Puppet Camp LA 2015: Server Management with Puppet on AWS for a fast-growing startup (Beginner)

•

4 likes•1,322 views

- Puppet is used to manage 43 physical servers and 97 EC2 instances at Thumbtack, with roughly half the EC2 instances used for staging and research. - A custom AMI and shell script were created to automate server provisioning and distribute configuration in a standardized way across environments. - A development workflow was established using additional Puppet masters so developers can test changes locally or on staging instances before pushing to the main Puppet master.

Software

Server Management with
Puppet on AWS
Marco Almeida - Site Reliability Engineer

About us
Thumbtack helps you
accomplish the personal
projects that are central to
your life.
Whether you need to paint
your home, learn a new
language, or plan your
daughter's birthday party,
Thumbtack is the easiest
and most dependable way
to hire the right
professional for your
projects.

Our infrastructure
● 43 physical servers
● 97 EC2 instances
○ roughly half for staging/research purposes
● Everything managed with Puppet

Scaling the infrastructure
● Goals:
○ completely automate server provisioning
○ proper development environment for the
whole team
○ good way of distributing sensitive
information
● Two components:
○ Custom AMI + a shell script
○ Puppet

Scaling the infrastructure
● Debian 7 (Wheezy) or 8 (Jessie)
● Simple, i.e., minimal base system
○ include the contrib and non-free areas
○ don't install suggested packages by default
The custom AMI

Scaling the infrastructure
● Set the hostname
● Update DNS (forward and reverse)
● Run the Puppet agent
● Notify Slack
● Uninstall itself
● Reboot
● Log everything
The shell script

Configuration Management
Bootstrapping servers
1. Generate new SSL key and request a
new certificate
2. Run policy-based autosign script
3. Compile catalog
4. Download catalog
5. Apply the catalog
1. Basic checks: certname was provided, no
certificate with the same name has already been
signed, etc.
2. Verify that an instance with the exact same
name exists
3. ...
1
puppet.internal
bender.internal
2, 34
5

Configuration Management
Development environment
In the old days...
● Git repo
● Single puppet master
● No staging environment

Configuration Management
Development environment
In the old days...
● Write code
● Commit
● Push
● Update master
● Dry run on some node
Syntax error at 'FOO'; expected '}' at BAR

Configuration Management
Development environment
In the old days...
● Write code
● Commit
● Push
● Update master
● Dry run on some node
Could not find class FOO

Configuration Management
Development environment
In the old days...
● Write code
● Commit
● Push
● Update master
● Dry run on some node
Duplicate declaration: Package[FOO] is
already declared

Configuration Management
Development environment
In the old days...
● Write code
● Commit
● Push
● Update master
● Dry run on some node
Could not apply complete catalog: Found 1
dependency cycle

Configuration Management
Development environment
puppet.internal
bender.internalGit
fry.internal
.
.
.
dev-1.internal
dev-2.internal
dev-3.internal
Puppet masters

Configuration Management
Development environment
● A few extra configuration options
○ ca = false
○ dns_alt_names = dev-1, dev-1.internal,
puppet, puppet.internal
● Test changes locally or from a staging box
○ puppetd --test --server dev-1.internal

Configuration Management
Development environment
● Write code
● Test changes
● Commit
● Code review
● Push
● Update master
● Let the agent do its thing

Configuration Management
Sensitive data
● Problem
○ Licence keys
○ Passwords
○ Anything that shouldn’t be on Github
● The solution we want
○ Easy to use with Puppet code, e.g.,
templates
○ Shouldn’t require another password
○ Simple and easy to understand

Configuration Management
Sensitive data
● Easy to use
○ Variables
● Don’t require another password
○ IAM role
● Simple and easy to understand
○ S3 or DynamoDB

Configuration Management
Sensitive data
● Store the data on an S3 Bucket (or DynamoDB)
● Create an IAM role with read-only permissions
● Assign the role to all puppet master instances
● Use an ENC
○ On every run Puppet gets all the sensitive
data relevant to that node
○ Data is made available through top-scope
variables

$Configuration Management Sensitive data class { 'datadog': stage => monitoring, api_key => $::datadog_api_key, } production: host: puppetdashboard.foo.rds.amazonaws.com database: puppetdashboard password: <%= @puppetdashboard_db_password %>$

Configuration Management
Speed things up
● Re-deploy the provisioning script
● Create an AMI

Configuration Management
Conclusion
● Each developer has his/hers own puppet
master
● Changes can be easily tested locally or on
staging instances
○ just point the agent to your puppet master
● Development can happen in parallel
● No need to babysit agent runs
● All standard tools, didn’t reinvent the wheel

In 2011, CERN decided to start using Puppet as main tool for development, machines configuration and provisioning as replacement of Quattor. Since then the infrastructure has changed a lot, the "Agile infrastructure" project evolved is a series of tools and softwares that currently allow more than 10.000 nodes to be configured and provisioned following custom definitions. Foreman, Git, Openstack and our homemade librarian Jens are only a few of the tools that will be described during the talk, that aims to give an overview about the current workflow for machines lifecycle at CERN. This talk will cover how Puppet allows us to deal with several hundred of installations a day and, at the same time, provide highly customizable machine configurations for service owners.

Getting started with puppet and vagrant (1)

Puppet

Puppet Camp Sydney 2015: Puppet and AWS is easy right.....?

Puppet

Puppet and AWS is easy ...... ? This document discusses how Puppet and AWS were used to automate infrastructure at Healthdirect Australia. It describes how manual deployments, lack of testing and inconsistent environments were solved through implementing Puppet for configuration management and AWS modules. Key steps included establishing solid development practices with Vagrant and testing, integrating Puppet with continuous delivery tools, and developing AWS modules for provisioning infrastructure through Puppet. Current work aims to integrate Docker scheduling and dynamic service discovery.

Puppet Camp Paris 2015: Continuous Integration of Puppet Code (Intermediate)

Puppet

Experiences from Running Masterless Puppet - PuppetConf 2014

Puppet

This document summarizes Spotify's experiences with running Puppet in a masterless configuration. Some key points: - Spotify previously used multiple Puppet masters but switched to a masterless setup to allow for more flexible workflows and continuous delivery of applications and configurations. - In the masterless setup, each node runs Puppet apply directly using Hiera data to determine which modules to use for that run. - Benefits of the masterless approach include easier debugging and ability to control modules on a per-node basis. Drawbacks require more manual configuration. - Spotify uses a custom Ruby wrapper, PuppetDB for facts/catalog storage, and a secret management service to support the masterless infrastructure.

De-centralise and Conquer: Masterless Puppet in a Dynamic Environment

Puppet

.NET on Linux: Entity Framework Core 1.0

All Things Open

Running at Scale: Practical Performance Tuning with Puppet - PuppetConf 2013

Puppet

This document summarizes Sam Kottler's presentation on using Puppet at large scales. It discusses master-based vs masterless provisioning, certificate authority management, clustering patterns, node classification, external node classifiers, packaging for masterless deployments, distributed runs, deployment practices, and controlled releases. The presentation covers topics relevant to managing massive, multi-datacenter infrastructure with Puppet.

The complexity of a typical OpenNebula installation brings a special set of challenges on the monitoring side. In this talk, I will show monitoring of a full stack of from the physical servers to storage layer and ONE daemon. Providing an aggregated view of this information allows you see the real impact of a certain failure. I would like to also present a use case for a “closed-loop” setup where new VMs are automatically added to the monitoring without human intervention, allowing for an efficient approach to monitoring the services a OpenNebula setup provides.

OpenNebulaConf2018 - 5 Things We Wish We Knew Before Deploying OpenNebula in ...

OpenNebula Project

The document discusses 5 things the author wishes they knew before deploying OpenNebula in production. It describes issues they encountered such as strange VM reboots due to OpenNebula context variables, high traffic overloading the conntrack table, request timeouts due to CPU overprovisioning, and challenges with live migration of VMs using local storage in KVM. The author provides workarounds and lessons learned around testing performance, understanding the Linux networking stack, and using regular vs live vs offline VM migration options in OpenNebula.

OpenNebula Conf 2014: CentOS, QA an OpenNebula - Christoph Galuschka

NETWAYS

CentOS, the Community Enterprise OS, uses Opennebula as virtualization plattform for its automated QA-process. The opennebula setup consists of 3 nodes, all running CentOS-6, who handle the following tasks: – sunstone as cloud controller – local mirror/DNS-Server/http-Server for the VMs to pull in packages – one VM to run a jenkins instance to launch the various tests (ci.de.centos.org) – nginx on the cloud controller to forward http traffic to the jenkins VM A public git repository (http://www.gitorious.org/testautomation) is used to allow whoever wants to contribute to pull the current test suite – t_functional, a series of bash scripts used to do funtional tests of various applications, binaries, configuration files and Trademark issues. As new tests are added to the repo via personal clones and merge requests, those tests first need to complete a test run via jenkins. Each test run currently consists of 4 VMs (one for each arch for C5 and C6 – C7 to come), which run the complete test suite. All VMs used for theses tests are instantiated and torn down on demand, whenever the call to testrun a personal clone is issued (via IRC). Once completed successfully, the request is merged into the main repo. The jenkins node monitors this repository and which automatically triggers another complete test run. Besides these triggered test runs, the test suite is automatically triggered daily to run. This is used to verify functionality of published updates – a handfull of failty updates have allready been discovered this way. Besides t_functional, the Linux Test Project Suite of tests is also run on a daily basis, also to verify functionality of the OS and all updates. The third setup is used to test the available and functional integrity of published docker images for CentOS. All these tests are later – during the QA-phase of a point release – used to verify functionality of new packages inside the CentOS QA-Setup.

Red Hat Satellite 6 - Automation with Puppet

Michael Lessard

Satellite 6 introduces new features for automation including improved support for Puppet. Puppet allows for recipe-style configuration management and drift management. The presentation demonstrates installing and configuring Puppet on a server and client, writing Puppet code to manage files and directories, and using the Puppet dashboard. Considerations for using Puppet with Satellite 6 include keeping Puppet modules modular and mapping modules to Satellite host groups.

Puppet Camp Chicago 2014: Running Multiple Puppet Masters (Beginner)

Puppet

Masterless puppet

Jesus Nunez

Jesus Nunez presented on using Puppet in a decentralized, masterless architecture. In a masterless configuration, each node pulls Puppet code and modules from a central Git repository and compiles its own catalog without a master server. A remote executor is used to trigger Puppet runs on nodes by updating code via Librarian Puppet, generating Puppet and ENC files, and running Puppet apply commands. This allows distributed processing without a single point of failure compared to a traditional master-node architecture.

OpenNebula Conf 2014 | Puppet and OpenNebula - David Lutterkort

NETWAYS

Many facets of using an IaaS cloud like OpenNebula can be greatly simplified by using a configuration management tool such as Puppet. This includes the management of hosts as well as the management of cloud resources such as virtual machines and networks. Of course, Puppet can also play an important role in the management of the actual workload of virtual machine instances. Besides using it in the traditional, purely agent-based way, it is also possible to use Puppet during the building of machine images. This serves two purposes: firstly, it speeds up the initial Puppet run when an instance is launched off that image, sometimes quite dramatically. Secondly, it supports operating immutable infrastructure without losing Puppet’s benefits to organize and simplify the description of the entire infrastructure. This talk will show how Puppet can be used by adminsitrators to manage OpenNebula hosts, and by users to manage their infrastructure as well as how to use Puppet during image builds.

Making Spinnaker Go @ Stitch Fix

Diana Tkachenko

A talk I gave at the recent Advanced AWS Meeup - this is a detailed guide to how I installed and set up Spinnaker to work with our infrastructure at Stitch Fix. I go over the various problems I ran into and how I solved them. I hope this can be useful for others setting up, or interested in setting up Spinnaker for their purposes. **Big thanks to Armory for recording the talks! Video for this talk can be found here: https://youtu.be/ywzPblFpIE0 (I'm the second speaker)**

OpenNebula, the foreman and CentOS play nice, too

inovex GmbH

This document discusses setting up a private cloud using OpenNebula and the Foreman. It begins with an introduction and agenda. It then covers installing CentOS, setting up a local YUM repository using Pulp, installing the Foreman for bare metal provisioning, and using Puppet modules. It demonstrates deploying OpenNebula nodes using the Foreman and provides an overview of accessing the new cloud. It notes there are some rough edges to address but the modules are minor. It concludes by thanking the audience and providing contact information.

Continuously-Integrated Puppet in a Dynamic Environment

Puppet

This talk will show how we deploy Puppet without a Puppetmaster on an autoscaling Amazon Web Services infrastructure. Key points of interest: - Masterless Puppet - Use of Jenkins for Puppet manifest testing and environment promotion (test->staging->production) - Puppet integration with Amazon CloudFormation Sam Bashton Director, Bashton Ltd After working for a number of Internet Service Providers, Sam founded Bashton Ltd in 2004. Focussing exclusively on Linux and Open Source software, Sam and his team provide consultancy, support and 24/7 infrastructure management for a number of high-traffic websites. A serial early adopter, Sam has travelled the world providing training and consultancy and generally spreading the Open Source message. Sam lives in Manchester, UK.

PuppetCamp Sydney 2012 - Building a Multimaster Environment

Greg Cockburn

This document discusses a solution for providing Puppet services globally across multiple regions with poor WAN connectivity. The solution involves building a "Puppeteer" master that acts as a central point of entry for code updates and certificate management. It ensures Puppet masters in each region are in sync. LDAP is used as an external node classifier to provide node definitions across regions. The Puppet file server replicates configuration between masters. F5 load balancers route clients to the nearest master and provide high availability if any master fails. Workflows for adding new servers and masters are also summarized.

Puppet Availability and Performance at 100K Nodes - PuppetConf 2014

Puppet

This document discusses challenges encountered when scaling Puppet to manage over 100,000 nodes, and proposes an alternative approach called PVC (Puppet Variable Control) to help address those challenges. Some key issues identified include uneven and unpredictable Puppet run times that cause system thrashing. PVC aims to run Puppet reactively based on available capacity and local file changes, using frequent pings and fact collection to determine run timing in a way that achieves a flat and consistent service curve. It also aims to improve security by running Puppet immediately when monitored files change outside of Puppet runs.

Puppet in the Pipeline

Puppet

Jesse Olson - Nagios Log Server Architecture Overview

Nagios

OMD and Check_mk

Artur Martins

This document provides a 15 minute crash course on OMD (Open Monitoring Distribution) and Check_MK. It discusses what OMD and Check_MK are, the data collection process, how to deploy OMD and the Check_MK agent, and provides recommendations. OMD is not a Linux distribution but a set of tools for running multiple monitoring instances per host with separate users. Check_MK is a Nagios addon that provides automatic service detection, hierarchical configuration, and high performance passive checks. It then outlines how to install OMD, install and configure the Check_MK agent, create an OMD instance, and access the multisite interface. Security recommendations include filtering iptables to only allow traffic from the monitoring server.

OSDC 2015: Matthias Klein | How to use Open Source Software to have near Prod...

NETWAYS

This document discusses how to use open source tools like Puppet, Jenkins, and Vagrant to create development and testing environments that closely mimic production. It recommends configuring Puppet to provision development environments locally in Vagrant VMs as well as provisioning test VMs in Jenkins. It also provides guidance on setting up a local Debian package repository to control software versions and deploy applications via packages.

Integrate Openshift with Cloudforms

Michael Lessard

This document provides an overview of how to integrate Red Hat CloudForms 4 with OpenShift 3 to retrieve container metrics. It describes demonstrating the integration, installing and configuring CloudForms 4 to add OpenShift 3.1 as a container provider, configuring Hawkular on OpenShift to expose metrics via the Hawkular Metrics API, and modifying the Hawkular configuration to make it compatible with how CloudForms expects to retrieve metrics. The presentation contains steps for configuring CloudForms and OpenShift, creating service accounts, adding roles, and configuring routes to expose the Hawkular Metrics API on a port CloudForms can access.

Introduction to ansible

Mukul Malhotra

Ansible is an IT automation tool that allows users to configure, deploy, and manage applications and infrastructure through code. It uses YAML files called playbooks to execute tasks on remote machines via SSH. Playbooks contain modules that represent tasks like installing packages or restarting services. Ansible has no central server and uses an agentless model. Users create an inventory file that lists hosts and groups, and Ansible uses facts to gather details about remote machines. It can be used for ad-hoc commands or configured playbooks and allows for easy management of infrastructure and applications through code.

OpenNebula Conf 2014 | OpenNebula as Open Replacement of vCloud by Javier Fontan

NETWAYS

OpenNebula provides a subset of the functionality offered by proprietary solutions, like VMware’s vCloud Director. This subset is enough for most infrastructure owners, and in exchange OpenNebula let’s you manage a cloud infrastructure without an army of system administrators. Because it is completely hypervisor agnostic, fully supports VMware, and is easy to install, maintain and use within existing VMware environments, OpenNebula is widely used as an open alternative to VMware vCloud at significantly lower costs. Some of our users also see OpenNebula as a migration tool that allows them to perform a smooth transition from VMware to more open hypervisor alternatives like KVM. In other words OpenNebula leverages existing VMware infrastructure, protecting IT investments, and at the same time avoids future vendor lock-in, strengthening the negotiating position of the enterprise.

De-centralise and conquer: Masterless Puppet in a dynamic environment

Sam Bashton

Strategies for developing and deploying your embedded applications and images

Mender.io

We will delve into multiple strategies you can use for developing and deploying code to embedded devices. We will compare and contrast the following: – Lightweight package managers: ipkg/opkg – Desktop package managers: rpm/deb – Configuration Management Tools – Smart Package Manager – Yocto Runtime Package Management – PXE boot – OTA updaters: Mender As with any decision, it is rarely black-and-white and we will cover some of the benefits and the limitations of all the different methods mentioned, to make sure you have the most critical information needed to decide for yourself whether a given strategy would be a good fit for your embedded application development. This talk will cover how different mechanisms are implemented in the real world and how choosing the right strategy, understanding its benefits and drawbacks, can speed up and improve the whole development process.

What's hot

Mike Guthrie - Revamping Your 10 Year Old Nagios Installation

Nagios

Monitoring of OpenNebula installations

NETWAYS

OpenNebulaConf2018 - 5 Things We Wish We Knew Before Deploying OpenNebula in ...

OpenNebula Project

OpenNebula Conf 2014: CentOS, QA an OpenNebula - Christoph Galuschka

NETWAYS

Red Hat Satellite 6 - Automation with Puppet

Michael Lessard

Puppet Camp Chicago 2014: Running Multiple Puppet Masters (Beginner)

Puppet

Masterless puppet

Jesus Nunez

OpenNebula Conf 2014 | Puppet and OpenNebula - David Lutterkort

NETWAYS

Making Spinnaker Go @ Stitch Fix

Diana Tkachenko

OpenNebula, the foreman and CentOS play nice, too

inovex GmbH

Continuously-Integrated Puppet in a Dynamic Environment

Puppet

PuppetCamp Sydney 2012 - Building a Multimaster Environment

Greg Cockburn

Puppet Availability and Performance at 100K Nodes - PuppetConf 2014

Puppet

Puppet in the Pipeline

Puppet

Jesse Olson - Nagios Log Server Architecture Overview

Nagios

OMD and Check_mk

Artur Martins

OSDC 2015: Matthias Klein | How to use Open Source Software to have near Prod...

NETWAYS

Integrate Openshift with Cloudforms

Michael Lessard

Introduction to ansible

Mukul Malhotra

OpenNebula Conf 2014 | OpenNebula as Open Replacement of vCloud by Javier Fontan

NETWAYS

What's hot (20)

Mike Guthrie - Revamping Your 10 Year Old Nagios Installation

Monitoring of OpenNebula installations

OpenNebulaConf2018 - 5 Things We Wish We Knew Before Deploying OpenNebula in ...

OpenNebula Conf 2014: CentOS, QA an OpenNebula - Christoph Galuschka

Red Hat Satellite 6 - Automation with Puppet

Puppet Camp Chicago 2014: Running Multiple Puppet Masters (Beginner)

Masterless puppet

OpenNebula Conf 2014 | Puppet and OpenNebula - David Lutterkort

Making Spinnaker Go @ Stitch Fix

OpenNebula, the foreman and CentOS play nice, too

Continuously-Integrated Puppet in a Dynamic Environment

PuppetCamp Sydney 2012 - Building a Multimaster Environment

Puppet Availability and Performance at 100K Nodes - PuppetConf 2014

Puppet in the Pipeline

Jesse Olson - Nagios Log Server Architecture Overview

OMD and Check_mk

OSDC 2015: Matthias Klein | How to use Open Source Software to have near Prod...

Integrate Openshift with Cloudforms

Introduction to ansible

OpenNebula Conf 2014 | OpenNebula as Open Replacement of vCloud by Javier Fontan

Similar to Puppet Camp LA 2015: Server Management with Puppet on AWS for a fast-growing startup (Beginner)

De-centralise and conquer: Masterless Puppet in a dynamic environment

Sam Bashton

Strategies for developing and deploying your embedded applications and images

Mender.io

A3Sec Advanced Deployment System

a3sec

This document discusses using SaltStack to manage Alienvault infrastructure. SaltStack is an open source tool for configuration management and remote execution that can control and deploy configurations to all servers. It has a simple architecture with a master server and minion clients. Custom modules, states, grains and templates can extend SaltStack's capabilities. Targeting allows applying configurations selectively based on server attributes. This enables centralized yet flexible management of an entire Alienvault deployment.

More Dev. Less Drama.pdf

WP Engine

Network Automation: Ansible 101

APNIC

This document provides an overview and agenda for an Ansible 101 tutorial on network automation. It introduces Ansible concepts like playbooks, templates, variables, roles, and tasks. The tutorial will cover setting up an inventory and roles to generate network device configurations from templates using variables. It also discusses debugging Ansible and provides resources for learning more about network automation with Ansible.

Puppet Camp Tokyo 2014: Puppet Is Most of Your Documentation

Puppet

IT Automation with Puppet Enterprise

Anuchit Chalothorn

Nagios Conference 2014 - Eric Mislivec - Getting Started With Nagios Core

Nagios

Scaling Magento

Copious

This document summarizes strategies for scaling a Magento installation. It discusses code management techniques like using good IDE tools and avoiding modifying core files. It outlines hardware profiles including networks, databases, caches and utility servers. It describes the team structure with 16 committers across 5 departments and 31 vendors. Effective communication practices and documentation are emphasized. Release processes, deployments, community participation and collaboration texts are also summarized.

Deploying software at Scale

Kris Buytaert

This document discusses deploying software at scale through automation. It advocates treating infrastructure as code and using version control, continuous integration, and packaging tools. The key steps are to automate deployments, make them reproducible, and deploy changes frequently and consistently through a pipeline that checks code, runs tests, builds packages, and deploys to testing and production environments. This allows deploying changes safely and quickly while improving collaboration between developers and operations teams.

Devops with Python by Yaniv Cohen DevopShift

Yaniv cohen

This document discusses implementing DevOps with Python using Ansible. It provides an agenda for the presentation including discussing DevOps hotspots, infrastructure as code with Ansible, continuous integration/continuous delivery (CI/CD) using TravisCI and CircleCI, and an open discussion on monitoring and automated tests. It then covers problems commonly faced, how DevOps solves these problems, and the expected benefits of adopting a DevOps culture including standardized environments, infrastructure as code, automated delivery, monitoring, and improved collaboration. It provides an overview of Ansible concepts like inventories, ad-hoc commands, modules, playbooks, roles, and templates. It also demonstrates writing a custom Python module for Ansible and using it in a playbook. Finally, it

Second Skin: Real-Time Retheming a Legacy Web Application with Diazo in the C...

Chris Shenton

CodeFest 2013. Mosesohn M. — Automating environments with Cobbler

CodeFest

Cobbler is a tool that automates system installation and management. It reduces installation time by providing a simple web UI and command line to manage kickstart templates and provision a large number of systems. Cobbler was created to simplify Linux installation and allow for frequent reinstallations as required by software development. It uses a DHCP and TFTP server to remotely install systems based on profiles that automate package selection, configuration, and post-installation scripts. Cobbler is well suited for continuous integration testing, development environments, and other scenarios requiring automated provisioning.

Creating a Mature Puppet System

Puppet

Creating a mature puppet system

rkhatibi

This document provides an overview of steps to create a mature Puppet system, including setting up editors, code validation, environments, master and client configuration, and data management with Hiera. Key recommendations include using Vagrant for testing, validating code with puppet-lint, implementing environments for code promotion, separating code and data, and writing less code by leveraging defaults and Hiera lookups.

Wrangling 3rd Party Installers from Puppet

Puppet

Taking Docker to Production: What You Need to Know and Decide

Bret Fisher

DevOps in the Real World is far from perfect, yet we all dream of that amazing auto-healing fully-automated CI/CD micro-service infrastructure that we'll have "someday." But until then, how can you really start using containers today, and what decisions do you need to make to get there? This session is designed for practitioners who are looking for ways to get started now with Docker and Swarm in production. This is not a Docker 101, but rather it's to help you be successful on your way to Dockerizing your production systems. Attendees will get tactics, example configs, real working infrastructure designs, and see the (sometimes messy) internals of Docker in production today.

Taking Docker to Production: What You Need to Know and Decide

Docker, Inc.

This document provides advice on taking Docker to production. It recommends starting simply by focusing on Dockerfiles and containerizing existing applications before complex orchestration. It also warns against common anti-patterns like using the "latest" tag or trapping data in containers. The document outlines sample swarm architectures and tech stacks and notes that outsourcing non-critical components can simplify operations. It closes by suggesting that an orchestrator may not always be needed and that running one container per VM is a valid approach.

Friction Logging and Internal Advocacy, DevRel/Asia 2020

Emma Haruka Iwao

One of the core functions of DevRel is to advocate for developers and make developer experience frictionless. We, DevRel at Google, use friction logs to create and provide structured feedback for products for different scenarios and help product teams deliver consistent experience across multiple products and features. In this talk, you will learn: - What is a friction log - Working as an internal outsider - How to write a friction log - How friction logs are different from bugs - Continuing conversations with product teams The goal is to be able to confidently write cross-product, experience-focused feedback.

Kubernetes 101

Stanislav Pogrebnyak

This document provides an overview of Kubernetes 101. It begins with asking why Kubernetes is needed and provides a brief history of the project. It describes containers and container orchestration tools. It then covers the main components of Kubernetes architecture including pods, replica sets, deployments, services, and ingress. It provides examples of common Kubernetes manifest files and discusses basic Kubernetes primitives. It concludes with discussing DevOps practices after adopting Kubernetes and potential next steps to learn more advanced Kubernetes topics.

Similar to Puppet Camp LA 2015: Server Management with Puppet on AWS for a fast-growing startup (Beginner) (20)

De-centralise and conquer: Masterless Puppet in a dynamic environment

Strategies for developing and deploying your embedded applications and images

A3Sec Advanced Deployment System

More Dev. Less Drama.pdf

Network Automation: Ansible 101

Puppet Camp Tokyo 2014: Puppet Is Most of Your Documentation

IT Automation with Puppet Enterprise

Nagios Conference 2014 - Eric Mislivec - Getting Started With Nagios Core

Scaling Magento

Deploying software at Scale

Devops with Python by Yaniv Cohen DevopShift

Second Skin: Real-Time Retheming a Legacy Web Application with Diazo in the C...

CodeFest 2013. Mosesohn M. — Automating environments with Cobbler

Creating a Mature Puppet System

Creating a mature puppet system

Wrangling 3rd Party Installers from Puppet

Taking Docker to Production: What You Need to Know and Decide

Friction Logging and Internal Advocacy, DevRel/Asia 2020

Kubernetes 101

More from Puppet

Puppet camp2021 testing modules and controlrepo

Puppet

This document discusses testing Puppet code when using modules versus a control repository. It recommends starting with simple syntax and unit tests using PDK or rspec-puppet for modules, and using OnceOver for testing control repositories, as it is specially designed for this purpose. OnceOver allows defining classes, nodes, and a test matrix to run syntax, unit, and acceptance tests across different configurations. Moving from simple to more complex testing approaches like acceptance tests is suggested. PDK and OnceOver both have limitations for testing across operating systems that may require customizing spec tests. Infrastructure for running acceptance tests in VMs or containers is also discussed.

Puppetcamp r10kyaml

Puppet

2021 04-15 operational verification (with notes)

Puppet

The document discusses operational verification and how Puppet is working on a new module to provide more confidence in infrastructure health. It introduces the concept of adding check resources to catalogs to validate configurations and service health directly during Puppet runs. Examples are provided of how this could detect issues earlier than current methods. Next steps outlined include integrating checks into more resource types, fixing reporting, integrating into modules, and gathering feedback. This allows testing and monitoring to converge by embedding checks within configurations.

Puppet camp vscode

Puppet

Modules of the twenties

Puppet

- The document discusses various patterns and techniques the author has found useful when working with Puppet modules over 10+ years, including some that may be considered unorthodox or anti-patterns by some. - Key topics covered include optimization of reusable modules, custom data types, Bolt tasks and plans, external facts, Hiera classification, ensuring resources for presence/absence, application abstraction with Tiny Puppet, and class-based noop management. - The author argues that some established patterns like roles and profiles can evolve to be more flexible, and that running production nodes in noop mode with controls may be preferable to fully enforcing on all nodes.

Applying Roles and Profiles method to compliance code

Puppet

This document discusses adapting the roles and profiles design pattern to writing compliance code in Puppet modules. It begins by noting the challenges of writing compliance code, such as it touching many parts of nodes and leading to sprawling code. It then provides an overview of the roles and profiles pattern, which uses simple "front-end" roles/interfaces and more complex "back-end" profiles/implementations. The rest of the document discusses how to apply this pattern when authoring Puppet modules for compliance - including creating interface and implementation classes, using Hiera for configuration, and tools for reducing boilerplate code. It aims to provide a maintainable structure and simplify adapting to new compliance frameworks or requirements.

KGI compliance as-code approach

Puppet

This document discusses Kinney Group's Puppet compliance framework for automating STIG compliance and reporting. It notes that customers often implement compliance Puppet code poorly or lack appropriate Puppet knowledge. The framework aims to standardize compliance modules that are data-driven and customizable. It addresses challenges like conflicting modules and keeping compliance current after implementation. The framework generates automated STIG checklists and plans future integration with Puppet Enterprise and Splunk for continued compliance reporting. Kinney Group cites practical experience implementing the framework for various military and government customers.

Enforce compliance policy with model-driven automation

Puppet

This document discusses model-driven automation for enforcing compliance. It begins with an overview of compliance benchmarks and the CIS benchmarks. It then discusses implementing benchmarks, common challenges around configuration drift and lack of visibility, and how to define compliance policy as code. The key points are that automation is essential for compliance at scale; a model-driven approach defines how a system should be configured and uses desired-state enforcement to keep systems compliant; and defining compliance policy as code, managing it with source control, and automating it with CI/CD helps achieve continuous compliance.

Keynote: Puppet camp compliance

Puppet

This document discusses how organizations can move from a reactive approach to compliance to a proactive approach using automation. It notes that over 50% of CIOs cite security and compliance as a barrier to IT modernization. Puppet offers an end-to-end compliance solution that allows organizations to automatically eliminate configuration drift, enforce compliance at scale across operating systems and environments, and define policy as code. The solution helps organizations improve compliance from 50% to over 90% compliant. The document argues that taking a proactive automation approach to compliance can turn it into a competitive advantage by improving speed and innovation.

Automating it management with Puppet + ServiceNow

Puppet

As the leading IT Service Management and IT Operations Management platform in the marketplace, ServiceNow is used by many organizations to address everything from self service IT requests to Change, Incident and Problem Management. The strength of the platform is in the workflows and processes that are built around the shared data model, represented in the CMDB. This provides the ‘single source of truth’ for the organization. Puppet Enterprise is a leading automation platform focused on the IT Configuration Management and Compliance space. Puppet Enterprise has a unique perspective on the state of systems being managed, constantly being updated and kept accurate as part of the regular Puppet operation. Puppet Enterprise is the automation engine ensuring that the environment stays consistent and in compliance. In this webinar, we will explore how to maximize the value of both solutions, with Puppet Enterprise automating the actions required to drive a change, and ServiceNow governing the process around that change, from definition to approval. We will introduce and demonstrate several published integration points between the two solutions, in the areas of Self-Service Infrastructure, Enriched Change Management and Automated Incident Registration.

Puppet: The best way to harden Windows

Puppet

This document promotes Puppet as a tool for hardening Windows environments. It states that Puppet can be used to harden Windows with one line of code, detect drift from desired configurations, report on missing or changing requirements, reverse engineer existing configurations, secure IIS, and export configurations to the cloud. Benefits of Puppet mentioned include hardening Windows environments, finding drift for investigation, easily passing audits, compliance reporting, easy exceptions, and exporting configurations. It also directs users to Puppet Forge modules for securing Windows and IIS.

Simplified Patch Management with Puppet - Oct. 2020

Puppet

Does your company struggle with patching systems? If so, you’re not alone — most organizations have attempted to solve this issue by cobbling together multiple tools, processes, and different teams, which can make an already complicated issue worse. Puppet helps keep hosts healthy, secure and compliant by replacing time-consuming and error prone patching processes with Puppet’s automated patching solution. Join this webinar to learn how to do the following with Puppet: Eliminate manual patching processes with pre-built patching automation for Windows and Linux systems. Gain visibility into patching status across your estate regardless of OS with new patching solution from the PE console. Ensure your systems are compliant and patched in a healthy state How Puppet Enterprise makes patch management easy across your Windows and Linux operating systems. Presented by: Margaret Lee, Product Manager, Puppet, and Ajay Sridhar, Sr. Sales Engineer, Puppet.

Accelerating azure adoption with puppet

Puppet

The document discusses how Puppet can be used to accelerate adoption of Microsoft Azure. It describes lift and shift migration of on-premises workloads to Azure virtual machines. It also covers infrastructure as code using Puppet and Terraform for provisioning, configuration management using Puppet Bolt, and implementing immutable infrastructure patterns on Azure. Integrations with Azure services like Key Vault, Blob Storage and metadata service are presented. Patch management and inventory of Azure resources with Puppet are also summarized.

Puppet catalog Diff; Raphael Pinson

Puppet

This document discusses using Puppet Catalog Diff to analyze the impact of changes between Puppet environments or catalogs. It provides the command line usage and options for Puppet Catalog Diff. It also discusses how to integrate Puppet Catalog Diff into CI/CD pipelines for automated impact analysis when merging code changes. Additional resources like GitHub projects and Dev.to posts are provided for learning more about diffing Puppet environments and catalogs.

ServiceNow and Puppet- better together, Kevin Reeuwijk

Puppet

ServiceNow and Puppet can be integrated in four key areas: 1) Self-service infrastructure allows non-Puppet experts to control infrastructure through a ServiceNow interface; 2) Enriched change management automatically generates ServiceNow change requests from Puppet changes and populates them with impact details; 3) Automated incident registration forwards details of configuration drift corrections in Puppet to ServiceNow to create incidents; and 4) Up-to-date asset management would periodically upload Puppet inventory data to ServiceNow to keep the CMDB accurate without disruptive discovery runs.

Take control of your dev ops dumping ground

Puppet

This document discusses how Puppet Relay uses Tekton pipelines to orchestrate containerized workflows. It provides an overview of how Tekton fits into the Relay architecture, with Tekton controllers managing taskrun pods to execute workflow steps defined in YAML. Triggers can initiate workflows based on events, with reusable and composable steps for tasks like provisioning infrastructure or clearing resources. Relay also includes features for parameters, secrets, outputs, and approvals to customize workflows. An ecosystem of open source integrations provides sample workflows and steps for common use cases.

100% Puppet Cloud Deployment of Legacy Software

Puppet

This document discusses deploying legacy software into the AWS cloud using Puppet. It proposes modeling AWS resources like security groups, autoscaling groups, and launch configurations as Puppet resources. This would allow Puppet to provision the underlying AWS infrastructure and configure servers launched in autoscaling groups. It acknowledges challenges around server reboots but suggests they can be addressed. In summary, it argues custom Puppet resources can easily model AWS resources and using Puppet to configure autoscaling servers is possible despite some challenges around rebooting servers during deployment.

Puppet User Group

Puppet

This document discusses a partnership between Republic Polytechnic's School of Infocomm and Puppet to promote DevOps practices. It introduces several people involved with the partnership and outlines their mission to prepare more IT companies and individuals for jobs in the DevOps field through training courses. The document describes some short courses offered on DevOps topics and using the Puppet and Microsoft Azure platforms. It provides an example of how Republic Polytechnic has automated infrastructure configuration using Puppet to save time and reduce errors. There is a request at the end for readers to register their interest in DevOps by completing a survey.

Continuous Compliance and DevSecOps

Puppet

This document discusses continuous compliance and DevSecOps best practices followed by financial services organizations. Continuous compliance is defined as an ongoing process of proactive risk management that delivers predictable, transparent, and cost-effective compliance results. It involves continuously monitoring compliance controls, providing real-time alerts for failures and remediation recommendations, and maintaining up-to-date policies. Best practices for continuous compliance discussed include defining CIS controls and benchmarks, achieving transparent compliance dashboards and automated fixes for breaches. DevSecOps is introduced as bringing security earlier in the application development lifecycle to minimize vulnerabilities. It aims to make everyone accountable for security. Challenges discussed include security teams struggling to keep up with DevOps pace and

The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy

Puppet

The document discusses using Puppet and Vault together to dynamically manage SSL certificates. Puppet can use the vault_cert resource to request signed certificates from Vault and configure services to use the certificates. On Windows, some additional logic is needed to retrieve certificates' thumbprints and bind services to certificates using those thumbprints. This approach provides automated certificate renewal and distribution across platforms.

More from Puppet (20)

Puppet camp2021 testing modules and controlrepo

Puppetcamp r10kyaml

2021 04-15 operational verification (with notes)

Puppet camp vscode

Modules of the twenties

Applying Roles and Profiles method to compliance code

KGI compliance as-code approach

Enforce compliance policy with model-driven automation

Keynote: Puppet camp compliance

Automating it management with Puppet + ServiceNow

Puppet: The best way to harden Windows

Simplified Patch Management with Puppet - Oct. 2020

Accelerating azure adoption with puppet

Puppet catalog Diff; Raphael Pinson

ServiceNow and Puppet- better together, Kevin Reeuwijk

Take control of your dev ops dumping ground

100% Puppet Cloud Deployment of Legacy Software

Puppet User Group

Continuous Compliance and DevSecOps

The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy

Recently uploaded

一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理

dakas1

UMN硕士毕业证成绩单【微信95270640】购买（明尼苏达大学毕业证成绩单硕士学历）Q微信95270640代办UMN学历认证留信网伪造明尼苏达大学学位证书精仿明尼苏达大学本科/硕士文凭证书补办明尼苏达大学 diplomaoffer,Transcript购买明尼苏达大学毕业证成绩单购买UMN假毕业证学位证书购买伪造明尼苏达大学文凭证书学位证书,专业办理雅思、托福成绩单，学生ID卡，在读证明，海外各大学offer录取通知书，毕业证书，成绩单，文凭等材料:1:1完美还原毕业证、offer录取通知书、学生卡等各种在读或毕业材料的防伪工艺（包括烫金、烫银、钢印、底纹、凹凸版、水印、防伪光标、热敏防伪、文字图案浮雕，激光镭射，紫外荧光，温感光标）学校原版上有的工艺我们一样不会少，不论是老版本还是最新版本，都能保证最高程度还原，力争完美以求让所有同学都能享受到完美的品质服务。 #毕业证成绩单 #毕业証 #成绩单 #學生卡 #OFFER录取通知书 #雅思#托福等…… 国外大学明尼苏达大学明尼苏达大学毕业证offer制作方法（一对一专业服务） 1客户提供办理信息：姓名生日专业学位毕业时间等（如信息不确定可以咨询顾问：我们有专业老师帮你查询）； 2开始安排制作毕业证成绩单电子图； 3毕业证成绩单电子版做好以后发送给您确认； 4毕业证成绩单电子版您确认信息无误之后安排制作成品； 5成品做好拍照或者视频给您确认； 6快递给客户（国内顺丰国外DHLUPS等快读邮寄） — — 制作工艺【高仿真】— — 凭借多年的制作经验本公司制作明尼苏达大学明尼苏达大学毕业证offer《激光》《水印》《钢印》《烫金》《紫外线》凹凸版uv版等防伪技术一流高精仿度几乎跟学校100%相同！让您绝对满意。 — — -公司理念【诚信为主】— — — 我們以質量求生存.以服务求发展有雄厚的实力专业的团队咨询顾问为您细心解答可详谈是真是假眼见为实让您真正放心平凡人生,尽我所能助您一臂之力让我們携手圆您梦想! 此贴长年有效【贴心专线/微-信: 95270640】敬请保留此联系方式以备用！如有不在线请给我们留言！我们将在第一时间给您回复!上散发着一抹抹的光晕而这每处自然形成的细节融合在一起浑然天成的美实在令人心生愉悦小道的周边无秩序的生长着几株艳丽的野花红的粉的紫的虽混乱无章却给这幅美景更增添一份性感夹杂着一份纯洁的妖娆毫无违和感实在给人带来一份悠然幸福的心情如果说现在的审美已经断然拒绝了无声的话那么在树林间飞掠而过的小鸟叽叽咋咋的叫声是否就是这最后的点睛之笔悠然走在林间的小路上宁静与清香一丝丝的盛夏气息吸入身体昔日生活里的繁忙多

Mobile app Development Services | Drona Infotech

Drona Infotech

UI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem

Peter Muessig

Requirement Traceability in Xen Functional Safety

Ayan Halder

ALGIT - Assembly Line for Green IT - Numbers, Data, Facts

Green Software Development

Energy consumption of Database Management - Florina Jonuzi

Green Software Development

Measures in SQL (SIGMOD 2024, Santiago, Chile)

Julian Hyde

SQL has attained widespread adoption, but Business Intelligence tools still use their own higher level languages based upon a multidimensional paradigm. Composable calculations are what is missing from SQL, and we propose a new kind of column, called a measure, that attaches a calculation to a table. Like regular tables, tables with measures are composable and closed when used in queries. SQL-with-measures has the power, conciseness and reusability of multidimensional languages but retains SQL semantics. Measure invocations can be expanded in place to simple, clear SQL. To define the evaluation semantics for measures, we introduce context-sensitive expressions (a way to evaluate multidimensional expressions that is consistent with existing SQL semantics), a concept called evaluation context, and several operations for setting and modifying the evaluation context. A talk at SIGMOD, June 9–15, 2024, Santiago, Chile Authors: Julian Hyde (Google) and John Fremlin (Google) https://doi.org/10.1145/3626246.3653374

Top Benefits of Using Salesforce Healthcare CRM for Patient Management.pdf

VALiNTRY360

Salesforce Healthcare CRM, implemented by VALiNTRY360, revolutionizes patient management by enhancing patient engagement, streamlining administrative processes, and improving care coordination. Its advanced analytics, robust security, and seamless integration with telehealth services ensure that healthcare providers can deliver personalized, efficient, and secure patient care. By automating routine tasks and providing actionable insights, Salesforce Healthcare CRM enables healthcare providers to focus on delivering high-quality care, leading to better patient outcomes and higher satisfaction. VALiNTRY360's expertise ensures a tailored solution that meets the unique needs of any healthcare practice, from small clinics to large hospital systems. For more info visit us https://valintry360.com/solutions/health-life-sciences

Lecture 2 - software testing SE 412.pptx

TaghreedAltamimi

How Can Hiring A Mobile App Development Company Help Your Business Grow?

ToXSL Technologies

Transform Your Communication with Cloud-Based IVR Solutions

TheSMSPoint

Discover the power of Cloud-Based IVR Solutions to streamline communication processes. Embrace scalability and cost-efficiency while enhancing customer experiences with features like automated call routing and voice recognition. Accessible from anywhere, these solutions integrate seamlessly with existing systems, providing real-time analytics for continuous improvement. Revolutionize your communication strategy today with Cloud-Based IVR Solutions. Learn more at: https://thesmspoint.com/channel/cloud-telephony

Modelling Up - DDDEurope 2024 - Amsterdam

Alberto Brandolini

SMS API Integration in Saudi Arabia| Best SMS API Service

Yara Milbes

Discover the benefits and implementation of SMS API integration in the UAE and Middle East. This comprehensive guide covers the importance of SMS messaging APIs, the advantages of bulk SMS APIs, and real-world case studies. Learn how CEQUENS, a leader in communication solutions, can help your business enhance customer engagement and streamline operations with innovative CPaaS, reliable SMS APIs, and omnichannel solutions, including WhatsApp Business. Perfect for businesses seeking to optimize their communication strategies in the digital age.

How to write a program in any programming language

Rakesh Kumar R

GreenCode-A-VSCode-Plugin--Dario-Jurisic

Green Software Development

socradar-q1-2024-aviation-industry-report.pdf

SOCRadar

SOCRadar's Aviation Industry Q1 Incident Report is out now! The aviation industry has always been a prime target for cybercriminals due to its critical infrastructure and high stakes. In the first quarter of 2024, the sector faced an alarming surge in cybersecurity threats, revealing its vulnerabilities and the relentless sophistication of cyber attackers. SOCRadar’s Aviation Industry, Quarterly Incident Report, provides an in-depth analysis of these threats, detected and examined through our extensive monitoring of hacker forums, Telegram channels, and dark web platforms.

一比一原版(USF毕业证)旧金山大学毕业证如何办理

dakas1

USF硕士毕业证成绩单【微信95270640】一比一伪造旧金山大学文凭@假冒USF毕业证成绩单+Q微信95270640办理USF学位证书@仿造USF毕业文凭证书@购买旧金山大学毕业证成绩单USF真实使馆认证/真实留信认证回国人员证明 #一整套旧金山大学文凭证件办理#—包含旧金山大学旧金山大学本科毕业证成绩单学历认证|使馆认证|归国人员证明|教育部认证|留信网认证永远存档教育部学历学位认证查询办理国外文凭国外学历学位认证#我们提供全套办理服务。一整套留学文凭证件服务：一：旧金山大学旧金山大学本科毕业证成绩单毕业证 #成绩单等全套材料从防伪到印刷水印底纹到钢印烫金二：真实使馆认证（留学人员回国证明）使馆存档三：真实教育部认证教育部存档教育部留服网站永久可查四：留信认证留学生信息网站永久可查国外毕业证学位证成绩单办理方法： 1客户提供办理旧金山大学旧金山大学本科毕业证成绩单信息：姓名生日专业学位毕业时间等（如信息不确定可以咨询顾问：我们有专业老师帮你查询）； 2开始安排制作毕业证成绩单电子图； 3毕业证成绩单电子版做好以后发送给您确认； 4毕业证成绩单电子版您确认信息无误之后安排制作成品； 5成品做好拍照或者视频给您确认； 6快递给客户（国内顺丰国外DHLUPS等快读邮寄）。教育部文凭学历认证认证的用途：如果您计划在国内发展那么办理国内教育部认证是必不可少的。事业性用人单位如银行国企公务员在您应聘时都会需要您提供这个认证。其他私营 #外企企业无需提供！办理教育部认证所需资料众多且烦琐所有材料您都必须提供原件我们凭借丰富的经验帮您快速整合材料让您少走弯路。实体公司专业为您服务如有需要请联系我: 微信95270640奈一次次令他失望山娃今年岁上五年级识得很多字从走出小屋开始山娃就知道父亲的家和工地共有一个很动听的名字——天河工地的底层空空荡荡很宽阔很凉爽在地上铺上报纸和水泥袋父亲和工人们中午全睡在地上地面坑坑洼洼山娃曾多次绊倒过也曾有长铁钉穿透凉鞋刺在脚板上但山娃不怕工地上也常有五六个从乡下来的小学生他们的父母亲也是高楼上的建筑工人小伙伴来自不同省份都操着带有浓重口音的普通话可不知为啥山娃不仅很快与他们熟识了

What next after learning python programming basics

Rakesh Kumar R

UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions

Peter Muessig

The UI5 tooling is the development and build tooling of UI5. It is built in a modular and extensible way so that it can be easily extended by your needs. This session will showcase various tooling extensions which can boost your development experience by far so that you can really work offline, transpile your code in your project to use even newer versions of EcmaScript (than 2022 which is supported right now by the UI5 tooling), consume any npm package of your choice in your project, using different kind of proxies, and even stitching UI5 projects during development together to mimic your target environment.

2024 eCommerceDays Toulouse - Sylius 2.0.pdf

Łukasz Chruściel

Recently uploaded (20)

一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理

Mobile app Development Services | Drona Infotech

UI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem

Requirement Traceability in Xen Functional Safety

ALGIT - Assembly Line for Green IT - Numbers, Data, Facts

Energy consumption of Database Management - Florina Jonuzi

Measures in SQL (SIGMOD 2024, Santiago, Chile)

Top Benefits of Using Salesforce Healthcare CRM for Patient Management.pdf

Lecture 2 - software testing SE 412.pptx

How Can Hiring A Mobile App Development Company Help Your Business Grow?

Transform Your Communication with Cloud-Based IVR Solutions

Modelling Up - DDDEurope 2024 - Amsterdam

SMS API Integration in Saudi Arabia| Best SMS API Service

How to write a program in any programming language

GreenCode-A-VSCode-Plugin--Dario-Jurisic

socradar-q1-2024-aviation-industry-report.pdf

一比一原版(USF毕业证)旧金山大学毕业证如何办理

What next after learning python programming basics

UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions

2024 eCommerceDays Toulouse - Sylius 2.0.pdf

Puppet Camp LA 2015: Server Management with Puppet on AWS for a fast-growing startup (Beginner)

1. Server Management with Puppet on AWS Marco Almeida - Site Reliability Engineer

2. About us Thumbtack helps you accomplish the personal projects that are central to your life. Whether you need to paint your home, learn a new language, or plan your daughter's birthday party, Thumbtack is the easiest and most dependable way to hire the right professional for your projects.

3. Our infrastructure

4. Our infrastructure ● 43 physical servers ● 97 EC2 instances ○ roughly half for staging/research purposes ● Everything managed with Puppet

5. Scaling the infrastructure ● Goals: ○ completely automate server provisioning ○ proper development environment for the whole team ○ good way of distributing sensitive information ● Two components: ○ Custom AMI + a shell script ○ Puppet

6. Scaling the infrastructure ● Debian 7 (Wheezy) or 8 (Jessie) ● Simple, i.e., minimal base system ○ include the contrib and non-free areas ○ don't install suggested packages by default The custom AMI

7. Scaling the infrastructure ● Set the hostname ● Update DNS (forward and reverse) ● Run the Puppet agent ● Notify Slack ● Uninstall itself ● Reboot ● Log everything The shell script

8. Configuration Management Bootstrapping servers 1. Generate new SSL key and request a new certificate 2. Run policy-based autosign script 3. Compile catalog 4. Download catalog 5. Apply the catalog 1. Basic checks: certname was provided, no certificate with the same name has already been signed, etc. 2. Verify that an instance with the exact same name exists 3. ... 1 puppet.internal bender.internal 2, 34 5

9. Configuration Management Development environment In the old days... ● Git repo ● Single puppet master ● No staging environment

10. Configuration Management Development environment In the old days... ● Write code ● Commit ● Push ● Update master ● Dry run on some node Syntax error at 'FOO'; expected '}' at BAR

11. Configuration Management Development environment In the old days... ● Write code ● Commit ● Push ● Update master ● Dry run on some node Could not find class FOO

12. Configuration Management Development environment In the old days... ● Write code ● Commit ● Push ● Update master ● Dry run on some node Duplicate declaration: Package[FOO] is already declared

13. Configuration Management Development environment In the old days... ● Write code ● Commit ● Push ● Update master ● Dry run on some node Could not apply complete catalog: Found 1 dependency cycle

14. Configuration Management Development environment puppet.internal bender.internalGit fry.internal . . . dev-1.internal dev-2.internal dev-3.internal Puppet masters

15. Configuration Management Development environment ● A few extra configuration options ○ ca = false ○ dns_alt_names = dev-1, dev-1.internal, puppet, puppet.internal ● Test changes locally or from a staging box ○ puppetd --test --server dev-1.internal

16. Configuration Management Development environment ● Write code ● Test changes ● Commit ● Code review ● Push ● Update master ● Let the agent do its thing

17. Configuration Management Sensitive data ● Problem ○ Licence keys ○ Passwords ○ Anything that shouldn’t be on Github ● The solution we want ○ Easy to use with Puppet code, e.g., templates ○ Shouldn’t require another password ○ Simple and easy to understand

18. Configuration Management Sensitive data ● Easy to use ○ Variables ● Don’t require another password ○ IAM role ● Simple and easy to understand ○ S3 or DynamoDB

19. Configuration Management Sensitive data ● Store the data on an S3 Bucket (or DynamoDB) ● Create an IAM role with read-only permissions ● Assign the role to all puppet master instances ● Use an ENC ○ On every run Puppet gets all the sensitive data relevant to that node ○ Data is made available through top-scope variables

20. Configuration Management Sensitive data class { 'datadog': stage => monitoring, api_key => $::datadog_api_key, } production: host: puppetdashboard.foo.rds.amazonaws.com database: puppetdashboard password: <%= @puppetdashboard_db_password %>

21. Configuration Management Speed things up ● Re-deploy the provisioning script ● Create an AMI

22. Configuration Management Conclusion ● Each developer has his/hers own puppet master ● Changes can be easily tested locally or on staging instances ○ just point the agent to your puppet master ● Development can happen in parallel ● No need to babysit agent runs ● All standard tools, didn’t reinvent the wheel

23. Questions?

Puppet Camp LA 2015: Server Management with Puppet on AWS for a fast-growing startup (Beginner)

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Puppet Camp LA 2015: Server Management with Puppet on AWS for a fast-growing startup (Beginner)

Similar to Puppet Camp LA 2015: Server Management with Puppet on AWS for a fast-growing startup (Beginner) (20)

More from Puppet

More from Puppet (20)

Recently uploaded

Recently uploaded (20)

Puppet Camp LA 2015: Server Management with Puppet on AWS for a fast-growing startup (Beginner)