An introduction to the Configuration Management, what problems it solves, why you might need it and examples using the popular Puppet CM tool

1. R.I.Pienaar
Malta DevOps August 2016
Introduction to
Configuration Management

2. R.I.Pienaar | rip@devco.net | http://devco.net | @ripienaar
Who am I?
• Malta since December 2015
• Consultant for 20+ years
• Government, Finance, Health, Social Media,
Fortune 50, Startups
• DevOps, Automation, Architect,
Development
• Open Source @ github.com/ripienaar
• Linux since Kernel 99 alpha p11

3. R.I.Pienaar | rip@devco.net | http://devco.net | @ripienaar
Configuration
Management
for Devs and Ops

4. R.I.Pienaar | rip@devco.net | http://devco.net | @ripienaar
CM - What’s the problem?
Not CONSISTENT

5. R.I.Pienaar | rip@devco.net | http://devco.net | @ripienaar
CM - What’s the problem?
Not REPRODUCABLE

6. R.I.Pienaar | rip@devco.net | http://devco.net | @ripienaar
CM - What’s the problem?
Not INTERESTING

7. R.I.Pienaar | rip@devco.net | http://devco.net | @ripienaar
CM - What’s the problem?
Not SCALABLE

8. R.I.Pienaar | rip@devco.net | http://devco.net | @ripienaar
CM - What’s the problem?
Not COMPLETE

9. R.I.Pienaar | rip@devco.net | http://devco.net | @ripienaar
CM - What’s the problem?
Not PREDICTABLE

10. R.I.Pienaar | rip@devco.net | http://devco.net | @ripienaar
Hypothetical Toolset

11. R.I.Pienaar | rip@devco.net | http://devco.net | @ripienaar
CM - Wishes?
Programmable
Infrastructure
Domain Specific Language

12. R.I.Pienaar | rip@devco.net | http://devco.net | @ripienaar
CM - Wishes?
Programmable
Infrastructure
Platform and OS Independent

13. R.I.Pienaar | rip@devco.net | http://devco.net | @ripienaar
CM - Wishes?
Programmable
Infrastructure
Complete Server Lifecycle

14. R.I.Pienaar | rip@devco.net | http://devco.net | @ripienaar
CM - Wishes?
Programmable
Infrastructure
Extendible via Plugins and APIs

15. R.I.Pienaar | rip@devco.net | http://devco.net | @ripienaar
CM - Wishes?
Programmable
Infrastructure
Learns from Development

16. R.I.Pienaar | rip@devco.net | http://devco.net | @ripienaar
CM - Wishes?
Open
Source,APIs and Docs
Community, IRC, Slack, GitHub, Users

17. R.I.Pienaar | rip@devco.net | http://devco.net | @ripienaar
CM - Wishes?
Commercial
Owned
Support,Training, Conferences, Certs

18. R.I.Pienaar | rip@devco.net | http://devco.net | @ripienaar

19. R.I.Pienaar | rip@devco.net | http://devco.net | @ripienaar
Puppet
• 10 years old
• Commercially owned Open Source
• Client Server or Standalone Architecture
• Used by 10s of 1000s of companies
• Useful to small and large companies, even
single servers
• 4 400 reusable modules, write your own

20. R.I.Pienaar | rip@devco.net | http://devco.net | @ripienaar
Puppet Resources
package{“httpd”:
ensure => “present”
}
file{“/etc/httpd/conf/httpd.conf”:
owner => “root”,
group => “root”,
mode => “0644”,
source => “puppet:///modules/apache/httpd.conf”
}
service{“httpd”:
ensure => “running”,
enable => true
}

21. R.I.Pienaar | rip@devco.net | http://devco.net | @ripienaar
Puppet Types
package{“httpd”:
ensure => “present”
}
file{“/etc/httpd/conf/httpd.conf”:
owner => “root”,
group => “root”,
mode => “0644”,
source => “puppet:///modules/apache/httpd.conf”
}
service{“httpd”:
ensure => “running”,
enable => true
}

22. R.I.Pienaar | rip@devco.net | http://devco.net | @ripienaar
Puppet Titles
package{“httpd”:
ensure => “present”
}
file{“/etc/httpd/conf/httpd.conf”:
owner => “root”,
group => “root”,
mode => “0644”,
source => “puppet:///modules/apache/httpd.conf”
}
service{“httpd”:
ensure => “running”,
enable => true
}

23. R.I.Pienaar | rip@devco.net | http://devco.net | @ripienaar
Puppet Parameters
package{“httpd”:
ensure => “present”
}
file{“/etc/httpd/conf/httpd.conf”:
owner => “root”,
group => “root”,
mode => “0644”,
source => “puppet:///modules/apache/httpd.conf”
}
service{“httpd”:
ensure => “running”,
enable => true
}

24. R.I.Pienaar | rip@devco.net | http://devco.net | @ripienaar
Puppet Relationships
package{“httpd”:
…
}
file{“/etc/httpd/conf/httpd.conf”:
…,
require => Package[“httpd”],
notify => Service[“httpd”]
}
service{“httpd”:
…,
require => File[“/etc/httpd/conf/httpd.conf”]
}

25. R.I.Pienaar | rip@devco.net | http://devco.net | @ripienaar
Puppet Collections
class apache {
include apache::install
include apache::config
include apache::service
}
class apache::install {
package{ … }; package{ … }
}
class apache::config {
file{ … }; file{ … }
}
class apache::service {
service{ … }; service{ … }
}

26. R.I.Pienaar | rip@devco.net | http://devco.net | @ripienaar
Puppet Relations
package{“httpd”:
…
}
file{“/etc/httpd/conf/httpd.conf”:
…,
require => Class[“apache::install”],
notify => Class[“apache::service”]
}
service{“httpd”:
…,
require => Class[“apache::config”]
}

27. R.I.Pienaar | rip@devco.net | http://devco.net | @ripienaar
Puppet Nodes
node “dev1.example.net” {
include roles::lamp_dev
}
class roles::lamp_dev {
include profile::lamp_webserver
include profile::lamp_mysqlserver
}
class profile::lamp_webserver {
include php
include apache
}
class profile::lamp_mysqlserver {
include mysql
}

28. R.I.Pienaar | rip@devco.net | http://devco.net | @ripienaar
Puppet Facts
$ facter
…
os => {
architecture => "x86_64",
distro => {
codename => "Core",
description => "CentOS Linux release 7.2.1511 (Core)",
id => "CentOS",
release => {
full => "7.2.1511",
major => "7",
minor => "2"
},
specification => ":core-4.1-amd64:core-4.1-noarch"
},
family => "RedHat",
hardware => "x86_64",
name => "CentOS",
release => {
full => "7.2.1511",
major => "7",
minor => "2"
},
selinux => {
enabled => false
}
}
…

29. R.I.Pienaar | rip@devco.net | http://devco.net | @ripienaar
Puppet Facts
class site::common {
if $facts[“os”][“family”] == “RedHat” {
include site::redhat_common
} elsif $facts[“os”][“family”] == “Debian” {
include site::debian_common
} else {
fail(“Unknown operating system family”)
}
}

30. R.I.Pienaar | rip@devco.net | http://devco.net | @ripienaar
Puppet Site Policies
• /srv/www - root:root
• /etc/httpd/conf.d/<site>.conf
• /srv/www/<site> - root:root
• /srv/www/<site>/html - owner:owner
• /srv/www/<site>/logs/access_log - root:root
• /srv/www/<site>/logs/error_log - root:root
• <site> log rotation
• <site> backups

31. R.I.Pienaar | rip@devco.net | http://devco.net | @ripienaar
Puppet Site Policies
site::vhost{“example.com”: }
Day to Day Usage
$client_sites = [“example1.com”, “example2.com”]
site::vhost{$client_sites: }
site::vhost{“example.com”:
aliases => [“www.example.com”, “www.other.com”],
owner => “acme”,
allow_override => “All”,
options => “Indexes”
}

32. R.I.Pienaar | rip@devco.net | http://devco.net | @ripienaar
Puppet Site Policies
Policy Set by Web Team - Creates Utility
define site::vhost ( $port, $owner, $group, … ) {
apache::vhost{$name:
port => $port,
docroot => “/srv/www/${name}/html”,
docroot_owner => $owner,
docroot_group => $group,
}
bacula::backup_policy{$name: …}
sensu::monitor{$name: …}
}

33. R.I.Pienaar | rip@devco.net | http://devco.net | @ripienaar
Puppet Testing
Learning from Development - Unit Testing
describe “site::vhost” do
let(:title) { “example.com” }
it {
is_expected to contain_apache__vhost(“example.com”)
.with (
“port” => “80”,
“docroot” => “/srv/www/example.com/html”
…
)
}
end

34. R.I.Pienaar | rip@devco.net | http://devco.net | @ripienaar
Puppet Testing
Learning from Development - Integration Testing
describe package(“httpd”) do
it { should be_installed }
end
describe service(“httpd”) do
it { should be_enabled }
it { should be_running }
end
describe file(“/srv/www/example.com/html”) do
it { should exist }
it { should be_directory }
it { be_owned_by “root” }
end

35. R.I.Pienaar | rip@devco.net | http://devco.net | @ripienaar
Puppet Reporting
http://theforeman.org

36. R.I.Pienaar | rip@devco.net | http://devco.net | @ripienaar
Questions?
twitter: @ripienaar
email: rip@devco.net
blog: www.devco.net
github: ripienaar
freenode: Volcane
slack.puppet.com: ripienaar
http://learn.puppet.com/
https://www.devco.net/