Puppet Systems Infrastructure Construction Kit
•
0 likes•1,612 views
A presentation of PSICK, a Puppet control repo and a module to speedup the setup of a smart and extensible infrastructure.
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Puppet Systems Infrastructure Construction Kit
Similar to Puppet Systems Infrastructure Construction Kit (20)
More from Alessandro Franceschi
More from Alessandro Franceschi (13)
Recently uploaded
Recently uploaded (20)
Puppet Systems Infrastructure Construction Kit
- 1. Puppet Systems Infrastructure Construction Kit Alessandro Franceschi @alvagante
- 3. Make sense of the whole: Language, resources, classes, modules, facts, variables, templates, hiera... Decide how to classify nodes Manage configurations variety Find and integrate existing modules: Try, integrate, use, wrap. Adapt, fight, fork. Or write from them scratch. Design Hiera hierarchies. What's data. How's data. Who uses data. Puppet masters' dilemmas
- 4. 10 years of public Puppet ramblings
- 5. 2008 Example(42) Puppet infrastructures First set of example42 modules 2010 Puppi 2010 Example42 NextGen modules 2012 Puppet Playground 2014 Tiny Puppet 2016 Reusable control-repo 2017 PSICK module and control-repo 10 years of public Puppet ramblings
- 6. A state of the (current) art Puppet control-repo github.com/example42/psick An Infrastructure Puppet module github.com/example42/puppet-psick Requires Puppet 4.6 or later Usable (cherry picking single elements) by: - Puppet Beginners who can cope with just [YAML] data over DSL - Experienced Sysadmins who know how to configure their files - Puppet Experts interested in radically alternative approaches to Puppet dilemmas
- 7. A control-repo with psick powers
- 8. Support for Linux, Windows [and...] Toolset for the Puppet developer Multi OS Puppet installer CI with GitLab, Travis, Jenkins Sample hiera datasets Docker image building Testing local code on containers Testing local code on Vagrant VMs Multiple configurable Vagrant env Multi OS Vagrant boxes Automatic control-repo docs Noop and no-noop management Control-repo spec tests Control-repo integration tests Quick Puppet Enterprise test env Fabric integration [...] A control-repo with psick powers github.com/example42/psick
- 9. An Infrastructure puppet module
- 10. What is an Infrastructure module?! Install: puppet module install example42/psick Usage: include psick Nothing is done by default. Everything is configured via Hiera. It has 3 opt-in functions: - classification - base profiles for common use cases - tp profiles for [any] application An Infrastructure puppet module github.com/example42/puppet-psick
- 11. Classification with psick module
- 12. Phased classification: [firstrun] -> pre -> base -> profiles Hiera deep merge lookup to OS dependent hashes with the classes to include in each phase psick::enable_firstrun: true #Def: false psick::firstrun::linux_classes: aws_sdk: psick::aws::sdk psick::firstrun::windows_classes: hostname: psick::hostname psick::pre::linux_classes: repo: psick::repo users: psick::users psick::base::linux_classes: mail: psick::postfix::tp ssh: psick::openssh sudo: psick::sudo network: network psick::pre::windows_classes: hosts: psick::hosts::resource psick::base::windows_classes: features: psick::windows::features registry: psick::windows::registry Classification with psick
- 13. psick profiles
- 14. Ready for use and cherry pick profiles to manage common system and applications configurations. Alternative to dedicated modules psick::profiles::linux_classes: time: psick::time psick::time::servers: - pool.ntp.org A partial list of base profiles for common settings: - psick::hosts - Manage /etc/hosts - psick::motd - Manage /etc/motd and /etc/issue - psick::nfs - Manage NFS client and server - psick::sudo - Manage sudo configuration - psick::sysctl - Manage sysctl settings - psick::firewall - Manage firewalling - psick::openssh - tp profile and keygen define - psick::hardening - Manage system hardening - psick::network - Manage networking - psick::puppet - Manage Puppet components - psick::users - Manage users - psick::time - Manage time and timezones A list of application specific profiles: - psick::ansible - Manage Ansible installation - psick::aws - Manage AWS client tools and VPC setup - psick::bolt - Manage Bolt installation - psick::docker - Docker installation and build tools - psick::foreman - Foreman installation - psick::git - Git installation and configuration - psick::gitlab - GitLab installation and config - psick::mariadb - Manage Mariadb - psick::mysql - Manage Mysql - psick::mongo - Manage Mongo - psick::php - Manage php and modules - psick::oracle - Manage Oracle prereq and setup - psick::sensu - Manage Sensu psick profiles
- 15. Tiny Puppet and tp profiles
- 16. Standard set of profiles to manage applications with Tiny Puppet (tp). psick::profiles::linux_classes: web: psick::apache::tp psick::apache::tp::resources_hash: tp::conf: apache::openkills.info.conf: base_dir: conf template: psick/apache/vh.conf.erb options_hash: ServerName: openskills.info ServerAlias: - openskills.info AddDefaultCharset: ISO-8859-1 apache::deny_git.conf: base_dir: conf source: puppet:///modules/psick/ apache/deny_git.conf tp::dir: apache::openskills.info: vcsrepo: git source: git@git:alvagante/osk.git path: /var/www/html/openskills.info Tiny Puppet and tp profiles
- 17. demo
- 18. Start to play around git clone https://github.com/example42/psick cd psick bin/puppet_install.sh # To install latest Puppet agent bin/puppet_setup.sh # Installs required gems and runs r10k cd vagrant/environment/<env>/ vagrant status [vm] vagrant up [vm] vi ../../../hieradata/* ... vagrant provision [vm] Work on a new control-repo based on psick git clone https://github.com/example42/psick cd psick ./psick create cd /path/to/yournew_control-repop git status vi ... git add [...] demo
- 19. Explore the control-repo # The first manifest parsed by Puppet server manifests/site.pp # r10k Puppetfile and directory for public modules Puppetfile modules/ # Sample Hiera configuration file and data directory hiera.yaml hieradata/ # Directory with different Vagrant environments vagrant/ # Tools for various tasks (used in dev and CI) bin/ # CI integration .gitlab-ci.yml Jenkinsfile .travis.yml # Control repo spec tests spec/ Gemfile Rakefile # Local profiles site/ demo
- 20. Test local code with Vagrant • Multiple Vagrant environments ls -l vagrant/environments/ • Each one customisable via config.yaml cd vagrant/environments/ostest vi config.yaml • Start the Vagrant VM you want host $ cd vagrant/environments/ostest host $ vagrant status host $ vagrant up centos7.ostest.psick.io • Test your code and data host $ vi ../../../hieradata/nodes/ centos7.ostest.psick.io.yaml host $ vagrant ssh centos7.ostest.psick.io vm $ sudo su - vm # /vagrant_puppet/bin/papply.sh demo
- 21. Where to customise • Psick control-repo is just the starting point for a greenfield modern Puppet setup • Define a way to set your nodes defining variables (the ones used in hiera.yaml) • Decide how to manage classification • For each element to configure choose: 1 - Use a public module (add it to Puppetfile) 2 - Use a psick profile 3 - Write a custom profile (add to Puppetfile or directly in site/ profile/) • Review hiera.yaml logic and customise data in hieradata/ • Customise your Vagrant environments • Customise CI pipelines
- 22. PSICK the control-repo github.com/example42/psick The psick Puppet module github.com/example42/puppet-psick forge.puppet.com/example42/psick Interested? Weekly Puppet Tips example42.com/blog Graphics: tatlin.net