇒ easy testing with puppet agent -t --environment=user • two servers for testing/production Config (in puppet < 3.5.0): puppet.conf [mschuette] modulepath = $confdir/environments/mschuette/modules manifest = $confdir/environments/mschuette/manifests/site.pp pluginsync = true
environments ..dev-master. prod-master. user1 .user2 . user3 . … . Dev/Test . Prod
Puppet Problems • some tasks require two agent runs • apt-get upgrade and package dependencies • beware of version mismatch between apt (or yum) and package • scoping and namespaces • exec is the new eval
Version ping-pong modules/php/init.pp class php($version = '5.3.10-1ubuntu3.10') { package { 'php5-common': ensure => $version, } } class php::curl($version) { require php package { 'php5-curl': ensure => $version, } } server.pp class { 'php::curl': version => '5.5.5+dfsg-1+debphp.org~precise+2', }
Namespace problems # this does not work, cf. #PUP-1073 package { 'memcached': ensure => present, provider => apt, } package { 'memcached': ensure => present, provider => gem, }
exec tricks You can do (and break) everything with exec. But of course you should not.
exec tricks # no pkg provider for npm exec { 'npm install -g less': creates => '/usr/lib/node_modules/npm/node_modules/less', } # hide change exec { 'zabbix_update.sh': command => 'false', onlyif => "/opt/zabbix_update.sh $api_url && false", logoutput => on_failure, }
MCollective “multissh deluxe” AMQP client/server framework to • orchestrate actions • control puppet agents • run commands • query resources • …
Hooks to other systems • include in provisioning process • provide normative data as facts • register or update DNS name → Route 53 • register or update host in Zabbix monitoring → API
Versions • Puppet 2.7: legacy • Puppet 3.0: major upgrade, with Hiera support • Puppet 3.x: current development, future parser
Questions? class presentation { package { 'questions': ensure => 'answered', } } Links: • Vagrant • Puppet Language: Visual Index • Puppet Type Reference • Puppet Ask
Thank You

More Related Content

PDF
PuppetDB: Sneaking Clojure into Operations
bygrim_radical
 
PDF
Practicing Continuous Deployment
byzeeg
 
KEY
Making Your Capistrano Recipe Book
byTim Riley
 
PDF
Ansible 實戰:top down 觀點
byWilliam Yeh
 
PDF
Percona Toolkit for Effective MySQL Administration
byMydbops
 
PDF
Apache ZooKeeper
byScott Leberknight
 
PPTX
An Ensemble Core with Docker - Solving a Real Pain in the PaaS
byErik Osterman
 
PDF
Introduction to Apache ZooKeeper | Big Data Hadoop Spark Tutorial | CloudxLab
byCloudxLab
 
PuppetDB: Sneaking Clojure into Operations
bygrim_radical
 
Practicing Continuous Deployment
byzeeg
 
Making Your Capistrano Recipe Book
byTim Riley
 
Ansible 實戰:top down 觀點
byWilliam Yeh
 
Percona Toolkit for Effective MySQL Administration
byMydbops
 
Apache ZooKeeper
byScott Leberknight
 
An Ensemble Core with Docker - Solving a Real Pain in the PaaS
byErik Osterman
 
Introduction to Apache ZooKeeper | Big Data Hadoop Spark Tutorial | CloudxLab
byCloudxLab
 

What's hot

PPTX
Introduction to apache zoo keeper
byOmid Vahdaty
 
PDF
Build Automation 101
byMartin Jackson
 
PDF
Distributed system coordination by zookeeper and introduction to kazoo python...
byJimmy Lai
 
PDF
Ansible not only for Dummies
byŁukasz Proszek
 
PDF
[오픈소스컨설팅] 프로메테우스 모니터링 살펴보고 구성하기
byJi-Woong Choi
 
PPTX
Herd your chickens: Ansible for DB2 configuration management
byFrederik Engelen
 
PDF
How and Why Prometheus' New Storage Engine Pushes the Limits of Time Series D...
byDocker, Inc.
 
PDF
Take control of your Jenkins jobs via job DSL.
byŁukasz Proszek
 
PPTX
Introduction to Apache ZooKeeper
bySaurav Haloi
 
PDF
Getting started with Ansible
byIvan Serdyuk
 
PDF
Automation with Ansible and Containers
byRodolfo Carvalho
 
PDF
Fixing Growing Pains With Puppet Data Patterns
byMartin Jackson
 
PDF
PostgreSQL Extensions: A deeper look
byJignesh Shah
 
PPTX
Docker on openstack by OpenSource Consulting
byOpen Source Consulting
 
PPTX
Apache zookeeper 101
byQuach Tung
 
PDF
Advanced task management with Celery
byMahendra M
 
PDF
Automated Java Deployments With Rpm
byMartin Jackson
 
PDF
Zookeeper In Simple Words
byFuqiang Wang
 
PDF
Managing PostgreSQL with Ansible - FOSDEM PGDay 2016
byGulcin Yildirim Jelinek
 
PDF
PuppetConf 2016: Nano Server, Puppet, and DSC
byMichael Smith
 
Introduction to apache zoo keeper
byOmid Vahdaty
 
Build Automation 101
byMartin Jackson
 
Distributed system coordination by zookeeper and introduction to kazoo python...
byJimmy Lai
 
Ansible not only for Dummies
byŁukasz Proszek
 
[오픈소스컨설팅] 프로메테우스 모니터링 살펴보고 구성하기
byJi-Woong Choi
 
Herd your chickens: Ansible for DB2 configuration management
byFrederik Engelen
 
How and Why Prometheus' New Storage Engine Pushes the Limits of Time Series D...
byDocker, Inc.
 
Take control of your Jenkins jobs via job DSL.
byŁukasz Proszek
 
Introduction to Apache ZooKeeper
bySaurav Haloi
 
Getting started with Ansible
byIvan Serdyuk
 
Automation with Ansible and Containers
byRodolfo Carvalho
 
Fixing Growing Pains With Puppet Data Patterns
byMartin Jackson
 
PostgreSQL Extensions: A deeper look
byJignesh Shah
 
Docker on openstack by OpenSource Consulting
byOpen Source Consulting
 
Apache zookeeper 101
byQuach Tung
 
Advanced task management with Celery
byMahendra M
 
Automated Java Deployments With Rpm
byMartin Jackson
 
Zookeeper In Simple Words
byFuqiang Wang
 
Managing PostgreSQL with Ansible - FOSDEM PGDay 2016
byGulcin Yildirim Jelinek
 
PuppetConf 2016: Nano Server, Puppet, and DSC
byMichael Smith
 

Viewers also liked

PDF
Revista33
byfedamon
 
PPTX
Presentación Xorcom - Nordata
byErick E. Guillén Araya
 
PPTX
Diccionario informático
byuniversidad pedagógica y tecnológica de colombia
 
DOC
Download the complete course information(.doc)
bybutest
 
ODP
Organizing used parts in the DIY bicycle shop
bycmirch
 
PDF
Ideas prácticas para emprendedores
byRicardo Buendía Iglesias
 
DOCX
Actividad 1 cognicion
byjuan carlos
 
DOCX
Historia de la Hotelería de Manta - Manabí - Ecuador
byedubeto texeira
 
PDF
deep books catalague 2015 - Health & Complementary Therapies
bydeepbooks
 
PDF
Figures of Absence in the History of Art
byPino Blasone
 
PDF
Goethe werther
byProfe Fabián Valdebenito
 
PDF
JSI Swish Brochure
byAppliedergonomics Gonomics
 
PDF
Perini 2007_Annual_Report
byfinance50
 
PPTX
Primera reunión comunidad tecnológica 06 05-2010
byErick Rojas Figueroa
 
PDF
Gracias4b2
byalcae alcae
 
PPTX
Things to remember before taking your sol, notes for students
byLanelle Hilling
 
PPT
6ta Clase Modelos a escala
byYuri Humberto Rojas Seminario
 
PPT
CORE: Cognitive Organization for Requirements Elicitation
byScott M. Confer
 
PPT
Lean Mfg Takeawayssharing
byFNian
 
PDF
TD Systems Information
byPeter Osuchowski
 
Revista33
byfedamon
 
Presentación Xorcom - Nordata
byErick E. Guillén Araya
 
Diccionario informático
byuniversidad pedagógica y tecnológica de colombia
 
Download the complete course information(.doc)
bybutest
 
Organizing used parts in the DIY bicycle shop
bycmirch
 
Ideas prácticas para emprendedores
byRicardo Buendía Iglesias
 
Actividad 1 cognicion
byjuan carlos
 
Historia de la Hotelería de Manta - Manabí - Ecuador
byedubeto texeira
 
deep books catalague 2015 - Health & Complementary Therapies
bydeepbooks
 
Figures of Absence in the History of Art
byPino Blasone
 
Goethe werther
byProfe Fabián Valdebenito
 
JSI Swish Brochure
byAppliedergonomics Gonomics
 
Perini 2007_Annual_Report
byfinance50
 
Primera reunión comunidad tecnológica 06 05-2010
byErick Rojas Figueroa
 
Gracias4b2
byalcae alcae
 
Things to remember before taking your sol, notes for students
byLanelle Hilling
 
6ta Clase Modelos a escala
byYuri Humberto Rojas Seminario
 
CORE: Cognitive Organization for Requirements Elicitation
byScott M. Confer
 
Lean Mfg Takeawayssharing
byFNian
 
TD Systems Information
byPeter Osuchowski
 

Similar to Our Puppet Story – Patterns and Learnings (sage@guug, March 2014)

PPT
Puppet
bycsrocks
 
PDF
Our Puppet Story (Linuxtag 2014)
byDECK36
 
PDF
DevOps Series: Extending vagrant with Puppet for configuration management
byFelipe
 
KEY
Puppet for Java developers - JavaZone NO 2012
byCarlos Sanchez
 
PDF
20090514 Introducing Puppet To Sasag
bygarrett honeycutt
 
PDF
Puppet and the HashiStack
byBram Vogelaar
 
PDF
Test driven infrastructure
bySkills Matter Talks
 
PDF
Our Puppet Story (GUUG FFG 2015)
byDECK36
 
PDF
Security Testing Using Infrastructure-As-Code
byVision Concepts Infrastructure Services Solution
 
PDF
Puppet: From 0 to 100 in 30 minutes
byAlessandro Franceschi
 
PDF
Intro to-puppet
byF.L. Jonathan Araña Cruz
 
PPT
Getting Started with Puppet by Chad Metcalf Wibi Data
bybuildacloud
 
PDF
Getting started with puppet and vagrant (1)
byPuppet
 
ODP
Puppet and the HashiCorp Suite
byBram Vogelaar
 
PDF
SCM Puppet: from an intro to the scaling
byStanislav Osipov
 
PDF
Puppet and Vagrant in development
byAdam Culp
 
PPTX
Harmonious Development: Via Vagrant and Puppet
byAchieve Internet
 
KEY
From Dev to DevOps - FOSDEM 2012
byCarlos Sanchez
 
PPTX
Puppet Camp Silicon Valley 2015: How TubeMogul reached 10,000 Puppet Deployme...
byNicolas Brousse
 
PPTX
Puppet
byJohn Coggeshall
 
Puppet
bycsrocks
 
Our Puppet Story (Linuxtag 2014)
byDECK36
 
DevOps Series: Extending vagrant with Puppet for configuration management
byFelipe
 
Puppet for Java developers - JavaZone NO 2012
byCarlos Sanchez
 
20090514 Introducing Puppet To Sasag
bygarrett honeycutt
 
Puppet and the HashiStack
byBram Vogelaar
 
Test driven infrastructure
bySkills Matter Talks
 
Our Puppet Story (GUUG FFG 2015)
byDECK36
 
Security Testing Using Infrastructure-As-Code
byVision Concepts Infrastructure Services Solution
 
Puppet: From 0 to 100 in 30 minutes
byAlessandro Franceschi
 
Intro to-puppet
byF.L. Jonathan Araña Cruz
 
Getting Started with Puppet by Chad Metcalf Wibi Data
bybuildacloud
 
Getting started with puppet and vagrant (1)
byPuppet
 
Puppet and the HashiCorp Suite
byBram Vogelaar
 
SCM Puppet: from an intro to the scaling
byStanislav Osipov
 
Puppet and Vagrant in development
byAdam Culp
 
Harmonious Development: Via Vagrant and Puppet
byAchieve Internet
 
From Dev to DevOps - FOSDEM 2012
byCarlos Sanchez
 
Puppet Camp Silicon Valley 2015: How TubeMogul reached 10,000 Puppet Deployme...
byNicolas Brousse
 
Puppet
byJohn Coggeshall
 

Recently uploaded

PDF
shayk.online - Anonymous chat with Sinatra and WebSockets
byEleanor McHugh
 
PDF
February 2026 Patch Tuesday hosted by Chris Goettl and Todd Schell
byIvanti
 
PPTX
Automation Without Apprentices: How AI Challenges the Open Source Way
byIcinga
 
PPTX
How Does an ICO Launchpad Work Step-by-Step Breakdown.pptx
byTom Hardy S
 
PPTX
Beyond the Algorithm: Designing Human-Centric Public Service with AI
byAlan Dix
 
PDF
Safer’s Picks: The 5 FME Transformers You Didn’t Know You Needed
bySafe Software
 
PDF
TrustArc Webinar - From Trends to Action: Fitting AI Governance into Privacy Ops
byTrustArc
 
PDF
How does MES(Manufacturing Execution System) work?
byakipii ogaoga
 
PDF
The Emergence of Empathic XR: AWE Asia 2026 keynote
byMark Billinghurst
 
PDF
Security-Fails-in-the-Gaps-Between-Systems.pptx.pdf
byOhhproJunction
 
PPTX
PPTX game guess the logo with a twistppt
byAdrianAnig
 
PPTX
Working Session — Build a Document Understanding Automation Using an OOTB ML ...
byDianaGray10
 
PPTX
Computer architecture, Computer architecture ,Computer architecture
bywaheedqazi123
 
PDF
Chapter 5 Security Mechanisms iin computer security.pdf
byGetnet Tigabie Askale -(GM)
 
PDF
Escape from the Forbidden Zone: Smuggling green and inclusive tech past the g...
byBookNet Canada
 
PDF
Oracle Cloud Infrastructure 2025 Architect Professional (1Z0-1127-25) Master ...
byExamCert App
 
PDF
How to Install XRDP on CentOS 10 .pdf
byGreen Webpage
 
PDF
Session 1/5: Enhancing Automation with Screenplay & Business Rules
bysuhanisingh58689
 
PDF
Transcript: Escape from the Forbidden Zone: Smuggling green and inclusive tec...
byBookNet Canada
 
PDF
Explaining the flow of purpose-specific BOM
byakipii ogaoga
 
shayk.online - Anonymous chat with Sinatra and WebSockets
byEleanor McHugh
 
February 2026 Patch Tuesday hosted by Chris Goettl and Todd Schell
byIvanti
 
Automation Without Apprentices: How AI Challenges the Open Source Way
byIcinga
 
How Does an ICO Launchpad Work Step-by-Step Breakdown.pptx
byTom Hardy S
 
Beyond the Algorithm: Designing Human-Centric Public Service with AI
byAlan Dix
 
Safer’s Picks: The 5 FME Transformers You Didn’t Know You Needed
bySafe Software
 
TrustArc Webinar - From Trends to Action: Fitting AI Governance into Privacy Ops
byTrustArc
 
How does MES(Manufacturing Execution System) work?
byakipii ogaoga
 
The Emergence of Empathic XR: AWE Asia 2026 keynote
byMark Billinghurst
 
Security-Fails-in-the-Gaps-Between-Systems.pptx.pdf
byOhhproJunction
 
PPTX game guess the logo with a twistppt
byAdrianAnig
 
Working Session — Build a Document Understanding Automation Using an OOTB ML ...
byDianaGray10
 
Computer architecture, Computer architecture ,Computer architecture
bywaheedqazi123
 
Chapter 5 Security Mechanisms iin computer security.pdf
byGetnet Tigabie Askale -(GM)
 
Escape from the Forbidden Zone: Smuggling green and inclusive tech past the g...
byBookNet Canada
 
Oracle Cloud Infrastructure 2025 Architect Professional (1Z0-1127-25) Master ...
byExamCert App
 
How to Install XRDP on CentOS 10 .pdf
byGreen Webpage
 
Session 1/5: Enhancing Automation with Screenplay & Business Rules
bysuhanisingh58689
 
Transcript: Escape from the Forbidden Zone: Smuggling green and inclusive tec...
byBookNet Canada
 
Explaining the flow of purpose-specific BOM
byakipii ogaoga
 

Our Puppet Story – Patterns and Learnings (sage@guug, March 2014)

  • 1.
    Our Puppet Story– Patterns and Learnings Martin Schütte March 27 2014
  • 2.
    1. Intro 2. Vagrant 3.Puppet Intro Dashboard & PE Facter & Hiera git Problems Misc
  • 3.
    1. Intro 2. Vagrant 3.Puppet Intro Dashboard & PE Facter & Hiera git Problems Misc
  • 4.
    About DECK36 • Smallteam of 7 engineers • Longstanding expertise in designing, implementing and operating complex web systems • Developing own data intelligence-focused tools and web services • Offering our expert knowledge in Automation & Operation, Architecture & Engineering, Analytics & Data Logistics
  • 5.
    About me • SystemAutomation Engineer • Puppet Certified Professional 2013 • martin.schuette@deck36.de
  • 6.
  • 7.
    The Goal Stable andreproducible environment for a Software. … environment for new developer, … test config changes, … clean package build env, … preconfigured demo box. But also quickly deployable, and centrally managed with current software versions.
  • 8.
    1. Intro 2. Vagrant 3.Puppet Intro Dashboard & PE Facter & Hiera git Problems Misc
  • 9.
    Vagrant Configuration tool forVMs and Provisioning. “Local cloud” • Self service • Instant provisioning • Cost efficient • Elastic • Pay per use
  • 10.
    Vagrant VM Providers: • VirtualBox:“default”, works offline, ressource hungry • Docker: lightweight, requires Linux, good for testing • AWS EC2: remote VMs, good for automation (Jenkins) Provisioning: • Shell script • Puppet, apply manifest or run agent • Chef, solo or client • Ansible playbooks • Salt states • Docker containers
  • 11.
    VeeWee definition Veewee::Definition.declare({ :iso_file =>"debian-wheezy-DI-b4-amd64-netinst.iso", :disk_size => '40560', :disk_format => 'VDI', :cpu_count => '2', :memory_size => '3192', :boot_wait => "10", :boot_cmd_sequence => [ '<Esc>', 'install ', 'preseed/url=http://%IP%:%PORT%/preseed.cfg ', 'debconf/frontend=noninteractive ', '<Enter>' ], :postinstall_files => [ "base.sh", "vagrant.sh", "customize-puppet.sh", ... ], ... })
  • 12.
    Vagrantfile Vagrant.configure("2") do |config| config.vm.box= "graylog2" config.vm.box_url = "http://vagrantboxes.footballradar.com/wheezy64.box" config.vm.provider "virtualbox" do |v| v.memory = 1024 end config.vm.provision :puppet do |puppet| puppet.manifest_file = "graylog2.pp" puppet.module_path = "modules" end config.vm.network :forwarded_port, guest: 9000, host: 9000 config.vm.network :forwarded_port, guest: 80, host: 8080 config.vm.network :forwarded_port, guest: 12201, host: 12201, protocol: 'udp' config.vm.network :forwarded_port, guest: 12201, host: 12201, protocol: 'tcp' config.vm.network :forwarded_port, guest: 12900, host: 12900 end
  • 13.
    Multi-VM Vagrantfile Vagrant.configure("2") do|config| # VM 1: appserver config.vm.define :app do |app| app.vm.hostname = "testbox.example.org" app.vm.network :forwarded_port, host: 8080, guest: 80 app.vm.synced_folder ".", "/home/vagrant/files" end # VM 2: DB server config.vm.define :db do |db| db.vm.hostname = "db.example.org" db.vm.provider :virtualbox do |vb| vb.customize ["modifyvm", :id, "--cpus", "2"] end end # Box & Provisioning config.vm.box = "precise64" config.vm.provision :shell, :path => "vagrant_install_puppet_keys.sh" config.vm.provision :puppet_server, :puppet_server => "puppetmaster.example.org" end
  • 14.
    vagrant-aws Vagrant.configure("2") do |config| config.vm.box= "dummy" config.vm.provider :aws do |aws, override| aws.access_key_id = "YOUR KEY" aws.secret_access_key = "YOUR SECRET KEY" aws.keypair_name = "KEYPAIR NAME" region = "eu-west-1" aws.ami = "ami-20414854" aws.tags = { 'Role' => 'TestVM', 'Net' => 'Devnet' } end end
  • 15.
    Synced Folders Shared folders,mounted from host into guest. Options: • VirtualBox • NFS • SMB • rsync
  • 16.
    Synced Folders src: MitchellHashimoto, Comparing Filesystem Performance in Virtual Machines
  • 17.
    1. Intro 2. Vagrant 3.Puppet Intro Dashboard & PE Facter & Hiera git Problems Misc
  • 18.
    Puppet • Configuration Management •Declarative: Resources and Dependencies
  • 19.
    Puppet Puppet Agent execution: 1.Create catalog: • read manifest • gather resources • ensure order 2. Apply for each resource: • query state • change to desired state
  • 20.
    Syntax class vpn($version ='present', $ca_crt, $usr_crt, $usr_key) { package { 'openvpn': ensure => $version; } file { "/etc/openvpn/client.key": ensure => file, mode => '0600', content => $usr_key; require => Package['openvpn'], notify => Service['openvpn']; "/etc/openvpn/client.conf": ensure => file, source => "puppet:///modules/vpn/client.conf", require => Package['openvpn'], notify => Service['openvpn']; } service { 'openvpn': ensure => running, require => Package['openvpn'], } }
  • 21.
    Syntax class vpn($version ='present', $ca_crt, $usr_crt, $usr_key) { package { 'openvpn': ensure => $version; } -> file { "/etc/openvpn/client.key": ensure => file, mode => '0600', content => $usr_key; "/etc/openvpn/client.conf": ensure => file, source => "puppet:///modules/vpn/client.conf"; } ~> service { 'openvpn': ensure => running, } }
  • 22.
  • 23.
    Puppet Module Layout module_name •manifests Puppet code (classes/defines) - init.pp - subclass.pp • files static files • templates .erb templates • lib ruby plugins (custom types/facts) • tests usage examples for manifests • spec spec tests for libs
  • 24.
  • 25.
  • 26.
    stdlib facts.d • simpledata input • e. g. ec2metadata, inventory lookup custom_facts.sh #! /bin/sh which ec2metadata >/dev/null 2>&1 || exit 1 echo "ec2_ami_id=$(ec2metadata --ami-id)" echo "ec2_instance_id=$(ec2metadata --instance-id)" echo "ec2_instance_type=$(ec2metadata --instance-type)" echo "ec2_public_ipv4=$(ec2metadata --public-ipv4)" echo "ec2_public_hostname=$(ec2metadata --public-hostname)"
  • 27.
    Hiera • banish topscope variables • use Hiera! • structure with roles & profiles
  • 28.
    node definitions vs.Hiera site.pp node "mydev.vagrantup.com" inherits basenode-vagrant { $vmEnv = "development" include sysadmin include ntp include vagrant include user::vagrant include mysqlserver include redisserver # ... }
  • 29.
    node definitions vs.Hiera site.pp hiera_include('include_classes', ['sysadmin']) node default { } role_elasticsearch.yaml include_classes: - elasticsearch - elasticsearch::plugins - zabbix::helper::elasticsearch elasticsearch::clustername: "mycluster" elasticsearch::client: false elasticsearch::heapsize: "768m"
  • 30.
    hiera.yaml :hierarchy: - node/%{fqdn} - vm/netenv_role_%{puppet_netenv}_%{puppet_role} -vm/role_%{puppet_role} - vm/netenv_%{puppet_netenv} - domain_%{domain} - common :backends: - yaml :logger: console :yaml: :datadir: "/etc/puppet/environments/%{environment}/"
  • 31.
    Example lookup fqdn =dev.pod1.org domain = pod1.org puppet_role = dev puppet_netenv = vagrant ⇒ Lookup in: 1. node/dev.pod1.org.yaml 2. vm/netenv_role_vagrant_dev.yaml 3. vm/role_dev.yaml 4. vm/netenv_vagrant.yaml 5. domain_pod1.org.yaml 6. common.yaml
  • 32.
    Hiera & Puppet2.x compatibility class vpn($version = hiera('vpn::version', 'present'), $ca_crt = hiera('vpn::ca_crt'), $usr_crt = hiera('vpn::usr_crt'), $usr_key = hiera('vpn::usr_key')) { package { 'openvpn': ensure => $version; } # ... }
  • 33.
    git workflow • usegit! • use git hooks • use per-user environments for easy testing • repos for testing/production
  • 34.
    git hook: SyntaxCheck Git pre-commit hook with puppet-lint to syntax check Puppet, ERB templates, YAML files (http://github.com/gini/puppet-git-hooks) Example Output: $ git commit -m 'test' modules/graylog2/templates/server.conf.erb -:5: syntax error, unexpected $undefined ...rd_sha2 = "; _erbout.concat(( @ root_pwd_sha2 ).to_s); _erbo... ... ^ ERB syntax error in modules/graylog2/templates/server.conf.erb
  • 35.
    git hook: E-MailNotification Git post-receive hook to notify team on push (http://git.kernel.org/cgit/git/git.git/tree/contrib/hooks/ post-receive-email?id=HEAD) Example E-Mail: - Log ---------------------------------------------- commit 5df04ee883b8de8a37bf0ac97eec068cd1f3a414 Author: N. N. <n.n@deck36.de> Date: Tue Jan 7 08:57:17 2014 +0000 fixed path to csync2 executable ---------------------------------------------------- Summary of changes: modules/user/files/etc/sudoers.d/support | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
  • 36.
    environments • per userenv + production ⇒ easy testing with puppet agent -t --environment=user • two servers for testing/production Config (in puppet < 3.5.0): puppet.conf [mschuette] modulepath = $confdir/environments/mschuette/modules manifest = $confdir/environments/mschuette/manifests/site.pp pluginsync = true
  • 37.
  • 38.
    Puppet Problems • sometasks require two agent runs • apt-get upgrade and package dependencies • beware of version mismatch between apt (or yum) and package • scoping and namespaces • exec is the new eval
  • 39.
    Version ping-pong modules/php/init.pp class php($version= '5.3.10-1ubuntu3.10') { package { 'php5-common': ensure => $version, } } class php::curl($version) { require php package { 'php5-curl': ensure => $version, } } server.pp class { 'php::curl': version => '5.5.5+dfsg-1+debphp.org~precise+2', }
  • 40.
    Namespace problems # thisdoes not work, cf. #PUP-1073 package { 'memcached': ensure => present, provider => apt, } package { 'memcached': ensure => present, provider => gem, }
  • 41.
    exec tricks You cando (and break) everything with exec. But of course you should not.
  • 42.
    exec tricks # nopkg provider for npm exec { 'npm install -g less': creates => '/usr/lib/node_modules/npm/node_modules/less', } # hide change exec { 'zabbix_update.sh': command => 'false', onlyif => "/opt/zabbix_update.sh $api_url && false", logoutput => on_failure, }
  • 43.
    MCollective “multissh deluxe” AMQP client/serverframework to • orchestrate actions • control puppet agents • run commands • query resources • …
  • 44.
    Hooks to othersystems • include in provisioning process • provide normative data as facts • register or update DNS name → Route 53 • register or update host in Zabbix monitoring → API
  • 45.
    Versions • Puppet 2.7:legacy • Puppet 3.0: major upgrade, with Hiera support • Puppet 3.x: current development, future parser
  • 46.
    Questions? class presentation { package{ 'questions': ensure => 'answered', } } Links: • Vagrant • Puppet Language: Visual Index • Puppet Type Reference • Puppet Ask
  • 47.