In this slides is presented a light solution based on the integration between Puppet-Foreman and Gitolite to the problem: How to enable many sysadmins to work together on one work environment without interfering with each other?

1. Cooperating sysadmins: it’s not
an oxymoron.
Integrating Puppet and Gitolite to make our lives easier.
Luca Mazzaferro
04 December 2014

2. Outline
● About me...
● The Motivations
● The Ingredients
● Puppet-Gitolite integration
● Final considerations.
● Conclusions.
...in 20 minutes (approximately)
2

3. About me...
Born 33 years
ago here...
Master Degree in
Physics at “La
Sapienza”
PhD in Physics at
“Tor Vergata”
Rome: a place with many
cultural interests, but I
was still looking for other
experiences...
Why not München?
3

4. RZG Garching
Computing support for many experiments and collaborations:
Storage and Data archiving for Max Planck Scientists:
● up to 90PBytes
● 30K Tapes
IBM Supercomputer Hydra (80k cores, total memory: 260 TByte;
water cooling):
● Research on Nuclear Fusions and Plasma Physics
● High Energy Physics
● Material Science
● Simulations
Applications support of high-performance-computing
applications to Max-Planck Institutes:
● development
● optimization
● analysis
● visualization
http://www.rzg.mpg.de/
4
Many dedicated linux clusters

5. Ok, let’s start:
Motivations
5

6. The problem
6

7. How to enable many sysadmins to work together on
one centralize puppet master without interfering with
each other?
7
The problem

8. The Ingredients
8

9. Puppet
● It’s an opensource multiplatform management tool
based on Ruby (“Wikipedia”).
● It helps to manage an entire infrastructure throughout its
lifecycle from the provisioning and configuration to
orchestration and reporting (“PuppetLabs.com”)
● In few word it is like a good orchestra
conductor
9

10. Quick overview about Puppet
Puppet
Code
3. Enforce the changes
Install...
Update...
Configure...
Restart...
etc...
4. Reporting
2. Simulate them before
deploying changes
1. Define your services/resources in
reusable manifests eventually
organized in modules
10
Dashboard
Foreman
Terminal

11. Foreman
● Foreman is an open source project that gives system
administrators the power to easily automate repetitive
tasks, quickly deploy applications, and proactively
manage servers, on-premises or in the cloud. [http:
//theforeman.org/]
● We use it on top of Puppet as
○ User and grants management
○ Monitor
○ Report collector
○ External Node Classifier (ENC)
11

12. Quick overview about Gitolite
12
“Gitolite allows you to setup git hosting on a central server,
with fine-grained access control and many more powerful
features”. [http://gitolite.com/gitolite/index.html]
● Easy to install: it’s a tarball working with few setup
● Security based on ssh-key exchange
● Easy manageable via a dedicated repository (no direct intervention on the
server)
● Extensible with plugins and graphical interface
● Hooks and Triggers available to add customizations

13. Let’s cook
Puppet-Gitolite integration
13

14. Putting things together
● Puppet:
○ deployment service
● Foreman:
○ puppet management service (stops
admins interfering with each other)
● Gitolite:
○ enables admins to develop and share
modules without interfering each other.
○ avoiding direct access to puppet server
14

15. Puppet - Gitolite integration
/environments
/
/modules
gitolite /manifests
Experiments
[applications]
Storage
Compute
Nodes
Exp/App
Storage
CP Nodes
15

16. /environments
/
/modules
gitolite /manifests
Experiments
[applications]
Storage
Compute
Nodes
Exp/App
Storage
CP Nodes
Puppet - Gitolite integration
16

17. /environments
/
/modules
gitolite /manifests
Experiments
[applications]
Storage
Compute
Nodes
Exp/App
Storage
CP Nodes
Puppet - Gitolite integration
17

18. /environments
/
/modules
gitolite /manifests
Experiments
[applications]
Storage
Compute
Nodes
Exp/App
Storage
CP Nodes
Puppet - Gitolite integration
18

19. Our Solution
gitolite
19

20. Puppet User Management
/environments
/
/modules
/manifests
Exp/App
Storage
CP Nodes
Storage
Foreman Interface as ENC:
● User management:
○ association environments <-> users
○ association environments <-> nodes
○ correlation with gitolite repositories
● Centralized management of puppet master,
certificates,
● Monitoring
20

21. A bit deeper inside Gitolite
gitweb
Experiments.git Storage.git Compute Nodes.git
Experiments
/environments
Storage Compute Nodes
Repositories
Experiments
[applications]
gitolite
● Access to repositories via git protocol
● Authorizations and Authentications
based on ssh-keys
● Web interface (gitweb) for modules
visualization
21

22. Some considerations about Gitolite
Benefits:
● Allows several sysadmins to work on the same puppet
master in a safe way
● Provide a revision control
● Web Interface (gitweb) for code viewing
● Allows simply code sharing
22

23. Final considerations
23

24. ● Closed environments to avoid
errors propagation but...
● ... still enabling code sharing
between different sysadmins
● One only centralized service to
maintain
● Revision controller
● Increase the safety
● Open Source
● Suggestions?
● Maybe: a bit tricky to install and
configure the first time?! But
Doable!
● Suggestions?
24

25. Next Steps
● continuous integration + continuous delivery:
○ Docker and/or Jenkins?
● Improve authorization and access in the
gitolite web interface
25

26. Conclusions
Enable many sysadmins to work together on
one centralize puppet master without
interfering with each other!
● Increase the safety: no direct interaction with P.M.
● Revision Control
● Just started but looks promising
26

27. Thanks for your attention
Any question or suggestion?
27
luca.mazzaferro@rzg.mpg.de

28. Some Tech Details
Very Light Weight
Type: VM
OS: SL6.6
cpu: 1
mem: 2G
Docker Version: 1.3.1
Foreman Version: 1.6.1
Puppet Master: 3.7.3
/var/log
/etc/foreman
link
/var/lib/puppet/ssl
/etc/puppet/environments
/etc/puppet/modules
gitolite
About our infrastructure
Computing farm for physics
experiments:
● Storage: 1.5 PBytes
● Computes Nodes: hundreds
● Many services for users
Research Communities:
● up to 10
Owncloud internal service:
● just started
Total sysadmins supported:
● three
22

29. Motivations
What ONE sysadmin would like to have:
● Easy life:
○ easily deploy of new softwares or upgrades
○ fast and easy reconfigurations/restart of the
services
○ possibly, one interface for different tools
○ OS independent
○ higher level of abstraction
○ automation
6

30. Motivations
...but what if MANY sysadmins are working on
the same system?
● closed environments
● sharing of the code and configurations
● writing code?! Revision controller!
● centralized automation system
7