This document discusses using Puppet to program IT infrastructures. It introduces Puppet as a tool for automating infrastructure management and provisioning. Puppet uses a declarative language and allows infrastructure to be coded and version controlled. The document provides an overview of Puppet architecture with Master and Agent nodes and explains how nodes are defined and organized using classes and modules. It also shows examples of Puppet code for configuring common services and managing files and templates.

1. Programmare Infrastrutture IT con Puppet
Alessandro Franceschi / Lab42

2. Infrastructure progressio
cum Puppet
IT Infrastructures development with Puppet
Alessandro Franceschi / Lab42
CodeMotion 2012 Roma
Creative Commons BY-NC-SA 3.0

3. From Ops
to DevOps

4. Tempus fugit
Flexible... elastic... scalable
What’s behind these cloudy words?

5. Panta rei
Automation is a matter of survival

6. Alea iacta est
Ops like automation!
( since Bourne shell ... )

7. Errare
humanum est
From a bunch of custom scripts
to Standard Integrated Tools

8. Factotum
Have you heard about this Puppet|Chef | CfEngine stuff?

9. Doctum doces
Infrastructure as code

10. Scripta manent,
verba volant
Servers Infrastructure Change under...
version control!

11. Repetitia iuvant
Code behaves always in the same way:
Consistent setups

12. Ignorantia legis
non excusat
Code can be tested.
Infrastructure Code too.

13. Masters
of Puppet

14. Gratis
OpenSource from www.puppetlabs.com

15. Cui prodest?
Source: www.puppetlabs.com

16. Divide et Impera
Many Puppet nodes One Puppet Master
Clients
User: root
Process: /usr/bin/ruby /usr/sbin/puppetd -t
Server
User: puppet
Process: /usr/bin/ruby /usr/sbin/puppetmasterd
Listen: TCP 0.0.0.0:8140

17. package { 'openssh-server':
Status Quo }
ensure => present,
before => File['/etc/ssh/sshd_config'],
A declarative language file { '/etc/ssh/sshd_config':
ensure => file,
mode => 600,
source => '/root/learning-manifests/sshd_config',
}
service { 'sshd':
ensure => running,
enable => true,
subscribe => File['/etc/ssh/sshd_config'],
}

18. Veni vidi vici

19. Ex Aequo
Operating System Abstraction

20. Deus
Ex
Machina
# This File is Managed by Puppet

21. Mater semper
certa est,
pater nunquam
O: Who changed that file?!
info: Filebucket[/var/lib/puppet/clientbucket]: Adding /etc/
resolv.conf(d7fbc1695489ce896d30b7b04d72887c)
info: //test/File[/etc/resolv.conf]: Filebucketed /etc/resolv.conf to main with sum
d7fbc1695489ce896d30b7b04d72887c
Old file is copied in:
/var/lib/puppet/clientbucket/d/7/f/b/c/1/6/9/d7fbc1695489ce896d30b7b04d72887c/content

22. Enough graphics, show me some
Puppet code!

23. Nodes definitions
In Puppet code: On an External Node Classifier (ENC)
/etc/puppet/manifests/site.pp
node 'prod-fep-1' {
$status = "prod"
include role_fep
}
node 'prod-fep-2' { The Foreman
$status = "prod"
include role_fep
}
node 'test-fep-1' {
$status = "test"
include role_fep
}
Puppet Dashboard
node 'dev-fep-1' {
$status = "dev"
include role_fep
}
[...]
Puppet Enterprise Console

24. Classes (collections of resources)
class role_fep {
$role="fep"
include general # We see it in the next slide
include apache
include php::pear
include php::dev
include php::oci8
apache::module { "rewrite": }
apache::module { "proxy": templatefile => "proxy.conf.erb" }
php::module { "gd": }
php::pear::module { "apc": }
php::pear::module { "XML_Serializer": use_package => "no" }
php::pecl::config { "http_proxy": value => "$proxy_server" }
[...]
# Sample custom files
file { ‘/data’:
ensure => directory,
}
file { ‘/data/www’:
ensure => $::operatingsystem ? {
/(?i:Centos|RedHat|Scientific|Fedora)/ => ‘/var/www/html’,
/(?i:Debian|Ubuntu|Mint)/ => ‘/var/www’,
},
require => File[‘/data’]:
}
}

25. Classes ( a baseline common to all nodes )
class general {
include puppet
include users
include openssh
include hosts
include resolver
include sudo
include snmpd
include nrpe
include munin
case $::operatingsystem {
ubuntu,debian: {
include apt
include exim
}
centos,redhat: {
include yum
}
default: { }
}
}

26. Modules - Directory layout
/etc/puppet/modules/ ($modulepath)
apache/ One Application, One Module, One class
apache/manifests/
apache/manifests/init.pp Puppet Manifests ( code in the Puppet DSL )
apache/manifests/module.pp
apache/lib/
apache/lib/puppet/
Puppet extensions ( code in Ruby )
apache/lib/puppet/parser/
apache/lib/puppet/parser/functions
apache/lib/puppet/provider/
apache/lib/puppet/type/
apache/lib/facter/
apache/templates/ Erb Templates (files with dynamic content)
apache/files/ Static files
apache/spec/
apache/spec/classes/ Rspec tests
apache/spec/defines/
apache/Modulefile Module’s metadata for the Puppet Forge
apache/README.md

27. Modules - Files autoloading
class autofs {
package { autofs:
ensure => present,
}
service { autofs:
ensure => running, Sourced (static) files are searched in:
enable => true, $modulepath/autofs/files/auto.homes
}
file { "auto.homes":
path => “/etc/auto.homes”,
source => "puppet://$servername/modules/autofs/auto.homes"
}
}
Templates (Ruby ERB) are searched in:
class autofs { $modulepath/autofs/templates/auto.master.erb
[...]
file { "/etc/auto.master":
content => template("autofs/auto.master.erb")
}
}

28. LINKS
for a better living
http://docs.puppetlabs.com/ - PuppetLabs documentation
http://planetpuppet.org/ - Planet Puppet - Feeds aggregator
http://puppetlabs.com/community/puppet-camp/ - PuppetCamps
https://bitly.com/wnvqaN - How to start with Puppet - Useful links
http://www.example42.com/ - Example42 Puppet modules ( disclaimer ;-)

29. DO UT DES
Automated Systems Setups
Coherent Infrastructure
Track and History of Change
Installations Replicability
A new language to learn
Quick propagation of changes
Effectiveness needs practice
Aligned Environments for Test/[...]/Prod
If there’s code , there are bugs
Automated monitoring
Make Puppet the Enforcer not the Violator
Discipline in Systems management
More time to make things done (the first time)
Great Power gives Great Responsibilities

30. ad maiora
Questions?
Graphics:
@alvagante www.tatlin.net