Puppet, profile picture
Uploaded byPuppet
PDF, PPTX182 views

PuppetConf 2017: No Server Left Behind - Miguel Di Ciurcio Filho, Instruct

The document discusses strategies for implementing Puppet in legacy environments, emphasizing the challenges faced by older organizations with outdated systems like CRM and ERP. It highlights the importance of automation and configuration management while addressing fears and compliance hurdles that slow down modernization efforts. It also provides practical advice on using Puppet and its features to reverse engineer the current state of systems and manage configurations effectively.

Embed presentation

Download as PDF, PPTX
Automation Architect - Instruct Miguel Di Ciurcio Filho - miguel@instruct.com.br No server left behind: How to successfully rollout Puppet on legacy environments
What is hot today is the legacy of tomorrow
Renewal Cycles • Older and larger organizations have a lot of business processes and requirements. • Usually if the organization operates on a regulated sector, everything is much more conservative. • Big ships are very slow to turn.
What type systems usually are left behind • What these types of systems have in common? • CRM • ERP • BPM • Very old and predominant vendors: SAP, SAS, IBM, Microsoft, Oracle, and many others. • Vertical scaling. • Takes weeks and dozens of people to install and configure everything.
What type systems usually are left behind • Servers and environments of the these types of workloads follow a “do not touch culture”. • Maybe after 6 months and with a very detailed plan it might be possible to upgrade the OS and the application itself. • And the plan is usually a lot of manual changes, VM snapshots, cloning, etc.
Reality check • There are still lots of systems like these out there (the vendors are still making billions of dollars selling and supporting them). • Many (most?) of these types of systems completely lack any sort of automation and configuration management. • We are in 2017, why? We have all this great tooling for more than a decade!
Possible answers • Fear, Uncertainty and Doubt, for real. • Might be easier to just wait them to die and try do it right next time. • Maybe it is not worth the effort. • There are still all those audits and compliance checks! • Who could save us?
Puppet • Puppet is all about state (until yesterdays keynote). • We define what we want, Puppet gets us there and makes sure it stays consistent over time. • After years and years of manual changes and people have no idea what is the current state. • “Reverse engineer the current state”
Get the agent installed • Raises lots of questions: • What does it do? • What are the dependencies? • What ports does it open?
How do we figure the current state? • FACTER, FACTER, FACTER. • Write custom facts to figure out the state of users, files, packages, services, etc. • Facter gives us some options on how to do it.
FACTER DEMO
Facter gotchas • Custom facts are synced globally (every node receives everything). • Make sure to properly confine them. • Extreme HARD do debug after it syncs. • Exceptions and stderr are not saved anywhere. • External facts are handy and easy to do, but they are costly. Every external fact results on a fork. • It gets worse on Windows, PowerShell takes many milliseconds to start and then execute. • If its a custom fact and it calls PowerShell, same problem.
Facter gotchas • If the state you need to know does not change that often, write a single our a couple of scritps that run outside of a Puppet run and generate JSONs, YAMLs or text files. • Stay in Ruby to avoid forking into a shell • Did you say to use the cache feature of Facter? • https://tickets.puppetlabs.com/browse/FACT-348
After you got the facts straight • Query them on PuppetDB. • Inspect them using mcolletive and the inventory custom reports plugin (very handy) . • https://docs.puppet.com/mcollective/reference/ui/nodereports.html • Do some analysis to write the manifests.
Puppet state based model • Kind of all or nothing. • Resources in a manifest could easily obliterate current state and break things. • Needs careful design and architecture to support exceptions. • But, we can compare state using —noop!
Noop mode "When applying a resource in noop mode, Puppet will check whether it is in sync, like it does when running normally. However, if a resource attribute is not in the desired state (as declared in the catalog), Puppet will take no action, and will instead report the changes it would have made.” https://puppet.com/docs/puppet/5.3/metaparameter.html
NOOP DEMO
In summary • Write really simple and small profiles to make them easily “noopable". • Add a control flag to each of them to call or not the noop() function. • Use the Event Inspector. • Carefully disable noop node by node, profile by profile, if needed. • After every server is done, just remove the noop() function from your profiles. • Honorable mention: Augeas and Hercules Team modules • https://forge.puppet.com/herculesteam
QUESTIONS?
PuppetConf 2017: No Server Left Behind - Miguel Di Ciurcio Filho, Instruct

More Related Content

PPTX
WTF is Sensu and Monitoring
byToby Jackson
 
PPTX
Entity framework advanced
byUsama Nada
 
KEY
MonoRails - GoGaRuCo 2012
byjackdanger
 
PPTX
PuppetConf 2017: Using Puppet Enterprise APIs with PowerShell- Jason Johnson,...
byPuppet
 
PDF
Monitoring the #DevOps way
byTheo Schlossnagle
 
PDF
IcingaCamp Stockholm - How to make your monitoring shut up
byIcinga
 
ODP
WebNano - Ideas for Web Frameworks
byguestf89f9cb
 
PDF
Development, Deployment & Collaboration at Etsy
byDaniel Schauenberg
 
WTF is Sensu and Monitoring
byToby Jackson
 
Entity framework advanced
byUsama Nada
 
MonoRails - GoGaRuCo 2012
byjackdanger
 
PuppetConf 2017: Using Puppet Enterprise APIs with PowerShell- Jason Johnson,...
byPuppet
 
Monitoring the #DevOps way
byTheo Schlossnagle
 
IcingaCamp Stockholm - How to make your monitoring shut up
byIcinga
 
WebNano - Ideas for Web Frameworks
byguestf89f9cb
 
Development, Deployment & Collaboration at Etsy
byDaniel Schauenberg
 

What's hot

PDF
Monitoring at Facebook - Ran Leibman, Facebook - DevOpsDays Tel Aviv 2015
byDevOpsDays Tel Aviv
 
PPTX
Elm - never get a runtime error anymore. Almost.
byAnton Astashov
 
PDF
Development, Deployment and Collaboration at Etsy
byDaniel Schauenberg
 
PDF
Zero Latency: Building a Telemetry Platform on the Elastic Stack
byElasticsearch
 
PDF
Django production
bypythonsd
 
PDF
Hadoop Demystified + Automation Smackdown! Austin JUG June 24 2014
bydatafundamentals
 
PPTX
Dev-Friendly Ops
byJosh Schramm
 
KEY
Erlang - Dive Right In
byvorn
 
PDF
Role of Integration and Service Mesh in Cloud Native Architecture KubeCon 2108
byBallerina
 
PDF
Cassandra Summit 2014: Astyanax — To Be or Not To Be
byDataStax Academy
 
PDF
Mobile CI at Etsy
byDaniel Schauenberg
 
PDF
It Sounded Good on Paper - Lessons Learned with Puppet
byJeffery Smith
 
PDF
DataEngConf SF16 - Data Asserts: Defensive Data Science
byHakka Labs
 
PDF
Benchmarking: You're Doing It Wrong (StrangeLoop 2014)
byAysylu Greenberg
 
PDF
A Whirlwind Tour of Etsy's Monitoring Stack
byDaniel Schauenberg
 
PDF
Benchmarking (RICON 2014)
byAysylu Greenberg
 
PDF
Ansible ALLTHETHINGS
byDan Chuparkoff
 
KEY
Scaling small apps
byMichael Brunton-Spall
 
PDF
Data Driven Monitoring
byDaniel Schauenberg
 
PDF
Scala in-practice-3-years by Patric Fornasier, Springr, presented at Pune Sca...
byThoughtworks
 
Monitoring at Facebook - Ran Leibman, Facebook - DevOpsDays Tel Aviv 2015
byDevOpsDays Tel Aviv
 
Elm - never get a runtime error anymore. Almost.
byAnton Astashov
 
Development, Deployment and Collaboration at Etsy
byDaniel Schauenberg
 
Zero Latency: Building a Telemetry Platform on the Elastic Stack
byElasticsearch
 
Django production
bypythonsd
 
Hadoop Demystified + Automation Smackdown! Austin JUG June 24 2014
bydatafundamentals
 
Dev-Friendly Ops
byJosh Schramm
 
Erlang - Dive Right In
byvorn
 
Role of Integration and Service Mesh in Cloud Native Architecture KubeCon 2108
byBallerina
 
Cassandra Summit 2014: Astyanax — To Be or Not To Be
byDataStax Academy
 
Mobile CI at Etsy
byDaniel Schauenberg
 
It Sounded Good on Paper - Lessons Learned with Puppet
byJeffery Smith
 
DataEngConf SF16 - Data Asserts: Defensive Data Science
byHakka Labs
 
Benchmarking: You're Doing It Wrong (StrangeLoop 2014)
byAysylu Greenberg
 
A Whirlwind Tour of Etsy's Monitoring Stack
byDaniel Schauenberg
 
Benchmarking (RICON 2014)
byAysylu Greenberg
 
Ansible ALLTHETHINGS
byDan Chuparkoff
 
Scaling small apps
byMichael Brunton-Spall
 
Data Driven Monitoring
byDaniel Schauenberg
 
Scala in-practice-3-years by Patric Fornasier, Springr, presented at Pune Sca...
byThoughtworks
 

Similar to PuppetConf 2017: No Server Left Behind - Miguel Di Ciurcio Filho, Instruct

PDF
Puppet overview
byjoshbeard
 
PDF
Strategies for Puppet code upgrade and refactoring
byAlessandro Franceschi
 
PDF
Puppet - The IT automation software
byagenedy
 
PDF
Puppet Keynote by Ralph Luchs
byNETWAYS
 
PDF
Puppet Camp New York 2014: Streamlining Puppet Development Workflow
byPuppet
 
PDF
Steamlining your puppet development workflow
byTomas Doran
 
PDF
Automation with Puppet and a Path to Private Hybrid Cloud
byAndrew Ludwar
 
PPTX
Puppetizing Your Organization
byRobert Nelson
 
PDF
Puppet Camp Tokyo 2014: Keynote
byPuppet
 
PPTX
The Art & Zen of Managing Nagios with Puppet
byVictorOps
 
PDF
From SaltStack to Puppet and beyond...
byYury Bushmelev
 
PPTX
SoCalDevOpsUserGroup-PresentationPuppetLabs
bySuresh Paulraj
 
PDF
Using Puppet - Real World Configuration Management
byJames Turnbull
 
PPTX
Puppet
byJohn Coggeshall
 
PPTX
Puppet for Developers
bysagarhere4u
 
KEY
Puppet for dummies - PHPBenelux UG edition
byJoshua Thijssen
 
PDF
Workflow story: Theory versus practice in Large Enterprises
byPuppet
 
PDF
Workflow story: Theory versus Practice in large enterprises by Marcin Piebiak
byNETWAYS
 
PDF
Creating a Mature Puppet System
byPuppet
 
PDF
Creating a mature puppet system
byrkhatibi
 
Puppet overview
byjoshbeard
 
Strategies for Puppet code upgrade and refactoring
byAlessandro Franceschi
 
Puppet - The IT automation software
byagenedy
 
Puppet Keynote by Ralph Luchs
byNETWAYS
 
Puppet Camp New York 2014: Streamlining Puppet Development Workflow
byPuppet
 
Steamlining your puppet development workflow
byTomas Doran
 
Automation with Puppet and a Path to Private Hybrid Cloud
byAndrew Ludwar
 
Puppetizing Your Organization
byRobert Nelson
 
Puppet Camp Tokyo 2014: Keynote
byPuppet
 
The Art & Zen of Managing Nagios with Puppet
byVictorOps
 
From SaltStack to Puppet and beyond...
byYury Bushmelev
 
SoCalDevOpsUserGroup-PresentationPuppetLabs
bySuresh Paulraj
 
Using Puppet - Real World Configuration Management
byJames Turnbull
 
Puppet
byJohn Coggeshall
 
Puppet for Developers
bysagarhere4u
 
Puppet for dummies - PHPBenelux UG edition
byJoshua Thijssen
 
Workflow story: Theory versus practice in Large Enterprises
byPuppet
 
Workflow story: Theory versus Practice in large enterprises by Marcin Piebiak
byNETWAYS
 
Creating a Mature Puppet System
byPuppet
 
Creating a mature puppet system
byrkhatibi
 

More from Puppet

PPTX
Automating it management with Puppet + ServiceNow
byPuppet
 
PPTX
Simplified Patch Management with Puppet - Oct. 2020
byPuppet
 
PPTX
Can You Help Me Upgrade to Puppet 8? Tips, Tools & Best Practices for Your Up...
byPuppet
 
PPTX
Puppet Community Day: Planning the Future Together
byPuppet
 
PPTX
Bolt Dynamic Inventory: Making Puppet Easier
byPuppet
 
PPTX
The Evolution of Puppet: Key Changes and Modernization Tips
byPuppet
 
PPTX
Puppetcamp r10kyaml
byPuppet
 
PPTX
Customizing Reporting with the Puppet Report Processor
byPuppet
 
PPTX
The State of Puppet in 2025: A Presentation from Developer Relations Lead Dav...
byPuppet
 
PPTX
KGI compliance as-code approach
byPuppet
 
PPTX
Puppet at ConfigMgmtCamp 2025 Sponsor Deck
byPuppet
 
PPTX
Let Red be Red and Green be Green: The Automated Workflow Restarter in GitHub...
byPuppet
 
PPTX
Puppet: The best way to harden Windows
byPuppet
 
PDF
Keynote: Puppet camp compliance
byPuppet
 
PDF
2021 04-15 operational verification (with notes)
byPuppet
 
PDF
Applying Roles and Profiles method to compliance code
byPuppet
 
PDF
Enforce compliance policy with model-driven automation
byPuppet
 
PDF
Puppet camp2021 testing modules and controlrepo
byPuppet
 
PDF
Modules of the twenties
byPuppet
 
PPTX
Puppet camp vscode
byPuppet
 
Automating it management with Puppet + ServiceNow
byPuppet
 
Simplified Patch Management with Puppet - Oct. 2020
byPuppet
 
Can You Help Me Upgrade to Puppet 8? Tips, Tools & Best Practices for Your Up...
byPuppet
 
Puppet Community Day: Planning the Future Together
byPuppet
 
Bolt Dynamic Inventory: Making Puppet Easier
byPuppet
 
The Evolution of Puppet: Key Changes and Modernization Tips
byPuppet
 
Puppetcamp r10kyaml
byPuppet
 
Customizing Reporting with the Puppet Report Processor
byPuppet
 
The State of Puppet in 2025: A Presentation from Developer Relations Lead Dav...
byPuppet
 
KGI compliance as-code approach
byPuppet
 
Puppet at ConfigMgmtCamp 2025 Sponsor Deck
byPuppet
 
Let Red be Red and Green be Green: The Automated Workflow Restarter in GitHub...
byPuppet
 
Puppet: The best way to harden Windows
byPuppet
 
Keynote: Puppet camp compliance
byPuppet
 
2021 04-15 operational verification (with notes)
byPuppet
 
Applying Roles and Profiles method to compliance code
byPuppet
 
Enforce compliance policy with model-driven automation
byPuppet
 
Puppet camp2021 testing modules and controlrepo
byPuppet
 
Modules of the twenties
byPuppet
 
Puppet camp vscode
byPuppet
 

Recently uploaded

PPTX
Conversational Agents – Building Intelligent Assistants [Virtual Hands-on Wor...
byUiPathCommunity
 
PDF
Workshop on Sustaining & Growing Open Source Communities - GAS2025
bySammy Fung
 
PDF
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
PDF
10 Things AI-First Apps Do Differently by iProgrammer Solutions
byiProgrammer Solutions Private Limited
 
PDF
Real-Time Data Insight Using Microsoft Forms for Business
byElevate
 
PDF
Day 3 - Data and Application Security - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PPTX
Emancipatory Information Retrieval: Radically Reorienting Information Retriev...
byBhaskar Mitra
 
PDF
Security Forum Sessions from Houston 2025 Event
byMark Simos
 
PPTX
How to make Ai agents using Google Gemini AI.pptx
bypkluffy111
 
PPTX
UiPath Autonomous Agents | Building and Orchestrating Agents End-to-End
byUiPathCommunity
 
PDF
Day 5 - Red Team + Blue Team in the Cloud - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PDF
Day 4 - Access, Deployments, and Monitoring - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PPTX
Top _HR Technology Trends _for 2026_.pptx
byAutomationEdge Technologies
 
PDF
What Is a Private LLM and Why Enterprises Need It
byAivada
 
PPTX
wob-report.pptxwob-report.pptxwob-report.pptx
byssuser0d171c
 
PDF
Our Digital Tribe_ Cultivating Connection and Growth in Our Slack Community 🌿...
bysanjeetmishra30
 
PDF
Is It Possible to Have Wi-Fi Without an Internet Provider
bySidra Jefferi
 
PPTX
communication-skills-with-technology tools
byJaleto Sunkemo
 
PPTX
MGw_MRS Benfits seu beficios de redes 4g
byJoaquimBarros18
 
PDF
WHITE PAPER_ Ransomware Payment Policy and Resilience Strategy_ A Framework f...
byssuser0d171c
 
Conversational Agents – Building Intelligent Assistants [Virtual Hands-on Wor...
byUiPathCommunity
 
Workshop on Sustaining & Growing Open Source Communities - GAS2025
bySammy Fung
 
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
10 Things AI-First Apps Do Differently by iProgrammer Solutions
byiProgrammer Solutions Private Limited
 
Real-Time Data Insight Using Microsoft Forms for Business
byElevate
 
Day 3 - Data and Application Security - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
Emancipatory Information Retrieval: Radically Reorienting Information Retriev...
byBhaskar Mitra
 
Security Forum Sessions from Houston 2025 Event
byMark Simos
 
How to make Ai agents using Google Gemini AI.pptx
bypkluffy111
 
UiPath Autonomous Agents | Building and Orchestrating Agents End-to-End
byUiPathCommunity
 
Day 5 - Red Team + Blue Team in the Cloud - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
Day 4 - Access, Deployments, and Monitoring - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
Top _HR Technology Trends _for 2026_.pptx
byAutomationEdge Technologies
 
What Is a Private LLM and Why Enterprises Need It
byAivada
 
wob-report.pptxwob-report.pptxwob-report.pptx
byssuser0d171c
 
Our Digital Tribe_ Cultivating Connection and Growth in Our Slack Community 🌿...
bysanjeetmishra30
 
Is It Possible to Have Wi-Fi Without an Internet Provider
bySidra Jefferi
 
communication-skills-with-technology tools
byJaleto Sunkemo
 
MGw_MRS Benfits seu beficios de redes 4g
byJoaquimBarros18
 
WHITE PAPER_ Ransomware Payment Policy and Resilience Strategy_ A Framework f...
byssuser0d171c
 

PuppetConf 2017: No Server Left Behind - Miguel Di Ciurcio Filho, Instruct

  • 2.
    Automation Architect -Instruct Miguel Di Ciurcio Filho - miguel@instruct.com.br No server left behind: How to successfully rollout Puppet on legacy environments
  • 3.
    What is hottoday is the legacy of tomorrow
  • 4.
    Renewal Cycles • Olderand larger organizations have a lot of business processes and requirements. • Usually if the organization operates on a regulated sector, everything is much more conservative. • Big ships are very slow to turn.
  • 5.
    What type systemsusually are left behind • What these types of systems have in common? • CRM • ERP • BPM • Very old and predominant vendors: SAP, SAS, IBM, Microsoft, Oracle, and many others. • Vertical scaling. • Takes weeks and dozens of people to install and configure everything.
  • 6.
    What type systemsusually are left behind • Servers and environments of the these types of workloads follow a “do not touch culture”. • Maybe after 6 months and with a very detailed plan it might be possible to upgrade the OS and the application itself. • And the plan is usually a lot of manual changes, VM snapshots, cloning, etc.
  • 7.
    Reality check • Thereare still lots of systems like these out there (the vendors are still making billions of dollars selling and supporting them). • Many (most?) of these types of systems completely lack any sort of automation and configuration management. • We are in 2017, why? We have all this great tooling for more than a decade!
  • 8.
    Possible answers • Fear,Uncertainty and Doubt, for real. • Might be easier to just wait them to die and try do it right next time. • Maybe it is not worth the effort. • There are still all those audits and compliance checks! • Who could save us?
  • 9.
    Puppet • Puppet isall about state (until yesterdays keynote). • We define what we want, Puppet gets us there and makes sure it stays consistent over time. • After years and years of manual changes and people have no idea what is the current state. • “Reverse engineer the current state”
  • 10.
    Get the agentinstalled • Raises lots of questions: • What does it do? • What are the dependencies? • What ports does it open?
  • 11.
    How do wefigure the current state? • FACTER, FACTER, FACTER. • Write custom facts to figure out the state of users, files, packages, services, etc. • Facter gives us some options on how to do it.
  • 12.
  • 13.
    Facter gotchas • Customfacts are synced globally (every node receives everything). • Make sure to properly confine them. • Extreme HARD do debug after it syncs. • Exceptions and stderr are not saved anywhere. • External facts are handy and easy to do, but they are costly. Every external fact results on a fork. • It gets worse on Windows, PowerShell takes many milliseconds to start and then execute. • If its a custom fact and it calls PowerShell, same problem.
  • 14.
    Facter gotchas • Ifthe state you need to know does not change that often, write a single our a couple of scritps that run outside of a Puppet run and generate JSONs, YAMLs or text files. • Stay in Ruby to avoid forking into a shell • Did you say to use the cache feature of Facter? • https://tickets.puppetlabs.com/browse/FACT-348
  • 15.
    After you gotthe facts straight • Query them on PuppetDB. • Inspect them using mcolletive and the inventory custom reports plugin (very handy) . • https://docs.puppet.com/mcollective/reference/ui/nodereports.html • Do some analysis to write the manifests.
  • 16.
    Puppet state basedmodel • Kind of all or nothing. • Resources in a manifest could easily obliterate current state and break things. • Needs careful design and architecture to support exceptions. • But, we can compare state using —noop!
  • 17.
    Noop mode "When applyinga resource in noop mode, Puppet will check whether it is in sync, like it does when running normally. However, if a resource attribute is not in the desired state (as declared in the catalog), Puppet will take no action, and will instead report the changes it would have made.” https://puppet.com/docs/puppet/5.3/metaparameter.html
  • 18.
  • 19.
    In summary • Writereally simple and small profiles to make them easily “noopable". • Add a control flag to each of them to call or not the noop() function. • Use the Event Inspector. • Carefully disable noop node by node, profile by profile, if needed. • After every server is done, just remove the noop() function from your profiles. • Honorable mention: Augeas and Hercules Team modules • https://forge.puppet.com/herculesteam
  • 20.