SlideShare a Scribd company logo

PuppetConf 2017: Use Puppet to Tame the Dockerfile Monster- Bryan Belanger, Autostructure

Download as PPTX, PDF
Puppet
Puppet

You want to create an application? Great. Download a Docker image and install all your stuff. Sounds like a lot of work, huh? Wait, you also need to be able to patch your container too? That Dockerfile will become a Frankenfile! Well, guess what: Puppet has a an answer for you. Using Docker, Puppet and Jenkins we will show you how you can: 1. Put all your code in an easy to use project. 2. Give yourself a powerful toolkit for configuration 3. Automate your builds 4. Allow your project to automate security updates / patches

Technology
1 of 34
Use Puppet to Tame the Dockerfile Monster Bryan Belanger
Autostructure Puppet Service Delivery Partner 4 years of Puppet Delivering containers in the Federal Sector
What is the Dockerfile Monster? FROM openjdk:7-jre ENV CATALINA_HOME /usr/local/tomcat ENV PATH $CATALINA_HOME/bin:$PATH RUN mkdir -p "$CATALINA_HOME" WORKDIR $CATALINA_HOME # let "Tomcat Native" live somewhere isolated ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR # runtime dependencies for Tomcat Native Libraries # Tomcat Native 1.2+ requires a newer version of OpenSSL than debian:jessie has available # > checking OpenSSL library version >= 1.0.2... # > configure: error: Your version of OpenSSL is not compatible with this version of tcnative # see http://tomcat.10.x6.nabble.com/VOTE-Release-Apache-Tomcat-8-0-32-tp5046007p5046024.html (and following discussion) # and https://github.com/docker-library/tomcat/pull/31 ENV OPENSSL_VERSION 1.1.0f-3 RUN set -ex; if ! grep -q stretch /etc/apt/sources.list; then # only add stretch if we're not already building from within stretch { echo 'deb http://deb.debian.org/debian stretch main'; } > /etc/apt/sources.list.d/stretch.list; { # add a negative "Pin-Priority" so that we never ever get packages from stretch unless we explicitly request them echo 'Package: *'; echo 'Pin: release n=stretch'; echo 'Pin-Priority: -10'; echo; # ... except OpenSSL, which is the reason we're here echo 'Package: openssl libssl*'; echo "Pin: version $OPENSSL_VERSION"; echo 'Pin-Priority: 990'; } > /etc/apt/preferences.d/stretch-openssl; fi RUN apt-get update && apt-get install -y --no-install-recommends libapr1 openssl="$OPENSSL_VERSION" && rm -rf /var/lib/apt/lists/* # see https://www.apache.org/dist/tomcat/tomcat-$TOMCAT_MAJOR/KEYS # see also "update.sh" (https://github.com/docker-library/tomcat/blob/master/update.sh) ENV GPG_KEYS 05AB33110949707C93A279E3D3EFE6B686867BA6 07E48665A34DCAFAE522E5E6266191C37C037D42 47309207D818FFD8DCD3F83F1931D684307A10A5 541FBE7D8F78B25E055DDEE13C370389288584E7 61B832AC2F1C5A90F0F9B00A1C506407564C17A3 713DA88BE50911535FE716F5208B0AB1D63011C7 79F7026C690BAA50B92CD8B66A3AD3F4F22C4FED 9BA44C2621385CB966EBA586F72C284D731FABEE A27677289986DB50844682F8ACB77FC2E86E29AC A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 DCFD35E0BF8CA7344752DE8B6FB21E8933C60243 F3A04C595DB5B6A5F1ECA43E3B7BBB100D811BBE F7DA48BB64BCB84ECBA7EE6935CD23C10D498E23 RUN set -ex; for key in $GPG_KEYS; do gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; done ENV TOMCAT_MAJOR 7 ENV TOMCAT_VERSION 7.0.81 # https://issues.apache.org/jira/browse/INFRA-8753?focusedCommentId=14735394#comment-14735394 ENV TOMCAT_TGZ_URL https://www.apache.org/dyn/closer.cgi?action=download&filename=tomcat/tomcat- $TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz # not all the mirrors actually carry the .asc files :'( ENV TOMCAT_ASC_URL https://www.apache.org/dist/tomcat/tomcat- $TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc # if the version is outdated, we have to pull from the archive :/ ENV TOMCAT_TGZ_FALLBACK_URL https://archive.apache.org/dist/tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz ENV TOMCAT_ASC_FALLBACK_URL https://archive.apache.org/dist/tomcat/tomcat- $TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc RUN set -x && { wget -O tomcat.tar.gz "$TOMCAT_TGZ_URL" || wget -O tomcat.tar.gz "$TOMCAT_TGZ_FALLBACK_URL" ; } && { wget -O tomcat.tar.gz.asc "$TOMCAT_ASC_URL" || wget -O tomcat.tar.gz.asc "$TOMCAT_ASC_FALLBACK_URL" ; } && gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz && tar -xvf tomcat.tar.gz --strip-components=1 && rm bin/*.bat && rm tomcat.tar.gz* && nativeBuildDir="$(mktemp -d)" && tar -xvf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1 && nativeBuildDeps=" dpkg-dev gcc libapr1-dev libssl-dev make openjdk- ${JAVA_VERSION%%[-~bu]*}-jdk=$JAVA_DEBIAN_VERSION " && apt-get update && apt-get install -y --no-install-recommends $nativeBuildDeps && rm -rf /var/lib/apt/lists/* && ( export CATALINA_HOME="$PWD" && cd "$nativeBuildDir/native" && gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" && ./configure --build="$gnuArch" --libdir="$TOMCAT_NATIVE_LIBDIR" --prefix="$CATALINA_HOME" --with-apr="$(which apr-1- config)" --with-java-home="$(docker-java-home)" --with-ssl=yes && make -j "$(nproc)" && make install ) && apt-get purge -y --auto-remove $nativeBuildDeps && rm -rf "$nativeBuildDir" && rm bin/tomcat-native.tar.gz # sh removes env vars it doesn't support (ones with periods) # https://github.com/docker-library/tomcat/issues/77 && find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' + # verify Tomcat Native is working properly RUN set -e && nativeLines="$(catalina.sh configtest 2>&1)" && nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')" && nativeLines="$(echo "$nativeLines" | sort -u)" && if ! echo "$nativeLines" | grep 'INFO: Loaded APR based Apache Tomcat Native library' >&2; then echo >&2 "$nativeLines"; exit 1; fi EXPOSE 8080 CMD ["catalina.sh", "run"]
Which one covers all operating systems?
Which one configures your platform?
Which is easier? Static Dockerfile FROM openjdk:7-jre ENV CATALINA_HOME /usr/local/tomcat ENV PATH $CATALINA_HOME/bin:$PATH RUN mkdir -p "$CATALINA_HOME" WORKDIR $CATALINA_HOME # let "Tomcat Native" live somewhere isolated ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR # runtime dependencies for Tomcat Native Libraries # Tomcat Native 1.2+ requires a newer version of OpenSSL than debian:jessie has available # > checking OpenSSL library version >= 1.0.2... # > configure: error: Your version of OpenSSL is not compatible with this version of tcnative # see http://tomcat.10.x6.nabble.com/VOTE-Release-Apache-Tomcat-8-0-32-tp5046007p5046024.html (and following discussion) # and https://github.com/docker-library/tomcat/pull/31 ENV OPENSSL_VERSION 1.1.0f-3 RUN set -ex; if ! grep -q stretch /etc/apt/sources.list; then # only add stretch if we're not already building from within stretch { echo 'deb http://deb.debian.org/debian stretch main'; } > /etc/apt/sources.list.d/stretch.list; { # add a negative "Pin-Priority" so that we never ever get packages from stretch unless we explicitly request them echo 'Package: *'; echo 'Pin: release n=stretch'; echo 'Pin-Priority: -10'; echo; # ... except OpenSSL, which is the reason we're here echo 'Package: openssl libssl*'; echo "Pin: version $OPENSSL_VERSION"; echo 'Pin-Priority: 990'; } > /etc/apt/preferences.d/stretch-openssl; fi RUN apt-get update && apt-get install -y --no-install-recommends libapr1 openssl="$OPENSSL_VERSION" && rm -rf /var/lib/apt/lists/* # see https://www.apache.org/dist/tomcat/tomcat-$TOMCAT_MAJOR/KEYS # see also "update.sh" (https://github.com/docker- library/tomcat/blob/master/update.sh) ENV GPG_KEYS 05AB33110949707C93A279E3D3EFE6B686867BA6 07E48665A34DCAFAE522E5E6266191C37C037D42 47309207D818FFD8DCD3F83F1931D684307A10A5 541FBE7D8F78B25E055DDEE13C370389288584E7 61B832AC2F1C5A90F0F9B00A1C506407564C17A3 713DA88BE50911535FE716F5208B0AB1D63011C7 79F7026C690BAA50B92CD8B66A3AD3F4F22C4FED 9BA44C2621385CB966EBA586F72C284D731FABEE A27677289986DB50844682F8ACB77FC2E86E29AC A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 DCFD35E0BF8CA7344752DE8B6FB21E8933C60243 F3A04C595DB5B6A5F1ECA43E3B7BBB100D811BBE F7DA48BB64BCB84ECBA7EE6935CD23C10D498E23 RUN set -ex; for key in $GPG_KEYS; do gpg --keyserver ha.pool.sks- keyservers.net --recv-keys "$key"; done ENV TOMCAT_MAJOR 7 ENV TOMCAT_VERSION 7.0.81 # https://issues.apache.org/jira/browse/INFRA- 8753?focusedCommentId=14735394#comment-14735394 ENV TOMCAT_TGZ_URL https://www.apache.org/dyn/closer.cgi?action=download&filename=tomcat/tomcat- $TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz # not all the mirrors actually carry the .asc files :'( ENV TOMCAT_ASC_URL https://www.apache.org/dist/tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc # if the version is outdated, we have to pull from the archive :/ ENV TOMCAT_TGZ_FALLBACK_URL https://archive.apache.org/dist/tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz ENV TOMCAT_ASC_FALLBACK_URL https://archive.apache.org/dist/tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc RUN set -x && { wget -O tomcat.tar.gz "$TOMCAT_TGZ_URL" || wget -O tomcat.tar.gz "$TOMCAT_TGZ_FALLBACK_URL" ; } && { wget -O tomcat.tar.gz.asc "$TOMCAT_ASC_URL" || wget -O tomcat.tar.gz.asc "$TOMCAT_ASC_FALLBACK_URL" ; } && gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz && tar -xvf tomcat.tar.gz --strip-components=1 && rm bin/*.bat && rm tomcat.tar.gz* && nativeBuildDir="$(mktemp -d)" && tar -xvf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1 && nativeBuildDeps=" dpkg-dev gcc libapr1-dev libssl-dev make openjdk-${JAVA_VERSION%%[-~bu]*}-jdk=$JAVA_DEBIAN_VERSION " && apt-get update && apt-get install -y --no-install-recommends $nativeBuildDeps && rm -rf /var/lib/apt/lists/* && ( export CATALINA_HOME="$PWD" && cd "$nativeBuildDir/native" && gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" && ./configure -- build="$gnuArch" --libdir="$TOMCAT_NATIVE_LIBDIR" --prefix="$CATALINA_HOME" --with-apr="$(which apr-1-config)" --with-java-home="$(docker-java-home)" --with-ssl=yes && make -j "$(nproc)" && make install ) && apt-get purge -y --auto-remove $nativeBuildDeps && rm -rf "$nativeBuildDir" && rm bin/tomcat-native.tar.gz # sh removes env vars it doesn't support (ones with periods) # https://github.com/docker-library/tomcat/issues/77 && find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' + # verify Tomcat Native is working properly RUN set -e && nativeLines="$(catalina.sh configtest 2>&1)" && nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')" && nativeLines="$(echo "$nativeLines" | sort -u)" && if ! echo "$nativeLines" | grep 'INFO: Loaded APR based Apache Tomcat Native library' >&2; then echo >&2 "$nativeLines"; exit 1; fi EXPOSE 8080 CMD ["catalina.sh", "run"] Puppet Manifest include ::java ::tomcat::install { '/usr/local/tomcat': user => 'tomcat_admin', group => 'tomcat', source_url => 'http://url.tar.gz', require => Class['::java'], }
The Point is We Don’t Use a Dockerfile We Use the image_build module
Our Goals Easy to Use Users don’t need to know Puppet Be easy to update Rebuild on demand
Steps to Tame the Dockerfile 1. Create an image_build framework 2. Build our template 3. Build our logic in a module 1. Installation 2. Configuration 3. Securing 4. Making immutable 4. Build your pipeline 5. Configure your first application (Repeat)
Create the image_build framework
A Standard Project Template Templates are one per platform. Development copies once per project. Logic doesn’t go here. my_awesome_tomcat_template hieradata common.yaml manifests init.pp hiera.yaml Jenkinfile metadata.yaml Puppetfile
Let’s Build our Template Most of the Template is Static
The Unchanging Files These (mostly) never change. Developed by Puppet team only. my_awesome_tomcat_template manifests init.pp hiera.yaml Jenkinfile metadata.yaml Puppetfile
Puppetfile Standard Puppetfile setup. Includes module and dependencies. forge 'https://forgeapi.puppetlabs.com' mod 'autostructure-cis_harden_tomcat' mod 'autostructure-docker_tomcat_module' mod 'puppetlabs-java', '2.1.0' mod 'puppetlabs-tomcat', '2.0.0' mod 'puppetlabs-stdlib', '4.20.0' mod 'puppetlabs-concat', '4.0.1' mod 'puppet-staging', '2.2.0' mod 'puppet-archive', '1.3.0'
metadata.yaml Basic container setup. Dev team changes image_name. cmd: - /usr/local/tomcat/bin/catalina.sh - run - -security expose: 8080 image_name: autostructure/sample image_user: tomcat_admin
hiera.yaml Boilerplate. Probably all you need. --- :hierarchy: - common :backends: - yaml :yaml: :datadir: 'hieradata/'
init.pp Include your module Yes, that’s it. --- include ::docker_tomcat_module
Jenkinsfile Build Test Repeatable checkout scm docker.image('ruby:2.3.3').inside('-u root') { stage('Install Puppet') { } } stage('Build Container') { }
Next Build Your Logic in a Module init.pp does the heavy lifting
install.pp Standard installation. Repeatable ‘mostly’ everywhere. include ::java ::tomcat::install { '/usr/local/tomcat': user => 'tomcat_admin', group => 'tomcat', require => Class['::java'], }
We have a completed image puppet docker build
configure.pp One lambda block per resource. Allows flexible implementations. # Get the application war files $wars = lookup('wars') # Install wars $wars.each | String $war, Hash $values | { ::tomcat::war { $war: catalina_base => $values['catalina_base'], app_base => $values['app_base'], … } }
secure.pp Harden it now. Security team will ask anyway. ::cis_harden_tomcat::harden_catal { '/usr/tomcat': catalina_home => '/usr/local/tomcat', require => ::Tomcat::Install['/usr/tomcat'], }
configure.pp Optional? Puppet can inject ENV values. # Get the global resources needed for connectivity $environment_vars = lookup('environment_vars') $environment_vars.each | $value | { file_line { "${value}_catalina": path => '/usr/tomcat/bin/catalina.sh', line => "CATALINA_OPTS…$CATALINA_OPTS"", after => '^PRGDIR=.*', } }
How would you do this in a Dockerfile?
Build Your Pipeline
Jenkinsfile Use your CI pipeline to build: puppet docker build
Our Template is Done! Let’s make it work
Configure Your First Application
common.yaml Teach your dev teams YAML. One entry per resource. --- # Use static catalina home for docker build catalina_home: &catalina_home /usr/local/tomcat properties_properties: {} # WAR files to install wars: sample.war: war_source: https://tomcat.org/sample.war
common.yaml --- # Use static catalina home for docker build catalina_home: &catalina_home /usr/local/tomcat properties_properties: {} # WAR files to install wars: sample.war: catalina_base: *catalina_home war_source: https://tomcat. org/tomcat/sample.war
Where You Can Find Out More Docker Tomcat Template: https://github.com/autostructure/docker_tomcat_template Docker Tomcat Module: https://github.com/autostructure/docker_tomcat_module Puppet Image Build Module: https://forge.puppet.com/puppetlabs/image_build
Celebrate your Victory with Puppet!
PuppetConf 2017: Use Puppet to Tame the Dockerfile Monster- Bryan Belanger, Autostructure

Recommended

Pursue container architecture with mincs
Pursue container architecture with mincsPursue container architecture with mincs
Pursue container architecture with mincsYuki Nishiwaki
 
Configuration Surgery with Augeas
Configuration Surgery with AugeasConfiguration Surgery with Augeas
Configuration Surgery with AugeasPuppet
 
Fun with Ruby and Cocoa
Fun with Ruby and CocoaFun with Ruby and Cocoa
Fun with Ruby and CocoaPatrick Huesler
 
Release with confidence
Release with confidenceRelease with confidence
Release with confidenceJohn Congdon
 
Shared Object images in Docker: What you need is what you want.
Shared Object images in Docker: What you need is what you want.Shared Object images in Docker: What you need is what you want.
Shared Object images in Docker: What you need is what you want.Workhorse Computing
 
Fabric workshop(1) - (MOSG)
Fabric workshop(1) - (MOSG)Fabric workshop(1) - (MOSG)
Fabric workshop(1) - (MOSG)Soshi Nemoto
 
Preparation study of_docker - (MOSG)
Preparation study of_docker - (MOSG)Preparation study of_docker - (MOSG)
Preparation study of_docker - (MOSG)Soshi Nemoto
 
Making environment for_infrastructure_as_code
Making environment for_infrastructure_as_codeMaking environment for_infrastructure_as_code
Making environment for_infrastructure_as_codeSoshi Nemoto
 

Recommended

Pursue container architecture with mincs
Pursue container architecture with mincsPursue container architecture with mincs
Pursue container architecture with mincsYuki Nishiwaki
 
Configuration Surgery with Augeas
Configuration Surgery with AugeasConfiguration Surgery with Augeas
Configuration Surgery with AugeasPuppet
 
Fun with Ruby and Cocoa
Fun with Ruby and CocoaFun with Ruby and Cocoa
Fun with Ruby and CocoaPatrick Huesler
 
Release with confidence
Release with confidenceRelease with confidence
Release with confidenceJohn Congdon
 
Shared Object images in Docker: What you need is what you want.
Shared Object images in Docker: What you need is what you want.Shared Object images in Docker: What you need is what you want.
Shared Object images in Docker: What you need is what you want.Workhorse Computing
 
Fabric workshop(1) - (MOSG)
Fabric workshop(1) - (MOSG)Fabric workshop(1) - (MOSG)
Fabric workshop(1) - (MOSG)Soshi Nemoto
 
Preparation study of_docker - (MOSG)
Preparation study of_docker - (MOSG)Preparation study of_docker - (MOSG)
Preparation study of_docker - (MOSG)Soshi Nemoto
 
Making environment for_infrastructure_as_code
Making environment for_infrastructure_as_codeMaking environment for_infrastructure_as_code
Making environment for_infrastructure_as_codeSoshi Nemoto
 
SDPHP - Percona Toolkit (It's Basically Magic)
SDPHP - Percona Toolkit (It's Basically Magic)SDPHP - Percona Toolkit (It's Basically Magic)
SDPHP - Percona Toolkit (It's Basically Magic)Robert Swisher
 
Docker perl build
Docker perl buildDocker perl build
Docker perl buildWorkhorse Computing
 
Docker practice
Docker practiceDocker practice
Docker practicewonyong hwang
 
Package Management via Spack on SJTU π Supercomputer
Package Management via Spack on SJTU π SupercomputerPackage Management via Spack on SJTU π Supercomputer
Package Management via Spack on SJTU π SupercomputerJianwen Wei
 
Laravel Day / Deploy
Laravel Day / DeployLaravel Day / Deploy
Laravel Day / DeploySimone Gentili
 
Ansible loves Python, Python Philadelphia meetup
Ansible loves Python, Python Philadelphia meetupAnsible loves Python, Python Philadelphia meetup
Ansible loves Python, Python Philadelphia meetupGreg DeKoenigsberg
 
DevOps(4) : Ansible(2) - (MOSG)
DevOps(4) : Ansible(2) - (MOSG)DevOps(4) : Ansible(2) - (MOSG)
DevOps(4) : Ansible(2) - (MOSG)Soshi Nemoto
 
Start tracking your ruby infrastructure
Start tracking your ruby infrastructureStart tracking your ruby infrastructure
Start tracking your ruby infrastructureSergiy Kukunin
 
EC2
EC2EC2
EC2Igor Kapkov
 
Ansible leveraging 2.0
Ansible leveraging 2.0Ansible leveraging 2.0
Ansible leveraging 2.0bcoca
 
2012 coscup - Build your PHP application on Heroku
2012 coscup - Build your PHP application on Heroku2012 coscup - Build your PHP application on Heroku
2012 coscup - Build your PHP application on Herokuronnywang_tw
 
(Re)discover your AEM
(Re)discover your AEM(Re)discover your AEM
(Re)discover your AEMJakub Wadolowski
 
How to stay sane during your Vagrant journey
How to stay sane during your Vagrant journeyHow to stay sane during your Vagrant journey
How to stay sane during your Vagrant journeyJakub Wadolowski
 
Docker command
Docker commandDocker command
Docker commandEric Ahn
 
Medicine show2 Drupal Bristol Camp 2015
Medicine show2 Drupal Bristol Camp 2015Medicine show2 Drupal Bristol Camp 2015
Medicine show2 Drupal Bristol Camp 2015George Boobyer
 
Lessons from running potentially malicious code inside Docker containers
Lessons from running potentially malicious code inside Docker containersLessons from running potentially malicious code inside Docker containers
Lessons from running potentially malicious code inside Docker containersBen Hall
 
Automated Java Deployments With Rpm
Automated Java Deployments With RpmAutomated Java Deployments With Rpm
Automated Java Deployments With RpmMartin Jackson
 
Asynchronous Systems with Fn Flow
Asynchronous Systems with Fn FlowAsynchronous Systems with Fn Flow
Asynchronous Systems with Fn FlowJosé Paumard
 
Automating Mendix application deployments with Nix
Automating Mendix application deployments with NixAutomating Mendix application deployments with Nix
Automating Mendix application deployments with NixSander van der Burg
 
Docker remote-api
Docker remote-apiDocker remote-api
Docker remote-apiEric Ahn
 
Continuous Delivery: The Next Frontier
Continuous Delivery: The Next FrontierContinuous Delivery: The Next Frontier
Continuous Delivery: The Next FrontierCarlos Sanchez
 
JDO 2019: Tips and Tricks from Docker Captain - Łukasz Lach
JDO 2019: Tips and Tricks from Docker Captain - Łukasz LachJDO 2019: Tips and Tricks from Docker Captain - Łukasz Lach
JDO 2019: Tips and Tricks from Docker Captain - Łukasz LachPROIDEA
 

More Related Content

What's hot

SDPHP - Percona Toolkit (It's Basically Magic)
SDPHP - Percona Toolkit (It's Basically Magic)SDPHP - Percona Toolkit (It's Basically Magic)
SDPHP - Percona Toolkit (It's Basically Magic)Robert Swisher
 
Package Management via Spack on SJTU π Supercomputer
Package Management via Spack on SJTU π SupercomputerPackage Management via Spack on SJTU π Supercomputer
Package Management via Spack on SJTU π SupercomputerJianwen Wei
 
Ansible loves Python, Python Philadelphia meetup
Ansible loves Python, Python Philadelphia meetupAnsible loves Python, Python Philadelphia meetup
Ansible loves Python, Python Philadelphia meetupGreg DeKoenigsberg
 
DevOps(4) : Ansible(2) - (MOSG)
DevOps(4) : Ansible(2) - (MOSG)DevOps(4) : Ansible(2) - (MOSG)
DevOps(4) : Ansible(2) - (MOSG)Soshi Nemoto
 
Start tracking your ruby infrastructure
Start tracking your ruby infrastructureStart tracking your ruby infrastructure
Start tracking your ruby infrastructureSergiy Kukunin
 
Ansible leveraging 2.0
Ansible leveraging 2.0Ansible leveraging 2.0
Ansible leveraging 2.0bcoca
 
2012 coscup - Build your PHP application on Heroku
2012 coscup - Build your PHP application on Heroku2012 coscup - Build your PHP application on Heroku
2012 coscup - Build your PHP application on Herokuronnywang_tw
 
How to stay sane during your Vagrant journey
How to stay sane during your Vagrant journeyHow to stay sane during your Vagrant journey
How to stay sane during your Vagrant journeyJakub Wadolowski
 
Docker command
Docker commandDocker command
Docker commandEric Ahn
 
Medicine show2 Drupal Bristol Camp 2015
Medicine show2 Drupal Bristol Camp 2015Medicine show2 Drupal Bristol Camp 2015
Medicine show2 Drupal Bristol Camp 2015George Boobyer
 
Lessons from running potentially malicious code inside Docker containers
Lessons from running potentially malicious code inside Docker containersLessons from running potentially malicious code inside Docker containers
Lessons from running potentially malicious code inside Docker containersBen Hall
 
Automated Java Deployments With Rpm
Automated Java Deployments With RpmAutomated Java Deployments With Rpm
Automated Java Deployments With RpmMartin Jackson
 
Asynchronous Systems with Fn Flow
Asynchronous Systems with Fn FlowAsynchronous Systems with Fn Flow
Asynchronous Systems with Fn FlowJosé Paumard
 
Automating Mendix application deployments with Nix
Automating Mendix application deployments with NixAutomating Mendix application deployments with Nix
Automating Mendix application deployments with NixSander van der Burg
 
Docker remote-api
Docker remote-apiDocker remote-api
Docker remote-apiEric Ahn
 

What's hot (20)

SDPHP - Percona Toolkit (It's Basically Magic)
SDPHP - Percona Toolkit (It's Basically Magic)SDPHP - Percona Toolkit (It's Basically Magic)
SDPHP - Percona Toolkit (It's Basically Magic)
 
Docker perl build
Docker perl buildDocker perl build
Docker perl build
 
Docker practice
Docker practiceDocker practice
Docker practice
 
Package Management via Spack on SJTU π Supercomputer
Package Management via Spack on SJTU π SupercomputerPackage Management via Spack on SJTU π Supercomputer
Package Management via Spack on SJTU π Supercomputer
 
Laravel Day / Deploy
Laravel Day / DeployLaravel Day / Deploy
Laravel Day / Deploy
 
Ansible loves Python, Python Philadelphia meetup
Ansible loves Python, Python Philadelphia meetupAnsible loves Python, Python Philadelphia meetup
Ansible loves Python, Python Philadelphia meetup
 
DevOps(4) : Ansible(2) - (MOSG)
DevOps(4) : Ansible(2) - (MOSG)DevOps(4) : Ansible(2) - (MOSG)
DevOps(4) : Ansible(2) - (MOSG)
 
Start tracking your ruby infrastructure
Start tracking your ruby infrastructureStart tracking your ruby infrastructure
Start tracking your ruby infrastructure
 
EC2
EC2EC2
EC2
 
Ansible leveraging 2.0
Ansible leveraging 2.0Ansible leveraging 2.0
Ansible leveraging 2.0
 
2012 coscup - Build your PHP application on Heroku
2012 coscup - Build your PHP application on Heroku2012 coscup - Build your PHP application on Heroku
2012 coscup - Build your PHP application on Heroku
 
(Re)discover your AEM
(Re)discover your AEM(Re)discover your AEM
(Re)discover your AEM
 
How to stay sane during your Vagrant journey
How to stay sane during your Vagrant journeyHow to stay sane during your Vagrant journey
How to stay sane during your Vagrant journey
 
Docker command
Docker commandDocker command
Docker command
 
Medicine show2 Drupal Bristol Camp 2015
Medicine show2 Drupal Bristol Camp 2015Medicine show2 Drupal Bristol Camp 2015
Medicine show2 Drupal Bristol Camp 2015
 
Lessons from running potentially malicious code inside Docker containers
Lessons from running potentially malicious code inside Docker containersLessons from running potentially malicious code inside Docker containers
Lessons from running potentially malicious code inside Docker containers
 
Automated Java Deployments With Rpm
Automated Java Deployments With RpmAutomated Java Deployments With Rpm
Automated Java Deployments With Rpm
 
Asynchronous Systems with Fn Flow
Asynchronous Systems with Fn FlowAsynchronous Systems with Fn Flow
Asynchronous Systems with Fn Flow
 
Automating Mendix application deployments with Nix
Automating Mendix application deployments with NixAutomating Mendix application deployments with Nix
Automating Mendix application deployments with Nix
 
Docker remote-api
Docker remote-apiDocker remote-api
Docker remote-api
 

Similar to PuppetConf 2017: Use Puppet to Tame the Dockerfile Monster- Bryan Belanger, Autostructure

Continuous Delivery: The Next Frontier
Continuous Delivery: The Next FrontierContinuous Delivery: The Next Frontier
Continuous Delivery: The Next FrontierCarlos Sanchez
 
JDO 2019: Tips and Tricks from Docker Captain - Łukasz Lach
JDO 2019: Tips and Tricks from Docker Captain - Łukasz LachJDO 2019: Tips and Tricks from Docker Captain - Łukasz Lach
JDO 2019: Tips and Tricks from Docker Captain - Łukasz LachPROIDEA
 
DPDK in Containers Hands-on Lab
DPDK in Containers Hands-on LabDPDK in Containers Hands-on Lab
DPDK in Containers Hands-on LabMichelle Holley
 
Ef09 installing-alfresco-components-1-by-1
Ef09 installing-alfresco-components-1-by-1Ef09 installing-alfresco-components-1-by-1
Ef09 installing-alfresco-components-1-by-1Angel Borroy López
 
DCEU 18: Tips and Tricks of the Docker Captains
DCEU 18: Tips and Tricks of the Docker CaptainsDCEU 18: Tips and Tricks of the Docker Captains
DCEU 18: Tips and Tricks of the Docker CaptainsDocker, Inc.
 
EF09-Installing-Alfresco-components-1-by-1.pdf
EF09-Installing-Alfresco-components-1-by-1.pdfEF09-Installing-Alfresco-components-1-by-1.pdf
EF09-Installing-Alfresco-components-1-by-1.pdfDangGonz
 
파이썬 개발환경 구성하기의 끝판왕 - Docker Compose
파이썬 개발환경 구성하기의 끝판왕 - Docker Compose파이썬 개발환경 구성하기의 끝판왕 - Docker Compose
파이썬 개발환경 구성하기의 끝판왕 - Docker Composeraccoony
 
Docker Networking with New Ipvlan and Macvlan Drivers
Docker Networking with New Ipvlan and Macvlan DriversDocker Networking with New Ipvlan and Macvlan Drivers
Docker Networking with New Ipvlan and Macvlan DriversBrent Salisbury
 
Deploy Rails Application by Capistrano
Deploy Rails Application by CapistranoDeploy Rails Application by Capistrano
Deploy Rails Application by CapistranoTasawr Interactive
 
CoreOS: Control Your Fleet
CoreOS: Control Your FleetCoreOS: Control Your Fleet
CoreOS: Control Your FleetMatthew Jones
 
Hands-On Session Docker
Hands-On Session DockerHands-On Session Docker
Hands-On Session DockerLinetsChile
 
Continuous Delivery with Maven, Puppet and Tomcat - ApacheCon NA 2013
Continuous Delivery with Maven, Puppet and Tomcat - ApacheCon NA 2013Continuous Delivery with Maven, Puppet and Tomcat - ApacheCon NA 2013
Continuous Delivery with Maven, Puppet and Tomcat - ApacheCon NA 2013Carlos Sanchez
 
Running Docker in Development & Production (#ndcoslo 2015)
Running Docker in Development & Production (#ndcoslo 2015)Running Docker in Development & Production (#ndcoslo 2015)
Running Docker in Development & Production (#ndcoslo 2015)Ben Hall
 
Introduction to Docker & CoreOS - Symfony User Group Cologne
Introduction to Docker & CoreOS - Symfony User Group CologneIntroduction to Docker & CoreOS - Symfony User Group Cologne
Introduction to Docker & CoreOS - Symfony User Group CologneD
 
Docker and friends at Linux Days 2014 in Prague
Docker and friends at Linux Days 2014 in PragueDocker and friends at Linux Days 2014 in Prague
Docker and friends at Linux Days 2014 in Praguetomasbart
 
Real World Experience of Running Docker in Development and Production
Real World Experience of Running Docker in Development and ProductionReal World Experience of Running Docker in Development and Production
Real World Experience of Running Docker in Development and ProductionBen Hall
 
Performance all teh things
Performance all teh thingsPerformance all teh things
Performance all teh thingsMarcus Deglos
 
Check the version with fixes. Link in description
Check the version with fixes. Link in descriptionCheck the version with fixes. Link in description
Check the version with fixes. Link in descriptionPrzemyslaw Koltermann
 
Fargate 를 이용한 ECS with VPC 1부
Fargate 를 이용한 ECS with VPC 1부Fargate 를 이용한 ECS with VPC 1부
Fargate 를 이용한 ECS with VPC 1부Hyun-Mook Choi
 

Similar to PuppetConf 2017: Use Puppet to Tame the Dockerfile Monster- Bryan Belanger, Autostructure (20)

Continuous Delivery: The Next Frontier
Continuous Delivery: The Next FrontierContinuous Delivery: The Next Frontier
Continuous Delivery: The Next Frontier
 
JDO 2019: Tips and Tricks from Docker Captain - Łukasz Lach
JDO 2019: Tips and Tricks from Docker Captain - Łukasz LachJDO 2019: Tips and Tricks from Docker Captain - Łukasz Lach
JDO 2019: Tips and Tricks from Docker Captain - Łukasz Lach
 
DPDK in Containers Hands-on Lab
DPDK in Containers Hands-on LabDPDK in Containers Hands-on Lab
DPDK in Containers Hands-on Lab
 
Ef09 installing-alfresco-components-1-by-1
Ef09 installing-alfresco-components-1-by-1Ef09 installing-alfresco-components-1-by-1
Ef09 installing-alfresco-components-1-by-1
 
DCEU 18: Tips and Tricks of the Docker Captains
DCEU 18: Tips and Tricks of the Docker CaptainsDCEU 18: Tips and Tricks of the Docker Captains
DCEU 18: Tips and Tricks of the Docker Captains
 
EF09-Installing-Alfresco-components-1-by-1.pdf
EF09-Installing-Alfresco-components-1-by-1.pdfEF09-Installing-Alfresco-components-1-by-1.pdf
EF09-Installing-Alfresco-components-1-by-1.pdf
 
파이썬 개발환경 구성하기의 끝판왕 - Docker Compose
파이썬 개발환경 구성하기의 끝판왕 - Docker Compose파이썬 개발환경 구성하기의 끝판왕 - Docker Compose
파이썬 개발환경 구성하기의 끝판왕 - Docker Compose
 
Docker Networking with New Ipvlan and Macvlan Drivers
Docker Networking with New Ipvlan and Macvlan DriversDocker Networking with New Ipvlan and Macvlan Drivers
Docker Networking with New Ipvlan and Macvlan Drivers
 
Deploy Rails Application by Capistrano
Deploy Rails Application by CapistranoDeploy Rails Application by Capistrano
Deploy Rails Application by Capistrano
 
CoreOS: Control Your Fleet
CoreOS: Control Your FleetCoreOS: Control Your Fleet
CoreOS: Control Your Fleet
 
Hands-On Session Docker
Hands-On Session DockerHands-On Session Docker
Hands-On Session Docker
 
Continuous Delivery with Maven, Puppet and Tomcat - ApacheCon NA 2013
Continuous Delivery with Maven, Puppet and Tomcat - ApacheCon NA 2013Continuous Delivery with Maven, Puppet and Tomcat - ApacheCon NA 2013
Continuous Delivery with Maven, Puppet and Tomcat - ApacheCon NA 2013
 
Running Docker in Development & Production (#ndcoslo 2015)
Running Docker in Development & Production (#ndcoslo 2015)Running Docker in Development & Production (#ndcoslo 2015)
Running Docker in Development & Production (#ndcoslo 2015)
 
Introduction to Docker & CoreOS - Symfony User Group Cologne
Introduction to Docker & CoreOS - Symfony User Group CologneIntroduction to Docker & CoreOS - Symfony User Group Cologne
Introduction to Docker & CoreOS - Symfony User Group Cologne
 
Docker and friends at Linux Days 2014 in Prague
Docker and friends at Linux Days 2014 in PragueDocker and friends at Linux Days 2014 in Prague
Docker and friends at Linux Days 2014 in Prague
 
Docker as an every day work tool
Docker as an every day work toolDocker as an every day work tool
Docker as an every day work tool
 
Real World Experience of Running Docker in Development and Production
Real World Experience of Running Docker in Development and ProductionReal World Experience of Running Docker in Development and Production
Real World Experience of Running Docker in Development and Production
 
Performance all teh things
Performance all teh thingsPerformance all teh things
Performance all teh things
 
Check the version with fixes. Link in description
Check the version with fixes. Link in descriptionCheck the version with fixes. Link in description
Check the version with fixes. Link in description
 
Fargate 를 이용한 ECS with VPC 1부
Fargate 를 이용한 ECS with VPC 1부Fargate 를 이용한 ECS with VPC 1부
Fargate 를 이용한 ECS with VPC 1부
 

More from Puppet

Puppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepoPuppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepoPuppet
 
Puppetcamp r10kyaml
Puppetcamp r10kyamlPuppetcamp r10kyaml
Puppetcamp r10kyamlPuppet
 
2021 04-15 operational verification (with notes)
2021 04-15 operational verification (with notes)2021 04-15 operational verification (with notes)
2021 04-15 operational verification (with notes)Puppet
 
Puppet camp vscode
Puppet camp vscodePuppet camp vscode
Puppet camp vscodePuppet
 
Modules of the twenties
Modules of the twentiesModules of the twenties
Modules of the twentiesPuppet
 
Applying Roles and Profiles method to compliance code
Applying Roles and Profiles method to compliance codeApplying Roles and Profiles method to compliance code
Applying Roles and Profiles method to compliance codePuppet
 
KGI compliance as-code approach
KGI compliance as-code approachKGI compliance as-code approach
KGI compliance as-code approachPuppet
 
Enforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automationEnforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automationPuppet
 
Keynote: Puppet camp compliance
Keynote: Puppet camp complianceKeynote: Puppet camp compliance
Keynote: Puppet camp compliancePuppet
 
Automating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNowAutomating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNowPuppet
 
Puppet: The best way to harden Windows
Puppet: The best way to harden WindowsPuppet: The best way to harden Windows
Puppet: The best way to harden WindowsPuppet
 
Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020Puppet
 
Accelerating azure adoption with puppet
Accelerating azure adoption with puppetAccelerating azure adoption with puppet
Accelerating azure adoption with puppetPuppet
 
Puppet catalog Diff; Raphael Pinson
Puppet catalog Diff; Raphael PinsonPuppet catalog Diff; Raphael Pinson
Puppet catalog Diff; Raphael PinsonPuppet
 
ServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin ReeuwijkServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin ReeuwijkPuppet
 
Take control of your dev ops dumping ground
Take control of your dev ops dumping groundTake control of your dev ops dumping ground
Take control of your dev ops dumping groundPuppet
 
100% Puppet Cloud Deployment of Legacy Software
100% Puppet Cloud Deployment of Legacy Software100% Puppet Cloud Deployment of Legacy Software
100% Puppet Cloud Deployment of Legacy SoftwarePuppet
 
Puppet User Group
Puppet User GroupPuppet User Group
Puppet User GroupPuppet
 
Continuous Compliance and DevSecOps
Continuous Compliance and DevSecOpsContinuous Compliance and DevSecOps
Continuous Compliance and DevSecOpsPuppet
 
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick MaludyThe Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick MaludyPuppet
 

More from Puppet (20)

Puppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepoPuppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepo
 
Puppetcamp r10kyaml
Puppetcamp r10kyamlPuppetcamp r10kyaml
Puppetcamp r10kyaml
 
2021 04-15 operational verification (with notes)
2021 04-15 operational verification (with notes)2021 04-15 operational verification (with notes)
2021 04-15 operational verification (with notes)
 
Puppet camp vscode
Puppet camp vscodePuppet camp vscode
Puppet camp vscode
 
Modules of the twenties
Modules of the twentiesModules of the twenties
Modules of the twenties
 
Applying Roles and Profiles method to compliance code
Applying Roles and Profiles method to compliance codeApplying Roles and Profiles method to compliance code
Applying Roles and Profiles method to compliance code
 
KGI compliance as-code approach
KGI compliance as-code approachKGI compliance as-code approach
KGI compliance as-code approach
 
Enforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automationEnforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automation
 
Keynote: Puppet camp compliance
Keynote: Puppet camp complianceKeynote: Puppet camp compliance
Keynote: Puppet camp compliance
 
Automating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNowAutomating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNow
 
Puppet: The best way to harden Windows
Puppet: The best way to harden WindowsPuppet: The best way to harden Windows
Puppet: The best way to harden Windows
 
Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020
 
Accelerating azure adoption with puppet
Accelerating azure adoption with puppetAccelerating azure adoption with puppet
Accelerating azure adoption with puppet
 
Puppet catalog Diff; Raphael Pinson
Puppet catalog Diff; Raphael PinsonPuppet catalog Diff; Raphael Pinson
Puppet catalog Diff; Raphael Pinson
 
ServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin ReeuwijkServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin Reeuwijk
 
Take control of your dev ops dumping ground
Take control of your dev ops dumping groundTake control of your dev ops dumping ground
Take control of your dev ops dumping ground
 
100% Puppet Cloud Deployment of Legacy Software
100% Puppet Cloud Deployment of Legacy Software100% Puppet Cloud Deployment of Legacy Software
100% Puppet Cloud Deployment of Legacy Software
 
Puppet User Group
Puppet User GroupPuppet User Group
Puppet User Group
 
Continuous Compliance and DevSecOps
Continuous Compliance and DevSecOpsContinuous Compliance and DevSecOps
Continuous Compliance and DevSecOps
 
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick MaludyThe Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
 

Recently uploaded

My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 

Recently uploaded (20)

My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 

PuppetConf 2017: Use Puppet to Tame the Dockerfile Monster- Bryan Belanger, Autostructure

  • 1. Use Puppet to Tame the Dockerfile Monster Bryan Belanger
  • 2. Autostructure Puppet Service Delivery Partner 4 years of Puppet Delivering containers in the Federal Sector
  • 3. What is the Dockerfile Monster? FROM openjdk:7-jre ENV CATALINA_HOME /usr/local/tomcat ENV PATH $CATALINA_HOME/bin:$PATH RUN mkdir -p "$CATALINA_HOME" WORKDIR $CATALINA_HOME # let "Tomcat Native" live somewhere isolated ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR # runtime dependencies for Tomcat Native Libraries # Tomcat Native 1.2+ requires a newer version of OpenSSL than debian:jessie has available # > checking OpenSSL library version >= 1.0.2... # > configure: error: Your version of OpenSSL is not compatible with this version of tcnative # see http://tomcat.10.x6.nabble.com/VOTE-Release-Apache-Tomcat-8-0-32-tp5046007p5046024.html (and following discussion) # and https://github.com/docker-library/tomcat/pull/31 ENV OPENSSL_VERSION 1.1.0f-3 RUN set -ex; if ! grep -q stretch /etc/apt/sources.list; then # only add stretch if we're not already building from within stretch { echo 'deb http://deb.debian.org/debian stretch main'; } > /etc/apt/sources.list.d/stretch.list; { # add a negative "Pin-Priority" so that we never ever get packages from stretch unless we explicitly request them echo 'Package: *'; echo 'Pin: release n=stretch'; echo 'Pin-Priority: -10'; echo; # ... except OpenSSL, which is the reason we're here echo 'Package: openssl libssl*'; echo "Pin: version $OPENSSL_VERSION"; echo 'Pin-Priority: 990'; } > /etc/apt/preferences.d/stretch-openssl; fi RUN apt-get update && apt-get install -y --no-install-recommends libapr1 openssl="$OPENSSL_VERSION" && rm -rf /var/lib/apt/lists/* # see https://www.apache.org/dist/tomcat/tomcat-$TOMCAT_MAJOR/KEYS # see also "update.sh" (https://github.com/docker-library/tomcat/blob/master/update.sh) ENV GPG_KEYS 05AB33110949707C93A279E3D3EFE6B686867BA6 07E48665A34DCAFAE522E5E6266191C37C037D42 47309207D818FFD8DCD3F83F1931D684307A10A5 541FBE7D8F78B25E055DDEE13C370389288584E7 61B832AC2F1C5A90F0F9B00A1C506407564C17A3 713DA88BE50911535FE716F5208B0AB1D63011C7 79F7026C690BAA50B92CD8B66A3AD3F4F22C4FED 9BA44C2621385CB966EBA586F72C284D731FABEE A27677289986DB50844682F8ACB77FC2E86E29AC A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 DCFD35E0BF8CA7344752DE8B6FB21E8933C60243 F3A04C595DB5B6A5F1ECA43E3B7BBB100D811BBE F7DA48BB64BCB84ECBA7EE6935CD23C10D498E23 RUN set -ex; for key in $GPG_KEYS; do gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; done ENV TOMCAT_MAJOR 7 ENV TOMCAT_VERSION 7.0.81 # https://issues.apache.org/jira/browse/INFRA-8753?focusedCommentId=14735394#comment-14735394 ENV TOMCAT_TGZ_URL https://www.apache.org/dyn/closer.cgi?action=download&filename=tomcat/tomcat- $TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz # not all the mirrors actually carry the .asc files :'( ENV TOMCAT_ASC_URL https://www.apache.org/dist/tomcat/tomcat- $TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc # if the version is outdated, we have to pull from the archive :/ ENV TOMCAT_TGZ_FALLBACK_URL https://archive.apache.org/dist/tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz ENV TOMCAT_ASC_FALLBACK_URL https://archive.apache.org/dist/tomcat/tomcat- $TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc RUN set -x && { wget -O tomcat.tar.gz "$TOMCAT_TGZ_URL" || wget -O tomcat.tar.gz "$TOMCAT_TGZ_FALLBACK_URL" ; } && { wget -O tomcat.tar.gz.asc "$TOMCAT_ASC_URL" || wget -O tomcat.tar.gz.asc "$TOMCAT_ASC_FALLBACK_URL" ; } && gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz && tar -xvf tomcat.tar.gz --strip-components=1 && rm bin/*.bat && rm tomcat.tar.gz* && nativeBuildDir="$(mktemp -d)" && tar -xvf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1 && nativeBuildDeps=" dpkg-dev gcc libapr1-dev libssl-dev make openjdk- ${JAVA_VERSION%%[-~bu]*}-jdk=$JAVA_DEBIAN_VERSION " && apt-get update && apt-get install -y --no-install-recommends $nativeBuildDeps && rm -rf /var/lib/apt/lists/* && ( export CATALINA_HOME="$PWD" && cd "$nativeBuildDir/native" && gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" && ./configure --build="$gnuArch" --libdir="$TOMCAT_NATIVE_LIBDIR" --prefix="$CATALINA_HOME" --with-apr="$(which apr-1- config)" --with-java-home="$(docker-java-home)" --with-ssl=yes && make -j "$(nproc)" && make install ) && apt-get purge -y --auto-remove $nativeBuildDeps && rm -rf "$nativeBuildDir" && rm bin/tomcat-native.tar.gz # sh removes env vars it doesn't support (ones with periods) # https://github.com/docker-library/tomcat/issues/77 && find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' + # verify Tomcat Native is working properly RUN set -e && nativeLines="$(catalina.sh configtest 2>&1)" && nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')" && nativeLines="$(echo "$nativeLines" | sort -u)" && if ! echo "$nativeLines" | grep 'INFO: Loaded APR based Apache Tomcat Native library' >&2; then echo >&2 "$nativeLines"; exit 1; fi EXPOSE 8080 CMD ["catalina.sh", "run"]
  • 4. Which one covers all operating systems?
  • 5. Which one configures your platform?
  • 6. Which is easier? Static Dockerfile FROM openjdk:7-jre ENV CATALINA_HOME /usr/local/tomcat ENV PATH $CATALINA_HOME/bin:$PATH RUN mkdir -p "$CATALINA_HOME" WORKDIR $CATALINA_HOME # let "Tomcat Native" live somewhere isolated ENV TOMCAT_NATIVE_LIBDIR $CATALINA_HOME/native-jni-lib ENV LD_LIBRARY_PATH ${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$TOMCAT_NATIVE_LIBDIR # runtime dependencies for Tomcat Native Libraries # Tomcat Native 1.2+ requires a newer version of OpenSSL than debian:jessie has available # > checking OpenSSL library version >= 1.0.2... # > configure: error: Your version of OpenSSL is not compatible with this version of tcnative # see http://tomcat.10.x6.nabble.com/VOTE-Release-Apache-Tomcat-8-0-32-tp5046007p5046024.html (and following discussion) # and https://github.com/docker-library/tomcat/pull/31 ENV OPENSSL_VERSION 1.1.0f-3 RUN set -ex; if ! grep -q stretch /etc/apt/sources.list; then # only add stretch if we're not already building from within stretch { echo 'deb http://deb.debian.org/debian stretch main'; } > /etc/apt/sources.list.d/stretch.list; { # add a negative "Pin-Priority" so that we never ever get packages from stretch unless we explicitly request them echo 'Package: *'; echo 'Pin: release n=stretch'; echo 'Pin-Priority: -10'; echo; # ... except OpenSSL, which is the reason we're here echo 'Package: openssl libssl*'; echo "Pin: version $OPENSSL_VERSION"; echo 'Pin-Priority: 990'; } > /etc/apt/preferences.d/stretch-openssl; fi RUN apt-get update && apt-get install -y --no-install-recommends libapr1 openssl="$OPENSSL_VERSION" && rm -rf /var/lib/apt/lists/* # see https://www.apache.org/dist/tomcat/tomcat-$TOMCAT_MAJOR/KEYS # see also "update.sh" (https://github.com/docker- library/tomcat/blob/master/update.sh) ENV GPG_KEYS 05AB33110949707C93A279E3D3EFE6B686867BA6 07E48665A34DCAFAE522E5E6266191C37C037D42 47309207D818FFD8DCD3F83F1931D684307A10A5 541FBE7D8F78B25E055DDEE13C370389288584E7 61B832AC2F1C5A90F0F9B00A1C506407564C17A3 713DA88BE50911535FE716F5208B0AB1D63011C7 79F7026C690BAA50B92CD8B66A3AD3F4F22C4FED 9BA44C2621385CB966EBA586F72C284D731FABEE A27677289986DB50844682F8ACB77FC2E86E29AC A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 DCFD35E0BF8CA7344752DE8B6FB21E8933C60243 F3A04C595DB5B6A5F1ECA43E3B7BBB100D811BBE F7DA48BB64BCB84ECBA7EE6935CD23C10D498E23 RUN set -ex; for key in $GPG_KEYS; do gpg --keyserver ha.pool.sks- keyservers.net --recv-keys "$key"; done ENV TOMCAT_MAJOR 7 ENV TOMCAT_VERSION 7.0.81 # https://issues.apache.org/jira/browse/INFRA- 8753?focusedCommentId=14735394#comment-14735394 ENV TOMCAT_TGZ_URL https://www.apache.org/dyn/closer.cgi?action=download&filename=tomcat/tomcat- $TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz # not all the mirrors actually carry the .asc files :'( ENV TOMCAT_ASC_URL https://www.apache.org/dist/tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc # if the version is outdated, we have to pull from the archive :/ ENV TOMCAT_TGZ_FALLBACK_URL https://archive.apache.org/dist/tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz ENV TOMCAT_ASC_FALLBACK_URL https://archive.apache.org/dist/tomcat/tomcat-$TOMCAT_MAJOR/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz.asc RUN set -x && { wget -O tomcat.tar.gz "$TOMCAT_TGZ_URL" || wget -O tomcat.tar.gz "$TOMCAT_TGZ_FALLBACK_URL" ; } && { wget -O tomcat.tar.gz.asc "$TOMCAT_ASC_URL" || wget -O tomcat.tar.gz.asc "$TOMCAT_ASC_FALLBACK_URL" ; } && gpg --batch --verify tomcat.tar.gz.asc tomcat.tar.gz && tar -xvf tomcat.tar.gz --strip-components=1 && rm bin/*.bat && rm tomcat.tar.gz* && nativeBuildDir="$(mktemp -d)" && tar -xvf bin/tomcat-native.tar.gz -C "$nativeBuildDir" --strip-components=1 && nativeBuildDeps=" dpkg-dev gcc libapr1-dev libssl-dev make openjdk-${JAVA_VERSION%%[-~bu]*}-jdk=$JAVA_DEBIAN_VERSION " && apt-get update && apt-get install -y --no-install-recommends $nativeBuildDeps && rm -rf /var/lib/apt/lists/* && ( export CATALINA_HOME="$PWD" && cd "$nativeBuildDir/native" && gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" && ./configure -- build="$gnuArch" --libdir="$TOMCAT_NATIVE_LIBDIR" --prefix="$CATALINA_HOME" --with-apr="$(which apr-1-config)" --with-java-home="$(docker-java-home)" --with-ssl=yes && make -j "$(nproc)" && make install ) && apt-get purge -y --auto-remove $nativeBuildDeps && rm -rf "$nativeBuildDir" && rm bin/tomcat-native.tar.gz # sh removes env vars it doesn't support (ones with periods) # https://github.com/docker-library/tomcat/issues/77 && find ./bin/ -name '*.sh' -exec sed -ri 's|^#!/bin/sh$|#!/usr/bin/env bash|' '{}' + # verify Tomcat Native is working properly RUN set -e && nativeLines="$(catalina.sh configtest 2>&1)" && nativeLines="$(echo "$nativeLines" | grep 'Apache Tomcat Native')" && nativeLines="$(echo "$nativeLines" | sort -u)" && if ! echo "$nativeLines" | grep 'INFO: Loaded APR based Apache Tomcat Native library' >&2; then echo >&2 "$nativeLines"; exit 1; fi EXPOSE 8080 CMD ["catalina.sh", "run"] Puppet Manifest include ::java ::tomcat::install { '/usr/local/tomcat': user => 'tomcat_admin', group => 'tomcat', source_url => 'http://url.tar.gz', require => Class['::java'], }
  • 7. The Point is We Don’t Use a Dockerfile We Use the image_build module
  • 8. Our Goals Easy to Use Users don’t need to know Puppet Be easy to update Rebuild on demand
  • 9. Steps to Tame the Dockerfile 1. Create an image_build framework 2. Build our template 3. Build our logic in a module 1. Installation 2. Configuration 3. Securing 4. Making immutable 4. Build your pipeline 5. Configure your first application (Repeat)
  • 11. A Standard Project Template Templates are one per platform. Development copies once per project. Logic doesn’t go here. my_awesome_tomcat_template hieradata common.yaml manifests init.pp hiera.yaml Jenkinfile metadata.yaml Puppetfile
  • 12. Let’s Build our Template Most of the Template is Static
  • 13. The Unchanging Files These (mostly) never change. Developed by Puppet team only. my_awesome_tomcat_template manifests init.pp hiera.yaml Jenkinfile metadata.yaml Puppetfile
  • 14. Puppetfile Standard Puppetfile setup. Includes module and dependencies. forge 'https://forgeapi.puppetlabs.com' mod 'autostructure-cis_harden_tomcat' mod 'autostructure-docker_tomcat_module' mod 'puppetlabs-java', '2.1.0' mod 'puppetlabs-tomcat', '2.0.0' mod 'puppetlabs-stdlib', '4.20.0' mod 'puppetlabs-concat', '4.0.1' mod 'puppet-staging', '2.2.0' mod 'puppet-archive', '1.3.0'
  • 15. metadata.yaml Basic container setup. Dev team changes image_name. cmd: - /usr/local/tomcat/bin/catalina.sh - run - -security expose: 8080 image_name: autostructure/sample image_user: tomcat_admin
  • 16. hiera.yaml Boilerplate. Probably all you need. --- :hierarchy: - common :backends: - yaml :yaml: :datadir: 'hieradata/'
  • 17. init.pp Include your module Yes, that’s it. --- include ::docker_tomcat_module
  • 18. Jenkinsfile Build Test Repeatable checkout scm docker.image('ruby:2.3.3').inside('-u root') { stage('Install Puppet') { } } stage('Build Container') { }
  • 19. Next Build Your Logic in a Module init.pp does the heavy lifting
  • 20. install.pp Standard installation. Repeatable ‘mostly’ everywhere. include ::java ::tomcat::install { '/usr/local/tomcat': user => 'tomcat_admin', group => 'tomcat', require => Class['::java'], }
  • 21. We have a completed image puppet docker build
  • 22. configure.pp One lambda block per resource. Allows flexible implementations. # Get the application war files $wars = lookup('wars') # Install wars $wars.each | String $war, Hash $values | { ::tomcat::war { $war: catalina_base => $values['catalina_base'], app_base => $values['app_base'], … } }
  • 23. secure.pp Harden it now. Security team will ask anyway. ::cis_harden_tomcat::harden_catal { '/usr/tomcat': catalina_home => '/usr/local/tomcat', require => ::Tomcat::Install['/usr/tomcat'], }
  • 24. configure.pp Optional? Puppet can inject ENV values. # Get the global resources needed for connectivity $environment_vars = lookup('environment_vars') $environment_vars.each | $value | { file_line { "${value}_catalina": path => '/usr/tomcat/bin/catalina.sh', line => "CATALINA_OPTS…$CATALINA_OPTS"", after => '^PRGDIR=.*', } }
  • 25. How would you do this in a Dockerfile?
  • 27. Jenkinsfile Use your CI pipeline to build: puppet docker build
  • 28. Our Template is Done! Let’s make it work
  • 29. Configure Your First Application
  • 30. common.yaml Teach your dev teams YAML. One entry per resource. --- # Use static catalina home for docker build catalina_home: &catalina_home /usr/local/tomcat properties_properties: {} # WAR files to install wars: sample.war: war_source: https://tomcat.org/sample.war
  • 31. common.yaml --- # Use static catalina home for docker build catalina_home: &catalina_home /usr/local/tomcat properties_properties: {} # WAR files to install wars: sample.war: catalina_base: *catalina_home war_source: https://tomcat. org/tomcat/sample.war
  • 32. Where You Can Find Out More Docker Tomcat Template: https://github.com/autostructure/docker_tomcat_template Docker Tomcat Module: https://github.com/autostructure/docker_tomcat_module Puppet Image Build Module: https://forge.puppet.com/puppetlabs/image_build
  • 33. Celebrate your Victory with Puppet!

Editor's Notes

  1. Very long Very proprietary No configuration in here.
  2. Your ops team likely has a platform they are comfortable with (Support etc.) You will want to manage them with one language.
  3. Docker is full of artisan container setups. You want to have a consistent way to manage them.
  4. Easy to use: 1. Most organization have a lot going on. Don’t want big learning curve. 2. We want adoption and value early Easy to update: 1. Organizations change demands a lot. Like security. 2. This change needs to happen quickly. Rebuild on demand: 1. If a major change needs to happen we have to create good boxes. 2. Our development teams need a good pipeline.
  5. We need consistent tooling in a complex organization. These are the files necessary to use image_build module.
  6. These files are developed one time by your Puppet team. Since these are boilerplate they can be mostly ignored; therefore simpler to educate your teams.
  7. This is a great abstraction! Will work on whatever platform you like.
  8. Basic install. This will work on most OSs. For instance: go to boss. Yep we got WIN covered.
  9. Allows fine grain control of resource. Important because you may want to block in own implementations.
  10. Docker is good, but open to internal exploits. For instance JSP vulnerablity.
  11. Immutability will allow true portability of your organization components. Goodbye pain of migration.
  12. You have made it VERY easy to build your container. Easy for developers to adopt.
  13. YAML is easy to learn. Dev teams can pick it up easily. Your ready to begin delivering containers at scale.