Joshua Thijssen, profile picture
Uploaded byJoshua Thijssen
KEY, PPTX12,968 views

Puppet for dummies - ZendCon 2011 Edition

The document discusses Puppet, an open-source configuration management tool designed to automate and manage infrastructure effectively. It highlights the importance of infrastructure management for developers and sysadmins, presenting Puppet as a solution to various challenges faced in these roles. Puppet uses a declarative language to manage system configurations, and its architecture includes a master-client setup, making it scalable for both small and large environments.

Embed presentation

Download as KEY, PPTX
Puppet for Dummies ZendCon - October 2011 Santa Clara - United States http://joind.in/3781
Who am I? Joshua Thijssen Senior Software Engineer @ Enrise (Netherlands) Development in PHP, Python, Perl, C, Java, and System & DB admin. Blog: http://adayinthelifeof.nl Email: joshua@enrise.com Twitter: @jaytaph http://www.flickr.com/photos/akrabat/5422369749/in/photostream/
Joind.in ‣ http://joind.in/3781
The question of the day
The question of the day What is puppet and why should I care?
Why should I care? “People are finally figuring out puppet and how it gets you to the pub by 4pm. Note that I’ve been at this pub since 2pm.” - Jorge Castro
Why should I care (really)?
What is puppet? Puppet is a (not necessarily the) solution for the following problem: How do we setup, manage, synchronize, and upgrade our internal and external infrastructure?
But isn’t that a sysadmin problem? Sysadmin! Y U no fix problem!
But isn’t that a sysadmin problem? Sysadmin! Y U no fix problem! NO
What is puppet? LAMP-stack
What is puppet? Linux PHP LAMP-stack Apache MySQL
What is puppet? LAMPGMVNMCSTRAH-stack
What is puppet? Hadoop MongoDB ActiveMQ Gearman Linux Varnish Tika PHP LAMPGMVNMCSTRAH-stack Solr Apache Ngnix CouchDB Redis Memcache MySQL
How do we manage our infrastructure?
How do we manage our infrastructure? ‣ Solution 1: We don’t,
How do we manage our infrastructure? ‣ Solution 1: We don’t, ‣ Solution 2: We outsource,
How do we manage our infrastructure? ‣ Solution 1: We don’t, ‣ Solution 2: We outsource, ‣ Solution 3: We automate the process.
How do we manage our infrastructure? (1) ‣ Solution 1: we don’t
How do we manage our infrastructure? (1) ‣ It’s not funny: you find it more often than not. Especially inside small development companies. ‣ Solution 1: we don’t
How do we manage our infrastructure? (1) ‣ It’s not funny: you find it more often than not. Especially inside small development companies. ‣ Internal sysadmin, but he’s too busy with development to do sysadmin. ‣ Solution 1: we don’t
How do we manage our infrastructure? (1) ‣ It’s not funny: you find it more often than not. Especially inside small development companies. ‣ Internal sysadmin, but he’s too busy with development to do sysadmin. ‣ We only act on escalation ‣ Solution 1: we don’t
How do we manage our infrastructure? (1) ‣ It’s not funny: you find it more often than not. Especially inside small development companies. ‣ Internal sysadmin, but he’s too busy with development to do sysadmin. ‣ We only act on escalation ‣ reactive, not proactive ‣ Solution 1: we don’t
How do we manage our infrastructure? (2) ‣ Solution 2: we outsource
How do we manage our infrastructure? (2) ‣ Expensive $LA’s. ‣ Solution 2: we outsource
How do we manage our infrastructure? (2) ‣ Expensive $LA’s. ‣ What about INTERNAL servers like your development systems and infrastructure? ‣ Solution 2: we outsource
How do we manage our infrastructure? (2) ‣ Expensive $LA’s. ‣ What about INTERNAL servers like your development systems and infrastructure? ‣ Fight between stability and agility. ‣ Solution 2: we outsource
How do we manage our infrastructure? (2) ‣ Expensive $LA’s. ‣ What about INTERNAL servers like your development systems and infrastructure? ‣ Fight between stability and agility. ‣ Does your hosting company decide on whether you can use PHP5.3??? ‣ Solution 2: we outsource
How do we manage our infrastructure? (3) ‣ Solution 3: we do it ourselves and automate
How do we manage our infrastructure? (3) ‣ We are in charge. ‣ Solution 3: we do it ourselves and automate
How do we manage our infrastructure? (3) ‣ We are in charge. ‣ You can do what you like ‣ Solution 3: we do it ourselves and automate
How do we manage our infrastructure? (3) ‣ We are in charge. ‣ You can do what you like ‣ Use: cfEngine, chef, puppet. ‣ Solution 3: we do it ourselves and automate
How do we manage our infrastructure? (3) ‣ We are in charge. ‣ You can do what you like ‣ Use: cfEngine, chef, puppet. ‣ When done right, maintenance should not be difficult. ‣ Solution 3: we do it ourselves and automate
What is puppet? ‣ PUPPET TO THE RESCUE
What is puppet? ‣ Open source configuration management tool. ‣ Written in Ruby ‣ Open source: https://github.com/puppetlabs ‣ Commercial version available (puppet enterprise)
What is puppet? ¹ ‣ Don’t tell HOW to do stuff. ‣ Tell WHAT to do. ¹ It’s not actually true, but good enough for now...
What is puppet? “yum install httpd” “apt-get install apache2” ¹ ‣ Don’t tell HOW to do stuff. ‣ Tell WHAT to do. “install and run the apache webserver” ¹ It’s not actually true, but good enough for now...
Architectural overview
Architectural overview Puppet
Architectural overview Puppet Puppet CA Master https Puppet Agent
Architectural overview Puppet Puppet CA Master https Puppet Puppet Puppet Agent Agent Agent
How does it work Puppet Puppet master client
How does it work Check credentials Puppet Puppet master client
How does it work Check credentials Puppet Send facts Puppet master client
How does it work Check credentials Puppet Send facts Puppet master Returns “catalog” client
How does it work Check credentials Puppet Send facts Puppet master Returns “catalog” client Report results
Puppet manifests ‣ Manifests are puppet definitions ‣ <filename>.pp ‣ Puppet DSL ‣ De-cla-ra-tive language ‣ Version your manifests! (git/svn)
Puppet manifests package { “strace” : ensure => present, } file { “/home/jaytaph/secret-ingredient.txt” : ensure => present, mode => 0600, user => ‘jaytaph’, group => ‘noxlogic’, source => “puppet:///secret.txt”, }
Puppet manifests package { “httpd” : ensure => present, } service { “httpd”: running => true, enable => true, require => Package[“httpd”], } ‣ Spot the problem....
Puppet manifests Centos / Redhat service: httpd package: httpd config: /etc/httpd/conf/httpd.conf vhosts: /etc/httpd/conf.d/*.conf Debian / Ubuntu service: apache2 package: apache2 config: /etc/apache2/httpd.conf vhosts: /etc/apache2/sites-available ‣ Different distributions, different names
Puppet manifests package { “webserver”: case $operatingsystem { centos, redhat { $apache = “httpd” } debian, ubuntu { $apache = “apache2” } default : { fail(‘I don’t know this OS/distro’) } } name => $apache, ensure => installed, } ‣ $operatingsystem is a FACT
Facter [root@puppetnode1 ~]# facter --puppet architecture => x86_64 fqdn => puppetnode1.noxlogic.local interfaces => eth1,eth2,lo ipaddress_eth1 => 192.168.1.114 ipaddress_eth2 => 192.168.56.200 kernel => Linux kernelmajversion => 2.6 operatingsystem => CentOS operatingsystemrelease => 6.0 processor0 => Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz puppetversion => 2.6.9 ‣ A simple list with info (also useable in your own tools)
Puppet manifests /etc/puppet/manifests/site.pp: node default { $def_packages = [ “mc”, “strace”, “sysstat” ] package { $def_packages : ensure => latest, } } ‣ “Main” manifest
Puppet manifests node /^webd+.example.local$/ { package { “httpd” : ensure => latest, } } node /^dbd+.example.local$/ { package { “mysql-server” : ensure => installed, } } ‣ Defining nodes - regular expressions
Puppet manifests node basenode { user { “jaytaph” : ensure => present, gid => 1000, uid => 1000, home => “/home/jaytaph”, shell => “/bin/sh”, password => “supersecrethashedpassword”, managehome => true, } } node /^.+.example.local/ inherits basenode { ... } ‣ Node inheritance
Puppet manifests ‣ Group together into a class
Puppet manifests class webserver { service { “apache”: ensure => running, require => Package[“apache”], } package { “apache” : ensure => installed, } } ‣ Group together into a class
Puppet manifests class webserver { service { “apache”: ensure => running, require => Package[“apache”], } package { “apache” : ensure => installed, } file { “vhost_${webserver_name}” : path => “/etc/httpd/conf/10-vhost.conf”, content => template(“vhost.template.erb”), notify => Service[“httpd”], } } ‣ Group together into a class
Puppet manifests vhost.template.erb <virtualHost <%= ipaddress %>:80> ServerName <%= webserver_name %> ServerAlias <%= webserver_alias %> DocumentRoot <%= webserver_docroot %> </virtualHost> ‣ ERB Templates can use custom variables and facts
Puppet manifests node “web01.example.local” inherits base { $webserver_name = “web01.example.local” $webserver_alias = “www.example.local” $webserver_docroot = “/var/www/web01” import webserver } node “web02.example.local” inherits base { $webserver_name = “web02.example.local” $webserver_alias = “crm.example.local” $webserver_docroot = “/var/www/web02” import webserver }
Puppet modules ‣ A puppet module is a collection of resources, classes, templates. ‣ Used for easy distribution and code-reuse. ‣ Self-contained, run out-of-the-box
Puppet modules ‣ puppetforge / github ‣ Create your own (and share!). ‣ Use the ones from puppet enterprise edition. ‣ Use the standard layout / best practices
Puppet modules class ntp::install { package{"ntpd": ensure => latest } } class ntp::config { File{ require => Class["ntp::install"], notify => Class["ntp::service"], owner => "root", group => "root", mode => 644 } file{"/etc/ntp.conf": source => "puppet:///ntp/ntp.conf"; "/etc/ntp/step-tickers": source => "puppet:///ntp/step-tickers"; } } class ntp::service { service{"ntp": ensure => running, enable => true, require => Class["ntp::config"], } } class ntp { include ntp::install, ntp::config, ntp::service }
Test your modules ‣ (Unit)test your modules ‣ Test them with: puppet apply --noop ‣ More advanced testing: cucumber / cucumber-puppet (BDD)
What can puppet manage ‣ Almost everything. ‣ standard 48 different resource types ‣ Ranging from “file” to “cron” to “ssh_key” to “user” to “selinux”. ‣ Can control your Cisco routers and windows machines too (sortakinda) ‣ http://docs.puppetlabs.com/references/stable/type.html
Confusing puppet things
Confusing puppet things ‣ Puppet went from v0.25 to v2.6. ‣ REST interface since 2.6. XMLRPC before that. ‣ One binary to rule them all (puppet). ‣ Puppet v2.7 switched from GPLv2 to apache2.0 license.
Confusing puppet things ‣ --test does not mean dry-run! (--noop does). ‣ It’s not object oriented. (puppet class != php class) ‣ It’s a declarative language.
Puppet dashboards http://media.techtarget.com/digitalguide/images/Misc/puppetDashboard.gif
Puppet dashboards http://media.techtarget.com/digitalguide/images/Misc/puppetDashboard.gif
Live demo | MCollective?
MCollective ‣ Puppet agent “calls” the master every 30 minutes. ‣ But what about realtime command & control? ‣ “Puppet kick”... (meh) ‣ MCollective (Marionette Collective)
MCollective ‣ Which systems running a database and have 16GB or less? ‣ Which systems are using <50% of available memory? ‣ Restart all apache services in timezone GMT+5. ‣ How do we handle large number of nodes?
MCollective Client Middleware Node MCollective Server MCollective Client ACTIVEMQ Server MCollective Server Collective ‣ Middleware takes care of distribution, ‣ queued, broadcast etc..
MCollective ‣ The collective http://docs.puppetlabs.com/mcollective/reference/basic/subcollectives.html
MCollective $ mc-facts operatingsystem Report for fact: operatingsystem CentOS found 3 times Debian found 14 times Solaris found 4 times $ mc-facts -W operatingsystem=Centos operatingsystemrelease Report for fact: operatingsystemrelease 6.0 found 1 times 5.6 found 2 times ‣ Filter out nodes based on facts
MCollective - cool stuff ‣ Display all running processes ‣ Run or deploy software ‣ Restart services ‣ Start puppet agent ‣ Upgrade your systems
Recap -ETOOMUCHINFO Let’s recap
Recap (1) ‣ Configuration management tool. ‣ Focusses on “what” instead of “how”. ‣ Scales from 1 to 100K+ systems. ‣ Uses descriptive manifests.
Recap (2) ‣ Useful for sysadmins and developers. ‣ Keeps your infrastructure in sync. ‣ Keeps your infrastructure versioned. ‣ MCollective controls your hosts based on facts, not names.
Any questions? http://farm1.static.flickr.com/73/163450213_18478d3aa6_d.jpg
to remove this comic sans font, please rate my talk on: http://joind.in/3781

More Related Content

PDF
Puppet fundamentals
byMurali Boyapati
 
PDF
Getting started with Ansible
byIvan Serdyuk
 
PDF
Puppet for SysAdmins
byPuppet
 
PDF
Ansible 實戰:top down 觀點
byWilliam Yeh
 
PDF
Intro to-puppet
byF.L. Jonathan Araña Cruz
 
PDF
Ansible not only for Dummies
byŁukasz Proszek
 
PDF
Pro Puppet
bydsadas
 
PPTX
Puppet Availability and Performance at 100K Nodes - PuppetConf 2014
byPuppet
 
Puppet fundamentals
byMurali Boyapati
 
Getting started with Ansible
byIvan Serdyuk
 
Puppet for SysAdmins
byPuppet
 
Ansible 實戰:top down 觀點
byWilliam Yeh
 
Intro to-puppet
byF.L. Jonathan Araña Cruz
 
Ansible not only for Dummies
byŁukasz Proszek
 
Pro Puppet
bydsadas
 
Puppet Availability and Performance at 100K Nodes - PuppetConf 2014
byPuppet
 

What's hot

PPT
Python Deployment with Fabric
byandymccurdy
 
PDF
DevOps(3) : Ansible - (MOSG)
bySoshi Nemoto
 
PDF
PuppetCamp SEA 1 - Using Vagrant, Puppet, Testing & Hadoop
byWalter Heck
 
PPTX
Test-Driven Infrastructure with Ansible, Test Kitchen, Serverspec and RSpec
byMartin Etmajer
 
PDF
DevOps(4) : Ansible(2) - (MOSG)
bySoshi Nemoto
 
PDF
Take control of your Jenkins jobs via job DSL.
byŁukasz Proszek
 
KEY
Making Your Capistrano Recipe Book
byTim Riley
 
PDF
Network Automation: Ansible 102
byAPNIC
 
PPTX
Puppet_training
byAfroz Hussain
 
PDF
Managing Puppet using MCollective
byPuppet
 
PDF
Ansible : what's ansible & use case by REX
bySaewoong Lee
 
PDF
PuppetCamp SEA 1 - Puppet Deployment at OnApp
byWalter Heck
 
PPT
Scalable Systems Management with Puppet
byPuppet
 
PDF
Apache Cassandra and Go
byDataStax Academy
 
PDF
PuppetCamp SEA 1 - Use of Puppet
byWalter Heck
 
PDF
Fabric workshop(1) - (MOSG)
bySoshi Nemoto
 
PDF
Deploying Symfony | symfony.cat
byPablo Godel
 
PDF
Configuration Surgery with Augeas
byPuppet
 
PPT
Tips for a Faster Website
byRayed Alrashed
 
PDF
Preparation study of_docker - (MOSG)
bySoshi Nemoto
 
Python Deployment with Fabric
byandymccurdy
 
DevOps(3) : Ansible - (MOSG)
bySoshi Nemoto
 
PuppetCamp SEA 1 - Using Vagrant, Puppet, Testing & Hadoop
byWalter Heck
 
Test-Driven Infrastructure with Ansible, Test Kitchen, Serverspec and RSpec
byMartin Etmajer
 
DevOps(4) : Ansible(2) - (MOSG)
bySoshi Nemoto
 
Take control of your Jenkins jobs via job DSL.
byŁukasz Proszek
 
Making Your Capistrano Recipe Book
byTim Riley
 
Network Automation: Ansible 102
byAPNIC
 
Puppet_training
byAfroz Hussain
 
Managing Puppet using MCollective
byPuppet
 
Ansible : what's ansible & use case by REX
bySaewoong Lee
 
PuppetCamp SEA 1 - Puppet Deployment at OnApp
byWalter Heck
 
Scalable Systems Management with Puppet
byPuppet
 
Apache Cassandra and Go
byDataStax Academy
 
PuppetCamp SEA 1 - Use of Puppet
byWalter Heck
 
Fabric workshop(1) - (MOSG)
bySoshi Nemoto
 
Deploying Symfony | symfony.cat
byPablo Godel
 
Configuration Surgery with Augeas
byPuppet
 
Tips for a Faster Website
byRayed Alrashed
 
Preparation study of_docker - (MOSG)
bySoshi Nemoto
 

Similar to Puppet for dummies - ZendCon 2011 Edition

KEY
Puppet for dummies - PHPBenelux UG edition
byJoshua Thijssen
 
ZIP
Intro To Puppet.Key
byWork
 
PDF
Using Puppet in Small Infrastructures
byRachel Andrew
 
PDF
Puppet for Sys Admins
byPuppet
 
PPTX
Introduction to Puppet Scripting
byAchieve Internet
 
PDF
Puppet - Configuration Management Made Eas(ier)
byAaron Bernstein
 
PDF
Creating a mature puppet system
byrkhatibi
 
PDF
Creating a Mature Puppet System
byPuppet
 
ODP
Automating MySQL operations with Puppet
byKris Buytaert
 
PPTX
Puppet
byJohn Coggeshall
 
PPTX
Automation using Puppet 3
byFahmi Abdul Latip
 
PPT
Scalable systems management with puppet
byPuppet
 
PDF
Systems Automation with Puppet
byelliando dias
 
KEY
Keynote Puppet Camp San Francisco 2010
byPuppet
 
PPT
Dance for the puppet master: G6 Tech Talk
byMichael Peacock
 
PDF
Puppet overview
byjoshbeard
 
PDF
What we Learned Implementing Puppet at Backstop
byPuppet
 
PPTX
Puppet for Developers
bysagarhere4u
 
PDF
Unix Automation using centralized configuration management tool
byTorrid Networks Private Limited
 
PDF
Unix Automation using centralized configuration management tool
byTorrid Networks Private Limited
 
Puppet for dummies - PHPBenelux UG edition
byJoshua Thijssen
 
Intro To Puppet.Key
byWork
 
Using Puppet in Small Infrastructures
byRachel Andrew
 
Puppet for Sys Admins
byPuppet
 
Introduction to Puppet Scripting
byAchieve Internet
 
Puppet - Configuration Management Made Eas(ier)
byAaron Bernstein
 
Creating a mature puppet system
byrkhatibi
 
Creating a Mature Puppet System
byPuppet
 
Automating MySQL operations with Puppet
byKris Buytaert
 
Puppet
byJohn Coggeshall
 
Automation using Puppet 3
byFahmi Abdul Latip
 
Scalable systems management with puppet
byPuppet
 
Systems Automation with Puppet
byelliando dias
 
Keynote Puppet Camp San Francisco 2010
byPuppet
 
Dance for the puppet master: G6 Tech Talk
byMichael Peacock
 
Puppet overview
byjoshbeard
 
What we Learned Implementing Puppet at Backstop
byPuppet
 
Puppet for Developers
bysagarhere4u
 
Unix Automation using centralized configuration management tool
byTorrid Networks Private Limited
 
Unix Automation using centralized configuration management tool
byTorrid Networks Private Limited
 

More from Joshua Thijssen

KEY
Moved 301
byJoshua Thijssen
 
KEY
Cipher block modes
byJoshua Thijssen
 
PPT
15 protips for mysql users pfz
byJoshua Thijssen
 
PDF
Alice & bob public key cryptography 101 - uncon dpc
byJoshua Thijssen
 
KEY
Representation state transfer and some other important stuff
byJoshua Thijssen
 
KEY
Deploying and maintaining your software with RPM/APT
byJoshua Thijssen
 
KEY
Alice & bob public key cryptography 101
byJoshua Thijssen
 
KEY
15 protips for mysql users
byJoshua Thijssen
 
KEY
Workshop unittesting
byJoshua Thijssen
 
KEY
Sed & awk the dynamic duo
byJoshua Thijssen
 
KEY
Alice & bob public key cryptography 101
byJoshua Thijssen
 
PDF
PFZ WorkshopDay Linux - Advanced
byJoshua Thijssen
 
PDF
PFZ WorkshopDay Linux - Basic
byJoshua Thijssen
 
Moved 301
byJoshua Thijssen
 
Cipher block modes
byJoshua Thijssen
 
15 protips for mysql users pfz
byJoshua Thijssen
 
Alice & bob public key cryptography 101 - uncon dpc
byJoshua Thijssen
 
Representation state transfer and some other important stuff
byJoshua Thijssen
 
Deploying and maintaining your software with RPM/APT
byJoshua Thijssen
 
Alice & bob public key cryptography 101
byJoshua Thijssen
 
15 protips for mysql users
byJoshua Thijssen
 
Workshop unittesting
byJoshua Thijssen
 
Sed & awk the dynamic duo
byJoshua Thijssen
 
Alice & bob public key cryptography 101
byJoshua Thijssen
 
PFZ WorkshopDay Linux - Advanced
byJoshua Thijssen
 
PFZ WorkshopDay Linux - Basic
byJoshua Thijssen
 

Recently uploaded

PDF
What Thema can do: Leveraging metadata to support the discoverability of Firs...
byBookNet Canada
 
PDF
Real-Time AI at Scale Masterclass: Feature Store at Scale
byScyllaDB
 
PDF
Bettersize | BeSEC Series Product Brochure
byBettersize Instruments
 
PDF
Dev Dives: Build and deploy agentic automations - the unified way
byUiPathCommunity
 
PDF
Designing a Blog Using Wordpress
bymarkzubi50
 
PPTX
The Lex Wire Precedent: A Technical Standard for Machine-Mediated Authority ...
byJeff Howell
 
PDF
What Is the Azure AI Foundry and Why Does It Matter for Enterprises?
byjohncarterjn
 
PDF
Transcript: What Thema can do: Leveraging metadata to support the discoverabi...
byBookNet Canada
 
PPTX
Introduction to Industrial-Arts Grade 8 ppt Lesson 1
byFSBTLEDNathanVince
 
PPTX
TechSprint (SJBIT) 2025-26 Hackathon Winners & Awards Ceremony
bysuhasspgdg
 
PPTX
NTG - Data Center Management System Software
byMustafa Kuğu
 
PPTX
Jisc Equipment Data Service Update Workshop 3 December 2025
byJisc
 
PDF
Website Redesign Vs Website Refresh, What’s Right for You in 2026?
byAnuj Kumar Singh
 
PDF
2026_01_28 - OpenMetadata Community Meeting.pdf
byOpenMetadata
 
PDF
How to build hackthon projects from ZERO!
byishantyadav1111
 
PDF
When Drones Decide for Themselves_ Inside the Rise of Machine-Led Flight.pdf
byLyra Anderson
 
PPTX
Software Engineering in the Age of AI Agents
byHusseinMalikMammadli
 
PDF
7 Essential Types of Penetration Testing Services Every Business Should Under...
bypandeydevika621
 
PPTX
2026 SCORM Troubleshooting Rustici + dominKnow.pptx
byRustici Software
 
PDF
Taxonomy Alignment for SDG Tagging - ASHA Case Study
byEnterprise Knowledge
 
What Thema can do: Leveraging metadata to support the discoverability of Firs...
byBookNet Canada
 
Real-Time AI at Scale Masterclass: Feature Store at Scale
byScyllaDB
 
Bettersize | BeSEC Series Product Brochure
byBettersize Instruments
 
Dev Dives: Build and deploy agentic automations - the unified way
byUiPathCommunity
 
Designing a Blog Using Wordpress
bymarkzubi50
 
The Lex Wire Precedent: A Technical Standard for Machine-Mediated Authority ...
byJeff Howell
 
What Is the Azure AI Foundry and Why Does It Matter for Enterprises?
byjohncarterjn
 
Transcript: What Thema can do: Leveraging metadata to support the discoverabi...
byBookNet Canada
 
Introduction to Industrial-Arts Grade 8 ppt Lesson 1
byFSBTLEDNathanVince
 
TechSprint (SJBIT) 2025-26 Hackathon Winners & Awards Ceremony
bysuhasspgdg
 
NTG - Data Center Management System Software
byMustafa Kuğu
 
Jisc Equipment Data Service Update Workshop 3 December 2025
byJisc
 
Website Redesign Vs Website Refresh, What’s Right for You in 2026?
byAnuj Kumar Singh
 
2026_01_28 - OpenMetadata Community Meeting.pdf
byOpenMetadata
 
How to build hackthon projects from ZERO!
byishantyadav1111
 
When Drones Decide for Themselves_ Inside the Rise of Machine-Led Flight.pdf
byLyra Anderson
 
Software Engineering in the Age of AI Agents
byHusseinMalikMammadli
 
7 Essential Types of Penetration Testing Services Every Business Should Under...
bypandeydevika621
 
2026 SCORM Troubleshooting Rustici + dominKnow.pptx
byRustici Software
 
Taxonomy Alignment for SDG Tagging - ASHA Case Study
byEnterprise Knowledge
 

Puppet for dummies - ZendCon 2011 Edition

  • 1.
    Puppet for Dummies ZendCon - October 2011 Santa Clara - United States http://joind.in/3781
  • 2.
    Who am I? Joshua Thijssen Senior Software Engineer @ Enrise (Netherlands) Development in PHP, Python, Perl, C, Java, and System & DB admin. Blog: http://adayinthelifeof.nl Email: joshua@enrise.com Twitter: @jaytaph http://www.flickr.com/photos/akrabat/5422369749/in/photostream/
  • 3.
  • 4.
  • 5.
    The question ofthe day What is puppet and why should I care?
  • 6.
    Why should Icare? “People are finally figuring out puppet and how it gets you to the pub by 4pm. Note that I’ve been at this pub since 2pm.” - Jorge Castro
  • 7.
    Why should Icare (really)?
  • 8.
    What is puppet? Puppet is a (not necessarily the) solution for the following problem: How do we setup, manage, synchronize, and upgrade our internal and external infrastructure?
  • 9.
    But isn’t thata sysadmin problem? Sysadmin! Y U no fix problem!
  • 10.
    But isn’t thata sysadmin problem? Sysadmin! Y U no fix problem! NO
  • 11.
    What is puppet? LAMP-stack
  • 12.
    What is puppet? Linux PHP LAMP-stack Apache MySQL
  • 13.
    What is puppet? LAMPGMVNMCSTRAH-stack
  • 14.
    What is puppet? Hadoop MongoDB ActiveMQ Gearman Linux Varnish Tika PHP LAMPGMVNMCSTRAH-stack Solr Apache Ngnix CouchDB Redis Memcache MySQL
  • 15.
    How do wemanage our infrastructure?
  • 16.
    How do wemanage our infrastructure? ‣ Solution 1: We don’t,
  • 17.
    How do wemanage our infrastructure? ‣ Solution 1: We don’t, ‣ Solution 2: We outsource,
  • 18.
    How do wemanage our infrastructure? ‣ Solution 1: We don’t, ‣ Solution 2: We outsource, ‣ Solution 3: We automate the process.
  • 19.
    How do wemanage our infrastructure? (1) ‣ Solution 1: we don’t
  • 20.
    How do wemanage our infrastructure? (1) ‣ It’s not funny: you find it more often than not. Especially inside small development companies. ‣ Solution 1: we don’t
  • 21.
    How do wemanage our infrastructure? (1) ‣ It’s not funny: you find it more often than not. Especially inside small development companies. ‣ Internal sysadmin, but he’s too busy with development to do sysadmin. ‣ Solution 1: we don’t
  • 22.
    How do wemanage our infrastructure? (1) ‣ It’s not funny: you find it more often than not. Especially inside small development companies. ‣ Internal sysadmin, but he’s too busy with development to do sysadmin. ‣ We only act on escalation ‣ Solution 1: we don’t
  • 23.
    How do wemanage our infrastructure? (1) ‣ It’s not funny: you find it more often than not. Especially inside small development companies. ‣ Internal sysadmin, but he’s too busy with development to do sysadmin. ‣ We only act on escalation ‣ reactive, not proactive ‣ Solution 1: we don’t
  • 24.
    How do wemanage our infrastructure? (2) ‣ Solution 2: we outsource
  • 25.
    How do wemanage our infrastructure? (2) ‣ Expensive $LA’s. ‣ Solution 2: we outsource
  • 26.
    How do wemanage our infrastructure? (2) ‣ Expensive $LA’s. ‣ What about INTERNAL servers like your development systems and infrastructure? ‣ Solution 2: we outsource
  • 27.
    How do wemanage our infrastructure? (2) ‣ Expensive $LA’s. ‣ What about INTERNAL servers like your development systems and infrastructure? ‣ Fight between stability and agility. ‣ Solution 2: we outsource
  • 28.
    How do wemanage our infrastructure? (2) ‣ Expensive $LA’s. ‣ What about INTERNAL servers like your development systems and infrastructure? ‣ Fight between stability and agility. ‣ Does your hosting company decide on whether you can use PHP5.3??? ‣ Solution 2: we outsource
  • 29.
    How do wemanage our infrastructure? (3) ‣ Solution 3: we do it ourselves and automate
  • 30.
    How do wemanage our infrastructure? (3) ‣ We are in charge. ‣ Solution 3: we do it ourselves and automate
  • 31.
    How do wemanage our infrastructure? (3) ‣ We are in charge. ‣ You can do what you like ‣ Solution 3: we do it ourselves and automate
  • 32.
    How do wemanage our infrastructure? (3) ‣ We are in charge. ‣ You can do what you like ‣ Use: cfEngine, chef, puppet. ‣ Solution 3: we do it ourselves and automate
  • 33.
    How do wemanage our infrastructure? (3) ‣ We are in charge. ‣ You can do what you like ‣ Use: cfEngine, chef, puppet. ‣ When done right, maintenance should not be difficult. ‣ Solution 3: we do it ourselves and automate
  • 34.
    What is puppet? ‣PUPPET TO THE RESCUE
  • 35.
    What is puppet? ‣ Open source configuration management tool. ‣ Written in Ruby ‣ Open source: https://github.com/puppetlabs ‣ Commercial version available (puppet enterprise)
  • 36.
    What is puppet? ¹ ‣ Don’t tell HOW to do stuff. ‣ Tell WHAT to do. ¹ It’s not actually true, but good enough for now...
  • 37.
    What is puppet? “yum install httpd” “apt-get install apache2” ¹ ‣ Don’t tell HOW to do stuff. ‣ Tell WHAT to do. “install and run the apache webserver” ¹ It’s not actually true, but good enough for now...
  • 38.
  • 39.
  • 40.
    Architectural overview Puppet Puppet CA Master https Puppet Agent
  • 41.
    Architectural overview Puppet Puppet CA Master https Puppet Puppet Puppet Agent Agent Agent
  • 42.
    How does itwork Puppet Puppet master client
  • 43.
    How does itwork Check credentials Puppet Puppet master client
  • 44.
    How does itwork Check credentials Puppet Send facts Puppet master client
  • 45.
    How does itwork Check credentials Puppet Send facts Puppet master Returns “catalog” client
  • 46.
    How does itwork Check credentials Puppet Send facts Puppet master Returns “catalog” client Report results
  • 47.
    Puppet manifests ‣ Manifests are puppet definitions ‣ <filename>.pp ‣ Puppet DSL ‣ De-cla-ra-tive language ‣ Version your manifests! (git/svn)
  • 48.
    Puppet manifests package { “strace” : ensure => present, } file { “/home/jaytaph/secret-ingredient.txt” : ensure => present, mode => 0600, user => ‘jaytaph’, group => ‘noxlogic’, source => “puppet:///secret.txt”, }
  • 49.
    Puppet manifests package { “httpd” : ensure => present, } service { “httpd”: running => true, enable => true, require => Package[“httpd”], } ‣ Spot the problem....
  • 50.
    Puppet manifests Centos / Redhat service: httpd package: httpd config: /etc/httpd/conf/httpd.conf vhosts: /etc/httpd/conf.d/*.conf Debian / Ubuntu service: apache2 package: apache2 config: /etc/apache2/httpd.conf vhosts: /etc/apache2/sites-available ‣ Different distributions, different names
  • 51.
    Puppet manifests package { “webserver”: case $operatingsystem { centos, redhat { $apache = “httpd” } debian, ubuntu { $apache = “apache2” } default : { fail(‘I don’t know this OS/distro’) } } name => $apache, ensure => installed, } ‣ $operatingsystem is a FACT
  • 52.
    Facter [root@puppetnode1 ~]# facter--puppet architecture => x86_64 fqdn => puppetnode1.noxlogic.local interfaces => eth1,eth2,lo ipaddress_eth1 => 192.168.1.114 ipaddress_eth2 => 192.168.56.200 kernel => Linux kernelmajversion => 2.6 operatingsystem => CentOS operatingsystemrelease => 6.0 processor0 => Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz puppetversion => 2.6.9 ‣ A simple list with info (also useable in your own tools)
  • 53.
    Puppet manifests /etc/puppet/manifests/site.pp: node default { $def_packages = [ “mc”, “strace”, “sysstat” ] package { $def_packages : ensure => latest, } } ‣ “Main” manifest
  • 54.
    Puppet manifests node /^webd+.example.local$/ { package { “httpd” : ensure => latest, } } node /^dbd+.example.local$/ { package { “mysql-server” : ensure => installed, } } ‣ Defining nodes - regular expressions
  • 55.
    Puppet manifests node basenode { user { “jaytaph” : ensure => present, gid => 1000, uid => 1000, home => “/home/jaytaph”, shell => “/bin/sh”, password => “supersecrethashedpassword”, managehome => true, } } node /^.+.example.local/ inherits basenode { ... } ‣ Node inheritance
  • 56.
    Puppet manifests ‣ Grouptogether into a class
  • 57.
    Puppet manifests class webserver { service { “apache”: ensure => running, require => Package[“apache”], } package { “apache” : ensure => installed, } } ‣ Group together into a class
  • 58.
    Puppet manifests class webserver { service { “apache”: ensure => running, require => Package[“apache”], } package { “apache” : ensure => installed, } file { “vhost_${webserver_name}” : path => “/etc/httpd/conf/10-vhost.conf”, content => template(“vhost.template.erb”), notify => Service[“httpd”], } } ‣ Group together into a class
  • 59.
    Puppet manifests vhost.template.erb <virtualHost <%= ipaddress %>:80> ServerName <%= webserver_name %> ServerAlias <%= webserver_alias %> DocumentRoot <%= webserver_docroot %> </virtualHost> ‣ ERB Templates can use custom variables and facts
  • 60.
    Puppet manifests node“web01.example.local” inherits base { $webserver_name = “web01.example.local” $webserver_alias = “www.example.local” $webserver_docroot = “/var/www/web01” import webserver } node “web02.example.local” inherits base { $webserver_name = “web02.example.local” $webserver_alias = “crm.example.local” $webserver_docroot = “/var/www/web02” import webserver }
  • 61.
    Puppet modules ‣ A puppet module is a collection of resources, classes, templates. ‣ Used for easy distribution and code-reuse. ‣ Self-contained, run out-of-the-box
  • 62.
    Puppet modules ‣ puppetforge / github ‣ Create your own (and share!). ‣ Use the ones from puppet enterprise edition. ‣ Use the standard layout / best practices
  • 63.
    Puppet modules classntp::install { package{"ntpd": ensure => latest } } class ntp::config { File{ require => Class["ntp::install"], notify => Class["ntp::service"], owner => "root", group => "root", mode => 644 } file{"/etc/ntp.conf": source => "puppet:///ntp/ntp.conf"; "/etc/ntp/step-tickers": source => "puppet:///ntp/step-tickers"; } } class ntp::service { service{"ntp": ensure => running, enable => true, require => Class["ntp::config"], } } class ntp { include ntp::install, ntp::config, ntp::service }
  • 64.
    Test your modules ‣ (Unit)test your modules ‣ Test them with: puppet apply --noop ‣ More advanced testing: cucumber / cucumber-puppet (BDD)
  • 65.
    What can puppetmanage ‣ Almost everything. ‣ standard 48 different resource types ‣ Ranging from “file” to “cron” to “ssh_key” to “user” to “selinux”. ‣ Can control your Cisco routers and windows machines too (sortakinda) ‣ http://docs.puppetlabs.com/references/stable/type.html
  • 66.
  • 67.
    Confusing puppet things ‣ Puppet went from v0.25 to v2.6. ‣ REST interface since 2.6. XMLRPC before that. ‣ One binary to rule them all (puppet). ‣ Puppet v2.7 switched from GPLv2 to apache2.0 license.
  • 68.
    Confusing puppet things ‣ --test does not mean dry-run! (--noop does). ‣ It’s not object oriented. (puppet class != php class) ‣ It’s a declarative language.
  • 69.
  • 70.
  • 71.
    Live demo |MCollective?
  • 72.
    MCollective ‣ Puppet agent“calls” the master every 30 minutes. ‣ But what about realtime command & control? ‣ “Puppet kick”... (meh) ‣ MCollective (Marionette Collective)
  • 73.
    MCollective ‣ Which systems running a database and have 16GB or less? ‣ Which systems are using <50% of available memory? ‣ Restart all apache services in timezone GMT+5. ‣ How do we handle large number of nodes?
  • 74.
    MCollective Client Middleware Node MCollective Server MCollective Client ACTIVEMQ Server MCollective Server Collective ‣ Middleware takes care of distribution, ‣ queued, broadcast etc..
  • 75.
    MCollective ‣ The collective http://docs.puppetlabs.com/mcollective/reference/basic/subcollectives.html
  • 76.
    MCollective $ mc-facts operatingsystem Reportfor fact: operatingsystem CentOS found 3 times Debian found 14 times Solaris found 4 times $ mc-facts -W operatingsystem=Centos operatingsystemrelease Report for fact: operatingsystemrelease 6.0 found 1 times 5.6 found 2 times ‣ Filter out nodes based on facts
  • 77.
    MCollective - coolstuff ‣ Display all running processes ‣ Run or deploy software ‣ Restart services ‣ Start puppet agent ‣ Upgrade your systems
  • 78.
    Recap -ETOOMUCHINFO Let’s recap
  • 79.
    Recap (1) ‣Configuration management tool. ‣ Focusses on “what” instead of “how”. ‣ Scales from 1 to 100K+ systems. ‣ Uses descriptive manifests.
  • 80.
    Recap (2) ‣Useful for sysadmins and developers. ‣ Keeps your infrastructure in sync. ‣ Keeps your infrastructure versioned. ‣ MCollective controls your hosts based on facts, not names.
  • 81.
  • 82.
    to remove thiscomic sans font, please rate my talk on: http://joind.in/3781

Editor's Notes