developing sysadmin, sysadmining developersGuug devops puppet
ā¢
0 likesā¢966 views
This document summarizes Martin Alfke's presentation on developing sysadmin skills and sysadmining developers using Puppet. The presentation covered topics like environments, modules, templates, Augeas, multi-master Puppet configurations, running Puppet without a master, using ENC and Hiera for node and data classification, PuppetDB for storing configurations and exported resources, and dashboards for infrastructure management and monitoring.
More Related Content
What's hot
What's hot (17)
Similar to developing sysadmin, sysadmining developersGuug devops puppet
Similar to developing sysadmin, sysadmining developersGuug devops puppet (20)
More from Martin Alfke
More from Martin Alfke (17)
developing sysadmin, sysadmining developersGuug devops puppet
- 1. developing sysadmin - sysadmining developers develop your platform and your application management GUUG Berlin 01.11.2012 Martin Alfke <martin.alfke@buero20.org> Ā© Martin Alfke - 2012 Freitag, 2. November 12
- 2. Agenda puppet environments puppet modules puppet templates puppet and augeas puppet multi master puppet without master Ā© Martin Alfke - 2012 Freitag, 2. November 12
- 3. Environments āadminās and devās cooperate!ā Environments - Modules - Templates - Augeas - Master - Masterless Ā© Martin Alfke - 2012 Freitag, 2. November 12
- 4. Environments ā¢ Split up modules into several repositories ā¢ āproductionā is default and always there ā¢ Naming is abritrary ā¢ Master needs to know about environments ā¢ Client needs to send environment information Environments - Modules - Templates - Augeas - Master - Masterless Ā© Martin Alfke - 2012 Freitag, 2. November 12
- 5. Environments ā¢ puppet.conf [master] [test] manifest = /etc/puppet/test/manifests/site.pp modulepath = /etc/puppet/test/modules [mailteam] manifest = /etc/puppet/mail/manifests/site.pp modulepath = /etc/puppet/mail/modules [agent] environment = test Environments - Modules - Templates - Augeas - Master - Masterless Ā© Martin Alfke - 2012 Freitag, 2. November 12
- 6. Environments ā¢ Each environment may have multiple modulepaths [master] [test] manifest = /etc/puppet/test/manifests/site.pp modulepath = /etc/puppet/test/modules:/data/puppet/team/test/modules [mailteam] manifest = /etc/puppet/mail/manifests/site.pp modulepath = /etc/puppet/mail/modules:/data/puppet/team/core/modules Environments - Modules - Templates - Augeas - Master - Masterless Ā© Martin Alfke - 2012 Freitag, 2. November 12
- 7. Modules āplug things together simpleā Environments - Modules - Templates - Augeas - Master - Masterless Ā© Martin Alfke - 2012 Freitag, 2. November 12
- 8. Modules ā¢ Difference between modules and classes ā¢ Module: ā¢ strict directory naming for autoloading ā¢ each module has at least one class ā¢ Class: ā¢ available but not applied automatically Environments - Modules - Templates - Augeas - Master - Masterless Ā© Martin Alfke - 2012 Freitag, 2. November 12
- 9. Modules ā¢ directory structure /etc/puppet/test/modules/ <-- modulepath apache/ <-- modulename manifests/ <-- manifests path within module init.pp <-- initial class fetched from autoloader server.pp <-- additional class(es) ļ¬les/ <-- directory for module ļ¬le serving templates/ <-- directory for module templates lib/ <-- directory for facts or functions tests/ <-- directory for tests during develop Environments - Modules - Templates - Augeas - Master - Masterless Ā© Martin Alfke - 2012 Freitag, 2. November 12
- 10. Modules ā¢ class, ļ¬le and template naming structure /etc/puppet/test/modules/ apache/ manifests/ init.pp <-- class apache { ... } server.pp <-- class apache::server {Ā ... } ļ¬les/ <-- āpuppet:///modules/apache/<ļ¬lename>ā templates/ <-- template(āapache/<ļ¬lename>ā) lib/ tests/ Environments - Modules - Templates - Augeas - Master - Masterless Ā© Martin Alfke - 2012 Freitag, 2. November 12
- 11. Modules ā¢ class structure class apache { package { āapache2ā: ensure => present, } ļ¬le { ā/etc/apache2/apache2.confā: content => template(āapache/apache2.conf.erbā), } ļ¬le { ā/etc/apache2/conf.d/charsetā: source => āpuppet:///modules/apache/charsetā, } service { āapache2ā: ensure => running, } } Environments - Modules - Templates - Augeas - Master - Masterless Ā© Martin Alfke - 2012 Freitag, 2. November 12
- 12. Modules ā¢ use classes node āwww01.domain.tldā { class {Ā āapacheā: } <-- old: include apache } Environments - Modules - Templates - Augeas - Master - Masterless Ā© Martin Alfke - 2012 Freitag, 2. November 12
- 13. Modules ā¢ resources, classes, parameterized classes resource_type { ātitleā: attribute => value, } class <title> { ... } class <title> ( $variable = value) { ... } class { ā<title>ā: } class { ā<title>ā: variable => value, } Environments - Modules - Templates - Augeas - Master - Masterless Ā© Martin Alfke - 2012 Freitag, 2. November 12
- 14. Modules ā¢ using ruby in classes /etc/puppet/test/modules/apache/manifests/init.rb hostclass :apache do package :apache2, :ensure => present package :libapache2-php, :ensure => present service :apache2, :ensure => running end Environments - Modules - Templates - Augeas - Master - Masterless Ā© Martin Alfke - 2012 Freitag, 2. November 12
- 15. Templates ācode your conļ¬gā Environments - Modules - Templates - Augeas - Master - Masterless Ā© Martin Alfke - 2012 Freitag, 2. November 12
- 16. Templates ā¢ Ruby ERB template engine ā¢ Normally requires in-depth conļ¬guration review ā¢ Be aware of variable scoping ! Environments - Modules - Templates - Augeas - Master - Masterless Ā© Martin Alfke - 2012 Freitag, 2. November 12
- 17. Templates ā¢ use variables from puppet in templates $ntpserver = ā10.2.3.4ā ļ¬le { ā/etc/ntp.confā: content => template(āntp/ntp.conf.erbā), } # ntp.conf.erb <% if @ntpserver %> <-- old: if has_variable(āntpserverā) server <%= @ntpserver %> <-- @ syntax is new. uses current scope <% else %> server pool.ntp.org <% end %> Environments - Modules - Templates - Augeas - Master - Masterless Ā© Martin Alfke - 2012 Freitag, 2. November 12
- 18. Augeas āclean your lensesā Environments - Modules - Templates - Augeas - Master - Masterless Ā© Martin Alfke - 2012 Freitag, 2. November 12
- 19. Augeas ā¢ Make changes to single lines ā¢ Do not manage the complete conļ¬guration ļ¬le in puppet Environments - Modules - Templates - Augeas - Master - Masterless Ā© Martin Alfke - 2012 Freitag, 2. November 12
- 20. Augeas ā¢ augeas uses lenses to split up conļ¬g ļ¬les augtool print /ļ¬les/etc/sysctl.conf augtool set net.ipv4.forward 1 augeas { āset_ipv4_forwardā: context => ā/ļ¬les/etc/sysctl.confā, changes => āset net.ipv4.forward 1ā, } Environments - Modules - Templates - Augeas - Master - Masterless Ā© Martin Alfke - 2012 Freitag, 2. November 12
- 21. Augeas ā¢ Attention! ā¢ Not all conļ¬guration ļ¬les are supported ! ā¢ Augeas needs key-value pairs ā¢ Within puppet ruby-augeas extension is required Environments - Modules - Templates - Augeas - Master - Masterless Ā© Martin Alfke - 2012 Freitag, 2. November 12
- 22. Multi Master āno one can serve two masters!ā Environments - Modules - Templates - Augeas - Master - Masterless Ā© Martin Alfke - 2012 Freitag, 2. November 12
- 23. Multi Master ā¢ Load-Balancing with SSL separation ā¢ several Data Center ā¢ do you really have more than 1000 nodes? Environments - Modules - Templates - Augeas - Master - Masterless Ā© Martin Alfke - 2012 Freitag, 2. November 12
- 24. Multi Master ā¢ separate puppet ca and puppet master puppet.conf on puppet ca (single instance) [master] ca = true puppet.conf on puppet master [master] ca = false puppet.conf on agent [agent] ca_server = <puppet ca> server = <puppet master> Environments - Modules - Templates - Augeas - Master - Masterless Ā© Martin Alfke - 2012 Freitag, 2. November 12
- 25. Multi Master ā¢ use multiple master (without ca) ā¢ apache/nginx and loadbalancing ā¢ ipvsadm Environments - Modules - Templates - Augeas - Master - Masterless Ā© Martin Alfke - 2012 Freitag, 2. November 12
- 26. Multi Master ā¢ use multiple master (without ca) ā¢ pros: ā¢ ļ¬le serving handled better ā¢ more masters compile catalogs ā¢ cons: ā¢ single ca only Environments - Modules - Templates - Augeas - Master - Masterless Ā© Martin Alfke - 2012 Freitag, 2. November 12
- 27. Multi Master ā¢ avoid multiple masters ā¢ use templates ! ā¢ templates are generated on the master during catalog compilation ā¢ ļ¬les needs to get fetched by the nodes ā¢ use mod_passenger Environments - Modules - Templates - Augeas - Master - Masterless Ā© Martin Alfke - 2012 Freitag, 2. November 12
- 28. without Master āyou shall have no masterā Environments - Modules - Templates - Augeas - Master - Masterless Ā© Martin Alfke - 2012 Freitag, 2. November 12
- 29. without Master ā¢ Pre-compile catalogs ā¢ Run puppet apply locally Environments - Modules - Templates - Augeas - Master - Masterless Ā© Martin Alfke - 2012 Freitag, 2. November 12
- 30. without Master ā¢ Very large environment (>15.000 nodes) ā¢ Multiple locations world wide Environments - Modules - Templates - Augeas - Master - Masterless Ā© Martin Alfke - 2012 Freitag, 2. November 12
- 31. without Master ā¢ Compile catalogs for all nodes on master ā¢ puppet master compile <fqdn> ā¢ Copy catalogs to nodes to execute them ā¢ puppet apply --catalog <catalog ļ¬le name> Environments - Modules - Templates - Augeas - Master - Masterless Ā© Martin Alfke - 2012 Freitag, 2. November 12
- 32. without Master ā¢ Pros: ā¢ no dedicated master, catalog compilation may take place everywhere ā¢ Cons: ā¢ no modules !! ā¢ ļ¬leserving has to be done locally (e.g. NFS mount) Environments - Modules - Templates - Augeas - Master - Masterless Ā© Martin Alfke - 2012 Freitag, 2. November 12
- 33. developing sysadmin - sysadmining developers Wait ! There is more ! Martin Alfke <martin.alfke@buero20.org> Ā© Martin Alfke - 2012 Freitag, 2. November 12
- 34. ENC and Hiera ādata, data, dataā ENC and Hiera - Puppet DB - Dashboard Ā© Martin Alfke - 2012 Freitag, 2. November 12
- 35. ENC and Hiera ā¢ External Nodes Classiļ¬er ā¢ executable with one parameter (fqdn) ā¢ can be anything ā¢ get info from ļ¬lesystem: cat $1.yaml ā¢ get info from inventory database ENC and Hiera - Puppet DB - Dashboard Ā© Martin Alfke - 2012 Freitag, 2. November 12
- 36. ENC and Hiera ā¢ ENC in puppet /etc/puppet/puppet.conf [master] node_terminus = exec external_nodes = /etc/puppet/bin/my_great_enc.exe ENC and Hiera - Puppet DB - Dashboard Ā© Martin Alfke - 2012 Freitag, 2. November 12
- 37. ENC and Hiera ā¢ /etc/puppet/bin/my_great_enc.exe www1.domain.tld --- parameters: location: de-ber2 classes: ntp: ntpserver: 10.2.2.2 apache: mysql: environment: production ENC and Hiera - Puppet DB - Dashboard Ā© Martin Alfke - 2012 Freitag, 2. November 12
- 38. ENC and Hiera ā¢ Hiera - hierarchial data structure ā¢ built in into Puppet 3.x ā¢ add-on in Puppet 2.7.x ENC and Hiera - Puppet DB - Dashboard Ā© Martin Alfke - 2012 Freitag, 2. November 12
- 39. ENC and Hiera ā¢ Hiera conļ¬guration /etc/puppet/hiera.yaml :hierarchy: - %{operatingsystem} - common - %{datacenter} - %{serverfunction} :backends: - yaml :yaml: :datadir: ā/etc/puppet/hieradataā ENC and Hiera - Puppet DB - Dashboard Ā© Martin Alfke - 2012 Freitag, 2. November 12
- 40. ENC and Hiera ā¢ Hiera data /etc/puppet/hieradata/debian.yaml --- ssh_packages: - āopenssh-serverā - āopenssh-clientā - āopenssh-blacklistā /etc/puppet/hieradata/centos.yaml --- ssh_packages: - āopensshā - āopenssh-clientsā - āopenssh-serverā ENC and Hiera - Puppet DB - Dashboard Ā© Martin Alfke - 2012 Freitag, 2. November 12
- 41. ENC and Hiera ā¢ Hiera usage /etc/puppet/modules/ssh/manifests/init.pp class ssh { $ssh_packages = hiera(āssh_packagesā) package { ā${ssh_packages}ā: ensure => present } } ENC and Hiera - Puppet DB - Dashboard Ā© Martin Alfke - 2012 Freitag, 2. November 12
- 42. PuppetDB āgetting it allā ENC and Hiera - Puppet DB - Dashboard Ā© Martin Alfke - 2012 Freitag, 2. November 12
- 43. PuppetDB ā¢ Used for storeconļ¬gs and exported resources ā¢ Schema for PostgreSQL ā¢ Will get more features soon ENC and Hiera - Puppet DB - Dashboard Ā© Martin Alfke - 2012 Freitag, 2. November 12
- 44. Dashboard āmanagement needs graphsā ENC and Hiera - Puppet DB - Dashboard Ā© Martin Alfke - 2012 Freitag, 2. November 12
- 45. Dashboard ā¢ Open Source Dashboard is dead end ā¢ PuppetLabs is working on two other tools ENC and Hiera - Puppet DB - Dashboard Ā© Martin Alfke - 2012 Freitag, 2. November 12
- 46. developing sysadmin - sysadmining developers Questions? Martin Alfke <martin.alfke@buero20.org> Ā© Martin Alfke - 2012 Freitag, 2. November 12